github-mirrors/kibana
1
0
Fork 0
mirror of https://github.com/elastic/kibana.git synced 2025-04-23 17:28:26 -04:00
Code Issues Projects Releases Packages Wiki Activity

[EDR Workflows] Add Runscript openApi schema (#206044)

Browse source
This commit is contained in:
Tomasz Ciecierski 2025-01-10 11:26:41 +01:00 committed by GitHub
parent 20fa1a54c1
commit 39774bfc48
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
9 changed files with 542 additions and 74 deletions
Download patch file Download diff file Expand all files Collapse all files

83
oas_docs/output/kibana.serverless.yaml
View file

@ -9367,6 +9367,27 @@ paths:
tags:
- Security Endpoint Management API
x-beta: true
/api/endpoint/action/runscript:
post:
description: Run a shell command on an endpoint.
operationId: RunScriptAction
requestBody:
content:
application/json; Elastic-Api-Version=2023-10-31:
schema:
$ref: '#/components/schemas/Security_Endpoint_Management_API_RunScriptRouteRequestBody'
required: true
responses:
'200':
content:
application/json; Elastic-Api-Version=2023-10-31:
schema:
$ref: '#/components/schemas/Security_Endpoint_Management_API_SuccessResponse'
description: OK
summary: Run a script
tags:
- Security Endpoint Management API
x-beta: true
/api/endpoint/action/scan:
post:
description: Scan a specific file or directory on an endpoint for malware.
@ -46578,6 +46599,23 @@ components:
type: string
minItems: 1
type: array
Security_Endpoint_Management_API_CloudFileScriptParameters:
type: object
properties:
cloudFile:
description: Script name in cloud storage.
minLength: 1
type: string
commandLine:
description: Command line arguments.
minLength: 1
type: string
timeout:
description: Timeout in seconds.
minimum: 1
type: integer
required:
- cloudFile
Security_Endpoint_Management_API_Command:
description: The command to be executed (cannot be an empty string)
enum:
@ -46704,6 +46742,23 @@ components:
- parameters
Security_Endpoint_Management_API_GetProcessesRouteRequestBody:
$ref: '#/components/schemas/Security_Endpoint_Management_API_NoParametersRequestSchema'
Security_Endpoint_Management_API_HostPathScriptParameters:
type: object
properties:
commandLine:
description: Command line arguments.
minLength: 1
type: string
hostPath:
description: Absolute or relative path of script on host machine.
minLength: 1
type: string
timeout:
description: Timeout in seconds.
minimum: 1
type: integer
required:
- hostPath
Security_Endpoint_Management_API_IsolateRouteRequestBody:
$ref: '#/components/schemas/Security_Endpoint_Management_API_NoParametersRequestSchema'
Security_Endpoint_Management_API_KillProcessRouteRequestBody:
@ -46857,6 +46912,34 @@ components:
properties:
note:
type: string
Security_Endpoint_Management_API_RawScriptParameters:
type: object
properties:
commandLine:
description: Command line arguments.
minLength: 1
type: string
raw:
description: Raw script content.
minLength: 1
type: string
timeout:
description: Timeout in seconds.
minimum: 1
type: integer
required:
- raw
Security_Endpoint_Management_API_RunScriptRouteRequestBody:
type: object
properties:
parameters:
description: Exactly one of 'Raw', 'HostPath', or 'CloudFile' must be provided. CommandLine and Timeout are optional for all.
oneOf:
- $ref: '#/components/schemas/Security_Endpoint_Management_API_RawScriptParameters'
- $ref: '#/components/schemas/Security_Endpoint_Management_API_HostPathScriptParameters'
- $ref: '#/components/schemas/Security_Endpoint_Management_API_CloudFileScriptParameters'
required:
- parameters
Security_Endpoint_Management_API_ScanRouteRequestBody:
allOf:
- type: object

