[Security Solution][Serverless] Add schema validation to Search Strategies in security solution & timelines (#162539)

## Summary

This PR specifies validation schemas for enpoints listed here:
https://github.com/elastic/security-team/issues/6486

x-pack/plugins/security_solution/common/api/search_strategy/cti/cti.ts

@@ -0,0 +1,10 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+export * from './event_enrichment';
+
+export * from './threat_intel_source';

x-pack/plugins/security_solution/common/api/search_strategy/cti/event_enrichment.ts

@@ -0,0 +1,23 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { z } from 'zod';
+import { CtiQueries } from '../model/factory_query_type';
+import { requestBasicOptionsSchema } from '../model/request_basic_options';
+import { timerange } from '../model/timerange';
+
+export const eventEnrichmentRequestOptionsSchema = requestBasicOptionsSchema.extend({
+  eventFields: z.record(z.unknown()),
+  timerange,
+  factoryQueryType: z.literal(CtiQueries.eventEnrichment),
+});
+
+export type EventEnrichmentRequestOptionsInput = z.input<
+  typeof eventEnrichmentRequestOptionsSchema
+>;
+
+export type EventEnrichmentRequestOptions = z.infer<typeof eventEnrichmentRequestOptionsSchema>;

x-pack/plugins/security_solution/common/api/search_strategy/cti/threat_intel_source.ts

@@ -0,0 +1,20 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { z } from 'zod';
+import { CtiQueries } from '../model/factory_query_type';
+import { requestBasicOptionsSchema } from '../model/request_basic_options';
+
+export const threatIntelSourceRequestOptionsSchema = requestBasicOptionsSchema.extend({
+  factoryQueryType: z.literal(CtiQueries.dataSource),
+});
+
+export type ThreatIntelSourceRequestOptionsInput = z.input<
+  typeof threatIntelSourceRequestOptionsSchema
+>;
+
+export type ThreatIntelSourceRequestOptions = z.infer<typeof threatIntelSourceRequestOptionsSchema>;

x-pack/plugins/security_solution/common/api/search_strategy/endpoint_fields/endpoint_fields.ts

@@ -12,4 +12,6 @@ export const endpointFieldsRequestSchema = z.object({
   onlyCheckIfIndicesExist: z.boolean(),
 });
 
+export type EndpointFieldsRequestSchemaInput = z.input<typeof endpointFieldsRequestSchema>;
+
 export type EndpointFieldsRequestSchema = z.infer<typeof endpointFieldsRequestSchema>;

x-pack/plugins/security_solution/common/api/search_strategy/first_seen_last_seen/first_seen_last_seen.ts

@@ -11,28 +11,27 @@ import type { IKibanaSearchResponse } from '@kbn/data-plugin/common';
 
 import { order } from '../model/order';
 import { requestBasicOptionsSchema } from '../model/request_basic_options';
+import { inspect } from '../model/inspect';
+import { FirstLastSeenQuery } from '../model/factory_query_type';
 
-export const firstLastSeenRequestOptionsSchema = z
-  .object({
-    order,
-    field: z.string(),
-    value: z.string(),
-  })
-  .extend(requestBasicOptionsSchema.partial().shape);
+export const firstLastSeenRequestOptionsSchema = requestBasicOptionsSchema.extend({
+  order,
+  field: z.string(),
+  value: z.string(),
+  factoryQueryType: z.literal(FirstLastSeenQuery),
+});
+
+export type FirstLastSeenRequestOptionsInput = z.input<typeof firstLastSeenRequestOptionsSchema>;
 
 export type FirstLastSeenRequestOptions = z.infer<typeof firstLastSeenRequestOptionsSchema>;
 
-const inspectSchema = z.object({
-  dsl: z.array(z.string()),
-});
-
 export const firstLastSeenResponseSchema = z
   .object({
     firstSeen: z.string().nullable(),
     lastSeen: z.string().nullable(),
-    inspect: inspectSchema,
+    inspect,
   })
   .partial();
 
-export type FirstLastSeenStrategyResponse = z.infer<typeof firstLastSeenResponseSchema> &
+export type FirstLastSeenStrategyResponse = z.input<typeof firstLastSeenResponseSchema> &
   IKibanaSearchResponse;

x-pack/plugins/security_solution/common/api/search_strategy/hosts/all.ts

@@ -0,0 +1,25 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { z } from 'zod';
+import { HostsQueries } from '../model/factory_query_type';
+import { pagination } from '../model/pagination';
+import { requestBasicOptionsSchema } from '../model/request_basic_options';
+import { timerange } from '../model/timerange';
+import { sort } from './model/sort';
+
+export const allHostsSchema = requestBasicOptionsSchema.extend({
+  sort,
+  pagination,
+  timerange,
+  isNewRiskScoreModuleAvailable: z.boolean().default(false),
+  factoryQueryType: z.literal(HostsQueries.hosts),
+});
+
+export type HostsRequestOptionsInput = z.input<typeof allHostsSchema>;
+
+export type HostsRequestOptions = z.infer<typeof allHostsSchema>;

x-pack/plugins/security_solution/common/api/search_strategy/hosts/details.ts

@@ -0,0 +1,28 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { z } from 'zod';
+import { HostsQueries } from '../model/factory_query_type';
+import { inspect } from '../model/inspect';
+import { pagination } from '../model/pagination';
+import { requestBasicOptionsSchema } from '../model/request_basic_options';
+import { timerange } from '../model/timerange';
+import { sort } from './model/sort';
+
+export const hostDetailsSchema = requestBasicOptionsSchema.extend({
+  hostName: z.string(),
+  skip: z.boolean().optional(),
+  inspect,
+  pagination: pagination.optional(),
+  timerange,
+  sort,
+  factoryQueryType: z.literal(HostsQueries.details),
+});
+
+export type HostDetailsRequestOptionsInput = z.input<typeof hostDetailsSchema>;
+
+export type HostDetailsRequestOptions = z.infer<typeof hostDetailsSchema>;

x-pack/plugins/security_solution/common/api/search_strategy/hosts/hosts.ts

@@ -0,0 +1,18 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+export * from './all';
+
+export * from './details';
+
+export * from './overview';
+
+export * from './uncommon_processes';
+
+export * from './kpi_hosts';
+
+export * from './kpi_unique_ips';

x-pack/plugins/security_solution/common/api/search_strategy/hosts/kpi_hosts.ts

@@ -0,0 +1,24 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { z } from 'zod';
+import { HostsKpiQueries } from '../model/factory_query_type';
+import { pagination } from '../model/pagination';
+import { requestBasicOptionsSchema } from '../model/request_basic_options';
+import { timerange } from '../model/timerange';
+import { sort } from './model/sort';
+
+export const kpiHostsSchema = requestBasicOptionsSchema.extend({
+  sort,
+  pagination,
+  timerange,
+  factoryQueryType: z.literal(HostsKpiQueries.kpiHosts),
+});
+
+export type KpiHostsRequestOptionsInput = z.input<typeof kpiHostsSchema>;
+
+export type KpiHostsRequestOptions = z.infer<typeof kpiHostsSchema>;

x-pack/plugins/security_solution/common/api/search_strategy/hosts/kpi_unique_ips.ts

@@ -0,0 +1,24 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { z } from 'zod';
+import { HostsKpiQueries } from '../model/factory_query_type';
+import { pagination } from '../model/pagination';
+import { requestBasicOptionsSchema } from '../model/request_basic_options';
+import { timerange } from '../model/timerange';
+import { sort } from './model/sort';
+
+export const kpiUniqueIpsSchema = requestBasicOptionsSchema.extend({
+  sort,
+  pagination,
+  timerange,
+  factoryQueryType: z.literal(HostsKpiQueries.kpiUniqueIps),
+});
+
+export type KpiUniqueIpsRequestOptionsInput = z.input<typeof kpiUniqueIpsSchema>;
+
+export type KpiUniqueIpsRequestOptions = z.infer<typeof kpiUniqueIpsSchema>;

x-pack/plugins/security_solution/common/api/search_strategy/hosts/model/sort.ts

@@ -0,0 +1,16 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+export enum HostsFields {
+  lastSeen = 'lastSeen',
+  hostName = 'hostName',
+  success = 'success',
+}
+
+import { sort as baseSort } from '../../model/sort';
+
+export const sort = baseSort;

x-pack/plugins/security_solution/common/api/search_strategy/hosts/overview.ts

@@ -0,0 +1,20 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { z } from 'zod';
+import { HostsQueries } from '../model/factory_query_type';
+import { requestBasicOptionsSchema } from '../model/request_basic_options';
+import { timerange } from '../model/timerange';
+
+export const hostOverviewSchema = requestBasicOptionsSchema.extend({
+  factoryQueryType: z.literal(HostsQueries.overview),
+  timerange,
+});
+
+export type HostOverviewRequestOptionsInput = z.input<typeof hostOverviewSchema>;
+
+export type HostOverviewRequestOptions = z.infer<typeof hostOverviewSchema>;

x-pack/plugins/security_solution/common/api/search_strategy/hosts/uncommon_processes.ts

@@ -0,0 +1,24 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { z } from 'zod';
+import { HostsQueries } from '../model/factory_query_type';
+import { pagination } from '../model/pagination';
+import { requestBasicOptionsSchema } from '../model/request_basic_options';
+import { sort } from '../model/sort';
+import { timerange } from '../model/timerange';
+
+export const hostUncommonProcessesSchema = requestBasicOptionsSchema.extend({
+  sort,
+  pagination,
+  timerange,
+  factoryQueryType: z.literal(HostsQueries.uncommonProcesses),
+});
+
+export type HostUncommonProcessesRequestOptionsInput = z.input<typeof hostUncommonProcessesSchema>;
+
+export type HostUncommonProcessesRequestOptions = z.infer<typeof hostUncommonProcessesSchema>;

x-pack/plugins/security_solution/common/api/search_strategy/index.ts

@@ -5,4 +5,114 @@
  * 2.0.
  */
 
+import { z } from 'zod';
+
+import {
+  threatIntelSourceRequestOptionsSchema,
+  eventEnrichmentRequestOptionsSchema,
+} from './cti/cti';
+
+import { firstLastSeenRequestOptionsSchema } from './first_seen_last_seen/first_seen_last_seen';
+import {
+  allHostsSchema,
+  hostDetailsSchema,
+  hostOverviewSchema,
+  hostUncommonProcessesSchema,
+  kpiHostsSchema,
+  kpiUniqueIpsSchema,
+} from './hosts/hosts';
+import { matrixHistogramSchema } from './matrix_histogram/matrix_histogram';
+import { networkDetailsSchema } from './network/details';
+import { networkDnsSchema } from './network/dns';
+import { networkHttpSchema } from './network/http';
+import {
+  networkKpiDns,
+  networkKpiEvents,
+  networkKpiTlsHandshakes,
+  networkKpiUniqueFlows,
+  networkKpiUniquePrivateIps,
+} from './network/kpi';
+import { networkOverviewSchema } from './network/overview';
+import { networkTlsSchema } from './network/tls';
+import { networkTopCountriesSchema } from './network/top_countries';
+import { networkTopNFlowSchema } from './network/top_n_flow';
+import { networkUsersSchema } from './network/users';
+
+import {
+  relatedHostsRequestOptionsSchema,
+  relatedUsersRequestOptionsSchema,
+} from './related_entities/related_entities';
+
+import {
+  hostsRiskScoreRequestOptionsSchema,
+  riskScoreKpiRequestOptionsSchema,
+  usersRiskScoreRequestOptionsSchema,
+} from './risk_score/risk_score';
+
+import {
+  authenticationsKpiSchema,
+  managedUserDetailsSchema,
+  observedUserDetailsSchema,
+  totalUsersKpiSchema,
+  userAuthenticationsSchema,
+  usersSchema,
+} from './users/users';
+
 export * from './first_seen_last_seen/first_seen_last_seen';
+
+export * from './hosts/hosts';
+
+export * from './users/users';
+
+export * from './matrix_histogram/matrix_histogram';
+
+export * from './network/network';
+
+export * from './related_entities/related_entities';
+
+export * from './risk_score/risk_score';
+
+export * from './cti/cti';
+
+export * from './model/pagination';
+
+export * from './model/factory_query_type';
+
+export * from './model/runtime_mappings';
+
+export const searchStrategyRequestSchema = z.discriminatedUnion('factoryQueryType', [
+  firstLastSeenRequestOptionsSchema,
+  allHostsSchema,
+  hostDetailsSchema,
+  kpiHostsSchema,
+  kpiUniqueIpsSchema,
+  hostOverviewSchema,
+  hostUncommonProcessesSchema,
+  usersSchema,
+  observedUserDetailsSchema,
+  managedUserDetailsSchema,
+  totalUsersKpiSchema,
+  authenticationsKpiSchema,
+  userAuthenticationsSchema,
+  hostsRiskScoreRequestOptionsSchema,
+  usersRiskScoreRequestOptionsSchema,
+  riskScoreKpiRequestOptionsSchema,
+  relatedHostsRequestOptionsSchema,
+  relatedUsersRequestOptionsSchema,
+  networkDetailsSchema,
+  networkDnsSchema,
+  networkHttpSchema,
+  networkOverviewSchema,
+  networkTlsSchema,
+  networkTopCountriesSchema,
+  networkTopNFlowSchema,
+  networkUsersSchema,
+  networkKpiDns,
+  networkKpiEvents,
+  networkKpiTlsHandshakes,
+  networkKpiUniqueFlows,
+  networkKpiUniquePrivateIps,
+  matrixHistogramSchema,
+  threatIntelSourceRequestOptionsSchema,
+  eventEnrichmentRequestOptionsSchema,
+]);

x-pack/plugins/security_solution/common/api/search_strategy/matrix_histogram/matrix_histogram.ts

