forked from elastic/kibana
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[SIEM] Fixes critical and blocker bugs with querying Anomalies from ML (
elastic#40885) * Fixes a critical and blocking bug where we were querying against _ALL_ ML Jobs. Now we _only_ query for jobs that have the SIEM Group tag. * Fixes a critical and blocking bug where `ui/chrome` getBasePath() was not being added in the fetch API areas * Fixes a critical and blocking bug where we were querying `influencers` rather than `criteriaFields` when showing scores within the details pages for the "Max Anomaly Jobs". This caused missing jobs from the details and incorrect results. * Fixes a critical and blocking bug where we were not using `isInitialized` from the URL loading in which case we could be loading a slightly different time range or give incorrect results. * Fixes a critical and blocking bug where we were not filtering on `source` vs `destination` on the IP details page. Instead we were querying for everything and then filtering to either of the two as in a "source OR destination". Now instead, we only show what the user selects. * Fixes an embarrassing and potentially critical bug where React Router was warning about the usage of React.Memo. Instead I swapped back to using recompose pure so that we do not see warnings about the `ml-hosts` and `ml-network` routes. Use ~~strikethroughs~~ to remove checklist items you don't feel are applicable to this PR. - [ ] This was checked for cross-browser compatibility, [including a check against IE11](https://github.com/elastic/kibana/blob/master/CONTRIBUTING.md#cross-browser-compatibility) ~- [ ] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/master/packages/kbn-i18n/README.md)~ ~- [ ] [Documentation](https://github.com/elastic/kibana/blob/master/CONTRIBUTING.md#writing-documentation) was added for features that require explanation or tutorials~ - [x] [Unit or functional tests](https://github.com/elastic/kibana/blob/master/CONTRIBUTING.md#cross-browser-compatibility) were updated or added to match the most common scenarios ~- [ ] This was checked for [keyboard-only and screenreader accessibility](https://developer.mozilla.org/en-US/docs/Learn/Tools_and_testing/Cross_browser_testing/Accessibility#Accessibility_testing_checklist)~ - [x] This was checked for breaking API changes and was [labeled appropriately](https://github.com/elastic/kibana/blob/master/CONTRIBUTING.md#release-notes-process) - [x] This includes a feature addition or change that requires a release note and was [labeled appropriately](https://github.com/elastic/kibana/blob/master/CONTRIBUTING.md#release-notes-process)
- Loading branch information
1 parent
5287d1e
commit 629e2d7
Showing
26 changed files
with
633 additions
and
123 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
25 changes: 25 additions & 0 deletions
25
x-pack/legacy/plugins/siem/public/components/ml/criteria/get_criteria_from_host_type.test.ts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,25 @@ | ||
/* | ||
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one | ||
* or more contributor license agreements. Licensed under the Elastic License; | ||
* you may not use this file except in compliance with the Elastic License. | ||
*/ | ||
|
||
import { getCriteriaFromHostType } from './get_criteria_from_host_type'; | ||
import { HostsType } from '../../../store/hosts/model'; | ||
|
||
describe('get_criteria_from_host_type', () => { | ||
test('returns host names from criteria if the host type is details', () => { | ||
const criteria = getCriteriaFromHostType(HostsType.details, 'zeek-iowa'); | ||
expect(criteria).toEqual([{ fieldName: 'host.name', fieldValue: 'zeek-iowa' }]); | ||
}); | ||
|
||
test('returns empty array from criteria if the host type is page but rather an empty array', () => { | ||
const criteria = getCriteriaFromHostType(HostsType.page, 'zeek-iowa'); | ||
expect(criteria).toEqual([]); | ||
}); | ||
|
||
test('returns empty array from criteria if the host name is undefined and host type is details', () => { | ||
const criteria = getCriteriaFromHostType(HostsType.details, undefined); | ||
expect(criteria).toEqual([]); | ||
}); | ||
}); |
19 changes: 19 additions & 0 deletions
19
x-pack/legacy/plugins/siem/public/components/ml/criteria/get_criteria_from_host_type.ts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,19 @@ | ||
/* | ||
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one | ||
* or more contributor license agreements. Licensed under the Elastic License; | ||
* you may not use this file except in compliance with the Elastic License. | ||
*/ | ||
|
||
import { HostsType } from '../../../store/hosts/model'; | ||
import { CriteriaFields } from '../types'; | ||
|
||
export const getCriteriaFromHostType = ( | ||
type: HostsType, | ||
hostName: string | undefined | ||
): CriteriaFields[] => { | ||
if (type === HostsType.details && hostName != null) { | ||
return [{ fieldName: 'host.name', fieldValue: hostName }]; | ||
} else { | ||
return []; | ||
} | ||
}; |
43 changes: 43 additions & 0 deletions
43
.../legacy/plugins/siem/public/components/ml/criteria/get_criteria_from_network_type.test.ts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,43 @@ | ||
/* | ||
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one | ||
* or more contributor license agreements. Licensed under the Elastic License; | ||
* you may not use this file except in compliance with the Elastic License. | ||
*/ | ||
|
||
import { getCriteriaFromNetworkType } from './get_criteria_from_network_type'; | ||
import { NetworkType } from '../../../store/network/model'; | ||
import { FlowTarget } from '../../../graphql/types'; | ||
|
||
describe('get_criteria_from_network_type', () => { | ||
test('returns network names from criteria if the network type is details and it is source', () => { | ||
const criteria = getCriteriaFromNetworkType( | ||
NetworkType.details, | ||
'127.0.0.1', | ||
FlowTarget.source | ||
); | ||
expect(criteria).toEqual([{ fieldName: 'source.ip', fieldValue: '127.0.0.1' }]); | ||
}); | ||
|
||
test('returns network names from criteria if the network type is details and it is destination', () => { | ||
const criteria = getCriteriaFromNetworkType( | ||
NetworkType.details, | ||
'127.0.0.1', | ||
FlowTarget.destination | ||
); | ||
expect(criteria).toEqual([{ fieldName: 'destination.ip', fieldValue: '127.0.0.1' }]); | ||
}); | ||
|
||
test('returns empty array if the network type is page', () => { | ||
const criteria = getCriteriaFromNetworkType( | ||
NetworkType.page, | ||
'127.0.0.1', | ||
FlowTarget.destination | ||
); | ||
expect(criteria).toEqual([]); | ||
}); | ||
|
||
test('returns empty array if flowTarget is missing', () => { | ||
const criteria = getCriteriaFromNetworkType(NetworkType.page, '127.0.0.1'); | ||
expect(criteria).toEqual([]); | ||
}); | ||
}); |
Oops, something went wrong.