github-mirrors/kibana
1
0
Fork 0
mirror of https://github.com/elastic/kibana.git synced 2025-04-24 17:59:23 -04:00
Code Issues Projects Releases Packages Wiki Activity

[Security Solution] Remove extra rule fields from kibana.alert.rule (#121135)

Browse source 
* Remove kibana.alert.rule.risk_score and severity

* Fix tests related to risk_score and severity

* Make translation a template

* Can't use expression in template literal

* Remove commented line added by bad merge

* Fix linting

Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
This commit is contained in:
Marshall Main 2021-12-17 13:23:27 -08:00 committed by GitHub
parent d4fab0abae
commit e59a8feaa4
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
41 changed files with 175 additions and 291 deletions
Download patch file Download diff file Expand all files Collapse all files

4
x-pack/plugins/timelines/public/components/t_grid/body/helpers.tsx
View file

@ -191,10 +191,10 @@ export const allowSorting = ({
'kibana.alert.rule.output_index',
'kibana.alert.rule.query',
'kibana.alert.rule.references',
'kibana.alert.rule.risk_score',
'kibana.alert.risk_score',
'kibana.alert.rule.rule_id',
'kibana.alert.rule.saved_id',
'kibana.alert.rule.severity',
'kibana.alert.severity',
'kibana.alert.rule.size',
'kibana.alert.rule.tags',
'kibana.alert.rule.threat',

6
x-pack/plugins/timelines/server/search_strategy/timeline/factory/helpers/constants.ts
View file

@ -5,7 +5,7 @@
* 2.0.
*/
import { ALERT_RULE_CONSUMER } from '@kbn/rule-data-utils';
import { ALERT_RULE_CONSUMER, ALERT_RISK_SCORE, ALERT_SEVERITY } from '@kbn/rule-data-utils';
// TODO: share with security_solution/common/cti/constants.ts
export const ENRICHMENT_DESTINATION_PATH = 'threat.enrichments';
@ -61,8 +61,8 @@ export const TIMELINE_EVENTS_FIELDS = [
'kibana.alert.original_event.kind',
'kibana.alert.original_event.module',
'kibana.alert.rule.version',
'kibana.alert.rule.severity',
'kibana.alert.rule.risk_score',
ALERT_SEVERITY,
ALERT_RISK_SCORE,
'kibana.alert.threshold_result',
'kibana.alert.building_block_type',
'event.code',

14
x-pack/plugins/timelines/server/search_strategy/timeline/factory/helpers/format_timeline_data.test.ts
View file

@ -150,11 +150,12 @@ describe('formatTimelineData', () => {
_meta: {
version: 14,
},
severity: 'low',
risk_score: 21,
rule: {
note: null,
throttle: null,
references: [],
severity_mapping: [],
description: 'asdasd',
created_at: '2021-01-09T11:25:45.046Z',
language: 'kuery',
@ -174,9 +175,6 @@ describe('formatTimelineData', () => {
uuid: '696c24e0-526d-11eb-836c-e1620268b945',
timeline_id: null,
max_signals: 100,
severity: 'low',
risk_score: 21,
risk_score_mapping: [],
author: [],
query: '_id :*',
index: [
@ -274,11 +272,11 @@ describe('formatTimelineData', () => {
'kibana.alert.rule.query': ['_id :*'],
'kibana.alert.rule.type': ['threshold'],
'kibana.alert.rule.uuid': ['696c24e0-526d-11eb-836c-e1620268b945'],
'kibana.alert.rule.risk_score': [21],
'kibana.alert.risk_score': [21],
'kibana.alert.workflow_status': ['open'],
'event.kind': ['signal'],
'kibana.alert.original_time': ['2021-01-09T13:39:32.595Z'],
'kibana.alert.rule.severity': ['low'],
'kibana.alert.severity': ['low'],
'kibana.alert.rule.version': ['1'],
'kibana.alert.rule.index': [
'apm-*-transaction*',
@ -330,6 +328,8 @@ describe('formatTimelineData', () => {
original_time: ['2021-01-09T13:39:32.595Z'],
workflow_status: ['open'],
threshold_result: ['{"count":10000,"value":"2a990c11-f61b-4c8e-b210-da2574e9f9db"}'],
severity: ['low'],
risk_score: ['21'],
rule: {
building_block_type: [],
exceptions_list: [],
@ -348,9 +348,7 @@ describe('formatTimelineData', () => {
language: ['kuery'],
name: ['Threshold test'],
output_index: ['.siem-signals-patrykkopycinski-default'],
risk_score: ['21'],
query: ['_id :*'],
severity: ['low'],
to: ['now'],
type: ['threshold'],
version: ['1'],