mirror of
https://github.com/elastic/kibana.git
synced 2025-06-27 18:51:07 -04:00
9ea864cc05
## [Security Solution] [Elastic AI Assistant] Data anonymization The PR introduces the _Data anonymization_ feature to the _Elastic AI Assistant_:  _Above: Data anonymization in the Elastic AI Assistant_  _Above: Viewing the anonymized `host.name`, `user.name`, and `user.domain` fields in a conversation_ Use this feature to: - Control which fields are sent from a context to the assistant - Toggle anonymization on or off for specific fields - Set defaults for the above ### How it works When data anonymization is enabled for a context (e.g. an alert or an event), only a subset of the fields in the alert or event will be sent by default. Some fields will also be anonymized by default. When a field is anonymized, UUIDs are sent to the assistant in lieu of actual values. When responses are received from the assistant, the UUIDs are automatically translated back to their original values. - Elastic Security ships with a recommended set of default fields configured for anonymization - Simply accept the defaults, or edit any message before it's sent - Customize the defaults at any time ### See what was actually sent The `Show anonymized` toggle reveals the anonymized data that was sent, per the animated gif below:  _Above: The `Show anonymized` toggle reveals the anonymized data_ ### Use Bulk actions to quickly customize what's sent  _Above: bulk actions_ Apply the following bulk actions to customize any context sent to the assistant: - Allow - Deny - Anonymize - Unonymize ### Use Bulk actions to quickly customize defaults  _Above: Customize defaults with bulk actions_ Apply the following bulk actions to customize defaults: - Allow by default - Deny by default - Anonymize by default - Unonymize by default ### Row actions  _Above: The row actions overflow menu_ The following row actions are available on every row: - Allow - Deny - Anonymize - Unonymize - Allow by default - Deny by default - Anonymize by default - Unonymize by default ### Restore the "factory defaults" The _Anonymization defaults_ setting, shown in the screenshot below, may be used to restore the Elastic-provided defaults for which fields are allowed and anonymized:  _Above: restoring the Elastic defaults_ See epic <https://github.com/elastic/security-team/issues/6775> (internal) for additional details.
161 lines
5.2 KiB
TypeScript
161 lines
5.2 KiB
TypeScript
/*
|
|
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
|
|
* or more contributor license agreements. Licensed under the Elastic License
|
|
* 2.0; you may not use this file except in compliance with the Elastic License
|
|
* 2.0.
|
|
*/
|
|
|
|
export type ExperimentalFeatures = { [K in keyof typeof allowedExperimentalValues]: boolean };
|
|
|
|
/**
|
|
* A list of allowed values that can be used in `xpack.securitySolution.enableExperimental`.
|
|
* This object is then used to validate and parse the value entered.
|
|
*/
|
|
export const allowedExperimentalValues = Object.freeze({
|
|
tGridEnabled: true,
|
|
tGridEventRenderedViewEnabled: true,
|
|
|
|
// FIXME:PT delete?
|
|
excludePoliciesInFilterEnabled: false,
|
|
|
|
kubernetesEnabled: true,
|
|
chartEmbeddablesEnabled: true,
|
|
donutChartEmbeddablesEnabled: false, // Depends on https://github.com/elastic/kibana/issues/136409 item 2 - 6
|
|
alertsPreviewChartEmbeddablesEnabled: false, // Depends on https://github.com/elastic/kibana/issues/136409 item 9
|
|
/**
|
|
* This is used for enabling the end-to-end tests for the security_solution telemetry.
|
|
* We disable the telemetry since we don't have specific roles or permissions around it and
|
|
* we don't want people to be able to violate security by getting access to whole documents
|
|
* around telemetry they should not.
|
|
* @see telemetry_detection_rules_preview_route.ts
|
|
* @see test/detection_engine_api_integration/security_and_spaces/tests/telemetry/README.md
|
|
*/
|
|
previewTelemetryUrlEnabled: false,
|
|
|
|
/**
|
|
* Enables the insights module for related alerts by process ancestry
|
|
*/
|
|
insightsRelatedAlertsByProcessAncestry: true,
|
|
|
|
/**
|
|
* Enables extended rule execution logging to Event Log. When this setting is enabled:
|
|
* - Rules write their console error, info, debug, and trace messages to Event Log,
|
|
* in addition to other events they log there (status changes and execution metrics).
|
|
* - We add a Kibana Advanced Setting that controls this behavior (on/off and log level).
|
|
* - We show a table with plain execution logs on the Rule Details page.
|
|
*/
|
|
extendedRuleExecutionLoggingEnabled: false,
|
|
|
|
/**
|
|
* Enables the SOC trends timerange and stats on D&R page
|
|
*/
|
|
socTrendsEnabled: false,
|
|
|
|
/**
|
|
* Enables the automated response actions in rule + alerts
|
|
*/
|
|
responseActionsEnabled: true,
|
|
|
|
/**
|
|
* Enables the automated endpoint response action in rule + alerts
|
|
*/
|
|
endpointResponseActionsEnabled: true,
|
|
|
|
/**
|
|
* Enables the alert details page currently only accessible via the alert details flyout and alert table context menu
|
|
*/
|
|
alertDetailsPageEnabled: false,
|
|
|
|
/**
|
|
* Enables the `upload` endpoint response action (v8.9)
|
|
*/
|
|
responseActionUploadEnabled: true,
|
|
|
|
/**
|
|
* Enables top charts on Alerts Page
|
|
*/
|
|
alertsPageChartsEnabled: true,
|
|
alertTypeEnabled: false,
|
|
/**
|
|
* Enables the new security flyout over the current alert details flyout
|
|
*/
|
|
securityFlyoutEnabled: false,
|
|
|
|
/**
|
|
* Enables the Elastic AI Assistant
|
|
*/
|
|
assistantEnabled: false,
|
|
|
|
/**
|
|
* Keep DEPRECATED experimental flags that are documented to prevent failed upgrades.
|
|
* https://www.elastic.co/guide/en/security/current/user-risk-score.html
|
|
* https://www.elastic.co/guide/en/security/current/host-risk-score.html
|
|
*
|
|
* Issue: https://github.com/elastic/kibana/issues/146777
|
|
*/
|
|
riskyHostsEnabled: false, // DEPRECATED
|
|
riskyUsersEnabled: false, // DEPRECATED
|
|
|
|
/*
|
|
* Enables new Set of filters on the Alerts page.
|
|
*
|
|
**/
|
|
alertsPageFiltersEnabled: true,
|
|
|
|
/*
|
|
* Enables the new user details flyout displayed on the Alerts page and timeline.
|
|
*
|
|
**/
|
|
newUserDetailsFlyout: false,
|
|
|
|
/**
|
|
* Enables Protections/Detections Coverage Overview page (Epic link https://github.com/elastic/security-team/issues/2905)
|
|
*
|
|
* This flag aims to facilitate the development process as the feature may not make it to 8.9 release.
|
|
*
|
|
* The flag doesn't have to be documented and has to be removed after the feature is ready to release.
|
|
*/
|
|
detectionsCoverageOverview: false,
|
|
|
|
/**
|
|
* Enables experimental Entity Analytics HTTP endpoints
|
|
*/
|
|
riskScoringRoutesEnabled: false,
|
|
});
|
|
|
|
type ExperimentalConfigKeys = Array<keyof ExperimentalFeatures>;
|
|
type Mutable<T> = { -readonly [P in keyof T]: T[P] };
|
|
|
|
const allowedKeys = Object.keys(allowedExperimentalValues) as Readonly<ExperimentalConfigKeys>;
|
|
|
|
/**
|
|
* Parses the string value used in `xpack.securitySolution.enableExperimental` kibana configuration,
|
|
* which should be a string of values delimited by a comma (`,`)
|
|
*
|
|
* @param configValue
|
|
* @throws SecuritySolutionInvalidExperimentalValue
|
|
*/
|
|
export const parseExperimentalConfigValue = (
|
|
configValue: string[]
|
|
): { features: ExperimentalFeatures; invalid: string[] } => {
|
|
const enabledFeatures: Mutable<Partial<ExperimentalFeatures>> = {};
|
|
const invalidKeys: string[] = [];
|
|
|
|
for (const value of configValue) {
|
|
if (!allowedKeys.includes(value as keyof ExperimentalFeatures)) {
|
|
invalidKeys.push(value);
|
|
} else {
|
|
enabledFeatures[value as keyof ExperimentalFeatures] = true;
|
|
}
|
|
}
|
|
|
|
return {
|
|
features: {
|
|
...allowedExperimentalValues,
|
|
...enabledFeatures,
|
|
},
|
|
invalid: invalidKeys,
|
|
};
|
|
};
|
|
|
|
export const getExperimentalAllowedValues = (): string[] => [...allowedKeys];
|