github-mirrors/kibana
1
0
Fork 0
mirror of https://github.com/elastic/kibana.git synced 2025-04-24 17:59:23 -04:00
Code Issues Projects Releases Packages Wiki Activity

[RAC] - Update field names (#107857)

Browse source 
### Summary
### Fields used moving forward
`kibana.alert.rule.consumer` will refer to the context in which a rule instance is created. Rules created in:
- stack --> `alerts`
- security solution --> `siem`
- apm --> `apm`

`kibana.alert.rule.producer` will refer to the plugin that registered a rule type. Rules registered in:
- stack --> `alerts`
- security solution --> `siem`
- apm --> `apm`

So an `apm.error_rate` rule created in stack will have:
- consumer: `alerts` and producer: `apm`
 An `apm.error_rate` rule created in apm will have:
- consumer: `apm` and producer: `apm`

`kibana.alert.rule.rule_type_id` will refer to a rule's rule type id. Examples:
- `apm.error_rate`
- `siem.signals`
- `siem.threshold`

Also renamed the following because `rule.*` fields are meant to be ecs fields pulled from the source/event document, not refer to our rule fields.
`rule.name` --> `kibana.alert.rule.name` will refer to the rule's name.

`rule.category` --> `kibana.alert.rule.category` will refer to the rule's category.

`rule.id` --> `kibana.alert.rule.uuid` will refer to the rule's uuid.
This commit is contained in:
Yara Tercero 2021-08-11 03:25:46 -07:00 committed by GitHub
parent e86d909ae6
commit cec5d3f27a
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
45 changed files with 432 additions and 415 deletions
Download patch file Download diff file Expand all files Collapse all files

47
packages/kbn-rule-data-utils/src/technical_field_names.ts
View file

@ -17,25 +17,18 @@ const CONSUMERS = `${KIBANA_NAMESPACE}.consumers` as const;
const ECS_VERSION = 'ecs.version' as const;
const EVENT_ACTION = 'event.action' as const;
const EVENT_KIND = 'event.kind' as const;
const RULE_CATEGORY = 'rule.category' as const;
const RULE_CONSUMERS = 'rule.consumers' as const;
const RULE_ID = 'rule.id' as const;
const RULE_NAME = 'rule.name' as const;
const RULE_UUID = 'rule.uuid' as const;
const SPACE_IDS = `${KIBANA_NAMESPACE}.space_ids` as const;
const TAGS = 'tags' as const;
const TIMESTAMP = '@timestamp' as const;
const VERSION = `${KIBANA_NAMESPACE}.version` as const;
// Fields pertaining to the alert
const ALERT_ACTION_GROUP = `${ALERT_NAMESPACE}.action_group` as const;
const ALERT_DURATION = `${ALERT_NAMESPACE}.duration.us` as const;
const ALERT_END = `${ALERT_NAMESPACE}.end` as const;
const ALERT_EVALUATION_THRESHOLD = `${ALERT_NAMESPACE}.evaluation.threshold` as const;
const ALERT_EVALUATION_VALUE = `${ALERT_NAMESPACE}.evaluation.value` as const;
const ALERT_ID = `${ALERT_NAMESPACE}.id` as const;
const ALERT_OWNER = `${ALERT_NAMESPACE}.owner` as const;
const ALERT_CONSUMERS = `${ALERT_NAMESPACE}.consumers` as const;
const ALERT_PRODUCER = `${ALERT_NAMESPACE}.producer` as const;
const ALERT_REASON = `${ALERT_NAMESPACE}.reason` as const;
const ALERT_RISK_SCORE = `${ALERT_NAMESPACE}.risk_score` as const;
const ALERT_SEVERITY = `${ALERT_NAMESPACE}.severity` as const;
@ -49,8 +42,8 @@ const ALERT_WORKFLOW_REASON = `${ALERT_NAMESPACE}.workflow_reason` as const;
const ALERT_WORKFLOW_STATUS = `${ALERT_NAMESPACE}.workflow_status` as const;
const ALERT_WORKFLOW_USER = `${ALERT_NAMESPACE}.workflow_user` as const;
// Fields pertaining to the rule associated with the alert
const ALERT_RULE_AUTHOR = `${ALERT_RULE_NAMESPACE}.author` as const;
const ALERT_RULE_CONSUMERS = `${ALERT_RULE_NAMESPACE}.consumers` as const;
const ALERT_RULE_CREATED_AT = `${ALERT_RULE_NAMESPACE}.created_at` as const;
const ALERT_RULE_CREATED_BY = `${ALERT_RULE_NAMESPACE}.created_by` as const;
const ALERT_RULE_DESCRIPTION = `${ALERT_RULE_NAMESPACE}.description` as const;
@ -59,6 +52,7 @@ const ALERT_RULE_FROM = `${ALERT_RULE_NAMESPACE}.from` as const;
const ALERT_RULE_ID = `${ALERT_RULE_NAMESPACE}.id` as const;
const ALERT_RULE_INTERVAL = `${ALERT_RULE_NAMESPACE}.interval` as const;
const ALERT_RULE_LICENSE = `${ALERT_RULE_NAMESPACE}.license` as const;
const ALERT_RULE_CATEGORY = `${ALERT_RULE_NAMESPACE}.category` as const;
const ALERT_RULE_NAME = `${ALERT_RULE_NAMESPACE}.name` as const;
const ALERT_RULE_NOTE = `${ALERT_RULE_NAMESPACE}.note` as const;
const ALERT_RULE_REFERENCES = `${ALERT_RULE_NAMESPACE}.references` as const;
@ -75,6 +69,15 @@ const ALERT_RULE_TYPE_ID = `${ALERT_RULE_NAMESPACE}.rule_type_id` as const;
const ALERT_RULE_UPDATED_AT = `${ALERT_RULE_NAMESPACE}.updated_at` as const;
const ALERT_RULE_UPDATED_BY = `${ALERT_RULE_NAMESPACE}.updated_by` as const;
const ALERT_RULE_VERSION = `${ALERT_RULE_NAMESPACE}.version` as const;
// the feature instantiating a rule type.
// Rule created in stack --> alerts
// Rule created in siem --> siem
const ALERT_RULE_CONSUMER = `${ALERT_RULE_NAMESPACE}.consumer` as const;
// the plugin that registered the rule type.
// Rule type apm.error_rate --> apm
// Rule type siem.signals --> siem
const ALERT_RULE_PRODUCER = `${ALERT_RULE_NAMESPACE}.producer` as const;
const ALERT_RULE_UUID = `${ALERT_RULE_NAMESPACE}.uuid` as const;
const namespaces = {
KIBANA_NAMESPACE,
@ -87,11 +90,6 @@ const fields = {
ECS_VERSION,
EVENT_KIND,
EVENT_ACTION,
RULE_CATEGORY,
RULE_CONSUMERS,
RULE_ID,
RULE_NAME,
RULE_UUID,
TAGS,
TIMESTAMP,
ALERT_ACTION_GROUP,
@ -100,13 +98,11 @@ const fields = {
ALERT_EVALUATION_THRESHOLD,
ALERT_EVALUATION_VALUE,
ALERT_ID,
ALERT_OWNER,
ALERT_CONSUMERS,
ALERT_PRODUCER,
ALERT_RULE_CONSUMER,
ALERT_RULE_PRODUCER,
ALERT_REASON,
ALERT_RISK_SCORE,
ALERT_RULE_AUTHOR,
ALERT_RULE_CONSUMERS,
ALERT_RULE_CREATED_AT,
ALERT_RULE_CREATED_BY,
ALERT_RULE_DESCRIPTION,
@ -141,6 +137,8 @@ const fields = {
ALERT_WORKFLOW_REASON,
ALERT_WORKFLOW_STATUS,
ALERT_WORKFLOW_USER,
ALERT_RULE_UUID,
ALERT_RULE_CATEGORY,
SPACE_IDS,
VERSION,
};
@ -154,9 +152,8 @@ export {
ALERT_ID,
ALERT_NAMESPACE,
ALERT_RULE_NAMESPACE,
ALERT_OWNER,
ALERT_CONSUMERS,
ALERT_PRODUCER,
ALERT_RULE_CONSUMER,
ALERT_RULE_PRODUCER,
ALERT_REASON,
ALERT_RISK_SCORE,
ALERT_STATUS,
@ -164,7 +161,6 @@ export {
ALERT_WORKFLOW_STATUS,
ALERT_WORKFLOW_USER,
ALERT_RULE_AUTHOR,
ALERT_RULE_CONSUMERS,
ALERT_RULE_CREATED_AT,
ALERT_RULE_CREATED_BY,
ALERT_RULE_DESCRIPTION,
@ -200,11 +196,8 @@ export {
EVENT_ACTION,
EVENT_KIND,
KIBANA_NAMESPACE,
RULE_CATEGORY,
RULE_CONSUMERS,
RULE_ID,
RULE_NAME,
RULE_UUID,
ALERT_RULE_UUID,
ALERT_RULE_CATEGORY,
TAGS,
TIMESTAMP,
SPACE_IDS,

4
x-pack/plugins/alerting/server/authorization/alerting_authorization.test.ts
View file

@ -1013,14 +1013,14 @@ describe('AlertingAuthorization', () => {
await alertAuthorization.getFindAuthorizationFilter(AlertingAuthorizationEntity.Rule, {
type: AlertingAuthorizationFilterType.KQL,
fieldNames: {
ruleTypeId: 'path.to.rule.id',
ruleTypeId: 'path.to.rule_type_id',
consumer: 'consumer-field',
},
})
).filter
).toEqual(
esKuery.fromKueryExpression(
`((path.to.rule.id:myAppAlertType and consumer-field:(myApp or myOtherApp or myAppWithSubFeature)) or (path.to.rule.id:myOtherAppAlertType and consumer-field:(myApp or myOtherApp or myAppWithSubFeature)) or (path.to.rule.id:mySecondAppAlertType and consumer-field:(myApp or myOtherApp or myAppWithSubFeature)))`
`((path.to.rule_type_id:myAppAlertType and consumer-field:(myApp or myOtherApp or myAppWithSubFeature)) or (path.to.rule_type_id:myOtherAppAlertType and consumer-field:(myApp or myOtherApp or myAppWithSubFeature)) or (path.to.rule_type_id:mySecondAppAlertType and consumer-field:(myApp or myOtherApp or myAppWithSubFeature)))`
)
);
expect(auditLogger.logAuthorizationSuccess).not.toHaveBeenCalled();

46
x-pack/plugins/alerting/server/authorization/alerting_authorization_kuery.test.ts
View file

