mirror of
https://github.com/elastic/kibana.git
synced 2025-04-23 09:19:04 -04:00
## Summary * Enabled winlogbeat to work with workaround for authentication_failed (until that is fixed) * Fixed ordering to be successes first, failures second * https://github.com/elastic/ingest-dev/issues/491 * https://github.com/elastic/ingest-dev/issues/469 ### Checklist Use ~~strikethroughs~~ to remove checklist items you don't feel are applicable to this PR. ~~- [ ] This was checked for cross-browser compatibility, [including a check against IE11](https://github.com/elastic/kibana/blob/master/CONTRIBUTING.md#cross-browser-compatibility)~~ ~~- [ ] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/master/packages/kbn-i18n/README.md)~~ ~~- [ ] [Documentation](https://github.com/elastic/kibana/blob/master/CONTRIBUTING.md#writing-documentation) was added for features that require explanation or tutorials~~ ~~- [ ] [Unit or functional tests](https://github.com/elastic/kibana/blob/master/CONTRIBUTING.md#cross-browser-compatibility) were updated or added to match the most common scenarios~~ ~~- [ ] This was checked for [keyboard-only and screenreader accessibility](https://developer.mozilla.org/en-US/docs/Learn/Tools_and_testing/Cross_browser_testing/Accessibility#Accessibility_testing_checklist)~~ ### For maintainers ~~- [ ] This was checked for breaking API changes and was [labeled appropriately](https://github.com/elastic/kibana/blob/master/CONTRIBUTING.md#release-notes-process)~~ ~~- [ ] This includes a feature addition or change that requires a release note and was [labeled appropriately](https://github.com/elastic/kibana/blob/master/CONTRIBUTING.md#release-notes-process)~~
This commit is contained in:
Frank Hassanabad
GitHub
parent
0d19314d4e
commit
5841467b6e
3 changed files with 110 additions and 111 deletions
|
|
@ -134,90 +134,6 @@ const getAuthenticationColumns = (): [
|
|||
idPrefix: `authentications-table-${node._id}-userName`,
|
||||
}),
|
||||
},
|
||||
{
|
||||
name: i18n.FAILURES,
|
||||
truncateText: false,
|
||||
hideForMobile: false,
|
||||
render: ({ node }) => {
|
||||
const id = escapeDataProviderId(
|
||||
`authentications-table-${node._id}-failures-${node.failures}`
|
||||
);
|
||||
return (
|
||||
<DraggableWrapper
|
||||
key={id}
|
||||
dataProvider={{
|
||||
and: [],
|
||||
enabled: true,
|
||||
id,
|
||||
name: 'authentication_failure',
|
||||
excluded: false,
|
||||
kqlQuery: '',
|
||||
queryMatch: {
|
||||
field: 'event.type',
|
||||
value: 'authentication_failure',
|
||||
operator: IS_OPERATOR,
|
||||
},
|
||||
}}
|
||||
render={(dataProvider, _, snapshot) =>
|
||||
snapshot.isDragging ? (
|
||||
<DragEffects>
|
||||
<Provider dataProvider={dataProvider} />
|
||||
</DragEffects>
|
||||
) : (
|
||||
node.failures
|
||||
)
|
||||
}
|
||||
/>
|
||||
);
|
||||
},
|
||||
},
|
||||
{
|
||||
name: i18n.LAST_FAILED_TIME,
|
||||
truncateText: false,
|
||||
hideForMobile: false,
|
||||
render: ({ node }) =>
|
||||
has('lastFailure.timestamp', node) && node.lastFailure!.timestamp != null ? (
|
||||
<EuiToolTip position="bottom" content={node.lastFailure!.timestamp!}>
|
||||
<FormattedRelative value={new Date(node.lastFailure!.timestamp!)} />
|
||||
</EuiToolTip>
|
||||
) : (
|
||||
getEmptyTagValue()
|
||||
),
|
||||
},
|
||||
{
|
||||
name: i18n.LAST_FAILED_SOURCE,
|
||||
truncateText: false,
|
||||
hideForMobile: false,
|
||||
render: ({ node }) =>
|
||||
getRowItemDraggables({
|
||||
rowItems:
|
||||
node.lastFailure != null &&
|
||||
node.lastFailure.source != null &&
|
||||
node.lastFailure.source.ip != null
|
||||
? node.lastFailure.source.ip
|
||||
: null,
|
||||
attrName: 'source.ip',
|
||||
idPrefix: `authentications-table-${node._id}-lastFailureSource`,
|
||||
render: item => <IPDetailsLink ip={item} />,
|
||||
}),
|
||||
},
|
||||
{
|
||||
name: i18n.LAST_FAILED_DESTINATION,
|
||||
truncateText: false,
|
||||
hideForMobile: false,
|
||||
render: ({ node }) =>
|
||||
getRowItemDraggables({
|
||||
rowItems:
|
||||
node.lastFailure != null &&
|
||||
node.lastFailure.host != null &&
|
||||
node.lastFailure.host.name != null
|
||||
? node.lastFailure.host.name
|
||||
: null,
|
||||
attrName: 'host.name',
|
||||
idPrefix: `authentications-table-${node._id}-lastFailureDestination`,
|
||||
render: item => <HostDetailsLink hostName={item} />,
|
||||
}),
|
||||
},
|
||||
{
|
||||
name: i18n.SUCCESSES,
|
||||
truncateText: false,
|
||||
|
|
@ -255,6 +171,43 @@ const getAuthenticationColumns = (): [
|
|||
);
|
||||
},
|
||||
},
|
||||
{
|
||||
name: i18n.FAILURES,
|
||||
truncateText: false,
|
||||
hideForMobile: false,
|
||||
render: ({ node }) => {
|
||||
const id = escapeDataProviderId(
|
||||
`authentications-table-${node._id}-failures-${node.failures}`
|
||||
);
|
||||
return (
|
||||
<DraggableWrapper
|
||||
key={id}
|
||||
dataProvider={{
|
||||
and: [],
|
||||
enabled: true,
|
||||
id,
|
||||
name: 'authentication_failure',
|
||||
excluded: false,
|
||||
kqlQuery: '',
|
||||
queryMatch: {
|
||||
field: 'event.type',
|
||||
value: 'authentication_failure',
|
||||
operator: IS_OPERATOR,
|
||||
},
|
||||
}}
|
||||
render={(dataProvider, _, snapshot) =>
|
||||
snapshot.isDragging ? (
|
||||
<DragEffects>
|
||||
<Provider dataProvider={dataProvider} />
|
||||
</DragEffects>
|
||||
) : (
|
||||
node.failures
|
||||
)
|
||||
}
|
||||
/>
|
||||
);
|
||||
},
|
||||
},
|
||||
{
|
||||
name: i18n.LAST_SUCCESSFUL_TIME,
|
||||
truncateText: false,
|
||||
|
|
@ -302,4 +255,51 @@ const getAuthenticationColumns = (): [
|
|||
render: item => <HostDetailsLink hostName={item} />,
|
||||
}),
|
||||
},
|
||||
{
|
||||
name: i18n.LAST_FAILED_TIME,
|
||||
truncateText: false,
|
||||
hideForMobile: false,
|
||||
render: ({ node }) =>
|
||||
has('lastFailure.timestamp', node) && node.lastFailure!.timestamp != null ? (
|
||||
<EuiToolTip position="bottom" content={node.lastFailure!.timestamp!}>
|
||||
<FormattedRelative value={new Date(node.lastFailure!.timestamp!)} />
|
||||
</EuiToolTip>
|
||||
) : (
|
||||
getEmptyTagValue()
|
||||
),
|
||||
},
|
||||
{
|
||||
name: i18n.LAST_FAILED_SOURCE,
|
||||
truncateText: false,
|
||||
hideForMobile: false,
|
||||
render: ({ node }) =>
|
||||
getRowItemDraggables({
|
||||
rowItems:
|
||||
node.lastFailure != null &&
|
||||
node.lastFailure.source != null &&
|
||||
node.lastFailure.source.ip != null
|
||||
? node.lastFailure.source.ip
|
||||
: null,
|
||||
attrName: 'source.ip',
|
||||
idPrefix: `authentications-table-${node._id}-lastFailureSource`,
|
||||
render: item => <IPDetailsLink ip={item} />,
|
||||
}),
|
||||
},
|
||||
{
|
||||
name: i18n.LAST_FAILED_DESTINATION,
|
||||
truncateText: false,
|
||||
hideForMobile: false,
|
||||
render: ({ node }) =>
|
||||
getRowItemDraggables({
|
||||
rowItems:
|
||||
node.lastFailure != null &&
|
||||
node.lastFailure.host != null &&
|
||||
node.lastFailure.host.name != null
|
||||
? node.lastFailure.host.name
|
||||
: null,
|
||||
attrName: 'host.name',
|
||||
idPrefix: `authentications-table-${node._id}-lastFailureDestination`,
|
||||
render: item => <HostDetailsLink hostName={item} />,
|
||||
}),
|
||||
},
|
||||
];
|
||||
|
|
|
|||
|
|
@ -111,6 +111,31 @@ const HostsComponent = pure<HostsComponentProps>(({ filterQuery }) => (
|
|||
|
||||
<EuiSpacer />
|
||||
|
||||
<AuthenticationsQuery
|
||||
endDate={to}
|
||||
filterQuery={filterQuery}
|
||||
sourceId="default"
|
||||
startDate={from}
|
||||
type={hostsModel.HostsType.page}
|
||||
>
|
||||
{({ authentications, totalCount, loading, pageInfo, loadMore, id, refetch }) => (
|
||||
<AuthenticationTableManage
|
||||
id={id}
|
||||
refetch={refetch}
|
||||
setQuery={setQuery}
|
||||
loading={loading}
|
||||
data={authentications}
|
||||
totalCount={totalCount}
|
||||
nextCursor={getOr(null, 'endCursor.value', pageInfo)}
|
||||
hasNextPage={getOr(false, 'hasNextPage', pageInfo)!}
|
||||
loadMore={loadMore}
|
||||
type={hostsModel.HostsType.page}
|
||||
/>
|
||||
)}
|
||||
</AuthenticationsQuery>
|
||||
|
||||
<EuiSpacer />
|
||||
|
||||
<UncommonProcessesQuery
|
||||
endDate={to}
|
||||
filterQuery={filterQuery}
|
||||
|
|
@ -144,31 +169,6 @@ const HostsComponent = pure<HostsComponentProps>(({ filterQuery }) => (
|
|||
|
||||
<EuiSpacer />
|
||||
|
||||
<AuthenticationsQuery
|
||||
endDate={to}
|
||||
filterQuery={filterQuery}
|
||||
sourceId="default"
|
||||
startDate={from}
|
||||
type={hostsModel.HostsType.page}
|
||||
>
|
||||
{({ authentications, totalCount, loading, pageInfo, loadMore, id, refetch }) => (
|
||||
<AuthenticationTableManage
|
||||
id={id}
|
||||
refetch={refetch}
|
||||
setQuery={setQuery}
|
||||
loading={loading}
|
||||
data={authentications}
|
||||
totalCount={totalCount}
|
||||
nextCursor={getOr(null, 'endCursor.value', pageInfo)}
|
||||
hasNextPage={getOr(false, 'hasNextPage', pageInfo)!}
|
||||
loadMore={loadMore}
|
||||
type={hostsModel.HostsType.page}
|
||||
/>
|
||||
)}
|
||||
</AuthenticationsQuery>
|
||||
|
||||
<EuiSpacer />
|
||||
|
||||
<EventsQuery
|
||||
endDate={to}
|
||||
filterQuery={filterQuery}
|
||||
|
|
|
|||
|
|
@ -34,7 +34,6 @@ export const buildQuery = ({
|
|||
|
||||
const filter = [
|
||||
...createQueryFilterClauses(filterQuery),
|
||||
{ term: { 'event.module': 'system' } },
|
||||
{ term: { 'event.category': 'authentication' } },
|
||||
{
|
||||
range: {
|
||||
|
|
@ -65,7 +64,7 @@ export const buildQuery = ({
|
|||
terms: {
|
||||
size: limit + 1,
|
||||
field: 'user.name',
|
||||
order: { 'failures.doc_count': 'desc' },
|
||||
order: [{ 'successes.doc_count': 'desc' }, { 'failures.doc_count': 'desc' }],
|
||||
},
|
||||
aggs: {
|
||||
failures: {
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue