## Summary
Following the initial work in this
https://github.com/elastic/kibana/pull/166755
- Addresses part of https://github.com/elastic/kibana/issues/151902 for
List APIs tests
- Added a new folder under the `security_solution_api_integration`
called `lists_and_exception_lists` to hold the lists and exception lists
tests, and split the `List` APIs into two groups since the execution
time in Serverless was close to 30 mins
- Modified the
[x-pack/plugins/lists/common/schemas/response/exception_list_item_schema.mock.ts](https://github.com/elastic/kibana/pull/171992/files#diff-4e3545fdeb8c8d9467cfa1c4aa88194e189193a92fa6f1cf5f859b1ef1beb45c),
[x-pack/plugins/lists/common/schemas/response/exception_list_schema.mock.ts](https://github.com/elastic/kibana/pull/171992/files#diff-c3cc18faf07aab86e307185d41599c3596a3f8b360d3e4829591afa148283238)
,
[x-pack/plugins/lists/common/schemas/response/list_item_schema.mock.ts](https://github.com/elastic/kibana/pull/171992/files#diff-608579ca5e65da74f41319a58d81ab12cc3d79d389b087806c7b74949fbc6cc3),
[x-pack/plugins/lists/common/schemas/response/list_schema.mock.ts](https://github.com/elastic/kibana/pull/171992/files#diff-efc64eb35937a8da28fc982c527253c0923650ae4163d4bbc203d3ebc2949835)
to accept `elastic user` input because it changes in ESS and Serverless
- Deleted the `x-pack/test/lists_api_integration` folder
- Moved the utility files associated with Basic tests to the new
directory `security_solution_api_integration`. Files not actively used
in the previous folder were moved, while duplicate files remained in
their original positions.
- Updated the below files imports from the old `lists_api_integration`
folder to the new `lists_and_exception_lists`
```
lists_api_integration/
- exceptions/operators_data_types/date_numeric_types/date.ts
- exceptions/operators_data_types/date_numeric_types/double.ts
- exceptions/operators_data_types/date_numeric_types/float.ts
- exceptions/operators_data_types/date_numeric_types/integer.ts
- exceptions/operators_data_types/ips/ip.ts
- exceptions/operators_data_types/ips/ip_array.ts
- exceptions/operators_data_types/keyword/keyword.ts
- exceptions/operators_data_types/keyword/keyword_array.ts
- exceptions/operators_data_types/long/long.ts
- exceptions/operators_data_types/text/text.ts
- exceptions/operators_data_types/text/text_array.ts
- exceptions/workflows/create_endpoint_exceptions.ts
- exceptions/workflows/create_rule_exceptions.ts
- exceptions/workflows/find_rule_exception_references.ts
- exceptions/workflows/role_based_add_edit_comments.ts
- exceptions/workflows/role_based_rule_exceptions_workflows.ts
- exceptions/workflows/rule_exception_synchronizations.ts
- rule_execution_logic/execution_logic/esql.ts
- rule_execution_logic/execution_logic/machine_learning.ts
- rule_execution_logic/execution_logic/new_terms.ts
- rule_execution_logic/execution_logic/query.ts
- telemetry/task_based/all_types.ts
- telemetry/task_based/detection_rules.ts
- telemetry/task_based/security_lists.ts
```
```
These files should be moved too soon to the new `lists_api_integration`
detection_engine_api_integration/security_and_spaces/group10
- import_export_rules.ts
- import_rules.ts
- perform_bulk_actions
```
- Updated the below files imports to the
`ftr_provider_context_with_spaces.d.ts`
` - risk_engine/risk_scoring_task/task_execution_nondefault_spaces.ts`
- The QA phase concluded with all tests passing successfully. 🟢
- Updated the CodeOwner file for the newly moved tests
- Add a new util file to `deleteAllExceptions` under the old
`detection_engine_api` folder since the Rule management related-tests
are still need to be moved over to the new folder
- Old/new group details, decisions, and execution time are mentioned in
this
[document](https://docs.google.com/document/d/1CRFfDWMzw3ob03euWIvT4-IoiLXjoiPWI8mTBqP4Zks/edit)
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
Closes https://github.com/elastic/security-team/issues/7102
Establishes the `/common/api` folder structure for the lists plugin.
This PR simply imports and re-exports the schemas from the schema
package since the schemas are all already separated from the `server`
code. Future PRs will replace these re-exports with schemas generated
from OpenAPI specs.