@ -37,14 +37,16 @@ describe('asKqlFiltersByRuleTypeAndConsumer', () => {
{
type: AlertingAuthorizationFilterType.KQL,
fieldNames: {
ruleTypeId: 'path.to.rule.id',
ruleTypeId: 'path.to.rule_type_id',
consumer: 'consumer-field',
},
},
'space1'
)
).toEqual(
esKuery.fromKueryExpression(`((path.to.rule.id:myAppAlertType and consumer-field:(myApp)))`)
esKuery.fromKueryExpression(
`((path.to.rule_type_id:myAppAlertType and consumer-field:(myApp)))`
)
);
});
@ -72,7 +74,7 @@ describe('asKqlFiltersByRuleTypeAndConsumer', () => {
{
type: AlertingAuthorizationFilterType.KQL,
fieldNames: {
ruleTypeId: 'path.to.rule.id',
ruleTypeId: 'path.to.rule_type_id',
consumer: 'consumer-field',
},
},
@ -80,7 +82,7 @@ describe('asKqlFiltersByRuleTypeAndConsumer', () => {
)
).toEqual(
esKuery.fromKueryExpression(
`((path.to.rule.id:myAppAlertType and consumer-field:(alerts or myApp or myOtherApp)))`
`((path.to.rule_type_id:myAppAlertType and consumer-field:(alerts or myApp or myOtherApp)))`
)
);
});
@ -144,7 +146,7 @@ describe('asKqlFiltersByRuleTypeAndConsumer', () => {
{
type: AlertingAuthorizationFilterType.KQL,
fieldNames: {
ruleTypeId: 'path.to.rule.id',
ruleTypeId: 'path.to.rule_type_id',
consumer: 'consumer-field',
},
},
@ -152,7 +154,7 @@ describe('asKqlFiltersByRuleTypeAndConsumer', () => {
)
).toEqual(
esKuery.fromKueryExpression(
`((path.to.rule.id:myAppAlertType and consumer-field:(alerts or myApp or myOtherApp or myAppWithSubFeature)) or (path.to.rule.id:myOtherAppAlertType and consumer-field:(alerts or myApp or myOtherApp or myAppWithSubFeature)) or (path.to.rule.id:mySecondAppAlertType and consumer-field:(alerts or myApp or myOtherApp or myAppWithSubFeature)))`
`((path.to.rule_type_id:myAppAlertType and consumer-field:(alerts or myApp or myOtherApp or myAppWithSubFeature)) or (path.to.rule_type_id:myOtherAppAlertType and consumer-field:(alerts or myApp or myOtherApp or myAppWithSubFeature)) or (path.to.rule_type_id:mySecondAppAlertType and consumer-field:(alerts or myApp or myOtherApp or myAppWithSubFeature)))`
)
);
});
@ -199,7 +201,7 @@ describe('asKqlFiltersByRuleTypeAndConsumer', () => {
{
type: AlertingAuthorizationFilterType.KQL,
fieldNames: {
ruleTypeId: 'path.to.rule.id',
ruleTypeId: 'path.to.rule_type_id',
consumer: 'consumer-field',
spaceIds: 'path.to.spaceIds',
},
@ -208,7 +210,7 @@ describe('asKqlFiltersByRuleTypeAndConsumer', () => {
)
).toEqual(
esKuery.fromKueryExpression(
`((path.to.rule.id:myAppAlertType and consumer-field:(alerts or myApp or myOtherApp or myAppWithSubFeature) and path.to.spaceIds:space1) or (path.to.rule.id:myOtherAppAlertType and consumer-field:(alerts or myApp or myOtherApp or myAppWithSubFeature) and path.to.spaceIds:space1))`
`((path.to.rule_type_id:myAppAlertType and consumer-field:(alerts or myApp or myOtherApp or myAppWithSubFeature) and path.to.spaceIds:space1) or (path.to.rule_type_id:myOtherAppAlertType and consumer-field:(alerts or myApp or myOtherApp or myAppWithSubFeature) and path.to.spaceIds:space1))`
)
);
});
@ -255,7 +257,7 @@ describe('asKqlFiltersByRuleTypeAndConsumer', () => {
{
type: AlertingAuthorizationFilterType.KQL,
fieldNames: {
ruleTypeId: 'path.to.rule.id',
ruleTypeId: 'path.to.rule_type_id',
consumer: 'consumer-field',
spaceIds: 'path.to.spaceIds',
},
@ -264,7 +266,7 @@ describe('asKqlFiltersByRuleTypeAndConsumer', () => {
)
).toEqual(
esKuery.fromKueryExpression(
`((path.to.rule.id:myAppAlertType and consumer-field:(alerts or myApp or myOtherApp or myAppWithSubFeature)) or (path.to.rule.id:myOtherAppAlertType and consumer-field:(alerts or myApp or myOtherApp or myAppWithSubFeature)))`
`((path.to.rule_type_id:myAppAlertType and consumer-field:(alerts or myApp or myOtherApp or myAppWithSubFeature)) or (path.to.rule_type_id:myOtherAppAlertType and consumer-field:(alerts or myApp or myOtherApp or myAppWithSubFeature)))`
)
);
});
@ -293,7 +295,7 @@ describe('asEsDslFiltersByRuleTypeAndConsumer', () => {
{
type: AlertingAuthorizationFilterType.ESDSL,
fieldNames: {
ruleTypeId: 'path.to.rule.id',
ruleTypeId: 'path.to.rule_type_id',
consumer: 'consumer-field',
},
},
@ -307,7 +309,7 @@ describe('asEsDslFiltersByRuleTypeAndConsumer', () => {
should: [
{
match: {
'path.to.rule.id': 'myAppAlertType',
'path.to.rule_type_id': 'myAppAlertType',
},
},
],
@ -355,7 +357,7 @@ describe('asEsDslFiltersByRuleTypeAndConsumer', () => {
{
type: AlertingAuthorizationFilterType.ESDSL,
fieldNames: {
ruleTypeId: 'path.to.rule.id',
ruleTypeId: 'path.to.rule_type_id',
consumer: 'consumer-field',
},
},
@ -366,7 +368,7 @@ describe('asEsDslFiltersByRuleTypeAndConsumer', () => {
filter: [
{
bool: {
should: [{ match: { 'path.to.rule.id': 'myAppAlertType' } }],
should: [{ match: { 'path.to.rule_type_id': 'myAppAlertType' } }],
minimum_should_match: 1,
},
},
@ -459,7 +461,7 @@ describe('asEsDslFiltersByRuleTypeAndConsumer', () => {
{
type: AlertingAuthorizationFilterType.ESDSL,
fieldNames: {
ruleTypeId: 'path.to.rule.id',
ruleTypeId: 'path.to.rule_type_id',
consumer: 'consumer-field',
},
},
@ -473,7 +475,7 @@ describe('asEsDslFiltersByRuleTypeAndConsumer', () => {
filter: [
{
bool: {
should: [{ match: { 'path.to.rule.id': 'myAppAlertType' } }],
should: [{ match: { 'path.to.rule_type_id': 'myAppAlertType' } }],
minimum_should_match: 1,
},
},
@ -516,7 +518,7 @@ describe('asEsDslFiltersByRuleTypeAndConsumer', () => {
filter: [
{
bool: {
should: [{ match: { 'path.to.rule.id': 'myOtherAppAlertType' } }],
should: [{ match: { 'path.to.rule_type_id': 'myOtherAppAlertType' } }],
minimum_should_match: 1,
},
},
@ -559,7 +561,7 @@ describe('asEsDslFiltersByRuleTypeAndConsumer', () => {
filter: [
{
bool: {
should: [{ match: { 'path.to.rule.id': 'mySecondAppAlertType' } }],
should: [{ match: { 'path.to.rule_type_id': 'mySecondAppAlertType' } }],
minimum_should_match: 1,
},
},
@ -611,7 +613,7 @@ describe('asFiltersBySpaceId', () => {
{
type: AlertingAuthorizationFilterType.ESDSL,
fieldNames: {
ruleTypeId: 'path.to.rule.id',
ruleTypeId: 'path.to.rule_type_id',
consumer: 'consumer-field',
spaceIds: 'path.to.space.id',
},
@ -629,7 +631,7 @@ describe('asFiltersBySpaceId', () => {
{
type: AlertingAuthorizationFilterType.KQL,
fieldNames: {
ruleTypeId: 'path.to.rule.id',
ruleTypeId: 'path.to.rule_type_id',
consumer: 'consumer-field',
spaceIds: 'path.to.space.id',
},
@ -645,7 +647,7 @@ describe('asFiltersBySpaceId', () => {
{
type: AlertingAuthorizationFilterType.ESDSL,
fieldNames: {
ruleTypeId: 'path.to.rule.id',
ruleTypeId: 'path.to.rule_type_id',
consumer: 'consumer-field',
},
},
@ -660,7 +662,7 @@ describe('asFiltersBySpaceId', () => {
{
type: AlertingAuthorizationFilterType.ESDSL,
fieldNames: {
ruleTypeId: 'path.to.rule.id',
ruleTypeId: 'path.to.rule_type_id',
consumer: 'consumer-field',
spaceIds: 'path.to.space.id',
},

4
x-pack/plugins/apm/public/components/app/error_group_details/Distribution/index.tsx
View file

@ -19,7 +19,7 @@ import {
import { EuiTitle } from '@elastic/eui';
import d3 from 'd3';
import React, { Suspense, useState } from 'react';
import { RULE_ID } from '@kbn/rule-data-utils/target/technical_field_names';
import { ALERT_RULE_TYPE_ID } from '@kbn/rule-data-utils/target/technical_field_names';
import { useApmServiceContext } from '../../../../context/apm_service/use_apm_service_context';
import { APIReturnType } from '../../../../services/rest/createCallApmApi';
import { asRelativeDateTimeRange } from '../../../../../common/utils/formatters';
@ -124,7 +124,7 @@ export function ErrorDistribution({ distribution, title }: Props) {
/>
{getAlertAnnotations({
alerts: alerts?.filter(
(alert) => alert[RULE_ID]?.[0] === AlertType.ErrorCount
(alert) => alert[ALERT_RULE_TYPE_ID]?.[0] === AlertType.ErrorCount
),
chartStartTime: buckets[0]?.x0,
getFormatter,

23
x-pack/plugins/apm/public/components/shared/charts/helper/get_alert_annotations.test.tsx
View file

@ -8,15 +8,19 @@
import {
ALERT_DURATION,
ALERT_EVALUATION_THRESHOLD,
ALERT_RULE_TYPE_ID,
ALERT_EVALUATION_VALUE,
ALERT_ID,
ALERT_PRODUCER,
ALERT_OWNER,
ALERT_RULE_PRODUCER,
ALERT_RULE_CONSUMER,
ALERT_SEVERITY_LEVEL,
ALERT_START,
ALERT_STATUS,
ALERT_UUID,
SPACE_IDS,
ALERT_RULE_UUID,
ALERT_RULE_NAME,
ALERT_RULE_CATEGORY,
} from '@kbn/rule-data-utils';
import { ValuesType } from 'utility-types';
import { EuiTheme } from '../../../../../../../../src/plugins/kibana_react/common';
@ -34,20 +38,19 @@ const theme = ({
eui: { euiColorDanger, euiColorWarning },
} as unknown) as EuiTheme;
const alert: Alert = {
[SPACE_IDS]: ['space-id'],
'rule.id': ['apm.transaction_duration'],
[ALERT_RULE_TYPE_ID]: ['apm.transaction_duration'],
[ALERT_EVALUATION_VALUE]: [2057657.39],
'service.name': ['frontend-rum'],
'rule.name': ['Latency threshold | frontend-rum'],
[ALERT_RULE_NAME]: ['Latency threshold | frontend-rum'],
[ALERT_DURATION]: [62879000],
[ALERT_STATUS]: ['open'],
[SPACE_IDS]: ['myfakespaceid'],
tags: ['apm', 'service.name:frontend-rum'],
'transaction.type': ['page-load'],
[ALERT_PRODUCER]: ['apm'],
[ALERT_RULE_PRODUCER]: ['apm'],
[ALERT_UUID]: ['af2ae371-df79-4fca-b0eb-a2dbd9478180'],
[ALERT_OWNER]: ['apm'],
'rule.uuid': ['82e0ee40-c2f4-11eb-9a42-a9da66a1722f'],
[ALERT_RULE_CONSUMER]: ['apm'],
[ALERT_RULE_UUID]: ['82e0ee40-c2f4-11eb-9a42-a9da66a1722f'],
'event.action': ['active'],
'@timestamp': ['2021-06-01T16:16:05.183Z'],
[ALERT_ID]: ['apm.transaction_duration_All'],
@ -55,7 +58,7 @@ const alert: Alert = {
[ALERT_EVALUATION_THRESHOLD]: [500000],
[ALERT_START]: ['2021-06-01T16:15:02.304Z'],
'event.kind': ['state'],
'rule.category': ['Latency threshold'],
[ALERT_RULE_CATEGORY]: ['Latency threshold'],
};
const chartStartTime = new Date(alert[ALERT_START]![0] as string).getTime();
const getFormatter: ObservabilityRuleTypeRegistry['getFormatter'] = () => () => ({
@ -135,7 +138,7 @@ describe('getAlertAnnotations', () => {
setSelectedAlertId,
theme,
})![0].props.dataValues[0].details
).toEqual(alert['rule.name']![0]);
).toEqual(alert[ALERT_RULE_NAME]![0]);
});
});

8
x-pack/plugins/apm/public/components/shared/charts/helper/get_alert_annotations.tsx
View file

@ -17,8 +17,8 @@ import {
ALERT_SEVERITY_LEVEL,
ALERT_START,
ALERT_UUID,
RULE_ID,
RULE_NAME,
ALERT_RULE_TYPE_ID,
ALERT_RULE_NAME,
} from '@kbn/rule-data-utils/target/technical_field_names';
import React, { Dispatch, SetStateAction } from 'react';
import { EuiTheme } from 'src/plugins/kibana_react/common';
@ -106,10 +106,10 @@ export function getAlertAnnotations({
const severityLevel = parsed[ALERT_SEVERITY_LEVEL];
const color = getAlertColor({ severityLevel, theme });
const header = getAlertHeader({ severityLevel });
const formatter = getFormatter(parsed[RULE_ID]!);
const formatter = getFormatter(parsed[ALERT_RULE_TYPE_ID]!);
const formatted = {
link: undefined,
reason: parsed[RULE_NAME],
reason: parsed[ALERT_RULE_NAME],
...(formatter?.({
fields: parsed,
formatters: { asDuration, asPercent },

8
x-pack/plugins/apm/public/components/shared/charts/latency_chart/index.tsx
View file

@ -9,7 +9,7 @@ import { EuiFlexGroup, EuiFlexItem, EuiSelect, EuiTitle } from '@elastic/eui';
import { i18n } from '@kbn/i18n';
import React from 'react';
import { useHistory } from 'react-router-dom';
import { RULE_ID } from '@kbn/rule-data-utils/target/technical_field_names';
import { ALERT_RULE_TYPE_ID } from '@kbn/rule-data-utils/target/technical_field_names';
import { AlertType } from '../../../../../common/alert_types';
import { useApmServiceContext } from '../../../../context/apm_service/use_apm_service_context';
import { LatencyAggregationType } from '../../../../../common/latency_aggregation_types';
@ -128,8 +128,10 @@ export function LatencyChart({ height }: Props) {
anomalyTimeseries={anomalyTimeseries}
alerts={alerts.filter(
(alert) =>
alert[RULE_ID]?.[0] === AlertType.TransactionDuration ||
alert[RULE_ID]?.[0] === AlertType.TransactionDurationAnomaly
alert[ALERT_RULE_TYPE_ID]?.[0] ===
AlertType.TransactionDuration ||
alert[ALERT_RULE_TYPE_ID]?.[0] ===
AlertType.TransactionDurationAnomaly
)}
/>
</EuiFlexItem>

35
x-pack/plugins/apm/public/components/shared/charts/latency_chart/latency_chart.stories.tsx
View file

