github-mirrors/kibana
1
0
Fork 0
mirror of https://github.com/elastic/kibana.git synced 2025-04-24 09:48:58 -04:00
Code Issues Projects Releases Packages Wiki Activity

[Security Solution] Enable OpenAPI schemas linting in Security Solution plugin (#188529)

Browse source 
**Relates to:** https://github.com/elastic/security-team/issues/9401

## Summary

Disabling OpenAPI spec linting in https://github.com/elastic/kibana/pull/179074 lead to accumulating invalid OpenAPi specs.

This PR enables OpenAPI linting for Security Solution plugin and make appropriate fixes to make the linting pass.

## Details

OpenAPI linting is a part of code generation. It runs automatically but can be disabled via  `skipLinting: true`. Code generation with disabled linting isn't able to catch all possible problems in processing specs.

The majority of problems came from Entity Analytics and Osquery OpenAPI specs. These specs were fixed and refactored to enable code generation and integrate generated artefacts into routes to make sure OpenAPI spec match API endpoints they describe. It helped to catch some subtle inconsistencies.
This commit is contained in:
Maxim Palenov 2024-07-22 17:50:40 +02:00 committed by GitHub
parent 1ac9c8e2dc
commit 7aae5d9ce1
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
88 changed files with 1077 additions and 718 deletions
Download patch file Download diff file Expand all files Collapse all files

15
packages/kbn-openapi-generator/redocly_linter/config.yaml
View file

@ -5,23 +5,24 @@ plugins:
rules:
spec: error
spec-strict-refs: warn
spec-strict-refs: error
no-path-trailing-slash: error
no-identical-paths: error
no-ambiguous-paths: warn
no-ambiguous-paths: error
no-unresolved-refs: error
no-enum-type-mismatch: error
component-name-unique: error
path-declaration-must-exist: error
path-not-include-query: error
path-parameters-defined: warn
operation-description: warn
operation-2xx-response: error
operation-4xx-response: warn
operation-operationId: error
operation-operationId-unique: error
operation-summary: warn
operation-operationId-url-safe: error
operation-parameters-unique: error
boolean-parameter-prefixes: warn
extra-linter-rules-plugin/valid-x-modify: error
# Disable rules generating the majority of warnings.
# They will be handled separately.
# operation-description: warn
# operation-summary: warn
# operation-4xx-response: warn
# path-parameters-defined: warn

37
x-pack/plugins/osquery/common/api/asset/assets.gen.ts Normal file
View file

@ -0,0 +1,37 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/
/*
* NOTICE: Do not edit this file manually.
* This file is automatically generated by the OpenAPI Generator, @kbn/openapi-generator.
*
* info:
* title: Assets Schema
* version: 1
*/
import { z } from 'zod';
import { AssetsRequestQuery } from './assets_status.gen';
export type ReadAssetsStatusRequestParams = z.infer<typeof ReadAssetsStatusRequestParams>;
export const ReadAssetsStatusRequestParams = z.object({
query: AssetsRequestQuery,
});
export type ReadAssetsStatusRequestParamsInput = z.input<typeof ReadAssetsStatusRequestParams>;
export type ReadAssetsStatusResponse = z.infer<typeof ReadAssetsStatusResponse>;
export const ReadAssetsStatusResponse = z.object({});
export type UpdateAssetsStatusRequestParams = z.infer<typeof UpdateAssetsStatusRequestParams>;
export const UpdateAssetsStatusRequestParams = z.object({
query: AssetsRequestQuery,
});
export type UpdateAssetsStatusRequestParamsInput = z.input<typeof UpdateAssetsStatusRequestParams>;
export type UpdateAssetsStatusResponse = z.infer<typeof UpdateAssetsStatusResponse>;
export const UpdateAssetsStatusResponse = z.object({});

24
x-pack/plugins/osquery/common/api/asset/assets.schema.yaml
View file

@ -5,25 +5,41 @@ info:
paths:
/internal/osquery/assets:
get:
x-codegen-enabled: true
operationId: ReadAssetsStatus
summary: Get assets
parameters:
- $ref: './assets_status.schema.yaml#/components/parameters/AssetsStatusRequestQueryParameter'
- name: query
in: path
required: true
schema:
$ref: './assets_status.schema.yaml#/components/schemas/AssetsRequestQuery'
responses:
'200':
description: OK
content:
application/json:
schema:
$ref: './assets_status.schema.yaml#/components/schemas/SuccessResponse'
type: object
properties: {}
# Define properties for the success response if needed
/internal/osquery/assets/update:
post:
x-codegen-enabled: true
operationId: UpdateAssetsStatus
summary: Update assets
parameters:
- $ref: './assets_status.schema.yaml#/components/parameters/AssetsStatusRequestQueryParameter'
- name: query
in: path
required: true
schema:
$ref: './assets_status.schema.yaml#/components/schemas/AssetsRequestQuery'
responses:
'200':
description: OK
content:
application/json:
schema:
$ref: './assets_status.schema.yaml#/components/schemas/SuccessResponse'
type: object
properties: {}
# Define properties for the success response if needed

3
x-pack/plugins/osquery/common/api/asset/assets_status.gen.ts
View file

@ -18,6 +18,3 @@ import { z } from 'zod';
export type AssetsRequestQuery = z.infer<typeof AssetsRequestQuery>;
export const AssetsRequestQuery = z.object({});
export type SuccessResponse = z.infer<typeof SuccessResponse>;
export const SuccessResponse = z.object({});

13
x-pack/plugins/osquery/common/api/asset/assets_status.schema.yaml
View file

@ -2,19 +2,8 @@ openapi: 3.0.0
info:
title: Assets Status Schema
version: '1'
paths: { }
paths: {}
components:
parameters:
AssetsStatusRequestQueryParameter:
name: query
in: path
required: true
schema:
$ref: '#/components/schemas/AssetsRequestQuery'
schemas:
AssetsRequestQuery:
type: object
SuccessResponse:
type: object
properties: {}
# Define properties for the success response if needed

51
x-pack/plugins/osquery/common/api/fleet_wrapper/fleet_wrapper.gen.ts Normal file
View file

@ -0,0 +1,51 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/
/*
* NOTICE: Do not edit this file manually.
* This file is automatically generated by the OpenAPI Generator, @kbn/openapi-generator.
*
* info:
* title: Fleet wrapper schema
* version: 1
*/
import { z } from 'zod';
import { Id } from '../model/schema/common_attributes.gen';
export type GetAgentDetailsRequestParams = z.infer<typeof GetAgentDetailsRequestParams>;
export const GetAgentDetailsRequestParams = z.object({
id: Id,
});
export type GetAgentDetailsRequestParamsInput = z.input<typeof GetAgentDetailsRequestParams>;
export type GetAgentDetailsResponse = z.infer<typeof GetAgentDetailsResponse>;
export const GetAgentDetailsResponse = z.object({});
export type GetAgentPackagePoliciesResponse = z.infer<typeof GetAgentPackagePoliciesResponse>;
export const GetAgentPackagePoliciesResponse = z.object({});
export type GetAgentPoliciesResponse = z.infer<typeof GetAgentPoliciesResponse>;
export const GetAgentPoliciesResponse = z.object({});
export type GetAgentPolicyRequestParams = z.infer<typeof GetAgentPolicyRequestParams>;
export const GetAgentPolicyRequestParams = z.object({
id: Id,
});
export type GetAgentPolicyRequestParamsInput = z.input<typeof GetAgentPolicyRequestParams>;
export type GetAgentPolicyResponse = z.infer<typeof GetAgentPolicyResponse>;
export const GetAgentPolicyResponse = z.object({});
export type GetAgentsRequestQuery = z.infer<typeof GetAgentsRequestQuery>;
export const GetAgentsRequestQuery = z.object({
query: z.object({}),
});
export type GetAgentsRequestQueryInput = z.input<typeof GetAgentsRequestQuery>;
export type GetAgentsResponse = z.infer<typeof GetAgentsResponse>;
export const GetAgentsResponse = z.object({});

54
x-pack/plugins/osquery/common/api/fleet_wrapper/fleet_wrapper.schema.yaml
View file

@ -5,66 +5,94 @@ info:
paths:
/internal/osquery/fleet_wrapper/agents:
get:
x-codegen-enabled: true
operationId: GetAgents
summary: Get agents
parameters:
- $ref: './get_agents.schema.yaml#/components/parameters/GetAgentsRequestQueryParameter'
- name: query
in: query
required: true
schema:
type: object
additionalProperties: true
responses:
'200':
description: OK
content:
application/json:
schema:
$ref: './get_agents.schema.yaml#/components/schemas/SuccessResponse'
type: object
properties: {}
# Define properties for the success response if needed
/internal/osquery/fleet_wrapper/agents/{id}:
get:
x-codegen-enabled: true
operationId: GetAgentDetails
summary: Get Agent details
parameters:
- $ref: './get_agent_details.schema.yaml#/components/parameters/GetAgentDetailsRequestQueryParameter'
- name: id
in: path
required: true
schema:
$ref: '../model/schema/common_attributes.schema.yaml#/components/schemas/Id'
responses:
'200':
description: OK
content:
application/json:
schema:
$ref: './get_agent_details.schema.yaml#/components/schemas/SuccessResponse'
type: object
properties: {}
# Define properties for the success response if needed
/internal/osquery/fleet_wrapper/agent_policies:
get:
x-codegen-enabled: true
operationId: GetAgentPolicies
summary: Get Agent policies
parameters:
- $ref: './get_agent_policies.schema.yaml#/components/parameters/GetAgentPoliciesRequestParameter'
- $ref: './get_agent_policies.schema.yaml#/components/parameters/GetAgentPoliciesRequestQueryParameter'
responses:
'200':
description: OK
content:
application/json:
schema:
$ref: './get_agent_policies.schema.yaml#/components/schemas/SuccessResponse'
type: object
properties: {}
# Define properties for the success response if needed
/internal/osquery/fleet_wrapper/agent_policies/{id}:
get:
x-codegen-enabled: true
operationId: GetAgentPolicy
summary: Get Agent policy
parameters:
- $ref: './get_agent_policy.schema.yaml#/components/parameters/GetAgentPolicyRequestParameter'
- name: id
in: path
required: true
schema:
$ref: '../model/schema/common_attributes.schema.yaml#/components/schemas/Id'
responses:
'200':
description: OK
content:
application/json:
schema:
$ref: './get_agent_policy.schema.yaml#/components/schemas/SuccessResponse'
type: object
properties: {}
# Define properties for the success response if needed
/internal/osquery/fleet_wrapper/package_policies:
get:
x-codegen-enabled: true
operationId: GetAgentPackagePolicies
summary: Get Agent policy
parameters:
- $ref: './get_package_policies.schema.yaml#/components/parameters/GetPackagePoliciesRequestQueryParameter'
responses:
'200':
description: OK
content:
application/json:
schema:
$ref: './get_package_policies.schema.yaml#/components/schemas/SuccessResponse'
type: object
properties: {}
# Define properties for the success response if needed

23
x-pack/plugins/osquery/common/api/fleet_wrapper/get_agent_details.gen.ts
View file

@ -1,23 +0,0 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/
/*
* NOTICE: Do not edit this file manually.
* This file is automatically generated by the OpenAPI Generator, @kbn/openapi-generator.
*
* info:
* title: Get agent details schema
* version: 1
*/
import { z } from 'zod';
export type GetAgentDetailsRequestParams = z.infer<typeof GetAgentDetailsRequestParams>;
export const GetAgentDetailsRequestParams = z.object({});
export type SuccessResponse = z.infer<typeof SuccessResponse>;
export const SuccessResponse = z.object({});

20
x-pack/plugins/osquery/common/api/fleet_wrapper/get_agent_details.schema.yaml
View file

@ -1,20 +0,0 @@
openapi: 3.0.0
info:
title: Get agent details schema
version: '1'
paths: { }
components:
parameters:
GetAgentDetailsRequestQueryParameter:
name: query
in: path
required: true
schema:
$ref: '#/components/schemas/GetAgentDetailsRequestParams'
schemas:
GetAgentDetailsRequestParams:
type: object
SuccessResponse:
type: object
properties: {}
# Define properties for the success response if needed

14
x-pack/plugins/osquery/common/api/fleet_wrapper/get_agent_details_route.ts
View file

@ -1,14 +0,0 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/
import * as t from 'io-ts';
export const getAgentDetailsRequestParamsSchema = t.unknown;
export type GetAgentDetailsRequestParamsSchema = t.OutputOf<
typeof getAgentDetailsRequestParamsSchema
>;

23
x-pack/plugins/osquery/common/api/fleet_wrapper/get_agent_policies.gen.ts
View file

@ -1,23 +0,0 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/
/*
* NOTICE: Do not edit this file manually.
* This file is automatically generated by the OpenAPI Generator, @kbn/openapi-generator.
*
* info:
* title: Get agent policies schema
* version: 1
*/
import { z } from 'zod';
export type GetAgentPoliciesRequestParams = z.infer<typeof GetAgentPoliciesRequestParams>;
export const GetAgentPoliciesRequestParams = z.object({});
export type SuccessResponse = z.infer<typeof SuccessResponse>;
export const SuccessResponse = z.object({});

26
x-pack/plugins/osquery/common/api/fleet_wrapper/get_agent_policies.schema.yaml
View file

@ -1,26 +0,0 @@
openapi: 3.0.0
info:
title: Get agent policies schema
version: '1'
paths: { }
components:
parameters:
GetAgentPoliciesRequestQueryParameter:
name: query
in: query
required: true
schema:
$ref: '#/components/schemas/GetAgentPoliciesRequestParams'
GetAgentPoliciesRequestParameter:
name: query
in: path
required: true
schema:
$ref: '#/components/schemas/GetAgentPoliciesRequestParams'
schemas:
GetAgentPoliciesRequestParams:
type: object
SuccessResponse:
type: object
properties: {}
# Define properties for the success response if needed

20
x-pack/plugins/osquery/common/api/fleet_wrapper/get_agent_policies_route.ts
View file

@ -1,20 +0,0 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/
import * as t from 'io-ts';
export const getAgentPoliciesRequestParamsSchema = t.unknown;
export type GetAgentPoliciesRequestParamsSchema = t.OutputOf<
typeof getAgentPoliciesRequestParamsSchema
>;
export const getAgentPoliciesRequestQuerySchema = t.unknown;
export type GetAgentPoliciesRequestQuerySchema = t.OutputOf<
typeof getAgentPoliciesRequestQuerySchema
>;

27
x-pack/plugins/osquery/common/api/fleet_wrapper/get_agent_policy.gen.ts
View file

@ -1,27 +0,0 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/
/*
* NOTICE: Do not edit this file manually.
* This file is automatically generated by the OpenAPI Generator, @kbn/openapi-generator.
*
* info:
* title: Get agent policy schema
* version: 1
*/
import { z } from 'zod';
import { Id } from '../model/schema/common_attributes.gen';
export type GetAgentPolicyRequestParams = z.infer<typeof GetAgentPolicyRequestParams>;
export const GetAgentPolicyRequestParams = z.object({
id: Id.optional(),
});
export type SuccessResponse = z.infer<typeof SuccessResponse>;
export const SuccessResponse = z.object({});

