github-mirrors/kibana
1
0
Fork 0
mirror of https://github.com/elastic/kibana.git synced 2025-04-24 17:59:23 -04:00
Code Issues Projects Releases Packages Wiki Activity

[Endpoint] EMT-65: make endpoint data types common, restructure (#54772)

Browse source 
[Endpoint] EMT-65: make endpoint data types common, use schema changes
This commit is contained in:
nnamdifrankie 2020-01-27 14:23:56 -05:00 committed by GitHub
parent aa695ec637
commit 9301531249
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
13 changed files with 740 additions and 485 deletions
Download patch file Download diff file Expand all files Collapse all files

46
x-pack/plugins/endpoint/common/types.ts Normal file
View file

@ -0,0 +1,46 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License;
* you may not use this file except in compliance with the Elastic License.
*/
export class EndpointAppConstants {
static ENDPOINT_INDEX_NAME = 'endpoint-agent*';
}
export interface EndpointResultList {
// the endpoint restricted by the page size
endpoints: EndpointMetadata[];
// the total number of unique endpoints in the index
total: number;
// the page size requested
request_page_size: number;
// the index requested
request_page_index: number;
}
export interface EndpointMetadata {
event: {
created: Date;
};
endpoint: {
policy: {
id: string;
};
};
agent: {
version: string;
id: string;
};
host: {
id: string;
hostname: string;
ip: string[];
mac: string[];
os: {
name: string;
full: string;
version: string;
};
};
}

2
x-pack/plugins/endpoint/server/plugin.ts
View file

@ -8,8 +8,8 @@ import { first } from 'rxjs/operators';
import { addRoutes } from './routes';
import { PluginSetupContract as FeaturesPluginSetupContract } from '../../features/server';
import { createConfig$, EndpointConfigType } from './config';
import { EndpointAppContext } from './types';
import { registerEndpointRoutes } from './routes/endpoints';
import { EndpointAppContext } from './types';
export type EndpointPluginStart = void;
export type EndpointPluginSetup = void;

22
x-pack/plugins/endpoint/server/routes/endpoints.test.ts
View file

@ -18,9 +18,9 @@ import {
httpServiceMock,
loggingServiceMock,
} from '../../../../../src/core/server/mocks';
import { EndpointData } from '../types';
import { EndpointMetadata, EndpointResultList } from '../../common/types';
import { SearchResponse } from 'elasticsearch';
import { EndpointResultList, registerEndpointRoutes } from './endpoints';
import { registerEndpointRoutes } from './endpoints';
import { EndpointConfigSchema } from '../config';
import * as data from '../test_data/all_endpoints_data.json';
@ -49,8 +49,8 @@ describe('test endpoint route', () => {
it('test find the latest of all endpoints', async () => {
const mockRequest = httpServerMock.createKibanaRequest({});
const response: SearchResponse<EndpointData> = (data as unknown) as SearchResponse<
EndpointData
const response: SearchResponse<EndpointMetadata> = (data as unknown) as SearchResponse<
EndpointMetadata
>;
mockScopedClient.callAsCurrentUser.mockImplementationOnce(() => Promise.resolve(response));
[routeConfig, routeHandler] = routerMock.post.mock.calls.find(([{ path }]) =>
@ -73,9 +73,9 @@ describe('test endpoint route', () => {
expect(routeConfig.options).toEqual({ authRequired: true });
expect(mockResponse.ok).toBeCalled();
const endpointResultList = mockResponse.ok.mock.calls[0][0]?.body as EndpointResultList;
expect(endpointResultList.endpoints.length).toEqual(3);
expect(endpointResultList.total).toEqual(3);
expect(endpointResultList.request_index).toEqual(0);
expect(endpointResultList.endpoints.length).toEqual(2);
expect(endpointResultList.total).toEqual(2);
expect(endpointResultList.request_page_index).toEqual(0);
expect(endpointResultList.request_page_size).toEqual(10);
});
@ -93,7 +93,7 @@ describe('test endpoint route', () => {
},
});
mockScopedClient.callAsCurrentUser.mockImplementationOnce(() =>
Promise.resolve((data as unknown) as SearchResponse<EndpointData>)
Promise.resolve((data as unknown) as SearchResponse<EndpointMetadata>)
);
[routeConfig, routeHandler] = routerMock.post.mock.calls.find(([{ path }]) =>
path.startsWith('/api/endpoint/endpoints')
@ -115,9 +115,9 @@ describe('test endpoint route', () => {
expect(routeConfig.options).toEqual({ authRequired: true });
expect(mockResponse.ok).toBeCalled();
const endpointResultList = mockResponse.ok.mock.calls[0][0]?.body as EndpointResultList;
expect(endpointResultList.endpoints.length).toEqual(3);
expect(endpointResultList.total).toEqual(3);
expect(endpointResultList.request_index).toEqual(10);
expect(endpointResultList.endpoints.length).toEqual(2);
expect(endpointResultList.total).toEqual(2);
expect(endpointResultList.request_page_index).toEqual(10);
expect(endpointResultList.request_page_size).toEqual(10);
});
});

