github-mirrors/kibana
1
0
Fork 0
mirror of https://github.com/elastic/kibana.git synced 2025-06-27 18:51:07 -04:00
Code Issues Projects Releases Packages Wiki Activity

[securitySolutions] resolve most @kbn/imports/no_boundary_crossing violations (#137694)

Browse source
This commit is contained in:
Spencer 2022-08-10 16:34:10 -05:00 committed by GitHub
parent 026fd81c79
commit e49c8645e8
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
37 changed files with 1804 additions and 1723 deletions
Download patch file Download diff file Expand all files Collapse all files

2
x-pack/plugins/security_solution/common/endpoint/service/authz/index.ts
View file

@ -6,5 +6,3 @@
*/
export { getEndpointAuthzInitialState, calculateEndpointAuthz } from './authz';
// eslint-disable-next-line @kbn/imports/no_boundary_crossing
export { getEndpointAuthzInitialStateMock } from './mocks';

57
x-pack/plugins/security_solution/public/common/demo_data/endgame_ecs/creation.ts Normal file
View file

@ -0,0 +1,57 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/
import type { Ecs } from '../../../../common/ecs';
export const demoEndgameCreationEvent: Ecs = {
_id: 'BcjPcG0BOpWiDweSou3g',
user: {
id: ['S-1-5-21-3573271228-3407584681-1597858646-1002'],
domain: ['Anvi-Acer'],
name: ['Arun'],
},
host: {
os: {
platform: ['windows'],
name: ['Windows'],
version: ['6.1'],
},
ip: ['10.178.85.222'],
name: ['HD-obe-8bf77f54'],
},
event: {
module: ['endgame'],
dataset: ['esensor'],
action: ['creation_event'],
category: ['process'],
type: ['process_start'],
kind: ['event'],
},
timestamp: '1569555712000',
process: {
hash: {
md5: ['62d06d7235b37895b68de56687895743'],
sha1: ['12563599116157778a22600d2a163d8112aed845'],
sha256: ['d4c97ed46046893141652e2ec0056a698f6445109949d7fcabbce331146889ee'],
},
pid: [441684],
ppid: [8],
name: ['Microsoft.Photos.exe'],
executable: [
'C:\\Program Files\\WindowsApps\\Microsoft.Windows.Photos_2018.18091.17210.0_x64__8wekyb3d8bbwe\\Microsoft.Photos.exe',
],
args: [
'C:\\Program Files\\WindowsApps\\Microsoft.Windows.Photos_2018.18091.17210.0_x64__8wekyb3d8bbwe\\Microsoft.Photos.exe',
'-ServerName:App.AppXzst44mncqdg84v7sv6p7yznqwssy6f7f.mca',
],
},
endgame: {
process_name: ['Microsoft.Photos.exe'],
pid: [441684],
parent_process_name: ['svchost.exe'],
},
};

59
x-pack/plugins/security_solution/public/common/demo_data/endgame_ecs/dns.ts Normal file
View file

@ -0,0 +1,59 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/
import type { Ecs } from '../../../../common/ecs';
export const demoEndgameDnsRequest: Ecs = {
_id: 'S8jPcG0BOpWiDweSou3g',
user: {
id: ['S-1-5-18'],
domain: ['NT AUTHORITY'],
name: ['SYSTEM'],
},
host: {
os: {
platform: ['windows'],
name: ['Windows'],
version: ['6.1'],
},
ip: ['10.178.85.222'],
name: ['HD-obe-8bf77f54'],
},
event: {
module: ['endgame'],
dataset: ['esensor'],
action: ['request_event'],
category: ['network'],
kind: ['event'],
},
message: [
'DNS query is completed for the name %1, type %2, query options %3 with status %4 Results %5 ',
],
timestamp: '1569555712000',
dns: {
question: {
name: ['update.googleapis.com'],
type: ['A'],
},
resolved_ip: ['10.100.197.67'],
},
network: {
protocol: ['dns'],
},
process: {
pid: [443192],
name: ['GoogleUpdate.exe'],
executable: ['C:\\Program Files (x86)\\Google\\Update\\GoogleUpdate.exe'],
},
winlog: {
event_id: [3008],
},
endgame: {
process_name: ['GoogleUpdate.exe'],
pid: [443192],
},
};

73
x-pack/plugins/security_solution/public/common/demo_data/endgame_ecs/file_events.ts Normal file
View file

@ -0,0 +1,73 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/
import type { Ecs } from '../../../../common/ecs';
export const demoEndgameFileCreateEvent: Ecs = {
_id: '98jPcG0BOpWiDweSouzg',
user: {
id: ['S-1-5-21-3573271228-3407584681-1597858646-1002'],
domain: ['Anvi-Acer'],
name: ['Arun'],
},
host: {
os: {
platform: ['windows'],
name: ['Windows'],
version: ['6.1'],
},
ip: ['10.178.85.222'],
name: ['HD-obe-8bf77f54'],
},
event: {
module: ['endgame'],
dataset: ['esensor'],
action: ['file_create_event'],
category: ['file'],
kind: ['event'],
},
timestamp: '1569555712000',
endgame: {
process_name: ['chrome.exe'],
pid: [11620],
file_path: [
'C:\\Users\\Arun\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\63d78c21-e593-4484-b7a9-db33cd522ddc.tmp',
],
},
};
export const demoEndgameFileDeleteEvent: Ecs = {
_id: 'OMjPcG0BOpWiDweSeuW9',
user: {
id: ['S-1-5-18'],
domain: ['NT AUTHORITY'],
name: ['SYSTEM'],
},
host: {
os: {
platform: ['windows'],
name: ['Windows'],
version: ['10.0'],
},
ip: ['10.134.159.150'],
name: ['HD-v1s-d2118419'],
},
event: {
module: ['endgame'],
dataset: ['esensor'],
action: ['file_delete_event'],
category: ['file'],
kind: ['event'],
},
timestamp: '1569555704000',
endgame: {
pid: [1084],
file_name: ['tmp000002f6'],
file_path: ['C:\\Windows\\TEMP\\tmp00000404\\tmp000002f6'],
process_name: ['AmSvc.exe'],
},
};

54
x-pack/plugins/security_solution/public/common/demo_data/endgame_ecs/ipv4.ts Normal file
View file

@ -0,0 +1,54 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/
import type { Ecs } from '../../../../common/ecs';
export const demoEndgameIpv4ConnectionAcceptEvent: Ecs = {
_id: 'LsjPcG0BOpWiDweSCNfu',
user: {
id: ['S-1-5-18'],
domain: ['NT AUTHORITY'],
name: ['SYSTEM'],
},
host: {
os: {
platform: ['windows'],
name: ['Windows'],
version: ['10.0'],
},
ip: ['10.43.255.177'],
name: ['HD-gqf-0af7b4fe'],
},
event: {
module: ['endgame'],
dataset: ['esensor'],
action: ['ipv4_connection_accept_event'],
category: ['network'],
kind: ['event'],
},
timestamp: '1569555676000',
network: {
community_id: ['1:network-community_id'],
transport: ['tcp'],
},
process: {
pid: [1084],
name: ['AmSvc.exe'],
executable: ['C:\\Program Files\\Cybereason ActiveProbe\\AmSvc.exe'],
},
source: {
ip: ['127.0.0.1'],
port: [49306],
},
destination: {
port: [49305],
ip: ['127.0.0.1'],
},
endgame: {
pid: [1084],
},
};