This PR enables `isolatedModules` on our `tsconfig.base.json`. Enabling
this means that our codebase is safe for tools that use TypeScript APIs
like `transpileModule` or alternative compilers like Babel. The
requirements introduced by enabling `isolatedModules` were already in
place for every piece of code transpiled with babel so we feel like its
time to make it the default across the board inside our repository.
The DX shouldn't be impacted negatively by these change as we introduced
a lint rule verification for the critical part around `isolatedModules`
which is around `const enums`. The PR also has a couple of `TODOs` to be
removed once we upgrade into typescript v4.8 where we would be able to
say everything that is typescript inside our repo should be consider a
module by default.
More information about `isolatedModules` can be found at
https://www.typescriptlang.org/tsconfig#isolatedModules
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
* Implement wildcard exceptions for detection rules
* Fix index pattern retrieval on edit exceptions flyout
* Fix API integration test logic
* Fix entry_renderer linting
* Remove bad fix idea
* Add 'does not match' operator to UI
* Fix test
* Add unit tests
* Add wildcard exceptions to list of DE exception operators
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
* Add exceptions to threshold timeline
* Tests and error handling
* Fix unit tests
* Add alias for exceptions filter
* Fix tests
* Type fixes
Co-authored-by: Marshall Main <marshall.main@elastic.co>
* update summary endpoint to use filters and use that for fleet event filters cards
fixes elastic/security-team/issues/2513
* update tests
fixes elastic/security-team/issues/2513
* update host isolation card to show total as the actual number of artifacts
fixes elastic/kibana/issues/121507
* fix types
missing merge updates
* use named constant for isolation exception list
review changes
* Update fleet_integration_event_filters_card.tsx
review changes
* fix the total on summary api
review suggestions
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
## Summary
Addresses https://github.com/elastic/kibana/issues/92613 and https://github.com/elastic/kibana/issues/117399
Goal is to allow users to import their exception lists and items alongside their rules. This PR does not complete all the UI updates needed, but does tackle the majority of use cases. The bulk of the changes occur in `import_rules_route` and the new `import_exceptions_route`.
- Adds exceptions import endpoint in `lists` plugin
- Adds exceptions import logic in import rules route in `security_solution` plugin
- Adds integration tests for exception import endpoint
- Adds integration tests for rules import endpoint to account for new functionality
- Purposely not yet adding an import modal in the exceptions table UI until further list management features added (checked with product on this front)
## Summary
See: https://github.com/elastic/kibana/issues/110903
This removes the top level API `export *` spots from:
* `security_solution` plugin
by removing _all_ the exports from `security_solution/common/index.ts` since non of those were shared outside this plugin. Look at the metrics from the build below and you will see _huge_ drops off numbers across the board for required API documentation to the page load size.
In the file `security_solution/common/index.ts` I now put the advice of:
```
// Careful of exporting anything from this file as any file(s) you export here will cause your page bundle size to increase.
// If you're using functions/types/etc... internally it's best to import directly from their paths than expose the functions/types/etc... here.
// You should _only_ expose functions/types/etc... that need to be shared with other plugins here.
```
But really I doubt we will have to share anything from `security_solutions` plugin to another plugin or expose it for anyone else. So I think this is 👍 the way forward to not expose anything directly from `security_solution/common/index.ts` anymore.
## Summary
Fixes https://github.com/elastic/kibana/issues/102613, and targets `7.14.0` as a blocker/critical
Previously we never fully finished the plumbing for using the `os_types` (operating system type) in the exception lists to be able to filter out values based on this type. With the endpoint exceptions now having specific selections for os_type we have to filter it with exceptions and basically make it work.
Some caveats is that the endpoints utilize `host.os.name.casless` for filtering against os_type, while agents such as auditbeat, winlogbeat, etc... use `host.os.type`. Really `host.os.type` is the correct ECS field to use, but to retain compatibility with the current version of endpoint agents I support both in one query to where if either of these two matches, then that will trigger the exceptions.
* Adds e2e tests
* Enhances the e2e tooling to do endpoint exception testing with `os_types`.
* Adds the logic to handle os_type
* Updates the unit tests
### Checklist
Delete any items that are not applicable to this PR.
- [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios
## Summary
Utilizes constants package and deletes duplicate code
* Renames the `securitysolution-constants` to be `securitysolution-list-constants` to be specific
* Deletes duplicated code found during cleanup
* Moves more tests into the packages found along the way with the duplicated code
* Moves `parseScheduleDates` from `@kbn/securitysolution-io-ts-types` to `@kbn/securitysolution-io-ts-utils`
### Checklist
- [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios
## Summary
* Adds package `kbn-securitysolution-list-api`
* Adds package `kbn-securitysolution-list-hooks`
* Moves files into the packages
* Moves a few additional types into the other packages such as the `kbn-securitysolution-io-ts-types` package to remove more things from the shard_export/shared_import between lists and security solution
* Removes more duplicated code
### Checklist
- [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios
## Summary
* Creates a `securitysolution-list-utils` packaged and moves the first set of utilities into there
* Fixes a slight bug with `kbn-securitysolution-io-ts-list-types` where the wrong name was used
* Moves _all_ of the lists schemas and types into the package `kbn-securitysolution-io-ts-list-types`
* Removes copied code found in a few places
## Tech debt
* Some spots I have to use an `any` in the package as Kibana kbn packages don't have the types I need
* Some spots I copy constants until we can straighten out those pieces.
* I keep copied mock files until we figure out how to share mocks from these packages without adding weight or we create dedicated mock packages for all of this.
### Checklist
- [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios
## Summary
The io-ts package was too large and needed to broken down more by domain to decrease the lists plugin size and any other plugin wanting to use the packages will not incur big hits as well.
Before we had one large io-ts package:
```
@kbn/securitysolution-io-ts-utils
```
Now we have these broken down 4 packages:
```
@kbn/securitysolution-io-ts-utils
@kbn/securitysolution-io-ts-types
@kbn/securitysolution-io-ts-alerting-types
@kbn/securitysolution-io-ts-list-types
```
Deps between these packages are:
```
@kbn/securitysolution-io-ts-utils (none)
@kbn/securitysolution-io-ts-types -> @kbn/securitysolution-io-ts-utils
@kbn/securitysolution-io-ts-alerting-types -> @kbn/securitysolution-io-ts-types, @kbn/securitysolution-io-ts-utils
@kbn/securitysolution-io-ts-list-types -> @kbn/securitysolution-io-ts-types, @kbn/securitysolution-io-ts-utils
```
Short description and function of each (Also in each of their README.md):
```
@kbn/securitysolution-io-ts-utils, Smallest amount of utilities such as format, validate, etc...
@kbn/securitysolution-io-ts-types, Base types such as to_number, to_string, etc...
@kbn/securitysolution-io-ts-alerting-types, Alerting specific types such as severity, from, to, etc...
@kbn/securitysolution-io-ts-list-types, list specific types such as exception lists, exception list types, etc...
```
### Checklist
Delete any items that are not applicable to this PR.
- [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios
## Summary
Removes the dependency of security_solution from the lists plugin
* Removes some of the deprecated types in favor of the new kbn package
* Adds a workaround in the kbn packages of removing the ?? and `a?.b?.c` typescript since kbn packages cannot transpile it
* Exposes the test_utils from the kbn package
### Checklist
- [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios
## Summary
Adds deprecation to all the io-ts types and copies of them found in the code base.
Phase 1 (Completed): Copy all the utilities to the `packages/kbn-securitysolution-io-ts-utils`
Phase 2: Add all the deprecation messages about them to the code base
Phase 3+: Teams and others will eventually remove/replace them with the utils from `kbn-securitysolution-io-ts-utils`
* show operator dropdown for path field
refs elastic/security-team/issues/543
* update translation to use consistent values
refs elastic/security-team/issues/543
* update schema to validate path values
refs elastic/security-team/issues/543
* add tests for field and operator values
refs elastic/security-team/issues/543
* review changes
refs elastic/security-team/issues/543
* update schema to enforce dropdown validation for PATH field
refs elastic/security-team/issues/543
* add tests for schema updates
refs 1deab39453
refs elastic/security-team/issues/543
* optimise dropdown list for re-renders
refs elastic/security-team/issues/543
* align input fields and keep alignments when resized
refs elastic/security-team/issues/543
* correctly enter operator data on trusted app CRUD
refs elastic/security-team/issues/543
* update tests
refs 2ac56ee839
refs elastic/security-team/issues/543
* remove redundant code
review changes
* better type assertion
review changes
* move operator options out of component
- these do not depend on component props and thus no need to have it within a useMemo callback.
- review changes
* derive keys from operator entry field
review changes
* update type
* use custom styles for aligning input fields
review changes
* add a custom type for trusted_apps operator
undo changes from list plugin and server/lib/detection_engine
refs 2ac56ee839
refs elastic/security-team/issues/543
* add wildcard entry type
refs elastic/security-team/issues/543
refs https://github.com/elastic/kibana/pull/97623#pullrequestreview-642618462
* use the new entry type
refs elastic/security-team/issues/543
refs https://github.com/elastic/kibana/pull/97623#pullrequestreview-642618462
* update tests
refs elastic/security-team/issues/543
refs https://github.com/elastic/kibana/pull/97623#pullrequestreview-642618462
* update name for wildcard type so that it can be used also for cased inputs
refs elastic/security-team/issues/543
refs f9cb7eddda
* update artifacts to support wildcard entries
refs elastic/security-team/issues/543
* add tests for list schemas
refs f9cb7eddda
refs elastic/security-team/issues/543
* add placeholders for path values
review changes
elastic/kibana/pull/97623#discussion_r620617999
* ignore type check for now
* add type assertion
refs 284352ec9a
* remove unnecessary test
refs 2ac56ee839
* fix types
refs f9cb7eddda
refs b3f5dc4553
* add a note to entries
review changes
refs dbd3532149
* remove redundant type assertions
review changes
refs bcf615ac98
refs b3f5dc4553
* move placeholder text logic to utils
review changes elastic/kibana/pull/97623#discussion_r621673881
refs 6f2d0d7810
* pass the style as prop
review changes
* update api doc
CI check suggestion
* make placeholderText a function expression
review suggestion
elastic/kibana/pull/97623/commits/2dc4fd390cf5ea0e4fa67b3f5fc2561cbb29555e
* use semantic names for functions
refs 330731ebfc
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
* Initial version of event filtering form/dialog. Pending to add all redux services
* Uses redux store instead of props to get the form values
* Manage errors on redux
* Creates even filter list on service constructor
* Add os type selector depending on form parent by props. Also added create action
* Allows add exception to an event. This commit has to be reviewed and maybe it will change depending on next changes
* Fix imports because changes on ExceptionBuilder component and add needed type export
* Adds constants. Rename eventFilters to eventFilter. Add http wrapper as a hook to check if the list has been created or not
* Adds missing files on last commit.
* Relocate async resource state to be shared between different pages
* Use async resource state to manage async operations on components. Relocate initial entry status to an utils module instead of hook.
* Adds comments into redux store from component
* Fixes typechecks and wrong imports
* Fixes translations and adds subheader and description modal
* Relocates form description
* Removes unused import
* Sanitize entries before submit to remove entry.id
* Missed file on last commit
* Use specific fields for endpoint_event type builder
* Split error field for each kind of errors to prevent unexpected renders. Adds unit test for event filter form component
* Set event.kind == event by default
* Changes folder names. Add notifications when success. Remove default event.king
* Adds notifications when api error and fixed multiple notifications showed for same error
* Adds new test for event filter modal and changes component name to be consistent
* Adds unit tests for event filter notification
* Adds middleware unit tests. Also isolate common event for all tests
* Adds unit tests for event filter reducer
* Adds unit tests for event filter selector
* Fixes same key on different multilanguages. Fixes naming incoherence
* Adds feature flag for event filtering
* Fixes unit tests and weird behavior when changing items after name or comments on event filter form
* Removes unused import
* Fixes unit tests. Add imports from lists plugin. Add expects on tests. Change some names
* Renames everything from eventFilter to eventFilters (plural)
* Rename state variable
* Create hook for notifications instead of a component. Removes className from modal body.
* Updates available fields for enpoint events builder
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
* Added new const to List plugin for new Endpont Event Filter list
* Data Generator for event filters ++ script to load event filters (WIP)
* refactor `generate_data` to use `BaseDataGenerator` class
### Summary
This PR is a follow-up to #89066 - which fixed the same issue occurring with indicator match lists UI. The lack of stable ids for exception item entries resulted in some funky business by where invalid values could overwrite other values when deleting entries in the builder.
* Initial version of adding artifacts per policy to the manifest.
* Minor renaming to convey the purpose of the variable.
* Added ability to override list item mock data.
* Changed function signature to be more reusable.
* Implementationg of support of artifacts per policy in the manifest data structure.
