github-mirrors/kibana
1
0
Fork 0
mirror of https://github.com/elastic/kibana.git synced 2025-06-27 18:51:07 -04:00
Code Issues Projects Releases Packages Wiki Activity

[Entity Analytics][Privmon] swap labels.monitoring.privileged_users (string) to user.is_privileged (boolean) (#224623)

Browse source 
## Summary

We have [this RFC](https://github.com/elastic/ecs/pull/2493) in, I think
this is a safer bet and might save us a migration in the future:

---------

Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
This commit is contained in:
Mark Hopkin 2025-06-20 12:39:49 +01:00 committed by GitHub
parent 1fbbe2922e
commit 32820f965b
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
10 changed files with 28 additions and 57 deletions
Download patch file Download diff file Expand all files Collapse all files

11
oas_docs/output/kibana.serverless.yaml
View file

@ -66877,14 +66877,6 @@ components:
labels:
type: object
properties:
monitoring:
type: object
properties:
privileged_users:
enum:
- monitored
- deleted
type: string
source_indices:
items:
type: string
@ -66903,6 +66895,9 @@ components:
user:
type: object
properties:
is_privileged:
description: Indicates if the user is privileged.
type: boolean
name:
type: string
Security_Entity_Analytics_API_MonitoringEngineDescriptor:

11
oas_docs/output/kibana.yaml
View file

@ -76440,14 +76440,6 @@ components:
labels:
type: object
properties:
monitoring:
type: object
properties:
privileged_users:
enum:
- monitored
- deleted
type: string
source_indices:
items:
type: string
@ -76466,6 +76458,9 @@ components:
user:
type: object
properties:
is_privileged:
description: Indicates if the user is privileged.
type: boolean
name:
type: string
Security_Entity_Analytics_API_MonitoringEngineDescriptor:

9
x-pack/solutions/security/plugins/security_solution/common/api/entity_analytics/privilege_monitoring/users/common.gen.ts
View file

@ -40,15 +40,14 @@ export const MonitoredUserDoc = z.object({
user: z
.object({
name: z.string().optional(),
/**
* Indicates if the user is privileged.
*/
is_privileged: z.boolean().optional(),
})
.optional(),
labels: z
.object({
monitoring: z
.object({
privileged_users: z.enum(['monitored', 'deleted']).optional(),
})
.optional(),
sources: z.array(z.unknown()).optional(),
source_indices: z.array(z.string()).optional(),
source_integrations: z.array(z.string()).optional(),

13
x-pack/solutions/security/plugins/security_solution/common/api/entity_analytics/privilege_monitoring/users/common.schema.yaml
View file

@ -38,19 +38,12 @@ components:
properties:
name:
type: string
is_privileged:
type: boolean
description: Indicates if the user is privileged.
labels:
type: object
properties:
monitoring:
type: object
properties:
privileged_users:
type: string
enum:
- monitored
- deleted
sources:
type: array
items:

11
x-pack/solutions/security/plugins/security_solution/docs/openapi/ess/security_solution_entity_analytics_api_2023_10_31.bundled.schema.yaml
View file

@ -1624,14 +1624,6 @@ components:
labels:
type: object
properties:
monitoring:
type: object
properties:
privileged_users:
enum:
- monitored
- deleted
type: string
source_indices:
items:
type: string
@ -1650,6 +1642,9 @@ components:
user:
type: object
properties:
is_privileged:
description: Indicates if the user is privileged.
type: boolean
name:
type: string
MonitoringEngineDescriptor:

11
x-pack/solutions/security/plugins/security_solution/docs/openapi/serverless/security_solution_entity_analytics_api_2023_10_31.bundled.schema.yaml
View file

@ -1624,14 +1624,6 @@ components:
labels:
type: object
properties:
monitoring:
type: object
properties:
privileged_users:
enum:
- monitored
- deleted
type: string
source_indices:
items:
type: string
@ -1650,6 +1642,9 @@ components:
user:
type: object
properties:
is_privileged:
description: Indicates if the user is privileged.
type: boolean
name:
type: string
MonitoringEngineDescriptor:

3
x-pack/solutions/security/plugins/security_solution/public/entity_analytics/components/privileged_user_monitoring/helpers.ts
View file

@ -12,5 +12,4 @@ export const getPrivilegedMonitorUsersJoin = (
) => `| RENAME @timestamp AS event_timestamp
| LOOKUP JOIN ${getPrivilegedMonitorUsersIndex(namespace)} ON user.name
| RENAME event_timestamp AS @timestamp
| EVAL is_privileged = labels.monitoring.privileged_users == "monitored"
| WHERE is_privileged == true`;
| WHERE user.is_privileged == true`;

4
x-pack/solutions/security/plugins/security_solution/server/lib/entity_analytics/privilege_monitoring/privilege_monitoring_data_client.ts
View file

@ -211,8 +211,10 @@ export class PrivilegeMonitoringDataClient {
source: PrivMonUserSource
): Promise<CreatePrivMonUserResponse> {
const doc = merge(user, {
user: {
is_privileged: true,
},
labels: {
monitoring: { privileged_users: 'monitored' },
sources: [source],
},
});

9
x-pack/solutions/security/plugins/security_solution/server/lib/entity_analytics/privilege_monitoring/users/bulk/soft_delete_omitted_usrs.ts
View file

@ -34,10 +34,7 @@ export const softDeleteOmittedUsers =
index,
query: {
bool: {
must: [
{ term: { 'labels.monitoring.privileged_users': 'monitored' } },
{ term: { 'labels.sources': 'csv' } },
],
must: [{ term: { 'user.is_privileged': true } }, { term: { 'labels.sources': 'csv' } }],
must_not: [{ terms: { 'user.name': uploaded } }],
},
},
@ -57,7 +54,9 @@ export const softDeleteOmittedUsers =
{ update: { _id: id } },
{
doc: {
labels: { monitoring: { privileged_users: 'deleted' } },
user: {
is_privileged: false,
},
},
},
];

3
x-pack/solutions/security/plugins/security_solution/server/lib/entity_analytics/privilege_monitoring/users/bulk/update_from_csv.ts
View file

@ -49,14 +49,13 @@ export const bulkBatchUpsertFromCSV =
onDocument: (row) => {
const id = batch.existingUsers[row.username];
const labels = {
monitoring: { privileged_users: 'monitored' },
sources: ['csv'],
};
if (!id) {
return [
{ create: {} },
{
user: { name: row.username },
user: { name: row.username, is_privileged: true },
labels,
},
];