github-mirrors/kibana
1
0
Fork 0
mirror of https://github.com/elastic/kibana.git synced 2025-04-24 17:59:23 -04:00
Code Issues Projects Releases Packages Wiki Activity

add filter to entity definitions schema (#208588)

Browse source 
## Summary

Adds filter to the entity definition schema so it can be used to filter
entity store data further.

### Testing Steps 
1. Open Kibana and start the entity store.
2. Initialise an engine (e.g., user) with a filter:
``` 
POST kbn:/api/entity_store/engines/user/init 
{
   "filter": "@timestamp < now-6w"
}
```
3. Once the transform has run, verify in Dev Tools:
`GET _transform/entities-v1-latest-security_user_default`
You should see the applied filter in the results, alongside default
filters for user.name and timestamp from
[generate_latest_transform.ts](90d768be9b/x-pack/platform/plugins/shared/entity_manager/server/lib/entities/transform/generate_latest_transform.ts (L29))
Example output will include the added filter as part of a bool query.

```
"query": {
          **"bool": {
            "filter": [
              {
                "bool": {
                  "should": [
                    {
                      "range": {
                        "@timestamp": {
                          "lt": "now-6w"
                        }
                      }
                    }
                  ],**
                  "minimum_should_match": 1
                }
              },
              {
                "exists": {
                  "field": "user.name"
                }
              },
              {
                "range": {
                  "@timestamp": {
                    "gte": "now-24h"
                  }
                }
              }
            ]
          }
        }
      },
```
This commit is contained in:
Charlotte Alexandra Wilson 2025-01-31 10:01:21 +00:00 committed by GitHub
parent ff0781834c
commit b94475c642
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 4 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

1
x-pack/solutions/security/plugins/security_solution/server/lib/entity_analytics/entity_store/entity_definitions/entity_manager_conversion.ts
View file

@ -23,6 +23,7 @@ export const convertToEntityManagerDefinition = (
indexPatterns: description.indexPatterns,
identityFields: [description.identityField],
displayNameTemplate: `{{${description.identityField}}}`,
filter: options.filter,
metadata,
latest: {
timestampField: description.settings.timestampField,

3
x-pack/solutions/security/plugins/security_solution/server/lib/entity_analytics/entity_store/installation/__snapshots__/engine_description.test.ts.snap generated
View file

@ -3,6 +3,7 @@
exports[`getUnitedEntityDefinition host entityManagerDefinition 1`] = `
Object {
"displayNameTemplate": "{{host.name}}",
"filter": "",
"id": "security_host_test",
"identityFields": Array [
Object {
@ -231,6 +232,7 @@ Object {
exports[`getUnitedEntityDefinition service entityManagerDefinition 1`] = `
Object {
"displayNameTemplate": "{{service.name}}",
"filter": "",
"id": "security_service_test",
"identityFields": Array [
Object {
@ -469,6 +471,7 @@ Object {
exports[`getUnitedEntityDefinition user entityManagerDefinition 1`] = `
Object {
"displayNameTemplate": "{{user.name}}",
"filter": "",
"id": "security_user_test",
"identityFields": Array [
Object {