github-mirrors/kibana
1
0
Fork 0
mirror of https://github.com/elastic/kibana.git synced 2025-06-27 02:31:06 -04:00
Code Issues Projects Releases Packages Wiki Activity

[SecuritySolution] Create PrivMon index import flow (#224822)

Browse source 
Depends on https://github.com/elastic/kibana/pull/221610

This PR adds the import index workflow to privileged user monitoring and
API changes required to support it.

### API Enhancements

* **New API for privilege monitoring index creation**: Added a new API
endpoint (`PUT /api/entity_analytics/monitoring/privileges/indices`) to
create indices for privilege monitoring with support for `standard` and
`lookup` modes. This includes the implementation of request and response
schemas (`create_indidex.gen.ts`, `create_indidex.schema.yaml`).
[[1]](diffhunk://#diff-68329bb90dea945f343e1637990d5d05bc159e0aa2511ef1e45d37ed1a6cda51R1-R41)
[[2]](diffhunk://#diff-e979499654a27b3c1930d63c5b1002113c1c3f53f84ce27a4d75a5c492717a96R1-R42)
* **Updated privilege monitoring health response**: Modified the health
response schema to include a `status` field and an optional `error`
object for detailed error handling
(`privilege_monitoring/health.gen.ts`,
`privilege_monitoring/health.schema.yaml`).
[[1]](diffhunk://#diff-00f39a3e65a336eaddf7d3203d1370d910f5ecd2062b6cc21d9c06922c12884eR19-R28)
[[2]](diffhunk://#diff-83afa72b7a1fc48f3cc063e9fb855190d3525228bc0488fb8b871e112b90e961L22-R33)

### Frontend Integration

* **Introduce the create index modal that opens when the create index
button is clicked.
* **Onboarding modal improvements**: Updated the `AddDataSourcePanel`
component to handle index creation more robustly by passing callbacks to
the modal (`add_data_source.tsx`).
* **Error handling in UI**: Enhanced the `PrivilegedUserMonitoring`
component to display error callouts when privilege monitoring data fails
to load (`privileged_user_monitoring/index.tsx`).
[[1]](diffhunk://#diff-273ad32c97dcf15c6c6054fd7c5516d587132674578d25986b235cd174c75789R22-R26)
[[2]](diffhunk://#diff-273ad32c97dcf15c6c6054fd7c5516d587132674578d25986b235cd174c75789R38-R51)

### How to test it?
* Go to the priv mon page with an empty cluster
* Click on the data source by the index button
* Search for available indices, it should return indices with
`user.name.keyword` fields
* Click 'create index' and create a new index 
* Choose the created index and click 'Add privileged users'
* You should be redirected to the dashboard (The API is currently not
working)




### Checklist

Check the PR satisfies following conditions. 

Reviewers should verify this PR satisfies this list as well.

- [x] Any text added follows [EUI's writing
guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses
sentence case text and includes [i18n
support](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md)
- [ ]
[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html)
was added for features that require explanation or tutorials
- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
- [ ] If a plugin configuration key changed, check if it needs to be
allowlisted in the cloud and added to the [docker
list](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker)
- [ ] This was checked for breaking HTTP API changes, and any breaking
changes have been approved by the breaking-change committee. The
`release_note:breaking` label should be applied in these situations.
- [ ] [Flaky Test
Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was
used on any tests changed
- [x] The PR description includes the appropriate Release Notes section,
and the correct `release_note:*` label is applied per the
[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)

### Identify risks

Does this PR introduce any risks? For example, consider risks like hard
to test bugs, performance regression, potential of data loss.

Describe the risk, its severity, and mitigation for each identified
risk. Invite stakeholders and evaluate how to proceed before merging.

- [ ] [See some risk
examples](https://github.com/elastic/kibana/blob/main/RISK_MATRIX.mdx)
- [ ] ...

---------

Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
This commit is contained in:
Pablo Machado 2025-06-24 11:09:06 +02:00 committed by GitHub
parent 7da827e8d9
commit 5363883a8d
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
27 changed files with 825 additions and 62 deletions
Download patch file Download diff file Expand all files Collapse all files

17
oas_docs/output/kibana.serverless.yaml
View file

@ -11172,8 +11172,21 @@ paths:
schema:
type: object
properties:
ok:
type: boolean
error:
type: object
properties:
message:
type: string
required:
- status
status:
oneOf:
- $ref: '#/components/schemas/Security_Entity_Analytics_API_EngineStatus'
- enum:
- not_found
type: string
required:
- status
description: Successful response
summary: Health check on Privilege Monitoring
tags:

17
oas_docs/output/kibana.yaml
View file

@ -13331,8 +13331,21 @@ paths:
schema:
type: object
properties:
ok:
type: boolean
error:
type: object
properties:
message:
type: string
required:
- status
status:
oneOf:
- $ref: '#/components/schemas/Security_Entity_Analytics_API_EngineStatus'
- enum:
- not_found
type: string
required:
- status
description: Successful response
summary: Health check on Privilege Monitoring
tags:

41
x-pack/solutions/security/plugins/security_solution/common/api/entity_analytics/monitoring/create_index.gen.ts Normal file
View file

@ -0,0 +1,41 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/
/*
* NOTICE: Do not edit this file manually.
* This file is automatically generated by the OpenAPI Generator, @kbn/openapi-generator.
*
* info:
* title: Create an index for Privileges Monitoring import
* version: 2023-10-31
*/
import { z } from '@kbn/zod';
export type CreatePrivilegesImportIndexRequestBody = z.infer<
typeof CreatePrivilegesImportIndexRequestBody
>;
export const CreatePrivilegesImportIndexRequestBody = z.object({
/**
* The index name to create
*/
name: z.string(),
/**
* The mode of index creation, either 'standard' or 'lookup'
*/
mode: z.enum(['standard', 'lookup']),
});
export type CreatePrivilegesImportIndexRequestBodyInput = z.input<
typeof CreatePrivilegesImportIndexRequestBody
>;
export type CreatePrivilegesImportIndexResponse = z.infer<
typeof CreatePrivilegesImportIndexResponse
>;
export const CreatePrivilegesImportIndexResponse = z.object({
success: z.boolean().optional(),
});

42
x-pack/solutions/security/plugins/security_solution/common/api/entity_analytics/monitoring/create_index.schema.yaml Normal file
View file