* Added saved objects migrations.
* Renamed the endpoint to reflect that it's artifacts endpoint.
* Fixed tests.
* Fixed the manifest data.
* Fixed linting errors (result of merge).
* Updated ES mappings for manifest in all test setups.
* Updated hash in the mappings.
* Fixed the typo that lead to failing test.
* Fixed the problem with manifest not being dispatched to policies if there are same artifact names but different content. Artifact name in the ManifestSchema is not unique id, hence added decoded_sha256 to the comparison. Added test case to cover this.
* Fixed the problem with the task flow when failure to dispatch to policies will result in commited manifest and no redispatch on next task run. Changed tests to reflect new flow (actually restored previous flow).
* Forgot to commit changes in mock.
* Made other tests more readable using same varialbe naming pattern.
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
## Summary
This PR addresses a fix on the exceptions list table export functionality. A dedicated route for exception list export needed to be created. List is exported into an `.ndjson` format.
Exception lists consist of two elements - the list itself, and its items. The export file should now contain both these elements, the list followed by its items.
## Summary
Resolves https://github.com/elastic/kibana/issues/77324, https://github.com/elastic/kibana/issues/77325, resolves https://github.com/elastic/kibana/issues/77325, and resolves https://github.com/elastic/kibana/issues/81302
This PR addresses referential integrity issues when deleting value lists. Previously when deleting value lists, any references in Exception Lists/Items would be left behind. This PR introduces a new confirmation modal when deleting value lists that are referenced in either space aware (`simple`) or space `agnostic` exception lists.
Also includes:
* Fixed Lists plugin `quick_start.sh` as it was using endpoint exception list + value lists (unsupported)
* Adds `quick_start_value_list_references.sh` to create exception lists/items, value lists, and references to easily test
* Add support to `findExceptionList` for searching for both `simple` and `agnostic` list types
* Two new query params have been added to the `deleteListRoute`
* `ignoreReferences` (default:false) when true, maintains pre-7.11 behavior of deleting value list without performing any additional checks.
* NOTE: As written, this becomes an API breaking change as existing existing calls to the same API will `409` conflict if references exist. cc @jmikell821 @DonNateR
* `deleteReferences` (default:false) to perform dry run and identify referenced exception lists/items
## Testing
To test, run `quick_start_value_list_references.sh` and it will create all the necessary resources/references to easily exercise the above functionality. The below diagram details the resources created and how the references are wired up.
> Creates three different exception lists and value lists, and associates as
> below to test referential integrity functionality.
>
> NOTE: Endpoint lists don't support value lists, and are not tested here
>
> EL: Exception list
> ELI Exception list Item
> VL: Value list
>
> EL1 EL2 (Agnostic) EL3
> | | |
> ELI1 ELI2 ELI3
> |\ /| |
> | \ / | |
> | \ / | |
> | \ / | |
> | \/ | |
> | /\ | |
> | / \ | |
> | / \ | |
> | / \ | |
> |/ \| |
> VL1 VL2 VL3 VL4
> ips.txt ip_range.txt text.txt hosts.txt
>
Corner cases to be aware of:
* An exception item may have multiple value list entries -- only referenced value list entries should be removed
* There is no API for removing individual entries. If all entries are references the entire item is deleted. If only some entries are references, the item is updated via a `PUT` (no `PATCH` support for exception items)
* It's not possible via the UI to create a space agnostic list that has value list exception items (only agnostic endpoint exception lists can be created and they do not support value lists). Please use above script to exercise this behavior.
Additional notes:
* Once the Exception List table is introduced (https://github.com/elastic/kibana/pull/85465), we can add an enhancement for deeplinking to exception lists from the reference error modal.
* The `deleteListRoute` response has been updated to include the responses from the reference checks to provide maximum flexibility
* There is no bulk API for deleting exception list items, and so they are iterated over via the `deleteExceptionListItem` API.
##### Reference error modal
<p align="center">
<img width="500" src="https://user-images.githubusercontent.com/2946766/102199153-813e1e80-3e80-11eb-8a9b-af116ca13df9.gif" />
</p>
##### Overflow example
<p align="center">
<img width="500" src="https://user-images.githubusercontent.com/2946766/102199032-5784f780-3e80-11eb-81c7-17283d002ce4.gif" />
</p>
### Checklist
Delete any items that are not applicable to this PR.
- [X] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/master/packages/kbn-i18n/README.md)
- [X] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios
- [X] Any UI touched in this PR is usable by keyboard only (learn more about [keyboard accessibility](https://webaim.org/techniques/keyboard/))
### For maintainers
- [X] This was checked for breaking API changes and was [labeled appropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)
## Summary
Fixes different bugs/issues when using exceptions with value based lists for both the UI, the backend, and the large value based lists. See https://github.com/elastic/kibana/issues/79516, but this also fixes several other bugs found mentioned below.
For the front end UI:
* Adds the ability to specify value based lists that are IP Ranges when the source event is an IP. Before you could only match IP to IP and the IP Ranges lists could not be used.
* Breaks down a few functions into smaller functions for unit test writing abilities.
You can now add ip ranges as list values for the UI when before it would not show up:
<img width="1035" alt="Screen Shot 2020-12-07 at 2 15 39 PM" src="https://user-images.githubusercontent.com/1151048/101406552-d6819b00-3896-11eb-9fb5-4c7c2ad93b2e.png">
For value based lists:
* Fixes text data type to use "and" between matching using `operator: 'and'` and changes it from a `terms query to a `match` query
* Adds new API for searching against types called `searchListItemByValues ` so that numeric, text, array based, and other non-stringable types can be sent and then the value based lists will push that to ElasticSearch. This shifts as many corner cases and string/numeric coercions to ElasticSearch rather than Kibana client side code.
* Adds ability to handle arrays within arrays through a `flatten` call.
* Utilizes the `named queries` from ElasticSearch for the new API so that clients can get which parts matched and then use that for their exception list logic rather than in-memory string to string checks. This fixes CIDR and ranges as well as works with arrays.
For the backend exception lists that used value based lists:
* Broke down the `filterEventsAgainstList` function into a folder called `filters` and the functions into other files for better unit based testing.
* Changed the calls from `getListItemByValues` to `searchListItemByValues` which can return exactly what it matched against and this will not break anyone using the existing REST API for `getListItemByValues` since that REST API and client side API stays the same.
* Cleaned up extra promises being used in a few spots that async/await automatically will create.
* Removed the stringabilities and stringify in favor of just a simpler exact check using `JSON.stringify()`
For the tests:
* Adds unit tests to broken down functions
* Adds ip_array, keyword_array, text_array, FTR tests for the backend.
* Adds more CIDR and range based FTR tests for the backend.
* Unskips and fixes all the numeric tests and range tests that could not operate previously from bugs.
### Checklist
Delete any items that are not applicable to this PR.
- [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios
- [ ] Any UI touched in this PR is usable by keyboard only (learn more about [keyboard accessibility](https://webaim.org/techniques/keyboard/))
- [ ] Any UI touched in this PR does not create any new axe failures (run axe in browser: [FF](https://addons.mozilla.org/en-US/firefox/addon/axe-devtools/), [Chrome](https://chrome.google.com/webstore/detail/axe-web-accessibility-tes/lhdoppojpmngadmnindnejefpokejbdd?hl=en-US))
- [ ] This renders correctly on smaller devices using a responsive layout. (You can test this [in your browser](https://www.browserstack.com/guide/responsive-testing-on-local-server))
- [ ] This was checked for [cross-browser compatibility](https://www.elastic.co/support/matrix#matrix_browsers)
* Separated out service layer for trusted apps.
* Improved the type structure a bit to avoid using explicit string literals and to add possibility to return OS specific parts of trusted app object in type safe manner.
* Added support for mapping of trusted app to exception item and back.
* Changed schema to support signer in the API.
* Renamed utils to mapping.
* Exported some types in lists plugin and used them in trusted apps.
* Added tests for mapping.
* Added tests for service.
* Switched deletion to use exceptions for not found case.
* Added resetting of the mocks in service layer tests.
* Added handlers tests.
* Refactored mapping tests to be more granular based on the case.
* Restored lowercasing of hash.
* Added schema tests for signer field.
* Removed the grouped tests (they were split into tests for separate concerns).
* Corrected the tests.
* Lowercased the hashes in the service test.
* Moved the lowercasing to the right location.
* Fixed the tests.
* Added test for lowercasing hash value.
* Introduced OperatingSystem enum instead of current types.
* Removed os list constant in favour of separate lists in places that use it (each place has own needs to the ordering).
* Fixed the missed OperatingSystem enum usage.