@ -8,12 +8,17 @@
import {
ALERT_DURATION,
ALERT_EVALUATION_THRESHOLD,
ALERT_RULE_TYPE_ID,
ALERT_EVALUATION_VALUE,
ALERT_ID,
ALERT_SEVERITY_LEVEL,
ALERT_START,
ALERT_STATUS,
ALERT_UUID,
ALERT_RULE_UUID,
ALERT_RULE_NAME,
ALERT_RULE_CATEGORY,
ALERT_RULE_PRODUCER,
} from '@kbn/rule-data-utils';
import { StoryContext } from '@storybook/react';
import React, { ComponentType } from 'react';
@ -120,17 +125,17 @@ Example.args = {
alertsResponse: {
alerts: [
{
'rule.id': ['apm.transaction_duration'],
[ALERT_RULE_TYPE_ID]: ['apm.transaction_duration'],
[ALERT_EVALUATION_VALUE]: [2001708.19],
'service.name': ['frontend-rum'],
'rule.name': ['Latency threshold | frontend-rum'],
[ALERT_RULE_NAME]: ['Latency threshold | frontend-rum'],
[ALERT_DURATION]: [10000000000],
[ALERT_STATUS]: ['open'],
tags: ['apm', 'service.name:frontend-rum'],
'transaction.type': ['page-load'],
'kibana.alert.producer': ['apm'],
[ALERT_RULE_PRODUCER]: ['apm'],
[ALERT_UUID]: ['af2ae371-df79-4fca-b0eb-a2dbd9478180'],
'rule.uuid': ['82e0ee40-c2f4-11eb-9a42-a9da66a1722f'],
[ALERT_RULE_UUID]: ['82e0ee40-c2f4-11eb-9a42-a9da66a1722f'],
'event.action': ['active'],
'@timestamp': ['2021-06-01T20:27:48.833Z'],
[ALERT_ID]: ['apm.transaction_duration_All'],
@ -138,21 +143,21 @@ Example.args = {
[ALERT_EVALUATION_THRESHOLD]: [500000],
[ALERT_START]: ['2021-06-02T04:00:00.000Z'],
'event.kind': ['state'],
'rule.category': ['Latency threshold'],
[ALERT_RULE_CATEGORY]: ['Latency threshold'],
},
{
'rule.id': ['apm.transaction_duration'],
[ALERT_RULE_TYPE_ID]: ['apm.transaction_duration'],
[ALERT_EVALUATION_VALUE]: [2001708.19],
'service.name': ['frontend-rum'],
'rule.name': ['Latency threshold | frontend-rum'],
[ALERT_RULE_NAME]: ['Latency threshold | frontend-rum'],
[ALERT_DURATION]: [10000000000],
[ALERT_STATUS]: ['open'],
tags: ['apm', 'service.name:frontend-rum'],
'transaction.type': ['page-load'],
'kibana.alert.producer': ['apm'],
[ALERT_RULE_PRODUCER]: ['apm'],
[ALERT_SEVERITY_LEVEL]: ['warning'],
[ALERT_UUID]: ['af2ae371-df79-4fca-b0eb-a2dbd9478181'],
'rule.uuid': ['82e0ee40-c2f4-11eb-9a42-a9da66a1722f'],
[ALERT_RULE_UUID]: ['82e0ee40-c2f4-11eb-9a42-a9da66a1722f'],
'event.action': ['active'],
'@timestamp': ['2021-06-01T20:27:48.833Z'],
[ALERT_ID]: ['apm.transaction_duration_All'],
@ -160,21 +165,21 @@ Example.args = {
[ALERT_EVALUATION_THRESHOLD]: [500000],
[ALERT_START]: ['2021-06-02T10:45:00.000Z'],
'event.kind': ['state'],
'rule.category': ['Latency threshold'],
[ALERT_RULE_CATEGORY]: ['Latency threshold'],
},
{
'rule.id': ['apm.transaction_duration'],
[ALERT_RULE_TYPE_ID]: ['apm.transaction_duration'],
[ALERT_EVALUATION_VALUE]: [2001708.19],
'service.name': ['frontend-rum'],
'rule.name': ['Latency threshold | frontend-rum'],
[ALERT_RULE_NAME]: ['Latency threshold | frontend-rum'],
[ALERT_DURATION]: [1000000000],
[ALERT_STATUS]: ['open'],
tags: ['apm', 'service.name:frontend-rum'],
'transaction.type': ['page-load'],
'kibana.alert.producer': ['apm'],
[ALERT_RULE_PRODUCER]: ['apm'],
[ALERT_SEVERITY_LEVEL]: ['critical'],
[ALERT_UUID]: ['af2ae371-df79-4fca-b0eb-a2dbd9478182'],
'rule.uuid': ['82e0ee40-c2f4-11eb-9a42-a9da66a1722f'],
[ALERT_RULE_UUID]: ['82e0ee40-c2f4-11eb-9a42-a9da66a1722f'],
'event.action': ['active'],
'@timestamp': ['2021-06-01T20:27:48.833Z'],
[ALERT_ID]: ['apm.transaction_duration_All'],
@ -182,7 +187,7 @@ Example.args = {
[ALERT_EVALUATION_THRESHOLD]: [500000],
[ALERT_START]: ['2021-06-02T16:50:00.000Z'],
'event.kind': ['state'],
'rule.category': ['Latency threshold'],
[ALERT_RULE_CATEGORY]: ['Latency threshold'],
},
],
},

5
x-pack/plugins/apm/public/components/shared/charts/transaction_error_rate_chart/index.tsx
View file

@ -8,7 +8,7 @@
import { EuiPanel, EuiTitle } from '@elastic/eui';
import { i18n } from '@kbn/i18n';
import React from 'react';
import { RULE_ID } from '../../../../../../rule_registry/common/technical_rule_data_field_names';
import { ALERT_RULE_TYPE_ID } from '../../../../../../rule_registry/common/technical_rule_data_field_names';
import { AlertType } from '../../../../../common/alert_types';
import { APIReturnType } from '../../../../services/rest/createCallApmApi';
import { asPercent } from '../../../../../common/utils/formatters';
@ -151,7 +151,8 @@ export function TransactionErrorRateChart({
yDomain={{ min: 0, max: 1 }}
customTheme={comparisonChartThem}
alerts={alerts.filter(
(alert) => alert[RULE_ID]?.[0] === AlertType.TransactionErrorRate
(alert) =>
alert[ALERT_RULE_TYPE_ID]?.[0] === AlertType.TransactionErrorRate
)}
/>
</EuiPanel>

8
x-pack/plugins/observability/public/pages/alerts/alerts_flyout/index.tsx
View file

@ -26,8 +26,8 @@ import {
ALERT_EVALUATION_VALUE,
ALERT_SEVERITY_LEVEL,
ALERT_UUID,
RULE_CATEGORY,
RULE_NAME,
ALERT_RULE_CATEGORY,
ALERT_RULE_NAME,
} from '@kbn/rule-data-utils/target/technical_field_names';
import moment from 'moment-timezone';
import React, { useMemo } from 'react';
@ -113,7 +113,7 @@ export function AlertsFlyout({
title: i18n.translate('xpack.observability.alertsFlyout.ruleTypeLabel', {
defaultMessage: 'Rule type',
}),
description: alertData.fields[RULE_CATEGORY] ?? '-',
description: alertData.fields[ALERT_RULE_CATEGORY] ?? '-',
},
];
@ -121,7 +121,7 @@ export function AlertsFlyout({
<EuiFlyout onClose={onClose} size="s">
<EuiFlyoutHeader>
<EuiTitle size="m">
<h2>{alertData.fields[RULE_NAME]}</h2>
<h2>{alertData.fields[ALERT_RULE_NAME]}</h2>
</EuiTitle>
<EuiSpacer size="s" />
<EuiText size="s">{alertData.reason}</EuiText>

4
x-pack/plugins/observability/public/pages/alerts/alerts_table_t_grid.tsx
View file

@ -16,7 +16,7 @@ import {
ALERT_SEVERITY_LEVEL,
ALERT_STATUS,
ALERT_START,
RULE_NAME,
ALERT_RULE_NAME,
} from '@kbn/rule-data-utils/target/technical_field_names';
import type { TimelinesUIStart } from '../../../../timelines/public';
@ -108,7 +108,7 @@ export const columns: Array<
defaultMessage: 'Reason',
}),
linkField: '*',
id: RULE_NAME,
id: ALERT_RULE_NAME,
},
];

9
x-pack/plugins/observability/public/pages/alerts/alerts_table_t_grid_actions.tsx
View file

@ -14,7 +14,10 @@ import {
EuiPopoverTitle,
} from '@elastic/eui';
import { i18n } from '@kbn/i18n';
import { RULE_ID, RULE_NAME } from '@kbn/rule-data-utils/target/technical_field_names';
import {
ALERT_RULE_TYPE_ID,
ALERT_RULE_NAME,
} from '@kbn/rule-data-utils/target/technical_field_names';
import React, { useState } from 'react';
import { format, parse } from 'url';
@ -29,10 +32,10 @@ export function RowCellActionsRender({ data }: ActionProps) {
const { prepend } = core.http.basePath;
const dataFieldEs = data.reduce((acc, d) => ({ ...acc, [d.field]: d.value }), {});
const parsedFields = parseTechnicalFields(dataFieldEs);
const formatter = observabilityRuleTypeRegistry.getFormatter(parsedFields[RULE_ID]!);
const formatter = observabilityRuleTypeRegistry.getFormatter(parsedFields[ALERT_RULE_TYPE_ID]!);
const formatted = {
link: undefined,
reason: parsedFields[RULE_NAME]!,
reason: parsedFields[ALERT_RULE_NAME]!,
...(formatter?.({ fields: parsedFields, formatters: { asDuration, asPercent } }) ?? {}),
};

8
x-pack/plugins/observability/public/pages/alerts/decorate_response.ts
View file

@ -6,8 +6,8 @@
*/
import {
RULE_ID,
RULE_NAME,
ALERT_RULE_TYPE_ID,
ALERT_RULE_NAME,
ALERT_STATUS,
ALERT_START,
} from '@kbn/rule-data-utils/target/technical_field_names';
@ -22,10 +22,10 @@ export function decorateResponse(
): TopAlert[] {
return alerts.map((alert) => {
const parsedFields = parseTechnicalFields(alert);
const formatter = observabilityRuleTypeRegistry.getFormatter(parsedFields[RULE_ID]!);
const formatter = observabilityRuleTypeRegistry.getFormatter(parsedFields[ALERT_RULE_TYPE_ID]!);
const formatted = {
link: undefined,
reason: parsedFields[RULE_NAME]!,
reason: parsedFields[ALERT_RULE_NAME]!,
...(formatter?.({ fields: parsedFields, formatters: { asDuration, asPercent } }) ?? {}),
};

35
x-pack/plugins/observability/public/pages/alerts/example_data.ts
View file

@ -11,49 +11,54 @@ import {
ALERT_ID,
ALERT_SEVERITY_LEVEL,
ALERT_SEVERITY_VALUE,
ALERT_RULE_TYPE_ID,
ALERT_START,
ALERT_STATUS,
ALERT_UUID,
ALERT_RULE_UUID,
ALERT_RULE_NAME,
ALERT_RULE_CATEGORY,
ALERT_RULE_PRODUCER,
} from '@kbn/rule-data-utils';
export const apmAlertResponseExample = [
{
'rule.id': ['apm.error_rate'],
[ALERT_RULE_TYPE_ID]: ['apm.error_rate'],
'service.name': ['opbeans-java'],
'rule.name': ['Error count threshold | opbeans-java (smith test)'],
[ALERT_RULE_NAME]: ['Error count threshold | opbeans-java (smith test)'],
[ALERT_DURATION]: [180057000],
[ALERT_STATUS]: ['open'],
[ALERT_SEVERITY_LEVEL]: ['warning'],
tags: ['apm', 'service.name:opbeans-java'],
[ALERT_UUID]: ['0175ec0a-a3b1-4d41-b557-e21c2d024352'],
'rule.uuid': ['474920d0-93e9-11eb-ac86-0b455460de81'],
[ALERT_RULE_UUID]: ['474920d0-93e9-11eb-ac86-0b455460de81'],
'event.action': ['active'],
'@timestamp': ['2021-04-12T13:53:49.550Z'],
[ALERT_ID]: ['apm.error_rate_opbeans-java_production'],
[ALERT_START]: ['2021-04-12T13:50:49.493Z'],
'kibana.producer': ['apm'],
[ALERT_RULE_PRODUCER]: ['apm'],
'event.kind': ['state'],
'rule.category': ['Error count threshold'],
[ALERT_RULE_CATEGORY]: ['Error count threshold'],
'service.environment': ['production'],
'processor.event': ['error'],
},
{
'rule.id': ['apm.error_rate'],
[ALERT_RULE_TYPE_ID]: ['apm.error_rate'],
'service.name': ['opbeans-java'],
'rule.name': ['Error count threshold | opbeans-java (smith test)'],
[ALERT_RULE_NAME]: ['Error count threshold | opbeans-java (smith test)'],
[ALERT_DURATION]: [2419005000],
[ALERT_END]: ['2021-04-12T13:49:49.446Z'],
[ALERT_STATUS]: ['closed'],
tags: ['apm', 'service.name:opbeans-java'],
[ALERT_UUID]: ['32b940e1-3809-4c12-8eee-f027cbb385e2'],
'rule.uuid': ['474920d0-93e9-11eb-ac86-0b455460de81'],
[ALERT_RULE_UUID]: ['474920d0-93e9-11eb-ac86-0b455460de81'],
'event.action': ['close'],
'@timestamp': ['2021-04-12T13:49:49.446Z'],
[ALERT_ID]: ['apm.error_rate_opbeans-java_production'],
[ALERT_START]: ['2021-04-12T13:09:30.441Z'],
'kibana.producer': ['apm'],
[ALERT_RULE_PRODUCER]: ['apm'],
'event.kind': ['state'],
'rule.category': ['Error count threshold'],
[ALERT_RULE_CATEGORY]: ['Error count threshold'],
'service.environment': ['production'],
'processor.event': ['error'],
},
@ -158,7 +163,7 @@ export const dynamicIndexPattern = {
readFromDocValues: true,
},
{
name: 'kibana.producer',
name: [ALERT_RULE_PRODUCER],
type: 'string',
esTypes: ['keyword'],
searchable: true,
@ -174,7 +179,7 @@ export const dynamicIndexPattern = {
readFromDocValues: true,
},
{
name: 'rule.category',
name: [ALERT_RULE_CATEGORY],
type: 'string',
esTypes: ['keyword'],
searchable: true,
@ -182,7 +187,7 @@ export const dynamicIndexPattern = {
readFromDocValues: true,
},
{
name: 'rule.id',
name: [ALERT_RULE_TYPE_ID],
type: 'string',
esTypes: ['keyword'],
searchable: true,
@ -190,7 +195,7 @@ export const dynamicIndexPattern = {
readFromDocValues: true,
},
{
name: 'rule.name',
name: [ALERT_RULE_NAME],
type: 'string',
esTypes: ['keyword'],
searchable: true,
@ -198,7 +203,7 @@ export const dynamicIndexPattern = {
readFromDocValues: true,
},
{
name: 'rule.uuid',
name: [ALERT_RULE_UUID],
type: 'string',
esTypes: ['keyword'],
searchable: true,

4
x-pack/plugins/observability/public/pages/alerts/render_cell_value.tsx
View file

@ -12,7 +12,7 @@ import {
ALERT_SEVERITY_LEVEL,
ALERT_STATUS,
ALERT_START,
RULE_NAME,
ALERT_RULE_NAME,
} from '@kbn/rule-data-utils/target/technical_field_names';
import type { CellValueElementProps, TimelineNonEcsData } from '../../../../timelines/common';
@ -93,7 +93,7 @@ export const getRenderCellValue = ({
return asDuration(Number(value));
case ALERT_SEVERITY_LEVEL:
return <SeverityBadge severityLevel={value ?? undefined} />;
case RULE_NAME:
case ALERT_RULE_NAME:
const dataFieldEs = data.reduce((acc, d) => ({ ...acc, [d.field]: d.value }), {});
const decoratedAlerts = decorateResponse(
[dataFieldEs] ?? [],

14
x-pack/plugins/rule_registry/README.md
View file

@ -11,9 +11,11 @@ It also exposes a rule data client that will create or update the index stream t
By default, these indices will be prefixed with `.alerts`. To change this, for instance to support legacy multitenancy, set the following configuration option:
```yaml
xpack.ruleRegistry.index: '.kibana-alerts'
xpack.ruleRegistry.index: 'myAlerts'
```
The above produces an alerts index prefixed `.alerts-myAlerts`.
To disable writing entirely:
```yaml
@ -120,11 +122,11 @@ The following fields are defined in the technical field component template and s
- `event.kind`: signal (for the changeable alert document), state (for the state changes of the alert, e.g. when it opens, recovers, or changes in severity), or metric (individual evaluations that might be related to an alert).
- `event.action`: the reason for the event. This might be `open`, `close`, `active`, or `evaluate`.
- `tags`: tags attached to the alert. Right now they are copied over from the rule.
- `rule.id`: the identifier of the rule type, e.g. `apm.transaction_duration`
- `rule.uuid`: the saved objects id of the rule.
- `rule.name`: the name of the rule (as specified by the user).
- `rule.category`: the name of the rule type (as defined by the rule type producer)
- `kibana.alert.owner`: the feature which produced the alert. Usually a Kibana feature id like `apm`, `siem`...
- `kibana.alert.rule.rule_type_id`: the identifier of the rule type, e.g. `apm.transaction_duration`
- `kibana.alert.rule.uuid`: the saved objects id of the rule.
- `kibana.alert.rule.name`: the name of the rule (as specified by the user).
- `kibana.alert.rule.category`: the name of the rule type (as defined by the rule type producer)
- `kibana.alert.rule.consumer`: the feature which produced the alert (inherited from the rule producer field). Usually a Kibana feature id like `apm`, `siem`...
- `kibana.alert.id`: the id of the alert, that is unique within the context of the rule execution it was created in. E.g., for a rule that monitors latency for all services in all environments, this might be `opbeans-java:production`.
- `kibana.alert.uuid`: the unique identifier for the alert during its lifespan. If an alert recovers (or closes), this identifier is re-generated when it is opened again.
- `kibana.alert.status`: the status of the alert. Can be `open` or `closed`.

33
x-pack/plugins/rule_registry/common/assets/field_maps/technical_rule_field_map.ts
View file

@ -14,14 +14,11 @@ export const technicalRuleFieldMap = {
Fields.TIMESTAMP,
Fields.EVENT_KIND,
Fields.EVENT_ACTION,
Fields.RULE_UUID,
Fields.RULE_ID,
Fields.RULE_NAME,
Fields.RULE_CATEGORY,
Fields.TAGS
),
[Fields.ALERT_OWNER]: { type: 'keyword', required: true },
[Fields.ALERT_PRODUCER]: { type: 'keyword' },
[Fields.ALERT_RULE_TYPE_ID]: { type: 'keyword', required: true },
[Fields.ALERT_RULE_CONSUMER]: { type: 'keyword', required: true },
[Fields.ALERT_RULE_PRODUCER]: { type: 'keyword' },
[Fields.SPACE_IDS]: { type: 'keyword', array: true, required: true },
[Fields.ALERT_UUID]: { type: 'keyword' },
[Fields.ALERT_ID]: { type: 'keyword' },
@ -33,11 +30,6 @@ export const technicalRuleFieldMap = {
[Fields.ALERT_STATUS]: { type: 'keyword' },
[Fields.ALERT_EVALUATION_THRESHOLD]: { type: 'scaled_float', scaling_factor: 100 },
[Fields.ALERT_EVALUATION_VALUE]: { type: 'scaled_float', scaling_factor: 100 },
[Fields.CONSUMERS]: {
type: 'keyword',
array: true,
required: false,
},
[Fields.VERSION]: {
type: 'keyword',
array: false,
@ -93,9 +85,19 @@ export const technicalRuleFieldMap = {
array: false,
required: false,
},
[Fields.ALERT_RULE_CONSUMERS]: {
[Fields.ALERT_RULE_CATEGORY]: {
type: 'keyword',
array: true,
array: false,
required: false,
},
[Fields.ALERT_RULE_UUID]: {
type: 'keyword',
array: false,
required: false,
},
[Fields.ALERT_RULE_ID]: {
type: 'keyword',
array: false,
required: false,
},
[Fields.ALERT_RULE_CREATED_AT]: {
@ -123,11 +125,6 @@ export const technicalRuleFieldMap = {
array: false,
required: false,
},
[Fields.ALERT_RULE_ID]: {
type: 'keyword',
array: false,
required: false,
},
[Fields.ALERT_RULE_INTERVAL]: {
type: 'keyword',
array: false,

31
x-pack/plugins/rule_registry/server/alert_data_client/alerts_client.ts
View file

@ -29,8 +29,8 @@ import { alertAuditEvent, operationAlertAuditActionMap } from './audit_events';
import { AuditLogger } from '../../../security/server';
import {
ALERT_STATUS,
ALERT_OWNER,
RULE_ID,
ALERT_RULE_CONSUMER,
ALERT_RULE_TYPE_ID,
SPACE_IDS,
} from '../../common/technical_rule_data_field_names';
import { ParsedTechnicalFields } from '../../common/parse_technical_fields';
@ -40,11 +40,15 @@ type NonNullableProps<Obj extends {}, Props extends keyof Obj> = Omit<Obj, Props
{ [K in Props]-?: NonNullable<Obj[K]> };
type AlertType = NonNullableProps<
ParsedTechnicalFields,
typeof RULE_ID | typeof ALERT_OWNER | typeof SPACE_IDS
typeof ALERT_RULE_TYPE_ID | typeof ALERT_RULE_CONSUMER | typeof SPACE_IDS
>;
const isValidAlert = (source?: ParsedTechnicalFields): source is AlertType => {
return source?.[RULE_ID] != null && source?.[ALERT_OWNER] != null && source?.[SPACE_IDS] != null;
return (
source?.[ALERT_RULE_TYPE_ID] != null &&
source?.[ALERT_RULE_CONSUMER] != null &&
source?.[SPACE_IDS] != null
);
};
export interface ConstructorOptions {
logger: Logger;
@ -121,7 +125,10 @@ export class AlertsClient {
_id: string;
// this is typed kind of crazy to fit the output of es api response to this
_source?:
| { [RULE_ID]?: string | null | undefined; [ALERT_OWNER]?: string | null | undefined }
| {
[ALERT_RULE_TYPE_ID]?: string | null | undefined;
[ALERT_RULE_CONSUMER]?: string | null | undefined;
}
| null
| undefined;
}>,
@ -132,16 +139,16 @@ export class AlertsClient {
hitIds: [hit._id, ...acc.hitIds],
ownersAndRuleTypeIds: [
{
[RULE_ID]: hit?._source?.[RULE_ID],
[ALERT_OWNER]: hit?._source?.[ALERT_OWNER],
[ALERT_RULE_TYPE_ID]: hit?._source?.[ALERT_RULE_TYPE_ID],
[ALERT_RULE_CONSUMER]: hit?._source?.[ALERT_RULE_CONSUMER],
},
],
}),
{ hitIds: [], ownersAndRuleTypeIds: [] } as {
hitIds: string[];
ownersAndRuleTypeIds: Array<{
[RULE_ID]: string | null | undefined;
[ALERT_OWNER]: string | null | undefined;
[ALERT_RULE_TYPE_ID]: string | null | undefined;
[ALERT_RULE_CONSUMER]: string | null | undefined;
}>;
}
);
@ -150,8 +157,8 @@ export class AlertsClient {
return Promise.all(
ownersAndRuleTypeIds.map((hit) => {
const alertOwner = hit?.[ALERT_OWNER];
const ruleId = hit?.[RULE_ID];
const alertOwner = hit?.[ALERT_RULE_CONSUMER];
const ruleId = hit?.[ALERT_RULE_TYPE_ID];
if (hit != null && assertString(alertOwner) && assertString(ruleId)) {
return this.authorization.ensureAuthorized({
ruleTypeId: ruleId,
@ -322,7 +329,7 @@ export class AlertsClient {
AlertingAuthorizationEntity.Alert,
{
type: AlertingAuthorizationFilterType.ESDSL,
fieldNames: { consumer: ALERT_OWNER, ruleTypeId: RULE_ID },
fieldNames: { consumer: ALERT_RULE_CONSUMER, ruleTypeId: ALERT_RULE_TYPE_ID },
},
operation
);

39
x-pack/plugins/rule_registry/server/alert_data_client/tests/bulk_update.test.ts
View file

@ -5,7 +5,12 @@
* 2.0.
*/
import { ALERT_OWNER, ALERT_STATUS, SPACE_IDS, RULE_ID } from '@kbn/rule-data-utils';
import {
ALERT_RULE_CONSUMER,
ALERT_STATUS,
SPACE_IDS,
ALERT_RULE_TYPE_ID,
} from '@kbn/rule-data-utils';
import { AlertsClient, ConstructorOptions } from '../alerts_client';
import { loggingSystemMock } from '../../../../../../src/core/server/mocks';
// eslint-disable-next-line @kbn/eslint/no-restricted-paths
@ -77,8 +82,8 @@ describe('bulkUpdate()', () => {
_id: fakeAlertId,
_index: indexName,
_source: {
[RULE_ID]: 'apm.error_rate',
[ALERT_OWNER]: 'apm',
[ALERT_RULE_TYPE_ID]: 'apm.error_rate',
[ALERT_RULE_CONSUMER]: 'apm',
[ALERT_STATUS]: 'open',
[SPACE_IDS]: [DEFAULT_SPACE],
},
@ -134,8 +139,8 @@ describe('bulkUpdate()', () => {
_id: fakeAlertId,
_index: indexName,
_source: {
[RULE_ID]: fakeRuleTypeId,
[ALERT_OWNER]: 'apm',
[ALERT_RULE_TYPE_ID]: fakeRuleTypeId,
[ALERT_RULE_CONSUMER]: 'apm',
[ALERT_STATUS]: 'open',
[SPACE_IDS]: [DEFAULT_SPACE],
},
@ -180,8 +185,8 @@ describe('bulkUpdate()', () => {
_id: successfulAuthzHit,
_index: indexName,
_source: {
[RULE_ID]: 'apm.error_rate',
[ALERT_OWNER]: 'apm',
[ALERT_RULE_TYPE_ID]: 'apm.error_rate',
[ALERT_RULE_CONSUMER]: 'apm',
[ALERT_STATUS]: 'open',
[SPACE_IDS]: [DEFAULT_SPACE],
},
@ -190,8 +195,8 @@ describe('bulkUpdate()', () => {
_id: unsuccessfulAuthzHit,
_index: indexName,
_source: {
[RULE_ID]: fakeRuleTypeId,
[ALERT_OWNER]: 'apm',
[ALERT_RULE_TYPE_ID]: fakeRuleTypeId,
[ALERT_RULE_CONSUMER]: 'apm',
[ALERT_STATUS]: 'open',
[SPACE_IDS]: [DEFAULT_SPACE],
},
@ -267,8 +272,8 @@ describe('bulkUpdate()', () => {
_id: fakeAlertId,
_index: '.alerts-observability-apm.alerts',
_source: {
[RULE_ID]: 'apm.error_rate',
[ALERT_OWNER]: 'apm',
[ALERT_RULE_TYPE_ID]: 'apm.error_rate',
[ALERT_RULE_CONSUMER]: 'apm',
[ALERT_STATUS]: 'open',
[SPACE_IDS]: [DEFAULT_SPACE],
},
@ -327,8 +332,8 @@ describe('bulkUpdate()', () => {
_id: fakeAlertId,
_index: '.alerts-observability-apm.alerts',
_source: {
[RULE_ID]: fakeRuleTypeId,
[ALERT_OWNER]: 'apm',
