github-mirrors/kibana
1
0
Fork 0
mirror of https://github.com/elastic/kibana.git synced 2025-04-24 17:59:23 -04:00
Code Issues Projects Releases Packages Wiki Activity

[Security Solution] Add missing Detections API OpenAPI specs (#186764)

Browse source 
**Addresses:** https://github.com/elastic/kibana/issues/183661

## Summary

This PR adds missing OpenAPI specs for the following Detections API endpoints available in both Serverless and ESS

- `POST /api/detection_engine/rules/preview`

and the following API endpoints available in ESS only

- `GET /api/detection_engine/privileges`
- `POST /api/detection_engine/rules/_bulk_delete`
This commit is contained in:
Maxim Palenov 2024-07-12 15:16:29 +02:00 committed by GitHub
parent f96d55a4f5
commit 577a58334f
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
18 changed files with 422 additions and 66 deletions
Download patch file Download diff file Expand all files Collapse all files

2
x-pack/plugins/security_solution/common/api/detection_engine/index_management/index.ts
View file

@ -9,4 +9,4 @@ export * from './create_index/create_index.gen';
export * from './delete_index/delete_index.gen';
export * from './read_alerts_index_exists/read_alerts_index_exists_route';
export * from './read_index/read_index.gen';
export * from './read_privileges/read_privileges_route';
export * from './read_privileges/read_privileges.gen';

23
x-pack/plugins/security_solution/common/api/detection_engine/index_management/read_privileges/read_privileges.gen.ts Normal file
View file

@ -0,0 +1,23 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/
/*
* NOTICE: Do not edit this file manually.
* This file is automatically generated by the OpenAPI Generator, @kbn/openapi-generator.
*
* info:
* title: Read privileges API endpoint
* version: 2023-10-31
*/
import { z } from 'zod';
export type GetPrivilegesResponse = z.infer<typeof GetPrivilegesResponse>;
export const GetPrivilegesResponse = z.object({
is_authenticated: z.boolean(),
has_encryption_key: z.boolean(),
});

43
x-pack/plugins/security_solution/common/api/detection_engine/index_management/read_privileges/read_privileges.schema.yaml Normal file
View file

@ -0,0 +1,43 @@
openapi: 3.0.0
info:
title: Read privileges API endpoint
version: '2023-10-31'
paths:
/api/detection_engine/privileges:
get:
x-labels: [serverless, ess]
operationId: GetPrivileges
x-codegen-enabled: true
summary: Returns user privileges for the Kibana space
description: |
Retrieves whether or not the user is authenticated, and the user's Kibana
space and index privileges, which determine if the user can create an
index for the Elastic Security alerts generated by
detection engine rules.
tags:
- Privileges API
responses:
200:
description: Successful response
content:
application/json:
schema:
type: object
properties:
is_authenticated:
type: boolean
has_encryption_key:
type: boolean
required: [is_authenticated, has_encryption_key]
401:
description: Unsuccessful authentication response
content:
application/json:
schema:
$ref: '../../../model/error_responses.schema.yaml#/components/schemas/PlatformErrorResponse'
500:
description: Internal server error response
content:
application/json:
schema:
$ref: '../../../model/error_responses.schema.yaml#/components/schemas/SiemErrorResponse'

11
x-pack/plugins/security_solution/common/api/detection_engine/index_management/read_privileges/read_privileges_route.ts
View file

@ -1,11 +0,0 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/
export interface ReadPrivilegesResponse {
is_authenticated: boolean;
has_encryption_key: boolean;
}

12
x-pack/plugins/security_solution/common/api/detection_engine/rule_management/bulk_crud/bulk_delete_rules/bulk_delete_rules_route.gen.ts
View file

