mirror of
https://github.com/elastic/kibana.git
synced 2025-04-23 09:19:04 -04:00
Move Functions from CSP to Shared packages (#212663)
## Summary As a part of Expandable Findings flyout, we will need to move some Constants, Types, Functions, Components into Security Solution plugin or Shared package This PR is phase 2 for Findings (Misconfiguration flyout) which include moving functions into shared package or security solution plugin --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
This commit is contained in:
Rickyanto Ang
GitHub
parent
d0c62a20e9
commit
fb3537cfc9
46 changed files with 313 additions and 267 deletions
|
|
@ -65,3 +65,7 @@ export const INTERNAL_FEATURE_FLAGS = {
|
|||
showManageRulesMock: false,
|
||||
showFindingFlyoutEvidence: true,
|
||||
} as const;
|
||||
|
||||
export const DETECTION_RULE_RULES_API_CURRENT_VERSION = '2023-10-31';
|
||||
|
||||
export const FINDINGS_INDEX_PATTERN = 'logs-cloud_security_posture.findings-default*';
|
||||
|
|
|
|||
|
|
@ -41,4 +41,10 @@ export {
|
|||
buildVulnerabilityEntityFlyoutPreviewQuery,
|
||||
} from './utils/helpers';
|
||||
export { getAbbreviatedNumber } from './utils/get_abbreviated_number';
|
||||
export { createDetectionRule } from './rules/create_detection_rule';
|
||||
export { UiMetricService } from './utils/ui_metrics';
|
||||
export {
|
||||
generateBenchmarkRuleTags,
|
||||
getFindingsDetectionRuleSearchTags,
|
||||
} from './rules/detection_rules';
|
||||
export type { RuleResponse } from './rules/rule';
|
||||
|
|
|
|||
|
|
@ -0,0 +1,70 @@
|
|||
/*
|
||||
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
|
||||
* or more contributor license agreements. Licensed under the Elastic License
|
||||
* 2.0; you may not use this file except in compliance with the Elastic License
|
||||
* 2.0.
|
||||
*/
|
||||
import type { HttpSetup } from '@kbn/core/public';
|
||||
import { RuleResponse } from './rule';
|
||||
import { DETECTION_RULE_RULES_API_CURRENT_VERSION } from '../constants';
|
||||
|
||||
interface RuleSeverityMapping {
|
||||
field: string;
|
||||
value: string;
|
||||
operator: 'equals';
|
||||
severity: string;
|
||||
}
|
||||
|
||||
export interface RuleCreateProps {
|
||||
type: string;
|
||||
language: string;
|
||||
license: string;
|
||||
author: string[];
|
||||
filters: unknown[];
|
||||
false_positives: unknown[];
|
||||
risk_score: number;
|
||||
risk_score_mapping: unknown[];
|
||||
severity: string;
|
||||
severity_mapping: RuleSeverityMapping[];
|
||||
threat: unknown[];
|
||||
interval: string;
|
||||
from: string;
|
||||
to: string;
|
||||
timestamp_override: string;
|
||||
timestamp_override_fallback_disabled: boolean;
|
||||
actions: unknown[];
|
||||
enabled: boolean;
|
||||
alert_suppression: {
|
||||
group_by: string[];
|
||||
missing_fields_strategy: string;
|
||||
};
|
||||
index: string[];
|
||||
query: string;
|
||||
references: string[];
|
||||
name: string;
|
||||
description: string;
|
||||
tags: string[];
|
||||
max_signals: number;
|
||||
investigation_fields?: {
|
||||
field_names: string[];
|
||||
};
|
||||
note?: string;
|
||||
}
|
||||
|
||||
const DETECTION_ENGINE_URL = '/api/detection_engine' as const;
|
||||
const DETECTION_ENGINE_RULES_URL = `${DETECTION_ENGINE_URL}/rules` as const;
|
||||
|
||||
export const createDetectionRule = async ({
|
||||
http,
|
||||
rule,
|
||||
}: {
|
||||
http: HttpSetup;
|
||||
rule: RuleCreateProps;
|
||||
}): Promise<RuleResponse> => {
|
||||
const res = await http.post<RuleCreateProps>(DETECTION_ENGINE_RULES_URL, {
|
||||
version: DETECTION_RULE_RULES_API_CURRENT_VERSION,
|
||||
body: JSON.stringify(rule),
|
||||
});
|
||||
|
||||
return res as RuleResponse;
|
||||
};
|
||||
|
|
@ -0,0 +1,89 @@
|
|||
/*
|
||||
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
|
||||
* or more contributor license agreements. Licensed under the Elastic License
|
||||
* 2.0; you may not use this file except in compliance with the Elastic License
|
||||
* 2.0.
|
||||
*/
|
||||
|
||||
import type { CspBenchmarkRuleMetadata } from '../schema/rules/latest';
|
||||
import { generateBenchmarkRuleTags, getFindingsDetectionRuleSearchTags } from './detection_rules';
|
||||
|
||||
it('Should generate search tags for a CSP benchmark rule', () => {
|
||||
const cspBenchmarkRule = {
|
||||
benchmark: {
|
||||
id: 'cis_gcp',
|
||||
rule_number: '1.1',
|
||||
},
|
||||
} as unknown as CspBenchmarkRuleMetadata;
|
||||
|
||||
const result = getFindingsDetectionRuleSearchTags(cspBenchmarkRule);
|
||||
|
||||
const expectedTags = ['CIS', 'GCP', 'CIS GCP 1.1'];
|
||||
expect(result).toEqual(expectedTags);
|
||||
});
|
||||
|
||||
it('Should handle undefined benchmark object gracefully', () => {
|
||||
const cspBenchmarkRule = { benchmark: {} } as any;
|
||||
const expectedTags: string[] = [];
|
||||
const result = getFindingsDetectionRuleSearchTags(cspBenchmarkRule);
|
||||
expect(result).toEqual(expectedTags);
|
||||
});
|
||||
|
||||
it('Should handle undefined rule number gracefully', () => {
|
||||
const cspBenchmarkRule = {
|
||||
benchmark: {
|
||||
id: 'cis_gcp',
|
||||
},
|
||||
} as unknown as CspBenchmarkRuleMetadata;
|
||||
const result = getFindingsDetectionRuleSearchTags(cspBenchmarkRule);
|
||||
const expectedTags = ['CIS', 'GCP', 'CIS GCP'];
|
||||
expect(result).toEqual(expectedTags);
|
||||
});
|
||||
|
||||
it('Should generate tags for a CSPM benchmark rule', () => {
|
||||
const cspBenchmarkRule = {
|
||||
benchmark: {
|
||||
id: 'cis_gcp',
|
||||
rule_number: '1.1',
|
||||
posture_type: 'cspm',
|
||||
},
|
||||
} as unknown as CspBenchmarkRuleMetadata;
|
||||
|
||||
const result = generateBenchmarkRuleTags(cspBenchmarkRule);
|
||||
|
||||
const expectedTags = [
|
||||
'Cloud Security',
|
||||
'Use Case: Configuration Audit',
|
||||
'CIS',
|
||||
'GCP',
|
||||
'CIS GCP 1.1',
|
||||
'CSPM',
|
||||
'Data Source: CSPM',
|
||||
'Domain: Cloud',
|
||||
];
|
||||
expect(result).toEqual(expectedTags);
|
||||
});
|
||||
|
||||
it('Should generate tags for a KSPM benchmark rule', () => {
|
||||
const cspBenchmarkRule = {
|
||||
benchmark: {
|
||||
id: 'cis_gcp',
|
||||
rule_number: '1.1',
|
||||
posture_type: 'kspm',
|
||||
},
|
||||
} as unknown as CspBenchmarkRuleMetadata;
|
||||
|
||||
const result = generateBenchmarkRuleTags(cspBenchmarkRule);
|
||||
|
||||
const expectedTags = [
|
||||
'Cloud Security',
|
||||
'Use Case: Configuration Audit',
|
||||
'CIS',
|
||||
'GCP',
|
||||
'CIS GCP 1.1',
|
||||
'KSPM',
|
||||
'Data Source: KSPM',
|
||||
'Domain: Container',
|
||||
];
|
||||
expect(result).toEqual(expectedTags);
|
||||
});
|
||||
|
|
@ -0,0 +1,53 @@
|
|||
/*
|
||||
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
|
||||
* or more contributor license agreements. Licensed under the Elastic License
|
||||
* 2.0; you may not use this file except in compliance with the Elastic License
|
||||
* 2.0.