50
x-pack/plugins/security_solution/public/common/demo_data/endgame_ecs/termination.ts Normal file
View file

@ -0,0 +1,50 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/
import type { Ecs } from '../../../../common/ecs';
export const demoEndgameTerminationEvent: Ecs = {
_id: '2MjPcG0BOpWiDweSoutC',
user: {
id: ['S-1-5-21-3573271228-3407584681-1597858646-1002'],
domain: ['Anvi-Acer'],
name: ['Arun'],
},
host: {
os: {
platform: ['windows'],
name: ['Windows'],
version: ['6.1'],
},
ip: ['10.178.85.222'],
name: ['HD-obe-8bf77f54'],
},
event: {
module: ['endgame'],
dataset: ['esensor'],
action: ['termination_event'],
category: ['process'],
kind: ['event'],
},
timestamp: '1569555712000',
process: {
hash: {
md5: ['bd4401441a21bf1abce6404f4231db4d'],
sha1: ['797255e72d5ed5c058d4785950eba7abaa057653'],
sha256: ['87976f3430cc99bc939e0694247c0759961a49832b87218f4313d6fc0bc3a776'],
},
pid: [442384],
ppid: [8],
name: ['RuntimeBroker.exe'],
executable: ['C:\\Windows\\System32\\RuntimeBroker.exe'],
},
endgame: {
pid: [442384],
process_name: ['RuntimeBroker.exe'],
exit_code: [0],
},
};

56
x-pack/plugins/security_solution/public/common/demo_data/endgame_ecs/user_logon.ts Normal file
View file

@ -0,0 +1,56 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/
import type { Ecs } from '../../../../common/ecs';
export const demoEndgameUserLogon: Ecs = {
_id: 'QsjPcG0BOpWiDweSeuRE',
user: {
id: ['S-1-5-18'],
domain: ['NT AUTHORITY'],
name: ['SYSTEM'],
},
host: {
os: {
platform: ['windows'],
name: ['Windows'],
version: ['10.0'],
},
ip: ['10.134.159.150'],
name: ['HD-v1s-d2118419'],
},
event: {
module: ['endgame'],
dataset: ['esensor'],
action: ['user_logon'],
category: ['authentication'],
type: ['authentication_success'],
kind: ['event'],
},
message: [
'An account was successfully logged on.\r\n\r\nSubject:\r\n\tSecurity ID:\t\tS-1-5-18\r\n\tAccount Name:\t\tWIN-Q3DOP1UKA81$\r\n\tAccount Domain:\t\tWORKGROUP\r\n\tLogon ID:\t\t0x3e7\r\n\r\nLogon Type:\t\t\t5\r\n\r\nNew Logon:\r\n\tSecurity ID:\t\tS-1-5-18\r\n\tAccount Name:\t\tSYSTEM\r\n\tAccount Domain:\t\tNT AUTHORITY\r\n\tLogon ID:\t\t0x3e7\r\n\tLogon GUID:\t\t{00000000-0000-0000-0000-000000000000}\r\n\r\nProcess Information:\r\n\tProcess ID:\t\t0x1b0\r\n\tProcess Name:\t\tC:\\Windows\\System32\\services.exe\r\n\r\nNetwork Information:\r\n\tWorkstation Name:\t\r\n\tSource Network Address:\t-\r\n\tSource Port:\t\t-\r\n\r\nDetailed Authentication Information:\r\n\tLogon Process:\t\tAdvapi \r\n\tAuthentication Package:\tNegotiate\r\n\tTransited Services:\t-\r\n\tPackage Name (NTLM only):\t-\r\n\tKey Length:\t\t0\r\n\r\nThis event is generated when a logon session is created. It is generated on the computer that was accessed.\r\n\r\nThe subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.\r\n\r\nThe logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).\r\n\r\nThe New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.\r\n\r\nThe network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.\r\n\r\nThe authentication information fields provide detailed information about this specific logon request.\r\n\t- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.\r\n\t- Transited services indicate which intermediate services have participated in this logon request.\r\n\t- Package name indicates which sub-protocol was used among the NTLM protocols.\r\n\t- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.',
],
timestamp: '1569555704000',
process: {
pid: [432],
name: ['C:\\Windows\\System32\\services.exe'],
executable: ['C:\\Windows\\System32\\services.exe'],
},
winlog: {
event_id: [4624],
},
endgame: {
target_logon_id: ['0x3e7'],
pid: [432],
process_name: ['C:\\Windows\\System32\\services.exe'],
logon_type: [5],
subject_user_name: ['WIN-Q3DOP1UKA81$'],
subject_logon_id: ['0x3e7'],
target_user_name: ['SYSTEM'],
target_domain_name: ['NT AUTHORITY'],
},
};

63
x-pack/plugins/security_solution/public/common/demo_data/endpoint/library_load_event.ts Normal file
View file

@ -0,0 +1,63 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/
import type { Ecs } from '../../../../common/ecs';
export const demoEndpointLibraryLoadEvent: Ecs = {
file: {
path: ['C:\\Windows\\System32\\bcrypt.dll'],
hash: {
md5: ['00439016776de367bad087d739a03797'],
sha1: ['2c4ba5c1482987d50a182bad915f52cd6611ee63'],
sha256: ['e70f5d8f87aab14e3160227d38387889befbe37fa4f8f5adc59eff52804b35fd'],
},
name: ['bcrypt.dll'],
},
host: {
os: {
full: ['Windows Server 2019 Datacenter 1809 (10.0.17763.1697)'],
name: ['Windows'],
version: ['1809 (10.0.17763.1697)'],
family: ['windows'],
kernel: ['1809 (10.0.17763.1697)'],
platform: ['windows'],
},
mac: ['aa:bb:cc:dd:ee:ff'],
name: ['win2019-endpoint-1'],
architecture: ['x86_64'],
ip: ['10.1.2.3'],
id: ['d8ad572e-d224-4044-a57d-f5a84c0dfe5d'],
},
event: {
category: ['library'],
kind: ['event'],
created: ['2021-02-05T21:27:23.921Z'],
module: ['endpoint'],
action: ['load'],
type: ['start'],
id: ['LzzWB9jjGmCwGMvk++++Da5H'],
dataset: ['endpoint.events.library'],
},
process: {
name: ['sshd.exe'],
pid: [9644],
entity_id: [
'MWQxNWNmOWUtM2RjNy01Yjk3LWY1ODYtNzQzZjdjMjUxOGIyLTk2NDQtMTMyNTcwMzQwNDEuNzgyMTczODAw',
],
executable: ['C:\\Program Files\\OpenSSH-Win64\\sshd.exe'],
},
agent: {
type: ['endpoint'],
},
user: {
name: ['SYSTEM'],
domain: ['NT AUTHORITY'],
},
message: ['Endpoint DLL load event'],
timestamp: '2021-02-05T21:27:23.921Z',
_id: 'IAUYdHcBGrBB52F2zo8Q',
};

80
x-pack/plugins/security_solution/public/common/demo_data/endpoint/process_execution_malware_prevention_alert.ts Normal file
View file

@ -0,0 +1,80 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/
import type { Ecs } from '../../../../common/ecs';
export const demoEndpointProcessExecutionMalwarePreventionAlert: Ecs = {
process: {
hash: {
md5: ['177afc1eb0be88eb9983fb74111260c4'],
sha256: ['3be13acde2f4dcded4fd8d518a513bfc9882407a6e384ffb17d12710db7d76fb'],
sha1: ['f573b85e9beb32121f1949217947b2adc6749e3d'],
},
entity_id: [
'MWQxNWNmOWUtM2RjNy01Yjk3LWY1ODYtNzQzZjdjMjUxOGIyLTY5MjAtMTMyNDg5OTk2OTAuNDgzMzA3NzAw',
],
executable: [
'C:\\Users\\sean\\Downloads\\3be13acde2f4dcded4fd8d518a513bfc9882407a6e384ffb17d12710db7d76fb.exe',
],
name: [
'C:\\Users\\sean\\Downloads\\3be13acde2f4dcded4fd8d518a513bfc9882407a6e384ffb17d12710db7d76fb.exe',
],
pid: [6920],
args: [
'C:\\Users\\sean\\Downloads\\3be13acde2f4dcded4fd8d518a513bfc9882407a6e384ffb17d12710db7d76fb.exe',
],
},
host: {
os: {
full: ['Windows Server 2019 Datacenter 1809 (10.0.17763.1518)'],
name: ['Windows'],
version: ['1809 (10.0.17763.1518)'],
platform: ['windows'],
family: ['windows'],
kernel: ['1809 (10.0.17763.1518)'],
},
mac: ['aa:bb:cc:dd:ee:ff'],
architecture: ['x86_64'],
ip: ['10.1.2.3'],
id: ['d8ad572e-d224-4044-a57d-f5a84c0dfe5d'],
name: ['win2019-endpoint-1'],
},
file: {
mtime: ['2020-11-04T21:40:51.494Z'],
path: [
'C:\\Users\\sean\\Downloads\\3be13acde2f4dcded4fd8d518a513bfc9882407a6e384ffb17d12710db7d76fb.exe',
],
owner: ['sean'],
hash: {
md5: ['177afc1eb0be88eb9983fb74111260c4'],
sha256: ['3be13acde2f4dcded4fd8d518a513bfc9882407a6e384ffb17d12710db7d76fb'],
sha1: ['f573b85e9beb32121f1949217947b2adc6749e3d'],
},
name: ['3be13acde2f4dcded4fd8d518a513bfc9882407a6e384ffb17d12710db7d76fb.exe'],
extension: ['exe'],
size: [1604112],
},
event: {
category: ['malware', 'intrusion_detection', 'process'],
outcome: ['success'],
severity: [73],
code: ['malicious_file'],
action: ['execution'],
id: ['LsuMZVr+sdhvehVM++++Gp2Y'],
kind: ['alert'],
created: ['2020-11-04T21:41:30.533Z'],
module: ['endpoint'],
type: ['info', 'start', 'denied'],
dataset: ['endpoint.alerts'],
},
agent: {
type: ['endpoint'],
},
timestamp: '2020-11-04T21:41:30.533Z',
message: ['Malware Prevention Alert'],
_id: '0dA2lXUBn9bLIbfPkY7d',
};

64
x-pack/plugins/security_solution/public/common/demo_data/endpoint/registry_modification_event.ts Normal file
View file

@ -0,0 +1,64 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/
import type { Ecs } from '../../../../common/ecs';
export const demoEndpointRegistryModificationEvent: Ecs = {
host: {
os: {
full: ['Windows Server 2019 Datacenter 1809 (10.0.17763.1697)'],
name: ['Windows'],
version: ['1809 (10.0.17763.1697)'],
family: ['windows'],
kernel: ['1809 (10.0.17763.1697)'],
platform: ['windows'],
},
mac: ['aa:bb:cc:dd:ee:ff'],
name: ['win2019-endpoint-1'],
architecture: ['x86_64'],
ip: ['10.1.2.3'],
id: ['d8ad572e-d224-4044-a57d-f5a84c0dfe5d'],
},
event: {
category: ['registry'],
kind: ['event'],
created: ['2021-02-04T13:44:31.559Z'],
module: ['endpoint'],
action: ['modification'],
type: ['change'],
id: ['LzzWB9jjGmCwGMvk++++CbOn'],
dataset: ['endpoint.events.registry'],
},
process: {
name: ['GoogleUpdate.exe'],
pid: [7408],
entity_id: [
'MWQxNWNmOWUtM2RjNy01Yjk3LWY1ODYtNzQzZjdjMjUxOGIyLTc0MDgtMTMyNTY5MTk4NDguODY4NTI0ODAw',
],
executable: ['C:\\Program Files (x86)\\Google\\Update\\GoogleUpdate.exe'],
},
registry: {
hive: ['HKLM'],
key: [
'SOFTWARE\\WOW6432Node\\Google\\Update\\ClientState\\{430FD4D0-B729-4F61-AA34-91526481799D}\\CurrentState',
],
path: [
'HKLM\\SOFTWARE\\WOW6432Node\\Google\\Update\\ClientState\\{430FD4D0-B729-4F61-AA34-91526481799D}\\CurrentState\\StateValue',
],
value: ['StateValue'],
},
agent: {
type: ['endpoint'],
},
user: {
name: ['SYSTEM'],
domain: ['NT AUTHORITY'],
},
message: ['Endpoint registry event'],
timestamp: '2021-02-04T13:44:31.559Z',
_id: '4cxLbXcBGrBB52F2uOfF',
};

79
x-pack/plugins/security_solution/public/common/demo_data/netflow.ts Normal file
View file

@ -0,0 +1,79 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/
import { ONE_MILLISECOND_AS_NANOSECONDS } from '../../timelines/components/formatted_duration/helpers';
import type { Ecs } from '../../../common/ecs';
/** Returns mock data for testing the Netflow component */
export const getDemoNetflowData = (): Ecs => ({
destination: {
bytes: [40],
geo: {
city_name: ['New York'],
continent_name: ['North America'],
country_iso_code: ['US'],
country_name: ['United States'],
region_name: ['New York'],
},
ip: ['10.1.2.3'],
packets: [1],
port: [80],
},
event: {
action: ['network_flow'],
category: ['network_traffic'],
duration: [ONE_MILLISECOND_AS_NANOSECONDS],
end: ['2018-11-12T19:03:25.936Z'],
start: ['2018-11-12T19:03:25.836Z'],
},
_id: 'abcd',
network: {
bytes: [100],
community_id: ['we.live.in.a'],
direction: ['outgoing'],
packets: [3],
protocol: ['http'],
transport: ['tcp'],
},
process: {
name: ['rat'],
},
source: {
bytes: [60],
geo: {
city_name: ['Atlanta'],
continent_name: ['North America'],
country_iso_code: ['US'],
country_name: ['United States'],
region_name: ['Georgia'],
},
ip: ['192.168.1.2'],
packets: [2],
port: [9987],
},
timestamp: '2018-11-12T19:03:25.936Z',
tls: {
client_certificate: {
fingerprint: {
sha1: ['tls.client_certificate.fingerprint.sha1-value'],
},
},
fingerprints: {
ja3: {
hash: ['tls.fingerprints.ja3.hash-value'],
},
},
server_certificate: {
fingerprint: {
sha1: ['tls.server_certificate.fingerprint.sha1-value'],
},
},
},
user: {
name: ['first.last'],
},
});