@ -30,3 +30,15 @@ export type BulkDeleteRulesRequestBodyInput = z.input<typeof BulkDeleteRulesRequ
export type BulkDeleteRulesResponse = z.infer<typeof BulkDeleteRulesResponse>;
export const BulkDeleteRulesResponse = BulkCrudRulesResponse;
export type BulkDeleteRulesPostRequestBody = z.infer<typeof BulkDeleteRulesPostRequestBody>;
export const BulkDeleteRulesPostRequestBody = z.array(
z.object({
id: RuleObjectId.optional(),
rule_id: RuleSignatureId.optional(),
})
);
export type BulkDeleteRulesPostRequestBodyInput = z.input<typeof BulkDeleteRulesPostRequestBody>;
export type BulkDeleteRulesPostResponse = z.infer<typeof BulkDeleteRulesPostResponse>;
export const BulkDeleteRulesPostResponse = BulkCrudRulesResponse;

70
x-pack/plugins/security_solution/common/api/detection_engine/rule_management/bulk_crud/bulk_delete_rules/bulk_delete_rules_route.schema.yaml
View file

@ -33,3 +33,73 @@ paths:
application/json:
schema:
$ref: '../response_schema.schema.yaml#/components/schemas/BulkCrudRulesResponse'
400:
description: Invalid input data response
content:
application/json:
schema:
oneOf:
- $ref: '../../../model/error_responses.schema.yaml#/components/schemas/PlatformErrorResponse'
- $ref: '../../../model/error_responses.schema.yaml#/components/schemas/SiemErrorResponse'
401:
description: Unsuccessful authentication response
content:
application/json:
schema:
$ref: '../../../model/error_responses.schema.yaml#/components/schemas/PlatformErrorResponse'
500:
description: Internal server error response
content:
application/json:
schema:
$ref: '../../../model/error_responses.schema.yaml#/components/schemas/SiemErrorResponse'
post:
x-labels: [ess]
x-codegen-enabled: true
operationId: BulkDeleteRulesPost
deprecated: true
description: Deletes multiple rules.
tags:
- Bulk API
requestBody:
description: A JSON array of `id` or `rule_id` fields of the rules you want to delete.
required: true
content:
application/json:
schema:
type: array
items:
type: object
properties:
id:
$ref: '../../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/RuleObjectId'
rule_id:
$ref: '../../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/RuleSignatureId'
responses:
200:
description: Indicates a successful call.
content:
application/json:
schema:
$ref: '../response_schema.schema.yaml#/components/schemas/BulkCrudRulesResponse'
400:
description: Invalid input data response
content:
application/json:
schema:
oneOf:
- $ref: '../../../model/error_responses.schema.yaml#/components/schemas/PlatformErrorResponse'
- $ref: '../../../model/error_responses.schema.yaml#/components/schemas/SiemErrorResponse'
401:
description: Unsuccessful authentication response
content:
application/json:
schema:
$ref: '../../../model/error_responses.schema.yaml#/components/schemas/PlatformErrorResponse'
500:
description: Internal server error response
content:
application/json:
schema:
$ref: '../../../model/error_responses.schema.yaml#/components/schemas/SiemErrorResponse'

2
x-pack/plugins/security_solution/common/api/detection_engine/rule_preview/index.ts
View file

@ -5,4 +5,4 @@
* 2.0.
*/
export * from './preview_rules_route';
export * from './rule_preview.gen';

27
x-pack/plugins/security_solution/common/api/detection_engine/rule_preview/preview_rules_route.ts
View file

@ -1,27 +0,0 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/
import * as z from 'zod';
import { SharedCreateProps, TypeSpecificCreateProps } from '../model/rule_schema';
export type PreviewRulesSchema = z.infer<typeof PreviewRulesSchema>;
export const PreviewRulesSchema = SharedCreateProps.and(TypeSpecificCreateProps).and(
z.object({ invocationCount: z.number(), timeframeEnd: z.string() })
);
export interface RulePreviewLogs {
errors: string[];
warnings: string[];
startedAt?: string;
duration: number;
}
export interface PreviewResponse {
previewId: string | undefined;
logs: RulePreviewLogs[] | undefined;
isAborted: boolean | undefined;
}

66
x-pack/plugins/security_solution/common/api/detection_engine/rule_preview/rule_preview.gen.ts Normal file
View file