[ALERT_RULE_TYPE_ID]: fakeRuleTypeId,
[ALERT_RULE_CONSUMER]: 'apm',
[ALERT_STATUS]: 'open',
[SPACE_IDS]: [DEFAULT_SPACE],
},
@ -388,8 +393,8 @@ describe('bulkUpdate()', () => {
_id: successfulAuthzHit,
_index: '.alerts-observability-apm.alerts',
_source: {
[RULE_ID]: 'apm.error_rate',
[ALERT_OWNER]: 'apm',
[ALERT_RULE_TYPE_ID]: 'apm.error_rate',
[ALERT_RULE_CONSUMER]: 'apm',
[ALERT_STATUS]: 'open',
[SPACE_IDS]: [DEFAULT_SPACE],
},
@ -398,8 +403,8 @@ describe('bulkUpdate()', () => {
_id: unsuccessfulAuthzHit,
_index: '.alerts-observability-apm.alerts',
_source: {
[RULE_ID]: fakeRuleTypeId,
[ALERT_OWNER]: 'apm',
[ALERT_RULE_TYPE_ID]: fakeRuleTypeId,
[ALERT_RULE_CONSUMER]: 'apm',
[ALERT_STATUS]: 'open',
[SPACE_IDS]: [DEFAULT_SPACE],
},

31
x-pack/plugins/rule_registry/server/alert_data_client/tests/get.test.ts
View file

@ -5,7 +5,12 @@
* 2.0.
*/
import { ALERT_OWNER, ALERT_STATUS, RULE_ID, SPACE_IDS } from '@kbn/rule-data-utils';
import {
ALERT_RULE_CONSUMER,
ALERT_STATUS,
SPACE_IDS,
ALERT_RULE_TYPE_ID,
} from '@kbn/rule-data-utils';
import { AlertsClient, ConstructorOptions } from '../alerts_client';
import { loggingSystemMock } from '../../../../../../src/core/server/mocks';
// eslint-disable-next-line @kbn/eslint/no-restricted-paths
@ -85,9 +90,9 @@ describe('get()', () => {
_seq_no: 362,
_primary_term: 2,
_source: {
'rule.id': 'apm.error_rate',
[ALERT_RULE_TYPE_ID]: 'apm.error_rate',
message: 'hello world 1',
[ALERT_OWNER]: 'apm',
[ALERT_RULE_CONSUMER]: 'apm',
[ALERT_STATUS]: 'open',
[SPACE_IDS]: ['test_default_space_id'],
},
@ -100,13 +105,13 @@ describe('get()', () => {
const result = await alertsClient.get({ id: '1', index: '.alerts-observability-apm' });
expect(result).toMatchInlineSnapshot(`
Object {
"kibana.alert.owner": "apm",
"kibana.alert.rule.consumer": "apm",
"kibana.alert.rule.rule_type_id": "apm.error_rate",
"kibana.alert.status": "open",
"kibana.space_ids": Array [
"test_default_space_id",
],
"message": "hello world 1",
"rule.id": "apm.error_rate",
}
`);
expect(esClientMock.search).toHaveBeenCalledTimes(1);
@ -184,9 +189,9 @@ describe('get()', () => {
_seq_no: 362,
_primary_term: 2,
_source: {
'rule.id': 'apm.error_rate',
[ALERT_RULE_TYPE_ID]: 'apm.error_rate',
message: 'hello world 1',
[ALERT_OWNER]: 'apm',
[ALERT_RULE_CONSUMER]: 'apm',
[ALERT_STATUS]: 'open',
[SPACE_IDS]: ['test_default_space_id'],
},
@ -235,8 +240,8 @@ describe('get()', () => {
_id: fakeAlertId,
_index: indexName,
_source: {
[RULE_ID]: fakeRuleTypeId,
[ALERT_OWNER]: 'apm',
[ALERT_RULE_TYPE_ID]: fakeRuleTypeId,
[ALERT_RULE_CONSUMER]: 'apm',
[ALERT_STATUS]: 'open',
[SPACE_IDS]: [DEFAULT_SPACE],
},
@ -307,9 +312,9 @@ describe('get()', () => {
_seq_no: 362,
_primary_term: 2,
_source: {
'rule.id': 'apm.error_rate',
[ALERT_RULE_TYPE_ID]: 'apm.error_rate',
message: 'hello world 1',
[ALERT_OWNER]: 'apm',
[ALERT_RULE_CONSUMER]: 'apm',
[ALERT_STATUS]: 'open',
[SPACE_IDS]: ['test_default_space_id'],
},
@ -330,13 +335,13 @@ describe('get()', () => {
expect(result).toMatchInlineSnapshot(`
Object {
"kibana.alert.owner": "apm",
"kibana.alert.rule.consumer": "apm",
"kibana.alert.rule.rule_type_id": "apm.error_rate",
"kibana.alert.status": "open",
"kibana.space_ids": Array [
"test_default_space_id",
],
"message": "hello world 1",
"rule.id": "apm.error_rate",
}
`);
});

27
x-pack/plugins/rule_registry/server/alert_data_client/tests/update.test.ts
View file

@ -5,7 +5,12 @@
* 2.0.
*/
import { ALERT_OWNER, ALERT_STATUS, SPACE_IDS, RULE_ID } from '@kbn/rule-data-utils';
import {
ALERT_RULE_CONSUMER,
ALERT_STATUS,
SPACE_IDS,
ALERT_RULE_TYPE_ID,
} from '@kbn/rule-data-utils';
import { AlertsClient, ConstructorOptions } from '../alerts_client';
import { loggingSystemMock } from '../../../../../../src/core/server/mocks';
// eslint-disable-next-line @kbn/eslint/no-restricted-paths
@ -82,9 +87,9 @@ describe('update()', () => {
_index: '.alerts-observability-apm',
_id: 'NoxgpHkBqbdrfX07MqXV',
_source: {
[RULE_ID]: 'apm.error_rate',
[ALERT_RULE_TYPE_ID]: 'apm.error_rate',
message: 'hello world 1',
[ALERT_OWNER]: 'apm',
[ALERT_RULE_CONSUMER]: 'apm',
[ALERT_STATUS]: 'open',
[SPACE_IDS]: [DEFAULT_SPACE],
},
@ -168,9 +173,9 @@ describe('update()', () => {
_index: '.alerts-observability-apm',
_id: 'NoxgpHkBqbdrfX07MqXV',
_source: {
'rule.id': 'apm.error_rate',
[ALERT_RULE_TYPE_ID]: 'apm.error_rate',
message: 'hello world 1',
[ALERT_OWNER]: 'apm',
[ALERT_RULE_CONSUMER]: 'apm',
[ALERT_STATUS]: 'open',
[SPACE_IDS]: [DEFAULT_SPACE],
},
@ -242,8 +247,8 @@ describe('update()', () => {
_id: fakeAlertId,
_index: indexName,
_source: {
[RULE_ID]: fakeRuleTypeId,
[ALERT_OWNER]: 'apm',
[ALERT_RULE_TYPE_ID]: fakeRuleTypeId,
[ALERT_RULE_CONSUMER]: 'apm',
[ALERT_STATUS]: 'open',
[SPACE_IDS]: [DEFAULT_SPACE],
},
@ -323,9 +328,9 @@ describe('update()', () => {
_index: '.alerts-observability-apm',
_id: 'NoxgpHkBqbdrfX07MqXV',
_source: {
'rule.id': 'apm.error_rate',
[ALERT_RULE_TYPE_ID]: 'apm.error_rate',
message: 'hello world 1',
[ALERT_OWNER]: 'apm',
[ALERT_RULE_CONSUMER]: 'apm',
[ALERT_STATUS]: 'open',
[SPACE_IDS]: [DEFAULT_SPACE],
},
@ -383,9 +388,9 @@ describe('update()', () => {
_seq_no: 362,
_primary_term: 2,
_source: {
'rule.id': 'apm.error_rate',
[ALERT_RULE_TYPE_ID]: 'apm.error_rate',
message: 'hello world 1',
[ALERT_OWNER]: 'apm',
[ALERT_RULE_CONSUMER]: 'apm',
[ALERT_STATUS]: 'open',
[SPACE_IDS]: [DEFAULT_SPACE],
},

12
x-pack/plugins/rule_registry/server/routes/get_alert_by_id.test.ts
View file

@ -6,13 +6,11 @@
*/
import {
ALERT_OWNER,
ALERT_RULE_CONSUMER,
ALERT_RULE_RISK_SCORE,
ALERT_RULE_SEVERITY,
ALERT_STATUS,
CONSUMERS,
ECS_VERSION,
RULE_ID,
ALERT_RULE_TYPE_ID,
SPACE_IDS,
TIMESTAMP,
VERSION,
@ -28,14 +26,12 @@ import { requestMock, serverMock } from './__mocks__/server';
const getMockAlert = (): ParsedTechnicalFields => ({
[TIMESTAMP]: '2021-06-21T21:33:05.713Z',
[ECS_VERSION]: '1.0.0',
[CONSUMERS]: [],
[VERSION]: '7.13.0',
[RULE_ID]: 'apm.error_rate',
[ALERT_OWNER]: 'apm',
[ALERT_RULE_TYPE_ID]: 'apm.error_rate',
[ALERT_RULE_CONSUMER]: 'apm',
[ALERT_STATUS]: 'open',
[ALERT_RULE_RISK_SCORE]: 20,
[SPACE_IDS]: ['fake-space-id'],
[ALERT_RULE_SEVERITY]: 'warning',
});
describe('getAlertByIdRoute', () => {

22
x-pack/plugins/rule_registry/server/utils/create_lifecycle_executor.test.ts
View file

@ -23,8 +23,8 @@ import {
ALERT_STATUS,
EVENT_ACTION,
EVENT_KIND,
RULE_ID,
ALERT_OWNER,
ALERT_RULE_TYPE_ID,
ALERT_RULE_CONSUMER,
SPACE_IDS,
} from '../../common/technical_rule_data_field_names';
import { createRuleDataClientMock } from '../rule_data_client/create_rule_data_client_mock';
@ -131,16 +131,16 @@ describe('createLifecycleExecutor', () => {
{
fields: {
[ALERT_ID]: 'TEST_ALERT_0',
[ALERT_OWNER]: 'CONSUMER',
[RULE_ID]: 'RULE_TYPE_ID',
[ALERT_RULE_CONSUMER]: 'CONSUMER',
[ALERT_RULE_TYPE_ID]: 'RULE_TYPE_ID',
labels: { LABEL_0_KEY: 'LABEL_0_VALUE' }, // this must not show up in the written doc
},
},
{
fields: {
[ALERT_ID]: 'TEST_ALERT_1',
[ALERT_OWNER]: 'CONSUMER',
[RULE_ID]: 'RULE_TYPE_ID',
[ALERT_RULE_CONSUMER]: 'CONSUMER',
[ALERT_RULE_TYPE_ID]: 'RULE_TYPE_ID',
labels: { LABEL_0_KEY: 'LABEL_0_VALUE' }, // this must not show up in the written doc
},
},
@ -229,8 +229,8 @@ describe('createLifecycleExecutor', () => {
fields: {
'@timestamp': '',
[ALERT_ID]: 'TEST_ALERT_0',
[ALERT_OWNER]: 'CONSUMER',
[RULE_ID]: 'RULE_TYPE_ID',
[ALERT_RULE_CONSUMER]: 'CONSUMER',
[ALERT_RULE_TYPE_ID]: 'RULE_TYPE_ID',
[SPACE_IDS]: ['fake-space-id'],
labels: { LABEL_0_KEY: 'LABEL_0_VALUE' }, // this must show up in the written doc
},
@ -239,8 +239,8 @@ describe('createLifecycleExecutor', () => {
fields: {
'@timestamp': '',
[ALERT_ID]: 'TEST_ALERT_1',
[ALERT_OWNER]: 'CONSUMER',
[RULE_ID]: 'RULE_TYPE_ID',
[ALERT_RULE_CONSUMER]: 'CONSUMER',
[ALERT_RULE_TYPE_ID]: 'RULE_TYPE_ID',
[SPACE_IDS]: ['fake-space-id'],
labels: { LABEL_0_KEY: 'LABEL_0_VALUE' }, // this must not show up in the written doc
},
@ -335,7 +335,7 @@ const createDefaultAlertExecutorOptions = <
ActionGroupIds extends string = ''
>({
alertId = 'ALERT_ID',
ruleName = 'RULE_NAME',
ruleName = 'ALERT_RULE_NAME',
params,
state,
createdAt = new Date(),

18
x-pack/plugins/rule_registry/server/utils/create_lifecycle_executor.ts
View file

@ -29,9 +29,9 @@ import {
ALERT_UUID,
EVENT_ACTION,
EVENT_KIND,
ALERT_OWNER,
RULE_ID,
RULE_UUID,
ALERT_RULE_CONSUMER,
ALERT_RULE_TYPE_ID,
ALERT_RULE_UUID,
TIMESTAMP,
SPACE_IDS,
} from '../../common/technical_rule_data_field_names';
@ -155,8 +155,8 @@ export const createLifecycleExecutor = (
currentAlerts[id] = {
...fields,
[ALERT_ID]: id,
[RULE_ID]: rule.ruleTypeId,
[ALERT_OWNER]: rule.consumer,
[ALERT_RULE_TYPE_ID]: rule.ruleTypeId,
[ALERT_RULE_CONSUMER]: rule.consumer,
};
return alertInstanceFactory(id);
},
@ -197,7 +197,7 @@ export const createLifecycleExecutor = (
filter: [
{
term: {
[RULE_UUID]: ruleExecutorData[RULE_UUID],
[ALERT_RULE_UUID]: ruleExecutorData[ALERT_RULE_UUID],
},
},
{
@ -229,8 +229,8 @@ export const createLifecycleExecutor = (
alertsDataMap[alertId] = {
...fields,
[ALERT_ID]: alertId,
[RULE_ID]: rule.ruleTypeId,
[ALERT_OWNER]: rule.consumer,
[ALERT_RULE_TYPE_ID]: rule.ruleTypeId,
[ALERT_RULE_CONSUMER]: rule.consumer,
};
});
}
@ -247,7 +247,7 @@ export const createLifecycleExecutor = (
...ruleExecutorData,
[TIMESTAMP]: timestamp,
[EVENT_KIND]: 'signal',
[ALERT_OWNER]: rule.consumer,
[ALERT_RULE_CONSUMER]: rule.consumer,
[ALERT_ID]: alertId,
} as ParsedTechnicalFields;

50
x-pack/plugins/rule_registry/server/utils/create_lifecycle_rule_type.test.ts
View file

@ -6,15 +6,7 @@
*/
import { schema } from '@kbn/config-schema';
import {
ALERT_DURATION,
ALERT_ID,
ALERT_OWNER,
ALERT_PRODUCER,
ALERT_START,
ALERT_STATUS,
ALERT_UUID,
} from '@kbn/rule-data-utils';
import { ALERT_DURATION, ALERT_STATUS, ALERT_UUID } from '@kbn/rule-data-utils';
import { loggerMock } from '@kbn/logging/target/mocks';