@ -0,0 +1,42 @@
openapi: 3.0.0
info:
title: Create an index for Privileges Monitoring import
version: '2023-10-31'
paths:
/api/entity_analytics/monitoring/privileges/indices:
put:
x-labels: [ess, serverless]
x-internal: true
x-codegen-enabled: true
operationId: CreatePrivilegesImportIndex
summary: Create an index for Privileges Monitoring import
requestBody:
description: Schema for the entity store initialization
required: true
content:
application/json:
schema:
type: object
properties:
name:
type: string
description: The index name to create
mode:
type: string
enum: [standard, lookup]
description: The mode of index creation, either 'standard' or 'lookup'
required:
- name
- mode
responses:
'200':
description: Successful response
content:
application/json:
schema:
type: object
properties:
success:
type: boolean

9
x-pack/solutions/security/plugins/security_solution/common/api/entity_analytics/privilege_monitoring/health.gen.ts
View file

@ -16,7 +16,14 @@
import { z } from '@kbn/zod';
import { EngineStatus } from './common.gen';
export type PrivMonHealthResponse = z.infer<typeof PrivMonHealthResponse>;
export const PrivMonHealthResponse = z.object({
ok: z.boolean().optional(),
status: z.union([EngineStatus, z.literal('not_found')]),
error: z
.object({
message: z.string().optional(),
})
.optional(),
});

17
x-pack/solutions/security/plugins/security_solution/common/api/entity_analytics/privilege_monitoring/health.schema.yaml
View file

@ -19,5 +19,18 @@ paths:
schema:
type: object
properties:
ok:
type: boolean
status:
oneOf:
- $ref: './common.schema.yaml#/components/schemas/EngineStatus'
- type: string
enum: [not_found]
error:
type: object
required:
- status
properties:
message:
type: string
required:
- status

20
x-pack/solutions/security/plugins/security_solution/common/api/quickstart_client.gen.ts
View file

@ -259,6 +259,10 @@ import type {
GetEntityStoreStatusResponse,
} from './entity_analytics/entity_store/status.gen';
import type { RunEntityAnalyticsMigrationsResponse } from './entity_analytics/migrations/run_migrations_route.gen';
import type {
CreatePrivilegesImportIndexRequestBodyInput,
CreatePrivilegesImportIndexResponse,
} from './entity_analytics/monitoring/create_index.gen';
import type {
SearchPrivilegesIndicesRequestQueryInput,
SearchPrivilegesIndicesResponse,
@ -623,6 +627,19 @@ If a record already exists for the specified entity, that record is overwritten
})
.catch(catchAxiosErrorFormatAndThrow);
}
async createPrivilegesImportIndex(props: CreatePrivilegesImportIndexProps) {
this.log.info(`${new Date().toISOString()} Calling API CreatePrivilegesImportIndex`);
return this.kbnClient
.request<CreatePrivilegesImportIndexResponse>({
path: '/api/entity_analytics/monitoring/privileges/indices',
headers: {
[ELASTIC_HTTP_VERSION_HEADER]: '2023-10-31',
},
method: 'PUT',
body: props.body,
})
.catch(catchAxiosErrorFormatAndThrow);
}
async createPrivMonUser(props: CreatePrivMonUserProps) {
this.log.info(`${new Date().toISOString()} Calling API CreatePrivMonUser`);
return this.kbnClient
@ -2615,6 +2632,9 @@ export interface CreateAlertsMigrationProps {
export interface CreateAssetCriticalityRecordProps {
body: CreateAssetCriticalityRecordRequestBodyInput;
}
export interface CreatePrivilegesImportIndexProps {
body: CreatePrivilegesImportIndexRequestBodyInput;
}
export interface CreatePrivMonUserProps {
body: CreatePrivMonUserRequestBodyInput;
}

17
x-pack/solutions/security/plugins/security_solution/docs/openapi/ess/security_solution_entity_analytics_api_2023_10_31.bundled.schema.yaml
View file

@ -329,8 +329,21 @@ paths:
schema:
type: object
properties:
ok:
type: boolean
error:
type: object
properties:
message:
type: string
required:
- status
status:
oneOf:
- $ref: '#/components/schemas/EngineStatus'
- enum:
- not_found
type: string
required:
- status
description: Successful response
summary: Health check on Privilege Monitoring
tags:

17
x-pack/solutions/security/plugins/security_solution/docs/openapi/serverless/security_solution_entity_analytics_api_2023_10_31.bundled.schema.yaml
View file

@ -329,8 +329,21 @@ paths:
schema:
type: object
properties:
ok:
type: boolean
error:
type: object
properties:
message:
type: string
required:
- status
status:
oneOf:
- $ref: '#/components/schemas/EngineStatus'
- enum:
- not_found
type: string
required:
- status
description: Successful response
summary: Health check on Privilege Monitoring
tags:

49
x-pack/solutions/security/plugins/security_solution/public/entity_analytics/api/api.ts
View file

@ -6,6 +6,8 @@
*/
import { useMemo } from 'react';
import type { CreatePrivilegesImportIndexResponse } from '../../../common/api/entity_analytics/monitoring/create_index.gen';
import type { PrivMonHealthResponse } from '../../../common/api/entity_analytics/privilege_monitoring/health.gen';
import type { InitMonitoringEngineResponse } from '../../../common/api/entity_analytics/privilege_monitoring/engine/init.gen';
import {
PRIVMON_PUBLIC_INIT,
@ -209,6 +211,44 @@ export const useEntityAnalyticsRoutes = () => {
}
);
/**
* Create an index for privilege monitoring import
*/
const createPrivMonImportIndex = async (params: {
name: string;
mode: 'standard' | 'lookup';
signal?: AbortSignal;
}) =>
http.fetch<CreatePrivilegesImportIndexResponse>(
'/api/entity_analytics/monitoring/privileges/indices',
{
version: API_VERSIONS.public.v1,
method: 'PUT',
body: JSON.stringify({
name: params.name,
mode: params.mode,
}),
signal: params.signal,
}
);
/**
* Register a data source for privilege monitoring engine
*/
const registerPrivMonMonitoredIndices = async (indexPattern: string | undefined) =>
http.fetch<SearchPrivilegesIndicesResponse>(
'/api/entity_analytics/monitoring/entity_source',
{
version: API_VERSIONS.public.v1,
method: 'POST',
body: JSON.stringify({
type: 'index',
name: 'User Monitored Indices',
indexPattern,
}),
}
);
/**
* Create asset criticality
*/
@ -309,6 +349,12 @@ export const useEntityAnalyticsRoutes = () => {
method: 'POST',
});
const fetchPrivilegeMonitoringEngineStatus = async (): Promise<PrivMonHealthResponse> =>
http.fetch<PrivMonHealthResponse>('/api/entity_analytics/monitoring/privileges/health', {
version: API_VERSIONS.public.v1,
method: 'GET',
});
/**
* Fetches risk engine settings
*/
@ -347,12 +393,15 @@ export const useEntityAnalyticsRoutes = () => {
fetchAssetCriticalityPrivileges,
fetchEntityStorePrivileges,
searchPrivMonIndices,
createPrivMonImportIndex,
createAssetCriticality,
deleteAssetCriticality,
fetchAssetCriticality,
uploadAssetCriticalityFile,
uploadPrivilegedUserMonitoringFile,
initPrivilegedMonitoringEngine,
registerPrivMonMonitoredIndices,
fetchPrivilegeMonitoringEngineStatus,
fetchRiskEngineSettings,
calculateEntityRiskScore,
cleanUpRiskEngine,

19
x-pack/solutions/security/plugins/security_solution/public/entity_analytics/api/hooks/use_privileged_monitoring_engine_status.ts Normal file
View file

@ -0,0 +1,19 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/
import { useQuery } from '@tanstack/react-query';
import type { SecurityAppError } from '@kbn/securitysolution-t-grid';
import type { PrivMonHealthResponse } from '../../../../common/api/entity_analytics/privilege_monitoring/health.gen';
import { useEntityAnalyticsRoutes } from '../api';
export const usePrivilegedMonitoringEngineStatus = () => {
const { fetchPrivilegeMonitoringEngineStatus } = useEntityAnalyticsRoutes();
return useQuery<PrivMonHealthResponse, SecurityAppError>({
queryKey: ['GET', 'FETCH_PRIVILEGED_MONITORING_ENGINE_STATUS'],
queryFn: fetchPrivilegeMonitoringEngineStatus,
retry: 0,
});
};

16
x-pack/solutions/security/plugins/security_solution/public/entity_analytics/components/privileged_user_monitoring/index.tsx
View file

@ -20,10 +20,12 @@ export interface OnboardingCallout {
export const PrivilegedUserMonitoring = ({
callout,
error,
onManageUserClicked,
sourcererDataView,
}: {
callout?: OnboardingCallout;
error?: string;
onManageUserClicked: () => void;
sourcererDataView: DataViewSpec;
}) => {
@ -36,6 +38,20 @@ export const PrivilegedUserMonitoring = ({
return (
<EuiFlexGroup direction="column">
<EuiFlexItem>
{error && (
<EuiCallOut
title={
<FormattedMessage
id="xpack.securitySolution.entityAnalytics.privilegedUserMonitoring.dashboard.errorTitle"
defaultMessage="Error loading privileged user monitoring data"
/>
}
color="danger"
iconType="cross"
>
<p>{error}</p>
</EuiCallOut>
)}
{callout && !dismissCallout && (
<EuiCallOut
title={

4
x-pack/solutions/security/plugins/security_solution/public/entity_analytics/components/privileged_user_monitoring_onboarding/components/add_data_source.tsx
View file

@ -74,7 +74,9 @@ export const AddDataSourcePanel = ({ onComplete }: AddDataSourcePanelProps) => {
}
onClick={showIndexModal}
/>
<IndexSelectorModal isOpen={isIndexModalOpen} onClose={hideIndexModal} />
{isIndexModalOpen && (
<IndexSelectorModal onClose={hideIndexModal} onImport={onComplete} />
)}
</EuiFlexItem>
<EuiFlexItem grow={1}>
<EuiCard

119
x-pack/solutions/security/plugins/security_solution/public/entity_analytics/components/privileged_user_monitoring_onboarding/components/create_index_modal.test.tsx Normal file
View file

@ -0,0 +1,119 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/
import React from 'react';
import { render, screen, fireEvent, waitFor } from '@testing-library/react';
import { CreateIndexModal } from './create_index_modal';
import { TestProviders } from '../../../../common/mock';
const mockCreatePrivMonImportIndex = jest.fn().mockResolvedValue({});
jest.mock('../../../api/api', () => ({
useEntityAnalyticsRoutes: () => ({
createPrivMonImportIndex: mockCreatePrivMonImportIndex,
}),
}));
const onCloseMock = jest.fn();
const onCreateMock = jest.fn();
describe('CreateIndexModal', () => {
beforeEach(() => {
jest.clearAllMocks();
});
it('renders modal with form fields and buttons', () => {
render(<CreateIndexModal onClose={onCloseMock} onCreate={onCreateMock} />, {
wrapper: TestProviders,
});
expect(screen.getByTestId('createIndexModalIndexName')).toBeInTheDocument();
expect(screen.getByTestId('createIndexModalIndexMode')).toBeInTheDocument();
expect(screen.getByText('Cancel')).toBeInTheDocument();
expect(screen.getByTestId('createIndexModalCreateButton')).toBeInTheDocument();
});
it('disables create button when index name is empty', () => {
render(<CreateIndexModal onClose={onCloseMock} onCreate={onCreateMock} />, {
wrapper: TestProviders,
});
const createButton = screen.getByTestId('createIndexModalCreateButton');
expect(createButton).toBeDisabled();
});
it('enables create button when index name is not empty', () => {
render(<CreateIndexModal onClose={onCloseMock} onCreate={onCreateMock} />, {
wrapper: TestProviders,
});
const input = screen.getByTestId('createIndexModalIndexName');
fireEvent.change(input, { target: { value: 'my-index' } });
const createButton = screen.getByTestId('createIndexModalCreateButton');
expect(createButton).not.toBeDisabled();
});
it('calls onClose when cancel button is clicked', () => {
render(<CreateIndexModal onClose={onCloseMock} onCreate={onCreateMock} />, {
wrapper: TestProviders,
});
fireEvent.click(screen.getByText('Cancel'));
expect(onCloseMock).toHaveBeenCalled();
});
it('calls onCreate and createPrivMonImportIndex with trimmed index name', async () => {
render(<CreateIndexModal onClose={onCloseMock} onCreate={onCreateMock} />, {
wrapper: TestProviders,
});
const input = screen.getByTestId('createIndexModalIndexName');
fireEvent.change(input, { target: { value: ' my-index ' } });
const createButton = screen.getByTestId('createIndexModalCreateButton');
fireEvent.click(createButton);
await waitFor(() => {
expect(mockCreatePrivMonImportIndex).toHaveBeenCalledWith({
name: 'my-index',
mode: 'standard',
});
expect(onCreateMock).toHaveBeenCalledWith('my-index');
});
});
it('shows error callout if createPrivMonImportIndex throws', async () => {
const errorMsg = 'Something went wrong';
mockCreatePrivMonImportIndex.mockRejectedValue({
body: { message: errorMsg },
});
render(<CreateIndexModal onClose={onCloseMock} onCreate={onCreateMock} />, {
wrapper: TestProviders,
});
const input = screen.getByTestId('createIndexModalIndexName');
fireEvent.change(input, { target: { value: 'index' } });
const createButton = screen.getByTestId('createIndexModalCreateButton');
fireEvent.click(createButton);
await waitFor(() => {
expect(screen.getByText(`Error creating index: ${errorMsg}`)).toBeInTheDocument();
});
});
it('changes index mode when select is changed', () => {
render(<CreateIndexModal onClose={onCloseMock} onCreate={onCreateMock} />, {
wrapper: TestProviders,
});
const select = screen.getByTestId('createIndexModalIndexMode');
fireEvent.change(select, { target: { value: 'lookup' } });
expect((select as HTMLSelectElement).value).toBe('lookup');
});
});

166
x-pack/solutions/security/plugins/security_solution/public/entity_analytics/components/privileged_user_monitoring_onboarding/components/create_index_modal.tsx Normal file
View file

@ -0,0 +1,166 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/
import React, { useState, useCallback } from 'react';
import {
EuiButtonEmpty,
EuiFlexItem,
EuiFlexGroup,
EuiButton,
EuiModalFooter,
EuiSpacer,
EuiModalHeaderTitle,
EuiModalHeader,
EuiModalBody,
EuiModal,
EuiFormRow,
EuiFieldText,
EuiSelect,
EuiCallOut,
} from '@elastic/eui';
import { FormattedMessage } from '@kbn/i18n-react';
import { i18n } from '@kbn/i18n';
import type { SecurityAppError } from '@kbn/securitysolution-t-grid';
import { useEntityAnalyticsRoutes } from '../../../api/api';
enum IndexMode {
STANDARD = 'standard',
LOOKUP = 'lookup',
}
const INDEX_NAME_LABEL = i18n.translate(
'xpack.securitySolution.entityAnalytics.privilegedUserMonitoring.createIndex.indexNameLabel',
{
defaultMessage: 'Index name',
}
);
const INDEX_MODE_LABEL = i18n.translate(
'xpack.securitySolution.entityAnalytics.privilegedUserMonitoring.createIndex.indexModeLabel',
{
defaultMessage: 'Index mode',
}
);
const INDEX_MODES = [
{
value: IndexMode.STANDARD,
text: i18n.translate(
'xpack.securitySolution.entityAnalytics.privilegedUserMonitoring.createIndex.mode.standard',
{ defaultMessage: 'Standard' }
),
},
{
value: IndexMode.LOOKUP,
text: i18n.translate(
'xpack.securitySolution.entityAnalytics.privilegedUserMonitoring.createIndex.mode.lookup',
{ defaultMessage: 'Lookup' }
),
},
];
export const CreateIndexModal = ({
onClose,
onCreate,
}: {
onClose: () => void;
onCreate: (indexName: string) => void;
}) => {
const [indexName, setIndexName] = useState('');
const [indexMode, setIndexMode] = useState<IndexMode>(IndexMode.STANDARD);
const [error, setError] = useState<string | null>(null);
const { createPrivMonImportIndex } = useEntityAnalyticsRoutes();
const handleCreate = useCallback(async () => {
setError(null);
const trimmedName = indexName.trim();
await createPrivMonImportIndex({
name: trimmedName,
mode: indexMode,
}).catch((err: SecurityAppError) => {
setError(
i18n.translate(
'xpack.securitySolution.entityAnalytics.privilegedUserMonitoring.createIndex.error',
{
defaultMessage: 'Error creating index: {error}',
values: { error: err.body.message || err.message || 'Unknown error' },
}
)
);
});
onCreate(trimmedName);
}, [indexName, createPrivMonImportIndex, indexMode, onCreate]);
return (
<EuiModal onClose={onClose} maxWidth="624px">
<EuiModalHeader>
<EuiModalHeaderTitle>
<FormattedMessage
id="xpack.securitySolution.entityAnalytics.privilegedUserMonitoring.createIndex.title"
defaultMessage="Create index"
/>
</EuiModalHeaderTitle>
</EuiModalHeader>
<EuiModalBody>
{error && (
<>
<EuiCallOut color="danger">{error}</EuiCallOut>
<EuiSpacer size="m" />
</>
)}
<EuiFormRow
label={INDEX_NAME_LABEL}
fullWidth
error={!!error && !indexName.trim() ? error : undefined}
>
<EuiFieldText
fullWidth
value={indexName}
onChange={(e) => setIndexName(e.target.value)}
aria-label={INDEX_NAME_LABEL}
data-test-subj="createIndexModalIndexName"
/>
</EuiFormRow>
<EuiSpacer size="m" />
<EuiFormRow label={INDEX_MODE_LABEL} fullWidth>
<EuiSelect
options={INDEX_MODES}
value={indexMode}
onChange={(e) => setIndexMode(e.target.value as IndexMode)}
aria-label={INDEX_MODE_LABEL}
data-test-subj="createIndexModalIndexMode"
/>
</EuiFormRow>
</EuiModalBody>
<EuiModalFooter>
<EuiFlexGroup>
<EuiFlexItem grow={true}>
<EuiFlexGroup justifyContent="flexEnd">
<EuiButtonEmpty onClick={onClose}>
<FormattedMessage
id="xpack.securitySolution.entityAnalytics.privilegedUserMonitoring.createIndex.cancelButtonLabel"
defaultMessage="Cancel"
/>
</EuiButtonEmpty>
<EuiButton
onClick={handleCreate}
fill
disabled={!indexName.trim()}
data-test-subj="createIndexModalCreateButton"
>
<FormattedMessage
id="xpack.securitySolution.entityAnalytics.privilegedUserMonitoring.createIndex.createButtonLabel"
defaultMessage="Create index"
/>
</EuiButton>
</EuiFlexGroup>
</EuiFlexItem>
</EuiFlexGroup>
</EuiModalFooter>
</EuiModal>
);
};