@ -0,0 +1,66 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/
/*
* NOTICE: Do not edit this file manually.
* This file is automatically generated by the OpenAPI Generator, @kbn/openapi-generator.
*
* info:
* title: Rule preview API endpoint
* version: 2023-10-31
*/
import { z } from 'zod';
import {
EqlRuleCreateProps,
QueryRuleCreateProps,
SavedQueryRuleCreateProps,
ThresholdRuleCreateProps,
ThreatMatchRuleCreateProps,
MachineLearningRuleCreateProps,
NewTermsRuleCreateProps,
EsqlRuleCreateProps,
} from '../model/rule_schema/rule_schemas.gen';
import { NonEmptyString } from '../../model/primitives.gen';
export type RulePreviewParams = z.infer<typeof RulePreviewParams>;
export const RulePreviewParams = z.object({
invocationCount: z.number().int(),
timeframeEnd: z.string().datetime(),
});
export type RulePreviewLogs = z.infer<typeof RulePreviewLogs>;
export const RulePreviewLogs = z.object({
errors: z.array(NonEmptyString),
warnings: z.array(NonEmptyString),
/**
* Execution duration in milliseconds
*/
duration: z.number().int(),
startedAt: NonEmptyString.optional(),
});
export type RulePreviewRequestBody = z.infer<typeof RulePreviewRequestBody>;
export const RulePreviewRequestBody = z.discriminatedUnion('type', [
EqlRuleCreateProps.merge(RulePreviewParams),
QueryRuleCreateProps.merge(RulePreviewParams),
SavedQueryRuleCreateProps.merge(RulePreviewParams),
ThresholdRuleCreateProps.merge(RulePreviewParams),
ThreatMatchRuleCreateProps.merge(RulePreviewParams),
MachineLearningRuleCreateProps.merge(RulePreviewParams),
NewTermsRuleCreateProps.merge(RulePreviewParams),
EsqlRuleCreateProps.merge(RulePreviewParams),
]);
export type RulePreviewRequestBodyInput = z.input<typeof RulePreviewRequestBody>;
export type RulePreviewResponse = z.infer<typeof RulePreviewResponse>;
export const RulePreviewResponse = z.object({
logs: z.array(RulePreviewLogs),
previewId: NonEmptyString.optional(),
isAborted: z.boolean().optional(),
});

116
x-pack/plugins/security_solution/common/api/detection_engine/rule_preview/rule_preview.schema.yaml Normal file
View file

