Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Custom log types] Support custom log types in detection rule creation and detector creation #676

Merged
merged 20 commits into from
Jul 31, 2023
Merged

[Custom log types] Support custom log types in detection rule creation and detector creation #676

Show file tree
Hide file tree
Changes from 18 commits
Commits
Show all changes
20 commits
Select commit Hold shift + click to select a range
9139f29
log types table; details page with basic editing
amsiglan Jul 27, 2023
98b67b9
implemented create, delete of log type
amsiglan Jul 27, 2023
1dfdb39
detection rules; delete modals added
amsiglan Jul 27, 2023
ad1bb6d
updated snapshots
amsiglan Jul 28, 2023
bb9f1d9
addressed PR comments
amsiglan Jul 28, 2023
058a0cb
Merge branch 'custom-log-types' into log-type-operations
amsiglan Jul 28, 2023
30df5c8
updated cypress workflow
amsiglan Jul 28, 2023
b595a7d
Merge branch 'custom-log-types' into log-type-operations
amsiglan Jul 28, 2023
29fb641
use log types from API
amsiglan Jul 28, 2023
9c4a113
updated detector cypress test
amsiglan Jul 28, 2023
b94198c
Merge branch 'custom-log-types' into log-type-operations
amsiglan Jul 28, 2023
25d6f68
Merge branch 'log-type-operations' into get-log-types-from-api
amsiglan Jul 28, 2023
0e8cda3
using api provided log types in rule creation
amsiglan Jul 28, 2023
3fbd526
resolved merge conflicts
amsiglan Jul 28, 2023
7b62402
addressed PR comments
amsiglan Jul 30, 2023
e187b8a
Merge branch 'log-type-operations' into get-log-types-from-api
amsiglan Jul 30, 2023
cba9a0c
updated cypress test
amsiglan Jul 30, 2023
d994076
updated nav panel
amsiglan Jul 30, 2023
91d7014
Merge remote-tracking branch 'opensearch/main' into get-log-types-fro…
amsiglan Jul 31, 2023
e44d3cc
fixed log type labels; cypress tests
amsiglan Jul 31, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
11 changes: 8 additions & 3 deletions cypress/integration/1_detectors.spec.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,7 @@ import { getMappingFields } from '../../public/pages/Detectors/utils/helpers';
const cypressIndexDns = 'cypress-index-dns';
const cypressIndexWindows = 'cypress-index-windows';
const detectorName = 'test detector';
const cypressLogTypeDns = 'dns';

const cypressDNSRule = dns_name_rule_data.title;

Expand All @@ -24,8 +25,6 @@ const getNextButton = () => cy.getButtonByText('Next');

const getCreateDetectorButton = () => cy.getButtonByText('Create detector');

const selectDnsLogType = () => cy.getRadioButtonById('dns').click({ force: true });

const validateAlertPanel = (alertName) =>
cy
.getElementByText('.euiTitle', 'Alert triggers')
Expand All @@ -38,6 +37,10 @@ const dataSourceLabel = 'Select or input source indexes or index patterns';

const getDataSourceField = () => cy.getFieldByLabel(dataSourceLabel);

const logTypeLabel = 'Select a log type you would like to detect';

const getLogTypeField = () => cy.getFieldByLabel(logTypeLabel);

const openDetectorDetails = (detectorName) => {
cy.getInputByPlaceholder('Search threat detectors').type(`${detectorName}`).pressEnterKey();
cy.getElementByText('.euiTableCellContent button', detectorName).click();
Expand Down Expand Up @@ -112,7 +115,9 @@ const validatePendingFieldMappingsPanel = (mappings) => {
const fillDetailsForm = (detectorName, dataSource) => {
getNameField().type(detectorName);
getDataSourceField().selectComboboxItem(dataSource);
selectDnsLogType();
getLogTypeField().selectComboboxItem(cypressLogTypeDns);
getLogTypeField().blur();
// selectDnsLogType();
amsiglan marked this conversation as resolved.
Show resolved Hide resolved
};

const createDetector = (detectorName, dataSource, expectFailure) => {
Expand Down
37 changes: 17 additions & 20 deletions ...c/pages/CreateDetector/components/DefineDetector/components/DetectorType/DetectorType.tsx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,12 +5,11 @@

