mirror of
https://github.com/elastic/kibana.git
synced 2025-04-24 01:38:56 -04:00
[SIEM] Fixes the rendering order and adds unit tests to prevent rendering to get out of order (#44728) (#44735)
## Summary Fixes the rendering order so that if you have a Suricata Row Renderer it will be activated instead of just the netflow. This also adds more unit tests and rearranges the netflow renderer to be next to the plain row renderer so it takes less of a precedence and we should be less likely to break again in the future. * https://github.com/elastic/kibana/issues/44408 Before: <img width="1105" alt="before" src="https://user-images.githubusercontent.com/1151048/64216277-6a371100-ce75-11e9-99e6-f5120b591cc7.png"> After: <img width="1097" alt="after" src="https://user-images.githubusercontent.com/1151048/64216282-6efbc500-ce75-11e9-8a45-d29fcd527a43.png"> ### Checklist Use ~~strikethroughs~~ to remove checklist items you don't feel are applicable to this PR. - [ ] This was checked for cross-browser compatibility, [including a check against IE11](https://github.com/elastic/kibana/blob/master/CONTRIBUTING.md#cross-browser-compatibility) - [x] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/master/packages/kbn-i18n/README.md) - [x] [Documentation](https://github.com/elastic/kibana/blob/master/CONTRIBUTING.md#writing-documentation) was added for features that require explanation or tutorials - [x] [Unit or functional tests](https://github.com/elastic/kibana/blob/master/CONTRIBUTING.md#cross-browser-compatibility) were updated or added to match the most common scenarios - [ ] This was checked for [keyboard-only and screenreader accessibility](https://developer.mozilla.org/en-US/docs/Learn/Tools_and_testing/Cross_browser_testing/Accessibility#Accessibility_testing_checklist) ### For maintainers - [x] This was checked for breaking API changes and was [labeled appropriately](https://github.com/elastic/kibana/blob/master/CONTRIBUTING.md#release-notes-process) - [x] This includes a feature addition or change that requires a release note and was [labeled appropriately](https://github.com/elastic/kibana/blob/master/CONTRIBUTING.md#release-notes-process)
This commit is contained in:
Frank Hassanabad
GitHub
parent
5ff09e72c5
commit
adcec65695
2 changed files with 87 additions and 3 deletions
|
|
@ -20,10 +20,15 @@ import { getRowRenderer } from './get_row_renderer';
|
|||
describe('get_column_renderer', () => {
|
||||
let nonSuricata: Ecs;
|
||||
let suricata: Ecs;
|
||||
|
||||
let zeek: Ecs;
|
||||
let system: Ecs;
|
||||
let auditd: Ecs;
|
||||
beforeEach(() => {
|
||||
nonSuricata = cloneDeep(mockTimelineData[0].ecs);
|
||||
suricata = cloneDeep(mockTimelineData[2].ecs);
|
||||
zeek = cloneDeep(mockTimelineData[13].ecs);
|
||||
system = cloneDeep(mockTimelineData[28].ecs);
|
||||
auditd = cloneDeep(mockTimelineData[19].ecs);
|
||||
});
|
||||
|
||||
test('renders correctly against snapshot', () => {
|
||||
|
|
@ -69,4 +74,76 @@ describe('get_column_renderer', () => {
|
|||
'some child 4ETEXPLOITNETGEARWNR2000v5 hidden_lang_avi Stack Overflow (CVE-2016-10174)Source192.168.0.3:53Destination192.168.0.3:6343'
|
||||
);
|
||||
});
|
||||
|
||||
test('should render a suricata row data if event.category is network_traffic', () => {
|
||||
suricata.event = { ...suricata.event, ...{ category: ['network_traffic'] } };
|
||||
const rowRenderer = getRowRenderer(suricata, rowRenderers);
|
||||
const row = rowRenderer.renderRow({
|
||||
browserFields: mockBrowserFields,
|
||||
data: suricata,
|
||||
children: <span>{'some child '}</span>,
|
||||
});
|
||||
const wrapper = mount(
|
||||
<TestProviders>
|
||||
<span>{row}</span>
|
||||
</TestProviders>
|
||||
);
|
||||
expect(wrapper.text()).toContain(
|
||||
'some child 4ETEXPLOITNETGEARWNR2000v5 hidden_lang_avi Stack Overflow (CVE-2016-10174)Source192.168.0.3:53Destination192.168.0.3:6343'
|
||||
);
|
||||
});
|
||||
|
||||
test('should render a zeek row data if event.category is network_traffic', () => {
|
||||
zeek.event = { ...zeek.event, ...{ category: ['network_traffic'] } };
|
||||
const rowRenderer = getRowRenderer(zeek, rowRenderers);
|
||||
const row = rowRenderer.renderRow({
|
||||
browserFields: mockBrowserFields,
|
||||
data: zeek,
|
||||
children: <span>{'some child '}</span>,
|
||||
});
|
||||
const wrapper = mount(
|
||||
<TestProviders>
|
||||
<span>{row}</span>
|
||||
</TestProviders>
|
||||
);
|
||||
expect(wrapper.text()).toContain(
|
||||
'some child C8DRTq362Fios6hw16connectionREJSrConnection attempt rejectedtcpSource185.176.26.101:44059Destination207.154.238.205:11568'
|
||||
);
|
||||
});
|
||||
|
||||
test('should render a system row data if event.category is network_traffic', () => {
|
||||
system.event = { ...system.event, ...{ category: ['network_traffic'] } };
|
||||
const rowRenderer = getRowRenderer(system, rowRenderers);
|
||||
const row = rowRenderer.renderRow({
|
||||
browserFields: mockBrowserFields,
|
||||
data: system,
|
||||
children: <span>{'some child '}</span>,
|
||||
});
|
||||
const wrapper = mount(
|
||||
<TestProviders>
|
||||
<span>{row}</span>
|
||||
</TestProviders>
|
||||
);
|
||||
expect(wrapper.text()).toContain(
|
||||
'some child Braden@zeek-londonattempted a login via6278with resultfailureSource128.199.212.120'
|
||||
);
|
||||
});
|
||||
|
||||
test('should render a auditd row data if event.category is network_traffic', () => {
|
||||
auditd.event = { ...auditd.event, ...{ category: ['network_traffic'] } };
|
||||
const rowRenderer = getRowRenderer(auditd, rowRenderers);
|
||||
const row = rowRenderer.renderRow({
|
||||
browserFields: mockBrowserFields,
|
||||
data: auditd,
|
||||
children: <span>{'some child '}</span>,
|
||||
});
|
||||
const wrapper = mount(
|
||||
<TestProviders>
|
||||
<span>{row}</span>
|
||||
</TestProviders>
|
||||
);
|
||||
expect(wrapper.text()).toContain(
|
||||
'some child Sessionalice@zeek-sanfranin/executedgpgconf--list-dirs agent-socket'
|
||||
);
|
||||
});
|
||||
});
|
||||
|
|
|
|||
|
|
@ -16,12 +16,19 @@ import { unknownColumnRenderer } from './unknown_column_renderer';
|
|||
import { zeekRowRenderer } from './zeek/zeek_row_renderer';
|
||||
import { systemRowRenderers } from './system/generic_row_renderer';
|
||||
|
||||
// The row renderers are order dependent and will return the first renderer
|
||||
// which returns true from its isInstance call. The bottom renderers which
|
||||
// are netflowRenderer and plainRowRenderer are the most accepting where
|
||||
// netflowRowRenderer returns true on any netflow related data set including
|
||||
// Suricata and Zeek which is why Suricata and Zeek are above it. The
|
||||
// plainRowRenderer always returns true to everything which is why it always
|
||||
// should be last.
|
||||
export const rowRenderers: RowRenderer[] = [
|
||||
...auditdRowRenderers,
|
||||
netflowRowRenderer,
|
||||
suricataRowRenderer,
|
||||
...systemRowRenderers,
|
||||
suricataRowRenderer,
|
||||
zeekRowRenderer,
|
||||
netflowRowRenderer,
|
||||
plainRowRenderer, // falls-back to the plain row renderer
|
||||
];
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue