mirror of https://github.com/elastic/kibana.git synced 2025-04-21 00:13:52 -04:00

History

Ash 6e367d94c9 [Serverless][Security Solution][Endpoint] Restrict endpoint exceptions on serverless via plugin sub-features (#164107 ) ### What this PR changes branched from elastic/kibana/pull/163759 - Introduces new AppFeatures package `@kbn/security-solution-features` with the common logic and `AppFeatureService` to apply offering specific configurations for Security Solution features independently for Serverless and ESS. This logic is replacing the earlier `AppFeatures` in order to introduce new Kibana feature privileges for serverless PLIs so that new Kibana privileges introduced for serverless PLIs do not affect/show up as new Kibana feature privileges in ESS. - Gates endpoint exceptions on alerts/rules based on serverless PLI configurations. On serverless `Endpoint exceptions` should be accessible/seen only on endpoint essentials/complete. New AppFeatures logic architecture diagram: ![Security Solution Features (Current)](`f627406d`-43bc-4db5-93b1-4e43eeb6d870) Note: Corresponding API changes related to endpoint exceptions will be in a new PR, along with the last set of UX changes for hiding the `Endpoint exceptions` tab from the Rules details page. ### How to review - Setup for _Servlerless_ - Run `yarn es snapshot` on a terminal window to start ES. - Copy `config/serverless.security.yml` to `config/serverless.security.dev.yml` - Run `yarn serverless-security --no-base-path` on another terminal window to start kibana in serverless mode - Run `node x-pack/plugins/security_solution/scripts/endpoint/endpoint_agent_emulator.js --asSuperuser` on a new window and then select `1` to `Load Endoints` and then `1` to `Run` the loader script. This will load some fake agents/alerts data to test with. ### Tests (Serverless) - with `{ product_line: 'security', product_tier: 'essentials' }` or `{ product_line: 'security', product_tier: 'complete' }` and `{ product_line: 'endpoint', product_tier: 'essentials' }` or `{ product_line: 'endpoint', product_tier: 'complete' }` 1. Navigate to Rules>Shared exception lists via `http://localhost:5601/app/security/exceptions` 2. Test that you can see `Endpoint Security Exception List` card on the shared exception lists page. 3. Navigate to `Alerts` page via `app/security/alerts`, you should see endpoint alerts. If not, then click on `Manage Rules` and then disable/enable `Endpoint Security` rules. That should trigger alerts to show up on the Alerts table. 4. Click on `View Details` button under `Actions` column. Once the flyout is visible, click on `Take Action` and verify that `Add Endpoint exception` is visible/enabled/clickable on the menu. 5. Click on `More actions` button under `Actions` column and verify that `Add Endpoint exception` is visible/enabled/clickable on the menu. 6. Click on `Investigate in timeline` button under `Actions` column; when the timeline view is visible and the alert item is displayed, click on buttons mentioned in 4. and 5. above and verify the same. 7. Navigate to `Rules`>`DetectionRules`>`Endpoint Security` rule under the `Rules` table. Select the `Alerts` tab. 8. Click and verify `View details`,`More actions` and `Investigate in timeline` buttons same as in 4., 5., 6. above. 9. You should be able to see the `Endpoint exceptions` tab as well. Click and verify that you can see the tab's content. - with `{ product_line: 'security', product_tier: 'essentials' }` or `{ product_line: 'security', product_tier: 'complete' }` 1. Edit `config/serverless.security.dev.yml` so that `endpoint` product line item is commented out. 2. Test that you can not see `Endpoint Security Exception List` card on the shared exception lists page. 3. Items 4. 5. 6. as above but the menu items should be disabled. This can be verified with fake data only as with a real endpoint, endpoint alerts are actually not visible at all. ### Tests (ESS) On the ESS side, endpoint exceptions are not affected by this change and work as usual based on index privileges. --------- Co-authored-by: semd <sergi.massaneda@elastic.co> Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com> Co-authored-by: YulNaumenko <jo.naumenko@gmail.com> Co-authored-by: Pablo Neves Machado <pablo.nevesmachado@elastic.co> Co-authored-by: Pablo Machado <machadoum@gmail.com>		2023-08-31 13:35:42 +02:00
..
src	@kbn/utility-types: DotObject and DedotObject (#139539 )	2022-08-31 17:51:34 +02:00
index.ts	[Serverless][Security Solution][Endpoint] Restrict endpoint exceptions on serverless via plugin sub-features (#164107 )	2023-08-31 13:35:42 +02:00
kibana.jsonc	Transpile packages on demand, validate all TS projects (#146212 )	2022-12-22 19:00:29 -06:00
package.json	Transpile packages on demand, validate all TS projects (#146212 )	2022-12-22 19:00:29 -06:00
README.md	@kbn/utility-types: DotObject and DedotObject (#139539 )	2022-08-31 17:51:34 +02:00
tsconfig.json	Transpile packages on demand, validate all TS projects (#146212 )	2022-12-22 19:00:29 -06:00

README.md

`@kbn/utility-types`

TypeScript utility types for usage in Kibana.

This package re-exports a subset of the items in utility-types
You can also add more utility types here.

Usage

import { UnwrapObservable } from '@kbn/utility-types';

type A = Observable<string>;
type B = UnwrapObservable<A>; // string

Reference

Assign<T, U> — From U assign properties to T (just like object assign).
DotObject<T> — Convert type T to a flattened structure.
DedotObject<T> — The inverse of DotObject<T>: convert the flattened type T to a deeply-nested type.
Ensure<T, X> — Makes sure T is of type X.
ObservableLike<T> — Minimal interface for an object resembling an Observable.
PublicContract<T> — Returns an object with public keys only.
PublicKeys<T> — Returns public keys of an object.
RecursiveReadonly<T> — Like Readonly<T>, but freezes object recursively.
ShallowPromise<T> — Same as Promise type, but it flat maps the wrapped type.
UnionToIntersection<T> — Converts a union of types into an intersection.
UnwrapObservable<T> — Returns wrapped type of an observable.
Values<T> — Returns object or array value types.