@@ -0,0 +1,56 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { z } from 'zod';
+import { MatrixHistogramQuery } from '../model/factory_query_type';
+import { inspect } from '../model/inspect';
+import { requestBasicOptionsSchema } from '../model/request_basic_options';
+import { runtimeMappings } from '../model/runtime_mappings';
+import { timerange } from '../model/timerange';
+
+export enum MatrixHistogramType {
+  authentications = 'authentications',
+  anomalies = 'anomalies',
+  events = 'events',
+  alerts = 'alerts',
+  dns = 'dns',
+  preview = 'preview',
+}
+
+export const matrixHistogramSchema = requestBasicOptionsSchema.extend({
+  histogramType: z.enum([
+    MatrixHistogramType.alerts,
+    MatrixHistogramType.anomalies,
+    MatrixHistogramType.authentications,
+    MatrixHistogramType.dns,
+    MatrixHistogramType.events,
+    MatrixHistogramType.preview,
+  ]),
+  stackByField: z.string().optional(),
+  threshold: z
+    .object({
+      field: z.array(z.string()),
+      value: z.string(),
+      cardinality: z
+        .object({
+          field: z.array(z.string()),
+          value: z.string(),
+        })
+        .optional(),
+    })
+    .optional(),
+  inspect,
+  isPtrIncluded: z.boolean().default(false),
+  includeMissingData: z.boolean().default(true),
+  runtimeMappings,
+  timerange,
+  factoryQueryType: z.literal(MatrixHistogramQuery),
+});
+
+export type MatrixHistogramRequestOptionsInput = z.input<typeof matrixHistogramSchema>;
+
+export type MatrixHistogramRequestOptions = z.infer<typeof matrixHistogramSchema>;

x-pack/plugins/security_solution/common/api/search_strategy/model/factory_query_type.ts

@@ -0,0 +1,78 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+export enum HostsQueries {
+  details = 'hostDetails',
+  hosts = 'hosts',
+  overview = 'overviewHost',
+  uncommonProcesses = 'uncommonProcesses',
+}
+
+export enum NetworkKpiQueries {
+  dns = 'networkKpiDns',
+  networkEvents = 'networkKpiNetworkEvents',
+  tlsHandshakes = 'networkKpiTlsHandshakes',
+  uniqueFlows = 'networkKpiUniqueFlows',
+  uniquePrivateIps = 'networkKpiUniquePrivateIps',
+}
+
+export enum HostsKpiQueries {
+  kpiHosts = 'hostsKpiHosts',
+  kpiUniqueIps = 'hostsKpiUniqueIps',
+}
+
+export enum UsersQueries {
+  observedDetails = 'observedUserDetails',
+  managedDetails = 'managedUserDetails',
+  kpiTotalUsers = 'usersKpiTotalUsers',
+  users = 'allUsers',
+  authentications = 'authentications',
+  kpiAuthentications = 'usersKpiAuthentications',
+}
+
+export enum NetworkQueries {
+  details = 'networkDetails',
+  dns = 'dns',
+  http = 'http',
+  overview = 'overviewNetwork',
+  tls = 'tls',
+  topCountries = 'topCountries',
+  topNFlow = 'topNFlow',
+  users = 'users',
+}
+
+export enum RiskQueries {
+  hostsRiskScore = 'hostsRiskScore',
+  usersRiskScore = 'usersRiskScore',
+  kpiRiskScore = 'kpiRiskScore',
+}
+
+export enum CtiQueries {
+  eventEnrichment = 'eventEnrichment',
+  dataSource = 'dataSource',
+}
+
+export const MatrixHistogramQuery = 'matrixHistogram';
+
+export const FirstLastSeenQuery = 'firstlastseen';
+
+export enum RelatedEntitiesQueries {
+  relatedHosts = 'relatedHosts',
+  relatedUsers = 'relatedUsers',
+}
+
+export type FactoryQueryTypes =
+  | HostsQueries
+  | HostsKpiQueries
+  | UsersQueries
+  | NetworkQueries
+  | NetworkKpiQueries
+  | RiskQueries
+  | CtiQueries
+  | typeof MatrixHistogramQuery
+  | typeof FirstLastSeenQuery
+  | RelatedEntitiesQueries;

x-pack/plugins/security_solution/common/api/search_strategy/model/filter_query.ts

@@ -71,7 +71,7 @@ export type ESQuery =
   | ESBoolQuery
   | JsonObject;
 
-const esQuerySchema = z.union([
+export const esQuerySchema = z.union([
   esRangeQuerySchema,
   esQueryStringQuerySchema,
   esMatchQuerySchema,
@@ -80,4 +80,4 @@ const esQuerySchema = z.union([
   jsonObjectSchema,
 ]);
 
-export const filterQuery = z.union([z.string(), z.undefined(), esQuerySchema]);
+export const filterQuery = z.union([z.string(), z.any()]).optional();

x-pack/plugins/security_solution/common/api/search_strategy/model/inspect.ts

@@ -0,0 +1,19 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { z } from 'zod';
+
+export const inspect = z
+  .union([
+    z
+      .object({
+        dsl: z.array(z.string()),
+      })
+      .nullable(),
+    z.boolean(),
+  ])
+  .optional();

x-pack/plugins/security_solution/common/api/search_strategy/model/order.ts

@@ -7,6 +7,8 @@
 
 import { Direction } from '@kbn/timelines-plugin/common';
 
+export { Direction };
+
 import { z } from 'zod';
 
 export const order = z.enum([Direction.asc, Direction.desc]);

x-pack/plugins/security_solution/common/api/search_strategy/model/pagination.ts

@@ -0,0 +1,28 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { z } from 'zod';
+
+export type PaginationInputPaginatedInput = z.input<typeof pagination>;
+
+export const pagination = z
+  .object({
+    /** The activePage parameter defines the page of results you want to fetch */
+    activePage: z.number(),
+    /** The cursorStart parameter defines the start of the results to be displayed */
+    cursorStart: z.number(),
+    /** The fakePossibleCount parameter determines the total count in order to show 5 additional pages */
+    fakePossibleCount: z.number(),
+    /** The querySize parameter is the number of items to be returned */
+    querySize: z.number(),
+  })
+  .default({
+    activePage: 0,
+    cursorStart: 0,
+    fakePossibleCount: 0,
+    querySize: 0,
+  });

x-pack/plugins/security_solution/common/api/search_strategy/model/request_basic_options.ts

@@ -7,20 +7,16 @@
 
 import { z } from 'zod';
 import { filterQuery } from './filter_query';
+import { timerange } from './timerange';
 
 export const requestBasicOptionsSchema = z.object({
-  timerange: z.object({
-    interval: z.string(),
-    from: z.string(),
-    to: z.string(),
-  }),
+  timerange: timerange.optional(),
   filterQuery,
-  defaultIndex: z.array(z.string()),
-
-  // This comes from the IKibanaSearchRequest
-  factoryQueryType: z.union([z.string(), z.undefined()]),
-  id: z.union([z.string(), z.undefined()]),
-  params: z.union([z.object({}), z.undefined()]),
+  defaultIndex: z.array(z.string()).optional(),
+  id: z.string().optional(),
+  params: z.any().optional(),
 });
 
+export type RequestBasicOptionsInput = z.input<typeof requestBasicOptionsSchema>;
+
 export type RequestBasicOptions = z.infer<typeof requestBasicOptionsSchema>;

x-pack/plugins/security_solution/common/api/search_strategy/model/request_paginated_options.ts

@@ -0,0 +1,15 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { sort } from '../hosts/model/sort';
+import { pagination } from './pagination';
+import { requestBasicOptionsSchema } from './request_basic_options';
+
+export const requestOptionsPaginatedSchema = requestBasicOptionsSchema.extend({
+  pagination,
+  sort,
+});

x-pack/plugins/security_solution/common/api/search_strategy/model/runtime_mappings.ts

@@ -0,0 +1,49 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { z } from 'zod';
+
+export type MappingRuntimeFieldType =
+  | 'boolean'
+  | 'date'
+  | 'double'
+  | 'geo_point'
+  | 'ip'
+  | 'keyword'
+  | 'long'
+  | 'lookup';
+
+export const runtimeMappings = z
+  .record(
+    z.object({
+      type: z.union([
+        z.literal('boolean'),
+        z.literal('date'),
+        z.literal('double'),
+        z.literal('geo_point'),
+        z.literal('ip'),
+        z.literal('keyword'),
+        z.literal('long'),
+        z.literal('lookup'),
+      ]),
+      script: z
+        .union([
+          z.string(),
+          z.object({ source: z.string() }),
+          z.object({ id: z.string(), params: z.record(z.any()) }),
+        ])
+        .optional(),
+      fetch_fields: z.array(z.string()).optional(),
+      format: z.string().optional(),
+      input_field: z.string().optional(),
+      target_field: z.string().optional(),
+      target_index: z.string().optional(),
+    })
+  )
+  .optional();
+
+export type RunTimeMappings = z.infer<typeof runtimeMappings>;

x-pack/plugins/security_solution/common/api/search_strategy/model/sort.ts

@@ -0,0 +1,16 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { z } from 'zod';
+import { Direction, order } from './order';
+
+export const sort = z
+  .object({
+    direction: order.default(Direction.desc),
+    field: z.string().default('@timestamp'),
+  })
+  .default({ direction: Direction.desc, field: '@timestamp' });

x-pack/plugins/security_solution/common/api/search_strategy/model/timerange.ts

@@ -0,0 +1,14 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { z } from 'zod';
+
+export const timerange = z.object({
+  interval: z.string(),
+  from: z.string(),
+  to: z.string(),
+});

x-pack/plugins/security_solution/common/api/search_strategy/network/details.ts

@@ -0,0 +1,19 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { z } from 'zod';
+import { NetworkQueries } from '../model/factory_query_type';
+import { requestBasicOptionsSchema } from '../model/request_basic_options';
+
+export const networkDetailsSchema = requestBasicOptionsSchema.extend({
+  ip: z.string().ip(),
+  factoryQueryType: z.literal(NetworkQueries.details),
+});
+
+export type NetworkDetailsRequestOptionsInput = z.input<typeof networkDetailsSchema>;
+
+export type NetworkDetailsRequestOptions = z.infer<typeof networkDetailsSchema>;

x-pack/plugins/security_solution/common/api/search_strategy/network/dns.ts

@@ -0,0 +1,32 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { z } from 'zod';
+import { NetworkQueries } from '../model/factory_query_type';
+import { requestOptionsPaginatedSchema } from '../model/request_paginated_options';
+import { sort } from '../model/sort';
+import { timerange } from '../model/timerange';
+
+export enum NetworkDnsFields {
+  dnsName = 'dnsName',
+  queryCount = 'queryCount',
+  uniqueDomains = 'uniqueDomains',
+  dnsBytesIn = 'dnsBytesIn',
+  dnsBytesOut = 'dnsBytesOut',
+}
+
+export const networkDnsSchema = requestOptionsPaginatedSchema.extend({
+  isPtrIncluded: z.boolean().default(false),
+  stackByField: z.string().optional(),
+  sort,
+  timerange,
+  factoryQueryType: z.literal(NetworkQueries.dns),
+});
+
+export type NetworkDnsRequestOptionsInput = z.input<typeof networkDnsSchema>;
+
+export type NetworkDnsRequestOptions = z.infer<typeof networkDnsSchema>;