|
||||
*/
|
||||
|
||||
import type { CspBenchmarkRuleMetadata } from '../schema/rules/latest';
|
||||
|
||||
const CSP_RULE_TAG = 'Cloud Security';
|
||||
const CSP_RULE_TAG_USE_CASE = 'Use Case: Configuration Audit';
|
||||
const CSP_RULE_TAG_DATA_SOURCE_PREFIX = 'Data Source: ';
|
||||
|
||||
const STATIC_RULE_TAGS = [CSP_RULE_TAG, CSP_RULE_TAG_USE_CASE];
|
||||
|
||||
/*
|
||||
* Returns an array of CspFinding tags that can be used to search and filter a detection rule
|
||||
*/
|
||||
export const getFindingsDetectionRuleSearchTags = (
|
||||
cspBenchmarkRule: CspBenchmarkRuleMetadata
|
||||
): string[] => {
|
||||
if (!cspBenchmarkRule?.benchmark || !cspBenchmarkRule?.benchmark?.id) {
|
||||
// Return an empty array if benchmark ID is undefined
|
||||
return [];
|
||||
}
|
||||
|
||||
// ex: cis_gcp to ['CIS', 'GCP']
|
||||
const benchmarkIdTags = cspBenchmarkRule.benchmark.id.split('_').map((tag) => tag.toUpperCase());
|
||||
|
||||
// ex: 'CIS GCP 1.1'
|
||||
const benchmarkRuleNumberTag = cspBenchmarkRule.benchmark.rule_number
|
||||
? `${cspBenchmarkRule.benchmark.id.replace('_', ' ').toUpperCase()} ${
|
||||
cspBenchmarkRule.benchmark.rule_number
|
||||
}`
|
||||
: cspBenchmarkRule.benchmark.id.replace('_', ' ').toUpperCase();
|
||||
|
||||
return benchmarkIdTags.concat([benchmarkRuleNumberTag]);
|
||||
};
|
||||
|
||||
export const generateBenchmarkRuleTags = (rule: CspBenchmarkRuleMetadata) => {
|
||||
return [STATIC_RULE_TAGS]
|
||||
.concat(getFindingsDetectionRuleSearchTags(rule))
|
||||
.concat(
|
||||
rule.benchmark.posture_type
|
||||
? [
|
||||
rule.benchmark.posture_type.toUpperCase(),
|
||||
`${CSP_RULE_TAG_DATA_SOURCE_PREFIX}${rule.benchmark.posture_type.toUpperCase()}`,
|
||||
]
|
||||
: []
|
||||
)
|
||||
.concat(rule.benchmark.posture_type === 'cspm' ? ['Domain: Cloud'] : ['Domain: Container'])
|
||||
.flat();
|
||||
};
|
||||
|
|
@ -0,0 +1,12 @@
|
|||
/*
|
||||
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
|
||||
* or more contributor license agreements. Licensed under the Elastic License
|
||||
* 2.0; you may not use this file except in compliance with the Elastic License
|
||||
* 2.0.
|
||||
*/
|
||||
|
||||
import { RuleCreateProps } from './create_detection_rule';
|
||||
|
||||
export interface RuleResponse extends RuleCreateProps {
|
||||
id: string;
|
||||
}
|
||||
|
|
@ -21,5 +21,6 @@
|
|||
"@kbn/analytics",
|
||||
"@kbn/usage-collection-plugin",
|
||||
"@kbn/es-query",
|
||||
"@kbn/core",
|
||||
]
|
||||
}
|
||||
|
|
|
|||
|
|
@ -14541,7 +14541,6 @@
|
|||
"xpack.csp.complianceScoreChart.counterButtonLink.failedFindingsTooltip": "Échec des résultats",
|
||||
"xpack.csp.complianceScoreChart.counterLink.passedFindingsTooltip": "Réussite des résultats",
|
||||
"xpack.csp.createDetectionRuleButton": "Créer une règle de détection",
|
||||
"xpack.csp.createDetectionRuleFromBenchmarkRule.createRuleErrorMessage": "La création de règles n'est actuellement disponible que pour les résultats d'Elastic",
|
||||
"xpack.csp.createDetectionRuleFromVulnerabilityFinding.createRuleErrorMessage": "La création de règles n'est actuellement disponible que pour les résultats d'Elastic",
|
||||
"xpack.csp.createPackagePolicy.customAssetsTab.cloudNativeVulnerabilityManagementTitleLabel": "Gestion des vulnérabilités natives du cloud",
|
||||
"xpack.csp.createPackagePolicy.customAssetsTab.cloudPostureTitleLabel": "Niveau du cloud",
|
||||
|
|
|
|||
|
|
@ -14408,7 +14408,6 @@
|
|||
"xpack.csp.complianceScoreChart.counterButtonLink.failedFindingsTooltip": "失敗した調査結果",
|
||||
"xpack.csp.complianceScoreChart.counterLink.passedFindingsTooltip": "合格した調査結果",
|
||||
"xpack.csp.createDetectionRuleButton": "検出ルールを作成",
|
||||
"xpack.csp.createDetectionRuleFromBenchmarkRule.createRuleErrorMessage": "現在、ルール作成はElasticの調査結果のみで利用可能です。",
|
||||
"xpack.csp.createDetectionRuleFromVulnerabilityFinding.createRuleErrorMessage": "現在、ルール作成はElasticの調査結果のみで利用可能です。",
|
||||
"xpack.csp.createPackagePolicy.customAssetsTab.cloudNativeVulnerabilityManagementTitleLabel": "Cloud Native Vulnerability Management",
|
||||
"xpack.csp.createPackagePolicy.customAssetsTab.cloudPostureTitleLabel": "クラウド態勢",
|
||||
|
|
|
|||
|
|
@ -14142,7 +14142,6 @@
|
|||
"xpack.csp.complianceScoreChart.counterButtonLink.failedFindingsTooltip": "失败的结果",
|
||||
"xpack.csp.complianceScoreChart.counterLink.passedFindingsTooltip": "通过的结果",
|
||||
"xpack.csp.createDetectionRuleButton": "创建检测规则",
|
||||
"xpack.csp.createDetectionRuleFromBenchmarkRule.createRuleErrorMessage": "规则创建当前仅可用于 Elastic 结果",
|
||||
"xpack.csp.createDetectionRuleFromVulnerabilityFinding.createRuleErrorMessage": "规则创建当前仅可用于 Elastic 结果",
|
||||
"xpack.csp.createPackagePolicy.customAssetsTab.cloudNativeVulnerabilityManagementTitleLabel": "云原生漏洞管理",
|
||||
"xpack.csp.createPackagePolicy.customAssetsTab.cloudPostureTitleLabel": "云态势",
|
||||
|
|
|
|||
|
|
@ -6,12 +6,14 @@
|
|||
*/
|
||||
|
||||
import { HttpSetup } from '@kbn/core/public';
|
||||
import { LATEST_FINDINGS_RETENTION_POLICY } from '@kbn/cloud-security-posture-common';
|
||||
import type { CspBenchmarkRule } from '@kbn/cloud-security-posture-common/schema/rules/latest';
|
||||
import { i18n } from '@kbn/i18n';
|
||||
import { FINDINGS_INDEX_PATTERN } from '../../../../common/constants';
|
||||
import { createDetectionRule } from '../../../common/api/create_detection_rule';
|
||||
import { generateBenchmarkRuleTags } from '../../../../common/utils/detection_rules';
|
||||
import {
|
||||
createDetectionRule,
|
||||
FINDINGS_INDEX_PATTERN,
|
||||
LATEST_FINDINGS_RETENTION_POLICY,
|
||||
generateBenchmarkRuleTags,
|
||||
} from '@kbn/cloud-security-posture-common';
|
||||
|
||||
const DEFAULT_RULE_RISK_SCORE = 0;
|
||||
const DEFAULT_RULE_SEVERITY = 'low';
|
||||
|
|
@ -65,13 +67,16 @@ export const createDetectionRuleFromBenchmarkRule = async (
|
|||
) => {
|
||||
if (!benchmarkRule.benchmark?.posture_type) {
|
||||
throw new Error(
|
||||
i18n.translate('xpack.csp.createDetectionRuleFromBenchmarkRule.createRuleErrorMessage', {
|
||||
defaultMessage: 'Rule creation is currently only available for Elastic findings',
|
||||
})
|
||||
i18n.translate(
|
||||
'securitySolutionPackages.createDetectionRuleFromBenchmarkRule.createRuleErrorMessage',
|
||||
{
|
||||
defaultMessage: 'Rule creation is currently only available for Elastic findings',
|
||||
}
|
||||
)
|
||||
);
|
||||
}
|
||||
|
||||
return await createDetectionRule({
|
||||
return createDetectionRule({
|
||||
http,
|
||||
rule: {
|
||||
type: 'query',
|
||||
|
|
@ -0,0 +1,9 @@
|
|||
/*
|
||||
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
|
||||
* or more contributor license agreements. Licensed under the Elastic License
|
||||
* 2.0; you may not use this file except in compliance with the Elastic License
|
||||
* 2.0.
|
||||
*/
|
||||
|
||||
type Truthy<T> = T extends null | undefined | false | '' | 0 | 0n ? never : T;
|
||||
export const truthy = <T>(value: T): value is Truthy<T> => !!value;
|
||||
|
|
@ -6,8 +6,7 @@
|
|||
*/
|
||||
import { CSP_VULN_DATASET } from './get_vendor_name';
|
||||
import { isNativeCspFinding } from './is_native_csp_finding';
|
||||
import { CspFinding } from '@kbn/cloud-security-posture-common';
|
||||
import { CSP_MISCONFIGURATIONS_DATASET } from '@kbn/cloud-security-posture-common';
|
||||
import { CspFinding, CSP_MISCONFIGURATIONS_DATASET } from '@kbn/cloud-security-posture-common';
|
||||
import { CspVulnerabilityFinding } from '@kbn/cloud-security-posture-common/schema/vulnerabilities/csp_vulnerability_finding';
|
||||
|
||||
describe('isNativeCspFinding', () => {
|
||||
|
|
@ -32,12 +32,11 @@ export const CSP_BENCHMARK_RULES_BULK_ACTION_API_CURRENT_VERSION = '1';
|
|||
export const GET_DETECTION_RULE_ALERTS_STATUS_PATH =
|
||||
'/internal/cloud_security_posture/detection_engine_rules/alerts/_status';
|
||||
export const DETECTION_RULE_ALERTS_STATUS_API_CURRENT_VERSION = '1';
|
||||
export const DETECTION_RULE_RULES_API_CURRENT_VERSION = '2023-10-31';
|
||||
|
||||
export const CLOUD_SECURITY_POSTURE_PACKAGE_NAME = 'cloud_security_posture';
|
||||
|
||||
export const FINDINGS_INDEX_NAME = 'logs-cloud_security_posture.findings';
|
||||
export const FINDINGS_INDEX_PATTERN = 'logs-cloud_security_posture.findings-default*';
|
||||
|
||||
export const FINDINGS_INDEX_DEFAULT_NS = 'logs-cloud_security_posture.findings-default';
|
||||
|
||||
export const LATEST_FINDINGS_INDEX_TEMPLATE_NAME = 'logs-cloud_security_posture.findings_latest';
|
||||
|
|
|
|||
|
|
@ -9,8 +9,6 @@ import type { CspBenchmarkRuleMetadata } from '@kbn/cloud-security-posture-commo
|
|||
import {
|
||||
convertRuleTagsToMatchAllKQL,
|
||||
convertRuleTagsToMatchAnyKQL,
|
||||
generateBenchmarkRuleTags,
|
||||
getFindingsDetectionRuleSearchTags,
|
||||
getFindingsDetectionRuleSearchTagsFromArrayOfRules,
|
||||
} from './detection_rules';
|
||||
|
||||
|
|
@ -51,38 +49,6 @@ describe('Detection rules utils', () => {
|
|||
expect(result).toBe(expectedKQL);
|
||||
});
|
||||
|
||||
it('Should generate search tags for a CSP benchmark rule', () => {
|
||||
const cspBenchmarkRule = {
|
||||
benchmark: {
|
||||
id: 'cis_gcp',
|
||||
rule_number: '1.1',
|
||||
},
|
||||
} as unknown as CspBenchmarkRuleMetadata;
|
||||
|
||||
const result = getFindingsDetectionRuleSearchTags(cspBenchmarkRule);
|
||||
|
||||
const expectedTags = ['CIS', 'GCP', 'CIS GCP 1.1'];
|
||||
expect(result).toEqual(expectedTags);
|
||||
});
|
||||
|
||||
it('Should handle undefined benchmark object gracefully', () => {
|
||||
const cspBenchmarkRule = { benchmark: {} } as any;
|
||||
const expectedTags: string[] = [];
|
||||
const result = getFindingsDetectionRuleSearchTags(cspBenchmarkRule);
|
||||
expect(result).toEqual(expectedTags);
|
||||
});
|
||||
|
||||
it('Should handle undefined rule number gracefully', () => {
|
||||
const cspBenchmarkRule = {
|
||||
benchmark: {
|
||||
id: 'cis_gcp',
|
||||
},
|
||||
} as unknown as CspBenchmarkRuleMetadata;
|
||||
const result = getFindingsDetectionRuleSearchTags(cspBenchmarkRule);
|
||||
const expectedTags = ['CIS', 'GCP', 'CIS GCP'];
|
||||
expect(result).toEqual(expectedTags);
|
||||
});
|
||||
|
||||
it('Should generate search tags for a CSP benchmark rule given an array of Benchmarks', () => {
|
||||
const cspBenchmarkRule = [
|
||||
{
|
||||
|
|
@ -111,52 +77,4 @@ describe('Detection rules utils', () => {
|
|||