import React, { Component } from 'react';
import { ContentPanel } from '../../../../../../components/ContentPanel';
import { EuiFormRow, EuiFlexGrid, EuiFlexItem, EuiRadio, EuiSpacer } from '@elastic/eui';
import { EuiFormRow, EuiSpacer, EuiComboBox } from '@elastic/eui';
import { FormFieldHeader } from '../../../../../../components/FormFieldHeader/FormFieldHeader';
import { DETECTOR_TYPES } from '../../../../../Detectors/utils/constants';
import { DetectorTypeOption } from '../../../../../Detectors/models/interfaces';
import { CreateDetectorRulesState, DetectionRules } from '../DetectionRules/DetectionRules';
import { RuleItem } from '../DetectionRules/types/interfaces';
import { ruleTypes } from '../../../../../Rules/utils/constants';

interface DetectorTypeProps {
detectorType: string;
Expand All @@ -24,19 +23,18 @@ interface DetectorTypeProps {

interface DetectorTypeState {
fieldTouched: boolean;
detectorTypeOptions: DetectorTypeOption[];
detectorTypeIds: string[];
}

export default class DetectorType extends Component<DetectorTypeProps, DetectorTypeState> {
private detectorTypeOptions: { value: string; label: string }[];
constructor(props: DetectorTypeProps) {
super(props);

const detectorTypeOptions = Object.values(DETECTOR_TYPES);
const detectorTypeIds = detectorTypeOptions.map((option) => option.id);
this.detectorTypeOptions = ruleTypes.map(({ label }) => ({ value: label, label }));
const detectorTypeIds = this.detectorTypeOptions.map((option) => option.value);
this.state = {
fieldTouched: false,
detectorTypeOptions,
detectorTypeIds,
};
}
Expand All @@ -63,17 +61,6 @@ export default class DetectorType extends Component<DetectorTypeProps, DetectorT

render() {
const { detectorType } = this.props;
const { detectorTypeOptions } = this.state;
const radioButtons = detectorTypeOptions.map((type) => (
<EuiFlexItem key={type.id}>
<EuiRadio
id={type.id}
label={type.label}
checked={type.id === detectorType}
onChange={() => this.onChange(type.id)}
/>
</EuiFlexItem>
));

return (
<ContentPanel
Expand All @@ -84,15 +71,25 @@ export default class DetectorType extends Component<DetectorTypeProps, DetectorT
<EuiFormRow
label={
<div>
<FormFieldHeader headerTitle={'Select a category type you would like to detect'} />
<FormFieldHeader headerTitle={'Select a log type you would like to detect'} />
<EuiSpacer size={'s'} />
</div>
}
fullWidth={true}
isInvalid={this.isInvalid()}
error={this.getErrorMessage()}
>
<EuiFlexGrid columns={4}>{radioButtons}</EuiFlexGrid>
<EuiComboBox
isInvalid={this.isInvalid()}
placeholder="Select log type"
data-test-subj={'log_type_dropdown'}
options={this.detectorTypeOptions}
singleSelection={{ asPlainText: true }}
onChange={(e) => {
this.onChange(e[0]?.label || '');
}}
selectedOptions={detectorType ? [{ value: detectorType, label: detectorType }] : []}
/>
</EuiFormRow>

<EuiFormRow fullWidth={true}>
Expand Down
236 changes: 4 additions & 232 deletions ...ages/Detectors/components/DetectorRulesView/__snapshots__/DetectorRulesView.test.tsx.snap
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -416,64 +416,7 @@ exports[`<DetectorRulesView /> spec renders the component 1`] = `
"field": "category",
"multiSelect": "or",
"name": "Log type",
"options": Array [
Object {
"name": "Network",
"value": "network",
},
Object {
"name": "DNS",
"value": "dns",
},
Object {
"name": "Apache Access",
"value": "apache_access",
},
Object {
"name": "Windows",
"value": "windows",
},
Object {
"name": "AD/LDAP",
"value": "ad_ldap",
},
Object {
"name": "Linux",
"value": "linux",
},
Object {
"name": "Cloudtrail",
"value": "cloudtrail",
},
Object {
"name": "S3",
"value": "s3",
},
Object {
"name": "Google Workspace",
"value": "gworkspace",
},
Object {
"name": "Github actions",
"value": "github",
},
Object {
"name": "Microsoft 365",
"value": "m365",
},
Object {
"name": "Okta",
"value": "okta",
},
Object {
"name": "Azure",
"value": "azure",
},
Object {
"name": "VPC Flow",
"value": "vpcflow",
},
],
"options": Array [],
"type": "field_value_selection",
},
Object {
Expand Down Expand Up @@ -582,64 +525,7 @@ exports[`<DetectorRulesView /> spec renders the component 1`] = `
"field": "category",
"multiSelect": "or",
"name": "Log type",
"options": Array [
Object {
"name": "Network",
"value": "network",
},
Object {
"name": "DNS",
"value": "dns",
},
Object {
"name": "Apache Access",
"value": "apache_access",
},
Object {
"name": "Windows",
"value": "windows",
},
Object {
"name": "AD/LDAP",
"value": "ad_ldap",
},
Object {
"name": "Linux",
"value": "linux",
},
Object {
"name": "Cloudtrail",
"value": "cloudtrail",
},
Object {
"name": "S3",
"value": "s3",
},
Object {
"name": "Google Workspace",
"value": "gworkspace",
},
Object {
"name": "Github actions",
"value": "github",
},
Object {
"name": "Microsoft 365",
"value": "m365",
},
Object {
"name": "Okta",
"value": "okta",
},
Object {
"name": "Azure",
"value": "azure",
},
Object {
"name": "VPC Flow",
"value": "vpcflow",
},
],
"options": Array [],
"type": "field_value_selection",
},
Object {
Expand Down Expand Up @@ -820,64 +706,7 @@ exports[`<DetectorRulesView /> spec renders the component 1`] = `
"field": "category",
"multiSelect": "or",
"name": "Log type",
"options": Array [
Object {
"name": "Network",
"value": "network",
},
Object {
"name": "DNS",
"value": "dns",
},
Object {
"name": "Apache Access",
"value": "apache_access",
},
Object {
"name": "Windows",
"value": "windows",
},
Object {
"name": "AD/LDAP",
"value": "ad_ldap",
},
Object {
"name": "Linux",
"value": "linux",
},
Object {
"name": "Cloudtrail",
"value": "cloudtrail",
},
Object {
"name": "S3",
"value": "s3",
},
Object {
"name": "Google Workspace",
"value": "gworkspace",
},
Object {
"name": "Github actions",
"value": "github",
},
Object {
"name": "Microsoft 365",
"value": "m365",
},
Object {
"name": "Okta",
"value": "okta",
},
Object {
"name": "Azure",
"value": "azure",
},
Object {
"name": "VPC Flow",
"value": "vpcflow",
},
],
"options": Array [],
"type": "field_value_selection",
},
Object {
Expand Down Expand Up @@ -980,64 +809,7 @@ exports[`<DetectorRulesView /> spec renders the component 1`] = `
"field": "category",
"multiSelect": "or",
"name": "Log type",
"options": Array [
Object {
"name": "Network",
"value": "network",
},
Object {
"name": "DNS",
"value": "dns",
},
Object {
"name": "Apache Access",
"value": "apache_access",
},
Object {
"name": "Windows",
"value": "windows",
},
Object {
"name": "AD/LDAP",
"value": "ad_ldap",
},
Object {
"name": "Linux",
"value": "linux",
},
Object {
"name": "Cloudtrail",
"value": "cloudtrail",
},
Object {
"name": "S3",
"value": "s3",
},
Object {
"name": "Google Workspace",
"value": "gworkspace",
},
Object {
"name": "Github actions",
"value": "github",
},
Object {
"name": "Microsoft 365",
"value": "m365",
},
Object {
"name": "Okta",
"value": "okta",
},
Object {
"name": "Azure",
"value": "azure",
},
Object {
"name": "VPC Flow",
"value": "vpcflow",
},
],
"options": Array [],
"type": "field_value_selection",
}
}
Expand Down
Loading