25
x-pack/plugins/endpoint/server/routes/endpoints.ts
View file

@ -7,22 +7,13 @@
import { IRouter } from 'kibana/server';
import { SearchResponse } from 'elasticsearch';
import { schema } from '@kbn/config-schema';
import { EndpointAppContext, EndpointData } from '../types';
import { kibanaRequestToEndpointListQuery } from '../services/endpoint/endpoint_query_builders';
import { EndpointMetadata, EndpointResultList } from '../../common/types';
import { EndpointAppContext } from '../types';
interface HitSource {
_source: EndpointData;
}
export interface EndpointResultList {
// the endpoint restricted by the page size
endpoints: EndpointData[];
// the total number of unique endpoints in the index
total: number;
// the page size requested
request_page_size: number;
// the index requested
request_index: number;
_source: EndpointMetadata;
}
export function registerEndpointRoutes(router: IRouter, endpointAppContext: EndpointAppContext) {
@ -53,7 +44,7 @@ export function registerEndpointRoutes(router: IRouter, endpointAppContext: Endp
const response = (await context.core.elasticsearch.dataClient.callAsCurrentUser(
'search',
queryParams
)) as SearchResponse<EndpointData>;
)) as SearchResponse<EndpointMetadata>;
return res.ok({ body: mapToEndpointResultList(queryParams, response) });
} catch (err) {
return res.internalError({ body: err });
@ -64,13 +55,13 @@ export function registerEndpointRoutes(router: IRouter, endpointAppContext: Endp
function mapToEndpointResultList(
queryParams: Record<string, any>,
searchResponse: SearchResponse<EndpointData>
searchResponse: SearchResponse<EndpointMetadata>
): EndpointResultList {
const totalNumberOfEndpoints = searchResponse?.aggregations?.total?.value || 0;
if (searchResponse.hits.hits.length > 0) {
return {
request_page_size: queryParams.size,
request_index: queryParams.from,
request_page_index: queryParams.from,
endpoints: searchResponse.hits.hits
.map(response => response.inner_hits.most_recent.hits.hits)
.flatMap(data => data as HitSource)
@ -80,7 +71,7 @@ function mapToEndpointResultList(
} else {
return {
request_page_size: queryParams.size,
request_index: queryParams.from,
request_page_index: queryParams.from,
total: totalNumberOfEndpoints,
endpoints: [],
};

8
x-pack/plugins/endpoint/server/services/endpoint/endpoint_query_builders.test.ts
View file

@ -23,23 +23,23 @@ describe('test query builder', () => {
match_all: {},
},
collapse: {
field: 'machine_id',
field: 'host.id.keyword',
inner_hits: {
name: 'most_recent',
size: 1,
sort: [{ created_at: 'desc' }],
sort: [{ 'event.created': 'desc' }],
},
},
aggs: {
total: {
cardinality: {
field: 'machine_id',
field: 'host.id.keyword',
},
},
},
sort: [
{
created_at: {
'event.created': {
order: 'desc',
},
},

11
x-pack/plugins/endpoint/server/services/endpoint/endpoint_query_builders.ts
View file

@ -4,7 +4,8 @@
* you may not use this file except in compliance with the Elastic License.
*/
import { KibanaRequest } from 'kibana/server';
import { EndpointAppConstants, EndpointAppContext } from '../../types';
import { EndpointAppConstants } from '../../../common/types';
import { EndpointAppContext } from '../../types';
export const kibanaRequestToEndpointListQuery = async (
request: KibanaRequest<any, any, any>,
@ -17,23 +18,23 @@ export const kibanaRequestToEndpointListQuery = async (
match_all: {},
},
collapse: {
field: 'machine_id',
field: 'host.id.keyword',
inner_hits: {
name: 'most_recent',
size: 1,
sort: [{ created_at: 'desc' }],
sort: [{ 'event.created': 'desc' }],
},
},
aggs: {
total: {
cardinality: {
field: 'machine_id',
field: 'host.id.keyword',
},
},
},
sort: [
{
created_at: {
'event.created': {
order: 'desc',
},
},

440
x-pack/plugins/endpoint/server/test_data/all_endpoints_data.json
View file

@ -1,120 +1,100 @@
{
"took": 3,
"timed_out": false,
"_shards": {
"total": 1,
"successful": 1,
"skipped": 0,
"failed": 0
"took" : 343,
"timed_out" : false,
"_shards" : {
"total" : 1,
"successful" : 1,
"skipped" : 0,
"failed" : 0
},
"hits": {
"total": {
"value": 9,
"relation": "eq"
"hits" : {
"total" : {
"value" : 4,
"relation" : "eq"
},
"max_score": null,
"hits": [
"max_score" : null,
"hits" : [
{
"_index": "endpoint-agent",
"_id": "UV_6SG8B9c_DH2QsbOZd",
"_score": null,
"_source": {
"machine_id": "606267a9-2e51-42b4-956e-6cc7812e3447",
"created_at": "2019-12-27T20:09:28.377Z",
"host": {
"name": "natalee-2",
"hostname": "natalee-2.example.com",
"ip": "10.5.220.127",
"mac_address": "17-5f-c9-f8-ca-d6",
"os": {
"name": "windows 6.3",
"full": "Windows Server 2012R2"
"_index" : "endpoint-agent",
"_id" : "WqVo1G8BYQH1gtPUgYkC",
"_score" : null,
"_source" : {
"@timestamp" : 1579816615336,
"event" : {
"created" : "2020-01-23T21:56:55.336Z"
},
"endpoint" : {
"policy" : {
"id" : "C2A9093E-E289-4C0A-AA44-8C32A414FA7A"
}
},
"endpoint": {
"domain": "example.com",
"is_base_image": false,
"active_directory_distinguished_name": "CN=natalee-2,DC=example,DC=com",
"active_directory_hostname": "natalee-2.example.com",
"upgrade": {
"status": null,
"updated_at": null
},
"isolation": {
"status": false,
"request_status": null,
"updated_at": null
},
"policy": {
"name": "With Eventing",
"id": "C2A9093E-E289-4C0A-AA44-8C32A414FA7A"
},
"sensor": {
"persistence": true,
"status": {}
"agent" : {
"version" : "6.8.3",
"id" : "56a75650-3c8a-4e4f-ac17-6dd729c650e2"
},
"host" : {
"id" : "7141a48b-e19f-4ae3-89a0-6e7179a84265",
"hostname" : "larimer-0.example.com",
"ip" : "10.21.48.136",
"mac" : "77-be-30-f0-e8-d6",
"architecture" : "x86_64",
"os" : {
"name" : "windows 6.2",
"full" : "Windows Server 2012",
"version" : "6.2"
}
}
},
"fields": {
"machine_id": [
"606267a9-2e51-42b4-956e-6cc7812e3447"
"fields" : {
"host.id.keyword" : [
"7141a48b-e19f-4ae3-89a0-6e7179a84265"
]
},
"sort": [
1577477368377
"sort" : [
1579816615336
],
"inner_hits": {
"most_recent": {
"hits": {
"total": {
"value": 3,
"relation": "eq"
"inner_hits" : {
"most_recent" : {
"hits" : {
"total" : {
"value" : 2,
"relation" : "eq"
},
"max_score": null,
"hits": [
"max_score" : null,
"hits" : [
{
"_index": "endpoint-agent",
"_id": "UV_6SG8B9c_DH2QsbOZd",
"_score": null,
"_source": {
"machine_id": "606267a9-2e51-42b4-956e-6cc7812e3447",
"created_at": "2019-12-27T20:09:28.377Z",
"host": {
"name": "natalee-2",
"hostname": "natalee-2.example.com",
"ip": "10.5.220.127",
"mac_address": "17-5f-c9-f8-ca-d6",
"os": {
"name": "windows 6.3",
"full": "Windows Server 2012R2"
"_index" : "endpoint-agent",
"_id" : "WqVo1G8BYQH1gtPUgYkC",
"_score" : null,
"_source" : {
"@timestamp" : 1579816615336,
"event" : {
"created" : "2020-01-23T21:56:55.336Z"
},
"endpoint" : {
"policy" : {
"id" : "C2A9093E-E289-4C0A-AA44-8C32A414FA7A"
}
},
"endpoint": {
"domain": "example.com",
"is_base_image": false,
"active_directory_distinguished_name": "CN=natalee-2,DC=example,DC=com",
"active_directory_hostname": "natalee-2.example.com",
"upgrade": {
"status": null,
"updated_at": null
},
"isolation": {
"status": false,
"request_status": null,
"updated_at": null
},
"policy": {
"name": "With Eventing",
"id": "C2A9093E-E289-4C0A-AA44-8C32A414FA7A"
},
"sensor": {
"persistence": true,
"status": {}
"agent" : {
"version" : "6.8.3",
"id" : "56a75650-3c8a-4e4f-ac17-6dd729c650e2"
},
"host" : {
"id" : "7141a48b-e19f-4ae3-89a0-6e7179a84265",
"hostname" : "larimer-0.example.com",
"ip" : "10.21.48.136",
"mac" : "77-be-30-f0-e8-d6",
"architecture" : "x86_64",
"os" : {
"name" : "windows 6.2",
"full" : "Windows Server 2012",
"version" : "6.2"
}
}
},
"sort": [
1577477368377
"sort" : [
1579816615336
]
}
]
@ -123,214 +103,86 @@
}
},
{
"_index": "endpoint-agent",
"_id": "Ul_6SG8B9c_DH2QsbOZd",
"_score": null,
"_source": {
"machine_id": "8ec625e1-a80c-4c9f-bdfd-496060aa6310",
"created_at": "2019-12-27T20:09:28.377Z",
"host": {
"name": "luttrell-2",
"hostname": "luttrell-2.example.com",
"ip": "10.246.84.193",
"mac_address": "dc-d-88-14-c3-c6",
"os": {
"name": "windows 6.3",
"full": "Windows Server 2012R2"
"_index" : "endpoint-agent",
"_id" : "W6Vo1G8BYQH1gtPUgYkC",
"_score" : null,
"_source" : {
"@timestamp" : 1579816615336,
"event" : {
"created" : "2020-01-23T21:56:55.336Z"
},
"endpoint" : {
"policy" : {
"id" : "C2A9093E-E289-4C0A-AA44-8C32A414FA7A"
}
},
"endpoint": {
"domain": "example.com",
"is_base_image": false,
"active_directory_distinguished_name": "CN=luttrell-2,DC=example,DC=com",
"active_directory_hostname": "luttrell-2.example.com",
"upgrade": {
"status": null,
"updated_at": null
},
"isolation": {
"status": false,
"request_status": null,
"updated_at": null
},
"policy": {
"name": "Default",
"id": "00000000-0000-0000-0000-000000000000"
},
"sensor": {
"persistence": true,
"status": {}
"agent" : {
"version" : "6.4.3",
"id" : "c2d84d8f-d355-40de-8b54-5d318d4d1312"
},
"host" : {
"id" : "f35ec6c1-6562-45b1-818f-2f14c0854adf",
"hostname" : "hildebrandt-6.example.com",
"ip" : "10.53.92.84",
"mac" : "af-f1-8f-51-25-2a",
"architecture" : "x86_64",
"os" : {
"name" : "windows 10.0",
"full" : "Windows 10",
"version" : "10.0"
}
}
},
"fields": {
"machine_id": [
"8ec625e1-a80c-4c9f-bdfd-496060aa6310"
"fields" : {
"host.id.keyword" : [
"f35ec6c1-6562-45b1-818f-2f14c0854adf"
]
},
"sort": [
1577477368377
"sort" : [
1579816615336
],
"inner_hits": {
"most_recent": {
"hits": {
"total": {
"value": 3,
"relation": "eq"
"inner_hits" : {
"most_recent" : {
"hits" : {
"total" : {
"value" : 2,
"relation" : "eq"
},
"max_score": null,
"hits": [
"max_score" : null,
"hits" : [
{
"_index": "endpoint-agent",
"_id": "Ul_6SG8B9c_DH2QsbOZd",
"_score": null,
"_source": {
"machine_id": "8ec625e1-a80c-4c9f-bdfd-496060aa6310",
"created_at": "2019-12-27T20:09:28.377Z",
"host": {
"name": "luttrell-2",
"hostname": "luttrell-2.example.com",
"ip": "10.246.84.193",
"mac_address": "dc-d-88-14-c3-c6",
"os": {
"name": "windows 6.3",
"full": "Windows Server 2012R2"
"_index" : "endpoint-agent",
"_id" : "W6Vo1G8BYQH1gtPUgYkC",
"_score" : null,
"_source" : {
"@timestamp" : 1579816615336,
"event" : {
"created" : "2020-01-23T21:56:55.336Z"
},
"endpoint" : {
"policy" : {
"id" : "C2A9093E-E289-4C0A-AA44-8C32A414FA7A"
}
},
"endpoint": {
"domain": "example.com",
"is_base_image": false,
"active_directory_distinguished_name": "CN=luttrell-2,DC=example,DC=com",
"active_directory_hostname": "luttrell-2.example.com",
"upgrade": {
"status": null,
"updated_at": null
},
"isolation": {
"status": false,
"request_status": null,
"updated_at": null
},
"policy": {
"name": "Default",
"id": "00000000-0000-0000-0000-000000000000"
},
"sensor": {
"persistence": true,
"status": {}
"agent" : {
"version" : "6.4.3",
"id" : "c2d84d8f-d355-40de-8b54-5d318d4d1312"
},
"host" : {
"id" : "f35ec6c1-6562-45b1-818f-2f14c0854adf",
"hostname" : "hildebrandt-6.example.com",
"ip" : "10.53.92.84",
"mac" : "af-f1-8f-51-25-2a",
"architecture" : "x86_64",
"os" : {
"name" : "windows 10.0",
"full" : "Windows 10",
"version" : "10.0"
}
}
},
"sort": [
1577477368377
]
}
]
}
}
}
},
{
"_index": "endpoint-agent",
"_id": "U1_6SG8B9c_DH2QsbOZd",
"_score": null,
"_source": {
"machine_id": "853a308c-6e6d-4b92-a32b-2f623b6c8cf4",
"created_at": "2019-12-27T20:09:28.377Z",
"host": {
"name": "akeylah-7",
"hostname": "akeylah-7.example.com",
"ip": "10.252.242.44",
"mac_address": "27-b9-51-21-31-a",
"os": {
"name": "windows 6.3",
"full": "Windows Server 2012R2"
}
},
"endpoint": {
"domain": "example.com",
"is_base_image": false,
"active_directory_distinguished_name": "CN=akeylah-7,DC=example,DC=com",
"active_directory_hostname": "akeylah-7.example.com",
"upgrade": {
"status": null,
"updated_at": null
},
"isolation": {
"status": false,
"request_status": null,
"updated_at": null
},
"policy": {
"name": "With Eventing",
"id": "C2A9093E-E289-4C0A-AA44-8C32A414FA7A"
},
"sensor": {
"persistence": true,
"status": {}
}
}
},
"fields": {
"machine_id": [
"853a308c-6e6d-4b92-a32b-2f623b6c8cf4"
]
},
"sort": [
1577477368377
],
"inner_hits": {
"most_recent": {
"hits": {
"total": {
"value": 3,
"relation": "eq"
},
"max_score": null,
"hits": [
{
"_index": "endpoint-agent",
"_id": "U1_6SG8B9c_DH2QsbOZd",
"_score": null,
"_source": {
"machine_id": "853a308c-6e6d-4b92-a32b-2f623b6c8cf4",
"created_at": "2019-12-27T20:09:28.377Z",
"host": {
"name": "akeylah-7",
"hostname": "akeylah-7.example.com",
"ip": "10.252.242.44",
"mac_address": "27-b9-51-21-31-a",
"os": {
"name": "windows 6.3",
"full": "Windows Server 2012R2"
}
},
"endpoint": {
"domain": "example.com",
"is_base_image": false,
"active_directory_distinguished_name": "CN=akeylah-7,DC=example,DC=com",
"active_directory_hostname": "akeylah-7.example.com",
"upgrade": {
"status": null,
"updated_at": null
},
"isolation": {
"status": false,
"request_status": null,
"updated_at": null
},
"policy": {
"name": "With Eventing",
"id": "C2A9093E-E289-4C0A-AA44-8C32A414FA7A"
},
"sensor": {
"persistence": true,
"status": {}
}
}
},
"sort": [
1577477368377
"sort" : [
1579816615336
]
}
]
@ -340,9 +192,9 @@
}
]
},
"aggregations": {
"total": {
"value": 3
"aggregations" : {
"total" : {
"value" : 2
}
}
}

42
x-pack/plugins/endpoint/server/types.ts
View file

@ -10,45 +10,3 @@ export interface EndpointAppContext {
logFactory: LoggerFactory;
config(): Promise<EndpointConfigType>;
}
export class EndpointAppConstants {
static ENDPOINT_INDEX_NAME = 'endpoint-agent*';
}
export interface EndpointData {
machine_id: string;
created_at: Date;
host: {
name: string;
hostname: string;
ip: string;
mac_address: string;
os: {
name: string;
full: string;
};
};
endpoint: {
domain: string;
is_base_image: boolean;
active_directory_distinguished_name: string;
active_directory_hostname: string;
upgrade: {
status?: string;
updated_at?: Date;
};
isolation: {
status: boolean;
request_status?: string | boolean;
updated_at?: Date;
};
policy: {
name: string;
id: string;
};
sensor: {
persistence: boolean;
status: object;
};
};
}

14
x-pack/test/api_integration/apis/endpoint/endpoints.ts
View file

@ -12,7 +12,7 @@ export default function({ getService }: FtrProviderContext) {
describe('test endpoints api', () => {
describe('POST /api/endpoint/endpoints when index is empty', () => {
it('endpoints api should return empty result when index is empty', async () => {
await esArchiver.unload('endpoint/endpoints');
await esArchiver.unload('endpoint/endpoints/api_feature');
const { body } = await supertest
.post('/api/endpoint/endpoints')
.set('kbn-xsrf', 'xxx')
@ -21,13 +21,13 @@ export default function({ getService }: FtrProviderContext) {
expect(body.total).to.eql(0);
expect(body.endpoints.length).to.eql(0);
expect(body.request_page_size).to.eql(10);
expect(body.request_index).to.eql(0);
expect(body.request_page_index).to.eql(0);
});
});
describe('POST /api/endpoint/endpoints when index is not empty', () => {
before(() => esArchiver.load('endpoint/endpoints'));
after(() => esArchiver.unload('endpoint/endpoints'));
before(() => esArchiver.load('endpoint/endpoints/api_feature'));
after(() => esArchiver.unload('endpoint/endpoints/api_feature'));
it('endpoints api should return one entry for each endpoint with default paging', async () => {
const { body } = await supertest
.post('/api/endpoint/endpoints')
@ -37,7 +37,7 @@ export default function({ getService }: FtrProviderContext) {
expect(body.total).to.eql(3);
expect(body.endpoints.length).to.eql(3);
expect(body.request_page_size).to.eql(10);
expect(body.request_index).to.eql(0);
expect(body.request_page_index).to.eql(0);
});
it('endpoints api should return page based on params passed.', async () => {
@ -58,7 +58,7 @@ export default function({ getService }: FtrProviderContext) {
expect(body.total).to.eql(3);
expect(body.endpoints.length).to.eql(1);
expect(body.request_page_size).to.eql(1);
expect(body.request_index).to.eql(1);
expect(body.request_page_index).to.eql(1);
});
/* test that when paging properties produces no result, the total should reflect the actual number of endpoints
@ -82,7 +82,7 @@ export default function({ getService }: FtrProviderContext) {
expect(body.total).to.eql(3);
expect(body.endpoints.length).to.eql(0);
expect(body.request_page_size).to.eql(10);
expect(body.request_index).to.eql(30);
expect(body.request_page_index).to.eql(30);
});
it('endpoints api should return 400 when pagingProperties is below boundaries.', async () => {

364
x-pack/test/functional/es_archives/endpoint/endpoints/api_feature/data.json Normal file
View file

@ -0,0 +1,364 @@
{
"type": "doc",
"value": {
"id": "3KVN2G8BYQH1gtPUuYk7",
"index": "endpoint-agent",
"source": {
"@timestamp": 1579881969541,
"agent": {
"id": "963b081e-60d1-482c-befd-a5815fa8290f",
"version": "6.6.1"
},
"endpoint": {
"policy": {
"id": "C2A9093E-E289-4C0A-AA44-8C32A414FA7A"
}
},
"event": {
"created": "2020-01-24T16:06:09.541Z"
},
"host": {
"architecture": "x86",
"hostname": "cadmann-4.example.com",
"id": "1fb3e58f-6ab0-4406-9d2a-91911207a712",
"ip": [
"10.192.213.130",
"10.70.28.129"
],
"mac": [
"a9-71-6a-cc-93-85",
"f7-31-84-d3-21-68",
"2-95-12-39-ca-71"
],
"os": {
"full": "Windows 10",
"name": "windows 10.0",
"version": "10.0"
}
}
}
}
}
{
"type": "doc",
"value": {
"id": "3aVN2G8BYQH1gtPUuYk7",
"index": "endpoint-agent",
"source": {
"@timestamp": 1579881969541,
"agent": {
"id": "b3412d6f-b022-4448-8fee-21cc936ea86b",
"version": "6.0.0"
},
"endpoint": {
"policy": {
"id": "C2A9093E-E289-4C0A-AA44-8C32A414FA7A"
}
},
"event": {
"created": "2020-01-24T16:06:09.541Z"
},
"host": {
"architecture": "x86_64",
"hostname": "thurlow-9.example.com",
"id": "2f735e3d-be14-483b-9822-bad06e9045ca",
"ip": [
"10.46.229.234"
],
"mac": [
"30-8c-45-55-69-b8",
"e5-36-7e-8f-a3-84",
"39-a1-37-20-18-74"
],
"os": {
"full": "Windows Server 2016",
"name": "windows 10.0",
"version": "10.0"
}
}
}
}
}
{
"type": "doc",
"value": {
"id": "3qVN2G8BYQH1gtPUuYk7",
"index": "endpoint-agent",
"source": {
"@timestamp": 1579881969541,
"agent": {
"id": "3838df35-a095-4af4-8fce-0b6d78793f2e",
"version": "6.8.0"
},
"endpoint": {
"policy": {
"id": "00000000-0000-0000-0000-000000000000"
}
},
"event": {
"created": "2020-01-24T16:06:09.541Z"
},
"host": {
"hostname": "rezzani-7.example.com",
"id": "fc0ff548-feba-41b6-8367-65e8790d0eaf",
"ip": [
"10.101.149.26",
"10.12.85.216"
],
"mac": [
"e2-6d-f9-0-46-2e"
],
"os": {
"full": "Windows 10",
"name": "windows 10.0",
"version": "10.0"
}
}
}
}
}
{
"type": "doc",
"value": {
"id": "36VN2G8BYQH1gtPUuYk7",
"index": "endpoint-agent",
"source": {
"@timestamp": 1579878369541,
"agent": {
"id": "963b081e-60d1-482c-befd-a5815fa8290f",
"version": "6.6.1"
},
"endpoint": {
"policy": {
"id": "C2A9093E-E289-4C0A-AA44-8C32A414FA7A"
}
},
"event": {
"created": "2020-01-24T15:06:09.541Z"
},
"host": {
"architecture": "x86",
"hostname": "cadmann-4.example.com",
"id": "1fb3e58f-6ab0-4406-9d2a-91911207a712",
"ip": [
"10.192.213.130",
"10.70.28.129"
],
"mac": [
"a9-71-6a-cc-93-85",
"f7-31-84-d3-21-68",
"2-95-12-39-ca-71"
],
"os": {
"full": "Windows Server 2016",
"name": "windows 10.0",
"version": "10.0"
}
}
}
}
}
{
"type": "doc",
"value": {
"id": "4KVN2G8BYQH1gtPUuYk7",
"index": "endpoint-agent",
"source": {
"@timestamp": 1579878369541,
"agent": {
"id": "b3412d6f-b022-4448-8fee-21cc936ea86b",
"version": "6.0.0"
},
"endpoint": {
"policy": {
"id": "C2A9093E-E289-4C0A-AA44-8C32A414FA7A"
}
},
"event": {
"created": "2020-01-24T15:06:09.541Z"
},
"host": {
"hostname": "thurlow-9.example.com",
"id": "2f735e3d-be14-483b-9822-bad06e9045ca",
"ip": [
"10.46.229.234"
],
"mac": [
"30-8c-45-55-69-b8",
"e5-36-7e-8f-a3-84",
"39-a1-37-20-18-74"
],
"os": {
"full": "Windows Server 2012",
"name": "windows 6.2",
"version": "6.2"
}
}
}
}
}
{
"type": "doc",
"value": {
"id": "4aVN2G8BYQH1gtPUuYk7",
"index": "endpoint-agent",
"source": {
"@timestamp": 1579878369541,
"agent": {
"id": "3838df35-a095-4af4-8fce-0b6d78793f2e",
"version": "6.8.0"
},
"endpoint": {
"policy": {
"id": "00000000-0000-0000-0000-000000000000"
}
},
"event": {
"created": "2020-01-24T15:06:09.541Z"
},
"host": {
"architecture": "x86",
"hostname": "rezzani-7.example.com",
"id": "fc0ff548-feba-41b6-8367-65e8790d0eaf",
"ip": [
"10.101.149.26",
"10.12.85.216"
],
"mac": [
"e2-6d-f9-0-46-2e"
],
"os": {
"full": "Windows Server 2012",
"name": "windows 6.2",
"version": "6.2"
}
}
}
}
}
{
"type": "doc",
"value": {
"id": "4qVN2G8BYQH1gtPUuYk7",
"index": "endpoint-agent",
"source": {
"@timestamp": 1579874769541,
"agent": {
"id": "963b081e-60d1-482c-befd-a5815fa8290f",
"version": "6.6.1"
},
"endpoint": {
"policy": {
"id": "00000000-0000-0000-0000-000000000000"
}
},
"event": {
"created": "2020-01-24T14:06:09.541Z"
},
"host": {
"hostname": "cadmann-4.example.com",
"id": "1fb3e58f-6ab0-4406-9d2a-91911207a712",
"ip": [
"10.192.213.130",
"10.70.28.129"
],
"mac": [
"a9-71-6a-cc-93-85",
"f7-31-84-d3-21-68",
"2-95-12-39-ca-71"
],
"os": {
"full": "Windows Server 2012R2",
"name": "windows 6.3",
"version": "6.3"
}
}
}
}
}
{
"type": "doc",
"value": {
"id": "46VN2G8BYQH1gtPUuYk7",
"index": "endpoint-agent",
"source": {
"@timestamp": 1579874769541,
"agent": {
"id": "b3412d6f-b022-4448-8fee-21cc936ea86b",
"version": "6.0.0"
},
"endpoint": {
"policy": {
"id": "C2A9093E-E289-4C0A-AA44-8C32A414FA7A"
}
},
"event": {
"created": "2020-01-24T14:06:09.541Z"
},
"host": {
"hostname": "thurlow-9.example.com",
"id": "2f735e3d-be14-483b-9822-bad06e9045ca",
"ip": [
"10.46.229.234"
],
"mac": [
"30-8c-45-55-69-b8",
"e5-36-7e-8f-a3-84",
"39-a1-37-20-18-74"
],
"os": {
"full": "Windows Server 2012R2",
"name": "windows 6.3",
"version": "6.3"
}
}
}
}
}
{
"type": "doc",
"value": {
"id": "5KVN2G8BYQH1gtPUuYk7",
"index": "endpoint-agent",
"source": {
"@timestamp": 1579874769541,
"agent": {
"id": "3838df35-a095-4af4-8fce-0b6d78793f2e",
"version": "6.8.0"
},
"endpoint": {
"policy": {
"id": "00000000-0000-0000-0000-000000000000"
}
},
"event": {
"created": "2020-01-24T14:06:09.541Z"
},
"host": {
"architecture": "x86",
"hostname": "rezzani-7.example.com",
"id": "fc0ff548-feba-41b6-8367-65e8790d0eaf",
"ip": [
"10.101.149.26",
"10.12.85.216"
],
"mac": [
"e2-6d-f9-0-46-2e"
],
"os": {
"full": "Windows Server 2012",
"name": "windows 6.2",
"version": "6.2"
}
}
}
}
}

147
x-pack/test/functional/es_archives/endpoint/endpoints/api_feature/mappings.json Normal file
View file

@ -0,0 +1,147 @@
{
"type": "index",
"value": {
"aliases": {
},
"index": "endpoint-agent",
"mappings": {
"properties": {
"@timestamp": {
"type": "long"
},
"agent": {
"properties": {
"id": {
"fields": {
"keyword": {
"ignore_above": 256,
"type": "keyword"
}
},
"type": "text"
},
"version": {
"fields": {
"keyword": {
"ignore_above": 256,
"type": "keyword"
}
},
"type": "text"
}
}
},
"endpoint": {
"properties": {
"policy": {
"properties": {
"id": {
"fields": {
"keyword": {
"ignore_above": 256,
"type": "keyword"
}
},
"type": "text"
}
}
}
}
},
"event": {
"properties": {
"created": {
"type": "date"
}
}
},
"host": {
"properties": {
"architecture": {
"fields": {
"keyword": {
"ignore_above": 256,
"type": "keyword"
}
},
"type": "text"
},
"hostname": {
"fields": {
"keyword": {
"ignore_above": 256,
"type": "keyword"
}
},
"type": "text"
},
"id": {
"fields": {
"keyword": {
"ignore_above": 256,
"type": "keyword"
}
},
"type": "text"
},
"ip": {
"fields": {
"keyword": {
"ignore_above": 256,
"type": "keyword"
}
},
"type": "text"
},
"mac": {
"fields": {
"keyword": {
"ignore_above": 256,
"type": "keyword"
}
},
"type": "text"
},
"os": {
"properties": {
"full": {
"fields": {
"keyword": {
"ignore_above": 256,
"type": "keyword"
}
},
"type": "text"
},
"name": {
"fields": {
"keyword": {
"ignore_above": 256,
"type": "keyword"
}
},
"type": "text"
},
"version": {
"fields": {
"keyword": {
"ignore_above": 256,
"type": "keyword"
}
},
"type": "text"
}
}
}
}
}
}
},
"settings": {
"index": {
"number_of_replicas": "1",
"number_of_shards": "1"
}
}
}
}

BIN
x-pack/test/functional/es_archives/endpoint/endpoints/data.json.gz
View file

Binary file not shown.

104
x-pack/test/functional/es_archives/endpoint/endpoints/mappings.json
View file

@ -1,104 +0,0 @@
{
"type": "index",
"value": {
"aliases": {
},
"index": "endpoint-agent",
"mappings": {
"properties": {
"created_at": {
"type": "date"
},
"endpoint": {
"properties": {
"active_directory_distinguished_name": {
"type": "text"
},
"active_directory_hostname": {
"type": "text"
},
"domain": {
"type": "text"
},
"is_base_image": {
"type": "boolean"
},
"isolation": {
"properties": {
"status": {
"type": "boolean"
}
}
},
"policy": {
"properties": {
"id": {
"ignore_above": 256,
"type": "keyword"
},
"name": {
"fields": {
"keyword": {
"ignore_above": 256,
"type": "keyword"
}
},
"type": "text"
}
}
},
"sensor": {
"properties": {
"persistence": {
"type": "boolean"
},
"status": {
"type": "object"
}
}
},
"upgrade": {
"type": "object"
}
}
},
"host": {
"properties": {
"hostname": {
"type": "text"
},
"ip": {
"ignore_above": 256,
"type": "keyword"
},
"mac_address": {
"type": "text"
},
"name": {
"type": "text"
},
"os": {
"properties": {
"full": {
"type": "text"
},
"name": {
"type": "text"
}
}
}
}
},
"machine_id": {
"type": "keyword"
}
}
},
"settings": {
"index": {
"number_of_replicas": "0",
"number_of_shards": "1"
}
}
}
}