82
oas_docs/output/kibana.yaml
View file

@ -11549,6 +11549,26 @@ paths:
summary: Get running processes
tags:
- Security Endpoint Management API
/api/endpoint/action/runscript:
post:
description: Run a shell command on an endpoint.
operationId: RunScriptAction
requestBody:
content:
application/json; Elastic-Api-Version=2023-10-31:
schema:
$ref: '#/components/schemas/Security_Endpoint_Management_API_RunScriptRouteRequestBody'
required: true
responses:
'200':
content:
application/json; Elastic-Api-Version=2023-10-31:
schema:
$ref: '#/components/schemas/Security_Endpoint_Management_API_SuccessResponse'
description: OK
summary: Run a script
tags:
- Security Endpoint Management API
/api/endpoint/action/scan:
post:
description: Scan a specific file or directory on an endpoint for malware.
@ -53454,6 +53474,23 @@ components:
type: string
minItems: 1
type: array
Security_Endpoint_Management_API_CloudFileScriptParameters:
type: object
properties:
cloudFile:
description: Script name in cloud storage.
minLength: 1
type: string
commandLine:
description: Command line arguments.
minLength: 1
type: string
timeout:
description: Timeout in seconds.
minimum: 1
type: integer
required:
- cloudFile
Security_Endpoint_Management_API_Command:
description: The command to be executed (cannot be an empty string)
enum:
@ -53580,6 +53617,23 @@ components:
- parameters
Security_Endpoint_Management_API_GetProcessesRouteRequestBody:
$ref: '#/components/schemas/Security_Endpoint_Management_API_NoParametersRequestSchema'
Security_Endpoint_Management_API_HostPathScriptParameters:
type: object
properties:
commandLine:
description: Command line arguments.
minLength: 1
type: string
hostPath:
description: Absolute or relative path of script on host machine.
minLength: 1
type: string
timeout:
description: Timeout in seconds.
minimum: 1
type: integer
required:
- hostPath
Security_Endpoint_Management_API_IsolateRouteRequestBody:
$ref: '#/components/schemas/Security_Endpoint_Management_API_NoParametersRequestSchema'
Security_Endpoint_Management_API_KillProcessRouteRequestBody:
@ -53733,6 +53787,34 @@ components:
properties:
note:
type: string
Security_Endpoint_Management_API_RawScriptParameters:
type: object
properties:
commandLine:
description: Command line arguments.
minLength: 1
type: string
raw:
description: Raw script content.
minLength: 1
type: string
timeout:
description: Timeout in seconds.
minimum: 1
type: integer
required:
- raw
Security_Endpoint_Management_API_RunScriptRouteRequestBody:
type: object
properties:
parameters:
description: Exactly one of 'Raw', 'HostPath', or 'CloudFile' must be provided. CommandLine and Timeout are optional for all.
oneOf:
- $ref: '#/components/schemas/Security_Endpoint_Management_API_RawScriptParameters'
- $ref: '#/components/schemas/Security_Endpoint_Management_API_HostPathScriptParameters'
- $ref: '#/components/schemas/Security_Endpoint_Management_API_CloudFileScriptParameters'
required:
- parameters
Security_Endpoint_Management_API_ScanRouteRequestBody:
allOf:
- type: object

82
x-pack/solutions/security/plugins/security_solution/common/api/endpoint/actions/response_actions/run_script/run_script.gen.ts Normal file
View file

@ -0,0 +1,82 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/
/*
* NOTICE: Do not edit this file manually.
* This file is automatically generated by the OpenAPI Generator, @kbn/openapi-generator.
*
* info:
* title: RunScript Action Schema
* version: 2023-10-31
*/
import { z } from '@kbn/zod';
import { SuccessResponse } from '../../../model/schema/common.gen';
export type RawScriptParameters = z.infer<typeof RawScriptParameters>;
export const RawScriptParameters = z.object({
/**
* Raw script content.
*/
raw: z.string().min(1),
/**
* Command line arguments.
*/
commandLine: z.string().min(1).optional(),
/**
* Timeout in seconds.
*/
timeout: z.number().int().min(1).optional(),
});
export type HostPathScriptParameters = z.infer<typeof HostPathScriptParameters>;
export const HostPathScriptParameters = z.object({
/**
* Absolute or relative path of script on host machine.
*/
hostPath: z.string().min(1),
/**
* Command line arguments.
*/
commandLine: z.string().min(1).optional(),
/**
* Timeout in seconds.
*/
timeout: z.number().int().min(1).optional(),
});
export type CloudFileScriptParameters = z.infer<typeof CloudFileScriptParameters>;
export const CloudFileScriptParameters = z.object({
/**
* Script name in cloud storage.
*/
cloudFile: z.string().min(1),
/**
* Command line arguments.
*/
commandLine: z.string().min(1).optional(),
/**
* Timeout in seconds.
*/
timeout: z.number().int().min(1).optional(),
});
export type RunScriptRouteRequestBody = z.infer<typeof RunScriptRouteRequestBody>;
export const RunScriptRouteRequestBody = z.object({
/**
* Exactly one of 'Raw', 'HostPath', or 'CloudFile' must be provided. CommandLine and Timeout are optional for all.
*/
parameters: z.union([RawScriptParameters, HostPathScriptParameters, CloudFileScriptParameters]),
});
export type RunScriptActionRequestBody = z.infer<typeof RunScriptActionRequestBody>;
export const RunScriptActionRequestBody = RunScriptRouteRequestBody;
export type RunScriptActionRequestBodyInput = z.input<typeof RunScriptActionRequestBody>;
export type RunScriptActionResponse = z.infer<typeof RunScriptActionResponse>;
export const RunScriptActionResponse = SuccessResponse;

89
x-pack/solutions/security/plugins/security_solution/common/api/endpoint/actions/response_actions/run_script/run_script.schema.yaml Normal file
View file

@ -0,0 +1,89 @@
openapi: 3.0.0
info:
title: RunScript Action Schema
version: '2023-10-31'
paths:
/api/endpoint/action/runscript:
post:
summary: Run a script
operationId: RunScriptAction
description: Run a shell command on an endpoint.
x-codegen-enabled: true
x-labels: [ ess, serverless ]
requestBody:
required: true
content:
application/json:
schema:
$ref: '#/components/schemas/RunScriptRouteRequestBody'
responses:
'200':
description: OK
content:
application/json:
schema:
$ref: '../../../model/schema/common.schema.yaml#/components/schemas/SuccessResponse'
components:
schemas:
RunScriptRouteRequestBody:
type: object
required:
- parameters
properties:
parameters:
oneOf:
- $ref: '#/components/schemas/RawScriptParameters'
- $ref: '#/components/schemas/HostPathScriptParameters'
- $ref: '#/components/schemas/CloudFileScriptParameters'
description: Exactly one of 'Raw', 'HostPath', or 'CloudFile' must be provided. CommandLine and Timeout are optional for all.
RawScriptParameters:
type: object
required:
- raw
properties:
raw:
type: string
minLength: 1
description: Raw script content.
commandLine:
type: string
minLength: 1
description: Command line arguments.
timeout:
type: integer
minimum: 1
description: Timeout in seconds.
HostPathScriptParameters:
type: object
required:
- hostPath
properties:
hostPath:
type: string
minLength: 1
description: Absolute or relative path of script on host machine.
commandLine:
type: string
minLength: 1
description: Command line arguments.
timeout:
type: integer
minimum: 1
description: Timeout in seconds.
CloudFileScriptParameters:
type: object
required:
- cloudFile
properties:
cloudFile:
type: string
minLength: 1
description: Script name in cloud storage.
commandLine:
type: string
minLength: 1
description: Command line arguments.
timeout:
type: integer
minimum: 1
description: Timeout in seconds.

74
x-pack/solutions/security/plugins/security_solution/common/api/endpoint/actions/response_actions/run_script/run_script.yaml
View file

@ -1,74 +0,0 @@
openapi: 3.0.0
info:
title: RunScript Action Schema
version: '2023-10-31'
paths:
/api/endpoint/action/runscript:
post:
summary: Run a script
operationId: RunScriptAction
description: Run a shell command on an endpoint.
x-codegen-enabled: true
x-labels: [ ess, serverless ]
requestBody:
required: true
content:
application/json:
schema:
$ref: '#/components/schemas/RunScriptRouteRequestBody'
responses:
'200':
description: OK
content:
application/json:
schema:
$ref: '../../../model/schema/common.schema.yaml#/components/schemas/SuccessResponse'
components:
schemas:
RunScriptRouteRequestBody:
allOf:
- $ref: '../../../model/schema/common.schema.yaml#/components/schemas/BaseActionSchema'
- type: object
required:
- parameters
properties:
parameters:
oneOf:
- type: object
properties:
Raw:
type: string
minLength: 1
description: Raw script content.
required:
- Raw
- type: object
properties:
HostPath:
type: string
minLength: 1
description: Absolute or relative path of script on host machine.
required:
- HostPath
- type: object
properties:
CloudFile:
type: string
minLength: 1
description: Script name in cloud storage.
required:
- CloudFile
- type: object
properties:
CommandLine:
type: string
minLength: 1
description: Command line arguments.
required:
- CommandLine
properties:
Timeout:
type: integer
minimum: 1
description: Timeout in seconds.

23
x-pack/solutions/security/plugins/security_solution/common/api/quickstart_client.gen.ts
View file

@ -160,6 +160,10 @@ import type {
EndpointKillProcessActionRequestBodyInput,
EndpointKillProcessActionResponse,
} from './endpoint/actions/response_actions/kill_process/kill_process.gen';
import type {
RunScriptActionRequestBodyInput,
RunScriptActionResponse,
} from './endpoint/actions/response_actions/run_script/run_script.gen';
import type {
EndpointGetProcessesActionRequestBodyInput,
EndpointGetProcessesActionResponse,
@ -2071,6 +2075,22 @@ detection engine rules.
})
.catch(catchAxiosErrorFormatAndThrow);
}
/**
* Run a shell command on an endpoint.
*/
async runScriptAction(props: RunScriptActionProps) {
this.log.info(`${new Date().toISOString()} Calling API RunScriptAction`);
return this.kbnClient
.request<RunScriptActionResponse>({
path: '/api/endpoint/action/runscript',
headers: {
[ELASTIC_HTTP_VERSION_HEADER]: '2023-10-31',
},
method: 'POST',
body: props.body,
})
.catch(catchAxiosErrorFormatAndThrow);
}
/**
* Schedule the risk scoring engine to run as soon as possible. You can use this to recalculate entity risk scores after updating their asset criticality.
*/
@ -2588,6 +2608,9 @@ export interface RulePreviewProps {
query: RulePreviewRequestQueryInput;
body: RulePreviewRequestBodyInput;
}
export interface RunScriptActionProps {
body: RunScriptActionRequestBodyInput;
}
export interface SearchAlertsProps {
body: SearchAlertsRequestBodyInput;
}

84
x-pack/solutions/security/plugins/security_solution/docs/openapi/ess/security_solution_endpoint_management_api_2023_10_31.bundled.schema.yaml
View file

@ -226,6 +226,26 @@ paths:
summary: Get running processes
tags:
- Security Endpoint Management API
/api/endpoint/action/runscript:
post:
description: Run a shell command on an endpoint.
operationId: RunScriptAction
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/RunScriptRouteRequestBody'
required: true
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/SuccessResponse'
description: OK
summary: Run a script
tags:
- Security Endpoint Management API
/api/endpoint/action/scan:
post:
description: Scan a specific file or directory on an endpoint for malware.
@ -500,6 +520,23 @@ components:
type: string
minItems: 1
type: array
CloudFileScriptParameters:
type: object
properties:
cloudFile:
description: Script name in cloud storage.
minLength: 1
type: string
commandLine:
description: Command line arguments.
minLength: 1
type: string
timeout:
description: Timeout in seconds.
minimum: 1
type: integer
required:
- cloudFile
Command:
description: The command to be executed (cannot be an empty string)
enum:
@ -626,6 +663,23 @@ components:
- parameters
GetProcessesRouteRequestBody:
$ref: '#/components/schemas/NoParametersRequestSchema'
HostPathScriptParameters:
type: object
properties:
commandLine:
description: Command line arguments.
minLength: 1
type: string
hostPath:
description: Absolute or relative path of script on host machine.
minLength: 1
type: string
timeout:
description: Timeout in seconds.
minimum: 1
type: integer
required:
- hostPath
IsolateRouteRequestBody:
$ref: '#/components/schemas/NoParametersRequestSchema'
KillProcessRouteRequestBody:
@ -779,6 +833,36 @@ components:
properties:
note:
type: string
RawScriptParameters:
type: object
properties:
commandLine:
description: Command line arguments.
minLength: 1
type: string
raw:
description: Raw script content.
minLength: 1
type: string
timeout:
description: Timeout in seconds.
minimum: 1
type: integer
required:
- raw
RunScriptRouteRequestBody:
type: object
properties:
parameters:
description: >-
Exactly one of 'Raw', 'HostPath', or 'CloudFile' must be provided.
CommandLine and Timeout are optional for all.
oneOf:
- $ref: '#/components/schemas/RawScriptParameters'
- $ref: '#/components/schemas/HostPathScriptParameters'
- $ref: '#/components/schemas/CloudFileScriptParameters'
required:
- parameters
ScanRouteRequestBody:
allOf:
- type: object

84
x-pack/solutions/security/plugins/security_solution/docs/openapi/serverless/security_solution_endpoint_management_api_2023_10_31.bundled.schema.yaml
View file

@ -226,6 +226,26 @@ paths:
summary: Get running processes
tags:
- Security Endpoint Management API
/api/endpoint/action/runscript:
post:
description: Run a shell command on an endpoint.
operationId: RunScriptAction
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/RunScriptRouteRequestBody'
required: true
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/SuccessResponse'
description: OK
summary: Run a script
tags:
- Security Endpoint Management API
/api/endpoint/action/scan:
post:
description: Scan a specific file or directory on an endpoint for malware.
@ -500,6 +520,23 @@ components:
type: string
minItems: 1
type: array
CloudFileScriptParameters:
type: object
properties:
cloudFile:
description: Script name in cloud storage.
minLength: 1
type: string
commandLine:
description: Command line arguments.
minLength: 1
type: string
timeout:
description: Timeout in seconds.
minimum: 1
type: integer
required:
- cloudFile
Command:
description: The command to be executed (cannot be an empty string)
enum:
@ -626,6 +663,23 @@ components:
- parameters
GetProcessesRouteRequestBody:
$ref: '#/components/schemas/NoParametersRequestSchema'
HostPathScriptParameters:
type: object
properties:
commandLine:
description: Command line arguments.
minLength: 1
type: string
hostPath:
description: Absolute or relative path of script on host machine.
minLength: 1
type: string
timeout:
description: Timeout in seconds.
minimum: 1
type: integer
required:
- hostPath
IsolateRouteRequestBody:
$ref: '#/components/schemas/NoParametersRequestSchema'
KillProcessRouteRequestBody:
@ -779,6 +833,36 @@ components:
properties:
note:
type: string
RawScriptParameters:
type: object
properties:
commandLine:
description: Command line arguments.
minLength: 1
type: string
raw:
description: Raw script content.
minLength: 1
type: string
timeout:
description: Timeout in seconds.
minimum: 1
type: integer
required:
- raw
RunScriptRouteRequestBody:
type: object
properties:
parameters:
description: >-
Exactly one of 'Raw', 'HostPath', or 'CloudFile' must be provided.
CommandLine and Timeout are optional for all.
oneOf:
- $ref: '#/components/schemas/RawScriptParameters'
- $ref: '#/components/schemas/HostPathScriptParameters'
- $ref: '#/components/schemas/CloudFileScriptParameters'
required:
- parameters
ScanRouteRequestBody:
allOf:
- type: object

15
x-pack/test/api_integration/services/security_solution_api.gen.ts
View file

@ -146,6 +146,7 @@ import {
RulePreviewRequestQueryInput,
RulePreviewRequestBodyInput,
} from '@kbn/security-solution-plugin/common/api/detection_engine/rule_preview/rule_preview.gen';
import { RunScriptActionRequestBodyInput } from '@kbn/security-solution-plugin/common/api/endpoint/actions/response_actions/run_script/run_script.gen';
import { SearchAlertsRequestBodyInput } from '@kbn/security-solution-plugin/common/api/detection_engine/signals/query_signals/query_signals_route.gen';
import { SetAlertAssigneesRequestBodyInput } from '@kbn/security-solution-plugin/common/api/detection_engine/alert_assignees/set_alert_assignees_route.gen';
import { SetAlertsStatusRequestBodyInput } from '@kbn/security-solution-plugin/common/api/detection_engine/signals/set_signal_status/set_signals_status_route.gen';
@ -1448,6 +1449,17 @@ detection engine rules.
.send(props.body as object)
.query(props.query);
},
/**
* Run a shell command on an endpoint.
*/
runScriptAction(props: RunScriptActionProps, kibanaSpace: string = 'default') {
return supertest
.post(routeWithNamespace('/api/endpoint/action/runscript', kibanaSpace))
.set('kbn-xsrf', 'true')
.set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31')
.set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana')
.send(props.body as object);
},
/**
* Schedule the risk scoring engine to run as soon as possible. You can use this to recalculate entity risk scores after updating their asset criticality.
*/
@ -1913,6 +1925,9 @@ export interface RulePreviewProps {
query: RulePreviewRequestQueryInput;
body: RulePreviewRequestBodyInput;
}
export interface RunScriptActionProps {
body: RunScriptActionRequestBodyInput;
}
export interface SearchAlertsProps {
body: SearchAlertsRequestBodyInput;
}