[Security Solution][Exceptions] - Make esTypes and subType available to index patterns#72336
Merged
yctercero merged 12 commits intoelastic:masterfrom Jul 20, 2020
Merged
[Security Solution][Exceptions] - Make esTypes and subType available to index patterns#72336yctercero merged 12 commits intoelastic:masterfrom
yctercero merged 12 commits intoelastic:masterfrom
Conversation
…ll checking signals index for closing alerts functionality
Contributor
|
Pinging @elastic/siem (Team:SIEM) |
...k/plugins/security_solution/public/common/components/autocomplete/field_value_lists.test.tsx
Outdated
Show resolved
Hide resolved
...k/plugins/security_solution/public/common/components/autocomplete/field_value_lists.test.tsx
Outdated
Show resolved
Hide resolved
| switch (type) { | ||
| case 'date': | ||
| const moment = dateMath.parse(params); | ||
| return Boolean(moment && moment.isValid()); |
Contributor
There was a problem hiding this comment.
nit, can you just do: return moment && moment.isValid() ? Won't that work as well without introducing the capital boolean boxing here?
Contributor
Author
There was a problem hiding this comment.
I tried removing it and the test yelled at me saying expected boolean not string. Leaving for now.
| return Boolean(moment && moment.isValid()); | ||
| case 'ip': | ||
| try { | ||
| return Boolean(new Ipv4Address(params)); |
Contributor
There was a problem hiding this comment.
This new object seems weird to me...Does this mean we only support ipv4 and not ipv6?
If this is only validating ipv4 but allowing ipv6 I am fine with it. If we begin hindering users or disallowing ipv6 though we are going to start to have issue relatively quickly.
Contributor
Author
There was a problem hiding this comment.
I did a bit of research and there isn't really great consensus on a good regex for ipv6. I didn't find a similar util like the one above for ipv4 in our code so I removed the validation here. I don't want to block users from adding exceptions. This can be something we can circle back on.
| exceptionToEdit !== null && | ||
| exceptionListTypeToEdit !== null && ( | ||
| exceptionToEdit != null && | ||
| exceptionListTypeToEdit != null && ( |
Contributor
There was a problem hiding this comment.
👍 , using the != null is great here!
FrankHassanabad
approved these changes
Jul 20, 2020
Contributor
FrankHassanabad
left a comment
FrankHassanabad
left a comment
There was a problem hiding this comment.
👍 Thanks adding the subType to the index patterns.
madirey
approved these changes
Jul 20, 2020
peluja1012
reviewed
Jul 20, 2020
| EuiCallOut, | ||
| EuiText, | ||
| } from '@elastic/eui'; | ||
| import { alertsIndexPattern } from '../../../../../common/endpoint/constants'; |
Contributor
There was a problem hiding this comment.
Thanks for removing this!
peluja1012
reviewed
Jul 20, 2020
| type: string; | ||
| searchable: boolean; | ||
| aggregatable: boolean; | ||
| esTypes?: string[]; |
Contributor
There was a problem hiding this comment.
Why is esTypes optional. I think getFieldsForWildcard() always returns it. https://github.com/elastic/kibana/blob/master/x-pack/plugins/security_solution/server/lib/index_fields/elasticsearch_adapter.ts#L42
peluja1012
approved these changes
Jul 20, 2020
Contributor
peluja1012
left a comment
peluja1012
left a comment
There was a problem hiding this comment.
Thanks for improving the field validation in the builder! LGTM, only comment is about esTypes being an optional type, but we can leave as is if it makes sense.
Contributor
💚 Build SucceededBuild metrics@kbn/optimizer bundle module count
async chunks size
History
To update your PR or re-run it, just comment with: |
yctercero
added a commit
to yctercero/kibana
that referenced
this pull request
Jul 20, 2020
…to index patterns (elastic#72336) ## Summary This PR updates the following: - `useFetchIndexPatterns` now returns `indexPatterns` whose fields include `esTypes` and `subType` - Why?? The exceptions builder needs these two fields to determine what fields are of ES type `nested` and parent paths - exceptions add and edit modals now use the `rule.index` field to pass into `useFetchindexPatterns` - Before we were using the signals index and alerts index for endpoint, needs to be rule's index patterns - if no index patterns exist on the rule (if rule created via API, it's not required), then uses `DEFAULT_INDEX_PATTERN` - updates the autocomplete validation to use `IField.esTypes` to check type instead of `IField.type`
yctercero
added a commit
to yctercero/kibana
that referenced
this pull request
Jul 20, 2020
…to index patterns (elastic#72336) ## Summary This PR updates the following: - `useFetchIndexPatterns` now returns `indexPatterns` whose fields include `esTypes` and `subType` - Why?? The exceptions builder needs these two fields to determine what fields are of ES type `nested` and parent paths - exceptions add and edit modals now use the `rule.index` field to pass into `useFetchindexPatterns` - Before we were using the signals index and alerts index for endpoint, needs to be rule's index patterns - if no index patterns exist on the rule (if rule created via API, it's not required), then uses `DEFAULT_INDEX_PATTERN` - updates the autocomplete validation to use `IField.esTypes` to check type instead of `IField.type`
yctercero
added a commit
that referenced
this pull request
Jul 21, 2020
…to index patterns (#72336) (#72554) ## Summary This PR updates the following: - `useFetchIndexPatterns` now returns `indexPatterns` whose fields include `esTypes` and `subType` - Why?? The exceptions builder needs these two fields to determine what fields are of ES type `nested` and parent paths - exceptions add and edit modals now use the `rule.index` field to pass into `useFetchindexPatterns` - Before we were using the signals index and alerts index for endpoint, needs to be rule's index patterns - if no index patterns exist on the rule (if rule created via API, it's not required), then uses `DEFAULT_INDEX_PATTERN` - updates the autocomplete validation to use `IField.esTypes` to check type instead of `IField.type`
yctercero
added a commit
that referenced
this pull request
Jul 21, 2020
…to index patterns (#72336) (#72555) ## Summary This PR updates the following: - `useFetchIndexPatterns` now returns `indexPatterns` whose fields include `esTypes` and `subType` - Why?? The exceptions builder needs these two fields to determine what fields are of ES type `nested` and parent paths - exceptions add and edit modals now use the `rule.index` field to pass into `useFetchindexPatterns` - Before we were using the signals index and alerts index for endpoint, needs to be rule's index patterns - if no index patterns exist on the rule (if rule created via API, it's not required), then uses `DEFAULT_INDEX_PATTERN` - updates the autocomplete validation to use `IField.esTypes` to check type instead of `IField.type`
gmmorris
added a commit
to gmmorris/kibana
that referenced
this pull request
Jul 21, 2020
* master: (28 commits) allow some env settings for ingest manager (elastic#72544) Add inspector for VEGA (elastic#70941) chore(NA): fix grunt task for test:coverage (elastic#72539) Archive e2e test results in ES (elastic#72575) preserve 401 errors from new es client (elastic#71248) [SIEM][Detections] Updates text for severity and risk_score overrides (elastic#72244) fixing error occurences tooltip (elastic#72425) use KibanaClient interface instead of Client for new client interface (elastic#72388) [APM] Handle ML errors (elastic#72316) [Discover] Improve histogram tests (elastic#72235) [ftr/webdriver] retry on all errors, use Rx so that timers are canceled (elastic#72540) [pre-req] Move .storybook to storybook; standardize files (elastic#72384) [Security_Solution][Resolver][Bug]: Restore breadcrumb background (elastic#72538) [ML] Fix annotation detector linking & delayed_data(0) (elastic#72468) [Security Solution][Exceptions] - Make esTypes and subType available to index patterns (elastic#72336) [SIEM] Uses faster wait from testing-library and removes duplicate older wait idiom (elastic#72509) Fix long combo box items breaking out of flex item width (elastic#72512) [pipeline/commitStatus] update commit status in baseline-capture job (elastic#72366) [Security Solution][Resolver] Update the resolver element ref on scroll events if the position of the element has changed within the page (elastic#72461) [Maps] auto-fit to data bounds (elastic#72129) ...
gmmorris
added a commit
to gmmorris/kibana
that referenced
this pull request
Jul 21, 2020
…feature-privileges * alerting/consumer-based-rbac: (30 commits) removed uneeded tests expclude security wrapper in SO client passed to ActionsClient allow some env settings for ingest manager (elastic#72544) Add inspector for VEGA (elastic#70941) chore(NA): fix grunt task for test:coverage (elastic#72539) Archive e2e test results in ES (elastic#72575) preserve 401 errors from new es client (elastic#71248) [SIEM][Detections] Updates text for severity and risk_score overrides (elastic#72244) fixing error occurences tooltip (elastic#72425) use KibanaClient interface instead of Client for new client interface (elastic#72388) [APM] Handle ML errors (elastic#72316) [Discover] Improve histogram tests (elastic#72235) [ftr/webdriver] retry on all errors, use Rx so that timers are canceled (elastic#72540) [pre-req] Move .storybook to storybook; standardize files (elastic#72384) [Security_Solution][Resolver][Bug]: Restore breadcrumb background (elastic#72538) [ML] Fix annotation detector linking & delayed_data(0) (elastic#72468) [Security Solution][Exceptions] - Make esTypes and subType available to index patterns (elastic#72336) [SIEM] Uses faster wait from testing-library and removes duplicate older wait idiom (elastic#72509) Fix long combo box items breaking out of flex item width (elastic#72512) [pipeline/commitStatus] update commit status in baseline-capture job (elastic#72366) ...
MindyRS
added
the
Team: SecuritySolution
Contributor
|
Pinging @elastic/security-solution (Team: SecuritySolution) |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
7 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
This PR updates the following:
useFetchIndexPatternsnow returnsindexPatternswhose fields includeesTypesandsubTypenestedand parent pathsrule.indexfield to pass intouseFetchindexPatternsDEFAULT_INDEX_PATTERNIField.esTypesto check type instead ofIField.typeWe were noticing that when selecting
is in listin the builder, theIFieldType.typedoes not match the ES type assigned to the large value list on creation and so the lists were not populating in the select dropdown. This should fix that issue.Checklist