[Security Solution][Entity Analytics] APIs for Entity Store engine (#191986)

This PR introduces the following API routes for setting up Entity Store "engines": <meta charset="utf-8"><b style="font-weight:normal;" id="docs-internal-guid-9410c5d7-7fff-e873-6830-887939a306fb"><div dir="ltr" style="margin-left:-0.75pt;" align="left"> Initialise Engine | POST /api/entity_store/engines/<entity_type>/init -- | -- Start Engine | POST /api/entity_store/engines/<entity_type>/start Stop Engine | POST /api/entity_store/engines/<entity_type>/stop Delete Engine | DELETE /api/entity_store/engines/<entity_type> Get engine | GET /api/entity_store/engines/<entity_type> List Engines | GET /api/entity_store/engines </div></b> The PR includes the following: - Adding the `EntityManager` plugin (see elastic/obs-entities) as a dependency of the Security Solution - The OpenAPI schemas for the new routes - The actual Kibana side endpoints - A `Saved Object` to track the installed engines - A new `EntityStoreDataClient` - A new feature flag `entityStoreEngineRoutesEnabled` ### How to test 1. Add some host/user data * Easiest is to use [elastic/security-data-generator](https://github.com/elastic/security-documents-generator) 2. Make sure to add `entityStoreEngineRoutesEnabled` under `xpack.securitySolution.enableExperimental` in your `kibana.dev.yml` 3. In kibana dev tools or your terminal, call the `INIT` route for either `user` or `host`. 4. You should now see 2 transforms in kibana. Make sure to re-trigger them if needed so they process the documents. 5. Check that new entities have been observed by querying the new entities index via: * `GET .entities.v1.latest.ea*/_search` 6. Check the other endpoints are working (`START`, `STOP`, `LIST`, etc) 7. Calling `DELETE` should remove the transforms Implements https://github.com/elastic/security-team/issues/10230 --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com> Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
2025-06-27 18:51:07 -04:00 · 2024-09-16 17:15:10 +02:00 · 2024-09-16 17:15:10 +02:00 · cd964f1229
commit cd964f1229
parent f029f8086a
50 changed files with 2097 additions and 2 deletions
--- a/x-pack/test/api_integration/services/security_solution_api.gen.ts
+++ b/x-pack/test/api_integration/services/security_solution_api.gen.ts
@ -37,6 +37,10 @@ import {
  CreateUpdateProtectionUpdatesNoteRequestBodyInput,
 } from '@kbn/security-solution-plugin/common/api/endpoint/protection_updates_note/protection_updates_note.gen';
 import { DeleteAssetCriticalityRecordRequestQueryInput } from '@kbn/security-solution-plugin/common/api/entity_analytics/asset_criticality/delete_asset_criticality.gen';
+import {
+  DeleteEntityStoreRequestQueryInput,
+  DeleteEntityStoreRequestParamsInput,
+} from '@kbn/security-solution-plugin/common/api/entity_analytics/entity_store/engine/delete.gen';
 import { DeleteNoteRequestBodyInput } from '@kbn/security-solution-plugin/common/api/timeline/delete_note/delete_note_route.gen';
 import { DeleteRuleRequestQueryInput } from '@kbn/security-solution-plugin/common/api/detection_engine/rule_management/crud/delete_rule/delete_rule_route.gen';
 import { DeleteTimelinesRequestBodyInput } from '@kbn/security-solution-plugin/common/api/timeline/delete_timelines/delete_timelines_route.gen';
@ -76,6 +80,8 @@ import {
  GetEndpointSuggestionsRequestParamsInput,
  GetEndpointSuggestionsRequestBodyInput,
 } from '@kbn/security-solution-plugin/common/api/endpoint/suggestions/get_suggestions.gen';
+import { GetEntityStoreEngineRequestParamsInput } from '@kbn/security-solution-plugin/common/api/entity_analytics/entity_store/engine/get.gen';
+import { GetEntityStoreStatsRequestParamsInput } from '@kbn/security-solution-plugin/common/api/entity_analytics/entity_store/engine/stats.gen';
 import { GetNotesRequestQueryInput } from '@kbn/security-solution-plugin/common/api/timeline/get_notes/get_notes_route.gen';
 import { GetPolicyResponseRequestQueryInput } from '@kbn/security-solution-plugin/common/api/endpoint/policy/policy_response.gen';
 import { GetProtectionUpdatesNoteRequestParamsInput } from '@kbn/security-solution-plugin/common/api/endpoint/protection_updates_note/protection_updates_note.gen';
@ -91,6 +97,10 @@ import { GetTimelineRequestQueryInput } from '@kbn/security-solution-plugin/comm
 import { GetTimelinesRequestQueryInput } from '@kbn/security-solution-plugin/common/api/timeline/get_timelines/get_timelines_route.gen';
 import { ImportRulesRequestQueryInput } from '@kbn/security-solution-plugin/common/api/detection_engine/rule_management/import_rules/import_rules_route.gen';
 import { ImportTimelinesRequestBodyInput } from '@kbn/security-solution-plugin/common/api/timeline/import_timelines/import_timelines_route.gen';
+import {
+  InitEntityStoreRequestParamsInput,
+  InitEntityStoreRequestBodyInput,
+} from '@kbn/security-solution-plugin/common/api/entity_analytics/entity_store/engine/init.gen';
 import { InstallPrepackedTimelinesRequestBodyInput } from '@kbn/security-solution-plugin/common/api/timeline/install_prepackaged_timelines/install_prepackaged_timelines_route.gen';
 import { PatchRuleRequestBodyInput } from '@kbn/security-solution-plugin/common/api/detection_engine/rule_management/crud/patch_rule/patch_rule_route.gen';
 import { PatchTimelineRequestBodyInput } from '@kbn/security-solution-plugin/common/api/timeline/patch_timelines/patch_timeline_route.gen';
@ -110,6 +120,8 @@ import { SearchAlertsRequestBodyInput } from '@kbn/security-solution-plugin/comm
 import { SetAlertAssigneesRequestBodyInput } from '@kbn/security-solution-plugin/common/api/detection_engine/alert_assignees/set_alert_assignees_route.gen';
 import { SetAlertsStatusRequestBodyInput } from '@kbn/security-solution-plugin/common/api/detection_engine/signals/set_signal_status/set_signals_status_route.gen';
 import { SetAlertTagsRequestBodyInput } from '@kbn/security-solution-plugin/common/api/detection_engine/alert_tags/set_alert_tags/set_alert_tags.gen';
+import { StartEntityStoreRequestParamsInput } from '@kbn/security-solution-plugin/common/api/entity_analytics/entity_store/engine/start.gen';
+import { StopEntityStoreRequestParamsInput } from '@kbn/security-solution-plugin/common/api/entity_analytics/entity_store/engine/stop.gen';
 import { SuggestUserProfilesRequestQueryInput } from '@kbn/security-solution-plugin/common/api/detection_engine/users/suggest_user_profiles_route.gen';
 import { TriggerRiskScoreCalculationRequestBodyInput } from '@kbn/security-solution-plugin/common/api/entity_analytics/risk_engine/entity_calculation_route.gen';
 import { UpdateRuleRequestBodyInput } from '@kbn/security-solution-plugin/common/api/detection_engine/rule_management/crud/update_rule/update_rule_route.gen';
@ -313,6 +325,14 @@ Migrations are initiated per index. While the process is neither destructive nor
        .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana')
        .query(props.query);
    },
+    deleteEntityStore(props: DeleteEntityStoreProps) {
+      return supertest
+        .delete(replaceParams('/api/entity_store/engines/{entityType}', props.params))
+        .set('kbn-xsrf', 'true')
+        .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31')
+        .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana')
+        .query(props.query);
+    },
    deleteNote(props: DeleteNoteProps) {
      return supertest
        .delete('/api/note')
@ -668,6 +688,20 @@ finalize it.