23
x-pack/plugins/osquery/common/api/fleet_wrapper/get_agent_policy.schema.yaml
View file

@ -1,23 +0,0 @@
openapi: 3.0.0
info:
title: Get agent policy schema
version: '1'
paths: { }
components:
parameters:
GetAgentPolicyRequestParameter:
name: query
in: path
required: true
schema:
$ref: '#/components/schemas/GetAgentPolicyRequestParams'
schemas:
GetAgentPolicyRequestParams:
type: object
properties:
id:
$ref: '../model/schema/common_attributes.schema.yaml#/components/schemas/Id'
SuccessResponse:
type: object
properties: {}
# Define properties for the success response if needed

3
x-pack/plugins/osquery/common/api/fleet_wrapper/get_agent_status.gen.ts
View file

@ -26,6 +26,3 @@ export const GetAgentStatusRequestQueryParams = z.object({
kuery: KueryOrUndefined.optional(),
policyId: Id.optional(),
});
export type SuccessResponse = z.infer<typeof SuccessResponse>;
export const SuccessResponse = z.object({});

19
x-pack/plugins/osquery/common/api/fleet_wrapper/get_agent_status.schema.yaml
View file

@ -2,21 +2,8 @@ openapi: 3.0.0
info:
title: Get agent status schema
version: '1'
paths: { }
paths: {}
components:
parameters:
GetAgentStatusRequestQueryParameter:
name: query
in: query
required: true
schema:
$ref: '#/components/schemas/GetAgentStatusRequestQueryParams'
GetAgentStatusRequestParameter:
name: query
in: path
required: true
schema:
$ref: '#/components/schemas/GetAgentStatusRequestParams'
schemas:
GetAgentStatusRequestParams:
type: object
@ -27,7 +14,3 @@ components:
$ref: '../model/schema/common_attributes.schema.yaml#/components/schemas/KueryOrUndefined'
policyId:
$ref: '../model/schema/common_attributes.schema.yaml#/components/schemas/Id'
SuccessResponse:
type: object
properties: {}
# Define properties for the success response if needed

23
x-pack/plugins/osquery/common/api/fleet_wrapper/get_agents.gen.ts
View file

@ -1,23 +0,0 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/
/*
* NOTICE: Do not edit this file manually.
* This file is automatically generated by the OpenAPI Generator, @kbn/openapi-generator.
*
* info:
* title: Get agents schema
* version: 1
*/
import { z } from 'zod';
export type GetAgentsRequestParams = z.infer<typeof GetAgentsRequestParams>;
export const GetAgentsRequestParams = z.object({});
export type SuccessResponse = z.infer<typeof SuccessResponse>;
export const SuccessResponse = z.object({});

20
x-pack/plugins/osquery/common/api/fleet_wrapper/get_agents.schema.yaml
View file

@ -1,20 +0,0 @@
openapi: 3.0.0
info:
title: Get agents schema
version: '1'
paths: { }
components:
parameters:
GetAgentsRequestQueryParameter:
name: query
in: path
required: true
schema:
$ref: '#/components/schemas/GetAgentsRequestParams'
schemas:
GetAgentsRequestParams:
type: object
SuccessResponse:
type: object
properties: {}
# Define properties for the success response if needed

23
x-pack/plugins/osquery/common/api/fleet_wrapper/get_package_policies.gen.ts
View file

@ -1,23 +0,0 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/
/*
* NOTICE: Do not edit this file manually.
* This file is automatically generated by the OpenAPI Generator, @kbn/openapi-generator.
*
* info:
* title: Get package policies schema
* version: 1
*/
import { z } from 'zod';
export type GetPackagePoliciesRequestParams = z.infer<typeof GetPackagePoliciesRequestParams>;
export const GetPackagePoliciesRequestParams = z.object({});
export type SuccessResponse = z.infer<typeof SuccessResponse>;
export const SuccessResponse = z.object({});

20
x-pack/plugins/osquery/common/api/fleet_wrapper/get_package_policies.schema.yaml
View file

@ -1,20 +0,0 @@
openapi: 3.0.0
info:
title: Get package policies schema
version: '1'
paths: { }
components:
parameters:
GetPackagePoliciesRequestQueryParameter:
name: query
in: path
required: true
schema:
$ref: '#/components/schemas/GetPackagePoliciesRequestParams'
schemas:
GetPackagePoliciesRequestParams:
type: object
SuccessResponse:
type: object
properties: {}
# Define properties for the success response if needed

3
x-pack/plugins/osquery/common/api/index.ts
View file

@ -7,8 +7,7 @@
export * from './asset/get_assets_status_route';
export * from './asset/update_assets_status_route';
export * from './fleet_wrapper/get_agent_policies_route';
export * from './fleet_wrapper/get_agent_details_route';
export * from './fleet_wrapper/fleet_wrapper.gen';
export * from './fleet_wrapper/get_agent_policy_route';
export * from './fleet_wrapper/get_agent_status_for_agent_policy_route';
export * from './fleet_wrapper/get_agents_route';

3
x-pack/plugins/osquery/common/api/status/privileges_check.schema.yaml
View file

@ -5,6 +5,7 @@ info:
paths:
/internal/osquery/privileges_check:
get:
operationId: ReadPrivilegesCheck
summary: Get Osquery privileges check
responses:
'200':
@ -13,4 +14,4 @@ paths:
application/json:
schema:
type: object
properties: { }
properties: {}

3
x-pack/plugins/osquery/common/api/status/status.schema.yaml
View file

@ -5,6 +5,7 @@ info:
paths:
/internal/osquery/status:
get:
operationId: ReadInstallationStatus
summary: Get Osquery installation status
responses:
'200':
@ -13,4 +14,4 @@ paths:
application/json:
schema:
type: object
properties: { }
properties: {}

2
x-pack/plugins/osquery/scripts/openapi/generate.js
View file

@ -17,6 +17,4 @@ generate({
rootDir: OSQUERY_ROOT,
sourceGlob: './**/*.schema.yaml',
templateName: 'zod_operation_schema',
// TODO: Fix lint errors
skipLinting: true,
});

13
x-pack/plugins/osquery/server/routes/fleet_wrapper/get_agent_details.ts
View file

@ -6,12 +6,11 @@
*/
import type { IRouter } from '@kbn/core/server';
import type { GetAgentDetailsRequestParamsSchema } from '../../../common/api';
import { buildRouteValidation } from '../../utils/build_validation/route_validation';
import { buildRouteValidationWithZod } from '@kbn/zod-helpers';
import { API_VERSIONS } from '../../../common/constants';
import { PLUGIN_ID } from '../../../common';
import type { OsqueryAppContext } from '../../lib/osquery_app_context_services';
import { getAgentDetailsRequestParamsSchema } from '../../../common/api';
import { GetAgentDetailsRequestParams } from '../../../common/api';
export const getAgentDetailsRoute = (router: IRouter, osqueryContext: OsqueryAppContext) => {
router.versioned
@ -25,10 +24,7 @@ export const getAgentDetailsRoute = (router: IRouter, osqueryContext: OsqueryApp
version: API_VERSIONS.internal.v1,
validate: {
request: {
params: buildRouteValidation<
typeof getAgentDetailsRequestParamsSchema,
GetAgentDetailsRequestParamsSchema
>(getAgentDetailsRequestParamsSchema),
params: buildRouteValidationWithZod(GetAgentDetailsRequestParams),
},
},
},
@ -38,8 +34,7 @@ export const getAgentDetailsRoute = (router: IRouter, osqueryContext: OsqueryApp
try {
agent = await osqueryContext.service
.getAgentService()
?.asInternalUser // @ts-expect-error update types
?.getAgent(request.params.id);
?.asInternalUser?.getAgent(request.params.id);
} catch (err) {
return response.notFound();
}

22
x-pack/plugins/osquery/server/routes/fleet_wrapper/get_agent_policies.ts
View file

@ -11,19 +11,10 @@ import { satisfies } from 'semver';
import type { GetAgentPoliciesResponseItem, PackagePolicy } from '@kbn/fleet-plugin/common';
import { PACKAGE_POLICY_SAVED_OBJECT_TYPE } from '@kbn/fleet-plugin/common';
import type { IRouter } from '@kbn/core/server';
import type {
GetAgentPoliciesRequestParamsSchema,
GetAgentPoliciesRequestQuerySchema,
} from '../../../common/api';
import { buildRouteValidation } from '../../utils/build_validation/route_validation';
import { API_VERSIONS } from '../../../common/constants';
import { OSQUERY_INTEGRATION_NAME, PLUGIN_ID } from '../../../common';
import type { OsqueryAppContext } from '../../lib/osquery_app_context_services';
import { getInternalSavedObjectsClient } from '../utils';
import {
getAgentPoliciesRequestParamsSchema,
getAgentPoliciesRequestQuerySchema,
} from '../../../common/api';
export const getAgentPoliciesRoute = (router: IRouter, osqueryContext: OsqueryAppContext) => {
router.versioned
@ -35,18 +26,7 @@ export const getAgentPoliciesRoute = (router: IRouter, osqueryContext: OsqueryAp
.addVersion(
{
version: API_VERSIONS.internal.v1,
validate: {
request: {
params: buildRouteValidation<
typeof getAgentPoliciesRequestParamsSchema,
GetAgentPoliciesRequestParamsSchema
>(getAgentPoliciesRequestParamsSchema),
query: buildRouteValidation<
typeof getAgentPoliciesRequestQuerySchema,
GetAgentPoliciesRequestQuerySchema
>(getAgentPoliciesRequestQuerySchema),
},
},
validate: {},
},
async (context, request, response) => {
const internalSavedObjectsClient = await getInternalSavedObjectsClient(

10
x-pack/plugins/osquery/server/routes/fleet_wrapper/get_agent_policy.ts
View file

@ -6,13 +6,12 @@
*/
import type { IRouter } from '@kbn/core/server';
import type { GetAgentPolicyRequestParamsSchema } from '../../../common/api';
import { buildRouteValidation } from '../../utils/build_validation/route_validation';
import { buildRouteValidationWithZod } from '@kbn/zod-helpers';
import { API_VERSIONS } from '../../../common/constants';
import { PLUGIN_ID } from '../../../common';
import type { OsqueryAppContext } from '../../lib/osquery_app_context_services';
import { getInternalSavedObjectsClient } from '../utils';
import { getAgentPolicyRequestParamsSchema } from '../../../common/api';
import { GetAgentPolicyRequestParams } from '../../../common/api';
export const getAgentPolicyRoute = (router: IRouter, osqueryContext: OsqueryAppContext) => {
router.versioned
@ -26,10 +25,7 @@ export const getAgentPolicyRoute = (router: IRouter, osqueryContext: OsqueryAppC
version: API_VERSIONS.internal.v1,
validate: {
request: {
params: buildRouteValidation<
typeof getAgentPolicyRequestParamsSchema,
GetAgentPolicyRequestParamsSchema
>(getAgentPolicyRequestParamsSchema),
params: buildRouteValidationWithZod(GetAgentPolicyRequestParams),
},
},
},

12
x-pack/plugins/osquery/server/routes/fleet_wrapper/get_package_policies.ts
View file

@ -7,13 +7,10 @@
import type { IRouter } from '@kbn/core/server';
import { PACKAGE_POLICY_SAVED_OBJECT_TYPE } from '@kbn/fleet-plugin/common';
import type { GetPackagePoliciesRequestQuerySchema } from '../../../common/api';
import { buildRouteValidation } from '../../utils/build_validation/route_validation';
import { API_VERSIONS } from '../../../common/constants';
import { PLUGIN_ID, OSQUERY_INTEGRATION_NAME } from '../../../common';
import type { OsqueryAppContext } from '../../lib/osquery_app_context_services';
import { getInternalSavedObjectsClient } from '../utils';
import { getPackagePoliciesRequestQuerySchema } from '../../../common/api';
export const getPackagePoliciesRoute = (router: IRouter, osqueryContext: OsqueryAppContext) => {
router.versioned
@ -25,14 +22,7 @@ export const getPackagePoliciesRoute = (router: IRouter, osqueryContext: Osquery
.addVersion(
{
version: API_VERSIONS.internal.v1,
validate: {
request: {
query: buildRouteValidation<
typeof getPackagePoliciesRequestQuerySchema,
GetPackagePoliciesRequestQuerySchema
>(getPackagePoliciesRequestQuerySchema),
},
},
validate: {},
},
async (context, request, response) => {
const internalSavedObjectsClient = await getInternalSavedObjectsClient(

7
x-pack/plugins/osquery/tsconfig.json
View file

@ -3,9 +3,7 @@
"compilerOptions": {
"outDir": "target/types"
},
"exclude": [
"target/**/*"
],
"exclude": ["target/**/*"],
"include": [
// add all the folders contains files to be compiled
"common/**/*",
@ -77,6 +75,7 @@
"@kbn/openapi-generator",
"@kbn/code-editor",
"@kbn/search-types",
"@kbn/react-kibana-context-render"
"@kbn/react-kibana-context-render",
"@kbn/zod-helpers"
]
}

1
x-pack/plugins/security_solution/common/api/detection_engine/index_management/create_index/create_index.schema.yaml
View file

@ -35,6 +35,7 @@ paths:
schema:
$ref: '../../../model/error_responses.schema.yaml#/components/schemas/SiemErrorResponse'
404:
description: Not found
content:
application/json:
schema:

1
x-pack/plugins/security_solution/common/api/detection_engine/index_management/read_index/read_index.schema.yaml
View file

@ -38,6 +38,7 @@ paths:
schema:
$ref: '../../../model/error_responses.schema.yaml#/components/schemas/SiemErrorResponse'
404:
description: Not found
content:
application/json:
schema:

32
x-pack/plugins/security_solution/common/api/entity_analytics/asset_criticality/bulk_upload_asset_criticality.gen.ts
View file

@ -18,7 +18,35 @@ import { z } from 'zod';
import { CreateAssetCriticalityRecord } from './common.gen';
export type AssetCriticalityBulkUploadRequest = z.infer<typeof AssetCriticalityBulkUploadRequest>;
export const AssetCriticalityBulkUploadRequest = z.object({
export type AssetCriticalityBulkUploadErrorItem = z.infer<
typeof AssetCriticalityBulkUploadErrorItem
>;
export const AssetCriticalityBulkUploadErrorItem = z.object({
message: z.string(),
index: z.number().int(),
});
export type AssetCriticalityBulkUploadStats = z.infer<typeof AssetCriticalityBulkUploadStats>;
export const AssetCriticalityBulkUploadStats = z.object({
successful: z.number().int(),
failed: z.number().int(),
total: z.number().int(),
});
export type BulkUpsertAssetCriticalityRecordsRequestBody = z.infer<
typeof BulkUpsertAssetCriticalityRecordsRequestBody
>;
export const BulkUpsertAssetCriticalityRecordsRequestBody = z.object({
records: z.array(CreateAssetCriticalityRecord).min(1).max(1000),
});
export type BulkUpsertAssetCriticalityRecordsRequestBodyInput = z.input<
typeof BulkUpsertAssetCriticalityRecordsRequestBody
>;
export type BulkUpsertAssetCriticalityRecordsResponse = z.infer<
typeof BulkUpsertAssetCriticalityRecordsResponse
>;
export const BulkUpsertAssetCriticalityRecordsResponse = z.object({
errors: z.array(AssetCriticalityBulkUploadErrorItem),
stats: AssetCriticalityBulkUploadStats,
});