x-pack/plugins/security_solution/common/api/search_strategy/network/http.ts

@@ -0,0 +1,25 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { z } from 'zod';
+import { NetworkQueries } from '../model/factory_query_type';
+
+import { requestOptionsPaginatedSchema } from '../model/request_paginated_options';
+import { sort } from '../model/sort';
+import { timerange } from '../model/timerange';
+
+export const networkHttpSchema = requestOptionsPaginatedSchema.extend({
+  ip: z.string().ip().optional(),
+  defaultIndex: z.array(z.string()).min(1).optional(),
+  timerange,
+  sort,
+  factoryQueryType: z.literal(NetworkQueries.http),
+});
+
+export type NetworkHttpRequestOptionsInput = z.input<typeof networkHttpSchema>;
+
+export type NetworkHttpRequestOptions = z.infer<typeof networkHttpSchema>;

x-pack/plugins/security_solution/common/api/search_strategy/network/kpi/dns.ts

@@ -0,0 +1,21 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { z } from 'zod';
+import { NetworkKpiQueries } from '../../model/factory_query_type';
+
+import { requestBasicOptionsSchema } from '../../model/request_basic_options';
+import { timerange } from '../../model/timerange';
+
+export const networkKpiDns = requestBasicOptionsSchema.extend({
+  timerange,
+  factoryQueryType: z.literal(NetworkKpiQueries.dns),
+});
+
+export type NetworkKpiDnsRequestOptionsInput = z.input<typeof networkKpiDns>;
+
+export type NetworkKpiDnsRequestOptions = z.infer<typeof networkKpiDns>;

x-pack/plugins/security_solution/common/api/search_strategy/network/kpi/events.ts

@@ -0,0 +1,21 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { z } from 'zod';
+import { NetworkKpiQueries } from '../../model/factory_query_type';
+
+import { requestBasicOptionsSchema } from '../../model/request_basic_options';
+import { timerange } from '../../model/timerange';
+
+export const networkKpiEvents = requestBasicOptionsSchema.extend({
+  timerange,
+  factoryQueryType: z.literal(NetworkKpiQueries.networkEvents),
+});
+
+export type NetworkKpiEventsRequestOptionsInput = z.input<typeof networkKpiEvents>;
+
+export type NetworkKpiEventsRequestOptions = z.infer<typeof networkKpiEvents>;

x-pack/plugins/security_solution/common/api/search_strategy/network/kpi/index.ts

@@ -0,0 +1,16 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+export * from './dns';
+
+export * from './events';
+
+export * from './tls_handshakes';
+
+export * from './unique_flows';
+
+export * from './unique_private_ips';

x-pack/plugins/security_solution/common/api/search_strategy/network/kpi/tls_handshakes.ts

@@ -0,0 +1,21 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { z } from 'zod';
+import { NetworkKpiQueries } from '../../model/factory_query_type';
+
+import { requestBasicOptionsSchema } from '../../model/request_basic_options';
+import { timerange } from '../../model/timerange';
+
+export const networkKpiTlsHandshakes = requestBasicOptionsSchema.extend({
+  timerange,
+  factoryQueryType: z.literal(NetworkKpiQueries.tlsHandshakes),
+});
+
+export type NetworkKpiTlsHandshakesRequestOptionsInput = z.input<typeof networkKpiTlsHandshakes>;
+
+export type NetworkKpiTlsHandshakesRequestOptions = z.infer<typeof networkKpiTlsHandshakes>;

x-pack/plugins/security_solution/common/api/search_strategy/network/kpi/unique_flows.ts

@@ -0,0 +1,21 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { z } from 'zod';
+import { NetworkKpiQueries } from '../../model/factory_query_type';
+
+import { requestBasicOptionsSchema } from '../../model/request_basic_options';
+import { timerange } from '../../model/timerange';
+
+export const networkKpiUniqueFlows = requestBasicOptionsSchema.extend({
+  timerange,
+  factoryQueryType: z.literal(NetworkKpiQueries.uniqueFlows),
+});
+
+export type NetworkKpiUniqueFlowsRequestOptionsInput = z.input<typeof networkKpiUniqueFlows>;
+
+export type NetworkKpiUniqueFlowsRequestOptions = z.infer<typeof networkKpiUniqueFlows>;

x-pack/plugins/security_solution/common/api/search_strategy/network/kpi/unique_private_ips.ts

@@ -0,0 +1,23 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { z } from 'zod';
+import { NetworkKpiQueries } from '../../model/factory_query_type';
+
+import { requestBasicOptionsSchema } from '../../model/request_basic_options';
+import { timerange } from '../../model/timerange';
+
+export const networkKpiUniquePrivateIps = requestBasicOptionsSchema.extend({
+  timerange,
+  factoryQueryType: z.literal(NetworkKpiQueries.uniquePrivateIps),
+});
+
+export type NetworkKpiUniquePrivateIpsRequestOptionsInput = z.input<
+  typeof networkKpiUniquePrivateIps
+>;
+
+export type NetworkKpiUniquePrivateIpsRequestOptions = z.infer<typeof networkKpiUniquePrivateIps>;

x-pack/plugins/security_solution/common/api/search_strategy/network/model/flow_target.ts

@@ -0,0 +1,15 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { z } from 'zod';
+
+export enum FlowTargetSourceDest {
+  destination = 'destination',
+  source = 'source',
+}
+
+export const flowTarget = z.enum([FlowTargetSourceDest.destination, FlowTargetSourceDest.source]);

x-pack/plugins/security_solution/common/api/search_strategy/network/model/top_tables_fields.ts

@@ -0,0 +1,24 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { z } from 'zod';
+
+export enum NetworkTopTablesFields {
+  bytes_in = 'bytes_in',
+  bytes_out = 'bytes_out',
+  flows = 'flows',
+  destination_ips = 'destination_ips',
+  source_ips = 'source_ips',
+}
+
+export const topTablesFields = z.enum([
+  NetworkTopTablesFields.bytes_in,
+  NetworkTopTablesFields.bytes_out,
+  NetworkTopTablesFields.flows,
+  NetworkTopTablesFields.destination_ips,
+  NetworkTopTablesFields.source_ips,
+]);

x-pack/plugins/security_solution/common/api/search_strategy/network/network.ts

@@ -0,0 +1,24 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+export * from './details';
+
+export * from './dns';
+
+export * from './http';
+
+export * from './kpi';
+
+export * from './overview';
+
+export * from './tls';
+
+export * from './top_countries';
+
+export * from './top_n_flow';
+
+export * from './users';

x-pack/plugins/security_solution/common/api/search_strategy/network/overview.ts

@@ -0,0 +1,21 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { z } from 'zod';
+import { NetworkQueries } from '../model/factory_query_type';
+
+import { requestBasicOptionsSchema } from '../model/request_basic_options';
+import { timerange } from '../model/timerange';
+
+export const networkOverviewSchema = requestBasicOptionsSchema.extend({
+  timerange,
+  factoryQueryType: z.literal(NetworkQueries.overview),
+});
+
+export type NetworkOverviewRequestOptionsInput = z.input<typeof networkOverviewSchema>;
+
+export type NetworkOverviewRequestOptions = z.infer<typeof networkOverviewSchema>;

x-pack/plugins/security_solution/common/api/search_strategy/network/tls.ts

@@ -0,0 +1,29 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { z } from 'zod';
+import { NetworkQueries } from '../model/factory_query_type';
+import { requestOptionsPaginatedSchema } from '../model/request_paginated_options';
+import { sort } from '../model/sort';
+import { timerange } from '../model/timerange';
+import { flowTarget } from './model/flow_target';
+
+export enum NetworkTlsFields {
+  _id = '_id',
+}
+
+export const networkTlsSchema = requestOptionsPaginatedSchema.extend({
+  ip: z.string().optional(),
+  flowTarget,
+  sort,
+  timerange,
+  factoryQueryType: z.literal(NetworkQueries.tls),
+});
+
+export type NetworkTlsRequestOptionsInput = z.input<typeof networkTlsSchema>;
+
+export type NetworkTlsRequestOptions = z.infer<typeof networkTlsSchema>;

x-pack/plugins/security_solution/common/api/search_strategy/network/top_countries.ts

@@ -0,0 +1,27 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { z } from 'zod';
+import { NetworkQueries } from '../model/factory_query_type';
+import { filterQuery } from '../model/filter_query';
+import { requestOptionsPaginatedSchema } from '../model/request_paginated_options';
+import { sort } from '../model/sort';
+import { timerange } from '../model/timerange';
+import { flowTarget } from './model/flow_target';
+
+export const networkTopCountriesSchema = requestOptionsPaginatedSchema.extend({
+  ip: z.string().ip().optional(),
+  flowTarget,
+  sort,
+  filterQuery,
+  timerange,
+  factoryQueryType: z.literal(NetworkQueries.topCountries),
+});
+
+export type NetworkTopCountriesRequestOptionsInput = z.input<typeof networkTopCountriesSchema>;
+
+export type NetworkTopCountriesRequestOptions = z.infer<typeof networkTopCountriesSchema>;

x-pack/plugins/security_solution/common/api/search_strategy/network/top_n_flow.ts

@@ -0,0 +1,25 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { z } from 'zod';
+import { NetworkQueries } from '../model/factory_query_type';
+import { requestOptionsPaginatedSchema } from '../model/request_paginated_options';
+import { sort } from '../model/sort';
+import { timerange } from '../model/timerange';
+import { flowTarget } from './model/flow_target';
+
+export const networkTopNFlowSchema = requestOptionsPaginatedSchema.extend({
+  ip: z.string().ip().nullable().optional(),
+  flowTarget,
+  sort,
+  timerange,
+  factoryQueryType: z.literal(NetworkQueries.topNFlow),
+});
+
+export type NetworkTopNFlowRequestOptionsInput = z.input<typeof networkTopNFlowSchema>;
+
+export type NetworkTopNFlowRequestOptions = z.infer<typeof networkTopNFlowSchema>;

x-pack/plugins/security_solution/common/api/search_strategy/network/users.ts

@@ -0,0 +1,30 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { z } from 'zod';
+import { NetworkQueries } from '../model/factory_query_type';
+import { requestOptionsPaginatedSchema } from '../model/request_paginated_options';
+import { sort } from '../model/sort';
+import { timerange } from '../model/timerange';
+import { flowTarget } from './model/flow_target';
+
+export enum NetworkUsersFields {
+  name = 'name',
+  count = 'count',
+}
+
+export const networkUsersSchema = requestOptionsPaginatedSchema.extend({
+  ip: z.string().ip(),
+  flowTarget,
+  sort,
+  timerange,
+  factoryQueryType: z.literal(NetworkQueries.users),
+});
+
+export type NetworkUsersRequestOptionsInput = z.input<typeof networkUsersSchema>;
+
+export type NetworkUsersRequestOptions = z.infer<typeof networkUsersSchema>;

x-pack/plugins/security_solution/common/api/search_strategy/related_entities/related_entities.ts

@@ -0,0 +1,10 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+export * from './related_hosts';
+
+export * from './related_users';

x-pack/plugins/security_solution/common/api/search_strategy/related_entities/related_hosts.ts

@@ -0,0 +1,24 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { z } from 'zod';
+import { RelatedEntitiesQueries } from '../model/factory_query_type';
+import { inspect } from '../model/inspect';
+import { requestBasicOptionsSchema } from '../model/request_basic_options';
+
+export const relatedHostsRequestOptionsSchema = requestBasicOptionsSchema.extend({
+  userName: z.string(),
+  skip: z.boolean().optional(),
+  from: z.string(),
+  inspect,
+  isNewRiskScoreModuleAvailable: z.boolean().default(false),
+  factoryQueryType: z.literal(RelatedEntitiesQueries.relatedHosts),
+});
+
+export type RelatedHostsRequestOptionsInput = z.input<typeof relatedHostsRequestOptionsSchema>;
+
+export type RelatedHostsRequestOptions = z.infer<typeof relatedHostsRequestOptionsSchema>;

x-pack/plugins/security_solution/common/api/search_strategy/related_entities/related_users.ts