@ -0,0 +1,116 @@
openapi: 3.0.0
info:
title: Rule preview API endpoint
version: '2023-10-31'
paths:
/api/detection_engine/rules/preview:
post:
x-labels: [serverless, ess]
operationId: RulePreview
x-codegen-enabled: true
summary: Preview rule alerts generated on specified time range
tags:
- Rule preview API
requestBody:
description: An object containing tags to add or remove and alert ids the changes will be applied
required: true
content:
application/json:
schema:
discriminator:
propertyName: type
anyOf:
- allOf:
- $ref: '../model/rule_schema/rule_schemas.schema.yaml#/components/schemas/EqlRuleCreateProps'
- $ref: '#/components/schemas/RulePreviewParams'
- allOf:
- $ref: '../model/rule_schema/rule_schemas.schema.yaml#/components/schemas/QueryRuleCreateProps'
- $ref: '#/components/schemas/RulePreviewParams'
- allOf:
- $ref: '../model/rule_schema/rule_schemas.schema.yaml#/components/schemas/SavedQueryRuleCreateProps'
- $ref: '#/components/schemas/RulePreviewParams'
- allOf:
- $ref: '../model/rule_schema/rule_schemas.schema.yaml#/components/schemas/ThresholdRuleCreateProps'
- $ref: '#/components/schemas/RulePreviewParams'
- allOf:
- $ref: '../model/rule_schema/rule_schemas.schema.yaml#/components/schemas/ThreatMatchRuleCreateProps'
- $ref: '#/components/schemas/RulePreviewParams'
- allOf:
- $ref: '../model/rule_schema/rule_schemas.schema.yaml#/components/schemas/MachineLearningRuleCreateProps'
- $ref: '#/components/schemas/RulePreviewParams'
- allOf:
- $ref: '../model/rule_schema/rule_schemas.schema.yaml#/components/schemas/NewTermsRuleCreateProps'
- $ref: '#/components/schemas/RulePreviewParams'
- allOf:
- $ref: '../model/rule_schema/rule_schemas.schema.yaml#/components/schemas/EsqlRuleCreateProps'
- $ref: '#/components/schemas/RulePreviewParams'
responses:
200:
description: Successful response
content:
application/json:
schema:
type: object
properties:
logs:
type: array
items:
$ref: '#/components/schemas/RulePreviewLogs'
previewId:
$ref: '../../model/primitives.schema.yaml#/components/schemas/NonEmptyString'
isAborted:
type: boolean
required: [logs]
400:
description: Invalid input data response
content:
application/json:
schema:
oneOf:
- $ref: '../../../model/error_responses.schema.yaml#/components/schemas/PlatformErrorResponse'
- $ref: '../../../model/error_responses.schema.yaml#/components/schemas/SiemErrorResponse'
401:
description: Unsuccessful authentication response
content:
application/json:
schema:
$ref: '../../../model/error_responses.schema.yaml#/components/schemas/PlatformErrorResponse'
500:
description: Internal server error response
content:
application/json:
schema:
$ref: '../../../model/error_responses.schema.yaml#/components/schemas/SiemErrorResponse'
components:
schemas:
RulePreviewParams:
type: object
properties:
invocationCount:
type: integer
timeframeEnd:
type: string
format: date-time
required: [invocationCount, timeframeEnd]
RulePreviewLogs:
type: object
properties:
errors:
type: array
items:
$ref: '../../model/primitives.schema.yaml#/components/schemas/NonEmptyString'
warnings:
type: array
items:
$ref: '../../model/primitives.schema.yaml#/components/schemas/NonEmptyString'
duration:
type: integer
description: Execution duration in milliseconds
startedAt:
$ref: '../../model/primitives.schema.yaml#/components/schemas/NonEmptyString'
required:
- errors
- warnings
- duration

9
x-pack/plugins/security_solution/public/detection_engine/rule_creation_ui/components/rule_preview/use_preview_rule.ts
View file

@ -8,7 +8,10 @@
import { useEffect, useMemo, useState } from 'react';
import { useAppToasts } from '../../../../common/hooks/use_app_toasts';
import type { PreviewResponse, RuleCreateProps } from '../../../../../common/api/detection_engine';
import type {
RuleCreateProps,
RulePreviewResponse,
} from '../../../../../common/api/detection_engine';
import { previewRule } from '../../../rule_management/api/api';
import { transformOutput } from '../../../../detections/containers/detection_engine/rules/transforms';
@ -16,7 +19,7 @@ import type { TimeframePreviewOptions } from '../../../../detections/pages/detec
import { usePreviewInvocationCount } from './use_preview_invocation_count';
import * as i18n from './translations';
const emptyPreviewRule: PreviewResponse = {
const emptyPreviewRule: RulePreviewResponse = {
previewId: undefined,
logs: [],
isAborted: false,
@ -28,7 +31,7 @@ export const usePreviewRule = ({
timeframeOptions: TimeframePreviewOptions;
}) => {
const [rule, setRule] = useState<RuleCreateProps | null>(null);
const [response, setResponse] = useState<PreviewResponse>(emptyPreviewRule);
const [response, setResponse] = useState<RulePreviewResponse>(emptyPreviewRule);
const [isLoading, setIsLoading] = useState(false);
const { addError } = useAppToasts();
const { invocationCount, interval, from } = usePreviewInvocationCount({ timeframeOptions });

9
x-pack/plugins/security_solution/public/detection_engine/rule_management/api/api.ts
View file

@ -59,7 +59,7 @@ import {
import type { RulesReferencedByExceptionListsSchema } from '../../../../common/api/detection_engine/rule_exceptions';
import { DETECTION_ENGINE_RULES_EXCEPTIONS_REFERENCE_URL } from '../../../../common/api/detection_engine/rule_exceptions';
import type { PreviewResponse, RuleResponse } from '../../../../common/api/detection_engine';
import type { RulePreviewResponse, RuleResponse } from '../../../../common/api/detection_engine';
import { KibanaServices } from '../../../common/lib/kibana';
import * as i18n from '../../../detections/pages/detection_engine/rules/translations';
@ -149,8 +149,11 @@ export const patchRule = async ({
*
* @throws An error if response is not OK
*/
export const previewRule = async ({ rule, signal }: PreviewRulesProps): Promise<PreviewResponse> =>
KibanaServices.get().http.fetch<PreviewResponse>(DETECTION_ENGINE_RULES_PREVIEW, {
export const previewRule = async ({
rule,
signal,
}: PreviewRulesProps): Promise<RulePreviewResponse> =>
KibanaServices.get().http.fetch<RulePreviewResponse>(DETECTION_ENGINE_RULES_PREVIEW, {
method: 'POST',
version: '2023-10-31',
body: JSON.stringify(rule),

4
x-pack/plugins/security_solution/server/lib/detection_engine/routes/privileges/read_privileges_route.ts
View file

@ -12,7 +12,7 @@ import type { IKibanaResponse } from '@kbn/core/server';
import type { SecuritySolutionPluginRouter } from '../../../../types';
import { DETECTION_ENGINE_PRIVILEGES_URL } from '../../../../../common/constants';
import { buildSiemResponse } from '../utils';
import type { ReadPrivilegesResponse } from '../../../../../common/api/detection_engine';
import type { GetPrivilegesResponse } from '../../../../../common/api/detection_engine';
export const readPrivilegesRoute = (
router: SecuritySolutionPluginRouter,
@ -31,7 +31,7 @@ export const readPrivilegesRoute = (
version: '2023-10-31',
validate: false,
},
async (context, request, response): Promise<IKibanaResponse<ReadPrivilegesResponse>> => {
async (context, request, response): Promise<IKibanaResponse<GetPrivilegesResponse>> => {
const siemResponse = buildSiemResponse(response);
try {

37
x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/bulk_delete_rules/route.ts
View file

@ -9,8 +9,13 @@ import type { VersionedRouteConfig } from '@kbn/core-http-server';
import type { IKibanaResponse, Logger, RequestHandler } from '@kbn/core/server';
import { transformError } from '@kbn/securitysolution-es-utils';
import { buildRouteValidationWithZod } from '@kbn/zod-helpers';
import type {
BulkDeleteRulesPostResponse,
BulkDeleteRulesResponse,
} from '../../../../../../../common/api/detection_engine/rule_management';
import {
BulkCrudRulesResponse,
BulkDeleteRulesPostRequestBody,
BulkDeleteRulesRequestBody,
validateQueryRuleByIds,
} from '../../../../../../../common/api/detection_engine/rule_management';
@ -33,7 +38,7 @@ import { RULE_MANAGEMENT_BULK_ACTION_SOCKET_TIMEOUT_MS } from '../../timeouts';
type Handler = RequestHandler<
unknown,
unknown,
BulkDeleteRulesRequestBody,
BulkDeleteRulesRequestBody | BulkDeleteRulesPostRequestBody,
SecuritySolutionRequestHandlerContext,
'delete' | 'post'
>;
@ -46,7 +51,7 @@ export const bulkDeleteRulesRoute = (router: SecuritySolutionPluginRouter, logge
context,
request,
response
): Promise<IKibanaResponse<BulkCrudRulesResponse>> => {
): Promise<IKibanaResponse<BulkDeleteRulesResponse | BulkDeleteRulesPostResponse>> => {
logDeprecatedBulkEndpoint(logger, DETECTION_ENGINE_RULES_BULK_DELETE);
const siemResponse = buildSiemResponse(response);
@ -111,14 +116,26 @@ export const bulkDeleteRulesRoute = (router: SecuritySolutionPluginRouter, logge
},
},
};
const versionConfig = {
version: '2023-10-31',
validate: {
request: {
body: buildRouteValidationWithZod(BulkDeleteRulesRequestBody),
router.versioned.delete(routeConfig).addVersion(
{
version: '2023-10-31',
validate: {
request: {
body: buildRouteValidationWithZod(BulkDeleteRulesRequestBody),
},
},
},
};
router.versioned.delete(routeConfig).addVersion(versionConfig, handler);
router.versioned.post(routeConfig).addVersion(versionConfig, handler);
handler
);
router.versioned.post(routeConfig).addVersion(
{
version: '2023-10-31',
validate: {
request: {
body: buildRouteValidationWithZod(BulkDeleteRulesPostRequestBody),
},
},
},
handler
);
};

8
x-pack/plugins/security_solution/server/lib/detection_engine/rule_preview/api/preview_rules/route.ts
View file

@ -28,10 +28,10 @@ import {
import { validateCreateRuleProps } from '../../../../../../common/api/detection_engine/rule_management';
import { RuleExecutionStatusEnum } from '../../../../../../common/api/detection_engine/rule_monitoring';
import type {
PreviewResponse,
RulePreviewResponse,
RulePreviewLogs,
} from '../../../../../../common/api/detection_engine';
import { PreviewRulesSchema } from '../../../../../../common/api/detection_engine';
import { RulePreviewRequestBody } from '../../../../../../common/api/detection_engine';
import type { StartPlugins, SetupPlugins } from '../../../../../plugin';
import { buildSiemResponse } from '../../../routes/utils';
@ -92,9 +92,9 @@ export const previewRulesRoute = (
.addVersion(
{
version: '2023-10-31',
validate: { request: { body: buildRouteValidationWithZod(PreviewRulesSchema) } },
validate: { request: { body: buildRouteValidationWithZod(RulePreviewRequestBody) } },
},
async (context, request, response): Promise<IKibanaResponse<PreviewResponse>> => {
async (context, request, response): Promise<IKibanaResponse<RulePreviewResponse>> => {
const siemResponse = buildSiemResponse(response);
const validationErrors = validateCreateRuleProps(request.body);
const coreContext = await context.core;

41
x-pack/test/api_integration/services/security_solution_api.gen.ts
View file

@ -22,6 +22,7 @@ import {
import { AlertsMigrationCleanupRequestBodyInput } from '@kbn/security-solution-plugin/common/api/detection_engine/signals_migration/delete_signals_migration/delete_signals_migration.gen';
import { BulkCreateRulesRequestBodyInput } from '@kbn/security-solution-plugin/common/api/detection_engine/rule_management/bulk_crud/bulk_create_rules/bulk_create_rules_route.gen';
import { BulkDeleteRulesRequestBodyInput } from '@kbn/security-solution-plugin/common/api/detection_engine/rule_management/bulk_crud/bulk_delete_rules/bulk_delete_rules_route.gen';
import { BulkDeleteRulesPostRequestBodyInput } from '@kbn/security-solution-plugin/common/api/detection_engine/rule_management/bulk_crud/bulk_delete_rules/bulk_delete_rules_route.gen';
import { BulkPatchRulesRequestBodyInput } from '@kbn/security-solution-plugin/common/api/detection_engine/rule_management/bulk_crud/bulk_patch_rules/bulk_patch_rules_route.gen';
import { BulkUpdateRulesRequestBodyInput } from '@kbn/security-solution-plugin/common/api/detection_engine/rule_management/bulk_crud/bulk_update_rules/bulk_update_rules_route.gen';
import { CreateAlertsMigrationRequestBodyInput } from '@kbn/security-solution-plugin/common/api/detection_engine/signals_migration/create_signals_migration/create_signals_migration.gen';
@ -63,6 +64,7 @@ import {
PerformBulkActionRequestBodyInput,
} from '@kbn/security-solution-plugin/common/api/detection_engine/rule_management/bulk_actions/bulk_actions_route.gen';
import { ReadRuleRequestQueryInput } from '@kbn/security-solution-plugin/common/api/detection_engine/rule_management/crud/read_rule/read_rule_route.gen';
import { RulePreviewRequestBodyInput } from '@kbn/security-solution-plugin/common/api/detection_engine/rule_preview/rule_preview.gen';
import { SearchAlertsRequestBodyInput } from '@kbn/security-solution-plugin/common/api/detection_engine/signals/query_signals/query_signals_route.gen';
import { SetAlertAssigneesRequestBodyInput } from '@kbn/security-solution-plugin/common/api/detection_engine/alert_assignees/set_alert_assignees_route.gen';
import { SetAlertsStatusRequestBodyInput } from '@kbn/security-solution-plugin/common/api/detection_engine/signals/set_signal_status/set_signals_status_route.gen';
@ -112,6 +114,17 @@ after 30 days. It also deletes other artifacts specific to the migration impleme
.set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana')
.send(props.body as object);
},
/**
* Deletes multiple rules.
*/
bulkDeleteRulesPost(props: BulkDeleteRulesPostProps) {
return supertest
.post('/api/detection_engine/rules/_bulk_delete')
.set('kbn-xsrf', 'true')
.set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31')
.set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana')
.send(props.body as object);
},
/**
* Updates multiple rules using the `PATCH` method.
*/
@ -287,6 +300,20 @@ finalize it.
.set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31')
.set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana');
},
/**
* Retrieves whether or not the user is authenticated, and the user's Kibana
space and index privileges, which determine if the user can create an
index for the Elastic Security alerts generated by
detection engine rules.
*/
getPrivileges() {
return supertest
.get('/api/detection_engine/privileges')
.set('kbn-xsrf', 'true')
.set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31')
.set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana');
},
getProtectionUpdatesNote(props: GetProtectionUpdatesNoteProps) {
return supertest
.get(
@ -383,6 +410,14 @@ finalize it.
.set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31')
.set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana');
},
rulePreview(props: RulePreviewProps) {
return supertest
.post('/api/detection_engine/rules/preview')
.set('kbn-xsrf', 'true')
.set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31')
.set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana')
.send(props.body as object);
},
searchAlerts(props: SearchAlertsProps) {
return supertest
.post('/api/detection_engine/signals/search')
@ -444,6 +479,9 @@ export interface BulkCreateRulesProps {
export interface BulkDeleteRulesProps {
body: BulkDeleteRulesRequestBodyInput;
}
export interface BulkDeleteRulesPostProps {
body: BulkDeleteRulesPostRequestBodyInput;
}
export interface BulkPatchRulesProps {
body: BulkPatchRulesRequestBodyInput;
}
@ -519,6 +557,9 @@ export interface PerformBulkActionProps {
export interface ReadRuleProps {
query: ReadRuleRequestQueryInput;
}
export interface RulePreviewProps {
body: RulePreviewRequestBodyInput;
}
export interface SearchAlertsProps {
body: SearchAlertsRequestBodyInput;
}

4
x-pack/test/security_solution_api_integration/test_suites/detections_response/utils/rules/get_simple_preview_rule.ts
View file

@ -5,7 +5,7 @@
* 2.0.
*/
import type { PreviewRulesSchema } from '@kbn/security-solution-plugin/common/api/detection_engine';
import type { RulePreviewRequestBody } from '@kbn/security-solution-plugin/common/api/detection_engine';
/**
* This is a typical simple preview rule for testing that is easy for most basic testing
@ -16,7 +16,7 @@ import type { PreviewRulesSchema } from '@kbn/security-solution-plugin/common/ap
export const getSimplePreviewRule = (
ruleId = 'preview-rule-1',
invocationCount = 12
): PreviewRulesSchema => ({
): RulePreviewRequestBody => ({
name: 'Simple Rule Query',
description: 'Simple Rule Query',
risk_score: 1,

4
x-pack/test/security_solution_api_integration/test_suites/detections_response/utils/rules/preview_rule.ts
View file

@ -8,7 +8,7 @@
import type SuperTest from 'supertest';
import type {
RuleCreateProps,
PreviewRulesSchema,
RulePreviewRequestBody,
RulePreviewLogs,
} from '@kbn/security-solution-plugin/common/api/detection_engine';
@ -36,7 +36,7 @@ export const previewRule = async ({
logs: RulePreviewLogs[];
isAborted: boolean;
}> => {
const previewRequest: PreviewRulesSchema = {
const previewRequest: RulePreviewRequestBody = {
...rule,
invocationCount,
timeframeEnd: timeframeEnd.toISOString(),