80
x-pack/plugins/security_solution/common/api/entity_analytics/asset_criticality/bulk_upload_asset_criticality.schema.yaml
View file

@ -13,40 +13,82 @@ paths:
/api/asset_criticality/bulk:
post:
x-labels: [ess, serverless]
x-codegen-enabled: true
operationId: BulkUpsertAssetCriticalityRecords
summary: Bulk upsert asset criticality data, creating or updating records as needed
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/AssetCriticalityBulkUploadRequest'
type: object
example:
records:
- id_value: 'host-1'
id_field: 'host.name'
criticality_level: 'low_impact'
- id_value: 'host-2'
id_field: 'host.name'
criticality_level: 'medium_impact'
properties:
records:
type: array
minItems: 1
maxItems: 1000
items:
$ref: './common.schema.yaml#/components/schemas/CreateAssetCriticalityRecord'
required:
- records
responses:
'200':
description: Bulk upload successful
content:
application/json:
schema:
$ref: './common.schema.yaml#/components/schemas/AssetCriticalityBulkUploadResponse'
type: object
example:
errors:
- message: 'Invalid ID field'
index: 0
stats:
successful: 1
failed: 1
total: 2
properties:
errors:
type: array
items:
$ref: '#/components/schemas/AssetCriticalityBulkUploadErrorItem'
stats:
$ref: '#/components/schemas/AssetCriticalityBulkUploadStats'
required:
- errors
- stats
'413':
description: File too large
components:
schemas:
AssetCriticalityBulkUploadRequest:
AssetCriticalityBulkUploadErrorItem:
type: object
example:
records:
- id_value: 'host-1'
id_field: 'host.name'
criticality_level: 'low_impact'
- id_value: 'host-2'
id_field: 'host.name'
criticality_level: 'medium_impact'
properties:
records:
type: array
minItems: 1
maxItems: 1000
items:
$ref: './common.schema.yaml#/components/schemas/CreateAssetCriticalityRecord'
message:
type: string
index:
type: integer
required:
- records
- message
- index
AssetCriticalityBulkUploadStats:
type: object
properties:
successful:
type: integer
failed:
type: integer
total:
type: integer
required:
- successful
- failed
- total

43
x-pack/plugins/security_solution/common/api/entity_analytics/asset_criticality/common.gen.ts
View file

@ -53,28 +53,6 @@ export const CreateAssetCriticalityRecord = AssetCriticalityRecordIdParts.merge(
})
);
export type CreateSingleAssetCriticalityRequest = z.infer<
typeof CreateSingleAssetCriticalityRequest
>;
export const CreateSingleAssetCriticalityRequest = CreateAssetCriticalityRecord.merge(
z.object({
/**
* If 'wait_for' the request will wait for the index refresh.
*/
refresh: z.literal('wait_for').optional(),
})
);
export type DeleteAssetCriticalityRecord = z.infer<typeof DeleteAssetCriticalityRecord>;
export const DeleteAssetCriticalityRecord = AssetCriticalityRecordIdParts.merge(
z.object({
/**
* If 'wait_for' the request will wait for the index refresh.
*/
refresh: z.literal('wait_for').optional(),
})
);
export type AssetCriticalityRecord = z.infer<typeof AssetCriticalityRecord>;
export const AssetCriticalityRecord = CreateAssetCriticalityRecord.merge(
z.object({
@ -84,24 +62,3 @@ export const AssetCriticalityRecord = CreateAssetCriticalityRecord.merge(
'@timestamp': z.string().datetime(),
})
);
export type AssetCriticalityBulkUploadErrorItem = z.infer<
typeof AssetCriticalityBulkUploadErrorItem
>;
export const AssetCriticalityBulkUploadErrorItem = z.object({
message: z.string(),
index: z.number().int(),
});
export type AssetCriticalityBulkUploadStats = z.infer<typeof AssetCriticalityBulkUploadStats>;
export const AssetCriticalityBulkUploadStats = z.object({
successful: z.number().int(),
failed: z.number().int(),
total: z.number().int(),
});
export type AssetCriticalityBulkUploadResponse = z.infer<typeof AssetCriticalityBulkUploadResponse>;
export const AssetCriticalityBulkUploadResponse = z.object({
errors: z.array(AssetCriticalityBulkUploadErrorItem),
stats: AssetCriticalityBulkUploadStats,
});

61
x-pack/plugins/security_solution/common/api/entity_analytics/asset_criticality/common.schema.yaml
View file

@ -58,24 +58,6 @@ components:
$ref: '#/components/schemas/AssetCriticalityLevel'
required:
- criticality_level
CreateSingleAssetCriticalityRequest:
allOf:
- $ref: '#/components/schemas/CreateAssetCriticalityRecord'
- type: object
properties:
refresh:
type: string
enum: [wait_for]
description: If 'wait_for' the request will wait for the index refresh.
DeleteAssetCriticalityRecord:
allOf:
- $ref: '#/components/schemas/AssetCriticalityRecordIdParts'
- type: object
properties:
refresh:
type: string
enum: [wait_for]
description: If 'wait_for' the request will wait for the index refresh.
AssetCriticalityRecord:
allOf:
- $ref: '#/components/schemas/CreateAssetCriticalityRecord'
@ -88,46 +70,3 @@ components:
description: The time the record was created or updated.
required:
- '@timestamp'
AssetCriticalityBulkUploadErrorItem:
type: object
properties:
message:
type: string
index:
type: integer
required:
- message
- index
AssetCriticalityBulkUploadStats:
type: object
properties:
successful:
type: integer
failed:
type: integer
total:
type: integer
required:
- successful
- failed
- total
AssetCriticalityBulkUploadResponse:
type: object
example:
errors:
- message: 'Invalid ID field'
index: 0
stats:
successful: 1
failed: 1
total: 2
properties:
errors:
type: array
items:
$ref: '#/components/schemas/AssetCriticalityBulkUploadErrorItem'
stats:
$ref: '#/components/schemas/AssetCriticalityBulkUploadStats'
required:
- errors
- stats

59
x-pack/plugins/security_solution/common/api/entity_analytics/asset_criticality/create_asset_criticality.gen.ts Normal file
View file

@ -0,0 +1,59 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/
/*
* NOTICE: Do not edit this file manually.
* This file is automatically generated by the OpenAPI Generator, @kbn/openapi-generator.
*
* info:
* title: Asset Criticality Create Record Schema
* version: 1
*/
import { z } from 'zod';
import { CreateAssetCriticalityRecord, AssetCriticalityRecord } from './common.gen';
export type CreateAssetCriticalityRecordRequestBody = z.infer<
typeof CreateAssetCriticalityRecordRequestBody
>;
export const CreateAssetCriticalityRecordRequestBody = CreateAssetCriticalityRecord.merge(
z.object({
/**
* If 'wait_for' the request will wait for the index refresh.
*/
refresh: z.literal('wait_for').optional(),
})
);
export type CreateAssetCriticalityRecordRequestBodyInput = z.input<
typeof CreateAssetCriticalityRecordRequestBody
>;
export type CreateAssetCriticalityRecordResponse = z.infer<
typeof CreateAssetCriticalityRecordResponse
>;
export const CreateAssetCriticalityRecordResponse = AssetCriticalityRecord;
export type InternalCreateAssetCriticalityRecordRequestBody = z.infer<
typeof InternalCreateAssetCriticalityRecordRequestBody
>;
export const InternalCreateAssetCriticalityRecordRequestBody = CreateAssetCriticalityRecord.merge(
z.object({
/**
* If 'wait_for' the request will wait for the index refresh.
*/
refresh: z.literal('wait_for').optional(),
})
);
export type InternalCreateAssetCriticalityRecordRequestBodyInput = z.input<
typeof InternalCreateAssetCriticalityRecordRequestBody
>;
export type InternalCreateAssetCriticalityRecordResponse = z.infer<
typeof InternalCreateAssetCriticalityRecordResponse
>;
export const InternalCreateAssetCriticalityRecordResponse = AssetCriticalityRecord;

25
x-pack/plugins/security_solution/common/api/entity_analytics/asset_criticality/create_asset_criticality.schema.yaml
View file

@ -14,14 +14,23 @@ paths:
post:
x-labels: [ess, serverless]
x-internal: true
operationId: AssetCriticalityCreateRecord
x-codegen-enabled: true
operationId: InternalCreateAssetCriticalityRecord
summary: Deprecated Internal Create Criticality Record
deprecated: true
requestBody:
required: true
content:
application/json:
schema:
$ref: './common.schema.yaml#/components/schemas/CreateSingleAssetCriticalityRequest'
allOf:
- $ref: './common.schema.yaml#/components/schemas/CreateAssetCriticalityRecord'
- type: object
properties:
refresh:
type: string
enum: [wait_for]
description: If 'wait_for' the request will wait for the index refresh.
responses:
'200':
description: Successful response
@ -34,14 +43,22 @@ paths:
/api/asset_criticality:
post:
x-labels: [ess, serverless]
operationId: AssetCriticalityCreateRecord
x-codegen-enabled: true
operationId: CreateAssetCriticalityRecord
summary: Create Criticality Record
requestBody:
required: true
content:
application/json:
schema:
$ref: './common.schema.yaml#/components/schemas/CreateSingleAssetCriticalityRequest'
allOf:
- $ref: './common.schema.yaml#/components/schemas/CreateAssetCriticalityRecord'
- type: object
properties:
refresh:
type: string
enum: [wait_for]
description: If 'wait_for' the request will wait for the index refresh.
responses:
'200':
description: Successful response

61
x-pack/plugins/security_solution/common/api/entity_analytics/asset_criticality/delete_asset_criticality.gen.ts Normal file
View file

@ -0,0 +1,61 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/
/*
* NOTICE: Do not edit this file manually.
* This file is automatically generated by the OpenAPI Generator, @kbn/openapi-generator.
*
* info:
* title: Asset Criticality Delete Record Schema
* version: 1
*/
import { z } from 'zod';
import { IdField } from './common.gen';
export type DeleteAssetCriticalityRecordRequestQuery = z.infer<
typeof DeleteAssetCriticalityRecordRequestQuery
>;
export const DeleteAssetCriticalityRecordRequestQuery = z.object({
/**
* The ID value of the asset.
*/
id_value: z.string(),
/**
* The field representing the ID.
*/
id_field: IdField,
/**
* If 'wait_for' the request will wait for the index refresh.
*/
refresh: z.literal('wait_for').optional(),
});
export type DeleteAssetCriticalityRecordRequestQueryInput = z.input<
typeof DeleteAssetCriticalityRecordRequestQuery
>;
export type InternalDeleteAssetCriticalityRecordRequestQuery = z.infer<
typeof InternalDeleteAssetCriticalityRecordRequestQuery
>;
export const InternalDeleteAssetCriticalityRecordRequestQuery = z.object({
/**
* The ID value of the asset.
*/
id_value: z.string(),
/**
* The field representing the ID.
*/
id_field: IdField,
/**
* If 'wait_for' the request will wait for the index refresh.
*/
refresh: z.literal('wait_for').optional(),
});
export type InternalDeleteAssetCriticalityRecordRequestQueryInput = z.input<
typeof InternalDeleteAssetCriticalityRecordRequestQuery
>;

51
x-pack/plugins/security_solution/common/api/entity_analytics/asset_criticality/delete_asset_criticality.schema.yaml
View file

@ -14,11 +14,31 @@ paths:
delete:
x-labels: [ess, serverless]
x-internal: true
operationId: AssetCriticalityDeleteRecord
x-codegen-enabled: true
operationId: InternalDeleteAssetCriticalityRecord
summary: Deprecated Internal Delete Criticality Record
deprecated: true
parameters:
- $ref: './common.schema.yaml#/components/parameters/id_value'
- $ref: './common.schema.yaml#/components/parameters/id_field'
- name: id_value
in: query
required: true
schema:
type: string
description: The ID value of the asset.
- name: id_field
in: query
required: true
schema:
$ref: './common.schema.yaml#/components/schemas/IdField'
example: 'host.name'
description: The field representing the ID.
- name: refresh
in: query
required: false
schema:
type: string
enum: [wait_for]
description: If 'wait_for' the request will wait for the index refresh.
responses:
'200':
description: Successful response
@ -27,11 +47,30 @@ paths:
/api/asset_criticality:
delete:
x-labels: [ess, serverless]
operationId: AssetCriticalityDeleteRecord
x-codegen-enabled: true
operationId: DeleteAssetCriticalityRecord
summary: Delete Criticality Record
parameters:
- $ref: './common.schema.yaml#/components/parameters/id_value'
- $ref: './common.schema.yaml#/components/parameters/id_field'
- name: id_value
in: query
required: true
schema:
type: string
description: The ID value of the asset.
- name: id_field
in: query
required: true
schema:
$ref: './common.schema.yaml#/components/schemas/IdField'
example: 'host.name'
description: The field representing the ID.
- name: refresh
in: query
required: false
schema:
type: string
enum: [wait_for]
description: If 'wait_for' the request will wait for the index refresh.
responses:
'200':
description: Successful response

39
x-pack/plugins/security_solution/common/api/entity_analytics/asset_criticality/get_asset_criticality.gen.ts Normal file
View file

@ -0,0 +1,39 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/
/*
* NOTICE: Do not edit this file manually.
* This file is automatically generated by the OpenAPI Generator, @kbn/openapi-generator.
*
* info:
* title: Asset Criticality Get Record Schema
* version: 1
*/
import { z } from 'zod';
import { IdField, AssetCriticalityRecord } from './common.gen';
export type GetAssetCriticalityRecordRequestQuery = z.infer<
typeof GetAssetCriticalityRecordRequestQuery
>;
export const GetAssetCriticalityRecordRequestQuery = z.object({
/**
* The ID value of the asset.
*/
id_value: z.string(),
/**
* The field representing the ID.
*/
id_field: IdField,
});
export type GetAssetCriticalityRecordRequestQueryInput = z.input<
typeof GetAssetCriticalityRecordRequestQuery
>;
export type GetAssetCriticalityRecordResponse = z.infer<typeof GetAssetCriticalityRecordResponse>;
export const GetAssetCriticalityRecordResponse = AssetCriticalityRecord;

