From 5363883a8da6374c398d7d20399266bc5fa7d28c Mon Sep 17 00:00:00 2001 From: Pablo Machado Date: Tue, 24 Jun 2025 11:09:06 +0200 Subject: [PATCH] [SecuritySolution] Create PrivMon index import flow (#224822) Depends on https://github.com/elastic/kibana/pull/221610 This PR adds the import index workflow to privileged user monitoring and API changes required to support it. ### API Enhancements * **New API for privilege monitoring index creation**: Added a new API endpoint (`PUT /api/entity_analytics/monitoring/privileges/indices`) to create indices for privilege monitoring with support for `standard` and `lookup` modes. This includes the implementation of request and response schemas (`create_indidex.gen.ts`, `create_indidex.schema.yaml`). [[1]](diffhunk://#diff-68329bb90dea945f343e1637990d5d05bc159e0aa2511ef1e45d37ed1a6cda51R1-R41) [[2]](diffhunk://#diff-e979499654a27b3c1930d63c5b1002113c1c3f53f84ce27a4d75a5c492717a96R1-R42) * **Updated privilege monitoring health response**: Modified the health response schema to include a `status` field and an optional `error` object for detailed error handling (`privilege_monitoring/health.gen.ts`, `privilege_monitoring/health.schema.yaml`). [[1]](diffhunk://#diff-00f39a3e65a336eaddf7d3203d1370d910f5ecd2062b6cc21d9c06922c12884eR19-R28) [[2]](diffhunk://#diff-83afa72b7a1fc48f3cc063e9fb855190d3525228bc0488fb8b871e112b90e961L22-R33) ### Frontend Integration * **Introduce the create index modal that opens when the create index button is clicked. * **Onboarding modal improvements**: Updated the `AddDataSourcePanel` component to handle index creation more robustly by passing callbacks to the modal (`add_data_source.tsx`). * **Error handling in UI**: Enhanced the `PrivilegedUserMonitoring` component to display error callouts when privilege monitoring data fails to load (`privileged_user_monitoring/index.tsx`). [[1]](diffhunk://#diff-273ad32c97dcf15c6c6054fd7c5516d587132674578d25986b235cd174c75789R22-R26) [[2]](diffhunk://#diff-273ad32c97dcf15c6c6054fd7c5516d587132674578d25986b235cd174c75789R38-R51) ### How to test it? * Go to the priv mon page with an empty cluster * Click on the data source by the index button * Search for available indices, it should return indices with `user.name.keyword` fields * Click 'create index' and create a new index * Choose the created index and click 'Add privileged users' * You should be redirected to the dashboard (The API is currently not working) ### Checklist Check the PR satisfies following conditions. Reviewers should verify this PR satisfies this list as well. - [x] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md) - [ ] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for features that require explanation or tutorials - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [ ] If a plugin configuration key changed, check if it needs to be allowlisted in the cloud and added to the [docker list](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker) - [ ] This was checked for breaking HTTP API changes, and any breaking changes have been approved by the breaking-change committee. The `release_note:breaking` label should be applied in these situations. - [ ] [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was used on any tests changed - [x] The PR description includes the appropriate Release Notes section, and the correct `release_note:*` label is applied per the [guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process) ### Identify risks Does this PR introduce any risks? For example, consider risks like hard to test bugs, performance regression, potential of data loss. Describe the risk, its severity, and mitigation for each identified risk. Invite stakeholders and evaluate how to proceed before merging. - [ ] [See some risk examples](https://github.com/elastic/kibana/blob/main/RISK_MATRIX.mdx) - [ ] ... --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com> --- oas_docs/output/kibana.serverless.yaml | 17 +- oas_docs/output/kibana.yaml | 17 +- .../monitoring/create_index.gen.ts | 41 +++++ .../monitoring/create_index.schema.yaml | 42 +++++ .../privilege_monitoring/health.gen.ts | 9 +- .../privilege_monitoring/health.schema.yaml | 17 +- .../common/api/quickstart_client.gen.ts | 20 +++ ...alytics_api_2023_10_31.bundled.schema.yaml | 17 +- ...alytics_api_2023_10_31.bundled.schema.yaml | 17 +- .../public/entity_analytics/api/api.ts | 49 ++++++ ...use_privileged_monitoring_engine_status.ts | 19 ++ .../privileged_user_monitoring/index.tsx | 16 ++ .../components/add_data_source.tsx | 4 +- .../components/create_index_modal.test.tsx | 119 +++++++++++++ .../components/create_index_modal.tsx | 166 ++++++++++++++++++ .../components/select_index_modal.test.tsx | 19 +- .../components/select_index_modal.tsx | 42 +++-- ...lytics_privileged_user_monitoring_page.tsx | 89 ++++++++-- .../privilege_monitoring/indices.ts | 15 ++ .../privilege_monitoring_data_client.ts | 43 ++++- .../routes/create_index.ts | 62 +++++++ .../privilege_monitoring/routes/health.ts | 11 +- .../register_privilege_monitoring_routes.ts | 8 +- .../routes/search_indices.ts | 3 +- .../saved_object/privilege_monitoring.ts | 4 +- .../services/security_solution_api.gen.ts | 15 ++ .../search_indices.ts | 6 +- 27 files changed, 825 insertions(+), 62 deletions(-) create mode 100644 x-pack/solutions/security/plugins/security_solution/common/api/entity_analytics/monitoring/create_index.gen.ts create mode 100644 x-pack/solutions/security/plugins/security_solution/common/api/entity_analytics/monitoring/create_index.schema.yaml create mode 100644 x-pack/solutions/security/plugins/security_solution/public/entity_analytics/api/hooks/use_privileged_monitoring_engine_status.ts create mode 100644 x-pack/solutions/security/plugins/security_solution/public/entity_analytics/components/privileged_user_monitoring_onboarding/components/create_index_modal.test.tsx create mode 100644 x-pack/solutions/security/plugins/security_solution/public/entity_analytics/components/privileged_user_monitoring_onboarding/components/create_index_modal.tsx create mode 100644 