import { castArray, omit, mapValues } from 'lodash';
import { RuleDataClient } from '../rule_data_client';
@ -197,19 +189,19 @@ describe('createLifecycleRuleTypeFactory', () => {
"@timestamp": "2021-06-16T09:01:00.000Z",
"event.action": "open",
"event.kind": "signal",
"${ALERT_DURATION}": 0,
"${ALERT_ID}": "opbeans-java",
"${ALERT_OWNER}": "consumer",
"${ALERT_PRODUCER}": "producer",
"${ALERT_START}": "2021-06-16T09:01:00.000Z",
"${ALERT_STATUS}": "open",
"kibana.alert.duration.us": 0,
"kibana.alert.id": "opbeans-java",
"kibana.alert.rule.category": "ruleTypeName",
"kibana.alert.rule.consumer": "consumer",
"kibana.alert.rule.name": "name",
"kibana.alert.rule.producer": "producer",
"kibana.alert.rule.rule_type_id": "ruleTypeId",
"kibana.alert.rule.uuid": "alertId",
"kibana.alert.start": "2021-06-16T09:01:00.000Z",
"kibana.alert.status": "open",
"kibana.space_ids": Array [
"spaceId",
],
"rule.category": "ruleTypeName",
"rule.id": "ruleTypeId",
"rule.name": "name",
"rule.uuid": "alertId",
"service.name": "opbeans-java",
"tags": Array [
"tags",
@ -219,19 +211,19 @@ describe('createLifecycleRuleTypeFactory', () => {
"@timestamp": "2021-06-16T09:01:00.000Z",
"event.action": "open",
"event.kind": "signal",
"${ALERT_DURATION}": 0,
"${ALERT_ID}": "opbeans-node",
"${ALERT_OWNER}": "consumer",
"${ALERT_PRODUCER}": "producer",
"${ALERT_START}": "2021-06-16T09:01:00.000Z",
"${ALERT_STATUS}": "open",
"kibana.alert.duration.us": 0,
"kibana.alert.id": "opbeans-node",
"kibana.alert.rule.category": "ruleTypeName",
"kibana.alert.rule.consumer": "consumer",
"kibana.alert.rule.name": "name",
"kibana.alert.rule.producer": "producer",
"kibana.alert.rule.rule_type_id": "ruleTypeId",
"kibana.alert.rule.uuid": "alertId",
"kibana.alert.start": "2021-06-16T09:01:00.000Z",
"kibana.alert.status": "open",
"kibana.space_ids": Array [
"spaceId",
],
"rule.category": "ruleTypeName",
"rule.id": "ruleTypeId",
"rule.name": "name",
"rule.uuid": "alertId",
"service.name": "opbeans-node",
"tags": Array [
"tags",

30
x-pack/plugins/rule_registry/server/utils/get_rule_executor_data.ts
View file

@ -7,30 +7,30 @@
import { AlertExecutorOptions } from '../../../alerting/server';
import {
ALERT_PRODUCER,
RULE_CATEGORY,
RULE_ID,
RULE_NAME,
RULE_UUID,
ALERT_RULE_PRODUCER,
ALERT_RULE_CATEGORY,
ALERT_RULE_TYPE_ID,
ALERT_RULE_NAME,
ALERT_RULE_UUID,
TAGS,
} from '../../common/technical_rule_data_field_names';
export interface RuleExecutorData {
[RULE_CATEGORY]: string;
[RULE_ID]: string;
[RULE_UUID]: string;
[RULE_NAME]: string;
[ALERT_PRODUCER]: string;
[ALERT_RULE_CATEGORY]: string;
[ALERT_RULE_TYPE_ID]: string;
[ALERT_RULE_UUID]: string;
[ALERT_RULE_NAME]: string;
[ALERT_RULE_PRODUCER]: string;
[TAGS]: string[];
}
export function getRuleData(options: AlertExecutorOptions<any, any, any, any, any>) {
return {
[RULE_ID]: options.rule.ruleTypeId,
[RULE_UUID]: options.alertId,
[RULE_CATEGORY]: options.rule.ruleTypeName,
[RULE_NAME]: options.rule.name,
[ALERT_RULE_TYPE_ID]: options.rule.ruleTypeId,
[ALERT_RULE_UUID]: options.alertId,
[ALERT_RULE_CATEGORY]: options.rule.ruleTypeName,
[ALERT_RULE_NAME]: options.rule.name,
[TAGS]: options.tags,
[ALERT_PRODUCER]: options.rule.producer,
[ALERT_RULE_PRODUCER]: options.rule.producer,
};
}

6
x-pack/plugins/security_solution/public/common/components/navigation/breadcrumbs/index.test.ts
View file

@ -330,7 +330,7 @@ describe('Navigation Breadcrumbs', () => {
test('should return Rules breadcrumbs when supplied rules Details pathname', () => {
const mockDetailName = '5a4a0460-d822-11eb-8962-bfd4aff0a9b3';
const mockRuleName = 'RULE_NAME';
const mockRuleName = 'ALERT_RULE_NAME';
const breadcrumbs = getBreadcrumbsForRoute(
{
...getMockObject('rules', `/rules/id/${mockDetailName}`, undefined),
@ -357,7 +357,7 @@ describe('Navigation Breadcrumbs', () => {
test('should return Rules breadcrumbs when supplied rules Edit pathname', () => {
const mockDetailName = '5a4a0460-d822-11eb-8962-bfd4aff0a9b3';
const mockRuleName = 'RULE_NAME';
const mockRuleName = 'ALERT_RULE_NAME';
const breadcrumbs = getBreadcrumbsForRoute(
{
...getMockObject('rules', `/rules/id/${mockDetailName}/edit`, undefined),
@ -376,7 +376,7 @@ describe('Navigation Breadcrumbs', () => {
"securitySolution/rules?sourcerer=()&timerange=(global:(linkTo:!(timeline),timerange:(from:'2019-05-16T23:10:43.696Z',fromStr:now-24h,kind:relative,to:'2019-05-17T23:10:43.697Z',toStr:now)),timeline:(linkTo:!(global),timerange:(from:'2019-05-16T23:10:43.696Z',fromStr:now-24h,kind:relative,to:'2019-05-17T23:10:43.697Z',toStr:now)))",
},
{
text: 'RULE_NAME',
text: 'ALERT_RULE_NAME',
href: `securitySolution/rules/id/${mockDetailName}?sourcerer=()&timerange=(global:(linkTo:!(timeline),timerange:(from:'2019-05-16T23:10:43.696Z',fromStr:now-24h,kind:relative,to:'2019-05-17T23:10:43.697Z',toStr:now)),timeline:(linkTo:!(global),timerange:(from:'2019-05-16T23:10:43.696Z',fromStr:now-24h,kind:relative,to:'2019-05-17T23:10:43.697Z',toStr:now)))`,
},
{

16
x-pack/plugins/security_solution/public/detections/components/alerts_table/default_config.tsx
View file

@ -8,10 +8,14 @@
import {
ALERT_DURATION,
ALERT_ID,
ALERT_PRODUCER,
ALERT_RULE_PRODUCER,
ALERT_START,
ALERT_STATUS,
ALERT_UUID,
ALERT_RULE_UUID,
ALERT_RULE_ID,
ALERT_RULE_NAME,
ALERT_RULE_CATEGORY,
} from '@kbn/rule-data-utils';
import { defaultColumnHeaderType } from '../../../timelines/components/timeline/body/column_headers/default_headers';
@ -185,11 +189,11 @@ export const requiredFieldMappingsForActionsRuleRegistry = {
'event.action': 'event.action',
'alert.status': ALERT_STATUS,
'alert.duration.us': ALERT_DURATION,
'rule.uuid': 'rule.uuid',
'rule.id': 'rule.id',
'rule.name': 'rule.name',
'rule.category': 'rule.category',
producer: ALERT_PRODUCER,
'rule.uuid': ALERT_RULE_UUID,
'rule.id': ALERT_RULE_ID,
'rule.name': ALERT_RULE_NAME,
'rule.category': ALERT_RULE_CATEGORY,
producer: ALERT_RULE_PRODUCER,
tags: 'tags',
};

16
x-pack/plugins/security_solution/server/lib/detection_engine/routes/index/__snapshots__/get_signals_template.test.ts.snap generated
View file

@ -1583,10 +1583,6 @@ Object {
"path": "signal.ancestors.type",
"type": "alias",
},
"kibana.alert.consumers": Object {
"type": "constant_keyword",
"value": "siem",
},
"kibana.alert.depth": Object {
"path": "signal.depth",
"type": "alias",
@ -1675,10 +1671,6 @@ Object {
"path": "signal.original_time",
"type": "alias",
},
"kibana.alert.producer": Object {
"type": "constant_keyword",
"value": "siem",
},
"kibana.alert.risk_score": Object {
"path": "signal.rule.risk_score",
"type": "alias",
@ -1691,6 +1683,10 @@ Object {
"path": "signal.rule.building_block_type",
"type": "alias",
},
"kibana.alert.rule.consumer": Object {
"type": "constant_keyword",
"value": "siem",
},
"kibana.alert.rule.created_at": Object {
"path": "signal.rule.created_at",
"type": "alias",
@ -1751,6 +1747,10 @@ Object {
"path": "signal.rule.note",
"type": "alias",
},
"kibana.alert.rule.producer": Object {
"type": "constant_keyword",
"value": "siem",
},
"kibana.alert.rule.query": Object {
"path": "signal.rule.query",
"type": "alias",

4
x-pack/plugins/security_solution/server/lib/detection_engine/routes/index/get_signals_template.test.ts
View file

@ -109,8 +109,8 @@ describe('get_signals_template', () => {
const constantKeywordsFound = recursiveConstantKeywordFound('', template);
expect(constantKeywordsFound).toEqual([
'template.mappings.properties.kibana.space_ids',
'template.mappings.properties.kibana.alert.consumers',
'template.mappings.properties.kibana.alert.producer',
'template.mappings.properties.kibana.alert.rule.consumer',
'template.mappings.properties.kibana.alert.rule.producer',
'template.mappings.properties.kibana.alert.rule.rule_type_id',
]);
});

8
x-pack/plugins/security_solution/server/lib/detection_engine/routes/index/get_signals_template.ts
View file

@ -7,8 +7,8 @@
import {
SPACE_IDS,
ALERT_CONSUMERS,
ALERT_PRODUCER,
ALERT_RULE_CONSUMER,
ALERT_RULE_PRODUCER,
ALERT_RULE_TYPE_ID,
} from '@kbn/rule-data-utils';
import signalsMapping from './signals_mapping.json';
@ -116,11 +116,11 @@ export const getRbacRequiredFields = (spaceId: string) => {
type: 'constant_keyword',
value: spaceId,
},
[ALERT_CONSUMERS]: {
[ALERT_RULE_CONSUMER]: {
type: 'constant_keyword',
value: 'siem',
},
[ALERT_PRODUCER]: {
[ALERT_RULE_PRODUCER]: {
type: 'constant_keyword',
value: 'siem',
},

3
x-pack/plugins/security_solution/server/lib/detection_engine/rule_execution_log/rule_registry_log_client/rule_execution_field_map.ts
View file

@ -18,9 +18,6 @@ import {
* @deprecated ruleExecutionFieldMap is kept here only as a reference. It will be superseded with EventLog implementation
*/
export const ruleExecutionFieldMap = {
// [ALERT_OWNER]: { type: 'keyword', required: true },
// [SPACE_IDS]: { type: 'keyword', array: true, required: true },
// [RULE_ID]: { type: 'keyword', required: true },
[MESSAGE]: { type: 'keyword' },
[EVENT_SEQUENCE]: { type: 'long' },
[EVENT_END]: { type: 'date' },

34
x-pack/plugins/security_solution/server/lib/detection_engine/rule_execution_log/rule_registry_log_client/rule_registry_log_client.ts
View file

@ -7,12 +7,13 @@
import { estypes } from '@elastic/elasticsearch';
import {
ALERT_OWNER,
ALERT_RULE_CONSUMER,
ALERT_RULE_TYPE_ID,
EVENT_ACTION,
EVENT_KIND,
RULE_ID,
SPACE_IDS,
TIMESTAMP,
ALERT_RULE_ID,
} from '@kbn/rule-data-utils';
import { once } from 'lodash/fp';
import moment from 'moment';
@ -95,7 +96,7 @@ export class RuleRegistryLogClient implements IRuleRegistryLogClient {
}
const filter: estypes.QueryDslQueryContainer[] = [
{ terms: { [RULE_ID]: ruleIds } },
{ terms: { [ALERT_RULE_ID]: ruleIds } },
{ terms: { [SPACE_IDS]: [spaceId] } },
];
@ -114,7 +115,7 @@ export class RuleRegistryLogClient implements IRuleRegistryLogClient {
aggs: {
rules: {
terms: {
field: RULE_ID,
field: ALERT_RULE_ID,
size: ruleIds.length,
},
aggs: {
@ -147,7 +148,10 @@ export class RuleRegistryLogClient implements IRuleRegistryLogClient {
bucket.key,
bucket.most_recent_logs.hits.hits.map<IRuleStatusSOAttributes>((event) => {
const logEntry = parseRuleExecutionLog(event._source);
invariant(logEntry['rule.id'], 'Malformed execution log entry: rule.id field not found');
invariant(
logEntry[ALERT_RULE_ID] ?? '',
'Malformed execution log entry: rule.id field not found'
);
const lastFailure = bucket.last_failure.event.hits.hits[0]
? parseRuleExecutionLog(bucket.last_failure.event.hits.hits[0]._source)
@ -179,7 +183,7 @@ export class RuleRegistryLogClient implements IRuleRegistryLogClient {
]
: undefined;
const alertId = logEntry['rule.id'];
const alertId = logEntry[ALERT_RULE_ID] ?? '';
const statusDate = logEntry[TIMESTAMP];
const lastFailureAt = lastFailure?.[TIMESTAMP];
const lastFailureMessage = lastFailure?.[MESSAGE];
@ -213,14 +217,6 @@ export class RuleRegistryLogClient implements IRuleRegistryLogClient {
);
}
// { [x: string]: string | string[] | ExecutionMetricValue<T>;
// [x: number]: string;
// "kibana.space_ids": string[];
// "event.action": T;
// "event.kind": string;
// "rule.id": string;
// "@timestamp": string; }
public async logExecutionMetric<T extends ExecutionMetric>({
ruleId,
namespace,
@ -234,9 +230,10 @@ export class RuleRegistryLogClient implements IRuleRegistryLogClient {
[EVENT_ACTION]: metric,
[EVENT_KIND]: 'metric',
[getMetricField(metric)]: value,
[RULE_ID]: ruleId,
[ALERT_RULE_ID]: ruleId ?? '',
[TIMESTAMP]: new Date().toISOString(),
[ALERT_OWNER]: 'siem',
[ALERT_RULE_CONSUMER]: SERVER_APP_ID,
[ALERT_RULE_TYPE_ID]: SERVER_APP_ID,
},
namespace
);
@ -256,11 +253,12 @@ export class RuleRegistryLogClient implements IRuleRegistryLogClient {
[EVENT_KIND]: 'event',
[EVENT_SEQUENCE]: this.sequence++,
[MESSAGE]: message,
[RULE_ID]: ruleId,
[ALERT_RULE_ID]: ruleId ?? '',
[RULE_STATUS_SEVERITY]: statusSeverityDict[newStatus],
[RULE_STATUS]: newStatus,
[TIMESTAMP]: new Date().toISOString(),
[ALERT_OWNER]: 'siem',
[ALERT_RULE_CONSUMER]: SERVER_APP_ID,
[ALERT_RULE_TYPE_ID]: SERVER_APP_ID,
},
namespace
);

6
x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/factories/utils/build_alert.test.ts
View file

@ -6,7 +6,7 @@
*/
import {
ALERT_OWNER,
ALERT_RULE_CONSUMER,
ALERT_RULE_NAMESPACE,
ALERT_STATUS,
ALERT_WORKFLOW_STATUS,
@ -58,7 +58,7 @@ describe('buildAlert', () => {
const expected = {
'@timestamp': timestamp,
[SPACE_IDS]: [SPACE_ID],
[ALERT_OWNER]: SERVER_APP_ID,
[ALERT_RULE_CONSUMER]: SERVER_APP_ID,
[ALERT_ANCESTORS]: [
{
id: 'd5e8eb51-a6a0-456d-8a15-4b79bfec3d71',
@ -127,7 +127,7 @@ describe('buildAlert', () => {
const expected = {
'@timestamp': timestamp,
[SPACE_IDS]: [SPACE_ID],
[ALERT_OWNER]: SERVER_APP_ID,
[ALERT_RULE_CONSUMER]: SERVER_APP_ID,
[ALERT_ANCESTORS]: [
{
id: 'd5e8eb51-a6a0-456d-8a15-4b79bfec3d71',

4
x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/factories/utils/build_alert.ts
View file

@ -6,7 +6,7 @@
*/
import {
ALERT_OWNER,
ALERT_RULE_CONSUMER,
ALERT_RULE_NAMESPACE,
ALERT_STATUS,
ALERT_WORKFLOW_STATUS,
@ -104,7 +104,7 @@ export const buildAlert = (
return ({
'@timestamp': new Date().toISOString(),
[ALERT_OWNER]: SERVER_APP_ID,
[ALERT_RULE_CONSUMER]: SERVER_APP_ID,
[SPACE_IDS]: spaceId != null ? [spaceId] : [],
[ALERT_ANCESTORS]: ancestors,
[ALERT_STATUS]: 'open',

19
x-pack/plugins/timelines/server/search_strategy/timeline/index.ts
View file

@ -5,12 +5,11 @@
* 2.0.
*/
import { ALERT_OWNER, RULE_ID, SPACE_IDS } from '@kbn/rule-data-utils';
import { ALERT_RULE_CONSUMER, ALERT_RULE_TYPE_ID, SPACE_IDS } from '@kbn/rule-data-utils';
import { map, mergeMap, catchError } from 'rxjs/operators';
import { from } from 'rxjs';
import {
// TODO: Undo comment in fix here https://github.com/elastic/kibana/pull/107857
// isValidFeatureId,
isValidFeatureId,
mapConsumerToIndexName,
AlertConsumers,
} from '@kbn/rule-data-utils/target/alerts_as_data_rbac';
@ -50,9 +49,7 @@ export const timelineSearchStrategyProvider = <T extends TimelineFactoryQueryTyp
search: (request, options, deps) => {
const factoryQueryType = request.factoryQueryType;
const entityType = request.entityType;
let alertConsumers = request.alertConsumers;
// TODO: Remove in fix here https://github.com/elastic/kibana/pull/107857
alertConsumers = undefined;
const alertConsumers = request.alertConsumers;
if (factoryQueryType == null) {
throw new Error('factoryQueryType is required');
@ -61,9 +58,7 @@ export const timelineSearchStrategyProvider = <T extends TimelineFactoryQueryTyp
const queryFactory: TimelineFactory<T> = timelineFactory[factoryQueryType];
if (alertConsumers != null && entityType != null && entityType === EntityType.ALERTS) {
// TODO: Thist won't be hit since alertConsumers = undefined
// TODO: remove in fix here https://github.com/elastic/kibana/pull/107857
const allFeatureIdsValid = null; // alertConsumers.every((id) => isValidFeatureId(id));
const allFeatureIdsValid = alertConsumers.every((id) => isValidFeatureId(id));
if (!allFeatureIdsValid) {
throw new Error('An invalid alerts consumer feature id was provided');
@ -134,7 +129,7 @@ const timelineAlertsSearchStrategy = <T extends TimelineFactoryQueryTypes>({
}) => {
// Based on what solution alerts you want to see, figures out what corresponding
// index to query (ex: siem --> .alerts-security.alerts)
const indices = alertConsumers.flatMap((consumer) => mapConsumerToIndexName[consumer]);
const indices = alertConsumers.flatMap((consumer) => `${mapConsumerToIndexName[consumer]}*`);
const requestWithAlertsIndices = { ...request, defaultIndex: indices, indexName: indices };
// Note: Alerts RBAC are built off of the alerting's authorization class, which
@ -145,8 +140,8 @@ const timelineAlertsSearchStrategy = <T extends TimelineFactoryQueryTypes>({
type: AlertingAuthorizationFilterType.ESDSL,
// Not passing in values, these are the paths for these fields
fieldNames: {
consumer: ALERT_OWNER,
ruleTypeId: RULE_ID,
consumer: ALERT_RULE_CONSUMER,
ruleTypeId: ALERT_RULE_TYPE_ID,
spaceIds: SPACE_IDS,
},
});

102
x-pack/test/apm_api_integration/tests/alerts/rule_registry.ts
View file

@ -9,15 +9,11 @@ import expect from '@kbn/expect';
import {
ALERT_DURATION,
ALERT_END,
ALERT_EVALUATION_THRESHOLD,
ALERT_EVALUATION_VALUE,
ALERT_ID,
ALERT_OWNER,
ALERT_PRODUCER,
ALERT_START,
ALERT_STATUS,
ALERT_UUID,
EVENT_KIND,
ALERT_RULE_UUID,
} from '@kbn/rule-data-utils';
import { merge, omit } from 'lodash';
import { format } from 'url';
@ -350,7 +346,7 @@ export default function ApiTest({ getService }: FtrProviderContext) {
any
>;
const exclude = ['@timestamp', ALERT_START, ALERT_UUID, 'rule.uuid'];
const exclude = ['@timestamp', ALERT_START, ALERT_UUID, ALERT_RULE_UUID];
const toCompare = omit(alertEvent, exclude);
@ -362,25 +358,34 @@ export default function ApiTest({ getService }: FtrProviderContext) {
"event.kind": Array [
"signal",
],
"${ALERT_DURATION}": Array [
"kibana.alert.duration.us": Array [
0,
],
"${ALERT_EVALUATION_THRESHOLD}": Array [
"kibana.alert.evaluation.threshold": Array [
30,
],
"${ALERT_EVALUATION_VALUE}": Array [
"kibana.alert.evaluation.value": Array [
50,
],
"${ALERT_ID}": Array [
"kibana.alert.id": Array [
"apm.transaction_error_rate_opbeans-go_request_ENVIRONMENT_NOT_DEFINED",
],
"${ALERT_OWNER}": Array [
"kibana.alert.rule.category": Array [
"Transaction error rate threshold",
],
"kibana.alert.rule.consumer": Array [
"apm",
],
"${ALERT_PRODUCER}": Array [
"kibana.alert.rule.name": Array [
"Transaction error rate threshold | opbeans-go",
],
"kibana.alert.rule.producer": Array [
"apm",
],
"${ALERT_STATUS}": Array [
"kibana.alert.rule.rule_type_id": Array [
"apm.transaction_error_rate",
],
"kibana.alert.status": Array [
"open",
],
"kibana.space_ids": Array [
@ -389,15 +394,6 @@ export default function ApiTest({ getService }: FtrProviderContext) {
"processor.event": Array [
"transaction",
],
"rule.category": Array [
"Transaction error rate threshold",
],
"rule.id": Array [
"apm.transaction_error_rate",
],
"rule.name": Array [
"Transaction error rate threshold | opbeans-go",
],
"service.name": Array [
"opbeans-go",
],
@ -438,25 +434,34 @@ export default function ApiTest({ getService }: FtrProviderContext) {
"event.kind": Array [
"signal",
],
"${ALERT_DURATION}": Array [
"kibana.alert.duration.us": Array [
0,
],
"${ALERT_EVALUATION_THRESHOLD}": Array [
"kibana.alert.evaluation.threshold": Array [
30,
],
"${ALERT_EVALUATION_VALUE}": Array [
"kibana.alert.evaluation.value": Array [
50,
],
"${ALERT_ID}": Array [
"kibana.alert.id": Array [
"apm.transaction_error_rate_opbeans-go_request_ENVIRONMENT_NOT_DEFINED",
],
"${ALERT_OWNER}": Array [
"kibana.alert.rule.category": Array [
"Transaction error rate threshold",
],
"kibana.alert.rule.consumer": Array [
"apm",
],
"${ALERT_PRODUCER}": Array [
"kibana.alert.rule.name": Array [
"Transaction error rate threshold | opbeans-go",
],
"kibana.alert.rule.producer": Array [
"apm",
],
"${ALERT_STATUS}": Array [
"kibana.alert.rule.rule_type_id": Array [
"apm.transaction_error_rate",
],
"kibana.alert.status": Array [
"open",
],
"kibana.space_ids": Array [
@ -465,15 +470,6 @@ export default function ApiTest({ getService }: FtrProviderContext) {
"processor.event": Array [
"transaction",
],
"rule.category": Array [
"Transaction error rate threshold",
],
"rule.id": Array [
"apm.transaction_error_rate",
],
"rule.name": Array [
"Transaction error rate threshold | opbeans-go",
],
"service.name": Array [
"opbeans-go",
],
@ -545,22 +541,31 @@ export default function ApiTest({ getService }: FtrProviderContext) {
"event.kind": Array [
"signal",
],
"${ALERT_EVALUATION_THRESHOLD}": Array [
"kibana.alert.evaluation.threshold": Array [
30,
],
"${ALERT_EVALUATION_VALUE}": Array [
"kibana.alert.evaluation.value": Array [
50,
],
"${ALERT_ID}": Array [
"kibana.alert.id": Array [
"apm.transaction_error_rate_opbeans-go_request_ENVIRONMENT_NOT_DEFINED",
],
"${ALERT_OWNER}": Array [
"kibana.alert.rule.category": Array [
"Transaction error rate threshold",
],
"kibana.alert.rule.consumer": Array [
"apm",
],
"${ALERT_PRODUCER}": Array [
"kibana.alert.rule.name": Array [
"Transaction error rate threshold | opbeans-go",
],
"kibana.alert.rule.producer": Array [
"apm",
],
"${ALERT_STATUS}": Array [
"kibana.alert.rule.rule_type_id": Array [
"apm.transaction_error_rate",
],
"kibana.alert.status": Array [
"closed",
],
"kibana.space_ids": Array [
@ -569,15 +574,6 @@ export default function ApiTest({ getService }: FtrProviderContext) {
"processor.event": Array [
"transaction",
],
"rule.category": Array [
"Transaction error rate threshold",
],
"rule.id": Array [
"apm.transaction_error_rate",
],
"rule.name": Array [
"Transaction error rate threshold | opbeans-go",
],
"service.name": Array [
"opbeans-go",
],

28
x-pack/test/functional/es_archives/rule_registry/alerts/data.json
View file

@ -6,9 +6,9 @@
"source": {
"event.kind" : "signal",
"@timestamp": "2020-12-16T15:16:18.570Z",
"rule.id": "apm.error_rate",
"kibana.alert.rule.rule_type_id": "apm.error_rate",
"message": "hello world 1",
"kibana.alert.owner": "apm",
"kibana.alert.rule.consumer": "apm",
"kibana.alert.status": "open",
"kibana.space_ids": ["space1", "space2"]
}
@ -23,9 +23,9 @@
"source": {
"event.kind" : "signal",
"@timestamp": "2020-12-16T15:16:18.570Z",
"rule.id": "apm.error_rate",
"kibana.alert.rule.rule_type_id": "apm.error_rate",
"message": "hello world 1",
"kibana.alert.owner": "apm",
"kibana.alert.rule.consumer": "apm",
"kibana.alert.status": "open",
"kibana.space_ids": ["space1"]
}
@ -40,9 +40,9 @@
"source": {
"event.kind" : "signal",
"@timestamp": "2020-12-16T15:16:18.570Z",
"rule.id": "apm.error_rate",
"kibana.alert.rule.rule_type_id": "apm.error_rate",
"message": "hello world 1",
"kibana.alert.owner": "apm",
"kibana.alert.rule.consumer": "apm",
"kibana.alert.status": "open",
"kibana.space_ids": ["space2"]
}
@ -57,9 +57,9 @@
"source": {
"event.kind" : "signal",
"@timestamp": "2020-12-16T15:16:18.570Z",
"rule.id": "siem.signals",
"kibana.alert.rule.rule_type_id": "siem.signals",
"message": "hello world security",
"kibana.alert.owner": "siem",
"kibana.alert.rule.consumer": "siem",
"kibana.alert.status": "open",
"kibana.space_ids": ["space1", "space2"]
}
@ -74,9 +74,9 @@
"source": {
"event.kind" : "signal",
"@timestamp": "2020-12-16T15:16:18.570Z",
"rule.id": "siem.customRule",
"kibana.alert.rule.rule_type_id": "siem.customRule",
"message": "hello world security",
"kibana.alert.owner": "siem",
"kibana.alert.rule.consumer": "siem",
"kibana.alert.status": "open",
"kibana.space_ids": ["space1", "space2"]
}
@ -90,9 +90,9 @@
"id": "space1securityalert",
"source": {
"@timestamp": "2020-12-16T15:16:18.570Z",
"rule.id": "siem.signals",
"kibana.alert.rule.rule_type_id": "siem.signals",
"message": "hello world security",
"kibana.alert.owner": "siem",
"kibana.alert.rule.consumer": "siem",
"kibana.alert.status": "open",
"kibana.space_ids": ["space1"]
}
@ -106,9 +106,9 @@
"id": "space2securityalert",
"source": {
"@timestamp": "2020-12-16T15:16:18.570Z",
"rule.id": "siem.signals",
"kibana.alert.rule.rule_type_id": "siem.signals",
"message": "hello world security",
"kibana.alert.owner": "siem",
"kibana.alert.rule.consumer": "siem",
"kibana.alert.status": "open",
"kibana.space_ids": ["space2"]
}

4
x-pack/test/functional/es_archives/rule_registry/alerts/mappings.json
View file

@ -13,7 +13,7 @@
}
}
},
"kibana.alert.owner": {
"kibana.alert.rule.consumer": {
"type": "keyword",
"ignore_above": 256
}
@ -37,7 +37,7 @@
}
}
},
"kibana.alert.owner": {
"kibana.alert.rule.consumer": {
"type": "keyword",
"ignore_above": 256
}

4
x-pack/test/plugin_functional/plugins/timelines_test/public/applications/timelines_test/index.tsx
View file

@ -38,7 +38,7 @@ export function renderApp(
ReactDOM.unmountComponentAtNode(parameters.element);
};
}
const ALERT_CONSUMER = [AlertConsumers.SIEM];
const ALERT_RULE_CONSUMER = [AlertConsumers.SIEM];
const AppRoot = React.memo(
({
@ -63,7 +63,7 @@ const AppRoot = React.memo(
{(timelinesPluginSetup &&
timelinesPluginSetup.getTGrid &&
timelinesPluginSetup.getTGrid<'standalone'>({
alertConsumers: ALERT_CONSUMER,
alertConsumers: ALERT_RULE_CONSUMER,
type: 'standalone',
columns: [],
indexNames: [],

10
x-pack/test/timeline/security_and_spaces/tests/basic/events.ts
View file

@ -7,7 +7,7 @@
import { JsonObject } from '@kbn/utility-types';
import expect from '@kbn/expect';
import { ALERT_ID, ALERT_OWNER } from '@kbn/rule-data-utils';
import { ALERT_ID, ALERT_RULE_CONSUMER } from '@kbn/rule-data-utils';
import { User } from '../../../../rule_registry/common/lib/authentication/types';
import { TimelineEdges, TimelineNonEcsData } from '../../../../../plugins/timelines/common/';
@ -74,7 +74,7 @@ export default ({ getService }: FtrProviderContext) => {
field: '@timestamp',
},
{
field: ALERT_OWNER,
field: ALERT_RULE_CONSUMER,
},
{
field: ALERT_ID,
@ -84,7 +84,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
factoryQueryType: TimelineEventsQueries.all,
fieldRequested: ['@timestamp', 'message', ALERT_OWNER, ALERT_ID, 'event.kind'],
fieldRequested: ['@timestamp', 'message', ALERT_RULE_CONSUMER, ALERT_ID, 'event.kind'],
fields: [],
filterQuery: {
bool: {
@ -149,7 +149,9 @@ export default ({ getService }: FtrProviderContext) => {
timeline.edges.every((hit: TimelineEdges) => {
const data: TimelineNonEcsData[] = hit.node.data;
return data.some(({ field, value }) => {
return field === ALERT_OWNER && featureIds.includes((value && value[0]) ?? '');
return (
field === ALERT_RULE_CONSUMER && featureIds.includes((value && value[0]) ?? '')
);
});
})
).to.equal(true);

10
x-pack/test/timeline/security_and_spaces/tests/trial/events.ts
View file

@ -7,7 +7,7 @@
import { JsonObject } from '@kbn/utility-types';
import expect from '@kbn/expect';
import { ALERT_ID, ALERT_OWNER } from '@kbn/rule-data-utils';
import { ALERT_ID, ALERT_RULE_CONSUMER } from '@kbn/rule-data-utils';
import { User } from '../../../../rule_registry/common/lib/authentication/types';
import { TimelineEdges, TimelineNonEcsData } from '../../../../../plugins/timelines/common/';
@ -57,7 +57,7 @@ export default ({ getService }: FtrProviderContext) => {
field: '@timestamp',
},
{
field: ALERT_OWNER,
field: ALERT_RULE_CONSUMER,
},
{
field: ALERT_ID,
@ -67,7 +67,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
factoryQueryType: TimelineEventsQueries.all,
fieldRequested: ['@timestamp', 'message', ALERT_OWNER, ALERT_ID, 'event.kind'],
fieldRequested: ['@timestamp', 'message', ALERT_RULE_CONSUMER, ALERT_ID, 'event.kind'],
fields: [],
filterQuery: {
bool: {
@ -131,7 +131,9 @@ export default ({ getService }: FtrProviderContext) => {
timeline.edges.every((hit: TimelineEdges) => {
const data: TimelineNonEcsData[] = hit.node.data;
return data.some(({ field, value }) => {
return field === ALERT_OWNER && featureIds.includes((value && value[0]) ?? '');
return (
field === ALERT_RULE_CONSUMER && featureIds.includes((value && value[0]) ?? '')
);
});
})
).to.equal(true);

6
x-pack/test/timeline/security_only/tests/basic/events.ts
View file

@ -6,7 +6,7 @@
*/
import { JsonObject } from '@kbn/utility-types';
import { ALERT_ID, ALERT_OWNER } from '@kbn/rule-data-utils';
import { ALERT_ID, ALERT_RULE_CONSUMER } from '@kbn/rule-data-utils';
import { getSpaceUrlPrefix } from '../../../../rule_registry/common/lib/authentication/spaces';
@ -40,7 +40,7 @@ export default ({ getService }: FtrProviderContext) => {
field: '@timestamp',
},
{
field: ALERT_OWNER,
field: ALERT_RULE_CONSUMER,
},
{
field: ALERT_ID,
@ -50,7 +50,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
factoryQueryType: TimelineEventsQueries.all,
fieldRequested: ['@timestamp', 'message', ALERT_OWNER, ALERT_ID, 'event.kind'],
fieldRequested: ['@timestamp', 'message', ALERT_RULE_CONSUMER, ALERT_ID, 'event.kind'],
fields: [],
filterQuery: {
bool: {

6
x-pack/test/timeline/security_only/tests/trial/events.ts
View file

@ -6,7 +6,7 @@
*/
import { JsonObject } from '@kbn/utility-types';
import { ALERT_ID, ALERT_OWNER } from '@kbn/rule-data-utils';
import { ALERT_ID, ALERT_RULE_CONSUMER } from '@kbn/rule-data-utils';
import { getSpaceUrlPrefix } from '../../../../rule_registry/common/lib/authentication/spaces';
@ -40,7 +40,7 @@ export default ({ getService }: FtrProviderContext) => {
field: '@timestamp',
},
{
field: ALERT_OWNER,
field: ALERT_RULE_CONSUMER,
},
{
field: ALERT_ID,
@ -50,7 +50,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
factoryQueryType: TimelineEventsQueries.all,
fieldRequested: ['@timestamp', 'message', ALERT_OWNER, ALERT_ID, 'event.kind'],
fieldRequested: ['@timestamp', 'message', ALERT_RULE_CONSUMER, ALERT_ID, 'event.kind'],
fields: [],
filterQuery: {
bool: {

6
x-pack/test/timeline/spaces_only/tests/events.ts
View file

@ -7,7 +7,7 @@
import { JsonObject } from '@kbn/utility-types';
import expect from '@kbn/expect';
import { ALERT_ID, ALERT_OWNER } from '@kbn/rule-data-utils';
import { ALERT_ID, ALERT_RULE_CONSUMER } from '@kbn/rule-data-utils';
import { FtrProviderContext } from '../../../rule_registry/common/ftr_provider_context';
import { getSpaceUrlPrefix } from '../../../rule_registry/common/lib/authentication/spaces';
@ -35,7 +35,7 @@ export default ({ getService }: FtrProviderContext) => {
field: '@timestamp',
},
{
field: ALERT_OWNER,
field: ALERT_RULE_CONSUMER,
},
{
field: ALERT_ID,
@ -45,7 +45,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
factoryQueryType: TimelineEventsQueries.all,
fieldRequested: ['@timestamp', 'message', ALERT_OWNER, ALERT_ID, 'event.kind'],
fieldRequested: ['@timestamp', 'message', ALERT_RULE_CONSUMER, ALERT_ID, 'event.kind'],
fields: [],
filterQuery: {
bool: {