const result = getFindingsDetectionRuleSearchTagsFromArrayOfRules(cspBenchmarkRule);
|
||||
expect(result).toEqual(expectedTags);
|
||||
});
|
||||
|
||||
it('Should generate tags for a CSPM benchmark rule', () => {
|
||||
const cspBenchmarkRule = {
|
||||
benchmark: {
|
||||
id: 'cis_gcp',
|
||||
rule_number: '1.1',
|
||||
posture_type: 'cspm',
|
||||
},
|
||||
} as unknown as CspBenchmarkRuleMetadata;
|
||||
|
||||
const result = generateBenchmarkRuleTags(cspBenchmarkRule);
|
||||
|
||||
const expectedTags = [
|
||||
'Cloud Security',
|
||||
'Use Case: Configuration Audit',
|
||||
'CIS',
|
||||
'GCP',
|
||||
'CIS GCP 1.1',
|
||||
'CSPM',
|
||||
'Data Source: CSPM',
|
||||
'Domain: Cloud',
|
||||
];
|
||||
expect(result).toEqual(expectedTags);
|
||||
});
|
||||
|
||||
it('Should generate tags for a KSPM benchmark rule', () => {
|
||||
const cspBenchmarkRule = {
|
||||
benchmark: {
|
||||
id: 'cis_gcp',
|
||||
rule_number: '1.1',
|
||||
posture_type: 'kspm',
|
||||
},
|
||||
} as unknown as CspBenchmarkRuleMetadata;
|
||||
|
||||
const result = generateBenchmarkRuleTags(cspBenchmarkRule);
|
||||
|
||||
const expectedTags = [
|
||||
'Cloud Security',
|
||||
'Use Case: Configuration Audit',
|
||||
'CIS',
|
||||
'GCP',
|
||||
'CIS GCP 1.1',
|
||||
'KSPM',
|
||||
'Data Source: KSPM',
|
||||
'Domain: Container',
|
||||
];
|
||||
expect(result).toEqual(expectedTags);
|
||||
});
|
||||
});
|
||||
|
|
|
|||
|
|
@ -7,12 +7,6 @@
|
|||
|
||||
import type { CspBenchmarkRuleMetadata } from '@kbn/cloud-security-posture-common/schema/rules/latest';
|
||||
|
||||
const CSP_RULE_TAG = 'Cloud Security';
|
||||
const CSP_RULE_TAG_USE_CASE = 'Use Case: Configuration Audit';
|
||||
const CSP_RULE_TAG_DATA_SOURCE_PREFIX = 'Data Source: ';
|
||||
|
||||
const STATIC_RULE_TAGS = [CSP_RULE_TAG, CSP_RULE_TAG_USE_CASE];
|
||||
|
||||
export const convertRuleTagsToMatchAllKQL = (tags: string[]): string => {
|
||||
const TAGS_FIELD = 'alert.attributes.tags';
|
||||
return `${TAGS_FIELD}:(${tags.map((tag) => `"${tag}"`).join(` AND `)})`;
|
||||
|
|
@ -23,30 +17,6 @@ export const convertRuleTagsToMatchAnyKQL = (tags: string[]): string => {
|
|||
return `${TAGS_FIELD}:(${tags.map((tag) => `"${tag}"`).join(` OR `)})`;
|
||||
};
|
||||
|
||||
/*
|
||||
* Returns an array of CspFinding tags that can be used to search and filter a detection rule
|
||||
*/
|
||||
export const getFindingsDetectionRuleSearchTags = (
|
||||
cspBenchmarkRule: CspBenchmarkRuleMetadata
|
||||
): string[] => {
|
||||
if (!cspBenchmarkRule?.benchmark || !cspBenchmarkRule?.benchmark?.id) {
|
||||
// Return an empty array if benchmark ID is undefined
|
||||
return [];
|
||||
}
|
||||
|
||||
// ex: cis_gcp to ['CIS', 'GCP']
|
||||
const benchmarkIdTags = cspBenchmarkRule.benchmark.id.split('_').map((tag) => tag.toUpperCase());
|
||||
|
||||
// ex: 'CIS GCP 1.1'
|
||||
const benchmarkRuleNumberTag = cspBenchmarkRule.benchmark.rule_number
|
||||
? `${cspBenchmarkRule.benchmark.id.replace('_', ' ').toUpperCase()} ${
|
||||
cspBenchmarkRule.benchmark.rule_number
|
||||
}`
|
||||
: cspBenchmarkRule.benchmark.id.replace('_', ' ').toUpperCase();
|
||||
|
||||
return benchmarkIdTags.concat([benchmarkRuleNumberTag]);
|
||||
};
|
||||
|
||||
export const getFindingsDetectionRuleSearchTagsFromArrayOfRules = (
|
||||
cspBenchmarkRules: CspBenchmarkRuleMetadata[]
|
||||
): string[] => {
|
||||
|
|
@ -70,18 +40,3 @@ export const getFindingsDetectionRuleSearchTagsFromArrayOfRules = (
|
|||
// we want the tags to only consist of a format like this CIS AWS 1.1.0
|
||||
return benchmarkTagArray;
|
||||
};
|
||||
|
||||
export const generateBenchmarkRuleTags = (rule: CspBenchmarkRuleMetadata) => {
|
||||
return [STATIC_RULE_TAGS]
|
||||
.concat(getFindingsDetectionRuleSearchTags(rule))
|
||||
.concat(
|
||||
rule.benchmark.posture_type
|
||||
? [
|
||||
rule.benchmark.posture_type.toUpperCase(),
|
||||
`${CSP_RULE_TAG_DATA_SOURCE_PREFIX}${rule.benchmark.posture_type.toUpperCase()}`,
|
||||
]
|
||||
: []
|
||||
)
|
||||
.concat(rule.benchmark.posture_type === 'cspm' ? ['Domain: Cloud'] : ['Domain: Container'])
|
||||
.flat();
|
||||
};
|
||||
|
|
|
|||
|
|
@ -5,7 +5,6 @@
|
|||
* 2.0.
|
||||
*/
|
||||
|
||||
import { Truthy } from 'lodash';
|
||||
import type { BaseCspSetupStatus, BenchmarksCisId } from '@kbn/cloud-security-posture-common';
|
||||
import {
|
||||
NewPackagePolicy,
|
||||
|
|
@ -42,7 +41,7 @@ import type {
|
|||
export const isNonNullable = <T extends unknown>(v: T): v is NonNullable<T> =>
|
||||
v !== null && v !== undefined;
|
||||
|
||||
export const truthy = <T>(value: T): value is Truthy<T> => !!value;
|
||||
// export const truthy = <T>(value: T): value is Truthy<T> => !!value;
|
||||
|
||||
export const getBenchmarkFilter = (type: BenchmarkId, section?: RuleSection): string =>
|
||||
`${CSP_BENCHMARK_RULE_SAVED_OBJECT_TYPE}.attributes.metadata.benchmark.id: "${type}"${
|
||||
|
|
|
|||
|
|
@ -1,27 +0,0 @@
|
|||
/*
|
||||
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
|
||||
* or more contributor license agreements. Licensed under the Elastic License
|
||||
* 2.0; you may not use this file except in compliance with the Elastic License
|
||||
* 2.0.
|
||||
*/
|
||||
import { HttpSetup } from '@kbn/core/public';
|
||||
import { DETECTION_RULE_RULES_API_CURRENT_VERSION } from '../../../common/constants';
|
||||
import { RuleCreateProps, RuleResponse } from '../types';
|
||||
|
||||
const DETECTION_ENGINE_URL = '/api/detection_engine' as const;
|
||||
const DETECTION_ENGINE_RULES_URL = `${DETECTION_ENGINE_URL}/rules` as const;
|
||||
|
||||
export const createDetectionRule = async ({
|
||||
http,
|
||||
rule,
|
||||
}: {
|
||||
http: HttpSetup;
|
||||
rule: RuleCreateProps;
|
||||
}): Promise<RuleResponse> => {
|
||||
const res = await http.post<RuleCreateProps>(DETECTION_ENGINE_RULES_URL, {
|
||||
version: DETECTION_RULE_RULES_API_CURRENT_VERSION,
|
||||
body: JSON.stringify(rule),
|
||||
});
|
||||
|
||||
return res as RuleResponse;
|
||||
};
|
||||
|
|
@ -8,8 +8,8 @@
|
|||
import { CoreStart, HttpSetup } from '@kbn/core/public';
|
||||
import { useKibana } from '@kbn/kibana-react-plugin/public';
|
||||
import { useQuery } from '@tanstack/react-query';
|
||||
import { DETECTION_RULE_RULES_API_CURRENT_VERSION } from '../../../common/constants';
|
||||
import { RuleResponse } from '../types';
|
||||
import { DETECTION_RULE_RULES_API_CURRENT_VERSION } from '@kbn/cloud-security-posture-common';
|
||||
import type { RuleResponse } from '@kbn/cloud-security-posture-common';
|
||||
import { DETECTION_ENGINE_RULES_KEY } from '../constants';
|
||||
import {
|
||||
convertRuleTagsToMatchAllKQL,
|
||||
|
|
|
|||
|
|
@ -14,7 +14,7 @@ import {
|
|||
import { useQuery } from '@tanstack/react-query';
|
||||
import { useKibana } from '@kbn/kibana-react-plugin/public';
|
||||
import { CoreStart } from '@kbn/core/public';
|
||||
import { DETECTION_RULE_RULES_API_CURRENT_VERSION } from '../../../common/constants';
|
||||
import { DETECTION_RULE_RULES_API_CURRENT_VERSION } from '@kbn/cloud-security-posture-common';
|
||||
|
||||
interface PackagePolicyListData {
|
||||
items: PackagePolicy[];
|
||||
|
|
|
|||
|
|
@ -25,50 +25,3 @@ export interface FindingsBaseESQueryConfig {
|
|||
}
|
||||
|
||||
export type Sort<T> = NonNullable<Criteria<T>['sort']>;
|
||||
|
||||
interface RuleSeverityMapping {
|
||||
field: string;
|
||||
value: string;
|
||||
operator: 'equals';
|
||||
severity: string;
|
||||
}
|
||||
|
||||
export interface RuleCreateProps {
|
||||
type: string;
|
||||
language: string;
|
||||
license: string;
|
||||
author: string[];
|
||||
filters: unknown[];
|
||||
false_positives: unknown[];
|
||||
risk_score: number;
|
||||
risk_score_mapping: unknown[];
|
||||
severity: string;
|
||||
severity_mapping: RuleSeverityMapping[];
|
||||
threat: unknown[];
|
||||
interval: string;
|
||||
from: string;
|
||||
to: string;
|
||||
timestamp_override: string;
|
||||
timestamp_override_fallback_disabled: boolean;
|
||||
actions: unknown[];
|
||||
enabled: boolean;
|
||||
alert_suppression: {
|
||||
group_by: string[];
|
||||
missing_fields_strategy: string;
|
||||
};
|
||||
index: string[];
|
||||
query: string;
|
||||
references: string[];
|
||||
name: string;
|
||||
description: string;
|
||||
tags: string[];
|
||||
max_signals: number;
|
||||
investigation_fields?: {
|
||||
field_names: string[];
|
||||
};
|
||||
note?: string;
|
||||
}
|
||||
|
||||
export interface RuleResponse extends RuleCreateProps {
|
||||
id: string;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -28,6 +28,7 @@ import { generateFilters } from '@kbn/data-plugin/public';
|
|||
import { DocViewFilterFn } from '@kbn/unified-doc-viewer/types';
|
||||
import useLocalStorage from 'react-use/lib/useLocalStorage';
|
||||
import { MAX_FINDINGS_TO_LOAD } from '@kbn/cloud-security-posture-common';
|
||||
import type { RuleResponse } from '@kbn/cloud-security-posture-common';
|
||||
import { useKibana } from '../../common/hooks/use_kibana';
|
||||
import { CloudPostureDataTableResult } from '../../common/hooks/use_cloud_posture_data_table';
|
||||
import { EmptyState } from '../empty_state';
|
||||
|
|
@ -36,7 +37,6 @@ import { AdditionalControls } from './additional_controls';
|
|||
import { useDataViewContext } from '../../common/contexts/data_view_context';
|
||||
import { TakeAction } from '../take_action';
|
||||
|
||||
import { RuleResponse } from '../../common/types';
|
||||
export interface CloudSecurityDefaultColumn {
|
||||
id: string;
|
||||
width?: number;
|
||||
|
|
|
|||
|
|
@ -12,7 +12,7 @@ import { DetectionRuleCounter } from './detection_rule_counter';
|
|||
import { TestProvider } from '../test/test_provider';
|
||||
import { useFetchDetectionRulesByTags } from '../common/api/use_fetch_detection_rules_by_tags';
|
||||
import { useFetchDetectionRulesAlertsStatus } from '../common/api/use_fetch_detection_rules_alerts_status';
|
||||
import { RuleResponse } from '../common/types';
|
||||
import type { RuleResponse } from '@kbn/cloud-security-posture-common';
|
||||
|
||||
jest.mock('../common/api/use_fetch_detection_rules_by_tags', () => ({
|
||||
useFetchDetectionRulesByTags: jest.fn(),
|
||||
|
|
|
|||
|
|
@ -18,9 +18,9 @@ import { useHistory } from 'react-router-dom';
|
|||
import useSessionStorage from 'react-use/lib/useSessionStorage';
|
||||
import { useQueryClient } from '@tanstack/react-query';
|
||||
import { i18n as kbnI18n } from '@kbn/i18n';
|
||||
import type { RuleResponse } from '@kbn/cloud-security-posture-common';
|
||||
import { useFetchDetectionRulesAlertsStatus } from '../common/api/use_fetch_detection_rules_alerts_status';
|
||||
import { useFetchDetectionRulesByTags } from '../common/api/use_fetch_detection_rules_by_tags';
|
||||
import { RuleResponse } from '../common/types';
|
||||
import { useKibana } from '../common/hooks/use_kibana';
|
||||
import { showCreateDetectionRuleSuccessToast } from './take_action';
|
||||
import { DETECTION_ENGINE_ALERTS_KEY, DETECTION_ENGINE_RULES_KEY } from '../common/constants';
|
||||
|
|
|
|||
|
|
@ -27,7 +27,7 @@ import {
|
|||
uiMetricService,
|
||||
} from '@kbn/cloud-security-posture-common/utils/ui_metrics';
|
||||
import { METRIC_TYPE } from '@kbn/analytics';
|
||||
import type { RuleResponse } from '../common/types';
|
||||
import type { RuleResponse } from '@kbn/cloud-security-posture-common';
|
||||
import { CREATE_RULE_ACTION_SUBJ, TAKE_ACTION_SUBJ } from './test_subjects';
|
||||
import { useKibana } from '../common/hooks/use_kibana';
|
||||
import { DETECTION_ENGINE_ALERTS_KEY, DETECTION_ENGINE_RULES_KEY } from '../common/constants';
|
||||
|
|
|
|||
|
|
@ -8,9 +8,9 @@
|
|||
import type { HttpSetup } from '@kbn/core/public';
|
||||
import React from 'react';
|
||||
import type { CspFinding } from '@kbn/cloud-security-posture-common';
|
||||
import { getFindingsDetectionRuleSearchTags } from '@kbn/cloud-security-posture-common';
|
||||
import { createDetectionRuleFromBenchmarkRule } from '@kbn/cloud-security-posture/src/utils/create_detection_rule_from_benchmark';
|
||||
import { DetectionRuleCounter } from '../../../components/detection_rule_counter';
|
||||
import { getFindingsDetectionRuleSearchTags } from '../../../../common/utils/detection_rules';
|
||||
import { createDetectionRuleFromBenchmarkRule } from '../utils/create_detection_rule_from_benchmark';
|
||||
|
||||
export const FindingsDetectionRuleCounter = ({ finding }: { finding: CspFinding }) => {
|
||||
const createMisconfigurationRuleFn = async (http: HttpSetup) =>
|
||||
|
|
|
|||
|
|
@ -38,9 +38,13 @@ import { CspEvaluationBadge, benchmarksNavigation } from '@kbn/cloud-security-po
|
|||
import type { CspFinding, BenchmarkId } from '@kbn/cloud-security-posture-common';
|
||||
import { BenchmarkName, CSP_MISCONFIGURATIONS_DATASET } from '@kbn/cloud-security-posture-common';
|
||||
import { CspVulnerabilityFinding } from '@kbn/cloud-security-posture-common/schema/vulnerabilities/csp_vulnerability_finding';
|
||||
import { isNativeCspFinding } from '../../../common/utils/is_native_csp_finding';
|
||||
import { getVendorName } from '../../../common/utils/get_vendor_name';
|
||||
import { truthy } from '../../../../common/utils/helpers';
|
||||
import { isNativeCspFinding } from '@kbn/cloud-security-posture/src/utils/is_native_csp_finding';
|
||||
import { getVendorName } from '@kbn/cloud-security-posture/src/utils/get_vendor_name';
|
||||
import { truthy } from '@kbn/cloud-security-posture/src/utils/helpers';
|
||||
import type { CoreStart } from '@kbn/core/public';
|
||||
import { useKibana } from '@kbn/kibana-react-plugin/public';
|
||||
import type { CspClientPluginStartDeps } from '@kbn/cloud-security-posture';
|
||||
import { createDetectionRuleFromBenchmarkRule } from '@kbn/cloud-security-posture/src/utils/create_detection_rule_from_benchmark'; //
|
||||
import cisLogoIcon from '../../../assets/icons/cis_logo.svg';
|
||||
import { TakeAction } from '../../../components/take_action';
|
||||
import { TableTab } from './table_tab';
|
||||
|
|
@ -48,8 +52,6 @@ import { JsonTab } from './json_tab';
|
|||
import { OverviewTab } from './overview_tab';
|
||||
import { RuleTab } from './rule_tab';
|
||||
import { CISBenchmarkIcon } from '../../../components/cis_benchmark_icon';
|
||||
import { useKibana } from '../../../common/hooks/use_kibana';
|
||||
import { createDetectionRuleFromBenchmarkRule } from '../utils/create_detection_rule_from_benchmark';
|
||||
import { CspInlineDescriptionList } from '../../../components/csp_inline_description_list';
|
||||
|
||||
const FINDINGS_MISCONFIGS_FLYOUT_DESCRIPTION_LIST = 'misconfigs-findings-flyout-description-list';
|
||||
|
|
@ -168,7 +170,7 @@ const getFlyoutDescriptionList = (finding: CspFinding): EuiDescriptionListProps[
|
|||
].filter(truthy);
|
||||
|
||||
const FindingsTab = ({ tab, finding }: { finding: CspFinding; tab: FindingsTab }) => {
|
||||
const { application } = useKibana().services;
|
||||
const { application } = useKibana<CoreStart & CspClientPluginStartDeps>().services;
|
||||
|
||||
const ruleFlyoutLink =
|
||||
// currently we only support rule linking for native CSP findings
|
||||
|
|
|
|||
|
|
@ -28,9 +28,11 @@ import { FormattedMessage } from '@kbn/i18n-react';
|
|||
import { isEmpty } from 'lodash';
|
||||
import type { CspFinding } from '@kbn/cloud-security-posture-common';
|
||||
import { useDataView } from '@kbn/cloud-security-posture/src/hooks/use_data_view';
|
||||
import { getVendorName } from '../../../common/utils/get_vendor_name';
|
||||
import { truthy } from '../../../../common/utils/helpers';
|
||||
import { useKibana } from '../../../common/hooks/use_kibana';
|
||||
import { getVendorName } from '@kbn/cloud-security-posture/src/utils/get_vendor_name';
|
||||
import { truthy } from '@kbn/cloud-security-posture/src/utils/helpers';
|
||||
import type { CoreStart } from '@kbn/core/public';
|
||||
import { useKibana } from '@kbn/kibana-react-plugin/public';
|
||||
import type { CspClientPluginStartDeps } from '@kbn/cloud-security-posture';
|
||||
import {
|
||||
BenchmarkIcons,
|
||||
CodeBlock,
|
||||
|
|
@ -187,7 +189,7 @@ export const OverviewTab = ({
|
|||
data: CspFinding;
|
||||
ruleFlyoutLink?: string;
|
||||
}) => {
|
||||
const { discover } = useKibana().services;
|
||||
const { discover } = useKibana<CoreStart & CspClientPluginStartDeps>().services;
|
||||
const cdrMisconfigurationsDataView = useDataView(CDR_MISCONFIGURATIONS_DATA_VIEW_ID_PREFIX);
|
||||
|
||||
// link will navigate to our dataview in discover, filtered by the data source of the finding
|
||||
|
|
|
|||
|
|
@ -18,7 +18,8 @@ import {
|
|||
uiMetricService,
|
||||
} from '@kbn/cloud-security-posture-common/utils/ui_metrics';
|
||||
import { METRIC_TYPE } from '@kbn/analytics';
|
||||
import { getVendorName } from '../../../common/utils/get_vendor_name';
|
||||
import { getVendorName } from '@kbn/cloud-security-posture/src/utils/get_vendor_name';
|
||||
import { createDetectionRuleFromBenchmarkRule } from '@kbn/cloud-security-posture/src/utils/create_detection_rule_from_benchmark';
|
||||
import * as TEST_SUBJECTS from '../test_subjects';
|
||||
import { FindingsDistributionBar } from '../layout/findings_distribution_bar';
|
||||
import { ErrorCallout } from '../layout/error_callout';
|
||||
|
|
@ -27,7 +28,6 @@ import { getDefaultQuery, defaultColumns } from './constants';
|
|||
import { useLatestFindingsTable } from './use_latest_findings_table';
|
||||
import { TimestampTableCell } from '../../../components/timestamp_table_cell';
|
||||
import { FindingsRuleFlyout } from '../findings_flyout/findings_flyout';
|
||||
import { createDetectionRuleFromBenchmarkRule } from '../utils/create_detection_rule_from_benchmark';
|
||||
import { findingsTableFieldLabels } from './findings_table_field_labels';
|
||||
|
||||
interface LatestFindingsTableProps {
|
||||
|
|
|
|||
|
|
@ -8,9 +8,9 @@
|
|||
import type { HttpSetup } from '@kbn/core/public';
|
||||
import React from 'react';
|
||||
import type { CspBenchmarkRule } from '@kbn/cloud-security-posture-common/schema/rules/latest';
|
||||
import { getFindingsDetectionRuleSearchTags } from '../../../common/utils/detection_rules';
|
||||
import { getFindingsDetectionRuleSearchTags } from '@kbn/cloud-security-posture-common';
|
||||
import { createDetectionRuleFromBenchmarkRule } from '@kbn/cloud-security-posture/src/utils/create_detection_rule_from_benchmark';
|
||||
import { DetectionRuleCounter } from '../../components/detection_rule_counter';
|
||||
import { createDetectionRuleFromBenchmarkRule } from '../configurations/utils/create_detection_rule_from_benchmark';
|
||||
|
||||
export const RulesDetectionRuleCounter = ({
|
||||
benchmarkRule,
|
||||
|
|
|
|||
|
|
@ -24,13 +24,13 @@ import { i18n } from '@kbn/i18n';
|
|||
import { FormattedMessage } from '@kbn/i18n-react';
|
||||
import { HttpSetup } from '@kbn/core/public';
|
||||
import type { CspBenchmarkRuleMetadata } from '@kbn/cloud-security-posture-common/schema/rules/latest';
|
||||
import { createDetectionRuleFromBenchmarkRule } from '@kbn/cloud-security-posture/src/utils/create_detection_rule_from_benchmark';
|
||||
import { getRuleList } from '../configurations/findings_flyout/rule_tab';
|
||||
import { getRemediationList } from '../configurations/findings_flyout/overview_tab';
|
||||
import * as TEST_SUBJECTS from './test_subjects';
|
||||
import { useChangeCspRuleState } from './use_change_csp_rule_state';
|
||||
import { CspBenchmarkRulesWithStates } from './rules_container';
|
||||
import { TakeAction } from '../../components/take_action';
|
||||
import { createDetectionRuleFromBenchmarkRule } from '../configurations/utils/create_detection_rule_from_benchmark';
|
||||
|
||||
export const RULES_FLYOUT_SWITCH_BUTTON = 'rule-flyout-switch-button';
|
||||
|
||||
|
|
|
|||
|
|
@ -13,7 +13,7 @@ import { Filter } from '@kbn/es-query';
|
|||
import { HttpSetup } from '@kbn/core-http-browser';
|
||||
import type { CspVulnerabilityFinding } from '@kbn/cloud-security-posture-common/schema/vulnerabilities/latest';
|
||||
import { CVSScoreBadge, SeverityStatusBadge } from '@kbn/cloud-security-posture';
|
||||
import { getVendorName } from '../../common/utils/get_vendor_name';
|
||||
import { getVendorName } from '@kbn/cloud-security-posture/src/utils/get_vendor_name';
|
||||
import { CloudSecurityDataTable } from '../../components/cloud_security_data_table';
|
||||
import { useLatestVulnerabilitiesTable } from './hooks/use_latest_vulnerabilities_table';
|
||||
import { LATEST_VULNERABILITIES_TABLE } from './test_subjects';
|
||||
|
|
|
|||
|
|
@ -11,10 +11,10 @@ import {
|
|||
generateVulnerabilitiesRuleQuery,
|
||||
} from './create_detection_rule_from_vulnerability';
|
||||
import { CspVulnerabilityFinding, Vulnerability } from '@kbn/cloud-security-posture-common';
|
||||
import { isNativeCspFinding } from '../../../common/utils/is_native_csp_finding';
|
||||
import { isNativeCspFinding } from '@kbn/cloud-security-posture/src/utils/is_native_csp_finding';
|
||||
|
||||
// Mocking the isNativeCspFinding function
|
||||
jest.mock('../../../common/utils/is_native_csp_finding', () => ({
|
||||
jest.mock('@kbn/cloud-security-posture/src/utils/is_native_csp_finding', () => ({
|
||||
isNativeCspFinding: jest.fn(),
|
||||
}));
|
||||
|
||||
|
|
|
|||
|
|
@ -13,10 +13,10 @@ import {
|
|||
VULNERABILITIES_SEVERITY,
|
||||
} from '@kbn/cloud-security-posture-common';
|
||||
import type { Vulnerability } from '@kbn/cloud-security-posture-common/schema/vulnerabilities/latest';
|
||||
import { CSP_VULN_DATASET } from '../../../common/utils/get_vendor_name';
|
||||
import { isNativeCspFinding } from '../../../common/utils/is_native_csp_finding';
|
||||
import { isNativeCspFinding } from '@kbn/cloud-security-posture/src/utils/is_native_csp_finding';
|
||||
import { CSP_VULN_DATASET } from '@kbn/cloud-security-posture/src/utils/get_vendor_name';
|
||||
import { createDetectionRule } from '@kbn/cloud-security-posture-common';
|
||||
import { VULNERABILITIES_INDEX_PATTERN } from '../../../../common/constants';
|
||||
import { createDetectionRule } from '../../../common/api/create_detection_rule';
|
||||
|
||||
const DEFAULT_RULE_RISK_SCORE = 0;
|
||||
const DEFAULT_RULE_SEVERITY = 'low';
|
||||
|
|
|
|||
|
|
@ -29,9 +29,9 @@ import { css } from '@emotion/react';
|
|||
import { HttpSetup } from '@kbn/core-http-browser';
|
||||
import type { CspVulnerabilityFinding } from '@kbn/cloud-security-posture-common/schema/vulnerabilities/latest';
|
||||
import { SeverityStatusBadge } from '@kbn/cloud-security-posture';
|
||||
import { isNativeCspFinding } from '../../../common/utils/is_native_csp_finding';
|
||||
import { isNativeCspFinding } from '@kbn/cloud-security-posture/src/utils/is_native_csp_finding';
|
||||
import { truthy } from '@kbn/cloud-security-posture/src/utils/helpers';
|
||||
import { TakeAction } from '../../../components/take_action';
|
||||
import { truthy } from '../../../../common/utils/helpers';
|
||||
import { CspInlineDescriptionList } from '../../../components/csp_inline_description_list';
|
||||
import { VulnerabilityOverviewTab } from './vulnerability_overview_tab';
|
||||
import { VulnerabilityJsonTab } from './vulnerability_json_tab';
|
||||
|
|
|
|||
|
|
@ -29,7 +29,7 @@ import {
|
|||
uiMetricService,
|
||||
} from '@kbn/cloud-security-posture-common/utils/ui_metrics';
|
||||
import { CVSScoreBadge } from '@kbn/cloud-security-posture';
|
||||
import { getVendorName } from '../../../common/utils/get_vendor_name';
|
||||
import { getVendorName } from '@kbn/cloud-security-posture/src/utils/get_vendor_name';
|
||||
import { CspFlyoutMarkdown } from '../../configurations/findings_flyout/findings_flyout';
|
||||
import { NvdLogo } from '../../../assets/icons/nvd_logo_svg';
|
||||
import { CVSScoreProps, Vendor } from '../types';
|
||||
|
|
|
|||
|
|
@ -21,9 +21,9 @@ import { FormattedMessage } from '@kbn/i18n-react';
|
|||
|
||||
import { useNavigateNativeVulnerabilities } from '@kbn/cloud-security-posture/src/hooks/use_navigate_findings';
|
||||
import { useGetSeverityStatusColor } from '@kbn/cloud-security-posture/src/hooks/use_get_severity_status_color';
|
||||
import { truthy } from '@kbn/cloud-security-posture/src/utils/helpers';
|
||||
import type { VulnSeverity } from '@kbn/cloud-security-posture-common';
|
||||
import { VULNERABILITIES_SEVERITY } from '@kbn/cloud-security-posture-common';
|
||||
import { truthy } from '../../../common/utils/helpers';
|
||||
import { VulnStatsTrend } from '../../../common/types_old';
|
||||
import { useVulnerabilityDashboardApi } from '../../common/api/use_vulnerability_dashboard_api';
|
||||
import { ChartPanel } from '../../components/chart_panel';
|
||||
|
|
|
|||
|
|
@ -5,10 +5,12 @@
|
|||
* 2.0.