36
x-pack/plugins/security_solution/common/api/entity_analytics/asset_criticality/get_asset_criticality.schema.yaml
View file

@ -14,11 +14,23 @@ paths:
get:
x-labels: [ess, serverless]
x-internal: true
operationId: AssetCriticalityGetRecord
operationId: InternalGetAssetCriticalityRecord
summary: Deprecated Internal Get Criticality Record
deprecated: true
parameters:
- $ref: './common.schema.yaml#/components/parameters/id_value'
- $ref: './common.schema.yaml#/components/parameters/id_field'
- name: id_value
in: query
required: true
schema:
type: string
description: The ID value of the asset.
- name: id_field
in: query
required: true
schema:
$ref: './common.schema.yaml#/components/schemas/IdField'
example: 'host.name'
description: The field representing the ID.
responses:
'200':
description: Successful response
@ -33,11 +45,23 @@ paths:
/api/asset_criticality:
get:
x-labels: [ess, serverless]
operationId: AssetCriticalityGetRecord
x-codegen-enabled: true
operationId: GetAssetCriticalityRecord
summary: Get Criticality Record
parameters:
- $ref: './common.schema.yaml#/components/parameters/id_value'
- $ref: './common.schema.yaml#/components/parameters/id_field'
- name: id_value
in: query
required: true
schema:
type: string
description: The ID value of the asset.
- name: id_field
in: query
required: true
schema:
$ref: './common.schema.yaml#/components/schemas/IdField'
example: 'host.name'
description: The field representing the ID.
responses:
'200':
description: Successful response

4
x-pack/plugins/security_solution/common/api/entity_analytics/asset_criticality/get_asset_criticality_status.gen.ts
View file

@ -16,7 +16,7 @@
import { z } from 'zod';
export type AssetCriticalityStatusResponse = z.infer<typeof AssetCriticalityStatusResponse>;
export const AssetCriticalityStatusResponse = z.object({
export type GetAssetCriticalityStatusResponse = z.infer<typeof GetAssetCriticalityStatusResponse>;
export const GetAssetCriticalityStatusResponse = z.object({
asset_criticality_resources_installed: z.boolean().optional(),
});

16
x-pack/plugins/security_solution/common/api/entity_analytics/asset_criticality/get_asset_criticality_status.schema.yaml
View file

@ -14,7 +14,8 @@ paths:
get:
x-labels: [ess, serverless]
x-internal: true
operationId: AssetCriticalityGetStatus
x-codegen-enabled: true
operationId: GetAssetCriticalityStatus
summary: Get Asset Criticality Status
responses:
'200':
@ -22,14 +23,9 @@ paths:
content:
application/json:
schema:
$ref: '#/components/schemas/AssetCriticalityStatusResponse'
type: object
properties:
asset_criticality_resources_installed:
type: boolean
'400':
description: Invalid request
components:
schemas:
AssetCriticalityStatusResponse:
type: object
properties:
asset_criticality_resources_installed:
type: boolean

2
x-pack/plugins/security_solution/common/api/entity_analytics/asset_criticality/index.ts
View file

@ -9,5 +9,5 @@ export * from './common.gen';
export * from './get_asset_criticality_status.gen';
export * from './get_asset_criticality_privileges.gen';
export * from './bulk_upload_asset_criticality.gen';
export * from './upload_asset_criticality_csv.gen';
export * from './list_asset_criticality.gen';
export * from './list_asset_criticality_query_params';

35
x-pack/plugins/security_solution/common/api/entity_analytics/asset_criticality/list_asset_criticality.gen.ts
View file

@ -18,8 +18,39 @@ import { z } from 'zod';
import { AssetCriticalityRecord } from './common.gen';
export type AssetCriticalityListResponse = z.infer<typeof AssetCriticalityListResponse>;
export const AssetCriticalityListResponse = z.object({
export type FindAssetCriticalityRecordsRequestQuery = z.infer<
typeof FindAssetCriticalityRecordsRequestQuery
>;
export const FindAssetCriticalityRecordsRequestQuery = z.object({
/**
* The field to sort by.
*/
sort_field: z.enum(['id_value', 'id_field', 'criticality_level', '@timestamp']).optional(),
/**
* The order to sort by.
*/
sort_direction: z.enum(['asc', 'desc']).optional(),
/**
* The page number to return.
*/
page: z.coerce.number().int().min(1).optional(),
/**
* The number of records to return per page.
*/
per_page: z.coerce.number().int().min(1).max(1000).optional(),
/**
* The kuery to filter by.
*/
kuery: z.string().optional(),
});
export type FindAssetCriticalityRecordsRequestQueryInput = z.input<
typeof FindAssetCriticalityRecordsRequestQuery
>;
export type FindAssetCriticalityRecordsResponse = z.infer<
typeof FindAssetCriticalityRecordsResponse
>;
export const FindAssetCriticalityRecordsResponse = z.object({
records: z.array(AssetCriticalityRecord),
page: z.number().int().min(1),
per_page: z.number().int().min(1).max(1000),

53
x-pack/plugins/security_solution/common/api/entity_analytics/asset_criticality/list_asset_criticality.schema.yaml
View file

@ -13,6 +13,8 @@ paths:
/api/asset_criticality/list:
post:
x-labels: [ess, serverless]
x-codegen-enabled: true
operationId: FindAssetCriticalityRecords
summary: List asset criticality data, filtering and sorting as needed
parameters:
- name: sort_field
@ -26,7 +28,7 @@ paths:
- criticality_level
- \@timestamp
description: The field to sort by.
- name: sort_order
- name: sort_direction
in: query
required: false
schema:
@ -62,31 +64,24 @@ paths:
content:
application/json:
schema:
$ref: '#/components/schemas/AssetCriticalityListResponse'
components:
schemas:
AssetCriticalityListResponse:
type: object
properties:
records:
type: array
items:
$ref: './common.schema.yaml#/components/schemas/AssetCriticalityRecord'
page:
type: integer
minimum: 1
per_page:
type: integer
minimum: 1
maximum: 1000
total:
type: integer
minimum: 0
required:
- records
- page
- per_page
- total
type: object
properties:
records:
type: array
items:
$ref: './common.schema.yaml#/components/schemas/AssetCriticalityRecord'
page:
type: integer
minimum: 1
per_page:
type: integer
minimum: 1
maximum: 1000
total:
type: integer
minimum: 0
required:
- records
- page
- per_page
- total

18
x-pack/plugins/security_solution/common/api/entity_analytics/asset_criticality/list_asset_criticality_query_params.ts
View file

@ -1,18 +0,0 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/
import { z } from 'zod';
export const ListAssetCriticalityQueryParams = z.object({
page: z.coerce.number().min(1).optional(),
per_page: z.coerce.number().min(1).max(10000).optional(),
sort_field: z.enum(['id_field', 'id_value', '@timestamp', 'criticality_level']).optional(),
sort_direction: z.enum(['asc', 'desc']).optional(),
kuery: z.string().optional(),
});
export type ListAssetCriticalityQueryParams = z.infer<typeof ListAssetCriticalityQueryParams>;

46
x-pack/plugins/security_solution/common/api/entity_analytics/asset_criticality/upload_asset_criticality_csv.gen.ts Normal file
View file

@ -0,0 +1,46 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/
/*
* NOTICE: Do not edit this file manually.
* This file is automatically generated by the OpenAPI Generator, @kbn/openapi-generator.
*
* info:
* title: Asset Criticality CSV Upload Schema
* version: 1
*/
import { z } from 'zod';
export type AssetCriticalityCsvUploadErrorItem = z.infer<typeof AssetCriticalityCsvUploadErrorItem>;
export const AssetCriticalityCsvUploadErrorItem = z.object({
message: z.string(),
index: z.number().int(),
});
export type AssetCriticalityCsvUploadStats = z.infer<typeof AssetCriticalityCsvUploadStats>;
export const AssetCriticalityCsvUploadStats = z.object({
successful: z.number().int(),
failed: z.number().int(),
total: z.number().int(),
});
export type InternalUploadAssetCriticalityRecordsResponse = z.infer<
typeof InternalUploadAssetCriticalityRecordsResponse
>;
export const InternalUploadAssetCriticalityRecordsResponse = z.object({
errors: z.array(AssetCriticalityCsvUploadErrorItem),
stats: AssetCriticalityCsvUploadStats,
});
export type UploadAssetCriticalityRecordsResponse = z.infer<
typeof UploadAssetCriticalityRecordsResponse
>;
export const UploadAssetCriticalityRecordsResponse = z.object({
errors: z.array(AssetCriticalityCsvUploadErrorItem),
stats: AssetCriticalityCsvUploadStats,
});

72
x-pack/plugins/security_solution/common/api/entity_analytics/asset_criticality/upload_asset_criticality_csv.schema.yaml
View file

@ -14,7 +14,10 @@ paths:
post:
x-labels: [ess, serverless]
x-internal: true
x-codegen-enabled: true
operationId: InternalUploadAssetCriticalityRecords
summary: Deprecated internal API which Uploads a CSV file containing asset criticality data
deprecated: true
requestBody:
content:
multipart/form-data:
@ -33,13 +36,33 @@ paths:
content:
application/json:
schema:
$ref: '#./common/components/schemas/AssetCriticalityBulkUploadResponse'
type: object
example:
errors:
- message: 'Invalid ID field'
index: 0
stats:
successful: 1
failed: 1
total: 2
properties:
errors:
type: array
items:
$ref: '#/components/schemas/AssetCriticalityCsvUploadErrorItem'
stats:
$ref: '#/components/schemas/AssetCriticalityCsvUploadStats'
required:
- errors
- stats
'413':
description: File too large
/api/asset_criticality/upload_csv:
post:
x-labels: [ess, serverless]
x-internal: true
x-codegen-enabled: true
operationId: UploadAssetCriticalityRecords
summary: Uploads a CSV file containing asset criticality data
requestBody:
content:
@ -59,6 +82,51 @@ paths:
content:
application/json:
schema:
$ref: '#./common/components/schemas/AssetCriticalityBulkUploadResponse'
type: object
example:
errors:
- message: 'Invalid ID field'
index: 0
stats:
successful: 1
failed: 1
total: 2
properties:
errors:
type: array
items:
$ref: '#/components/schemas/AssetCriticalityCsvUploadErrorItem'
stats:
$ref: '#/components/schemas/AssetCriticalityCsvUploadStats'
required:
- errors
- stats
'413':
description: File too large
components:
schemas:
AssetCriticalityCsvUploadErrorItem:
type: object
properties:
message:
type: string
index:
type: integer
required:
- message
- index
AssetCriticalityCsvUploadStats:
type: object
properties:
successful:
type: integer
failed:
type: integer
total:
type: integer
required:
- successful
- failed
- total

10
x-pack/plugins/security_solution/common/api/entity_analytics/risk_engine/engine_disable_route.gen.ts
View file

@ -16,13 +16,13 @@
import { z } from 'zod';
export type RiskEngineDisableResponse = z.infer<typeof RiskEngineDisableResponse>;
export const RiskEngineDisableResponse = z.object({
success: z.boolean().optional(),
});
export type RiskEngineDisableErrorResponse = z.infer<typeof RiskEngineDisableErrorResponse>;
export const RiskEngineDisableErrorResponse = z.object({
message: z.string(),
full_error: z.string(),
});
export type DisableRiskEngineResponse = z.infer<typeof DisableRiskEngineResponse>;
export const DisableRiskEngineResponse = z.object({
success: z.boolean().optional(),
});

12
x-pack/plugins/security_solution/common/api/entity_analytics/risk_engine/engine_disable_route.schema.yaml
View file

@ -18,6 +18,8 @@ paths:
post:
x-labels: [ess, serverless]
x-internal: true
x-codegen-enabled: true
operationId: DisableRiskEngine
summary: Disable the Risk Engine
requestBody:
content:
@ -28,7 +30,10 @@ paths:
content:
application/json:
schema:
$ref: '#/components/schemas/RiskEngineDisableResponse'
type: object
properties:
success:
type: boolean
'400':
description: Task manager is unavailable
content:
@ -44,11 +49,6 @@ paths:
components:
schemas:
RiskEngineDisableResponse:
type: object
properties:
success:
type: boolean
RiskEngineDisableErrorResponse:
type: object
required:

14
x-pack/plugins/security_solution/common/api/entity_analytics/risk_engine/engine_enable_route.gen.ts
View file

@ -16,13 +16,13 @@
import { z } from 'zod';
export type RiskEngineEnableResponse = z.infer<typeof RiskEngineEnableResponse>;
export const RiskEngineEnableResponse = z.object({
success: z.boolean().optional(),
});
export type RiskEngineEnableErrorResponse = z.infer<typeof RiskEngineEnableErrorResponse>;
export const RiskEngineEnableErrorResponse = z.object({
export type EnableRiskEngineErrorResponse = z.infer<typeof EnableRiskEngineErrorResponse>;
export const EnableRiskEngineErrorResponse = z.object({
message: z.string(),
full_error: z.string(),
});
export type EnableRiskEngineResponse = z.infer<typeof EnableRiskEngineResponse>;
export const EnableRiskEngineResponse = z.object({
success: z.boolean().optional(),
});

16
x-pack/plugins/security_solution/common/api/entity_analytics/risk_engine/engine_enable_route.schema.yaml
View file

@ -18,6 +18,8 @@ paths:
post:
x-labels: [ess, serverless]
x-internal: true
x-codegen-enabled: true
operationId: EnableRiskEngine
summary: Enable the Risk Engine
requestBody:
content:
@ -28,7 +30,10 @@ paths:
content:
application/json:
schema:
$ref: '#/components/schemas/RiskEngineEnableResponse'
type: object
properties:
success:
type: boolean
'400':
description: Task manager is unavailable
content:
@ -40,16 +45,11 @@ paths:
content:
application/json:
schema:
$ref: '#/components/schemas/RiskEngineEnableErrorResponse'
$ref: '#/components/schemas/EnableRiskEngineErrorResponse'
components:
schemas:
RiskEngineEnableResponse:
type: object
properties:
success:
type: boolean
RiskEngineEnableErrorResponse:
EnableRiskEngineErrorResponse:
type: object
required:
- message

18
x-pack/plugins/security_solution/common/api/entity_analytics/risk_engine/engine_init_route.gen.ts
View file

@ -16,8 +16,8 @@
import { z } from 'zod';
export type RiskEngineInitResult = z.infer<typeof RiskEngineInitResult>;
export const RiskEngineInitResult = z.object({
export type InitRiskEngineResult = z.infer<typeof InitRiskEngineResult>;
export const InitRiskEngineResult = z.object({
risk_engine_enabled: z.boolean(),
risk_engine_resources_installed: z.boolean(),
risk_engine_configuration_created: z.boolean(),
@ -25,13 +25,13 @@ export const RiskEngineInitResult = z.object({
errors: z.array(z.string()),
});
export type RiskEngineInitResponse = z.infer<typeof RiskEngineInitResponse>;
export const RiskEngineInitResponse = z.object({
result: RiskEngineInitResult,
});
export type RiskEngineInitErrorResponse = z.infer<typeof RiskEngineInitErrorResponse>;
export const RiskEngineInitErrorResponse = z.object({
export type InitRiskEngineErrorResponse = z.infer<typeof InitRiskEngineErrorResponse>;
export const InitRiskEngineErrorResponse = z.object({
message: z.string(),
full_error: z.string(),
});
export type InitRiskEngineResponse = z.infer<typeof InitRiskEngineResponse>;
export const InitRiskEngineResponse = z.object({
result: InitRiskEngineResult,
});

23
x-pack/plugins/security_solution/common/api/entity_analytics/risk_engine/engine_init_route.schema.yaml
View file

@ -16,6 +16,8 @@ paths:
post:
x-labels: [ess, serverless]
x-internal: true
x-codegen-enabled: true
operationId: InitRiskEngine
summary: Initialize the Risk Engine
description: Initializes the Risk Engine by creating the necessary indices and mappings, removing old transforms, and starting the new risk engine
responses:
@ -24,7 +26,12 @@ paths:
content:
application/json:
schema:
$ref: '#/components/schemas/RiskEngineInitResponse'
type: object
required:
- result
properties:
result:
$ref: '#/components/schemas/InitRiskEngineResult'
'400':
description: Task manager is unavailable
content:
@ -36,11 +43,11 @@ paths:
content:
application/json:
schema:
$ref: '#/components/schemas/RiskEngineInitErrorResponse'
$ref: '#/components/schemas/InitRiskEngineErrorResponse'
components:
schemas:
RiskEngineInitResult:
InitRiskEngineResult:
type: object
required:
- risk_engine_enabled
@ -62,15 +69,7 @@ components:
items:
type: string
RiskEngineInitResponse:
type: object
required:
- result
properties:
result:
$ref: '#/components/schemas/RiskEngineInitResult'
RiskEngineInitErrorResponse:
InitRiskEngineErrorResponse:
type: object
required:
- message

4
x-pack/plugins/security_solution/common/api/entity_analytics/risk_engine/engine_settings_route.gen.ts
View file

@ -18,7 +18,7 @@ import { z } from 'zod';
import { DateRange } from '../common/common.gen';
export type RiskEngineSettingsResponse = z.infer<typeof RiskEngineSettingsResponse>;
export const RiskEngineSettingsResponse = z.object({
export type ReadRiskEngineSettingsResponse = z.infer<typeof ReadRiskEngineSettingsResponse>;
export const ReadRiskEngineSettingsResponse = z.object({
range: DateRange.optional(),
});

16
x-pack/plugins/security_solution/common/api/entity_analytics/risk_engine/engine_settings_route.schema.yaml
View file

@ -16,7 +16,8 @@ paths:
get:
x-labels: [ess, serverless]
x-internal: true
operationId: RiskEngineSettingsGet
x-codegen-enabled: true
operationId: ReadRiskEngineSettings
summary: Get the settings of the Risk Engine
responses:
'200':
@ -24,12 +25,7 @@ paths:
content:
application/json:
schema:
$ref: '#/components/schemas/RiskEngineSettingsResponse'
components:
schemas:
RiskEngineSettingsResponse:
type: object
properties:
range:
$ref: '../common/common.schema.yaml#/components/schemas/DateRange'
type: object
properties:
range:
$ref: '../common/common.schema.yaml#/components/schemas/DateRange'

3
x-pack/plugins/security_solution/common/api/entity_analytics/risk_engine/engine_status_route.gen.ts
View file

@ -30,3 +30,6 @@ export const RiskEngineStatusResponse = z.object({
*/
is_max_amount_of_risk_engines_reached: z.boolean(),
});
export type GetRiskEngineStatusResponse = z.infer<typeof GetRiskEngineStatusResponse>;
export const GetRiskEngineStatusResponse = RiskEngineStatusResponse;

2
x-pack/plugins/security_solution/common/api/entity_analytics/risk_engine/engine_status_route.schema.yaml
View file

@ -16,6 +16,8 @@ paths:
get:
x-labels: [ess, serverless]
x-internal: true
x-codegen-enabled: true
operationId: GetRiskEngineStatus
summary: Get the status of the Risk Engine
description: Returns the status of both the legacy transform-based risk engine, as well as the new risk engine
responses:

26
x-pack/plugins/security_solution/common/api/entity_analytics/risk_engine/entity_calculation_route.gen.ts
View file

@ -41,3 +41,29 @@ export const RiskScoresEntityCalculationResponse = z.object({
success: z.boolean(),
score: EntityRiskScoreRecord.optional(),
});
export type DeprecatedTriggerRiskScoreCalculationRequestBody = z.infer<
typeof DeprecatedTriggerRiskScoreCalculationRequestBody
>;
export const DeprecatedTriggerRiskScoreCalculationRequestBody = RiskScoresEntityCalculationRequest;
export type DeprecatedTriggerRiskScoreCalculationRequestBodyInput = z.input<
typeof DeprecatedTriggerRiskScoreCalculationRequestBody
>;
export type DeprecatedTriggerRiskScoreCalculationResponse = z.infer<
typeof DeprecatedTriggerRiskScoreCalculationResponse
>;
export const DeprecatedTriggerRiskScoreCalculationResponse = RiskScoresEntityCalculationResponse;
export type TriggerRiskScoreCalculationRequestBody = z.infer<
typeof TriggerRiskScoreCalculationRequestBody
>;
export const TriggerRiskScoreCalculationRequestBody = RiskScoresEntityCalculationRequest;
export type TriggerRiskScoreCalculationRequestBodyInput = z.input<
typeof TriggerRiskScoreCalculationRequestBody
>;
export type TriggerRiskScoreCalculationResponse = z.infer<
typeof TriggerRiskScoreCalculationResponse
>;
export const TriggerRiskScoreCalculationResponse = RiskScoresEntityCalculationResponse;

5
x-pack/plugins/security_solution/common/api/entity_analytics/risk_engine/entity_calculation_route.schema.yaml
View file

@ -19,8 +19,11 @@ paths:
post:
x-labels: [ess, serverless]
x-internal: true
x-codegen-enabled: true
operationId: DeprecatedTriggerRiskScoreCalculation
summary: Deprecated Trigger calculation of Risk Scores for an entity. Moved to /internal/risk_score/calculation/entity
description: Calculates and persists Risk Scores for an entity, returning the calculated risk score.
deprecated: true
requestBody:
description: The entity type and identifier
content:
@ -41,6 +44,8 @@ paths:
/internal/risk_score/calculation/entity:
post:
x-labels: [ess, serverless]
x-codegen-enabled: true
operationId: TriggerRiskScoreCalculation
summary: Trigger calculation of Risk Scores for an entity
description: Calculates and persists Risk Scores for an entity, returning the calculated risk score.
requestBody:

7
x-pack/plugins/security_solution/common/api/entity_analytics/risk_engine/preview_route.gen.ts
View file

@ -83,3 +83,10 @@ export const RiskScoresPreviewResponse = z.object({
user: z.array(EntityRiskScoreRecord).optional(),
}),
});
export type PreviewRiskScoreRequestBody = z.infer<typeof PreviewRiskScoreRequestBody>;
export const PreviewRiskScoreRequestBody = RiskScoresPreviewRequest;
export type PreviewRiskScoreRequestBodyInput = z.input<typeof PreviewRiskScoreRequestBody>;
export type PreviewRiskScoreResponse = z.infer<typeof PreviewRiskScoreResponse>;
export const PreviewRiskScoreResponse = RiskScoresPreviewResponse;

2
x-pack/plugins/security_solution/common/api/entity_analytics/risk_engine/preview_route.schema.yaml
View file

@ -16,6 +16,8 @@ paths:
post:
x-labels: [ess, serverless]
x-internal: true
x-codegen-enabled: true
operationId: PreviewRiskScore
summary: Preview the calculation of Risk Scores
description: Calculates and returns a list of Risk Scores, sorted by identifier_type and risk score.
requestBody:

2
x-pack/plugins/security_solution/docs/openapi/ess/security_solution_detections_api_2023_10_31.bundled.schema.yaml
View file

@ -91,6 +91,7 @@ paths:
application/json:
schema:
$ref: '#/components/schemas/SiemErrorResponse'
description: Not found
'500':
content:
application/json:
@ -131,6 +132,7 @@ paths:
application/json:
schema:
$ref: '#/components/schemas/SiemErrorResponse'
description: Not found
'500':
content:
application/json:

22
x-pack/plugins/security_solution/public/entity_analytics/api/api.ts
View file

@ -6,10 +6,11 @@
*/
import { useMemo } from 'react';
import type { RiskEngineDisableResponse } from '../../../common/api/entity_analytics/risk_engine/engine_disable_route.gen';
import type { UploadAssetCriticalityRecordsResponse } from '../../../common/api/entity_analytics/asset_criticality/upload_asset_criticality_csv.gen';
import type { DisableRiskEngineResponse } from '../../../common/api/entity_analytics/risk_engine/engine_disable_route.gen';
import type { RiskEngineStatusResponse } from '../../../common/api/entity_analytics/risk_engine/engine_status_route.gen';
import type { RiskEngineInitResponse } from '../../../common/api/entity_analytics/risk_engine/engine_init_route.gen';
import type { RiskEngineEnableResponse } from '../../../common/api/entity_analytics/risk_engine/engine_enable_route.gen';
import type { InitRiskEngineResponse } from '../../../common/api/entity_analytics/risk_engine/engine_init_route.gen';
import type { EnableRiskEngineResponse } from '../../../common/api/entity_analytics/risk_engine/engine_enable_route.gen';
import type {
RiskScoresPreviewRequest,
RiskScoresPreviewResponse,
@ -18,7 +19,6 @@ import type {
RiskScoresEntityCalculationRequest,
RiskScoresEntityCalculationResponse,
} from '../../../common/api/entity_analytics/risk_engine/entity_calculation_route.gen';
import type { AssetCriticalityBulkUploadResponse } from '../../../common/entity_analytics/asset_criticality/types';
import type {
AssetCriticalityRecord,
EntityAnalyticsPrivileges,
@ -39,9 +39,9 @@ import {
RISK_SCORE_ENTITY_CALCULATION_URL,
API_VERSIONS,
} from '../../../common/constants';
import type { RiskEngineSettingsResponse } from '../../../common/api/entity_analytics/risk_engine';
import type { SnakeToCamelCase } from '../common/utils';
import { useKibana } from '../../common/lib/kibana/kibana_react';
import type { ReadRiskEngineSettingsResponse } from '../../../common/api/entity_analytics/risk_engine';
export interface DeleteAssetCriticalityResponse {
deleted: true;
@ -81,7 +81,7 @@ export const useEntityAnalyticsRoutes = () => {
* Init risk score engine
*/
const initRiskEngine = () =>
http.fetch<RiskEngineInitResponse>(RISK_ENGINE_INIT_URL, {
http.fetch<InitRiskEngineResponse>(RISK_ENGINE_INIT_URL, {
version: '1',
method: 'POST',
});
@ -90,7 +90,7 @@ export const useEntityAnalyticsRoutes = () => {
* Enable risk score engine
*/
const enableRiskEngine = () =>
http.fetch<RiskEngineEnableResponse>(RISK_ENGINE_ENABLE_URL, {
http.fetch<EnableRiskEngineResponse>(RISK_ENGINE_ENABLE_URL, {
version: '1',
method: 'POST',
});
@ -99,7 +99,7 @@ export const useEntityAnalyticsRoutes = () => {
* Disable risk score engine
*/
const disableRiskEngine = () =>
http.fetch<RiskEngineDisableResponse>(RISK_ENGINE_DISABLE_URL, {
http.fetch<DisableRiskEngineResponse>(RISK_ENGINE_DISABLE_URL, {
version: '1',
method: 'POST',
});
@ -181,12 +181,12 @@ export const useEntityAnalyticsRoutes = () => {
const uploadAssetCriticalityFile = async (
fileContent: string,
fileName: string
): Promise<AssetCriticalityBulkUploadResponse> => {
): Promise<UploadAssetCriticalityRecordsResponse> => {
const file = new File([new Blob([fileContent])], fileName, { type: 'text/csv' });
const body = new FormData();
body.append('file', file);
return http.fetch<AssetCriticalityBulkUploadResponse>(
return http.fetch<UploadAssetCriticalityRecordsResponse>(
ASSET_CRITICALITY_PUBLIC_CSV_UPLOAD_URL,
{
version: API_VERSIONS.public.v1,
@ -224,7 +224,7 @@ export const useEntityAnalyticsRoutes = () => {
* Fetches risk engine settings
*/
const fetchRiskEngineSettings = () =>
http.fetch<RiskEngineSettingsResponse>(RISK_ENGINE_SETTINGS_URL, {
http.fetch<ReadRiskEngineSettingsResponse>(RISK_ENGINE_SETTINGS_URL, {
version: '1',
method: 'GET',
});

4
x-pack/plugins/security_solution/public/entity_analytics/api/hooks/use_disable_risk_engine_mutation.ts
View file

@ -9,7 +9,7 @@ import { useMutation } from '@tanstack/react-query';
import type { TaskManagerUnavailableResponse } from '../../../../common/api/entity_analytics/common';
import type {
RiskEngineDisableErrorResponse,
RiskEngineDisableResponse,
DisableRiskEngineResponse,
} from '../../../../common/api/entity_analytics/risk_engine/engine_disable_route.gen';
import { useEntityAnalyticsRoutes } from '../api';
import { useInvalidateRiskEngineStatusQuery } from './use_risk_engine_status';
@ -21,7 +21,7 @@ export const useDisableRiskEngineMutation = (options?: UseMutationOptions<{}>) =
const { disableRiskEngine } = useEntityAnalyticsRoutes();
return useMutation<
RiskEngineDisableResponse,
DisableRiskEngineResponse,
{ body: RiskEngineDisableErrorResponse | TaskManagerUnavailableResponse }
>(() => disableRiskEngine(), {
...options,

8
x-pack/plugins/security_solution/public/entity_analytics/api/hooks/use_enable_risk_engine_mutation.ts
View file

@ -8,8 +8,8 @@ import type { UseMutationOptions } from '@tanstack/react-query';
import { useMutation } from '@tanstack/react-query';
import type { TaskManagerUnavailableResponse } from '../../../../common/api/entity_analytics/common';
import type {
RiskEngineEnableErrorResponse,
RiskEngineEnableResponse,
EnableRiskEngineErrorResponse,
EnableRiskEngineResponse,
} from '../../../../common/api/entity_analytics/risk_engine/engine_enable_route.gen';
import { useEntityAnalyticsRoutes } from '../api';
import { useInvalidateRiskEngineStatusQuery } from './use_risk_engine_status';
@ -19,8 +19,8 @@ export const useEnableRiskEngineMutation = (options?: UseMutationOptions<{}>) =>
const invalidateRiskEngineStatusQuery = useInvalidateRiskEngineStatusQuery();
const { enableRiskEngine } = useEntityAnalyticsRoutes();
return useMutation<
RiskEngineEnableResponse,
{ body: RiskEngineEnableErrorResponse | TaskManagerUnavailableResponse }
EnableRiskEngineResponse,
{ body: EnableRiskEngineErrorResponse | TaskManagerUnavailableResponse }
>(enableRiskEngine, {
...options,
mutationKey: ENABLE_RISK_ENGINE_MUTATION_KEY,

10
x-pack/plugins/security_solution/public/entity_analytics/api/hooks/use_init_risk_engine_mutation.ts
View file

@ -6,11 +6,11 @@
*/
import type { UseMutationOptions } from '@tanstack/react-query';
import { useMutation } from '@tanstack/react-query';
import type { TaskManagerUnavailableResponse } from '../../../../common/api/entity_analytics/common';
import type {
RiskEngineInitErrorResponse,
RiskEngineInitResponse,
InitRiskEngineErrorResponse,
InitRiskEngineResponse,
} from '../../../../common/api/entity_analytics/risk_engine/engine_init_route.gen';
import type { TaskManagerUnavailableResponse } from '../../../../common/api/entity_analytics/common';
import { useEntityAnalyticsRoutes } from '../api';
import { useInvalidateRiskEngineStatusQuery } from './use_risk_engine_status';
@ -21,8 +21,8 @@ export const useInitRiskEngineMutation = (options?: UseMutationOptions<{}>) => {
const { initRiskEngine } = useEntityAnalyticsRoutes();
return useMutation<
RiskEngineInitResponse,
{ body: RiskEngineInitErrorResponse | TaskManagerUnavailableResponse }
InitRiskEngineResponse,
{ body: InitRiskEngineErrorResponse | TaskManagerUnavailableResponse }
>(() => initRiskEngine(), {
...options,
mutationKey: INIT_RISK_ENGINE_STATUS_KEY,

4
x-pack/plugins/security_solution/public/entity_analytics/components/asset_criticality_file_uploader/components/result_step.tsx
View file

@ -18,11 +18,11 @@ import React from 'react';
import { FormattedMessage } from '@kbn/i18n-react';
import { i18n } from '@kbn/i18n';
import { css } from '@emotion/react';
import type { AssetCriticalityBulkUploadResponse } from '../../../../../common/entity_analytics/asset_criticality/types';
import type { BulkUpsertAssetCriticalityRecordsResponse } from '../../../../../common/entity_analytics/asset_criticality/types';
import { buildAnnotationsFromError } from '../helpers';
export const AssetCriticalityResultStep: React.FC<{
result?: AssetCriticalityBulkUploadResponse;
result?: BulkUpsertAssetCriticalityRecordsResponse;
validLinesAsText: string;
errorMessage?: string;
onReturn: () => void;

4
x-pack/plugins/security_solution/public/entity_analytics/components/asset_criticality_file_uploader/reducer.test.ts
View file

@ -5,7 +5,7 @@
* 2.0.
*/
import type { AssetCriticalityBulkUploadResponse } from '../../../../common/api/entity_analytics';
import type { UploadAssetCriticalityRecordsResponse } from '../../../../common/api/entity_analytics';
import type { ReducerAction, ReducerState, ValidationStepState } from './reducer';
import { reducer } from './reducer';
import { FileUploaderSteps } from './types';
@ -43,7 +43,7 @@ describe('reducer', () => {
});
it('should handle "fileUploaded" action with response', () => {
const response: AssetCriticalityBulkUploadResponse = {
const response: UploadAssetCriticalityRecordsResponse = {
errors: [],
stats: {
total: 10,

6
x-pack/plugins/security_solution/public/entity_analytics/components/asset_criticality_file_uploader/reducer.ts
View file

@ -5,7 +5,7 @@
* 2.0.
*/
import type { AssetCriticalityBulkUploadResponse } from '../../../../common/entity_analytics/asset_criticality/types';
import type { UploadAssetCriticalityRecordsResponse } from '../../../../common/api/entity_analytics';
import { FileUploaderSteps } from './types';
import type { ValidatedFile } from './types';
import { isFilePickerStep, isValidationStep } from './helpers';
@ -26,7 +26,7 @@ export interface ValidationStepState {
export interface ResultStepState {
step: FileUploaderSteps.RESULT;
fileUploadResponse?: AssetCriticalityBulkUploadResponse;
fileUploadResponse?: UploadAssetCriticalityRecordsResponse;
fileUploadError?: string;
validLinesAsText: string;
}
@ -46,7 +46,7 @@ export type ReducerAction =
| { type: 'uploadingFile' }
| {
type: 'fileUploaded';
payload: { response?: AssetCriticalityBulkUploadResponse; errorMessage?: string };
payload: { response?: UploadAssetCriticalityRecordsResponse; errorMessage?: string };
};
export const INITIAL_STATE: FilePickerState = {

1
x-pack/plugins/security_solution/scripts/openapi/generate.js
View file

@ -18,7 +18,6 @@ const SECURITY_SOLUTION_ROOT = resolve(__dirname, '../..');
rootDir: SECURITY_SOLUTION_ROOT,
sourceGlob: './common/**/*.schema.yaml',
templateName: 'zod_operation_schema',
skipLinting: true,
});
await generate({

8
x-pack/plugins/security_solution/server/lib/entity_analytics/asset_criticality/asset_criticality_data_client.ts
View file

@ -11,7 +11,7 @@ import { mappingFromFieldMap } from '@kbn/alerting-plugin/common';
import type { AuditLogger } from '@kbn/security-plugin-types-server';
import { fromKueryExpression, toElasticsearchQuery } from '@kbn/es-query';
import type {
AssetCriticalityBulkUploadResponse,
BulkUpsertAssetCriticalityRecordsResponse,
AssetCriticalityUpsert,
} from '../../../../common/entity_analytics/asset_criticality/types';
import type { AssetCriticalityRecord } from '../../../../common/api/entity_analytics';
@ -211,9 +211,9 @@ export class AssetCriticalityDataClient {
recordsStream,
flushBytes,
retries,
}: BulkUpsertFromStreamOptions): Promise<AssetCriticalityBulkUploadResponse> => {
const errors: AssetCriticalityBulkUploadResponse['errors'] = [];
const stats: AssetCriticalityBulkUploadResponse['stats'] = {
}: BulkUpsertFromStreamOptions): Promise<BulkUpsertAssetCriticalityRecordsResponse> => {
const errors: BulkUpsertAssetCriticalityRecordsResponse['errors'] = [];
const stats: BulkUpsertAssetCriticalityRecordsResponse['stats'] = {
successful: 0,
failed: 0,
total: 0,

8
x-pack/plugins/security_solution/server/lib/entity_analytics/asset_criticality/routes/bulk_upload.ts
View file

@ -9,8 +9,8 @@ import { buildSiemResponse } from '@kbn/lists-plugin/server/routes/utils';
import { transformError } from '@kbn/securitysolution-es-utils';
import { Readable } from 'node:stream';
import { buildRouteValidationWithZod } from '@kbn/zod-helpers';
import type { AssetCriticalityBulkUploadResponse } from '../../../../../common/api/entity_analytics';
import { AssetCriticalityBulkUploadRequest } from '../../../../../common/api/entity_analytics';
import type { BulkUpsertAssetCriticalityRecordsResponse } from '../../../../../common/api/entity_analytics';
import { BulkUpsertAssetCriticalityRecordsRequestBody } from '../../../../../common/api/entity_analytics';
import type { ConfigType } from '../../../../config';
import {
ASSET_CRITICALITY_PUBLIC_BULK_UPLOAD_URL,
@ -42,7 +42,7 @@ export const assetCriticalityPublicBulkUploadRoute = (
version: API_VERSIONS.public.v1,
validate: {
request: {
body: buildRouteValidationWithZod(AssetCriticalityBulkUploadRequest),
body: buildRouteValidationWithZod(BulkUpsertAssetCriticalityRecordsRequestBody),
},
},
},
@ -90,7 +90,7 @@ export const assetCriticalityPublicBulkUploadRoute = (
() => `Asset criticality Bulk upload completed in ${tookMs}ms ${JSON.stringify(stats)}`
);
const resBody: AssetCriticalityBulkUploadResponse = { errors, stats };
const resBody: BulkUpsertAssetCriticalityRecordsResponse = { errors, stats };
return response.ok({ body: resBody });
} catch (e) {

11
x-pack/plugins/security_solution/server/lib/entity_analytics/asset_criticality/routes/delete.ts
View file

@ -8,6 +8,10 @@ import type { IKibanaResponse, KibanaResponseFactory, Logger } from '@kbn/core/s
import { buildSiemResponse } from '@kbn/lists-plugin/server/routes/utils';
import { transformError } from '@kbn/securitysolution-es-utils';
import { buildRouteValidationWithZod } from '@kbn/zod-helpers';
import {
DeleteAssetCriticalityRecordRequestQuery,
InternalDeleteAssetCriticalityRecordRequestQuery,
} from '../../../../../common/api/entity_analytics/asset_criticality/delete_asset_criticality.gen';
import type { SecuritySolutionRequestHandlerContext } from '../../../../types';
import {
ASSET_CRITICALITY_PUBLIC_URL,
@ -16,7 +20,6 @@ import {
ENABLE_ASSET_CRITICALITY_SETTING,
API_VERSIONS,
} from '../../../../../common/constants';
import { DeleteAssetCriticalityRecord } from '../../../../../common/api/entity_analytics/asset_criticality';
import { checkAndInitAssetCriticalityResources } from '../check_and_init_asset_criticality_resources';
import { assertAdvancedSettingsEnabled } from '../../utils/assert_advanced_setting_enabled';
import type { EntityAnalyticsRoutesDeps } from '../../types';
@ -26,7 +29,7 @@ import { AUDIT_CATEGORY, AUDIT_OUTCOME, AUDIT_TYPE } from '../../audit';
type DeleteHandler = (
context: SecuritySolutionRequestHandlerContext,
request: {
query: DeleteAssetCriticalityRecord;
query: DeleteAssetCriticalityRecordRequestQuery;
},
response: KibanaResponseFactory
) => Promise<IKibanaResponse>;
@ -88,7 +91,7 @@ export const assetCriticalityInternalDeleteRoute = (
version: API_VERSIONS.internal.v1,
validate: {
request: {
query: buildRouteValidationWithZod(DeleteAssetCriticalityRecord),
query: buildRouteValidationWithZod(InternalDeleteAssetCriticalityRecordRequestQuery),
},
},
},
@ -113,7 +116,7 @@ export const assetCriticalityPublicDeleteRoute = (
version: API_VERSIONS.public.v1,
validate: {
request: {
query: buildRouteValidationWithZod(DeleteAssetCriticalityRecord),
query: buildRouteValidationWithZod(DeleteAssetCriticalityRecordRequestQuery),
},
},
},

8
x-pack/plugins/security_solution/server/lib/entity_analytics/asset_criticality/routes/get.ts
View file

@ -8,6 +8,7 @@ import type { IKibanaResponse, KibanaResponseFactory, Logger } from '@kbn/core/s
import { buildSiemResponse } from '@kbn/lists-plugin/server/routes/utils';
import { transformError } from '@kbn/securitysolution-es-utils';
import { buildRouteValidationWithZod } from '@kbn/zod-helpers';
import { GetAssetCriticalityRecordRequestQuery } from '../../../../../common/api/entity_analytics/asset_criticality/get_asset_criticality.gen';
import type { SecuritySolutionRequestHandlerContext } from '../../../../types';
import {
ASSET_CRITICALITY_INTERNAL_URL,
@ -17,7 +18,6 @@ import {
API_VERSIONS,
} from '../../../../../common/constants';
import { checkAndInitAssetCriticalityResources } from '../check_and_init_asset_criticality_resources';
import { AssetCriticalityRecordIdParts } from '../../../../../common/api/entity_analytics/asset_criticality';
import { assertAdvancedSettingsEnabled } from '../../utils/assert_advanced_setting_enabled';
import type { EntityAnalyticsRoutesDeps } from '../../types';
import { AssetCriticalityAuditActions } from '../audit';
@ -25,7 +25,7 @@ import { AUDIT_CATEGORY, AUDIT_OUTCOME, AUDIT_TYPE } from '../../audit';
type GetHandler = (
context: SecuritySolutionRequestHandlerContext,
request: {
query: AssetCriticalityRecordIdParts;
query: GetAssetCriticalityRecordRequestQuery;
},
response: KibanaResponseFactory
) => Promise<IKibanaResponse>;
@ -86,7 +86,7 @@ export const assetCriticalityInternalGetRoute = (
version: API_VERSIONS.internal.v1,
validate: {
request: {
query: buildRouteValidationWithZod(AssetCriticalityRecordIdParts),
query: buildRouteValidationWithZod(GetAssetCriticalityRecordRequestQuery),
},
},
},
@ -111,7 +111,7 @@ export const assetCriticalityPublicGetRoute = (
version: API_VERSIONS.public.v1,
validate: {
request: {
query: buildRouteValidationWithZod(AssetCriticalityRecordIdParts),
query: buildRouteValidationWithZod(GetAssetCriticalityRecordRequestQuery),
},
},
},

8
x-pack/plugins/security_solution/server/lib/entity_analytics/asset_criticality/routes/list.ts
View file

@ -15,8 +15,8 @@ import {
API_VERSIONS,
} from '../../../../../common/constants';
import { checkAndInitAssetCriticalityResources } from '../check_and_init_asset_criticality_resources';
import type { AssetCriticalityListResponse } from '../../../../../common/api/entity_analytics/asset_criticality';
import { ListAssetCriticalityQueryParams } from '../../../../../common/api/entity_analytics/asset_criticality';
import type { FindAssetCriticalityRecordsResponse } from '../../../../../common/api/entity_analytics/asset_criticality';
import { FindAssetCriticalityRecordsRequestQuery } from '../../../../../common/api/entity_analytics/asset_criticality';
import { assertAdvancedSettingsEnabled } from '../../utils/assert_advanced_setting_enabled';
import type { EntityAnalyticsRoutesDeps } from '../../types';
import { AssetCriticalityAuditActions } from '../audit';
@ -39,7 +39,7 @@ export const assetCriticalityPublicListRoute = (
version: API_VERSIONS.public.v1,
validate: {
request: {
query: buildRouteValidationWithZod(ListAssetCriticalityQueryParams),
query: buildRouteValidationWithZod(FindAssetCriticalityRecordsRequestQuery),
},
},
},
@ -81,7 +81,7 @@ export const assetCriticalityPublicListRoute = (
},
});
const body: AssetCriticalityListResponse = {
const body: FindAssetCriticalityRecordsResponse = {
records,
total,
page,

4
x-pack/plugins/security_solution/server/lib/entity_analytics/asset_criticality/routes/status.ts
View file

@ -7,7 +7,7 @@
import type { Logger } from '@kbn/core/server';
import { buildSiemResponse } from '@kbn/lists-plugin/server/routes/utils';
import { transformError } from '@kbn/securitysolution-es-utils';
import type { AssetCriticalityStatusResponse } from '../../../../../common/api/entity_analytics/asset_criticality';
import type { GetAssetCriticalityStatusResponse } from '../../../../../common/api/entity_analytics';
import {
ASSET_CRITICALITY_INTERNAL_STATUS_URL,
APP_ID,
@ -55,7 +55,7 @@ export const assetCriticalityInternalStatusRoute = (
},
});
const body: AssetCriticalityStatusResponse = {
const body: GetAssetCriticalityStatusResponse = {
asset_criticality_resources_installed: result.isAssetCriticalityResourcesInstalled,
};
return response.ok({

4
x-pack/plugins/security_solution/server/lib/entity_analytics/asset_criticality/routes/upload_csv.ts
View file

@ -10,7 +10,7 @@ import { schema } from '@kbn/config-schema';
import Papa from 'papaparse';
import { transformError } from '@kbn/securitysolution-es-utils';
import type internal from 'stream';
import type { AssetCriticalityBulkUploadResponse } from '../../../../../common/api/entity_analytics';
import type { UploadAssetCriticalityRecordsResponse } from '../../../../../common/api/entity_analytics/asset_criticality/upload_asset_criticality_csv.gen';
import { CRITICALITY_CSV_MAX_SIZE_BYTES_WITH_TOLERANCE } from '../../../../../common/entity_analytics/asset_criticality';
import type { ConfigType } from '../../../../config';
import type { HapiReadableStream, SecuritySolutionRequestHandlerContext } from '../../../../types';
@ -90,7 +90,7 @@ const handler: (
);
// type assignment here to ensure that the response body stays in sync with the API schema
const resBody: AssetCriticalityBulkUploadResponse = { errors, stats };
const resBody: UploadAssetCriticalityRecordsResponse = { errors, stats };
const [eventType, event] = createAssetCriticalityProcessedFileEvent({
startTime: start,

11
x-pack/plugins/security_solution/server/lib/entity_analytics/asset_criticality/routes/upsert.ts
View file

@ -8,6 +8,10 @@ import type { IKibanaResponse, KibanaResponseFactory, Logger } from '@kbn/core/s
import { buildSiemResponse } from '@kbn/lists-plugin/server/routes/utils';
import { transformError } from '@kbn/securitysolution-es-utils';
import { buildRouteValidationWithZod } from '@kbn/zod-helpers';
import {
CreateAssetCriticalityRecordRequestBody,
InternalCreateAssetCriticalityRecordRequestBody,
} from '../../../../../common/api/entity_analytics/asset_criticality/create_asset_criticality.gen';
import type { SecuritySolutionRequestHandlerContext } from '../../../../types';
import {
ASSET_CRITICALITY_PUBLIC_URL,
@ -17,7 +21,6 @@ import {
API_VERSIONS,
} from '../../../../../common/constants';
import { checkAndInitAssetCriticalityResources } from '../check_and_init_asset_criticality_resources';
import { CreateSingleAssetCriticalityRequest } from '../../../../../common/api/entity_analytics';
import type { EntityAnalyticsRoutesDeps } from '../../types';
import { AssetCriticalityAuditActions } from '../audit';
import { AUDIT_CATEGORY, AUDIT_OUTCOME, AUDIT_TYPE } from '../../audit';
@ -26,7 +29,7 @@ import { assertAdvancedSettingsEnabled } from '../../utils/assert_advanced_setti
type UpsertHandler = (
context: SecuritySolutionRequestHandlerContext,
request: {
body: CreateSingleAssetCriticalityRequest;
body: CreateAssetCriticalityRecordRequestBody;
},
response: KibanaResponseFactory
) => Promise<IKibanaResponse>;
@ -93,7 +96,7 @@ export const assetCriticalityInternalUpsertRoute = (
version: API_VERSIONS.internal.v1,
validate: {
request: {
body: buildRouteValidationWithZod(CreateSingleAssetCriticalityRequest),
body: buildRouteValidationWithZod(InternalCreateAssetCriticalityRecordRequestBody),
},
},
},
@ -118,7 +121,7 @@ export const assetCriticalityPublicUpsertRoute = (
version: API_VERSIONS.public.v1,
validate: {
request: {
body: buildRouteValidationWithZod(CreateSingleAssetCriticalityRequest),
body: buildRouteValidationWithZod(CreateAssetCriticalityRecordRequestBody),
},
},
},

4
x-pack/plugins/security_solution/server/lib/entity_analytics/risk_engine/routes/disable.ts
View file

@ -7,7 +7,7 @@
import { buildSiemResponse } from '@kbn/lists-plugin/server/routes/utils';
import { transformError } from '@kbn/securitysolution-es-utils';
import type { RiskEngineDisableResponse } from '../../../../../common/api/entity_analytics/risk_engine/engine_disable_route.gen';
import type { DisableRiskEngineResponse } from '../../../../../common/api/entity_analytics/risk_engine/engine_disable_route.gen';
import { RISK_ENGINE_DISABLE_URL, APP_ID } from '../../../../../common/constants';
import { TASK_MANAGER_UNAVAILABLE_ERROR } from './translations';
import { withRiskEnginePrivilegeCheck } from '../risk_engine_privileges';
@ -71,7 +71,7 @@ export const riskEngineDisableRoute = (
try {
await riskEngineClient.disableRiskEngine({ taskManager });
const body: RiskEngineDisableResponse = { success: true };
const body: DisableRiskEngineResponse = { success: true };
return response.ok({ body });
} catch (e) {
const error = transformError(e);

4
x-pack/plugins/security_solution/server/lib/entity_analytics/risk_engine/routes/enable.ts
View file

@ -7,7 +7,7 @@
import { buildSiemResponse } from '@kbn/lists-plugin/server/routes/utils';
import { transformError } from '@kbn/securitysolution-es-utils';
import type { RiskEngineEnableResponse } from '../../../../../common/api/entity_analytics/risk_engine/engine_enable_route.gen';
import type { EnableRiskEngineResponse } from '../../../../../common/api/entity_analytics/risk_engine/engine_enable_route.gen';
import { RISK_ENGINE_ENABLE_URL, APP_ID } from '../../../../../common/constants';
import { TASK_MANAGER_UNAVAILABLE_ERROR } from './translations';
import { withRiskEnginePrivilegeCheck } from '../risk_engine_privileges';
@ -69,7 +69,7 @@ export const riskEngineEnableRoute = (
try {
await riskEngineClient.enableRiskEngine({ taskManager });
const body: RiskEngineEnableResponse = { success: true };
const body: EnableRiskEngineResponse = { success: true };
return response.ok({ body });
} catch (e) {
const error = transformError(e);

8
x-pack/plugins/security_solution/server/lib/entity_analytics/risk_engine/routes/init.ts
View file

@ -8,8 +8,8 @@
import { buildSiemResponse } from '@kbn/lists-plugin/server/routes/utils';
import { transformError } from '@kbn/securitysolution-es-utils';
import type {
RiskEngineInitResponse,
RiskEngineInitResult,
InitRiskEngineResponse,
InitRiskEngineResult,
} from '../../../../../common/api/entity_analytics/risk_engine/engine_init_route.gen';
import { RISK_ENGINE_INIT_URL, APP_ID } from '../../../../../common/constants';
import { TASK_MANAGER_UNAVAILABLE_ERROR } from './translations';
@ -64,7 +64,7 @@ export const riskEngineInitRoute = (
riskScoreDataClient,
});
const result: RiskEngineInitResult = {
const result: InitRiskEngineResult = {
risk_engine_enabled: initResult.riskEngineEnabled,
risk_engine_resources_installed: initResult.riskEngineResourcesInstalled,
risk_engine_configuration_created: initResult.riskEngineConfigurationCreated,
@ -72,7 +72,7 @@ export const riskEngineInitRoute = (
errors: initResult.errors,
};
const initResponse: RiskEngineInitResponse = {
const initResponse: InitRiskEngineResponse = {
result,
};

4
x-pack/plugins/security_solution/server/lib/entity_analytics/risk_engine/routes/settings.ts
View file

@ -7,7 +7,7 @@
import { buildSiemResponse } from '@kbn/lists-plugin/server/routes/utils';
import { transformError } from '@kbn/securitysolution-es-utils';
import type { RiskEngineSettingsResponse } from '../../../../../common/api/entity_analytics/risk_engine';
import type { ReadRiskEngineSettingsResponse } from '../../../../../common/api/entity_analytics/risk_engine';
import { RISK_ENGINE_SETTINGS_URL, APP_ID } from '../../../../../common/constants';
import { AUDIT_CATEGORY, AUDIT_OUTCOME, AUDIT_TYPE } from '../../audit';
import type { EntityAnalyticsRoutesDeps } from '../../types';
@ -43,7 +43,7 @@ export const riskEngineSettingsRoute = (router: EntityAnalyticsRoutesDeps['route
if (!result) {
throw new Error('Unable to get risk engine configuration');
}
const body: RiskEngineSettingsResponse = {
const body: ReadRiskEngineSettingsResponse = {
range: result.range,
};
return response.ok({

8
x-pack/plugins/security_solution/server/lib/telemetry/event_based/events.ts
View file

@ -5,7 +5,7 @@
* 2.0.
*/
import type { EventTypeOpts } from '@kbn/core/server';
import type { AssetCriticalityBulkUploadResponse } from '../../../../common/api/entity_analytics';
import type { BulkUpsertAssetCriticalityRecordsResponse } from '../../../../common/api/entity_analytics';
export const RISK_SCORE_EXECUTION_SUCCESS_EVENT: EventTypeOpts<{
scoresWritten: number;
@ -88,7 +88,7 @@ interface AssetCriticalitySystemProcessedAssignmentFileEvent {
endTime: string;
tookMs: number;
};
result?: AssetCriticalityBulkUploadResponse['stats'];
result?: BulkUpsertAssetCriticalityRecordsResponse['stats'];
status: 'success' | 'partial_success' | 'fail';
}
@ -124,7 +124,7 @@ export const ASSET_CRITICALITY_SYSTEM_PROCESSED_ASSIGNMENT_FILE_EVENT: EventType
};
interface CreateAssetCriticalityProcessedFileEvent {
result?: AssetCriticalityBulkUploadResponse['stats'];
result?: BulkUpsertAssetCriticalityRecordsResponse['stats'];
startTime: Date;
endTime: Date;
}
@ -154,7 +154,7 @@ export const createAssetCriticalityProcessedFileEvent = ({
];
};
const getUploadStatus = (stats?: AssetCriticalityBulkUploadResponse['stats']) => {
const getUploadStatus = (stats?: BulkUpsertAssetCriticalityRecordsResponse['stats']) => {
if (!stats) {
return 'fail';
}

191
x-pack/test/api_integration/services/security_solution_api.gen.ts
View file

@ -26,13 +26,17 @@ import { BulkDeleteRulesRequestBodyInput } from '@kbn/security-solution-plugin/c
import { BulkDeleteRulesPostRequestBodyInput } from '@kbn/security-solution-plugin/common/api/detection_engine/rule_management/bulk_crud/bulk_delete_rules/bulk_delete_rules_route.gen';
import { BulkPatchRulesRequestBodyInput } from '@kbn/security-solution-plugin/common/api/detection_engine/rule_management/bulk_crud/bulk_patch_rules/bulk_patch_rules_route.gen';
import { BulkUpdateRulesRequestBodyInput } from '@kbn/security-solution-plugin/common/api/detection_engine/rule_management/bulk_crud/bulk_update_rules/bulk_update_rules_route.gen';
import { BulkUpsertAssetCriticalityRecordsRequestBodyInput } from '@kbn/security-solution-plugin/common/api/entity_analytics/asset_criticality/bulk_upload_asset_criticality.gen';
import { CreateAlertsMigrationRequestBodyInput } from '@kbn/security-solution-plugin/common/api/detection_engine/signals_migration/create_signals_migration/create_signals_migration.gen';
import { CreateAssetCriticalityRecordRequestBodyInput } from '@kbn/security-solution-plugin/common/api/entity_analytics/asset_criticality/create_asset_criticality.gen';
import { CreateRuleRequestBodyInput } from '@kbn/security-solution-plugin/common/api/detection_engine/rule_management/crud/create_rule/create_rule_route.gen';
import {
CreateUpdateProtectionUpdatesNoteRequestParamsInput,
CreateUpdateProtectionUpdatesNoteRequestBodyInput,
} from '@kbn/security-solution-plugin/common/api/endpoint/protection_updates_note/protection_updates_note.gen';
import { DeleteAssetCriticalityRecordRequestQueryInput } from '@kbn/security-solution-plugin/common/api/entity_analytics/asset_criticality/delete_asset_criticality.gen';
import { DeleteRuleRequestQueryInput } from '@kbn/security-solution-plugin/common/api/detection_engine/rule_management/crud/delete_rule/delete_rule_route.gen';
import { DeprecatedTriggerRiskScoreCalculationRequestBodyInput } from '@kbn/security-solution-plugin/common/api/entity_analytics/risk_engine/entity_calculation_route.gen';
import { EndpointIsolateRedirectRequestBodyInput } from '@kbn/security-solution-plugin/common/api/endpoint/actions/isolate_route.gen';
import { EndpointUnisolateRedirectRequestBodyInput } from '@kbn/security-solution-plugin/common/api/endpoint/actions/unisolate_route.gen';
import {
@ -40,9 +44,11 @@ import {
ExportRulesRequestBodyInput,
} from '@kbn/security-solution-plugin/common/api/detection_engine/rule_management/export_rules/export_rules_route.gen';
import { FinalizeAlertsMigrationRequestBodyInput } from '@kbn/security-solution-plugin/common/api/detection_engine/signals_migration/finalize_signals_migration/finalize_signals_migration.gen';
import { FindAssetCriticalityRecordsRequestQueryInput } from '@kbn/security-solution-plugin/common/api/entity_analytics/asset_criticality/list_asset_criticality.gen';
import { FindRulesRequestQueryInput } from '@kbn/security-solution-plugin/common/api/detection_engine/rule_management/find_rules/find_rules_route.gen';
import { GetAgentPolicySummaryRequestQueryInput } from '@kbn/security-solution-plugin/common/api/endpoint/policy/policy.gen';
import { GetAlertsMigrationStatusRequestQueryInput } from '@kbn/security-solution-plugin/common/api/detection_engine/signals_migration/get_signals_migration_status/get_signals_migration_status.gen';
import { GetAssetCriticalityRecordRequestQueryInput } from '@kbn/security-solution-plugin/common/api/entity_analytics/asset_criticality/get_asset_criticality.gen';
import {
GetEndpointSuggestionsRequestParamsInput,
GetEndpointSuggestionsRequestBodyInput,
@ -58,18 +64,22 @@ import {
GetRuleExecutionResultsRequestParamsInput,
} from '@kbn/security-solution-plugin/common/api/detection_engine/rule_monitoring/rule_execution_logs/get_rule_execution_results/get_rule_execution_results_route.gen';
import { ImportRulesRequestQueryInput } from '@kbn/security-solution-plugin/common/api/detection_engine/rule_management/import_rules/import_rules_route.gen';
import { InternalCreateAssetCriticalityRecordRequestBodyInput } from '@kbn/security-solution-plugin/common/api/entity_analytics/asset_criticality/create_asset_criticality.gen';
import { InternalDeleteAssetCriticalityRecordRequestQueryInput } from '@kbn/security-solution-plugin/common/api/entity_analytics/asset_criticality/delete_asset_criticality.gen';
import { ManageAlertTagsRequestBodyInput } from '@kbn/security-solution-plugin/common/api/detection_engine/alert_tags/set_alert_tags/set_alert_tags.gen';
import { PatchRuleRequestBodyInput } from '@kbn/security-solution-plugin/common/api/detection_engine/rule_management/crud/patch_rule/patch_rule_route.gen';
import {
PerformBulkActionRequestQueryInput,
PerformBulkActionRequestBodyInput,
} from '@kbn/security-solution-plugin/common/api/detection_engine/rule_management/bulk_actions/bulk_actions_route.gen';
import { PreviewRiskScoreRequestBodyInput } from '@kbn/security-solution-plugin/common/api/entity_analytics/risk_engine/preview_route.gen';
import { ReadRuleRequestQueryInput } from '@kbn/security-solution-plugin/common/api/detection_engine/rule_management/crud/read_rule/read_rule_route.gen';
import { RulePreviewRequestBodyInput } from '@kbn/security-solution-plugin/common/api/detection_engine/rule_preview/rule_preview.gen';
import { SearchAlertsRequestBodyInput } from '@kbn/security-solution-plugin/common/api/detection_engine/signals/query_signals/query_signals_route.gen';
import { SetAlertAssigneesRequestBodyInput } from '@kbn/security-solution-plugin/common/api/detection_engine/alert_assignees/set_alert_assignees_route.gen';
import { SetAlertsStatusRequestBodyInput } from '@kbn/security-solution-plugin/common/api/detection_engine/signals/set_signal_status/set_signals_status_route.gen';
import { SuggestUserProfilesRequestQueryInput } from '@kbn/security-solution-plugin/common/api/detection_engine/users/suggest_user_profiles_route.gen';
import { TriggerRiskScoreCalculationRequestBodyInput } from '@kbn/security-solution-plugin/common/api/entity_analytics/risk_engine/entity_calculation_route.gen';
import { UpdateRuleRequestBodyInput } from '@kbn/security-solution-plugin/common/api/detection_engine/rule_management/crud/update_rule/update_rule_route.gen';
import { FtrProviderContext } from '../ftr_provider_context';
@ -153,6 +163,14 @@ after 30 days. It also deletes other artifacts specific to the migration impleme
.set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana')
.send(props.body as object);
},
bulkUpsertAssetCriticalityRecords(props: BulkUpsertAssetCriticalityRecordsProps) {
return supertest
.post('/api/asset_criticality/bulk')
.set('kbn-xsrf', 'true')
.set(ELASTIC_HTTP_VERSION_HEADER, '1')
.set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana')
.send(props.body as object);
},
createAlertsIndex() {
return supertest
.post('/api/detection_engine/index')
@ -173,6 +191,14 @@ Migrations are initiated per index. While the process is neither destructive nor
.set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana')
.send(props.body as object);
},
createAssetCriticalityRecord(props: CreateAssetCriticalityRecordProps) {
return supertest
.post('/api/asset_criticality')
.set('kbn-xsrf', 'true')
.set(ELASTIC_HTTP_VERSION_HEADER, '1')
.set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana')
.send(props.body as object);
},
/**
* Create a new detection rule.
*/
@ -201,6 +227,14 @@ Migrations are initiated per index. While the process is neither destructive nor
.set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31')
.set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana');
},
deleteAssetCriticalityRecord(props: DeleteAssetCriticalityRecordProps) {
return supertest
.delete('/api/asset_criticality')
.set('kbn-xsrf', 'true')
.set(ELASTIC_HTTP_VERSION_HEADER, '1')
.set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana')
.query(props.query);
},
/**
* Delete a detection rule using the `rule_id` or `id` field.
*/
@ -212,6 +246,31 @@ Migrations are initiated per index. While the process is neither destructive nor
.set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana')
.query(props.query);
},
/**
* Calculates and persists Risk Scores for an entity, returning the calculated risk score.
*/
deprecatedTriggerRiskScoreCalculation(props: DeprecatedTriggerRiskScoreCalculationProps) {
return supertest
.post('/api/risk_scores/calculation/entity')
.set('kbn-xsrf', 'true')
.set(ELASTIC_HTTP_VERSION_HEADER, '1')
.set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana')
.send(props.body as object);
},
disableRiskEngine() {
return supertest
.post('/internal/risk_score/engine/disable')
.set('kbn-xsrf', 'true')
.set(ELASTIC_HTTP_VERSION_HEADER, '1')
.set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana');
},
enableRiskEngine() {
return supertest
.post('/internal/risk_score/engine/enable')
.set('kbn-xsrf', 'true')
.set(ELASTIC_HTTP_VERSION_HEADER, '1')
.set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana');
},
endpointIsolateRedirect(props: EndpointIsolateRedirectProps) {
return supertest
.post('/api/endpoint/isolate')
@ -259,6 +318,14 @@ finalize it.
.set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana')
.send(props.body as object);
},
findAssetCriticalityRecords(props: FindAssetCriticalityRecordsProps) {
return supertest
.post('/api/asset_criticality/list')
.set('kbn-xsrf', 'true')
.set(ELASTIC_HTTP_VERSION_HEADER, '1')
.set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana')
.query(props.query);
},
/**
* Retrieve a paginated list of detection rules. By default, the first page is returned, with 20 results per page.
*/
@ -296,6 +363,21 @@ finalize it.
.set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana')
.query(props.query);
},
getAssetCriticalityRecord(props: GetAssetCriticalityRecordProps) {
return supertest
.get('/api/asset_criticality')
.set('kbn-xsrf', 'true')
.set(ELASTIC_HTTP_VERSION_HEADER, '1')
.set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana')
.query(props.query);
},
getAssetCriticalityStatus() {
return supertest
.get('/internal/asset_criticality/status')
.set('kbn-xsrf', 'true')
.set(ELASTIC_HTTP_VERSION_HEADER, '1')
.set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana');
},
getEndpointSuggestions(props: GetEndpointSuggestionsProps) {
return supertest
.post(replaceParams('/api/endpoint/suggestions/{suggestion_type}', props.params))
@ -345,6 +427,16 @@ detection engine rules.
.set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31')
.set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana');
},
/**
* Returns the status of both the legacy transform-based risk engine, as well as the new risk engine
*/
getRiskEngineStatus() {
return supertest
.get('/internal/risk_score/engine/status')
.set('kbn-xsrf', 'true')
.set(ELASTIC_HTTP_VERSION_HEADER, '1')
.set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana');
},
getRuleExecutionEvents(props: GetRuleExecutionEventsProps) {
return supertest
.put(
@ -379,6 +471,16 @@ detection engine rules.
.set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana')
.query(props.query);
},
/**
* Initializes the Risk Engine by creating the necessary indices and mappings, removing old transforms, and starting the new risk engine
*/
initRiskEngine() {
return supertest
.post('/internal/risk_score/engine/init')
.set('kbn-xsrf', 'true')
.set(ELASTIC_HTTP_VERSION_HEADER, '1')
.set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana');
},
/**
* Install and update all Elastic prebuilt detection rules and Timelines.
*/
@ -389,6 +491,29 @@ detection engine rules.
.set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31')
.set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana');
},
internalCreateAssetCriticalityRecord(props: InternalCreateAssetCriticalityRecordProps) {
return supertest
.post('/internal/asset_criticality')
.set('kbn-xsrf', 'true')
.set(ELASTIC_HTTP_VERSION_HEADER, '1')
.set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana')
.send(props.body as object);
},
internalDeleteAssetCriticalityRecord(props: InternalDeleteAssetCriticalityRecordProps) {
return supertest
.delete('/internal/asset_criticality')
.set('kbn-xsrf', 'true')
.set(ELASTIC_HTTP_VERSION_HEADER, '1')
.set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana')
.query(props.query);
},
internalUploadAssetCriticalityRecords() {
return supertest
.post('/internal/asset_criticality/upload_csv')
.set('kbn-xsrf', 'true')
.set(ELASTIC_HTTP_VERSION_HEADER, '1')
.set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana');
},
/**
* And tags to detection alerts, and remove them from alerts.
> info
@ -426,6 +551,24 @@ detection engine rules.
.send(props.body as object)
.query(props.query);
},
/**
* Calculates and returns a list of Risk Scores, sorted by identifier_type and risk score.
*/
previewRiskScore(props: PreviewRiskScoreProps) {
return supertest
.post('/internal/risk_score/preview')
.set('kbn-xsrf', 'true')
.set(ELASTIC_HTTP_VERSION_HEADER, '1')
.set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana')
.send(props.body as object);
},
readRiskEngineSettings() {
return supertest
.get('/internal/risk_score/engine/settings')
.set('kbn-xsrf', 'true')
.set(ELASTIC_HTTP_VERSION_HEADER, '1')
.set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana');
},
/**
* Retrieve a detection rule using the `rule_id` or `id` field.
*/
@ -502,6 +645,17 @@ detection engine rules.
.set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana')
.query(props.query);
},
/**
* Calculates and persists Risk Scores for an entity, returning the calculated risk score.
*/
triggerRiskScoreCalculation(props: TriggerRiskScoreCalculationProps) {
return supertest
.post('/internal/risk_score/calculation/entity')
.set('kbn-xsrf', 'true')
.set(ELASTIC_HTTP_VERSION_HEADER, '1')
.set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana')
.send(props.body as object);
},
/**
* Update a detection rule using the `rule_id` or `id` field. The original rule is replaced, and all unspecified fields are deleted.
> info
@ -516,6 +670,13 @@ detection engine rules.
.set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana')
.send(props.body as object);
},
uploadAssetCriticalityRecords() {
return supertest
.post('/api/asset_criticality/upload_csv')
.set('kbn-xsrf', 'true')
.set(ELASTIC_HTTP_VERSION_HEADER, '1')
.set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana');
},
};
}
@ -537,9 +698,15 @@ export interface BulkPatchRulesProps {
export interface BulkUpdateRulesProps {
body: BulkUpdateRulesRequestBodyInput;
}
export interface BulkUpsertAssetCriticalityRecordsProps {
body: BulkUpsertAssetCriticalityRecordsRequestBodyInput;
}
export interface CreateAlertsMigrationProps {
body: CreateAlertsMigrationRequestBodyInput;
}
export interface CreateAssetCriticalityRecordProps {
body: CreateAssetCriticalityRecordRequestBodyInput;
}
export interface CreateRuleProps {
body: CreateRuleRequestBodyInput;
}
@ -547,9 +714,15 @@ export interface CreateUpdateProtectionUpdatesNoteProps {
params: CreateUpdateProtectionUpdatesNoteRequestParamsInput;
body: CreateUpdateProtectionUpdatesNoteRequestBodyInput;
}
export interface DeleteAssetCriticalityRecordProps {
query: DeleteAssetCriticalityRecordRequestQueryInput;
}
export interface DeleteRuleProps {
query: DeleteRuleRequestQueryInput;
}
export interface DeprecatedTriggerRiskScoreCalculationProps {
body: DeprecatedTriggerRiskScoreCalculationRequestBodyInput;
}
export interface EndpointIsolateRedirectProps {
body: EndpointIsolateRedirectRequestBodyInput;
}
@ -563,6 +736,9 @@ export interface ExportRulesProps {
export interface FinalizeAlertsMigrationProps {
body: FinalizeAlertsMigrationRequestBodyInput;
}
export interface FindAssetCriticalityRecordsProps {
query: FindAssetCriticalityRecordsRequestQueryInput;
}
export interface FindRulesProps {
query: FindRulesRequestQueryInput;
}
@ -572,6 +748,9 @@ export interface GetAgentPolicySummaryProps {
export interface GetAlertsMigrationStatusProps {
query: GetAlertsMigrationStatusRequestQueryInput;
}
export interface GetAssetCriticalityRecordProps {
query: GetAssetCriticalityRecordRequestQueryInput;
}
export interface GetEndpointSuggestionsProps {
params: GetEndpointSuggestionsRequestParamsInput;
body: GetEndpointSuggestionsRequestBodyInput;
@ -593,6 +772,12 @@ export interface GetRuleExecutionResultsProps {
export interface ImportRulesProps {
query: ImportRulesRequestQueryInput;
}
export interface InternalCreateAssetCriticalityRecordProps {
body: InternalCreateAssetCriticalityRecordRequestBodyInput;
}
export interface InternalDeleteAssetCriticalityRecordProps {
query: InternalDeleteAssetCriticalityRecordRequestQueryInput;
}
export interface ManageAlertTagsProps {
body: ManageAlertTagsRequestBodyInput;
}
@ -603,6 +788,9 @@ export interface PerformBulkActionProps {
query: PerformBulkActionRequestQueryInput;
body: PerformBulkActionRequestBodyInput;
}
export interface PreviewRiskScoreProps {
body: PreviewRiskScoreRequestBodyInput;
}
export interface ReadRuleProps {
query: ReadRuleRequestQueryInput;
}
@ -621,6 +809,9 @@ export interface SetAlertsStatusProps {
export interface SuggestUserProfilesProps {
query: SuggestUserProfilesRequestQueryInput;
}
export interface TriggerRiskScoreCalculationProps {
body: TriggerRiskScoreCalculationRequestBodyInput;
}
export interface UpdateRuleProps {
body: UpdateRuleRequestBodyInput;
}

4
x-pack/test/security_solution_api_integration/test_suites/entity_analytics/utils/asset_criticality.ts
View file

@ -23,7 +23,7 @@ import {
import type {
AssetCriticalityRecord,
CreateAssetCriticalityRecord,
ListAssetCriticalityQueryParams,
FindAssetCriticalityRecordsRequestQuery,
} from '@kbn/security-solution-plugin/common/api/entity_analytics';
import type { Client } from '@elastic/elasticsearch';
import type { ToolingLog } from '@kbn/tooling-log';
@ -187,7 +187,7 @@ export const assetCriticalityRouteHelpersFactory = (
.expect(expectStatusCode);
},
list: async (
opts: ListAssetCriticalityQueryParams = {},
opts: FindAssetCriticalityRecordsRequestQuery = {},
{ expectStatusCode }: { expectStatusCode: number } = { expectStatusCode: 200 }
) => {
const qs = querystring.stringify(opts);