        .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana')
        .send(props.body as object);
    },
+    getEntityStoreEngine(props: GetEntityStoreEngineProps) {
+      return supertest
+        .get(replaceParams('/api/entity_store/engines/{entityType}', props.params))
+        .set('kbn-xsrf', 'true')
+        .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31')
+        .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana');
+    },
+    getEntityStoreStats(props: GetEntityStoreStatsProps) {
+      return supertest
+        .post(replaceParams('/api/entity_store/engines/{entityType}/stats', props.params))
+        .set('kbn-xsrf', 'true')
+        .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31')
+        .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana');
+    },
    /**
     * Gets notes
     */
@ -764,6 +798,14 @@ finalize it.
        .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana')
        .send(props.body as object);
    },
+    initEntityStore(props: InitEntityStoreProps) {
+      return supertest
+        .post(replaceParams('/api/entity_store/engines/{entityType}/init', props.params))
+        .set('kbn-xsrf', 'true')
+        .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31')
+        .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana')
+        .send(props.body as object);
+    },
    /**
     * Initializes the Risk Engine by creating the necessary indices and mappings, removing old transforms, and starting the new risk engine
     */
@ -799,6 +841,13 @@ finalize it.
        .set(ELASTIC_HTTP_VERSION_HEADER, '1')
        .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana');
    },
+    listEntityStoreEngines() {
+      return supertest
+        .get('/api/entity_store/engines')
+        .set('kbn-xsrf', 'true')
+        .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31')
+        .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana');
+    },
    /**
     * Update specific fields of an existing detection rule using the `rule_id` or `id` field.
     */
@ -1018,6 +1067,20 @@ detection engine rules.
        .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana')
        .send(props.body as object);
    },
+    startEntityStore(props: StartEntityStoreProps) {
+      return supertest
+        .post(replaceParams('/api/entity_store/engines/{entityType}/start', props.params))
+        .set('kbn-xsrf', 'true')
+        .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31')
+        .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana');
+    },
+    stopEntityStore(props: StopEntityStoreProps) {
+      return supertest
+        .post(replaceParams('/api/entity_store/engines/{entityType}/stop', props.params))
+        .set('kbn-xsrf', 'true')
+        .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31')
+        .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana');
+    },
    /**
     * Suggests user profiles.
     */
@ -1107,6 +1170,10 @@ export interface CreateUpdateProtectionUpdatesNoteProps {
 export interface DeleteAssetCriticalityRecordProps {
  query: DeleteAssetCriticalityRecordRequestQueryInput;
 }
+export interface DeleteEntityStoreProps {
+  query: DeleteEntityStoreRequestQueryInput;
+  params: DeleteEntityStoreRequestParamsInput;
+}
 export interface DeleteNoteProps {
  body: DeleteNoteRequestBodyInput;
 }
@ -1200,6 +1267,12 @@ export interface GetEndpointSuggestionsProps {
  params: GetEndpointSuggestionsRequestParamsInput;
  body: GetEndpointSuggestionsRequestBodyInput;
 }
+export interface GetEntityStoreEngineProps {
+  params: GetEntityStoreEngineRequestParamsInput;
+}
+export interface GetEntityStoreStatsProps {
+  params: GetEntityStoreStatsRequestParamsInput;
+}
 export interface GetNotesProps {
  query: GetNotesRequestQueryInput;
 }
@ -1229,6 +1302,10 @@ export interface ImportRulesProps {
 export interface ImportTimelinesProps {
  body: ImportTimelinesRequestBodyInput;
 }
+export interface InitEntityStoreProps {
+  params: InitEntityStoreRequestParamsInput;
+  body: InitEntityStoreRequestBodyInput;
+}
 export interface InstallPrepackedTimelinesProps {
  body: InstallPrepackedTimelinesRequestBodyInput;
 }
@ -1278,6 +1355,12 @@ export interface SetAlertsStatusProps {
 export interface SetAlertTagsProps {
  body: SetAlertTagsRequestBodyInput;
 }
+export interface StartEntityStoreProps {
+  params: StartEntityStoreRequestParamsInput;
+}
+export interface StopEntityStoreProps {
+  params: StopEntityStoreRequestParamsInput;
+}
 export interface SuggestUserProfilesProps {
  query: SuggestUserProfilesRequestQueryInput;
 }