mirror of
https://github.com/elastic/kibana.git
synced 2025-04-25 10:23:14 -04:00
121 lines
3.1 KiB
JavaScript
121 lines
3.1 KiB
JavaScript
/*
|
|
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
|
|
* or more contributor license agreements. Licensed under the Elastic License
|
|
* 2.0; you may not use this file except in compliance with the Elastic License
|
|
* 2.0.
|
|
*/
|
|
|
|
const { Client } = require('@elastic/elasticsearch');
|
|
const faker = require('faker');
|
|
|
|
const THREAT_INDEX = 'logs-ti';
|
|
|
|
/** Drop the index first? */
|
|
const CLEANUP_FIRST = true;
|
|
|
|
/** Adjust this to alter the threat number */
|
|
const HOW_MANY_THREATS = 1_000_000;
|
|
|
|
/** Feed names */
|
|
const FEED_NAMES = ['Max', 'Philippe', 'Lukasz', 'Fernanda', 'Drew'];
|
|
|
|
/**
|
|
* Customizing this is optional, you can skip it
|
|
*/
|
|
const CHUNK_SIZE = 10_000;
|
|
const TO_GENERATE = HOW_MANY_THREATS;
|
|
|
|
const client = new Client({
|
|
node: 'http://localhost:9200',
|
|
auth: {
|
|
username: 'elastic',
|
|
password: 'changeme',
|
|
},
|
|
});
|
|
|
|
const main = async () => {
|
|
if (await client.indices.exists({ index: THREAT_INDEX })) {
|
|
if (CLEANUP_FIRST) {
|
|
console.log(`deleting index "${THREAT_INDEX}"`);
|
|
|
|
await client.indices.delete({ index: THREAT_INDEX });
|
|
|
|
await client.indices.create({
|
|
index: THREAT_INDEX,
|
|
mappings: {
|
|
properties: {
|
|
'threat.indicator.type': {
|
|
type: 'keyword',
|
|
},
|
|
'threat.feed.name': {
|
|
type: 'keyword',
|
|
},
|
|
'threat.indicator.url.full': {
|
|
type: 'keyword',
|
|
},
|
|
'threat.indicator.first_seen': {
|
|
type: 'date',
|
|
},
|
|
'@timestamp': {
|
|
type: 'date',
|
|
},
|
|
},
|
|
},
|
|
});
|
|
} else {
|
|
console.info(
|
|
`!!! appending to existing index "${THREAT_INDEX}" !!! (because CLEANUP_FIRST is set to true)`
|
|
);
|
|
}
|
|
} else if (!CLEANUP_FIRST) {
|
|
throw new Error(
|
|
`index "${THREAT_INDEX}" does not exist. run this script with CLEANUP_FIRST set to true or create it some other way first.`
|
|
);
|
|
}
|
|
|
|
let pendingCount = TO_GENERATE;
|
|
|
|
// When there are threats to generate
|
|
while (pendingCount) {
|
|
const operations = [];
|
|
|
|
for (let i = 0; i < CHUNK_SIZE; i++) {
|
|
const RANDOM_OFFSET_WITHIN_ONE_MONTH = Math.floor(Math.random() * 3600 * 24 * 30 * 1000);
|
|
|
|
const timestamp = new Date(Date.now() - RANDOM_OFFSET_WITHIN_ONE_MONTH).toISOString();
|
|
|
|
operations.push(
|
|
...[
|
|
{ create: { _index: THREAT_INDEX } },
|
|
{
|
|
'@timestamp': timestamp,
|
|
'threat.indicator.first_seen': timestamp,
|
|
'threat.feed.name': FEED_NAMES[Math.ceil(Math.random() * FEED_NAMES.length) - 1],
|
|
'threat.indicator.type': 'url',
|
|
'threat.indicator.url.full': faker.internet.url(),
|
|
'event.type': 'indicator',
|
|
'event.category': 'threat',
|
|
},
|
|
]
|
|
);
|
|
|
|
pendingCount--;
|
|
|
|
if (!pendingCount) {
|
|
break;
|
|
}
|
|
}
|
|
|
|
await client.bulk({ operations });
|
|
|
|
console.info(
|
|
`${operations.length / 2} new threats indexed, ${
|
|
pendingCount ? `${pendingCount} pending` : 'complete'
|
|
}`
|
|
);
|
|
}
|
|
|
|
console.info('done, run your tests would you?');
|
|
};
|
|
|
|
main();
|