|
||||
*/
|
||||
import type { TransformPutTransformRequest } from '@elastic/elasticsearch/lib/api/types';
|
||||
import { LATEST_FINDINGS_RETENTION_POLICY } from '@kbn/cloud-security-posture-common';
|
||||
import {
|
||||
LATEST_FINDINGS_RETENTION_POLICY,
|
||||
FINDINGS_INDEX_PATTERN,
|
||||
} from '@kbn/cloud-security-posture-common';
|
||||
import {
|
||||
CLOUD_SECURITY_POSTURE_PACKAGE_NAME,
|
||||
FINDINGS_INDEX_PATTERN,
|
||||
LATEST_FINDINGS_INDEX_DEFAULT_NS,
|
||||
} from '../../common/constants';
|
||||
|
||||
|
|
|
|||
|
|
@ -9,15 +9,13 @@ import type { SavedObjectsClientContract } from '@kbn/core-saved-objects-api-ser
|
|||
import type { CspBenchmarkRulesStates } from '@kbn/cloud-security-posture-common/schema/rules/latest';
|
||||
import type { FindResult, RulesClient } from '@kbn/alerting-plugin/server';
|
||||
import type { RuleParams } from '@kbn/alerting-plugin/server/application/rule/types';
|
||||
import { generateBenchmarkRuleTags } from '@kbn/cloud-security-posture-common';
|
||||
import type {
|
||||
CspBenchmarkRule,
|
||||
RulesToUpdate,
|
||||
CspSettings,
|
||||
} from '@kbn/cloud-security-posture-common/schema/rules/v4';
|
||||
import {
|
||||
convertRuleTagsToMatchAllKQL,
|
||||
generateBenchmarkRuleTags,
|
||||
} from '../../../../common/utils/detection_rules';
|
||||
import { convertRuleTagsToMatchAllKQL } from '../../../../common/utils/detection_rules';
|
||||
|
||||
import {
|
||||
CSP_BENCHMARK_RULE_SAVED_OBJECT_TYPE,
|
||||
|
|
|
|||
|
|
@ -16,6 +16,7 @@ import {
|
|||
LATEST_VULNERABILITIES_RETENTION_POLICY,
|
||||
CDR_VULNERABILITIES_INDEX_PATTERN,
|
||||
CDR_3RD_PARTY_RETENTION_POLICY,
|
||||
FINDINGS_INDEX_PATTERN,
|
||||
} from '@kbn/cloud-security-posture-common';
|
||||
import type {
|
||||
CspSetupStatus,
|
||||
|
|
@ -36,7 +37,6 @@ import { VersionedRoute } from '@kbn/core-http-server/src/versioning/types';
|
|||
import {
|
||||
CLOUD_SECURITY_POSTURE_PACKAGE_NAME,
|
||||
LATEST_FINDINGS_INDEX_DEFAULT_NS,
|
||||
FINDINGS_INDEX_PATTERN,
|
||||
BENCHMARK_SCORE_INDEX_DEFAULT_NS,
|
||||
VULNERABILITIES_INDEX_PATTERN,
|
||||
POSTURE_TYPES,
|
||||
|
|
|
|||
|
|
@ -6,12 +6,14 @@
|
|||
*/
|
||||
import expect from '@kbn/expect';
|
||||
import { ELASTIC_HTTP_VERSION_HEADER } from '@kbn/core-http-common';
|
||||
import { CDR_LATEST_NATIVE_VULNERABILITIES_INDEX_PATTERN } from '@kbn/cloud-security-posture-common';
|
||||
import {
|
||||
CDR_LATEST_NATIVE_VULNERABILITIES_INDEX_PATTERN,
|
||||
FINDINGS_INDEX_PATTERN,
|
||||
} from '@kbn/cloud-security-posture-common';
|
||||
import type { CspSetupStatus } from '@kbn/cloud-security-posture-common';
|
||||
import {
|
||||
BENCHMARK_SCORE_INDEX_DEFAULT_NS,
|
||||
LATEST_FINDINGS_INDEX_DEFAULT_NS,
|
||||
FINDINGS_INDEX_PATTERN,
|
||||
} from '@kbn/cloud-security-posture-plugin/common/constants';
|
||||
import { find, without } from 'lodash';
|
||||
import { FtrProviderContext } from '../../../ftr_provider_context';
|
||||
|
|
|
|||
|
|
@ -13,13 +13,11 @@ import {
|
|||
X_ELASTIC_INTERNAL_ORIGIN_REQUEST,
|
||||
} from '@kbn/core-http-common';
|
||||
import { DETECTION_ENGINE_RULES_URL } from '@kbn/security-solution-plugin/common/constants';
|
||||
import {
|
||||
CSP_BENCHMARK_RULE_SAVED_OBJECT_TYPE,
|
||||
DETECTION_RULE_RULES_API_CURRENT_VERSION,
|
||||
} from '@kbn/cloud-security-posture-plugin/common/constants';
|
||||
import { CSP_BENCHMARK_RULE_SAVED_OBJECT_TYPE } from '@kbn/cloud-security-posture-plugin/common/constants';
|
||||
import type { CspBenchmarkRule } from '@kbn/cloud-security-posture-common/schema/rules/latest';
|
||||
import { DETECTION_RULE_RULES_API_CURRENT_VERSION } from '@kbn/cloud-security-posture-common';
|
||||
// eslint-disable @kbn/imports/no_boundary_crossing
|
||||
import { generateBenchmarkRuleTags } from '@kbn/cloud-security-posture-plugin/common/utils/detection_rules';
|
||||
import { generateBenchmarkRuleTags } from '@kbn/cloud-security-posture-common';
|
||||
import type { FtrProviderContext } from '../ftr_provider_context';
|
||||
import { CspSecurityCommonProvider } from './helper/user_roles_utilites';
|
||||
import { waitForPluginInitialized } from '../utils';
|
||||
|
|
|
|||
|
|
@ -8,11 +8,11 @@
|
|||
import {
|
||||
CDR_LATEST_NATIVE_MISCONFIGURATIONS_INDEX_PATTERN,
|
||||
CDR_LATEST_NATIVE_VULNERABILITIES_INDEX_PATTERN,
|
||||
FINDINGS_INDEX_PATTERN,
|
||||
} from '@kbn/cloud-security-posture-common';
|
||||
import {
|
||||
BENCHMARK_SCORE_INDEX_PATTERN,
|
||||
ALERTS_INDEX_PATTERN,
|
||||
FINDINGS_INDEX_PATTERN,
|
||||
} from '@kbn/cloud-security-posture-plugin/common/constants';
|
||||
import type { FtrProviderContext } from '../../ftr_provider_context';
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue