[SIEM] Update readme for timeline apis (#67038)

* update doc * update unit test * remove redundant params * fix types * update readme * update readme Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
2025-04-24 01:38:56 -04:00 · 2020-06-26 17:12:21 +01:00 · 2020-06-26 17:12:21 +01:00 · 100a5fd18b
commit 100a5fd18b
parent 4845bef181
5 changed files with 301 additions and 14 deletions
--- a/x-pack/plugins/security_solution/public/timelines/containers/api.ts
+++ b/x-pack/plugins/security_solution/public/timelines/containers/api.ts
@ -103,8 +103,6 @@ export const persistTimeline = async ({

 export const importTimelines = async ({
  fileToImport,
-  overwrite = false,
-  signal,
 }: ImportDataProps): Promise<ImportDataResponse> => {
  const formData = new FormData();
  formData.append('file', fileToImport);
@ -112,31 +110,25 @@ export const importTimelines = async ({
  return KibanaServices.get().http.fetch<ImportDataResponse>(`${TIMELINE_IMPORT_URL}`, {
    method: 'POST',
    headers: { 'Content-Type': undefined },
-    query: { overwrite },
    body: formData,
-    signal,
  });
 };

 export const exportSelectedTimeline: ExportSelectedData = async ({
-  excludeExportDetails = false,
  filename = `timelines_export.ndjson`,
  ids = [],
  signal,
 }): Promise<Blob> => {
  const body = ids.length > 0 ? JSON.stringify({ ids }) : undefined;
-  const response = await KibanaServices.get().http.fetch<Blob>(`${TIMELINE_EXPORT_URL}`, {
+  const response = await KibanaServices.get().http.fetch<{ body: Blob }>(`${TIMELINE_EXPORT_URL}`, {
    method: 'POST',
    body,
    query: {
-      exclude_export_details: excludeExportDetails,
      file_name: filename,
    },
-    signal,
-    asResponse: true,
  });

-  return response.body!;
+  return response.body;
 };

 export const getDraftTimeline = async ({
--- a/x-pack/plugins/security_solution/server/lib/timeline/routes/README.md
+++ b/x-pack/plugins/security_solution/server/lib/timeline/routes/README.md
@ -323,4 +323,301 @@ kbn-version: 8.0.0
     "timelineId":"f5a4bd10-83cd-11ea-bf78-0547a65f1281", // This is a must as well
     "version":"Wzg2LDFd" // Please provide the existing timeline version
 }
-```
+```
+
+## Export timeline api
+
+#### POST /api/timeline/_export
+
+##### Authorization
+
+Type: Basic Auth
+
+username: Your Kibana username
+
+password: Your Kibana password
+
+
+
+
+##### Request header
+
+```
+
+Content-Type: application/json
+
+kbn-version: 8.0.0
+
+```
+
+##### Request param
+
+```
+file_name:	${filename}.ndjson
+```
+
+##### Request body
+```json
+{
+	ids: [
+		${timelineId}
+	]
+}
+```
+
+## Import timeline api
+
+#### POST /api/timeline/_import
+
+##### Authorization
+
+Type: Basic Auth
+
+username: Your Kibana username
+
+password: Your Kibana password
+
+
+
+
+##### Request header
+
+```
+
+Content-Type: application/json
+
+kbn-version: 8.0.0
+
+```
+
+##### Request body
+
+```
+{
+  file: sample.ndjson
+}
+```
+
+
+(each json in the file should match this format)
+example:
+```
+{"savedObjectId":"a3002fd0-781b-11ea-85e4-df9002f1452c","version":"WzIzLDFd","columns":[{"columnHeaderType":"not-filtered","id":"@timestamp"},{"columnHeaderType":"not-filtered","id":"message"},{"columnHeaderType":"not-filtered","id":"event.category"},{"columnHeaderType":"not-filtered","id":"event.action"},{"columnHeaderType":"not-filtered","id":"host.name"},{"columnHeaderType":"not-filtered","id":"source.ip"},{"columnHeaderType":"not-filtered","id":"destination.ip"},{"columnHeaderType":"not-filtered","id":"user.name"}],"dataProviders":[],"description":"tes description","eventType":"all","filters":[{"meta":{"field":null,"negate":false,"alias":null,"disabled":false,"params":"{\"query\":\"MacBook-Pro-de-Gloria.local\"}","type":"phrase","key":"host.name"},"query":"{\"match_phrase\":{\"host.name\":\"MacBook-Pro-de-Gloria.local\"}}","missing":null,"exists":null,"match_all":null,"range":null,"script":null}],"kqlMode":"filter","kqlQuery":{"filterQuery":{"serializedQuery":"{\"bool\":{\"should\":[{\"exists\":{\"field\":\"host.name\"}}],\"minimum_should_match\":1}}","kuery":{"expression":"host.name: *","kind":"kuery"}}},"title":"Test","dateRange":{"start":1585227005527,"end":1585313405527},"savedQueryId":null,"sort":{"columnId":"@timestamp","sortDirection":"desc"},"created":1586187068132,"createdBy":"angela","updated":1586187068132,"updatedBy":"angela","eventNotes":[],"globalNotes":[{"noteId":"a3b4d9d0-781b-11ea-85e4-df9002f1452c","version":"WzI1LDFd","note":"this is a note","timelineId":"a3002fd0-781b-11ea-85e4-df9002f1452c","created":1586187069313,"createdBy":"angela","updated":1586187069313,"updatedBy":"angela"}],"pinnedEventIds":[]}
+```
+
+##### Response
+```
+{"success":true,"success_count":1,"errors":[]}
+```
+
+## Get draft timeline api
+
+#### GET /api/timeline/_draft
+
+##### Authorization
+
+Type: Basic Auth
+
+username: Your Kibana username
+
+password: Your Kibana password
+
+
+##### Request header
+
+```
+
+Content-Type: application/json
+
+kbn-version: 8.0.0
+
+```
+
+##### Request param
+```
+timelineType: `default` or `template`
+```
+
+##### Response
+```json
+{
+    "data": {
+        "persistTimeline": {
+            "timeline": {
+                "savedObjectId": "ababbd90-99de-11ea-8446-1d7fd9f03ebf",
+                "version": "WzM2MiwzXQ==",
+                "columns": [
+                    {
+                        "columnHeaderType": "not-filtered",
+                        "id": "@timestamp"
+                    },
+                    {
+                        "columnHeaderType": "not-filtered",
+                        "id": "message"
+                    },
+                    {
+                        "columnHeaderType": "not-filtered",
+                        "id": "event.category"
+                    },
+                    {
+                        "columnHeaderType": "not-filtered",
+                        "id": "event.action"
+                    },
+                    {
+                        "columnHeaderType": "not-filtered",
+                        "id": "host.name"
+                    },
+                    {
+                        "columnHeaderType": "not-filtered",
+                        "id": "source.ip"
+                    },
+                    {
+                        "columnHeaderType": "not-filtered",
+                        "id": "destination.ip"
+                    },
+                    {
+                        "columnHeaderType": "not-filtered",
+                        "id": "user.name"
+                    }
+                ],
+                "dataProviders": [],
+                "description": "",
+                "eventType": "all",
+                "filters": [],
+                "kqlMode": "filter",
+                "timelineType": "default",
+                "kqlQuery": {
+                    "filterQuery": null
+                },
+                "title": "",
+                "sort": {
+                    "columnId": "@timestamp",
+                    "sortDirection": "desc"
+                },
+                "status": "draft",
+                "created": 1589899222908,
+                "createdBy": "casetester",
+                "updated": 1589899222908,
+                "updatedBy": "casetester",
+                "templateTimelineId": null,
+                "templateTimelineVersion": null,
+                "favorite": [],
+                "eventIdToNoteIds": [],
+                "noteIds": [],
+                "notes": [],
+                "pinnedEventIds": [],
+                "pinnedEventsSaveObject": []
+            }
+        }
+    }
+}
+```
+
+## Create draft timeline api
+
+#### POST /api/timeline/_draft
+
+##### Authorization
+
+Type: Basic Auth
+
+username: Your Kibana username
+
+password: Your Kibana password
+
+
+##### Request header
+
+```
+
+Content-Type: application/json
+
+kbn-version: 8.0.0
+
+```
+
+##### Request body
+
+```json
+{
+	"timelineType": "default" or "template"
+}
+```
+
+##### Response
+```json
+{
+    "data": {
+        "persistTimeline": {
+            "timeline": {
+                "savedObjectId": "ababbd90-99de-11ea-8446-1d7fd9f03ebf",
+                "version": "WzQyMywzXQ==",
+                "columns": [
+                    {
+                        "columnHeaderType": "not-filtered",
+                        "id": "@timestamp"
+                    },
+                    {
+                        "columnHeaderType": "not-filtered",
+                        "id": "message"
+                    },
+                    {
+                        "columnHeaderType": "not-filtered",
+                        "id": "event.category"
+                    },
+                    {
+                        "columnHeaderType": "not-filtered",
+                        "id": "event.action"
+                    },
+                    {
+                        "columnHeaderType": "not-filtered",
+                        "id": "host.name"
+                    },
+                    {
+                        "columnHeaderType": "not-filtered",
+                        "id": "source.ip"
+                    },
+                    {
+                        "columnHeaderType": "not-filtered",
+                        "id": "destination.ip"
+                    },
+                    {
+                        "columnHeaderType": "not-filtered",
+                        "id": "user.name"
+                    }
+                ],
+                "dataProviders": [],
+                "description": "",
+                "eventType": "all",
+                "filters": [],
+                "kqlMode": "filter",
+                "timelineType": "default",
+                "kqlQuery": {
+                    "filterQuery": null
+                },
+                "title": "",
+                "sort": {
+                    "columnId": "@timestamp",
+                    "sortDirection": "desc"
+                },
+                "status": "draft",
+                "created": 1589903306582,
+                "createdBy": "casetester",
+                "updated": 1589903306582,
+                "updatedBy": "casetester",
+                "templateTimelineId": null,
+                "templateTimelineVersion": null,
+                "favorite": [],
+                "eventIdToNoteIds": [],
+                "noteIds": [],
+                "notes": [],
+                "pinnedEventIds": [],
+                "pinnedEventsSaveObject": []
+            }
+        }
+    }
+}
+```
+
+
+
--- a/x-pack/plugins/security_solution/server/lib/timeline/routes/mocks/request_responses.ts
+++ b/x-pack/plugins/security_solution/server/lib/timeline/routes/mocks/request_responses.ts
@ -23,7 +23,6 @@ export const getExportTimelinesRequest = () =>
    path: TIMELINE_EXPORT_URL,
    query: {
      file_name: 'mock_export_timeline.ndjson',
-      exclude_export_details: 'false',
    },
    body: {
      ids: ['f0e58720-57b6-11ea-b88d-3f1a31716be8', '890b8ae0-57df-11ea-a7c9-3976b7f1cb37'],
--- a/x-pack/plugins/security_solution/server/lib/timeline/routes/export_timelines_route.test.ts
+++ b/x-pack/plugins/security_solution/server/lib/timeline/routes/export_timelines_route.test.ts
@ -98,7 +98,7 @@ describe('export timelines', () => {
      const result = server.validate(request);

      expect(result.badRequest.mock.calls[1][0]).toEqual(
-        'Invalid value "undefined" supplied to "file_name",Invalid value "undefined" supplied to "exclude_export_details",Invalid value "undefined" supplied to "exclude_export_details"'
+        'Invalid value "undefined" supplied to "file_name"'
      );
    });
  });
--- a/x-pack/plugins/security_solution/server/lib/timeline/routes/schemas/export_timelines_schema.ts
+++ b/x-pack/plugins/security_solution/server/lib/timeline/routes/schemas/export_timelines_schema.ts
@ -8,7 +8,6 @@ import * as rt from 'io-ts';

 export const exportTimelinesQuerySchema = rt.type({
  file_name: rt.string,
-  exclude_export_details: rt.union([rt.literal('true'), rt.literal('false')]),
 });

 export const exportTimelinesRequestBodySchema = rt.type({