1117
x-pack/plugins/security_solution/public/common/demo_data/timeline.ts Normal file
View file

File diff suppressed because it is too large Load diff

311
x-pack/plugins/security_solution/public/common/mock/mock_endgame_ecs_data.ts
View file

@ -7,56 +7,17 @@
import type { Ecs } from '../../../common/ecs';
export const mockEndgameDnsRequest: Ecs = {
_id: 'S8jPcG0BOpWiDweSou3g',
user: {
id: ['S-1-5-18'],
domain: ['NT AUTHORITY'],
name: ['SYSTEM'],
},
host: {
os: {
platform: ['windows'],
name: ['Windows'],
version: ['6.1'],
},
ip: ['10.178.85.222'],
name: ['HD-obe-8bf77f54'],
},
event: {
module: ['endgame'],
dataset: ['esensor'],
action: ['request_event'],
category: ['network'],
kind: ['event'],
},
message: [
'DNS query is completed for the name %1, type %2, query options %3 with status %4 Results %5 ',
],
timestamp: '1569555712000',
dns: {
question: {
name: ['update.googleapis.com'],
type: ['A'],
},
resolved_ip: ['10.100.197.67'],
},
network: {
protocol: ['dns'],
},
process: {
pid: [443192],
name: ['GoogleUpdate.exe'],
executable: ['C:\\Program Files (x86)\\Google\\Update\\GoogleUpdate.exe'],
},
winlog: {
event_id: [3008],
},
endgame: {
process_name: ['GoogleUpdate.exe'],
pid: [443192],
},
};
// these "mocks" are used by browser bundles so they were moved out of the mocks and are
// re-exported here for convenience and internal bwc
export { demoEndgameCreationEvent as mockEndgameCreationEvent } from '../demo_data/endgame_ecs/creation';
export { demoEndgameDnsRequest as mockEndgameDnsRequest } from '../demo_data/endgame_ecs/dns';
export {
demoEndgameFileCreateEvent as mockEndgameFileCreateEvent,
demoEndgameFileDeleteEvent as mockEndgameFileDeleteEvent,
} from '../demo_data/endgame_ecs/file_events';
export { demoEndgameIpv4ConnectionAcceptEvent as mockEndgameIpv4ConnectionAcceptEvent } from '../demo_data/endgame_ecs/ipv4';
export { demoEndgameTerminationEvent as mockEndgameTerminationEvent } from '../demo_data/endgame_ecs/termination';
export { demoEndgameUserLogon as mockEndgameUserLogon } from '../demo_data/endgame_ecs/user_logon';
export const mockEndpointNetworkLookupRequestedEvent: Ecs = {
host: {
@ -173,39 +134,6 @@ export const mockEndpointNetworkLookupResultEvent: Ecs = {
_id: 'skNzOncBPmkOXwyN9VbT',
};
export const mockEndgameFileCreateEvent: Ecs = {
_id: '98jPcG0BOpWiDweSouzg',
user: {
id: ['S-1-5-21-3573271228-3407584681-1597858646-1002'],
domain: ['Anvi-Acer'],
name: ['Arun'],
},
host: {
os: {
platform: ['windows'],
name: ['Windows'],
version: ['6.1'],
},
ip: ['10.178.85.222'],
name: ['HD-obe-8bf77f54'],
},
event: {
module: ['endgame'],
dataset: ['esensor'],
action: ['file_create_event'],
category: ['file'],
kind: ['event'],
},
timestamp: '1569555712000',
endgame: {
process_name: ['chrome.exe'],
pid: [11620],
file_path: [
'C:\\Users\\Arun\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\63d78c21-e593-4484-b7a9-db33cd522ddc.tmp',
],
},
};
export const mockEndpointFileCreationEvent: Ecs = {
file: {
path: ['C:\\Windows\\TEMP\\E38FD162-B6E6-4799-B52D-F590BACBAE94\\WimProvider.dll'],
@ -259,38 +187,6 @@ export const mockEndpointFileCreationEvent: Ecs = {
_id: 'eSdbOncBLJMagDUQ3YFs',
};
export const mockEndgameFileDeleteEvent: Ecs = {
_id: 'OMjPcG0BOpWiDweSeuW9',
user: {
id: ['S-1-5-18'],
domain: ['NT AUTHORITY'],
name: ['SYSTEM'],
},
host: {
os: {
platform: ['windows'],
name: ['Windows'],
version: ['10.0'],
},
ip: ['10.134.159.150'],
name: ['HD-v1s-d2118419'],
},
event: {
module: ['endgame'],
dataset: ['esensor'],
action: ['file_delete_event'],
category: ['file'],
kind: ['event'],
},
timestamp: '1569555704000',
endgame: {
pid: [1084],
file_name: ['tmp000002f6'],
file_path: ['C:\\Windows\\TEMP\\tmp00000404\\tmp000002f6'],
process_name: ['AmSvc.exe'],
},
};
export const mockEndpointFileDeletionEvent: Ecs = {
file: {
path: ['C:\\Windows\\SoftwareDistribution\\Download\\Install\\AM_Delta_Patch_1.329.2793.0.exe'],
@ -1222,52 +1118,6 @@ export const mockEndpointProcessForkEvent: Ecs = {
_id: 'KXomX3cBGrBB52F2S9XY',
};
export const mockEndgameIpv4ConnectionAcceptEvent: Ecs = {
_id: 'LsjPcG0BOpWiDweSCNfu',
user: {
id: ['S-1-5-18'],
domain: ['NT AUTHORITY'],
name: ['SYSTEM'],
},
host: {
os: {
platform: ['windows'],
name: ['Windows'],
version: ['10.0'],
},
ip: ['10.43.255.177'],
name: ['HD-gqf-0af7b4fe'],
},
event: {
module: ['endgame'],
dataset: ['esensor'],
action: ['ipv4_connection_accept_event'],
category: ['network'],
kind: ['event'],
},
timestamp: '1569555676000',
network: {
community_id: ['1:network-community_id'],
transport: ['tcp'],
},
process: {
pid: [1084],
name: ['AmSvc.exe'],
executable: ['C:\\Program Files\\Cybereason ActiveProbe\\AmSvc.exe'],
},
source: {
ip: ['127.0.0.1'],
port: [49306],
},
destination: {
port: [49305],
ip: ['127.0.0.1'],
},
endgame: {
pid: [1084],
},
};
export const mockEndgameIpv6ConnectionAcceptEvent: Ecs = {
_id: '-8SucG0BOpWiDweS0wrq',
user: {
@ -1545,54 +1395,6 @@ export const mockEndpointDisconnectReceivedEvent: Ecs = {
_id: 'uUN0OncBPmkOXwyNOGPV',
};
export const mockEndgameUserLogon: Ecs = {
_id: 'QsjPcG0BOpWiDweSeuRE',
user: {
id: ['S-1-5-18'],
domain: ['NT AUTHORITY'],
name: ['SYSTEM'],
},
host: {
os: {
platform: ['windows'],
name: ['Windows'],
version: ['10.0'],
},
ip: ['10.134.159.150'],
name: ['HD-v1s-d2118419'],
},
event: {
module: ['endgame'],
dataset: ['esensor'],
action: ['user_logon'],
category: ['authentication'],
type: ['authentication_success'],
kind: ['event'],
},
message: [
'An account was successfully logged on.\r\n\r\nSubject:\r\n\tSecurity ID:\t\tS-1-5-18\r\n\tAccount Name:\t\tWIN-Q3DOP1UKA81$\r\n\tAccount Domain:\t\tWORKGROUP\r\n\tLogon ID:\t\t0x3e7\r\n\r\nLogon Type:\t\t\t5\r\n\r\nNew Logon:\r\n\tSecurity ID:\t\tS-1-5-18\r\n\tAccount Name:\t\tSYSTEM\r\n\tAccount Domain:\t\tNT AUTHORITY\r\n\tLogon ID:\t\t0x3e7\r\n\tLogon GUID:\t\t{00000000-0000-0000-0000-000000000000}\r\n\r\nProcess Information:\r\n\tProcess ID:\t\t0x1b0\r\n\tProcess Name:\t\tC:\\Windows\\System32\\services.exe\r\n\r\nNetwork Information:\r\n\tWorkstation Name:\t\r\n\tSource Network Address:\t-\r\n\tSource Port:\t\t-\r\n\r\nDetailed Authentication Information:\r\n\tLogon Process:\t\tAdvapi \r\n\tAuthentication Package:\tNegotiate\r\n\tTransited Services:\t-\r\n\tPackage Name (NTLM only):\t-\r\n\tKey Length:\t\t0\r\n\r\nThis event is generated when a logon session is created. It is generated on the computer that was accessed.\r\n\r\nThe subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.\r\n\r\nThe logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).\r\n\r\nThe New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.\r\n\r\nThe network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.\r\n\r\nThe authentication information fields provide detailed information about this specific logon request.\r\n\t- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.\r\n\t- Transited services indicate which intermediate services have participated in this logon request.\r\n\t- Package name indicates which sub-protocol was used among the NTLM protocols.\r\n\t- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.',
],
timestamp: '1569555704000',
process: {
pid: [432],
name: ['C:\\Windows\\System32\\services.exe'],
executable: ['C:\\Windows\\System32\\services.exe'],
},
winlog: {
event_id: [4624],
},
endgame: {
target_logon_id: ['0x3e7'],
pid: [432],
process_name: ['C:\\Windows\\System32\\services.exe'],
logon_type: [5],
subject_user_name: ['WIN-Q3DOP1UKA81$'],
subject_logon_id: ['0x3e7'],
target_user_name: ['SYSTEM'],
target_domain_name: ['NT AUTHORITY'],
},
};
export const mockEndpointSecurityLogOnSuccessEvent: Ecs = {
host: {
os: {
@ -1853,55 +1655,6 @@ export const mockEndpointSecurityLogOffEvent: Ecs = {
_id: 'ZesLQXcBPmkOXwyNdT1a',
};
export const mockEndgameCreationEvent: Ecs = {
_id: 'BcjPcG0BOpWiDweSou3g',
user: {
id: ['S-1-5-21-3573271228-3407584681-1597858646-1002'],
domain: ['Anvi-Acer'],
name: ['Arun'],
},
host: {
os: {
platform: ['windows'],
name: ['Windows'],
version: ['6.1'],
},
ip: ['10.178.85.222'],
name: ['HD-obe-8bf77f54'],
},
event: {
module: ['endgame'],
dataset: ['esensor'],
action: ['creation_event'],
category: ['process'],
type: ['process_start'],
kind: ['event'],
},
timestamp: '1569555712000',
process: {
hash: {
md5: ['62d06d7235b37895b68de56687895743'],
sha1: ['12563599116157778a22600d2a163d8112aed845'],
sha256: ['d4c97ed46046893141652e2ec0056a698f6445109949d7fcabbce331146889ee'],
},
pid: [441684],
ppid: [8],
name: ['Microsoft.Photos.exe'],
executable: [
'C:\\Program Files\\WindowsApps\\Microsoft.Windows.Photos_2018.18091.17210.0_x64__8wekyb3d8bbwe\\Microsoft.Photos.exe',
],
args: [
'C:\\Program Files\\WindowsApps\\Microsoft.Windows.Photos_2018.18091.17210.0_x64__8wekyb3d8bbwe\\Microsoft.Photos.exe',
'-ServerName:App.AppXzst44mncqdg84v7sv6p7yznqwssy6f7f.mca',
],
},
endgame: {
process_name: ['Microsoft.Photos.exe'],
pid: [441684],
parent_process_name: ['svchost.exe'],
},
};
export const mockEndpointProcessStartEvent: Ecs = {
process: {
hash: {
@ -1954,48 +1707,6 @@ export const mockEndpointProcessStartEvent: Ecs = {
_id: 't5KSO3cB8l64wN2iQ8V9',
};
export const mockEndgameTerminationEvent: Ecs = {
_id: '2MjPcG0BOpWiDweSoutC',
user: {
id: ['S-1-5-21-3573271228-3407584681-1597858646-1002'],
domain: ['Anvi-Acer'],
name: ['Arun'],
},
host: {
os: {
platform: ['windows'],
name: ['Windows'],
version: ['6.1'],
},
ip: ['10.178.85.222'],
name: ['HD-obe-8bf77f54'],
},
event: {
module: ['endgame'],
dataset: ['esensor'],
action: ['termination_event'],
category: ['process'],
kind: ['event'],
},
timestamp: '1569555712000',
process: {
hash: {
md5: ['bd4401441a21bf1abce6404f4231db4d'],
sha1: ['797255e72d5ed5c058d4785950eba7abaa057653'],
sha256: ['87976f3430cc99bc939e0694247c0759961a49832b87218f4313d6fc0bc3a776'],
},
pid: [442384],
ppid: [8],
name: ['RuntimeBroker.exe'],
executable: ['C:\\Windows\\System32\\RuntimeBroker.exe'],
},
endgame: {
pid: [442384],
process_name: ['RuntimeBroker.exe'],
exit_code: [0],
},
};
export const mockEndpointProcessEndEvent: Ecs = {
process: {
hash: {

1296
x-pack/plugins/security_solution/public/common/mock/mock_timeline_data.ts
View file

File diff suppressed because it is too large Load diff

73
x-pack/plugins/security_solution/public/common/mock/netflow.ts
View file

@ -5,75 +5,4 @@
* 2.0.
*/
import { ONE_MILLISECOND_AS_NANOSECONDS } from '../../timelines/components/formatted_duration/helpers';
import type { Ecs } from '../../../common/ecs';
/** Returns mock data for testing the Netflow component */
export const getMockNetflowData = (): Ecs => ({
destination: {
bytes: [40],
geo: {
city_name: ['New York'],
continent_name: ['North America'],
country_iso_code: ['US'],
country_name: ['United States'],
region_name: ['New York'],
},
ip: ['10.1.2.3'],
packets: [1],
port: [80],
},
event: {
action: ['network_flow'],
category: ['network_traffic'],
duration: [ONE_MILLISECOND_AS_NANOSECONDS],
end: ['2018-11-12T19:03:25.936Z'],
start: ['2018-11-12T19:03:25.836Z'],
},
_id: 'abcd',
network: {
bytes: [100],
community_id: ['we.live.in.a'],
direction: ['outgoing'],
packets: [3],
protocol: ['http'],
transport: ['tcp'],
},
process: {
name: ['rat'],
},
source: {
bytes: [60],
geo: {
city_name: ['Atlanta'],
continent_name: ['North America'],
country_iso_code: ['US'],
country_name: ['United States'],
region_name: ['Georgia'],
},
ip: ['192.168.1.2'],
packets: [2],
port: [9987],
},
timestamp: '2018-11-12T19:03:25.936Z',
tls: {
client_certificate: {
fingerprint: {
sha1: ['tls.client_certificate.fingerprint.sha1-value'],
},
},
fingerprints: {
ja3: {
hash: ['tls.fingerprints.ja3.hash-value'],
},
},
server_certificate: {
fingerprint: {
sha1: ['tls.server_certificate.fingerprint.sha1-value'],
},
},
},
user: {
name: ['first.last'],
},
});
export { getDemoNetflowData as getMockNetflowData } from '../demo_data/netflow';

3
x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/index.tsx
View file

@ -25,6 +25,3 @@ export const EndpointsContainer = memo(() => {
});
EndpointsContainer.displayName = 'EndpointsContainer';
// eslint-disable-next-line @kbn/imports/no_boundary_crossing
export { endpointListFleetApisHttpMock } from './mocks';
export type { EndpointListFleetApisHttpMockInterface } from './mocks';

5
x-pack/plugins/security_solution/public/timelines/components/row_renderers_browser/examples/alerts.tsx
View file

@ -7,8 +7,7 @@
import React from 'react';
// eslint-disable-next-line @kbn/imports/no_boundary_crossing
import { mockEndpointProcessExecutionMalwarePreventionAlert } from '../../../../common/mock/mock_timeline_data';
import { demoEndpointProcessExecutionMalwarePreventionAlert } from '../../../../common/demo_data/endpoint/process_execution_malware_prevention_alert';
import { createEndpointAlertsRowRenderer } from '../../timeline/body/renderers/system/generic_row_renderer';
import { WAS_PREVENTED_FROM_EXECUTING_A_MALICIOUS_PROCESS } from '../../timeline/body/renderers/system/translations';
import { ROW_RENDERER_BROWSER_EXAMPLE_TIMELINE_ID } from '../constants';
@ -25,7 +24,7 @@ const AlertsExampleComponent: React.FC = () => {
return (
<>
{alertsRowRenderer.renderRow({
data: mockEndpointProcessExecutionMalwarePreventionAlert,
data: demoEndpointProcessExecutionMalwarePreventionAlert,
isDraggable: false,
timelineId: ROW_RENDERER_BROWSER_EXAMPLE_TIMELINE_ID,
})}

5
x-pack/plugins/security_solution/public/timelines/components/row_renderers_browser/examples/auditd.tsx
View file

@ -7,8 +7,7 @@
import React from 'react';
// eslint-disable-next-line @kbn/imports/no_boundary_crossing
import { mockTimelineData } from '../../../../common/mock/mock_timeline_data';
import { demoTimelineData } from '../../../../common/demo_data/timeline';
import { createGenericAuditRowRenderer } from '../../timeline/body/renderers/auditd/generic_row_renderer';
import { CONNECTED_USING } from '../../timeline/body/renderers/auditd/translations';
import { ROW_RENDERER_BROWSER_EXAMPLE_TIMELINE_ID } from '../constants';
@ -22,7 +21,7 @@ const AuditdExampleComponent: React.FC = () => {
return (
<>
{auditdRowRenderer.renderRow({
data: mockTimelineData[26].ecs,
data: demoTimelineData[26].ecs,
isDraggable: false,
timelineId: ROW_RENDERER_BROWSER_EXAMPLE_TIMELINE_ID,
})}

5
x-pack/plugins/security_solution/public/timelines/components/row_renderers_browser/examples/auditd_file.tsx
View file

@ -7,8 +7,7 @@
import React from 'react';
// eslint-disable-next-line @kbn/imports/no_boundary_crossing
import { mockTimelineData } from '../../../../common/mock/mock_timeline_data';
import { demoTimelineData } from '../../../../common/demo_data/timeline';
import { createGenericFileRowRenderer } from '../../timeline/body/renderers/auditd/generic_row_renderer';
import { OPENED_FILE, USING } from '../../timeline/body/renderers/auditd/translations';
import { ROW_RENDERER_BROWSER_EXAMPLE_TIMELINE_ID } from '../constants';
@ -22,7 +21,7 @@ const AuditdFileExampleComponent: React.FC = () => {
return (
<>
{auditdFileRowRenderer.renderRow({
data: mockTimelineData[27].ecs,
data: demoTimelineData[27].ecs,
isDraggable: false,
timelineId: ROW_RENDERER_BROWSER_EXAMPLE_TIMELINE_ID,
})}

5
x-pack/plugins/security_solution/public/timelines/components/row_renderers_browser/examples/library.tsx
View file

@ -7,8 +7,7 @@
import React from 'react';
// eslint-disable-next-line @kbn/imports/no_boundary_crossing
import { mockEndpointLibraryLoadEvent } from '../../../../common/mock/mock_timeline_data';
import { demoEndpointLibraryLoadEvent } from '../../../../common/demo_data/endpoint/library_load_event';
import { createEndpointLibraryRowRenderer } from '../../timeline/body/renderers/system/generic_row_renderer';
import { LOADED_LIBRARY } from '../../timeline/body/renderers/system/translations';
import { ROW_RENDERER_BROWSER_EXAMPLE_TIMELINE_ID } from '../constants';
@ -22,7 +21,7 @@ const LibraryExampleComponent: React.FC = () => {
return (
<>
{libraryRowRenderer.renderRow({
data: mockEndpointLibraryLoadEvent,
data: demoEndpointLibraryLoadEvent,
isDraggable: false,
timelineId: ROW_RENDERER_BROWSER_EXAMPLE_TIMELINE_ID,
})}

5
x-pack/plugins/security_solution/public/timelines/components/row_renderers_browser/examples/netflow.tsx
View file

@ -7,15 +7,14 @@
import React from 'react';
// eslint-disable-next-line @kbn/imports/no_boundary_crossing
import { getMockNetflowData } from '../../../../common/mock/netflow';
import { getDemoNetflowData } from '../../../../common/demo_data/netflow';
import { netflowRowRenderer } from '../../timeline/body/renderers/netflow/netflow_row_renderer';
import { ROW_RENDERER_BROWSER_EXAMPLE_TIMELINE_ID } from '../constants';
const NetflowExampleComponent: React.FC = () => (
<>
{netflowRowRenderer.renderRow({
data: getMockNetflowData(),
data: getDemoNetflowData(),
isDraggable: false,
timelineId: ROW_RENDERER_BROWSER_EXAMPLE_TIMELINE_ID,
})}

5
x-pack/plugins/security_solution/public/timelines/components/row_renderers_browser/examples/registry.tsx
View file

@ -7,8 +7,7 @@
import React from 'react';
// eslint-disable-next-line @kbn/imports/no_boundary_crossing
import { mockEndpointRegistryModificationEvent } from '../../../../common/mock/mock_timeline_data';
import { demoEndpointRegistryModificationEvent } from '../../../../common/demo_data/endpoint/registry_modification_event';
import { createEndpointRegistryRowRenderer } from '../../timeline/body/renderers/system/generic_row_renderer';
import { MODIFIED_REGISTRY_KEY } from '../../timeline/body/renderers/system/translations';
import { ROW_RENDERER_BROWSER_EXAMPLE_TIMELINE_ID } from '../constants';
@ -22,7 +21,7 @@ const RegistryExampleComponent: React.FC = () => {
return (
<>
{registryRowRenderer.renderRow({
data: mockEndpointRegistryModificationEvent,
data: demoEndpointRegistryModificationEvent,
isDraggable: false,
timelineId: ROW_RENDERER_BROWSER_EXAMPLE_TIMELINE_ID,
})}

5
x-pack/plugins/security_solution/public/timelines/components/row_renderers_browser/examples/suricata.tsx
View file

@ -7,15 +7,14 @@
import React from 'react';
// eslint-disable-next-line @kbn/imports/no_boundary_crossing
import { mockTimelineData } from '../../../../common/mock/mock_timeline_data';
import { demoTimelineData } from '../../../../common/demo_data/timeline';
import { suricataRowRenderer } from '../../timeline/body/renderers/suricata/suricata_row_renderer';
import { ROW_RENDERER_BROWSER_EXAMPLE_TIMELINE_ID } from '../constants';
const SuricataExampleComponent: React.FC = () => (
<>
{suricataRowRenderer.renderRow({
data: mockTimelineData[2].ecs,
data: demoTimelineData[2].ecs,
isDraggable: false,
timelineId: ROW_RENDERER_BROWSER_EXAMPLE_TIMELINE_ID,
})}

5
x-pack/plugins/security_solution/public/timelines/components/row_renderers_browser/examples/system.tsx
View file

@ -9,8 +9,7 @@ import React from 'react';
import { TERMINATED_PROCESS } from '../../timeline/body/renderers/system/translations';
import { createGenericSystemRowRenderer } from '../../timeline/body/renderers/system/generic_row_renderer';
// eslint-disable-next-line @kbn/imports/no_boundary_crossing
import { mockEndgameTerminationEvent } from '../../../../common/mock/mock_endgame_ecs_data';
import { demoEndgameTerminationEvent } from '../../../../common/demo_data/endgame_ecs/termination';
import { ROW_RENDERER_BROWSER_EXAMPLE_TIMELINE_ID } from '../constants';
const SystemExampleComponent: React.FC = () => {
@ -22,7 +21,7 @@ const SystemExampleComponent: React.FC = () => {
return (
<>
{systemRowRenderer.renderRow({
data: mockEndgameTerminationEvent,
data: demoEndgameTerminationEvent,
isDraggable: false,
timelineId: ROW_RENDERER_BROWSER_EXAMPLE_TIMELINE_ID,
})}

5
x-pack/plugins/security_solution/public/timelines/components/row_renderers_browser/examples/system_dns.tsx
View file

@ -8,8 +8,7 @@
import React from 'react';
import { createDnsRowRenderer } from '../../timeline/body/renderers/system/generic_row_renderer';
// eslint-disable-next-line @kbn/imports/no_boundary_crossing
import { mockEndgameDnsRequest } from '../../../../common/mock/mock_endgame_ecs_data';
import { demoEndgameDnsRequest } from '../../../../common/demo_data/endgame_ecs/dns';
import { ROW_RENDERER_BROWSER_EXAMPLE_TIMELINE_ID } from '../constants';
const SystemDnsExampleComponent: React.FC = () => {
@ -18,7 +17,7 @@ const SystemDnsExampleComponent: React.FC = () => {
return (
<>
{systemDnsRowRenderer.renderRow({
data: mockEndgameDnsRequest,
data: demoEndgameDnsRequest,
isDraggable: false,
timelineId: ROW_RENDERER_BROWSER_EXAMPLE_TIMELINE_ID,
})}

5
x-pack/plugins/security_solution/public/timelines/components/row_renderers_browser/examples/system_endgame_process.tsx
View file

@ -8,8 +8,7 @@
import React from 'react';
import { createEndgameProcessRowRenderer } from '../../timeline/body/renderers/system/generic_row_renderer';
// eslint-disable-next-line @kbn/imports/no_boundary_crossing
import { mockEndgameCreationEvent } from '../../../../common/mock/mock_endgame_ecs_data';
import { demoEndgameCreationEvent } from '../../../../common/demo_data/endgame_ecs/creation';
import { PROCESS_STARTED } from '../../timeline/body/renderers/system/translations';
import { ROW_RENDERER_BROWSER_EXAMPLE_TIMELINE_ID } from '../constants';
@ -22,7 +21,7 @@ const SystemEndgameProcessExampleComponent: React.FC = () => {
return (
<>
{systemEndgameProcessRowRenderer.renderRow({
data: mockEndgameCreationEvent,
data: demoEndgameCreationEvent,
isDraggable: false,
timelineId: ROW_RENDERER_BROWSER_EXAMPLE_TIMELINE_ID,
})}

5
x-pack/plugins/security_solution/public/timelines/components/row_renderers_browser/examples/system_file.tsx
View file

@ -7,8 +7,7 @@
import React from 'react';
// eslint-disable-next-line @kbn/imports/no_boundary_crossing
import { mockEndgameFileDeleteEvent } from '../../../../common/mock/mock_endgame_ecs_data';
import { demoEndgameFileDeleteEvent } from '../../../../common/demo_data/endgame_ecs/file_events';
import { createGenericFileRowRenderer } from '../../timeline/body/renderers/system/generic_row_renderer';
import { DELETED_FILE } from '../../timeline/body/renderers/system/translations';
import { ROW_RENDERER_BROWSER_EXAMPLE_TIMELINE_ID } from '../constants';
@ -22,7 +21,7 @@ const SystemFileExampleComponent: React.FC = () => {
return (
<>
{systemFileRowRenderer.renderRow({
data: mockEndgameFileDeleteEvent,
data: demoEndgameFileDeleteEvent,
isDraggable: false,
timelineId: ROW_RENDERER_BROWSER_EXAMPLE_TIMELINE_ID,
})}

5
x-pack/plugins/security_solution/public/timelines/components/row_renderers_browser/examples/system_fim.tsx
View file

@ -7,8 +7,7 @@
import React from 'react';
// eslint-disable-next-line @kbn/imports/no_boundary_crossing
import { mockEndgameFileCreateEvent } from '../../../../common/mock/mock_endgame_ecs_data';
import { demoEndgameFileCreateEvent } from '../../../../common/demo_data/endgame_ecs/file_events';
import { createFimRowRenderer } from '../../timeline/body/renderers/system/generic_row_renderer';
import { CREATED_FILE } from '../../timeline/body/renderers/system/translations';
import { ROW_RENDERER_BROWSER_EXAMPLE_TIMELINE_ID } from '../constants';
@ -22,7 +21,7 @@ const SystemFimExampleComponent: React.FC = () => {
return (
<>
{systemFimRowRenderer.renderRow({
data: mockEndgameFileCreateEvent,
data: demoEndgameFileCreateEvent,
isDraggable: false,
timelineId: ROW_RENDERER_BROWSER_EXAMPLE_TIMELINE_ID,
})}

5
x-pack/plugins/security_solution/public/timelines/components/row_renderers_browser/examples/system_security_event.tsx
View file

@ -8,8 +8,7 @@
import React from 'react';
import { createSecurityEventRowRenderer } from '../../timeline/body/renderers/system/generic_row_renderer';
// eslint-disable-next-line @kbn/imports/no_boundary_crossing
import { mockEndgameUserLogon } from '../../../../common/mock/mock_endgame_ecs_data';
import { demoEndgameUserLogon } from '../../../../common/demo_data/endgame_ecs/user_logon';
import { ROW_RENDERER_BROWSER_EXAMPLE_TIMELINE_ID } from '../constants';
const SystemSecurityEventExampleComponent: React.FC = () => {
@ -20,7 +19,7 @@ const SystemSecurityEventExampleComponent: React.FC = () => {
return (
<>
{systemSecurityEventRowRenderer.renderRow({
data: mockEndgameUserLogon,
data: demoEndgameUserLogon,
isDraggable: false,
timelineId: ROW_RENDERER_BROWSER_EXAMPLE_TIMELINE_ID,
})}

5
x-pack/plugins/security_solution/public/timelines/components/row_renderers_browser/examples/system_socket.tsx
View file

@ -9,8 +9,7 @@ import React from 'react';
import { ACCEPTED_A_CONNECTION_VIA } from '../../timeline/body/renderers/system/translations';
import { createSocketRowRenderer } from '../../timeline/body/renderers/system/generic_row_renderer';
// eslint-disable-next-line @kbn/imports/no_boundary_crossing
import { mockEndgameIpv4ConnectionAcceptEvent } from '../../../../common/mock/mock_endgame_ecs_data';
import { demoEndgameIpv4ConnectionAcceptEvent } from '../../../../common/demo_data/endgame_ecs/ipv4';
import { ROW_RENDERER_BROWSER_EXAMPLE_TIMELINE_ID } from '../constants';
const SystemSocketExampleComponent: React.FC = () => {
@ -21,7 +20,7 @@ const SystemSocketExampleComponent: React.FC = () => {
return (
<>
{systemSocketRowRenderer.renderRow({
data: mockEndgameIpv4ConnectionAcceptEvent,
data: demoEndgameIpv4ConnectionAcceptEvent,
isDraggable: false,
timelineId: ROW_RENDERER_BROWSER_EXAMPLE_TIMELINE_ID,
})}

5
x-pack/plugins/security_solution/public/timelines/components/row_renderers_browser/examples/threat_match.tsx
View file

@ -7,15 +7,14 @@
import React from 'react';
// eslint-disable-next-line @kbn/imports/no_boundary_crossing
import { mockTimelineData } from '../../../../common/mock/mock_timeline_data';
import { demoTimelineData } from '../../../../common/demo_data/timeline';
import { threatMatchRowRenderer } from '../../timeline/body/renderers/cti/threat_match_row_renderer';
import { ROW_RENDERER_BROWSER_EXAMPLE_TIMELINE_ID } from '../constants';
const ThreatMatchExampleComponent: React.FC = () => (
<>
{threatMatchRowRenderer.renderRow({
data: mockTimelineData[31].ecs,
data: demoTimelineData[31].ecs,
isDraggable: false,
timelineId: ROW_RENDERER_BROWSER_EXAMPLE_TIMELINE_ID,
})}

5
x-pack/plugins/security_solution/public/timelines/components/row_renderers_browser/examples/zeek.tsx
View file

@ -7,15 +7,14 @@
import React from 'react';
// eslint-disable-next-line @kbn/imports/no_boundary_crossing
import { mockTimelineData } from '../../../../common/mock/mock_timeline_data';
import { demoTimelineData } from '../../../../common/demo_data/timeline';
import { zeekRowRenderer } from '../../timeline/body/renderers/zeek/zeek_row_renderer';
import { ROW_RENDERER_BROWSER_EXAMPLE_TIMELINE_ID } from '../constants';
const ZeekExampleComponent: React.FC = () => (
<>
{zeekRowRenderer.renderRow({
data: mockTimelineData[13].ecs,
data: demoTimelineData[13].ecs,
isDraggable: false,
timelineId: ROW_RENDERER_BROWSER_EXAMPLE_TIMELINE_ID,
})}

2
x-pack/plugins/security_solution/server/endpoint/mocks.ts
View file

@ -45,7 +45,7 @@ import { createEndpointMetadataServiceTestContextMock } from './services/metadat
import type { EndpointAuthz } from '../../common/endpoint/types/authz';
import { EndpointFleetServicesFactory } from './services/fleet';
import { createLicenseServiceMock } from '../../common/license/mocks';
import { createFeatureUsageServiceMock } from './services/feature_usage';
import { createFeatureUsageServiceMock } from './services/feature_usage/mocks';
/**
* Creates a mocked EndpointAppContext.

2
x-pack/plugins/security_solution/server/endpoint/routes/metadata/metadata.test.ts
View file

@ -62,7 +62,7 @@ import { EndpointHostNotFoundError } from '../../services/metadata';
import { FleetAgentGenerator } from '../../../../common/endpoint/data_generators/fleet_agent_generator';
import { createMockAgentClient, createMockPackageService } from '@kbn/fleet-plugin/server/mocks';
import type { TransformGetTransformStatsResponse } from '@elastic/elasticsearch/lib/api/typesWithBodyKey';
import { getEndpointAuthzInitialStateMock } from '../../../../common/endpoint/service/authz';
import { getEndpointAuthzInitialStateMock } from '../../../../common/endpoint/service/authz/mocks';
class IndexNotFoundException extends Error {
meta: { body: { error: { type: string } } };

2
x-pack/plugins/security_solution/server/endpoint/services/feature_usage/index.ts
View file

@ -7,7 +7,5 @@
import { FeatureUsageService } from './service';
export type { FeatureKeys } from './service';
// eslint-disable-next-line @kbn/imports/no_boundary_crossing
export { createFeatureUsageServiceMock, createMockPolicyData } from './mocks';
export const featureUsageService = new FeatureUsageService();

2
x-pack/plugins/security_solution/server/fleet_integration/fleet_integration.test.ts
View file

@ -43,7 +43,7 @@ import { Manifest } from '../endpoint/lib/artifacts';
import type { NewPackagePolicy } from '@kbn/fleet-plugin/common/types/models';
import type { ManifestSchema } from '../../common/endpoint/schema/manifest';
import type { DeletePackagePoliciesResponse } from '@kbn/fleet-plugin/common';
import { createMockPolicyData } from '../endpoint/services/feature_usage';
import { createMockPolicyData } from '../endpoint/services/feature_usage/mocks';
import { ALL_ENDPOINT_ARTIFACT_LIST_IDS } from '../../common/endpoint/service/artifacts/constants';
describe('ingest_integration tests ', () => {

2
x-pack/plugins/security_solution/server/lib/detection_engine/routes/__mocks__/request_context.ts
View file

@ -32,7 +32,7 @@ import type {
SecuritySolutionRequestHandlerContext,
} from '../../../../types';
import { getEndpointAuthzInitialStateMock } from '../../../../../common/endpoint/service/authz';
import { getEndpointAuthzInitialStateMock } from '../../../../../common/endpoint/service/authz/mocks';
import type { EndpointAuthz } from '../../../../../common/endpoint/types/authz';
export const createMockClients = () => {