@@ -0,0 +1,24 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { z } from 'zod';
+import { RelatedEntitiesQueries } from '../model/factory_query_type';
+import { inspect } from '../model/inspect';
+import { requestBasicOptionsSchema } from '../model/request_basic_options';
+
+export const relatedUsersRequestOptionsSchema = requestBasicOptionsSchema.extend({
+  hostName: z.string(),
+  skip: z.boolean().optional(),
+  from: z.string(),
+  inspect,
+  isNewRiskScoreModuleAvailable: z.boolean().default(false),
+  factoryQueryType: z.literal(RelatedEntitiesQueries.relatedUsers),
+});
+
+export type RelatedUsersRequestOptionsInput = z.input<typeof relatedUsersRequestOptionsSchema>;
+
+export type RelatedUsersRequestOptions = z.infer<typeof relatedUsersRequestOptionsSchema>;

x-pack/plugins/security_solution/common/api/search_strategy/risk_score/all.ts

@@ -0,0 +1,69 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { z } from 'zod';
+import { RiskQueries } from '../model/factory_query_type';
+import { requestBasicOptionsSchema } from '../model/request_basic_options';
+import { sort } from '../model/sort';
+import { timerange } from '../model/timerange';
+import { riskScoreEntity } from './model/risk_score_entity';
+
+export enum RiskScoreFields {
+  timestamp = '@timestamp',
+  hostName = 'host.name',
+  hostRiskScore = 'host.risk.calculated_score_norm',
+  hostRisk = 'host.risk.calculated_level',
+  userName = 'user.name',
+  userRiskScore = 'user.risk.calculated_score_norm',
+  userRisk = 'user.risk.calculated_level',
+  alertsCount = 'alertsCount',
+}
+
+const baseRiskScoreRequestOptionsSchema = requestBasicOptionsSchema.extend({
+  alertsTimerange: timerange.optional(),
+  riskScoreEntity,
+  includeAlertsCount: z.boolean().optional(),
+  onlyLatest: z.boolean().optional(),
+  pagination: z
+    .object({
+      cursorStart: z.number(),
+      querySize: z.number(),
+    })
+    .optional(),
+  sort: sort
+    .removeDefault()
+    .extend({
+      field: z.enum([
+        RiskScoreFields.timestamp,
+        RiskScoreFields.hostName,
+        RiskScoreFields.hostRiskScore,
+        RiskScoreFields.hostRisk,
+        RiskScoreFields.userName,
+        RiskScoreFields.userRiskScore,
+        RiskScoreFields.userRisk,
+        RiskScoreFields.alertsCount,
+      ]),
+    })
+    .optional(),
+});
+
+export const hostsRiskScoreRequestOptionsSchema = baseRiskScoreRequestOptionsSchema.extend({
+  factoryQueryType: z.literal(RiskQueries.hostsRiskScore),
+});
+
+export const usersRiskScoreRequestOptionsSchema = baseRiskScoreRequestOptionsSchema.extend({
+  factoryQueryType: z.literal(RiskQueries.usersRiskScore),
+});
+
+export const riskScoreRequestOptionsSchema = z.union([
+  hostsRiskScoreRequestOptionsSchema,
+  usersRiskScoreRequestOptionsSchema,
+]);
+
+export type RiskScoreRequestOptionsInput = z.input<typeof riskScoreRequestOptionsSchema>;
+
+export type RiskScoreRequestOptions = z.infer<typeof riskScoreRequestOptionsSchema>;

x-pack/plugins/security_solution/common/api/search_strategy/risk_score/kpi.ts

@@ -0,0 +1,20 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { z } from 'zod';
+import { RiskQueries } from '../model/factory_query_type';
+import { requestBasicOptionsSchema } from '../model/request_basic_options';
+import { riskScoreEntity } from './model/risk_score_entity';
+
+export const riskScoreKpiRequestOptionsSchema = requestBasicOptionsSchema.extend({
+  entity: riskScoreEntity,
+  factoryQueryType: z.literal(RiskQueries.kpiRiskScore),
+});
+
+export type RiskScoreKpiRequestOptionsInput = z.input<typeof riskScoreKpiRequestOptionsSchema>;
+
+export type RiskScoreKpiRequestOptions = z.infer<typeof riskScoreKpiRequestOptionsSchema>;

x-pack/plugins/security_solution/common/api/search_strategy/risk_score/model/risk_score_entity.ts

@@ -0,0 +1,15 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { z } from 'zod';
+
+export enum RiskScoreEntity {
+  host = 'host',
+  user = 'user',
+}
+
+export const riskScoreEntity = z.enum([RiskScoreEntity.host, RiskScoreEntity.user]);

x-pack/plugins/security_solution/common/api/search_strategy/risk_score/risk_score.ts

@@ -0,0 +1,10 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+export * from './all';
+
+export * from './kpi';

x-pack/plugins/security_solution/common/api/search_strategy/users/all.ts

@@ -0,0 +1,31 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { z } from 'zod';
+import { UsersQueries } from '../model/factory_query_type';
+import { requestOptionsPaginatedSchema } from '../model/request_paginated_options';
+import { sort } from '../model/sort';
+import { timerange } from '../model/timerange';
+
+export enum UsersFields {
+  name = 'name',
+  domain = 'domain',
+  lastSeen = 'lastSeen',
+}
+
+export const usersSchema = requestOptionsPaginatedSchema.extend({
+  sort: sort.removeDefault().extend({
+    field: z.enum([UsersFields.name, UsersFields.lastSeen]),
+  }),
+  timerange,
+  isNewRiskScoreModuleAvailable: z.boolean().default(false),
+  factoryQueryType: z.literal(UsersQueries.users),
+});
+
+export type UsersRequestOptionsInput = z.input<typeof usersSchema>;
+
+export type UsersRequestOptions = z.infer<typeof usersSchema>;

x-pack/plugins/security_solution/common/api/search_strategy/users/authentications.ts

@@ -0,0 +1,27 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { z } from 'zod';
+import { UsersQueries } from '../model/factory_query_type';
+
+import { requestOptionsPaginatedSchema } from '../model/request_paginated_options';
+import { timerange } from '../model/timerange';
+
+export enum AuthStackByField {
+  userName = 'user.name',
+  hostName = 'host.name',
+}
+
+export const userAuthenticationsSchema = requestOptionsPaginatedSchema.extend({
+  stackByField: z.enum([AuthStackByField.userName, AuthStackByField.hostName]),
+  timerange,
+  factoryQueryType: z.literal(UsersQueries.authentications),
+});
+
+export type UserAuthenticationsRequestOptionsInput = z.input<typeof userAuthenticationsSchema>;
+
+export type UserAuthenticationsRequestOptions = z.infer<typeof userAuthenticationsSchema>;

x-pack/plugins/security_solution/common/api/search_strategy/users/kpi/authentications.ts

@@ -0,0 +1,21 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { z } from 'zod';
+import { UsersQueries } from '../../model/factory_query_type';
+
+import { requestBasicOptionsSchema } from '../../model/request_basic_options';
+import { timerange } from '../../model/timerange';
+
+export const authenticationsKpiSchema = requestBasicOptionsSchema.extend({
+  timerange,
+  factoryQueryType: z.literal(UsersQueries.kpiAuthentications),
+});
+
+export type AuthenticationsKpiRequestOptionsInput = z.input<typeof authenticationsKpiSchema>;
+
+export type AuthenticationsKpiRequestOptions = z.infer<typeof authenticationsKpiSchema>;

x-pack/plugins/security_solution/common/api/search_strategy/users/kpi/total_users.ts

@@ -0,0 +1,21 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { z } from 'zod';
+import { UsersQueries } from '../../model/factory_query_type';
+
+import { requestBasicOptionsSchema } from '../../model/request_basic_options';
+import { timerange } from '../../model/timerange';
+
+export const totalUsersKpiSchema = requestBasicOptionsSchema.extend({
+  timerange,
+  factoryQueryType: z.literal(UsersQueries.kpiTotalUsers),
+});
+
+export type TotalUsersKpiRequestOptionsInput = z.input<typeof totalUsersKpiSchema>;
+
+export type TotalUsersKpiRequestOptions = z.infer<typeof totalUsersKpiSchema>;

x-pack/plugins/security_solution/common/api/search_strategy/users/managed_details.ts

@@ -0,0 +1,20 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { z } from 'zod';
+import { UsersQueries } from '../model/factory_query_type';
+
+import { requestBasicOptionsSchema } from '../model/request_basic_options';
+
+export const managedUserDetailsSchema = requestBasicOptionsSchema.extend({
+  userName: z.string(),
+  factoryQueryType: z.literal(UsersQueries.managedDetails),
+});
+
+export type ManagedUserDetailsRequestOptionsInput = z.input<typeof managedUserDetailsSchema>;
+
+export type ManagedUserDetailsRequestOptions = z.infer<typeof managedUserDetailsSchema>;

x-pack/plugins/security_solution/common/api/search_strategy/users/observed_details.ts

@@ -0,0 +1,25 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { z } from 'zod';
+
+import { requestBasicOptionsSchema } from '../model/request_basic_options';
+import { inspect } from '../model/inspect';
+import { timerange } from '../model/timerange';
+import { UsersQueries } from '../model/factory_query_type';
+
+export const observedUserDetailsSchema = requestBasicOptionsSchema.extend({
+  userName: z.string(),
+  skip: z.boolean().optional(),
+  timerange,
+  inspect,
+  factoryQueryType: z.literal(UsersQueries.observedDetails),
+});
+
+export type ObservedUserDetailsRequestOptionsInput = z.input<typeof observedUserDetailsSchema>;
+
+export type ObservedUserDetailsRequestOptions = z.infer<typeof observedUserDetailsSchema>;

x-pack/plugins/security_solution/common/api/search_strategy/users/users.ts

@@ -0,0 +1,18 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+export * from './observed_details';
+
+export * from './managed_details';
+
+export * from './kpi/total_users';
+
+export * from './kpi/authentications';
+
+export * from './all';
+
+export * from './authentications';

x-pack/plugins/security_solution/common/search_strategy/security_solution/cti/index.mock.ts

@@ -6,13 +6,14 @@
  */
 
 import type { IEsSearchResponse } from '@kbn/data-plugin/public';
+import type { EventEnrichmentRequestOptions } from '../../../api/search_strategy';
 
-import type { CtiEnrichment, CtiEventEnrichmentRequestOptions } from '.';
+import type { CtiEnrichment } from '.';
 import { CtiQueries } from '.';
 
 export const buildEventEnrichmentRequestOptionsMock = (
-  overrides: Partial<CtiEventEnrichmentRequestOptions> = {}
-): CtiEventEnrichmentRequestOptions => ({
+  overrides: Partial<EventEnrichmentRequestOptions> = {}
+): EventEnrichmentRequestOptions => ({
   defaultIndex: ['filebeat-*'],
   eventFields: {
     'file.hash.md5': '1eee2bf3f56d8abed72da2bc523e7431',

x-pack/plugins/security_solution/common/search_strategy/security_solution/cti/index.ts

@@ -6,20 +6,11 @@
  */
 
 import type * as estypes from '@elastic/elasticsearch/lib/api/typesWithBodyKey';
-import type { IEsSearchResponse, IEsSearchRequest } from '@kbn/data-plugin/public';
-import type { FactoryQueryTypes } from '../..';
+import type { IEsSearchResponse } from '@kbn/data-plugin/public';
 import { EVENT_ENRICHMENT_INDICATOR_FIELD_MAP } from '../../../cti/constants';
-import type { Inspect, Maybe, TimerangeInput } from '../../common';
-import type { RequestBasicOptions } from '..';
+import type { Inspect, Maybe } from '../../common';
 
-export enum CtiQueries {
-  eventEnrichment = 'eventEnrichment',
-  dataSource = 'dataSource',
-}
-
-export interface CtiEventEnrichmentRequestOptions extends RequestBasicOptions {
-  eventFields: Record<string, unknown>;
-}
+export { CtiQueries } from '../../../api/search_strategy';
 
 export type CtiEnrichment = Record<string, unknown[]>;
 export type EventFields = Record<string, unknown>;
@@ -44,12 +35,6 @@ export const validEventFields = Object.keys(EVENT_ENRICHMENT_INDICATOR_FIELD_MAP
 export const isValidEventField = (field: string): field is EventField =>
   validEventFields.includes(field as EventField);
 
-export interface CtiDataSourceRequestOptions extends IEsSearchRequest {
-  defaultIndex: string[];
-  factoryQueryType?: FactoryQueryTypes;
-  timerange?: TimerangeInput;
-}
-
 export interface BucketItem {
   key: string;
   doc_count: number;

x-pack/plugins/security_solution/common/search_strategy/security_solution/first_last_seen/index.ts

@@ -5,7 +5,7 @@
  * 2.0.
  */
 
-export const FirstLastSeenQuery = 'firstlastseen';
+export { FirstLastSeenQuery } from '../../../api/search_strategy';
 
 export type {
   FirstLastSeenRequestOptions,

x-pack/plugins/security_solution/common/search_strategy/security_solution/hosts/all/index.ts

@@ -7,9 +7,9 @@
 
 import type { IEsSearchResponse } from '@kbn/data-plugin/common';
 
-import type { HostItem, HostsFields } from '../common';
+import type { HostsFields } from '../../../../api/search_strategy/hosts/model/sort';
+import type { HostItem } from '../common';
 import type { CursorType, Direction, Inspect, Maybe, PageInfoPaginated } from '../../../common';
-import type { RequestOptionsPaginated } from '../..';
 
 export interface HostsEdges {
   node: HostItem;
@@ -23,11 +23,6 @@ export interface HostsStrategyResponse extends IEsSearchResponse {
   inspect?: Maybe<Inspect>;
 }
 
-export interface HostsRequestOptions extends RequestOptionsPaginated<HostsFields> {
-  defaultIndex: string[];
-  isNewRiskScoreModuleAvailable: boolean;
-}
-
 export interface HostsSortField {
   field: HostsFields;
 

x-pack/plugins/security_solution/common/search_strategy/security_solution/hosts/common/index.ts

@@ -17,11 +17,6 @@ export enum HostPolicyResponseActionStatus {
   unsupported = 'unsupported',
 }
 
-export enum HostsFields {
-  lastSeen = 'lastSeen',
-  hostName = 'hostName',
-}
-
 export interface EndpointFields {
   /** A count of pending endpoint actions against the host */
   pendingActions?: Maybe<EndpointPendingActions['pending_actions']>;

x-pack/plugins/security_solution/common/search_strategy/security_solution/hosts/details/index.ts

@@ -8,21 +8,15 @@
 import type * as estypes from '@elastic/elasticsearch/lib/api/typesWithBodyKey';
 import type { IEsSearchResponse } from '@kbn/data-plugin/common';
 
-import type { Inspect, Maybe, TimerangeInput } from '../../../common';
-import type { HostItem, HostsFields } from '../common';
-import type { RequestOptionsPaginated } from '../..';
+import type { Inspect, Maybe } from '../../../common';
+import type { HostItem } from '../common';
 
 export interface HostDetailsStrategyResponse extends IEsSearchResponse {
   hostDetails: HostItem;
   inspect?: Maybe<Inspect>;
 }
 
-export interface HostDetailsRequestOptions extends Partial<RequestOptionsPaginated<HostsFields>> {
-  hostName: string;
-  skip?: boolean;
-  timerange: TimerangeInput;
-  inspect?: Maybe<Inspect>;
-}
+export type { HostDetailsRequestOptions } from '../../../../api/search_strategy';
 
 export interface AggregationRequest {
   [aggField: string]: estypes.AggregationsAggregationContainer;

x-pack/plugins/security_solution/common/search_strategy/security_solution/hosts/index.ts

@@ -5,6 +5,8 @@
  * 2.0.
  */
 
+import { HostsFields } from '../../../api/search_strategy/hosts/model/sort';
+
 export * from './all';
 export * from './common';
 export * from './details';
@@ -12,9 +14,6 @@ export * from './kpi';
 export * from './overview';
 export * from './uncommon_processes';
 
-export enum HostsQueries {
-  details = 'hostDetails',
-  hosts = 'hosts',
-  overview = 'overviewHost',
-  uncommonProcesses = 'uncommonProcesses',
-}
+export { HostsQueries } from '../../../api/search_strategy';
+
+export { HostsFields };

x-pack/plugins/security_solution/common/search_strategy/security_solution/hosts/kpi/hosts/index.ts

@@ -7,11 +7,8 @@
 
 import type { IEsSearchResponse } from '@kbn/data-plugin/common';
 import type { Inspect, Maybe } from '../../../../common';
-import type { RequestBasicOptions } from '../../..';
 import type { HostsKpiHistogramData } from '../common';
 
-export type HostsKpiHostsRequestOptions = RequestBasicOptions;
-
 export interface HostsKpiHostsStrategyResponse extends IEsSearchResponse {
   hosts: Maybe<number>;
   hostsHistogram: Maybe<HostsKpiHistogramData[]>;

x-pack/plugins/security_solution/common/search_strategy/security_solution/hosts/kpi/unique_ips/index.ts

@@ -7,11 +7,8 @@
 
 import type { IEsSearchResponse } from '@kbn/data-plugin/common';
 import type { Inspect, Maybe } from '../../../../common';
-import type { RequestBasicOptions } from '../../..';
 import type { HostsKpiHistogramData } from '../common';
 
-export type HostsKpiUniqueIpsRequestOptions = RequestBasicOptions;
-
 export interface HostsKpiUniqueIpsStrategyResponse extends IEsSearchResponse {
   uniqueSourceIps: Maybe<number>;
   uniqueSourceIpsHistogram: Maybe<HostsKpiHistogramData[]>;

x-pack/plugins/security_solution/common/search_strategy/security_solution/hosts/overview/index.ts

@@ -7,9 +7,6 @@
 
 import type { IEsSearchResponse } from '@kbn/data-plugin/common';
 import type { Inspect, Maybe, SearchHit } from '../../../common';
-import type { RequestBasicOptions } from '../..';
-
-export type HostOverviewRequestOptions = RequestBasicOptions;
 
 export interface HostsOverviewStrategyResponse extends IEsSearchResponse {
   inspect?: Maybe<Inspect>;

x-pack/plugins/security_solution/common/search_strategy/security_solution/hosts/uncommon_processes/index.ts

@@ -9,8 +9,6 @@ import type { IEsSearchResponse } from '@kbn/data-plugin/common';
 
 import type { HostEcs, ProcessEcs, UserEcs } from '@kbn/securitysolution-ecs';
 import type {
-  RequestOptionsPaginated,
-  SortField,
   CursorType,
   Inspect,
   Maybe,
@@ -22,11 +20,6 @@ import type {
   CommonFields,
 } from '../../..';
 
-export interface HostsUncommonProcessesRequestOptions extends RequestOptionsPaginated {
-  sort: SortField;
-  defaultIndex: string[];
-}
-
 export interface HostsUncommonProcessesStrategyResponse extends IEsSearchResponse {
   edges: HostsUncommonProcessesEdges[];
   totalCount: number;

x-pack/plugins/security_solution/common/search_strategy/security_solution/index.ts

@@ -4,114 +4,129 @@
  * 2.0; you may not use this file except in compliance with the Elastic License
  * 2.0.
  */
-import type { IEsSearchRequest } from '@kbn/data-plugin/common';
-import type { ESQuery } from '../../typed_json';
+
 import type {
   HostDetailsStrategyResponse,
-  HostDetailsRequestOptions,
   HostsOverviewStrategyResponse,
-  HostOverviewRequestOptions,
   HostsQueries,
-  HostsRequestOptions,
   HostsStrategyResponse,
   HostsUncommonProcessesStrategyResponse,
-  HostsUncommonProcessesRequestOptions,
   HostsKpiQueries,
   HostsKpiHostsStrategyResponse,
-  HostsKpiHostsRequestOptions,
   HostsKpiUniqueIpsStrategyResponse,
-  HostsKpiUniqueIpsRequestOptions,
 } from './hosts';
 import type {
   NetworkQueries,
   NetworkDetailsStrategyResponse,
-  NetworkDetailsRequestOptions,
   NetworkDnsStrategyResponse,
-  NetworkDnsRequestOptions,
   NetworkTlsStrategyResponse,
-  NetworkTlsRequestOptions,
   NetworkHttpStrategyResponse,
-  NetworkHttpRequestOptions,
   NetworkOverviewStrategyResponse,
-  NetworkOverviewRequestOptions,
   NetworkTopCountriesStrategyResponse,
-  NetworkTopCountriesRequestOptions,
   NetworkTopNFlowStrategyResponse,
-  NetworkTopNFlowRequestOptions,
   NetworkUsersStrategyResponse,
-  NetworkUsersRequestOptions,
   NetworkKpiQueries,
   NetworkKpiDnsStrategyResponse,
-  NetworkKpiDnsRequestOptions,
   NetworkKpiNetworkEventsStrategyResponse,
-  NetworkKpiNetworkEventsRequestOptions,
   NetworkKpiTlsHandshakesStrategyResponse,
-  NetworkKpiTlsHandshakesRequestOptions,
   NetworkKpiUniqueFlowsStrategyResponse,
-  NetworkKpiUniqueFlowsRequestOptions,
   NetworkKpiUniquePrivateIpsStrategyResponse,
-  NetworkKpiUniquePrivateIpsRequestOptions,
 } from './network';
+import type { MatrixHistogramQuery, MatrixHistogramStrategyResponse } from './matrix_histogram';
 import type {
-  MatrixHistogramQuery,
-  MatrixHistogramRequestOptions,
-  MatrixHistogramStrategyResponse,
-} from './matrix_histogram';
-import type { TimerangeInput, SortField, PaginationInputPaginated } from '../common';
-import type {
-  CtiEventEnrichmentRequestOptions,
   CtiEventEnrichmentStrategyResponse,
   CtiQueries,
-  CtiDataSourceRequestOptions,
   CtiDataSourceStrategyResponse,
 } from './cti';
 
 import type {
   RiskQueries,
   KpiRiskScoreStrategyResponse,
-  KpiRiskScoreRequestOptions,
   HostsRiskScoreStrategyResponse,
   UsersRiskScoreStrategyResponse,
-  RiskScoreRequestOptions,
 } from './risk_score';
 import type { UsersQueries } from './users';
-import type {
-  ObservedUserDetailsRequestOptions,
-  ObservedUserDetailsStrategyResponse,
-} from './users/observed_details';
-import type {
-  TotalUsersKpiRequestOptions,
-  TotalUsersKpiStrategyResponse,
-} from './users/kpi/total_users';
+import type { ObservedUserDetailsStrategyResponse } from './users/observed_details';
+import type { TotalUsersKpiStrategyResponse } from './users/kpi/total_users';
 
-import type {
-  UsersKpiAuthenticationsRequestOptions,
-  UsersKpiAuthenticationsStrategyResponse,
-} from './users/kpi/authentications';
+import type { UsersKpiAuthenticationsStrategyResponse } from './users/kpi/authentications';
 
-import type { UsersRequestOptions, UsersStrategyResponse } from './users/all';
-import type {
-  UserAuthenticationsRequestOptions,
-  UserAuthenticationsStrategyResponse,
-} from './users/authentications';
-import type {
-  FirstLastSeenQuery,
-  FirstLastSeenRequestOptions,
-  FirstLastSeenStrategyResponse,
-} from './first_last_seen';
-import type {
-  ManagedUserDetailsRequestOptions,
-  ManagedUserDetailsStrategyResponse,
-} from './users/managed_details';
+import type { UsersStrategyResponse } from './users/all';
+import type { UserAuthenticationsStrategyResponse } from './users/authentications';
+import type { FirstLastSeenQuery, FirstLastSeenStrategyResponse } from './first_last_seen';
+import type { ManagedUserDetailsStrategyResponse } from './users/managed_details';
 import type { RelatedEntitiesQueries } from './related_entities';
+import type { UsersRelatedHostsStrategyResponse } from './related_entities/related_hosts';
+import type { HostsRelatedUsersStrategyResponse } from './related_entities/related_users';
+
 import type {
-  UsersRelatedHostsRequestOptions,
-  UsersRelatedHostsStrategyResponse,
-} from './related_entities/related_hosts';
-import type {
-  HostsRelatedUsersRequestOptions,
-  HostsRelatedUsersStrategyResponse,
-} from './related_entities/related_users';
+  AuthenticationsKpiRequestOptions,
+  AuthenticationsKpiRequestOptionsInput,
+  EventEnrichmentRequestOptions,
+  EventEnrichmentRequestOptionsInput,
+  FirstLastSeenRequestOptions,
+  FirstLastSeenRequestOptionsInput,
+  HostDetailsRequestOptions,
+  HostDetailsRequestOptionsInput,
+  HostOverviewRequestOptions,
+  HostOverviewRequestOptionsInput,
+  HostsRequestOptions,
+  HostsRequestOptionsInput,
+  HostUncommonProcessesRequestOptions,
+  HostUncommonProcessesRequestOptionsInput,
+  KpiHostsRequestOptions,
+  KpiHostsRequestOptionsInput,
+  KpiUniqueIpsRequestOptions,
+  KpiUniqueIpsRequestOptionsInput,
+  ManagedUserDetailsRequestOptions,
+  ManagedUserDetailsRequestOptionsInput,
+  MatrixHistogramRequestOptions,
+  MatrixHistogramRequestOptionsInput,
+  NetworkDetailsRequestOptions,
+  NetworkDetailsRequestOptionsInput,
+  NetworkDnsRequestOptions,
+  NetworkDnsRequestOptionsInput,
+  NetworkHttpRequestOptions,
+  NetworkHttpRequestOptionsInput,
+  NetworkKpiDnsRequestOptions,
+  NetworkKpiDnsRequestOptionsInput,
+  NetworkKpiEventsRequestOptions,
+  NetworkKpiEventsRequestOptionsInput,
+  NetworkKpiTlsHandshakesRequestOptions,
+  NetworkKpiTlsHandshakesRequestOptionsInput,
+  NetworkKpiUniqueFlowsRequestOptions,
+  NetworkKpiUniqueFlowsRequestOptionsInput,
+  NetworkKpiUniquePrivateIpsRequestOptions,
+  NetworkKpiUniquePrivateIpsRequestOptionsInput,
+  NetworkOverviewRequestOptions,
+  NetworkOverviewRequestOptionsInput,
+  NetworkTlsRequestOptions,
+  NetworkTlsRequestOptionsInput,
+  NetworkTopCountriesRequestOptions,
+  NetworkTopCountriesRequestOptionsInput,
+  NetworkTopNFlowRequestOptions,
+  NetworkTopNFlowRequestOptionsInput,
+  NetworkUsersRequestOptions,
+  NetworkUsersRequestOptionsInput,
+  ObservedUserDetailsRequestOptions,
+  ObservedUserDetailsRequestOptionsInput,
+  RelatedHostsRequestOptions,
+  RelatedHostsRequestOptionsInput,
+  RelatedUsersRequestOptions,
+  RelatedUsersRequestOptionsInput,
+  RiskScoreKpiRequestOptions,
+  RiskScoreKpiRequestOptionsInput,
+  RiskScoreRequestOptions,
+  RiskScoreRequestOptionsInput,
+  ThreatIntelSourceRequestOptions,
+  ThreatIntelSourceRequestOptionsInput,
+  TotalUsersKpiRequestOptions,
+  TotalUsersKpiRequestOptionsInput,
+  UserAuthenticationsRequestOptions,
+  UserAuthenticationsRequestOptionsInput,
+  UsersRequestOptions,
+  UsersRequestOptionsInput,
+} from '../../api/search_strategy';
 
 export * from './cti';
 export * from './hosts';
@@ -134,20 +149,6 @@ export type FactoryQueryTypes =
   | typeof FirstLastSeenQuery
   | RelatedEntitiesQueries;
 
-export interface RequestBasicOptions extends IEsSearchRequest {
-  timerange: TimerangeInput;
-  filterQuery: ESQuery | string | undefined;
-  defaultIndex: string[];
-  factoryQueryType?: FactoryQueryTypes;
-}
-
-/** A mapping of semantic fields to their document counterparts */
-
-export interface RequestOptionsPaginated<Field = string> extends RequestBasicOptions {
-  pagination: PaginationInputPaginated;
-  sort: SortField<Field>;
-}
-
 export type StrategyResponseType<T extends FactoryQueryTypes> = T extends HostsQueries.hosts
   ? HostsStrategyResponse
   : T extends HostsQueries.details
@@ -218,6 +219,76 @@ export type StrategyResponseType<T extends FactoryQueryTypes> = T extends HostsQ
   ? UsersRelatedHostsStrategyResponse
   : never;
 
+export type StrategyRequestInputType<T extends FactoryQueryTypes> = T extends HostsQueries.hosts
+  ? HostsRequestOptionsInput
+  : T extends HostsQueries.details
+  ? HostDetailsRequestOptionsInput
+  : T extends HostsQueries.overview
+  ? HostOverviewRequestOptionsInput
+  : T extends typeof FirstLastSeenQuery
+  ? FirstLastSeenRequestOptionsInput
+  : T extends HostsQueries.uncommonProcesses
+  ? HostUncommonProcessesRequestOptionsInput
+  : T extends HostsKpiQueries.kpiHosts
+  ? KpiHostsRequestOptionsInput
+  : T extends HostsKpiQueries.kpiUniqueIps
+  ? KpiUniqueIpsRequestOptionsInput
+  : T extends UsersQueries.authentications
+  ? UserAuthenticationsRequestOptionsInput
+  : T extends UsersQueries.observedDetails
+  ? ObservedUserDetailsRequestOptionsInput
+  : T extends UsersQueries.managedDetails
+  ? ManagedUserDetailsRequestOptionsInput
+  : T extends UsersQueries.kpiTotalUsers
+  ? TotalUsersKpiRequestOptionsInput
+  : T extends UsersQueries.users
+  ? UsersRequestOptionsInput
+  : T extends UsersQueries.kpiAuthentications
+  ? AuthenticationsKpiRequestOptionsInput
+  : T extends NetworkQueries.details
+  ? NetworkDetailsRequestOptionsInput
+  : T extends NetworkQueries.dns
+  ? NetworkDnsRequestOptionsInput
+  : T extends NetworkQueries.http
+  ? NetworkHttpRequestOptionsInput
+  : T extends NetworkQueries.overview
+  ? NetworkOverviewRequestOptionsInput
+  : T extends NetworkQueries.tls
+  ? NetworkTlsRequestOptionsInput
+  : T extends NetworkQueries.topCountries
+  ? NetworkTopCountriesRequestOptionsInput
+  : T extends NetworkQueries.topNFlow
+  ? NetworkTopNFlowRequestOptionsInput
+  : T extends NetworkQueries.users
+  ? NetworkUsersRequestOptionsInput
+  : T extends NetworkKpiQueries.dns
+  ? NetworkKpiDnsRequestOptionsInput
+  : T extends NetworkKpiQueries.networkEvents
+  ? NetworkKpiEventsRequestOptionsInput
+  : T extends NetworkKpiQueries.tlsHandshakes
+  ? NetworkKpiTlsHandshakesRequestOptionsInput
+  : T extends NetworkKpiQueries.uniqueFlows
+  ? NetworkKpiUniqueFlowsRequestOptionsInput
+  : T extends NetworkKpiQueries.uniquePrivateIps
+  ? NetworkKpiUniquePrivateIpsRequestOptionsInput
+  : T extends typeof MatrixHistogramQuery
+  ? MatrixHistogramRequestOptionsInput
+  : T extends CtiQueries.eventEnrichment
+  ? EventEnrichmentRequestOptionsInput
+  : T extends CtiQueries.dataSource
+  ? ThreatIntelSourceRequestOptionsInput
+  : T extends RiskQueries.hostsRiskScore
+  ? RiskScoreRequestOptionsInput
+  : T extends RiskQueries.usersRiskScore
+  ? RiskScoreRequestOptionsInput
+  : T extends RiskQueries.kpiRiskScore
+  ? RiskScoreKpiRequestOptionsInput
+  : T extends RelatedEntitiesQueries.relatedHosts
+  ? RelatedHostsRequestOptionsInput
+  : T extends RelatedEntitiesQueries.relatedUsers
+  ? RelatedUsersRequestOptionsInput
+  : never;
+
 export type StrategyRequestType<T extends FactoryQueryTypes> = T extends HostsQueries.hosts
   ? HostsRequestOptions
   : T extends HostsQueries.details
@@ -227,11 +298,11 @@ export type StrategyRequestType<T extends FactoryQueryTypes> = T extends HostsQu
   : T extends typeof FirstLastSeenQuery
   ? FirstLastSeenRequestOptions
   : T extends HostsQueries.uncommonProcesses
-  ? HostsUncommonProcessesRequestOptions
+  ? HostUncommonProcessesRequestOptions
   : T extends HostsKpiQueries.kpiHosts
-  ? HostsKpiHostsRequestOptions
+  ? KpiHostsRequestOptions
   : T extends HostsKpiQueries.kpiUniqueIps
-  ? HostsKpiUniqueIpsRequestOptions
+  ? KpiUniqueIpsRequestOptions
   : T extends UsersQueries.authentications
   ? UserAuthenticationsRequestOptions
   : T extends UsersQueries.observedDetails
@@ -243,7 +314,7 @@ export type StrategyRequestType<T extends FactoryQueryTypes> = T extends HostsQu
   : T extends UsersQueries.users
   ? UsersRequestOptions
   : T extends UsersQueries.kpiAuthentications
-  ? UsersKpiAuthenticationsRequestOptions
+  ? AuthenticationsKpiRequestOptions
   : T extends NetworkQueries.details
   ? NetworkDetailsRequestOptions
   : T extends NetworkQueries.dns
@@ -263,7 +334,7 @@ export type StrategyRequestType<T extends FactoryQueryTypes> = T extends HostsQu
   : T extends NetworkKpiQueries.dns
   ? NetworkKpiDnsRequestOptions
   : T extends NetworkKpiQueries.networkEvents
-  ? NetworkKpiNetworkEventsRequestOptions
+  ? NetworkKpiEventsRequestOptions
   : T extends NetworkKpiQueries.tlsHandshakes
   ? NetworkKpiTlsHandshakesRequestOptions
   : T extends NetworkKpiQueries.uniqueFlows
@@ -273,19 +344,19 @@ export type StrategyRequestType<T extends FactoryQueryTypes> = T extends HostsQu
   : T extends typeof MatrixHistogramQuery
   ? MatrixHistogramRequestOptions
   : T extends CtiQueries.eventEnrichment
-  ? CtiEventEnrichmentRequestOptions
+  ? EventEnrichmentRequestOptions
   : T extends CtiQueries.dataSource
-  ? CtiDataSourceRequestOptions
+  ? ThreatIntelSourceRequestOptions
   : T extends RiskQueries.hostsRiskScore
   ? RiskScoreRequestOptions
   : T extends RiskQueries.usersRiskScore
   ? RiskScoreRequestOptions
   : T extends RiskQueries.kpiRiskScore
-  ? KpiRiskScoreRequestOptions
+  ? RiskScoreKpiRequestOptions
   : T extends RelatedEntitiesQueries.relatedHosts
-  ? UsersRelatedHostsRequestOptions
+  ? RelatedHostsRequestOptions
   : T extends RelatedEntitiesQueries.relatedUsers
-  ? HostsRelatedUsersRequestOptions
+  ? RelatedUsersRequestOptions
   : never;
 
 export interface CommonFields {

x-pack/plugins/security_solution/common/search_strategy/security_solution/matrix_histogram/index.ts

@@ -5,10 +5,9 @@
  * 2.0.
  */
 
-import type { MappingRuntimeFields } from '@elastic/elasticsearch/lib/api/typesWithBodyKey';
 import type { IEsSearchResponse } from '@kbn/data-plugin/common';
-import type { Inspect, Maybe, TimerangeInput } from '../../common';
-import type { RequestBasicOptions } from '..';
+import type { MatrixHistogramRequestOptions } from '../../../api/search_strategy/matrix_histogram/matrix_histogram';
+import type { Inspect, Maybe } from '../../common';
 import type { AlertsGroupData } from './alerts';
 import type { AnomaliesActionGroupData } from './anomalies';
 import type { DnsHistogramGroupData } from './dns';
@@ -24,7 +23,7 @@ export * from './dns';
 export * from './events';
 export * from './preview';
 
-export const MatrixHistogramQuery = 'matrixHistogram';
+export { MatrixHistogramQuery } from '../../../api/search_strategy';
 
 export enum MatrixHistogramType {
   authentications = 'authentications',
@@ -44,26 +43,6 @@ export const MatrixHistogramTypeToAggName = {
   [MatrixHistogramType.preview]: 'aggregations.preview.buckets',
 };
 
-export interface MatrixHistogramRequestOptions extends RequestBasicOptions {
-  timerange: TimerangeInput;
-  histogramType: MatrixHistogramType;
-  stackByField: string;
-  threshold?:
-    | {
-        field: string[];
-        value: string;
-        cardinality?: {
-          field: string[];
-          value: string;
-        };
-      }
-    | undefined;
-  inspect?: Maybe<Inspect>;
-  isPtrIncluded?: boolean;
-  includeMissingData?: boolean;
-  runtimeMappings?: MappingRuntimeFields;
-}
-
 export interface MatrixHistogramStrategyResponse extends IEsSearchResponse {
   inspect?: Maybe<Inspect>;
   matrixHistogramData: MatrixHistogramData[];

x-pack/plugins/security_solution/common/search_strategy/security_solution/network/details/index.ts

@@ -8,11 +8,6 @@
 import type { IEsSearchResponse } from '@kbn/data-plugin/common';
 import type { HostEcs, GeoEcs } from '@kbn/securitysolution-ecs';
 import type { Inspect, Maybe, TotalValue, Hit, ShardsResponse } from '../../../common';
-import type { RequestBasicOptions } from '../..';
-
-export interface NetworkDetailsRequestOptions extends Omit<RequestBasicOptions, 'timerange'> {
-  ip: string;
-}
 
 export interface NetworkDetailsStrategyResponse extends IEsSearchResponse {
   networkDetails: {

x-pack/plugins/security_solution/common/search_strategy/security_solution/network/dns/index.ts

@@ -6,8 +6,7 @@
  */
 
 import type { IEsSearchResponse } from '@kbn/data-plugin/common';
-import type { CursorType, Inspect, Maybe, PageInfoPaginated, SortField } from '../../../common';
-import type { RequestOptionsPaginated } from '../..';
+import type { CursorType, Inspect, Maybe, PageInfoPaginated } from '../../../common';
 
 export enum NetworkDnsFields {
   dnsName = 'dnsName',
@@ -17,12 +16,6 @@ export enum NetworkDnsFields {
   dnsBytesOut = 'dnsBytesOut',
 }
 
-export interface NetworkDnsRequestOptions extends RequestOptionsPaginated {
-  isPtrIncluded: boolean;
-  sort: SortField<NetworkDnsFields>;
-  stackByField?: Maybe<string>;
-}
-
 export interface NetworkDnsStrategyResponse extends IEsSearchResponse {
   edges: NetworkDnsEdges[];
   totalCount: number;

x-pack/plugins/security_solution/common/search_strategy/security_solution/network/http/index.ts

@@ -13,7 +13,6 @@ import type {
   PageInfoPaginated,
   GenericBuckets,
 } from '../../../common';
-import type { RequestOptionsPaginated } from '../..';
 
 export enum NetworkHttpFields {
   domains = 'domains',
@@ -25,11 +24,6 @@ export enum NetworkHttpFields {
   statuses = 'statuses',
 }
 
-export interface NetworkHttpRequestOptions extends RequestOptionsPaginated {
-  ip?: string;
-  defaultIndex: string[];
-}
-
 export interface NetworkHttpStrategyResponse extends IEsSearchResponse {
   edges: NetworkHttpEdges[];
   totalCount: number;

x-pack/plugins/security_solution/common/search_strategy/security_solution/network/index.ts

@@ -16,13 +16,4 @@ export * from './top_countries';
 export * from './top_n_flow';
 export * from './users';
 
-export enum NetworkQueries {
-  details = 'networkDetails',
-  dns = 'dns',
-  http = 'http',
-  overview = 'overviewNetwork',
-  tls = 'tls',
-  topCountries = 'topCountries',
-  topNFlow = 'topNFlow',
-  users = 'users',
-}
+export { NetworkQueries } from '../../../api/search_strategy';

x-pack/plugins/security_solution/common/search_strategy/security_solution/network/kpi/dns/index.ts

@@ -7,9 +7,6 @@
 
 import type { IEsSearchResponse } from '@kbn/data-plugin/common';
 import type { Inspect, Maybe } from '../../../../common';
-import type { RequestBasicOptions } from '../../..';
-
-export type NetworkKpiDnsRequestOptions = RequestBasicOptions;
 
 export interface NetworkKpiDnsStrategyResponse extends IEsSearchResponse {
   dnsQueries: number;

x-pack/plugins/security_solution/common/search_strategy/security_solution/network/kpi/network_events/index.ts

@@ -7,9 +7,6 @@
 
 import type { IEsSearchResponse } from '@kbn/data-plugin/common';
 import type { Inspect, Maybe } from '../../../../common';
-import type { RequestBasicOptions } from '../../..';
-
-export type NetworkKpiNetworkEventsRequestOptions = RequestBasicOptions;
 
 export interface NetworkKpiNetworkEventsStrategyResponse extends IEsSearchResponse {
   networkEvents: number;

x-pack/plugins/security_solution/common/search_strategy/security_solution/network/kpi/tls_handshakes/index.ts

@@ -7,9 +7,6 @@
 
 import type { IEsSearchResponse } from '@kbn/data-plugin/common';
 import type { Inspect, Maybe } from '../../../../common';
-import type { RequestBasicOptions } from '../../..';
-
-export type NetworkKpiTlsHandshakesRequestOptions = RequestBasicOptions;
 
 export interface NetworkKpiTlsHandshakesStrategyResponse extends IEsSearchResponse {
   tlsHandshakes: number;

x-pack/plugins/security_solution/common/search_strategy/security_solution/network/kpi/unique_flows/index.ts

@@ -7,9 +7,6 @@
 
 import type { IEsSearchResponse } from '@kbn/data-plugin/common';
 import type { Inspect, Maybe } from '../../../../common';
-import type { RequestBasicOptions } from '../../..';
-
-export type NetworkKpiUniqueFlowsRequestOptions = RequestBasicOptions;
 
 export interface NetworkKpiUniqueFlowsStrategyResponse extends IEsSearchResponse {
   uniqueFlowId: number;

x-pack/plugins/security_solution/common/search_strategy/security_solution/network/kpi/unique_private_ips/index.ts

@@ -7,15 +7,12 @@
 
 import type { IEsSearchResponse } from '@kbn/data-plugin/common';
 import type { Inspect, Maybe } from '../../../../common';
-import type { RequestBasicOptions } from '../../..';
 
 export interface NetworkKpiHistogramData {
   x?: Maybe<number>;
   y?: Maybe<number>;
 }
 
-export type NetworkKpiUniquePrivateIpsRequestOptions = RequestBasicOptions;
-
 export interface NetworkKpiUniquePrivateIpsStrategyResponse extends IEsSearchResponse {
   uniqueSourcePrivateIps: number;
   uniqueSourcePrivateIpsHistogram: NetworkKpiHistogramData[] | null;

x-pack/plugins/security_solution/common/search_strategy/security_solution/network/overview/index.ts

@@ -7,9 +7,6 @@
 
 import type { IEsSearchResponse } from '@kbn/data-plugin/common';
 import type { Inspect, Maybe, SearchHit } from '../../../common';
-import type { RequestBasicOptions } from '../..';
-
-export type NetworkOverviewRequestOptions = RequestBasicOptions;
 
 export interface NetworkOverviewStrategyResponse extends IEsSearchResponse {
   inspect?: Maybe<Inspect>;

x-pack/plugins/security_solution/common/search_strategy/security_solution/network/tls/index.ts

@@ -7,8 +7,6 @@
 
 import type { IEsSearchResponse } from '@kbn/data-plugin/common';
 import type { CursorType, Inspect, Maybe, PageInfoPaginated } from '../../../common';
-import type { RequestOptionsPaginated } from '../..';
-import type { FlowTargetSourceDest } from '../common';
 
 export interface NetworkTlsBuckets {
   key: string;
@@ -48,12 +46,6 @@ export interface NetworkTlsEdges {
   cursor: CursorType;
 }
 
-export interface NetworkTlsRequestOptions extends RequestOptionsPaginated<NetworkTlsFields> {
-  ip: string;
-  flowTarget: FlowTargetSourceDest;
-  defaultIndex: string[];
-}
-
 export interface NetworkTlsStrategyResponse extends IEsSearchResponse {
   edges: NetworkTlsEdges[];
   totalCount: number;

x-pack/plugins/security_solution/common/search_strategy/security_solution/network/top_countries/index.ts

@@ -7,13 +7,7 @@
 
 import type { IEsSearchResponse } from '@kbn/data-plugin/common';
 import type { CursorType, Inspect, Maybe, PageInfoPaginated } from '../../../common';
-import type { RequestOptionsPaginated } from '../..';
-import type {
-  GeoItem,
-  FlowTargetSourceDest,
-  NetworkTopTablesFields,
-  TopNetworkTablesEcsField,
-} from '../common';
+import type { GeoItem, TopNetworkTablesEcsField } from '../common';
 
 export interface TopCountriesItemSource {
   country?: Maybe<string>;
@@ -23,12 +17,6 @@ export interface TopCountriesItemSource {
   source_ips?: Maybe<number>;
 }
 
-export interface NetworkTopCountriesRequestOptions
-  extends RequestOptionsPaginated<NetworkTopTablesFields> {
-  flowTarget: FlowTargetSourceDest;
-  ip?: string;
-}
-
 export interface NetworkTopCountriesStrategyResponse extends IEsSearchResponse {
   edges: NetworkTopCountriesEdges[];
   totalCount: number;

x-pack/plugins/security_solution/common/search_strategy/security_solution/network/top_n_flow/index.ts

@@ -6,12 +6,7 @@
  */
 
 import type { IEsSearchResponse } from '@kbn/data-plugin/common';
-import type {
-  GeoItem,
-  FlowTargetSourceDest,
-  TopNetworkTablesEcsField,
-  NetworkTopTablesFields,
-} from '../common';
+import type { GeoItem, TopNetworkTablesEcsField } from '../common';
 import type {
   CursorType,
   Inspect,
@@ -20,13 +15,6 @@ import type {
   TotalValue,
   GenericBuckets,
 } from '../../../common';
-import type { RequestOptionsPaginated } from '../..';
-
-export interface NetworkTopNFlowRequestOptions
-  extends RequestOptionsPaginated<NetworkTopTablesFields> {
-  flowTarget: FlowTargetSourceDest;
-  ip?: Maybe<string>;
-}
 
 export interface NetworkTopNFlowStrategyResponse extends IEsSearchResponse {
   edges: NetworkTopNFlowEdges[];

x-pack/plugins/security_solution/common/search_strategy/security_solution/network/users/index.ts

@@ -6,21 +6,13 @@
  */
 
 import type { IEsSearchResponse } from '@kbn/data-plugin/common';
-import type { CursorType, Inspect, Maybe, PageInfoPaginated, SortField } from '../../../common';
-import type { FlowTargetSourceDest } from '../common';
-import type { RequestOptionsPaginated } from '../..';
+import type { CursorType, Inspect, Maybe, PageInfoPaginated } from '../../../common';
 
 export enum NetworkUsersFields {
   name = 'name',
   count = 'count',
 }
 
-export interface NetworkUsersRequestOptions extends RequestOptionsPaginated {
-  ip: string;
-  sort: SortField<NetworkUsersFields>;
-  flowTarget: FlowTargetSourceDest;
-}
-
 export interface NetworkUsersStrategyResponse extends IEsSearchResponse {
   edges: NetworkUsersEdges[];
   totalCount: number;

x-pack/plugins/security_solution/common/search_strategy/security_solution/related_entities/index.ts

@@ -8,7 +8,4 @@
 export * from './related_hosts';
 export * from './related_users';
 
-export enum RelatedEntitiesQueries {
-  relatedHosts = 'relatedHosts',
-  relatedUsers = 'relatedUsers',
-}
+export { RelatedEntitiesQueries } from '../../../api/search_strategy';

x-pack/plugins/security_solution/common/search_strategy/security_solution/related_entities/related_hosts/index.tsx

@@ -7,7 +7,6 @@
 
 import type { IEsSearchResponse } from '@kbn/data-plugin/common';
 import type { RiskSeverity, Inspect, Maybe } from '../../..';
-import type { RequestBasicOptions } from '../..';
 import type { BucketItem } from '../../cti';
 
 export interface RelatedHost {
@@ -33,11 +32,3 @@ export interface UsersRelatedHostsStrategyResponse extends IEsSearchResponse {
   relatedHosts: RelatedHost[];
   inspect?: Maybe<Inspect>;
 }
-
-export interface UsersRelatedHostsRequestOptions extends Partial<RequestBasicOptions> {
-  userName: string;
-  skip?: boolean;
-  from: string;
-  inspect?: Maybe<Inspect>;
-  isNewRiskScoreModuleAvailable: boolean;
-}

x-pack/plugins/security_solution/common/search_strategy/security_solution/related_entities/related_users/index.tsx

@@ -7,7 +7,6 @@
 
 import type { IEsSearchResponse } from '@kbn/data-plugin/common';
 import type { RiskSeverity, Inspect, Maybe } from '../../..';
-import type { RequestBasicOptions } from '../..';
 import type { BucketItem } from '../../cti';
 
 export interface RelatedUser {
@@ -33,11 +32,3 @@ export interface HostsRelatedUsersStrategyResponse extends IEsSearchResponse {
   relatedUsers: RelatedUser[];
   inspect?: Maybe<Inspect>;
 }
-
-export interface HostsRelatedUsersRequestOptions extends Partial<RequestBasicOptions> {
-  hostName: string;
-  skip?: boolean;
-  from: string;
-  inspect?: Maybe<Inspect>;
-  isNewRiskScoreModuleAvailable: boolean;
-}

x-pack/plugins/security_solution/common/search_strategy/security_solution/risk_score/all/index.ts

@@ -5,28 +5,11 @@
  * 2.0.
  */
 
-import type { IEsSearchRequest, IEsSearchResponse } from '@kbn/data-plugin/common';
-import type { ESQuery } from '../../../../typed_json';
+import type { IEsSearchResponse } from '@kbn/data-plugin/common';
 
-import type { Inspect, Maybe, SortField, TimerangeInput } from '../../../common';
-import type { RiskScoreEntity } from '../common';
+import type { Inspect, Maybe, SortField } from '../../../common';
 import type { RiskInputs } from '../../../../risk_engine';
 
-export interface RiskScoreRequestOptions extends IEsSearchRequest {
-  defaultIndex: string[];
-  riskScoreEntity: RiskScoreEntity;
-  timerange?: TimerangeInput;
-  alertsTimerange?: TimerangeInput;
-  includeAlertsCount?: boolean;
-  onlyLatest?: boolean;
-  pagination?: {
-    cursorStart: number;
-    querySize: number;
-  };
-  sort?: RiskScoreSortField;
-  filterQuery?: ESQuery | string | undefined;
-}
-
 export interface HostsRiskScoreStrategyResponse extends IEsSearchResponse {
   inspect?: Maybe<Inspect>;
   totalCount: number;

x-pack/plugins/security_solution/common/search_strategy/security_solution/risk_score/common/index.ts

@@ -8,6 +8,7 @@
 import type { ESQuery } from '../../../../typed_json';
 import { RISKY_HOSTS_INDEX_PREFIX, RISKY_USERS_INDEX_PREFIX } from '../../../../constants';
 import { RiskScoreEntity, getRiskScoreLatestIndex } from '../../../../risk_engine';
+export { RiskQueries } from '../../../../api/search_strategy';
 
 /**
  * Make sure this aligns with the index in step 6, 9 in
@@ -50,10 +51,4 @@ export const buildEntityNameFilter = (
     : { terms: { 'user.name': entityNames } };
 };
 
-export enum RiskQueries {
-  hostsRiskScore = 'hostsRiskScore',
-  usersRiskScore = 'usersRiskScore',
-  kpiRiskScore = 'kpiRiskScore',
-}
-
 export { RiskScoreEntity };

x-pack/plugins/security_solution/common/search_strategy/security_solution/risk_score/kpi/index.ts

@@ -5,19 +5,11 @@
  * 2.0.
  */
 
-import type { IEsSearchRequest, IEsSearchResponse } from '@kbn/data-plugin/common';
-import type { FactoryQueryTypes, RiskScoreEntity, RiskSeverity } from '../..';
-import type { ESQuery } from '../../../../typed_json';
+import type { IEsSearchResponse } from '@kbn/data-plugin/common';
+import type { RiskSeverity } from '../..';
 
 import type { Inspect, Maybe } from '../../../common';
 
-export interface KpiRiskScoreRequestOptions extends IEsSearchRequest {
-  defaultIndex: string[];
-  factoryQueryType?: FactoryQueryTypes;
-  filterQuery?: ESQuery | string | undefined;
-  entity: RiskScoreEntity;
-}
-
 export interface KpiRiskScoreStrategyResponse extends IEsSearchResponse {
   inspect?: Maybe<Inspect>;
   kpiRiskScore: {

x-pack/plugins/security_solution/common/search_strategy/security_solution/users/all/index.ts

@@ -6,10 +6,7 @@
  */
 
 import type { IEsSearchResponse } from '@kbn/data-plugin/common';
-
 import type { Inspect, Maybe, PageInfoPaginated } from '../../../common';
-import type { RequestOptionsPaginated } from '../..';
-import type { SortableUsersFields } from '../common';
 import type { RiskSeverity } from '../../risk_score';
 
 export interface User {
@@ -25,8 +22,3 @@ export interface UsersStrategyResponse extends IEsSearchResponse {
   pageInfo: PageInfoPaginated;
   inspect?: Maybe<Inspect>;
 }
-
-export interface UsersRequestOptions extends RequestOptionsPaginated<SortableUsersFields> {
-  defaultIndex: string[];
-  isNewRiskScoreModuleAvailable: boolean;
-}

x-pack/plugins/security_solution/common/search_strategy/security_solution/users/authentications/index.ts

@@ -17,7 +17,7 @@ import type {
   Hit,
   TotalHit,
 } from '../../../common';
-import type { CommonFields, RequestOptionsPaginated } from '../..';
+import type { CommonFields } from '../..';
 
 export interface UserAuthenticationsStrategyResponse extends IEsSearchResponse {
   edges: AuthenticationsEdges[];
@@ -26,11 +26,6 @@ export interface UserAuthenticationsStrategyResponse extends IEsSearchResponse {
   inspect?: Maybe<Inspect>;
 }
 
-export interface UserAuthenticationsRequestOptions extends RequestOptionsPaginated {
-  defaultIndex: string[];
-  stackByField: AuthStackByField;
-}
-
 export enum AuthStackByField {
   userName = 'user.name',
   hostName = 'host.name',

x-pack/plugins/security_solution/common/search_strategy/security_solution/users/index.ts

@@ -13,13 +13,6 @@ export * from './kpi';
 export * from './observed_details';
 export * from './authentications';
 
-export enum UsersQueries {
-  observedDetails = 'observedUserDetails',
-  managedDetails = 'managedUserDetails',
-  kpiTotalUsers = 'usersKpiTotalUsers',
-  users = 'allUsers',
-  authentications = 'authentications',
-  kpiAuthentications = 'usersKpiAuthentications',
-}
+export { UsersQueries } from '../../../api/search_strategy';
 
 export type UsersKpiStrategyResponse = Omit<TotalUsersKpiStrategyResponse, 'rawResponse'>;

x-pack/plugins/security_solution/common/search_strategy/security_solution/users/kpi/authentications/index.ts

@@ -7,9 +7,6 @@
 
 import type { IEsSearchResponse } from '@kbn/data-plugin/common';
 import type { Inspect, KpiHistogramData, Maybe } from '../../../../common';
-import type { RequestBasicOptions } from '../../..';
-
-export type UsersKpiAuthenticationsRequestOptions = RequestBasicOptions;
 
 export interface UsersKpiAuthenticationsStrategyResponse extends IEsSearchResponse {
   authenticationsSuccess: Maybe<number>;

x-pack/plugins/security_solution/common/search_strategy/security_solution/users/kpi/total_users/index.ts

@@ -7,9 +7,6 @@
 
 import type { IEsSearchResponse } from '@kbn/data-plugin/common';
 import type { Inspect, KpiHistogramData, Maybe } from '../../../../common';
-import type { RequestBasicOptions } from '../../..';
-
-export type TotalUsersKpiRequestOptions = RequestBasicOptions;
 
 export interface TotalUsersKpiStrategyResponse extends IEsSearchResponse {
   users: Maybe<number>;

x-pack/plugins/security_solution/common/search_strategy/security_solution/users/managed_details/index.ts

@@ -5,22 +5,15 @@
  * 2.0.
  */
 
-import type { IEsSearchRequest, IEsSearchResponse } from '@kbn/data-plugin/common';
+import type { IEsSearchResponse } from '@kbn/data-plugin/common';
 import type { EcsBase, EcsEvent, EcsHost, EcsUser, EcsAgent } from '@kbn/ecs';
 import type { Inspect, Maybe } from '../../../common';
-import type { RequestBasicOptions } from '../..';
 
 export interface ManagedUserDetailsStrategyResponse extends IEsSearchResponse {
   userDetails?: AzureManagedUser;
   inspect?: Maybe<Inspect>;
 }
 
-export interface ManagedUserDetailsRequestOptions
-  extends Pick<RequestBasicOptions, 'defaultIndex' | 'factoryQueryType'>,
-    IEsSearchRequest {
-  userName: string;
-}
-
 export interface AzureManagedUser extends Pick<EcsBase, '@timestamp'> {
   agent: EcsAgent;
   host: EcsHost;

x-pack/plugins/security_solution/common/search_strategy/security_solution/users/observed_details/index.ts

@@ -7,18 +7,10 @@
 
 import type { IEsSearchResponse } from '@kbn/data-plugin/common';
 
-import type { Inspect, Maybe, TimerangeInput } from '../../../common';
+import type { Inspect, Maybe } from '../../../common';
 import type { UserItem } from '../common';
-import type { RequestBasicOptions } from '../..';
 
 export interface ObservedUserDetailsStrategyResponse extends IEsSearchResponse {
   userDetails: UserItem;
   inspect?: Maybe<Inspect>;
 }
-
-export interface ObservedUserDetailsRequestOptions extends Partial<RequestBasicOptions> {
-  userName: string;
-  skip?: boolean;
-  timerange: TimerangeInput;
-  inspect?: Maybe<Inspect>;
-}

x-pack/plugins/security_solution/common/search_strategy/timeline/events/all/index.ts

@@ -10,5 +10,4 @@ export type {
   TimelineItem,
   TimelineNonEcsData,
   TimelineEventsAllStrategyResponse,
-  TimelineEventsAllRequestOptions,
 } from '@kbn/timelines-plugin/common';

x-pack/plugins/security_solution/common/search_strategy/timeline/events/details/index.ts

@@ -8,5 +8,4 @@
 export type {
   TimelineEventsDetailsItem,
   TimelineEventsDetailsStrategyResponse,
-  TimelineEventsDetailsRequestOptions,
 } from '@kbn/timelines-plugin/common';

x-pack/plugins/security_solution/common/search_strategy/timeline/events/eql/index.ts

@@ -6,7 +6,6 @@
  */
 
 export type {
-  TimelineEqlRequestOptions,
   TimelineEqlResponse,
   EqlOptionsData,
   EqlOptionsSelected,

x-pack/plugins/security_solution/common/search_strategy/timeline/events/last_event_time/index.ts

@@ -10,7 +10,7 @@ export { LastEventIndexKey } from '@kbn/timelines-plugin/common';
 export type {
   LastTimeDetails,
   TimelineEventsLastEventTimeStrategyResponse,
-  TimelineKpiStrategyRequest,
+  TimelineKpiRequestOptionsInput,
   TimelineKpiStrategyResponse,
-  TimelineEventsLastEventTimeRequestOptions,
+  TimelineEventsLastEventTimeRequestOptionsInput,
 } from '@kbn/timelines-plugin/common';