x-pack/solutions/security/plugins/security_solution/server/lib/entity_analytics/privilege_monitoring/routes/create_index.ts diff --git a/oas_docs/output/kibana.serverless.yaml b/oas_docs/output/kibana.serverless.yaml index d5bde93f46c9..ca356d87411d 100644 --- a/oas_docs/output/kibana.serverless.yaml +++ b/oas_docs/output/kibana.serverless.yaml @@ -11172,8 +11172,21 @@ paths: schema: type: object properties: - ok: - type: boolean + error: + type: object + properties: + message: + type: string + required: + - status + status: + oneOf: + - $ref: '#/components/schemas/Security_Entity_Analytics_API_EngineStatus' + - enum: + - not_found + type: string + required: + - status description: Successful response summary: Health check on Privilege Monitoring tags: diff --git a/oas_docs/output/kibana.yaml b/oas_docs/output/kibana.yaml index f1809a523b66..0a330c77dadb 100644 --- a/oas_docs/output/kibana.yaml +++ b/oas_docs/output/kibana.yaml @@ -13331,8 +13331,21 @@ paths: schema: type: object properties: - ok: - type: boolean + error: + type: object + properties: + message: + type: string + required: + - status + status: + oneOf: + - $ref: '#/components/schemas/Security_Entity_Analytics_API_EngineStatus' + - enum: + - not_found + type: string + required: + - status description: Successful response summary: Health check on Privilege Monitoring tags: diff --git a/x-pack/solutions/security/plugins/security_solution/common/api/entity_analytics/monitoring/create_index.gen.ts b/x-pack/solutions/security/plugins/security_solution/common/api/entity_analytics/monitoring/create_index.gen.ts new file mode 100644 index 000000000000..820285f8cfde --- /dev/null +++ b/x-pack/solutions/security/plugins/security_solution/common/api/entity_analytics/monitoring/create_index.gen.ts @@ -0,0 +1,41 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +/* + * NOTICE: Do not edit this file manually. + * This file is automatically generated by the OpenAPI Generator, @kbn/openapi-generator. + * + * info: + * title: Create an index for Privileges Monitoring import + * version: 2023-10-31 + */ + +import { z } from '@kbn/zod'; + +export type CreatePrivilegesImportIndexRequestBody = z.infer< + typeof CreatePrivilegesImportIndexRequestBody +>; +export const CreatePrivilegesImportIndexRequestBody = z.object({ + /** + * The index name to create + */ + name: z.string(), + /** + * The mode of index creation, either 'standard' or 'lookup' + */ + mode: z.enum(['standard', 'lookup']), +}); +export type CreatePrivilegesImportIndexRequestBodyInput = z.input< + typeof CreatePrivilegesImportIndexRequestBody +>; + +export type CreatePrivilegesImportIndexResponse = z.infer< + typeof CreatePrivilegesImportIndexResponse +>; +export const CreatePrivilegesImportIndexResponse = z.object({ + success: z.boolean().optional(), +}); diff --git a/x-pack/solutions/security/plugins/security_solution/common/api/entity_analytics/monitoring/create_index.schema.yaml b/x-pack/solutions/security/plugins/security_solution/common/api/entity_analytics/monitoring/create_index.schema.yaml new file mode 100644 index 000000000000..d2ab049dbca8 --- /dev/null +++ b/x-pack/solutions/security/plugins/security_solution/common/api/entity_analytics/monitoring/create_index.schema.yaml @@ -0,0 +1,42 @@ +openapi: 3.0.0 + +info: + title: Create an index for Privileges Monitoring import + version: '2023-10-31' +paths: + /api/entity_analytics/monitoring/privileges/indices: + put: + x-labels: [ess, serverless] + x-internal: true + x-codegen-enabled: true + operationId: CreatePrivilegesImportIndex + summary: Create an index for Privileges Monitoring import + + requestBody: + description: Schema for the entity store initialization + required: true + content: + application/json: + schema: + type: object + properties: + name: + type: string + description: The index name to create + mode: + type: string + enum: [standard, lookup] + description: The mode of index creation, either 'standard' or 'lookup' + required: + - name + - mode + responses: + '200': + description: Successful response + content: + application/json: + schema: + type: object + properties: + success: + type: boolean \ No newline at end of file diff --git a/x-pack/solutions/security/plugins/security_solution/common/api/entity_analytics/privilege_monitoring/health.gen.ts b/x-pack/solutions/security/plugins/security_solution/common/api/entity_analytics/privilege_monitoring/health.gen.ts index 675094123c1c..e775d4e0c054 100644 --- a/x-pack/solutions/security/plugins/security_solution/common/api/entity_analytics/privilege_monitoring/health.gen.ts +++ b/x-pack/solutions/security/plugins/security_solution/common/api/entity_analytics/privilege_monitoring/health.gen.ts @@ -16,7 +16,14 @@ import { z } from '@kbn/zod'; +import { EngineStatus } from './common.gen'; + export type PrivMonHealthResponse = z.infer; export const PrivMonHealthResponse = z.object({ - ok: z.boolean().optional(), + status: z.union([EngineStatus, z.literal('not_found')]), + error: z + .object({ + message: z.string().optional(), + }) + .optional(), }); diff --git a/x-pack/solutions/security/plugins/security_solution/common/api/entity_analytics/privilege_monitoring/health.schema.yaml b/x-pack/solutions/security/plugins/security_solution/common/api/entity_analytics/privilege_monitoring/health.schema.yaml index 2b712852f64f..8c0cebff8252 100644 --- a/x-pack/solutions/security/plugins/security_solution/common/api/entity_analytics/privilege_monitoring/health.schema.yaml +++ b/x-pack/solutions/security/plugins/security_solution/common/api/entity_analytics/privilege_monitoring/health.schema.yaml @@ -19,5 +19,18 @@ paths: schema: type: object properties: - ok: - type: boolean + status: + oneOf: + - $ref: './common.schema.yaml#/components/schemas/EngineStatus' + - type: string + enum: [not_found] + error: + type: object + required: + - status + properties: + message: + type: string + + required: + - status diff --git a/x-pack/solutions/security/plugins/security_solution/common/api/quickstart_client.gen.ts b/x-pack/solutions/security/plugins/security_solution/common/api/quickstart_client.gen.ts index 4dfa65598166..d9bdb770867a 100644 --- a/x-pack/solutions/security/plugins/security_solution/common/api/quickstart_client.gen.ts +++ b/x-pack/solutions/security/plugins/security_solution/common/api/quickstart_client.gen.ts @@ -259,6 +259,10 @@ import type { GetEntityStoreStatusResponse, } from './entity_analytics/entity_store/status.gen'; import type { RunEntityAnalyticsMigrationsResponse } from './entity_analytics/migrations/run_migrations_route.gen'; +import type { + CreatePrivilegesImportIndexRequestBodyInput, + CreatePrivilegesImportIndexResponse, +} from './entity_analytics/monitoring/create_index.gen'; import type { SearchPrivilegesIndicesRequestQueryInput, SearchPrivilegesIndicesResponse, @@ -623,6 +627,19 @@ If a record already exists for the specified entity, that record is overwritten }) .catch(catchAxiosErrorFormatAndThrow); } + async createPrivilegesImportIndex(props: CreatePrivilegesImportIndexProps) { + this.log.info(`${new Date().toISOString()} Calling API CreatePrivilegesImportIndex`); + return this.kbnClient + .request({ + path: '/api/entity_analytics/monitoring/privileges/indices', + headers: { + [ELASTIC_HTTP_VERSION_HEADER]: '2023-10-31', + }, + method: 'PUT', + body: props.body, + }) + .catch(catchAxiosErrorFormatAndThrow); + } async createPrivMonUser(props: CreatePrivMonUserProps) { this.log.info(`${new Date().toISOString()} Calling API CreatePrivMonUser`); return this.kbnClient @@ -2615,6 +2632,9 @@ export interface CreateAlertsMigrationProps { export interface CreateAssetCriticalityRecordProps { body: CreateAssetCriticalityRecordRequestBodyInput; } +export interface CreatePrivilegesImportIndexProps { + body: CreatePrivilegesImportIndexRequestBodyInput; +} export interface CreatePrivMonUserProps { body: CreatePrivMonUserRequestBodyInput; } diff --git a/x-pack/solutions/security/plugins/security_solution/docs/openapi/ess/security_solution_entity_analytics_api_2023_10_31.bundled.schema.yaml b/x-pack/solutions/security/plugins/security_solution/docs/openapi/ess/security_solution_entity_analytics_api_2023_10_31.bundled.schema.yaml index a6636c78f307..c081177d2b54 100644 --- a/x-pack/solutions/security/plugins/security_solution/docs/openapi/ess/security_solution_entity_analytics_api_2023_10_31.bundled.schema.yaml +++ b/x-pack/solutions/security/plugins/security_solution/docs/openapi/ess/security_solution_entity_analytics_api_2023_10_31.bundled.schema.yaml @@ -329,8 +329,21 @@ paths: schema: type: object properties: - ok: - type: boolean + error: + type: object + properties: + message: + type: string + required: + - status + status: + oneOf: + - $ref: '#/components/schemas/EngineStatus' + - enum: + - not_found + type: string + required: + - status description: Successful response summary: Health check on Privilege Monitoring tags: diff --git a/x-pack/solutions/security/plugins/security_solution/docs/openapi/serverless/security_solution_entity_analytics_api_2023_10_31.bundled.schema.yaml b/x-pack/solutions/security/plugins/security_solution/docs/openapi/serverless/security_solution_entity_analytics_api_2023_10_31.bundled.schema.yaml index a041ea5fdc65..b598c94ca90c 100644 --- a/x-pack/solutions/security/plugins/security_solution/docs/openapi/serverless/security_solution_entity_analytics_api_2023_10_31.bundled.schema.yaml +++ b/x-pack/solutions/security/plugins/security_solution/docs/openapi/serverless/security_solution_entity_analytics_api_2023_10_31.bundled.schema.yaml @@ -329,8 +329,21 @@ paths: schema: type: object properties: - ok: - type: boolean + error: + type: object + properties: + message: + type: string + required: + - status + status: + oneOf: + - $ref: '#/components/schemas/EngineStatus' + - enum: + - not_found + type: string + required: + - status description: Successful response summary: Health check on Privilege Monitoring tags: diff --git a/x-pack/solutions/security/plugins/security_solution/public/entity_analytics/api/api.ts b/x-pack/solutions/security/plugins/security_solution/public/entity_analytics/api/api.ts index 20e54e719e1c..04d25256ae97 100644 --- a/x-pack/solutions/security/plugins/security_solution/public/entity_analytics/api/api.ts +++ b/x-pack/solutions/security/plugins/security_solution/public/entity_analytics/api/api.ts @@ -6,6 +6,8 @@ */ import { useMemo } from 'react'; +import type { CreatePrivilegesImportIndexResponse } from '../../../common/api/entity_analytics/monitoring/create_index.gen'; +import type { PrivMonHealthResponse } from '../../../common/api/entity_analytics/privilege_monitoring/health.gen'; import type { InitMonitoringEngineResponse } from '../../../common/api/entity_analytics/privilege_monitoring/engine/init.gen'; import { PRIVMON_PUBLIC_INIT, @@ -209,6 +211,44 @@ export const useEntityAnalyticsRoutes = () => { } ); + /** + * Create an index for privilege monitoring import + */ + const createPrivMonImportIndex = async (params: { + name: string; + mode: 'standard' | 'lookup'; + signal?: AbortSignal; + }) => + http.fetch( + '/api/entity_analytics/monitoring/privileges/indices', + { + version: API_VERSIONS.public.v1, + method: 'PUT', + body: JSON.stringify({ + name: params.name, + mode: params.mode, + }), + signal: params.signal, + } + ); + /** + * Register a data source for privilege monitoring engine + */ + const registerPrivMonMonitoredIndices = async (indexPattern: string | undefined) => + http.fetch( + '/api/entity_analytics/monitoring/entity_source', + { + version: API_VERSIONS.public.v1, + method: 'POST', + + body: JSON.stringify({ + type: 'index', + name: 'User Monitored Indices', + indexPattern, + }), + } + ); + /** * Create asset criticality */ @@ -309,6 +349,12 @@ export const useEntityAnalyticsRoutes = () => { method: 'POST', }); + const fetchPrivilegeMonitoringEngineStatus = async (): Promise => + http.fetch('/api/entity_analytics/monitoring/privileges/health', { + version: API_VERSIONS.public.v1, + method: 'GET', + }); + /** * Fetches risk engine settings */ @@ -347,12 +393,15 @@ export const useEntityAnalyticsRoutes = () => { fetchAssetCriticalityPrivileges, fetchEntityStorePrivileges, searchPrivMonIndices, + createPrivMonImportIndex, createAssetCriticality, deleteAssetCriticality, fetchAssetCriticality, uploadAssetCriticalityFile, uploadPrivilegedUserMonitoringFile, initPrivilegedMonitoringEngine, + registerPrivMonMonitoredIndices, + fetchPrivilegeMonitoringEngineStatus, fetchRiskEngineSettings, calculateEntityRiskScore, cleanUpRiskEngine, diff --git a/x-pack/solutions/security/plugins/security_solution/public/entity_analytics/api/hooks/use_privileged_monitoring_engine_status.ts b/x-pack/solutions/security/plugins/security_solution/public/entity_analytics/api/hooks/use_privileged_monitoring_engine_status.ts new file mode 100644 index 000000000000..7cb3584155c5 --- /dev/null +++ b/x-pack/solutions/security/plugins/security_solution/public/entity_analytics/api/hooks/use_privileged_monitoring_engine_status.ts @@ -0,0 +1,19 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ +import { useQuery } from '@tanstack/react-query'; +import type { SecurityAppError } from '@kbn/securitysolution-t-grid'; +import type { PrivMonHealthResponse } from '../../../../common/api/entity_analytics/privilege_monitoring/health.gen'; +import { useEntityAnalyticsRoutes } from '../api'; + +export const usePrivilegedMonitoringEngineStatus = () => { + const { fetchPrivilegeMonitoringEngineStatus } = useEntityAnalyticsRoutes(); + return useQuery({ + queryKey: ['GET', 'FETCH_PRIVILEGED_MONITORING_ENGINE_STATUS'], + queryFn: fetchPrivilegeMonitoringEngineStatus, + retry: 0, + }); +}; diff --git a/x-pack/solutions/security/plugins/security_solution/public/entity_analytics/components/privileged_user_monitoring/index.tsx b/x-pack/solutions/security/plugins/security_solution/public/entity_analytics/components/privileged_user_monitoring/index.tsx index 99a61c41177b..fc49dc9848e0 100644 --- a/x-pack/solutions/security/plugins/security_solution/public/entity_analytics/components/privileged_user_monitoring/index.tsx +++ b/x-pack/solutions/security/plugins/security_solution/public/entity_analytics/components/privileged_user_monitoring/index.tsx @@ -20,10 +20,12 @@ export interface OnboardingCallout { export const PrivilegedUserMonitoring = ({ callout, + error, onManageUserClicked, sourcererDataView, }: { callout?: OnboardingCallout; + error?: string; onManageUserClicked: () => void; sourcererDataView: DataViewSpec; }) => { @@ -36,6 +38,20 @@ export const PrivilegedUserMonitoring = ({ return ( + {error && ( + + } + color="danger" + iconType="cross" + > +

{error}

+ + )} {callout && !dismissCallout && ( { } onClick={showIndexModal} /> - + {isIndexModalOpen && ( + + )} ({ + useEntityAnalyticsRoutes: () => ({ + createPrivMonImportIndex: mockCreatePrivMonImportIndex, + }), +})); + +const onCloseMock = jest.fn(); +const onCreateMock = jest.fn(); + +describe('CreateIndexModal', () => { + beforeEach(() => { + jest.clearAllMocks(); + }); + + it('renders modal with form fields and buttons', () => { + render(, { + wrapper: TestProviders, + }); + + expect(screen.getByTestId('createIndexModalIndexName')).toBeInTheDocument(); + expect(screen.getByTestId('createIndexModalIndexMode')).toBeInTheDocument(); + expect(screen.getByText('Cancel')).toBeInTheDocument(); + expect(screen.getByTestId('createIndexModalCreateButton')).toBeInTheDocument(); + }); + + it('disables create button when index name is empty', () => { + render(, { + wrapper: TestProviders, + }); + + const createButton = screen.getByTestId('createIndexModalCreateButton'); + expect(createButton).toBeDisabled(); + }); + + it('enables create button when index name is not empty', () => { + render(, { + wrapper: TestProviders, + }); + + const input = screen.getByTestId('createIndexModalIndexName'); + fireEvent.change(input, { target: { value: 'my-index' } }); + + const createButton = screen.getByTestId('createIndexModalCreateButton'); + expect(createButton).not.toBeDisabled(); + }); + + it('calls onClose when cancel button is clicked', () => { + render(, { + wrapper: TestProviders, + }); + + fireEvent.click(screen.getByText('Cancel')); + expect(onCloseMock).toHaveBeenCalled(); + }); + + it('calls onCreate and createPrivMonImportIndex with trimmed index name', async () => { + render(, { + wrapper: TestProviders, + }); + + const input = screen.getByTestId('createIndexModalIndexName'); + fireEvent.change(input, { target: { value: ' my-index ' } }); + + const createButton = screen.getByTestId('createIndexModalCreateButton'); + fireEvent.click(createButton); + + await waitFor(() => { + expect(mockCreatePrivMonImportIndex).toHaveBeenCalledWith({ + name: 'my-index', + mode: 'standard', + }); + expect(onCreateMock).toHaveBeenCalledWith('my-index'); + }); + }); + + it('shows error callout if createPrivMonImportIndex throws', async () => { + const errorMsg = 'Something went wrong'; + mockCreatePrivMonImportIndex.mockRejectedValue({ + body: { message: errorMsg }, + }); + + render(, { + wrapper: TestProviders, + }); + + const input = screen.getByTestId('createIndexModalIndexName'); + fireEvent.change(input, { target: { value: 'index' } }); + + const createButton = screen.getByTestId('createIndexModalCreateButton'); + fireEvent.click(createButton); + + await waitFor(() => { + expect(screen.getByText(`Error creating index: ${errorMsg}`)).toBeInTheDocument(); + }); + }); + + it('changes index mode when select is changed', () => { + render(, { + wrapper: TestProviders, + }); + + const select = screen.getByTestId('createIndexModalIndexMode'); + fireEvent.change(select, { target: { value: 'lookup' } }); + expect((select as HTMLSelectElement).value).toBe('lookup'); + }); +}); diff --git a/x-pack/solutions/security/plugins/security_solution/public/entity_analytics/components/privileged_user_monitoring_onboarding/components/create_index_modal.tsx b/x-pack/solutions/security/plugins/security_solution/public/entity_analytics/components/privileged_user_monitoring_onboarding/components/create_index_modal.tsx new file mode 100644 index 000000000000..f4aa8479f6f1 --- /dev/null +++ b/x-pack/solutions/security/plugins/security_solution/public/entity_analytics/components/privileged_user_monitoring_onboarding/components/create_index_modal.tsx @@ -0,0 +1,166 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ +import React, { useState, useCallback } from 'react'; +import { + EuiButtonEmpty, + EuiFlexItem, + EuiFlexGroup, + EuiButton, + EuiModalFooter, + EuiSpacer, + EuiModalHeaderTitle, + EuiModalHeader, + EuiModalBody, + EuiModal, + EuiFormRow, + EuiFieldText, + EuiSelect, + EuiCallOut, +} from '@elastic/eui'; +import { FormattedMessage } from '@kbn/i18n-react'; +import { i18n } from '@kbn/i18n'; +import type { SecurityAppError } from '@kbn/securitysolution-t-grid'; +import { useEntityAnalyticsRoutes } from '../../../api/api'; + +enum IndexMode { + STANDARD = 'standard', + LOOKUP = 'lookup', +} + +const INDEX_NAME_LABEL = i18n.translate( + 'xpack.securitySolution.entityAnalytics.privilegedUserMonitoring.createIndex.indexNameLabel', + { + defaultMessage: 'Index name', + } +); + +const INDEX_MODE_LABEL = i18n.translate( + 'xpack.securitySolution.entityAnalytics.privilegedUserMonitoring.createIndex.indexModeLabel', + { + defaultMessage: 'Index mode', + } +); + +const INDEX_MODES = [ + { + value: IndexMode.STANDARD, + text: i18n.translate( + 'xpack.securitySolution.entityAnalytics.privilegedUserMonitoring.createIndex.mode.standard', + { defaultMessage: 'Standard' } + ), + }, + { + value: IndexMode.LOOKUP, + text: i18n.translate( + 'xpack.securitySolution.entityAnalytics.privilegedUserMonitoring.createIndex.mode.lookup', + { defaultMessage: 'Lookup' } + ), + }, +]; + +export const CreateIndexModal = ({ + onClose, + onCreate, +}: { + onClose: () => void; + onCreate: (indexName: string) => void; +}) => { + const [indexName, setIndexName] = useState(''); + const [indexMode, setIndexMode] = useState(IndexMode.STANDARD); + const [error, setError] = useState(null); + const { createPrivMonImportIndex } = useEntityAnalyticsRoutes(); + + const handleCreate = useCallback(async () => { + setError(null); + const trimmedName = indexName.trim(); + + await createPrivMonImportIndex({ + name: trimmedName, + mode: indexMode, + }).catch((err: SecurityAppError) => { + setError( + i18n.translate( + 'xpack.securitySolution.entityAnalytics.privilegedUserMonitoring.createIndex.error', + { + defaultMessage: 'Error creating index: {error}', + values: { error: err.body.message || err.message || 'Unknown error' }, + } + ) + ); + }); + onCreate(trimmedName); + }, [indexName, createPrivMonImportIndex, indexMode, onCreate]); + + return ( + + + + + + + + {error && ( + <> + {error} + + + )} + + setIndexName(e.target.value)} + aria-label={INDEX_NAME_LABEL} + data-test-subj="createIndexModalIndexName" + /> + + + + setIndexMode(e.target.value as IndexMode)} + aria-label={INDEX_MODE_LABEL} + data-test-subj="createIndexModalIndexMode" + /> + + + + + + + + + + + + + + + + + + ); +}; diff --git a/x-pack/solutions/security/plugins/security_solution/public/entity_analytics/components/privileged_user_monitoring_onboarding/components/select_index_modal.test.tsx b/x-pack/solutions/security/plugins/security_solution/public/entity_analytics/components/privileged_user_monitoring_onboarding/components/select_index_modal.test.tsx index 2c099d46ba18..8b11dfabdc8d 100644 --- a/x-pack/solutions/security/plugins/security_solution/public/entity_analytics/components/privileged_user_monitoring_onboarding/components/select_index_modal.test.tsx +++ b/x-pack/solutions/security/plugins/security_solution/public/entity_analytics/components/privileged_user_monitoring_onboarding/components/select_index_modal.test.tsx @@ -28,29 +28,22 @@ jest.mock('../hooks/use_fetch_privileged_user_indices', () => ({ describe('IndexSelectorModal', () => { const onCloseMock = jest.fn(); + const onImportMock = jest.fn(); afterEach(() => { jest.clearAllMocks(); }); it('renders the modal when isOpen is true', () => { - render(, { + render(, { wrapper: TestProviders, }); expect(screen.getByText('Select index')).toBeInTheDocument(); }); - it('does not render the modal when isOpen is false', () => { - render(, { - wrapper: TestProviders, - }); - - expect(screen.queryByText('Select index')).not.toBeInTheDocument(); - }); - it('calls onClose when the cancel button is clicked', () => { - render(, { + render(, { wrapper: TestProviders, }); @@ -60,7 +53,7 @@ describe('IndexSelectorModal', () => { }); it('displays the indices in the combo box', () => { - render(, { + render(, { wrapper: TestProviders, }); @@ -77,7 +70,7 @@ describe('IndexSelectorModal', () => { error: new Error('Test error'), }); - render(, { + render(, { wrapper: TestProviders, }); @@ -91,7 +84,7 @@ describe('IndexSelectorModal', () => { error: null, }); - render(, { + render(, { wrapper: TestProviders, }); diff --git a/x-pack/solutions/security/plugins/security_solution/public/entity_analytics/components/privileged_user_monitoring_onboarding/components/select_index_modal.tsx b/x-pack/solutions/security/plugins/security_solution/public/entity_analytics/components/privileged_user_monitoring_onboarding/components/select_index_modal.tsx index 1571d6b28df8..f90cbc03b461 100644 --- a/x-pack/solutions/security/plugins/security_solution/public/entity_analytics/components/privileged_user_monitoring_onboarding/components/select_index_modal.tsx +++ b/x-pack/solutions/security/plugins/security_solution/public/entity_analytics/components/privileged_user_monitoring_onboarding/components/select_index_modal.tsx @@ -4,7 +4,7 @@ * 2.0; you may not use this file except in compliance with the Elastic License * 2.0. */ -import React, { useEffect, useMemo, useState } from 'react'; +import React, { useCallback, useEffect, useMemo, useState } from 'react'; import type { EuiComboBoxOptionOption } from '@elastic/eui'; import { EuiButtonEmpty, @@ -23,9 +23,11 @@ import { } from '@elastic/eui'; import { FormattedMessage } from '@kbn/i18n-react'; import { i18n } from '@kbn/i18n'; -import { useDebounceFn } from '@kbn/react-hooks'; +import { useBoolean, useDebounceFn } from '@kbn/react-hooks'; import { useAppToasts } from '../../../../common/hooks/use_app_toasts'; import { useFetchPrivilegedUserIndices } from '../hooks/use_fetch_privileged_user_indices'; +import { useEntityAnalyticsRoutes } from '../../../api/api'; +import { CreateIndexModal } from './create_index_modal'; const SELECT_INDEX_LABEL = i18n.translate( 'xpack.securitySolution.entityAnalytics.privilegedUserMonitoring.selectIndex.comboboxPlaceholder', @@ -44,17 +46,20 @@ const LOADING_ERROR_MESSAGE = i18n.translate( const DEBOUNCE_OPTIONS = { wait: 300 }; export const IndexSelectorModal = ({ - isOpen, onClose, + onImport, }: { - isOpen: boolean; onClose: () => void; + onImport: (userCount: number) => void; }) => { + const [isCreateIndexModalOpen, { on: showCreateIndexModal, off: hideCreateIndexModal }] = + useBoolean(false); const { addError } = useAppToasts(); const [searchQuery, setSearchQuery] = useState(undefined); - const { data: indices, isFetching, error } = useFetchPrivilegedUserIndices(searchQuery); + const { data: indices, isFetching, error, refetch } = useFetchPrivilegedUserIndices(searchQuery); const [selectedOptions, setSelected] = useState>>([]); const debouncedSetSearchQuery = useDebounceFn(setSearchQuery, DEBOUNCE_OPTIONS); + const { registerPrivMonMonitoredIndices } = useEntityAnalyticsRoutes(); const options = useMemo( () => indices?.map((index) => ({ @@ -69,11 +74,26 @@ export const IndexSelectorModal = ({ } }, [addError, error]); - if (!isOpen) { - return null; - } + const addPrivilegedUsers = useCallback(async () => { + if (selectedOptions.length > 0) { + await registerPrivMonMonitoredIndices(selectedOptions.map(({ label }) => label).join(',')); - return ( + onImport(0); // The API does not return the user count because it is not available at this point. + } + }, [onImport, registerPrivMonMonitoredIndices, selectedOptions]); + + const onCreateIndex = useCallback( + (indexName: string) => { + hideCreateIndexModal(); + setSelected(selectedOptions.concat({ label: indexName })); + refetch(); + }, + [hideCreateIndexModal, refetch, selectedOptions] + ); + + return isCreateIndexModalOpen ? ( + + ) : ( @@ -124,7 +144,7 @@ export const IndexSelectorModal = ({ - {}}> + - {}} fill> + { const { dataViewSpec } = useDataViewSpec(); const sourcererDataView = newDataViewPickerEnabled ? dataViewSpec : oldSourcererDataView; - + const engineStatus = usePrivilegedMonitoringEngineStatus(); const initEngineCallBack = useCallback( async (userCount: number) => { dispatch({ type: 'INITIALIZING_ENGINE', userCount }); @@ -101,6 +119,33 @@ export const EntityAnalyticsPrivilegedUserMonitoringPage = () => { const onManageUserClicked = useCallback(() => {}, []); + useEffect(() => { + if (engineStatus.isLoading) { + return; + } + + if (engineStatus.isError && engineStatus.error.body.status_code === 404) { + return dispatch({ type: 'SHOW_ONBOARDING' }); + } else { + const errorMessage = engineStatus.error?.body.message ?? engineStatus.data?.error?.message; + + return dispatch({ + type: 'SHOW_DASHBOARD', + onboardingCallout: undefined, + error: errorMessage, + }); + } + }, [ + engineStatus.data?.error?.message, + engineStatus.error?.body, + engineStatus.isError, + engineStatus.isLoading, + ]); + + const fullHeightCSS = css` + min-height: calc(100vh - 240px); + `; + return ( <> {state.type === 'dashboard' && ( @@ -110,11 +155,26 @@ export const EntityAnalyticsPrivilegedUserMonitoringPage = () => { )} + {state.type === 'fetchingEngineStatus' && ( + <> + + } + /> + + + + + + + )} + {state.type === 'onboarding' && ( <> - dispatch({ type: 'SHOW_DASHBOARD' })}> - {'Go to dashboards =>'} - @@ -131,11 +191,7 @@ export const EntityAnalyticsPrivilegedUserMonitoringPage = () => { /> } /> - + {state.initResponse?.status === 'error' ? ( { /> diff --git a/x-pack/solutions/security/plugins/security_solution/server/lib/entity_analytics/privilege_monitoring/indices.ts b/x-pack/solutions/security/plugins/security_solution/server/lib/entity_analytics/privilege_monitoring/indices.ts index 5b7fa647cb88..2e2042ac8a04 100644 --- a/x-pack/solutions/security/plugins/security_solution/server/lib/entity_analytics/privilege_monitoring/indices.ts +++ b/x-pack/solutions/security/plugins/security_solution/server/lib/entity_analytics/privilege_monitoring/indices.ts @@ -9,6 +9,21 @@ import type { MappingTypeMapping } from '@elastic/elasticsearch/lib/api/types'; export type MappingProperties = NonNullable; +export const PRIVILEGED_MONITOR_IMPORT_USERS_INDEX_MAPPING: MappingProperties = { + user: { + properties: { + name: { + type: 'text', + fields: { + keyword: { + type: 'keyword', + }, + }, + }, + }, + }, +}; + export const PRIVILEGED_MONITOR_USERS_INDEX_MAPPING: MappingProperties = { 'event.ingested': { type: 'date', diff --git a/x-pack/solutions/security/plugins/security_solution/server/lib/entity_analytics/privilege_monitoring/privilege_monitoring_data_client.ts b/x-pack/solutions/security/plugins/security_solution/server/lib/entity_analytics/privilege_monitoring/privilege_monitoring_data_client.ts index 3ce41f5a59df..be1910a4b793 100644 --- a/x-pack/solutions/security/plugins/security_solution/server/lib/entity_analytics/privilege_monitoring/privilege_monitoring_data_client.ts +++ b/x-pack/solutions/security/plugins/security_solution/server/lib/entity_analytics/privilege_monitoring/privilege_monitoring_data_client.ts @@ -40,7 +40,10 @@ import { import type { ApiKeyManager } from './auth/api_key'; import { startPrivilegeMonitoringTask } from './tasks/privilege_monitoring_task'; import { createOrUpdateIndex } from '../utils/create_or_update_index'; -import { generateUserIndexMappings } from './indices'; +import { + PRIVILEGED_MONITOR_IMPORT_USERS_INDEX_MAPPING, + generateUserIndexMappings, +} from './indices'; import { PrivilegeMonitoringEngineDescriptorClient } from './saved_object/privilege_monitoring'; import { POST_EXCLUDE_INDICES, @@ -157,6 +160,15 @@ export class PrivilegeMonitoringDataClient { return descriptor; } + async getEngineStatus() { + const engineDescriptor = await this.engineClient.get(); + + return { + status: engineDescriptor.status, + error: engineDescriptor.error, + }; + } + public async createOrUpdateIndex() { await createOrUpdateIndex({ esClient: this.internalUserClient, @@ -182,17 +194,44 @@ export class PrivilegeMonitoringDataClient { } } + /** + * This create a index for user to populate privileged users. + * It already defines the mappings and settings for the index. + */ + public createPrivilegesImportIndex(indexName: string, mode: 'lookup' | 'standard') { + this.log('info', `Creating privileges import index: ${indexName} with mode: ${mode}`); + // Use the current user client to create the index, the internal user does not have permissions to any index + return this.esClient.indices.create({ + index: indexName, + mappings: { properties: PRIVILEGED_MONITOR_IMPORT_USERS_INDEX_MAPPING }, + settings: { + mode, + }, + }); + } + public async searchPrivilegesIndices(query: string | undefined) { const { indices } = await this.esClient.fieldCaps({ index: [query ? `*${query}*` : '*', ...PRE_EXCLUDE_INDICES], types: ['keyword'], - fields: ['user.name'], // search for indices with field 'user.name' of type 'keyword' + fields: ['user.name.keyword'], // search for indices with field 'user.name.keyword' of type 'keyword' include_unmapped: false, ignore_unavailable: true, allow_no_indices: true, expand_wildcards: 'open', include_empty_fields: false, filters: '-parent', + index_filter: { + bool: { + must: [ + { + exists: { + field: 'user.name.keyword', + }, + }, + ], + }, + }, }); if (!Array.isArray(indices) || indices.length === 0) { diff --git a/x-pack/solutions/security/plugins/security_solution/server/lib/entity_analytics/privilege_monitoring/routes/create_index.ts b/x-pack/solutions/security/plugins/security_solution/server/lib/entity_analytics/privilege_monitoring/routes/create_index.ts new file mode 100644 index 000000000000..d4bfcd96eaf3 --- /dev/null +++ b/x-pack/solutions/security/plugins/security_solution/server/lib/entity_analytics/privilege_monitoring/routes/create_index.ts @@ -0,0 +1,62 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import type { IKibanaResponse, Logger } from '@kbn/core/server'; +import { buildSiemResponse } from '@kbn/lists-plugin/server/routes/utils'; +import { transformError } from '@kbn/securitysolution-es-utils'; +import { buildRouteValidationWithZod } from '@kbn/zod-helpers'; +import { CreatePrivilegesImportIndexRequestBody } from '../../../../../common/api/entity_analytics/monitoring/create_index.gen'; +import { API_VERSIONS, APP_ID } from '../../../../../common/constants'; +import type { EntityAnalyticsRoutesDeps } from '../../types'; + +export const createPrivilegeMonitoringIndicesRoute = ( + router: EntityAnalyticsRoutesDeps['router'], + logger: Logger +) => { + router.versioned + .put({ + access: 'public', + path: '/api/entity_analytics/monitoring/privileges/indices', + security: { + authz: { + requiredPrivileges: ['securitySolution', `${APP_ID}-entity-analytics`], + }, + }, + }) + .addVersion( + { + version: API_VERSIONS.public.v1, + validate: { + request: { + body: buildRouteValidationWithZod(CreatePrivilegesImportIndexRequestBody), + }, + }, + }, + + async (context, request, response): Promise> => { + const secSol = await context.securitySolution; + const siemResponse = buildSiemResponse(response); + const indexName = request.body.name; + const indexMode = request.body.mode; + + try { + await secSol + .getPrivilegeMonitoringDataClient() + .createPrivilegesImportIndex(indexName, indexMode); + + return response.ok(); + } catch (e) { + const error = transformError(e); + logger.error(`Error creating privilege monitoring indices: ${error.message}`); + return siemResponse.error({ + statusCode: error.statusCode, + body: error.message, + }); + } + } + ); +}; diff --git a/x-pack/solutions/security/plugins/security_solution/server/lib/entity_analytics/privilege_monitoring/routes/health.ts b/x-pack/solutions/security/plugins/security_solution/server/lib/entity_analytics/privilege_monitoring/routes/health.ts index 77b0f403c25f..846237dca059 100644 --- a/x-pack/solutions/security/plugins/security_solution/server/lib/entity_analytics/privilege_monitoring/routes/health.ts +++ b/x-pack/solutions/security/plugins/security_solution/server/lib/entity_analytics/privilege_monitoring/routes/health.ts @@ -36,11 +36,20 @@ export const healthCheckPrivilegeMonitoringRoute = ( async (context, request, response): Promise> => { const siemResponse = buildSiemResponse(response); + const secSol = await context.securitySolution; try { - return response.ok({ body: { ok: true } }); + const body = await secSol.getPrivilegeMonitoringDataClient().getEngineStatus(); + return response.ok({ body }); } catch (e) { const error = transformError(e); + + if (error?.statusCode === 404) { + return response.ok({ + body: { status: 'not_found' }, + }); + } + logger.error(`Error checking privilege monitoring health: ${error.message}`); return siemResponse.error({ statusCode: error.statusCode, diff --git a/x-pack/solutions/security/plugins/security_solution/server/lib/entity_analytics/privilege_monitoring/routes/register_privilege_monitoring_routes.ts b/x-pack/solutions/security/plugins/security_solution/server/lib/entity_analytics/privilege_monitoring/routes/register_privilege_monitoring_routes.ts index 17e3f3e2f675..c511c6d86124 100644 --- a/x-pack/solutions/security/plugins/security_solution/server/lib/entity_analytics/privilege_monitoring/routes/register_privilege_monitoring_routes.ts +++ b/x-pack/solutions/security/plugins/security_solution/server/lib/entity_analytics/privilege_monitoring/routes/register_privilege_monitoring_routes.ts @@ -6,6 +6,7 @@ */ import type { EntityAnalyticsRoutesDeps } from '../../types'; +import { createPrivilegeMonitoringIndicesRoute } from './create_index'; import { healthCheckPrivilegeMonitoringRoute } from './health'; import { initPrivilegeMonitoringEngineRoute } from './init'; import { monitoringEntitySourceRoute } from './monitoring_entity_source'; @@ -27,11 +28,12 @@ export const registerPrivilegeMonitoringRoutes = ({ logger, config, }: EntityAnalyticsRoutesDeps) => { - initPrivilegeMonitoringEngineRoute(router, logger, config); - healthCheckPrivilegeMonitoringRoute(router, logger, config); padInstallRoute(router, logger, config); padGetStatusRoute(router, logger, config); - searchPrivilegeMonitoringIndicesRoute(router, logger, config); + initPrivilegeMonitoringEngineRoute(router, logger, config); + healthCheckPrivilegeMonitoringRoute(router, logger, config); + searchPrivilegeMonitoringIndicesRoute(router, logger); + createPrivilegeMonitoringIndicesRoute(router, logger); monitoringEntitySourceRoute(router, logger, config); createUserRoute(router, logger); deleteUserRoute(router, logger); diff --git a/x-pack/solutions/security/plugins/security_solution/server/lib/entity_analytics/privilege_monitoring/routes/search_indices.ts b/x-pack/solutions/security/plugins/security_solution/server/lib/entity_analytics/privilege_monitoring/routes/search_indices.ts index 8757a687f85b..05a999eea6bb 100644 --- a/x-pack/solutions/security/plugins/security_solution/server/lib/entity_analytics/privilege_monitoring/routes/search_indices.ts +++ b/x-pack/solutions/security/plugins/security_solution/server/lib/entity_analytics/privilege_monitoring/routes/search_indices.ts @@ -19,8 +19,7 @@ const LIMIT = 20; export const searchPrivilegeMonitoringIndicesRoute = ( router: EntityAnalyticsRoutesDeps['router'], - logger: Logger, - config: EntityAnalyticsRoutesDeps['config'] + logger: Logger ) => { router.versioned .get({ diff --git a/x-pack/solutions/security/plugins/security_solution/server/lib/entity_analytics/privilege_monitoring/saved_object/privilege_monitoring.ts b/x-pack/solutions/security/plugins/security_solution/server/lib/entity_analytics/privilege_monitoring/saved_object/privilege_monitoring.ts index 910cd429f37e..7562b498bd02 100644 --- a/x-pack/solutions/security/plugins/security_solution/server/lib/entity_analytics/privilege_monitoring/saved_object/privilege_monitoring.ts +++ b/x-pack/solutions/security/plugins/security_solution/server/lib/entity_analytics/privilege_monitoring/saved_object/privilege_monitoring.ts @@ -18,7 +18,9 @@ interface PrivilegeMonitoringEngineDescriptorDependencies { interface PrivilegedMonitoringEngineDescriptor { status: MonitoringEngineDescriptor['status']; - error?: Record; + error?: Record & { + message?: string; + }; } export class PrivilegeMonitoringEngineDescriptorClient { diff --git a/x-pack/test/api_integration/services/security_solution_api.gen.ts b/x-pack/test/api_integration/services/security_solution_api.gen.ts index 94956f4848c3..a4a714561d87 100644 --- a/x-pack/test/api_integration/services/security_solution_api.gen.ts +++ b/x-pack/test/api_integration/services/security_solution_api.gen.ts @@ -27,6 +27,7 @@ import { ConfigureRiskEngineSavedObjectRequestBodyInput } from '@kbn/security-so import { CopyTimelineRequestBodyInput } from '@kbn/security-solution-plugin/common/api/timeline/copy_timeline/copy_timeline_route.gen'; import { CreateAlertsMigrationRequestBodyInput } from '@kbn/security-solution-plugin/common/api/detection_engine/signals_migration/create_signals_migration/create_signals_migration.gen'; import { CreateAssetCriticalityRecordRequestBodyInput } from '@kbn/security-solution-plugin/common/api/entity_analytics/asset_criticality/create_asset_criticality.gen'; +import { CreatePrivilegesImportIndexRequestBodyInput } from '@kbn/security-solution-plugin/common/api/entity_analytics/monitoring/create_index.gen'; import { CreatePrivMonUserRequestBodyInput } from '@kbn/security-solution-plugin/common/api/entity_analytics/privilege_monitoring/users/create.gen'; import { CreateRuleRequestBodyInput } from '@kbn/security-solution-plugin/common/api/detection_engine/rule_management/crud/create_rule/create_rule_route.gen'; import { CreateRuleMigrationRequestBodyInput } from '@kbn/security-solution-plugin/common/siem_migrations/model/api/rules/rule_migration.gen'; @@ -332,6 +333,17 @@ If a record already exists for the specified entity, that record is overwritten .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') .send(props.body as object); }, + createPrivilegesImportIndex( + props: CreatePrivilegesImportIndexProps, + kibanaSpace: string = 'default' + ) { + return supertest + .put(routeWithNamespace('/api/entity_analytics/monitoring/privileges/indices', kibanaSpace)) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') + .send(props.body as object); + }, createPrivMonUser(props: CreatePrivMonUserProps, kibanaSpace: string = 'default') { return supertest .post(routeWithNamespace('/api/entity_analytics/monitoring/users', kibanaSpace)) @@ -1908,6 +1920,9 @@ export interface CreateAlertsMigrationProps { export interface CreateAssetCriticalityRecordProps { body: CreateAssetCriticalityRecordRequestBodyInput; } +export interface CreatePrivilegesImportIndexProps { + body: CreatePrivilegesImportIndexRequestBodyInput; +} export interface CreatePrivMonUserProps { body: CreatePrivMonUserRequestBodyInput; } diff --git a/x-pack/test/security_solution_api_integration/test_suites/entity_analytics/monitoring/trial_license_complete_tier/search_indices.ts b/x-pack/test/security_solution_api_integration/test_suites/entity_analytics/monitoring/trial_license_complete_tier/search_indices.ts index 211493d78499..58dddea6a314 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/entity_analytics/monitoring/trial_license_complete_tier/search_indices.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/entity_analytics/monitoring/trial_license_complete_tier/search_indices.ts @@ -6,6 +6,7 @@ */ import expect from '@kbn/expect'; +import { PRIVILEGED_MONITOR_IMPORT_USERS_INDEX_MAPPING } from '@kbn/security-solution-plugin/server/lib/entity_analytics/privilege_monitoring/indices'; import { FtrProviderContext } from '../../../../ftr_provider_context'; export default ({ getService }: FtrProviderContext) => { @@ -24,7 +25,10 @@ export default ({ getService }: FtrProviderContext) => { describe('@ess @serverless @skipInServerlessMKI EntityAnalytics Monitoring SearchIndices', () => { before(async () => { - await es.indices.create({ index: indexName }); + await es.indices.create({ + index: indexName, + mappings: { properties: PRIVILEGED_MONITOR_IMPORT_USERS_INDEX_MAPPING }, + }); }); after(async () => {