19
x-pack/solutions/security/plugins/security_solution/public/entity_analytics/components/privileged_user_monitoring_onboarding/components/select_index_modal.test.tsx
View file

@ -28,29 +28,22 @@ jest.mock('../hooks/use_fetch_privileged_user_indices', () => ({
describe('IndexSelectorModal', () => {
const onCloseMock = jest.fn();
const onImportMock = jest.fn();
afterEach(() => {
jest.clearAllMocks();
});
it('renders the modal when isOpen is true', () => {
render(<IndexSelectorModal isOpen={true} onClose={onCloseMock} />, {
render(<IndexSelectorModal onClose={onCloseMock} onImport={onImportMock} />, {
wrapper: TestProviders,
});
expect(screen.getByText('Select index')).toBeInTheDocument();
});
it('does not render the modal when isOpen is false', () => {
render(<IndexSelectorModal isOpen={false} onClose={onCloseMock} />, {
wrapper: TestProviders,
});
expect(screen.queryByText('Select index')).not.toBeInTheDocument();
});
it('calls onClose when the cancel button is clicked', () => {
render(<IndexSelectorModal isOpen={true} onClose={onCloseMock} />, {
render(<IndexSelectorModal onClose={onCloseMock} onImport={onImportMock} />, {
wrapper: TestProviders,
});
@ -60,7 +53,7 @@ describe('IndexSelectorModal', () => {
});
it('displays the indices in the combo box', () => {
render(<IndexSelectorModal isOpen={true} onClose={onCloseMock} />, {
render(<IndexSelectorModal onClose={onCloseMock} onImport={onImportMock} />, {
wrapper: TestProviders,
});
@ -77,7 +70,7 @@ describe('IndexSelectorModal', () => {
error: new Error('Test error'),
});
render(<IndexSelectorModal isOpen={true} onClose={onCloseMock} />, {
render(<IndexSelectorModal onClose={onCloseMock} onImport={onImportMock} />, {
wrapper: TestProviders,
});
@ -91,7 +84,7 @@ describe('IndexSelectorModal', () => {
error: null,
});
render(<IndexSelectorModal isOpen={true} onClose={onCloseMock} />, {
render(<IndexSelectorModal onClose={onCloseMock} onImport={onImportMock} />, {
wrapper: TestProviders,
});

42
x-pack/solutions/security/plugins/security_solution/public/entity_analytics/components/privileged_user_monitoring_onboarding/components/select_index_modal.tsx
View file

@ -4,7 +4,7 @@
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/
import React, { useEffect, useMemo, useState } from 'react';
import React, { useCallback, useEffect, useMemo, useState } from 'react';
import type { EuiComboBoxOptionOption } from '@elastic/eui';
import {
EuiButtonEmpty,
@ -23,9 +23,11 @@ import {
} from '@elastic/eui';
import { FormattedMessage } from '@kbn/i18n-react';
import { i18n } from '@kbn/i18n';
import { useDebounceFn } from '@kbn/react-hooks';
import { useBoolean, useDebounceFn } from '@kbn/react-hooks';
import { useAppToasts } from '../../../../common/hooks/use_app_toasts';
import { useFetchPrivilegedUserIndices } from '../hooks/use_fetch_privileged_user_indices';
import { useEntityAnalyticsRoutes } from '../../../api/api';
import { CreateIndexModal } from './create_index_modal';
const SELECT_INDEX_LABEL = i18n.translate(
'xpack.securitySolution.entityAnalytics.privilegedUserMonitoring.selectIndex.comboboxPlaceholder',
@ -44,17 +46,20 @@ const LOADING_ERROR_MESSAGE = i18n.translate(
const DEBOUNCE_OPTIONS = { wait: 300 };
export const IndexSelectorModal = ({
isOpen,
onClose,
onImport,
}: {
isOpen: boolean;
onClose: () => void;
onImport: (userCount: number) => void;
}) => {
const [isCreateIndexModalOpen, { on: showCreateIndexModal, off: hideCreateIndexModal }] =
useBoolean(false);
const { addError } = useAppToasts();
const [searchQuery, setSearchQuery] = useState<string | undefined>(undefined);
const { data: indices, isFetching, error } = useFetchPrivilegedUserIndices(searchQuery);
const { data: indices, isFetching, error, refetch } = useFetchPrivilegedUserIndices(searchQuery);
const [selectedOptions, setSelected] = useState<Array<EuiComboBoxOptionOption<string>>>([]);
const debouncedSetSearchQuery = useDebounceFn(setSearchQuery, DEBOUNCE_OPTIONS);
const { registerPrivMonMonitoredIndices } = useEntityAnalyticsRoutes();
const options = useMemo(
() =>
indices?.map((index) => ({
@ -69,11 +74,26 @@ export const IndexSelectorModal = ({
}
}, [addError, error]);
if (!isOpen) {
return null;
}
const addPrivilegedUsers = useCallback(async () => {
if (selectedOptions.length > 0) {
await registerPrivMonMonitoredIndices(selectedOptions.map(({ label }) => label).join(','));
return (
onImport(0); // The API does not return the user count because it is not available at this point.
}
}, [onImport, registerPrivMonMonitoredIndices, selectedOptions]);
const onCreateIndex = useCallback(
(indexName: string) => {
hideCreateIndexModal();
setSelected(selectedOptions.concat({ label: indexName }));
refetch();
},
[hideCreateIndexModal, refetch, selectedOptions]
);
return isCreateIndexModalOpen ? (
<CreateIndexModal onClose={hideCreateIndexModal} onCreate={onCreateIndex} />
) : (
<EuiModal onClose={onClose} maxWidth="624px">
<EuiModalHeader>
<EuiModalHeaderTitle>
@ -124,7 +144,7 @@ export const IndexSelectorModal = ({
<EuiModalFooter>
<EuiFlexGroup>
<EuiFlexItem grow={false}>
<EuiButtonEmpty iconType="plusInCircle" onClick={() => {}}>
<EuiButtonEmpty iconType="plusInCircle" onClick={showCreateIndexModal}>
<FormattedMessage
id="xpack.securitySolution.entityAnalytics.privilegedUserMonitoring.selectIndex.createIndexButtonLabel"
defaultMessage="Create index"
@ -139,7 +159,7 @@ export const IndexSelectorModal = ({
defaultMessage="Cancel"
/>
</EuiButtonEmpty>
<EuiButton onClick={() => {}} fill>
<EuiButton onClick={addPrivilegedUsers} fill disabled={selectedOptions.length === 0}>
<FormattedMessage
id="xpack.securitySolution.entityAnalytics.privilegedUserMonitoring.selectIndex.addUserButtonLabel"
defaultMessage="Add privileged users"

89
x-pack/solutions/security/plugins/security_solution/public/entity_analytics/pages/entity_analytics_privileged_user_monitoring_page.tsx
View file

@ -4,11 +4,12 @@
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/
import React, { useCallback, useReducer } from 'react';
import React, { useCallback, useEffect, useReducer } from 'react';
import {
EuiButtonEmpty,
EuiEmptyPrompt,
EuiFlexGroup,
EuiFlexItem,
EuiLoadingLogo,
EuiSpacer,
EuiText,
@ -17,6 +18,7 @@ import { FormattedMessage } from '@kbn/i18n-react';
import { css } from '@emotion/react';
import { i18n } from '@kbn/i18n';
import type { PrivMonHealthResponse } from '../../../common/api/entity_analytics/privilege_monitoring/health.gen';
import type { InitMonitoringEngineResponse } from '../../../common/api/entity_analytics/privilege_monitoring/engine/init.gen';
import { SecurityPageName } from '../../app/types';
import { SecuritySolutionPageWrapper } from '../../common/components/page_wrapper';
@ -33,11 +35,17 @@ import { useIsExperimentalFeatureEnabled } from '../../common/hooks/use_experime
import { useSourcererDataView } from '../../sourcerer/containers';
import { HeaderPage } from '../../common/components/header_page';
import { useEntityAnalyticsRoutes } from '../api/api';
import { usePrivilegedMonitoringEngineStatus } from '../api/hooks/use_privileged_monitoring_engine_status';
type PageState =
| { type: 'fetchingEngineStatus' }
| { type: 'onboarding' }
| { type: 'initializingEngine'; initResponse?: InitMonitoringEngineResponse; userCount: number }
| { type: 'dashboard'; onboardingCallout?: OnboardingCallout };
| {
type: 'initializingEngine';
initResponse?: InitMonitoringEngineResponse | PrivMonHealthResponse;
userCount: number;
}
| { type: 'dashboard'; onboardingCallout?: OnboardingCallout; error: string | undefined };
type Action =
| { type: 'INITIALIZING_ENGINE'; userCount: number; initResponse?: InitMonitoringEngineResponse }
@ -45,20 +53,30 @@ type Action =
| {
type: 'SHOW_DASHBOARD';
onboardingCallout?: OnboardingCallout;
error?: string;
}
| {
type: 'SHOW_ONBOARDING';
};
const initialState: PageState = { type: 'onboarding' };
const initialState: PageState = { type: 'fetchingEngineStatus' };
function reducer(state: PageState, action: Action): PageState {
switch (action.type) {
case 'SHOW_DASHBOARD':
return {
type: 'dashboard',
onboardingCallout: action.onboardingCallout,
error: action.error,
};
case 'SHOW_ONBOARDING':
return { type: 'onboarding' };
case 'INITIALIZING_ENGINE':
return {
type: 'initializingEngine',
userCount: action.userCount,
initResponse: action.initResponse,
};
case 'SHOW_DASHBOARD':
return { type: 'dashboard', onboardingCallout: action.onboardingCallout };
case 'UPDATE_INIT_ENGINE_RESPONSE':
if (state.type === 'initializingEngine') {
return {
@ -81,7 +99,7 @@ export const EntityAnalyticsPrivilegedUserMonitoringPage = () => {
const { dataViewSpec } = useDataViewSpec();
const sourcererDataView = newDataViewPickerEnabled ? dataViewSpec : oldSourcererDataView;
const engineStatus = usePrivilegedMonitoringEngineStatus();
const initEngineCallBack = useCallback(
async (userCount: number) => {
dispatch({ type: 'INITIALIZING_ENGINE', userCount });
@ -101,6 +119,33 @@ export const EntityAnalyticsPrivilegedUserMonitoringPage = () => {
const onManageUserClicked = useCallback(() => {}, []);
useEffect(() => {
if (engineStatus.isLoading) {
return;
}
if (engineStatus.isError && engineStatus.error.body.status_code === 404) {
return dispatch({ type: 'SHOW_ONBOARDING' });
} else {
const errorMessage = engineStatus.error?.body.message ?? engineStatus.data?.error?.message;
return dispatch({
type: 'SHOW_DASHBOARD',
onboardingCallout: undefined,
error: errorMessage,
});
}
}, [
engineStatus.data?.error?.message,
engineStatus.error?.body,
engineStatus.isError,
engineStatus.isLoading,
]);
const fullHeightCSS = css`
min-height: calc(100vh - 240px);
`;
return (
<>
{state.type === 'dashboard' && (
@ -110,11 +155,26 @@ export const EntityAnalyticsPrivilegedUserMonitoringPage = () => {
)}
<SecuritySolutionPageWrapper>
{state.type === 'fetchingEngineStatus' && (
<>
<HeaderPage
title={
<FormattedMessage
id="xpack.securitySolution.entityAnalytics.privilegedUserMonitoring.dashboards.pageTitle"
defaultMessage="Privileged user monitoring"
/>
}
/>
<EuiFlexGroup alignItems="center" justifyContent="center" css={fullHeightCSS}>
<EuiFlexItem grow={false}>
<EuiLoadingLogo logo="logoSecurity" size="xl" />
</EuiFlexItem>
</EuiFlexGroup>
</>
)}
{state.type === 'onboarding' && (
<>
<EuiButtonEmpty onClick={() => dispatch({ type: 'SHOW_DASHBOARD' })}>
{'Go to dashboards =>'}
</EuiButtonEmpty>
<PrivilegedUserMonitoringOnboardingPanel onComplete={initEngineCallBack} />
<EuiSpacer size="l" />
<PrivilegedUserMonitoringSampleDashboardsPanel />
@ -131,11 +191,7 @@ export const EntityAnalyticsPrivilegedUserMonitoringPage = () => {
/>
}
/>
<EuiFlexGroup
css={css`
min-height: calc(100vh - 240px);
`}
>
<EuiFlexGroup css={fullHeightCSS}>
{state.initResponse?.status === 'error' ? (
<EuiEmptyPrompt
iconType="error"
@ -213,6 +269,7 @@ export const EntityAnalyticsPrivilegedUserMonitoringPage = () => {
/>
<PrivilegedUserMonitoring
callout={state.onboardingCallout}
error={state.error}
onManageUserClicked={onManageUserClicked}
sourcererDataView={sourcererDataView}
/>

15
x-pack/solutions/security/plugins/security_solution/server/lib/entity_analytics/privilege_monitoring/indices.ts
View file

@ -9,6 +9,21 @@ import type { MappingTypeMapping } from '@elastic/elasticsearch/lib/api/types';
export type MappingProperties = NonNullable<MappingTypeMapping['properties']>;
export const PRIVILEGED_MONITOR_IMPORT_USERS_INDEX_MAPPING: MappingProperties = {
user: {
properties: {
name: {
type: 'text',
fields: {
keyword: {
type: 'keyword',
},
},
},
},
},
};
export const PRIVILEGED_MONITOR_USERS_INDEX_MAPPING: MappingProperties = {
'event.ingested': {
type: 'date',

43
x-pack/solutions/security/plugins/security_solution/server/lib/entity_analytics/privilege_monitoring/privilege_monitoring_data_client.ts
View file

@ -40,7 +40,10 @@ import {
import type { ApiKeyManager } from './auth/api_key';
import { startPrivilegeMonitoringTask } from './tasks/privilege_monitoring_task';
import { createOrUpdateIndex } from '../utils/create_or_update_index';
import { generateUserIndexMappings } from './indices';
import {
PRIVILEGED_MONITOR_IMPORT_USERS_INDEX_MAPPING,
generateUserIndexMappings,
} from './indices';
import { PrivilegeMonitoringEngineDescriptorClient } from './saved_object/privilege_monitoring';
import {
POST_EXCLUDE_INDICES,
@ -157,6 +160,15 @@ export class PrivilegeMonitoringDataClient {
return descriptor;
}
async getEngineStatus() {
const engineDescriptor = await this.engineClient.get();
return {
status: engineDescriptor.status,
error: engineDescriptor.error,
};
}
public async createOrUpdateIndex() {
await createOrUpdateIndex({
esClient: this.internalUserClient,
@ -182,17 +194,44 @@ export class PrivilegeMonitoringDataClient {
}
}
/**
* This create a index for user to populate privileged users.
* It already defines the mappings and settings for the index.
*/
public createPrivilegesImportIndex(indexName: string, mode: 'lookup' | 'standard') {
this.log('info', `Creating privileges import index: ${indexName} with mode: ${mode}`);
// Use the current user client to create the index, the internal user does not have permissions to any index
return this.esClient.indices.create({
index: indexName,
mappings: { properties: PRIVILEGED_MONITOR_IMPORT_USERS_INDEX_MAPPING },
settings: {
mode,
},
});
}
public async searchPrivilegesIndices(query: string | undefined) {
const { indices } = await this.esClient.fieldCaps({
index: [query ? `*${query}*` : '*', ...PRE_EXCLUDE_INDICES],
types: ['keyword'],
fields: ['user.name'], // search for indices with field 'user.name' of type 'keyword'
fields: ['user.name.keyword'], // search for indices with field 'user.name.keyword' of type 'keyword'
include_unmapped: false,
ignore_unavailable: true,
allow_no_indices: true,
expand_wildcards: 'open',
include_empty_fields: false,
filters: '-parent',
index_filter: {
bool: {
must: [
{
exists: {
field: 'user.name.keyword',
},
},
],
},
},
});
if (!Array.isArray(indices) || indices.length === 0) {

62
x-pack/solutions/security/plugins/security_solution/server/lib/entity_analytics/privilege_monitoring/routes/create_index.ts Normal file
View file

@ -0,0 +1,62 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/
import type { IKibanaResponse, Logger } from '@kbn/core/server';
import { buildSiemResponse } from '@kbn/lists-plugin/server/routes/utils';
import { transformError } from '@kbn/securitysolution-es-utils';
import { buildRouteValidationWithZod } from '@kbn/zod-helpers';
import { CreatePrivilegesImportIndexRequestBody } from '../../../../../common/api/entity_analytics/monitoring/create_index.gen';
import { API_VERSIONS, APP_ID } from '../../../../../common/constants';
import type { EntityAnalyticsRoutesDeps } from '../../types';
export const createPrivilegeMonitoringIndicesRoute = (
router: EntityAnalyticsRoutesDeps['router'],
logger: Logger
) => {
router.versioned
.put({
access: 'public',
path: '/api/entity_analytics/monitoring/privileges/indices',
security: {
authz: {
requiredPrivileges: ['securitySolution', `${APP_ID}-entity-analytics`],
},
},
})
.addVersion(
{
version: API_VERSIONS.public.v1,
validate: {
request: {
body: buildRouteValidationWithZod(CreatePrivilegesImportIndexRequestBody),
},
},
},
async (context, request, response): Promise<IKibanaResponse<{}>> => {
const secSol = await context.securitySolution;
const siemResponse = buildSiemResponse(response);
const indexName = request.body.name;
const indexMode = request.body.mode;
try {
await secSol
.getPrivilegeMonitoringDataClient()
.createPrivilegesImportIndex(indexName, indexMode);
return response.ok();
} catch (e) {
const error = transformError(e);
logger.error(`Error creating privilege monitoring indices: ${error.message}`);
return siemResponse.error({
statusCode: error.statusCode,
body: error.message,
});
}
}
);
};

11
x-pack/solutions/security/plugins/security_solution/server/lib/entity_analytics/privilege_monitoring/routes/health.ts
View file

@ -36,11 +36,20 @@ export const healthCheckPrivilegeMonitoringRoute = (
async (context, request, response): Promise<IKibanaResponse<PrivMonHealthResponse>> => {
const siemResponse = buildSiemResponse(response);
const secSol = await context.securitySolution;
try {
return response.ok({ body: { ok: true } });
const body = await secSol.getPrivilegeMonitoringDataClient().getEngineStatus();
return response.ok({ body });
} catch (e) {
const error = transformError(e);
if (error?.statusCode === 404) {
return response.ok({
body: { status: 'not_found' },
});
}
logger.error(`Error checking privilege monitoring health: ${error.message}`);
return siemResponse.error({
statusCode: error.statusCode,

8
x-pack/solutions/security/plugins/security_solution/server/lib/entity_analytics/privilege_monitoring/routes/register_privilege_monitoring_routes.ts
View file

@ -6,6 +6,7 @@
*/
import type { EntityAnalyticsRoutesDeps } from '../../types';
import { createPrivilegeMonitoringIndicesRoute } from './create_index';
import { healthCheckPrivilegeMonitoringRoute } from './health';
import { initPrivilegeMonitoringEngineRoute } from './init';
import { monitoringEntitySourceRoute } from './monitoring_entity_source';
@ -27,11 +28,12 @@ export const registerPrivilegeMonitoringRoutes = ({
logger,
config,
}: EntityAnalyticsRoutesDeps) => {
initPrivilegeMonitoringEngineRoute(router, logger, config);
healthCheckPrivilegeMonitoringRoute(router, logger, config);
padInstallRoute(router, logger, config);
padGetStatusRoute(router, logger, config);
searchPrivilegeMonitoringIndicesRoute(router, logger, config);
initPrivilegeMonitoringEngineRoute(router, logger, config);
healthCheckPrivilegeMonitoringRoute(router, logger, config);
searchPrivilegeMonitoringIndicesRoute(router, logger);
createPrivilegeMonitoringIndicesRoute(router, logger);
monitoringEntitySourceRoute(router, logger, config);
createUserRoute(router, logger);
deleteUserRoute(router, logger);

3
x-pack/solutions/security/plugins/security_solution/server/lib/entity_analytics/privilege_monitoring/routes/search_indices.ts
View file

@ -19,8 +19,7 @@ const LIMIT = 20;
export const searchPrivilegeMonitoringIndicesRoute = (
router: EntityAnalyticsRoutesDeps['router'],
logger: Logger,
config: EntityAnalyticsRoutesDeps['config']
logger: Logger
) => {
router.versioned
.get({

4
x-pack/solutions/security/plugins/security_solution/server/lib/entity_analytics/privilege_monitoring/saved_object/privilege_monitoring.ts
View file

@ -18,7 +18,9 @@ interface PrivilegeMonitoringEngineDescriptorDependencies {
interface PrivilegedMonitoringEngineDescriptor {
status: MonitoringEngineDescriptor['status'];
error?: Record<string, unknown>;
error?: Record<string, unknown> & {
message?: string;
};
}
export class PrivilegeMonitoringEngineDescriptorClient {

15
x-pack/test/api_integration/services/security_solution_api.gen.ts
View file

@ -27,6 +27,7 @@ import { ConfigureRiskEngineSavedObjectRequestBodyInput } from '@kbn/security-so
import { CopyTimelineRequestBodyInput } from '@kbn/security-solution-plugin/common/api/timeline/copy_timeline/copy_timeline_route.gen';
import { CreateAlertsMigrationRequestBodyInput } from '@kbn/security-solution-plugin/common/api/detection_engine/signals_migration/create_signals_migration/create_signals_migration.gen';
import { CreateAssetCriticalityRecordRequestBodyInput } from '@kbn/security-solution-plugin/common/api/entity_analytics/asset_criticality/create_asset_criticality.gen';
import { CreatePrivilegesImportIndexRequestBodyInput } from '@kbn/security-solution-plugin/common/api/entity_analytics/monitoring/create_index.gen';
import { CreatePrivMonUserRequestBodyInput } from '@kbn/security-solution-plugin/common/api/entity_analytics/privilege_monitoring/users/create.gen';
import { CreateRuleRequestBodyInput } from '@kbn/security-solution-plugin/common/api/detection_engine/rule_management/crud/create_rule/create_rule_route.gen';
import { CreateRuleMigrationRequestBodyInput } from '@kbn/security-solution-plugin/common/siem_migrations/model/api/rules/rule_migration.gen';
@ -332,6 +333,17 @@ If a record already exists for the specified entity, that record is overwritten
.set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana')
.send(props.body as object);
},
createPrivilegesImportIndex(
props: CreatePrivilegesImportIndexProps,
kibanaSpace: string = 'default'
) {
return supertest
.put(routeWithNamespace('/api/entity_analytics/monitoring/privileges/indices', kibanaSpace))
.set('kbn-xsrf', 'true')
.set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31')
.set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana')
.send(props.body as object);
},
createPrivMonUser(props: CreatePrivMonUserProps, kibanaSpace: string = 'default') {
return supertest
.post(routeWithNamespace('/api/entity_analytics/monitoring/users', kibanaSpace))
@ -1908,6 +1920,9 @@ export interface CreateAlertsMigrationProps {
export interface CreateAssetCriticalityRecordProps {
body: CreateAssetCriticalityRecordRequestBodyInput;
}
export interface CreatePrivilegesImportIndexProps {
body: CreatePrivilegesImportIndexRequestBodyInput;
}
export interface CreatePrivMonUserProps {
body: CreatePrivMonUserRequestBodyInput;
}

6
x-pack/test/security_solution_api_integration/test_suites/entity_analytics/monitoring/trial_license_complete_tier/search_indices.ts
View file

@ -6,6 +6,7 @@
*/
import expect from '@kbn/expect';
import { PRIVILEGED_MONITOR_IMPORT_USERS_INDEX_MAPPING } from '@kbn/security-solution-plugin/server/lib/entity_analytics/privilege_monitoring/indices';
import { FtrProviderContext } from '../../../../ftr_provider_context';
export default ({ getService }: FtrProviderContext) => {
@ -24,7 +25,10 @@ export default ({ getService }: FtrProviderContext) => {
describe('@ess @serverless @skipInServerlessMKI EntityAnalytics Monitoring SearchIndices', () => {
before(async () => {
await es.indices.create({ index: indexName });
await es.indices.create({
index: indexName,
mappings: { properties: PRIVILEGED_MONITOR_IMPORT_USERS_INDEX_MAPPING },
});
});
after(async () => {