From 0adda9d2707a42965f06aebe1d3ea039bc6caf0e Mon Sep 17 00:00:00 2001 From: Angela Chuang <6295984+angorayc@users.noreply.github.com> Date: Fri, 14 Feb 2020 13:44:18 +0000 Subject: [PATCH 1/4] [SIEM] Remove additional props for matrix histogram (#54979) * update DNS histogram * fix indent * hide dropdown if only one option provided * update DNS histogram * fix types * wip * isolate matrix histogram on server side * fix type for graphql * fix types * fix tests * fix types * fix types * add unit test * add unit test * fix types * split histogram configs to an object * an idea to simplify more * add unit test * remove updateDateRange passing down to matrixHistogram * change histogramType to enum * handle the case which config not available * fix review * fix review II * fix parser for dns histogram * revert change * isolate parsers * fix unit Co-authored-by: Xavier Mouligneau <189600+XavierM@users.noreply.github.com> --- .../alerts_viewer/histogram_configs.ts | 31 + .../public/components/alerts_viewer/index.tsx | 56 +- .../public/components/alerts_viewer/types.ts | 9 +- .../siem/public/components/charts/common.tsx | 6 +- .../__snapshots__/index.test.tsx.snap | 5 + .../matrix_histogram/index.test.tsx | 96 ++- .../components/matrix_histogram/index.tsx | 126 ++- .../components/matrix_histogram/types.ts | 109 +-- .../components/matrix_histogram/utils.test.ts | 139 ++++ .../components/matrix_histogram/utils.ts | 26 +- .../histogram_configs.ts | 31 + .../anomalies_query_tab_body/index.tsx | 25 +- .../matrix_histogram/index.gql_query.ts | 81 +- .../matrix_histogram/index.test.tsx | 154 ++++ .../matrix_histogram/{utils.ts => index.ts} | 74 +- .../containers/matrix_histogram/index.tsx | 66 -- .../siem/public/graphql/introspection.json | 738 ++++++------------ .../plugins/siem/public/graphql/types.ts | 267 ++----- .../detection_engine/detection_engine.tsx | 1 - .../plugins/siem/public/pages/hosts/hosts.tsx | 3 +- .../siem/public/pages/hosts/hosts_tabs.tsx | 3 - .../authentications_query_tab_body.tsx | 29 +- .../navigation/events_query_tab_body.tsx | 34 +- .../plugins/siem/public/pages/hosts/types.ts | 2 +- .../network/navigation/dns_query_tab_body.tsx | 41 +- .../network/navigation/network_routes.tsx | 7 - .../public/pages/network/navigation/types.ts | 2 - .../overview/alerts_by_category/index.tsx | 53 +- .../overview/events_by_dataset/index.tsx | 57 +- .../siem/public/pages/overview/overview.tsx | 2 - .../siem/server/graphql/alerts/index.ts | 8 - .../siem/server/graphql/alerts/resolvers.ts | 39 - .../server/graphql/anomalies/schema.gql.ts | 24 - .../graphql/authentications/resolvers.ts | 16 +- .../graphql/authentications/schema.gql.ts | 12 - .../siem/server/graphql/events/resolvers.ts | 15 - .../siem/server/graphql/events/schema.gql.ts | 18 - .../plugins/siem/server/graphql/index.ts | 6 +- .../{anomalies => matrix_histogram}/index.ts | 4 +- .../resolvers.ts | 22 +- .../schema.gql.ts | 25 +- .../siem/server/graphql/network/resolvers.ts | 14 +- .../plugins/siem/server/graphql/types.ts | 457 ++++------- .../legacy/plugins/siem/server/init_server.ts | 6 +- .../lib/alerts/elasticsearch_adapter.ts | 63 -- .../plugins/siem/server/lib/alerts/index.ts | 21 - .../plugins/siem/server/lib/alerts/types.ts | 27 - .../lib/anomalies/elasticsearch_adapter.ts | 64 -- .../siem/server/lib/anomalies/types.ts | 42 - .../authentications/elasticsearch_adapter.ts | 63 +- .../siem/server/lib/authentications/index.ts | 14 +- .../siem/server/lib/authentications/types.ts | 30 +- .../plugins/siem/server/lib/compose/kibana.ts | 7 +- .../lib/events/elasticsearch_adapter.ts | 63 +- .../plugins/siem/server/lib/events/index.ts | 10 +- .../plugins/siem/server/lib/events/types.ts | 12 +- .../siem/server/lib/framework/types.ts | 4 +- .../matrix_histogram/elasticsearch_adapter.ts | 81 ++ .../elasticseatch_adapter.test.ts | 8 +- .../{anomalies => matrix_histogram}/index.ts | 14 +- .../lib/{alerts => matrix_histogram}/mock.ts | 5 +- .../query.anomalies_over_time.dsl.ts | 0 .../query.authentications_over_time.dsl.ts | 0 .../query.events_over_time.dsl.ts | 0 .../query_alerts.dsl.ts} | 2 +- .../query_dns_histogram.dsl.ts | 2 +- .../siem/server/lib/matrix_histogram/types.ts | 144 ++++ .../siem/server/lib/matrix_histogram/utils.ts | 48 ++ .../lib/network/elasticsearch_adapter.ts | 45 +- .../plugins/siem/server/lib/network/index.ts | 14 +- .../plugins/siem/server/lib/network/types.ts | 11 +- .../legacy/plugins/siem/server/lib/types.ts | 6 +- 72 files changed, 1495 insertions(+), 2244 deletions(-) create mode 100644 x-pack/legacy/plugins/siem/public/components/alerts_viewer/histogram_configs.ts create mode 100644 x-pack/legacy/plugins/siem/public/components/matrix_histogram/__snapshots__/index.test.tsx.snap create mode 100644 x-pack/legacy/plugins/siem/public/components/matrix_histogram/utils.test.ts create mode 100644 x-pack/legacy/plugins/siem/public/containers/anomalies/anomalies_query_tab_body/histogram_configs.ts create mode 100644 x-pack/legacy/plugins/siem/public/containers/matrix_histogram/index.test.tsx rename x-pack/legacy/plugins/siem/public/containers/matrix_histogram/{utils.ts => index.ts} (61%) delete mode 100644 x-pack/legacy/plugins/siem/public/containers/matrix_histogram/index.tsx delete mode 100644 x-pack/legacy/plugins/siem/server/graphql/alerts/index.ts delete mode 100644 x-pack/legacy/plugins/siem/server/graphql/alerts/resolvers.ts delete mode 100644 x-pack/legacy/plugins/siem/server/graphql/anomalies/schema.gql.ts rename x-pack/legacy/plugins/siem/server/graphql/{anomalies => matrix_histogram}/index.ts (67%) rename x-pack/legacy/plugins/siem/server/graphql/{anomalies => matrix_histogram}/resolvers.ts (55%) rename x-pack/legacy/plugins/siem/server/graphql/{alerts => matrix_histogram}/schema.gql.ts (57%) delete mode 100644 x-pack/legacy/plugins/siem/server/lib/alerts/elasticsearch_adapter.ts delete mode 100644 x-pack/legacy/plugins/siem/server/lib/alerts/index.ts delete mode 100644 x-pack/legacy/plugins/siem/server/lib/alerts/types.ts delete mode 100644 x-pack/legacy/plugins/siem/server/lib/anomalies/elasticsearch_adapter.ts delete mode 100644 x-pack/legacy/plugins/siem/server/lib/anomalies/types.ts create mode 100644 x-pack/legacy/plugins/siem/server/lib/matrix_histogram/elasticsearch_adapter.ts rename x-pack/legacy/plugins/siem/server/lib/{alerts => matrix_histogram}/elasticseatch_adapter.test.ts (86%) rename x-pack/legacy/plugins/siem/server/lib/{anomalies => matrix_histogram}/index.ts (55%) rename x-pack/legacy/plugins/siem/server/lib/{alerts => matrix_histogram}/mock.ts (95%) rename x-pack/legacy/plugins/siem/server/lib/{anomalies => matrix_histogram}/query.anomalies_over_time.dsl.ts (100%) rename x-pack/legacy/plugins/siem/server/lib/{authentications => matrix_histogram}/query.authentications_over_time.dsl.ts (100%) rename x-pack/legacy/plugins/siem/server/lib/{events => matrix_histogram}/query.events_over_time.dsl.ts (100%) rename x-pack/legacy/plugins/siem/server/lib/{alerts/query.dsl.ts => matrix_histogram/query_alerts.dsl.ts} (98%) rename x-pack/legacy/plugins/siem/server/lib/{network => matrix_histogram}/query_dns_histogram.dsl.ts (98%) create mode 100644 x-pack/legacy/plugins/siem/server/lib/matrix_histogram/types.ts create mode 100644 x-pack/legacy/plugins/siem/server/lib/matrix_histogram/utils.ts diff --git a/x-pack/legacy/plugins/siem/public/components/alerts_viewer/histogram_configs.ts b/x-pack/legacy/plugins/siem/public/components/alerts_viewer/histogram_configs.ts new file mode 100644 index 00000000000000..fbcf4c6ed039b6 --- /dev/null +++ b/x-pack/legacy/plugins/siem/public/components/alerts_viewer/histogram_configs.ts @@ -0,0 +1,31 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License; + * you may not use this file except in compliance with the Elastic License. + */ +import * as i18n from './translations'; +import { MatrixHistogramOption, MatrixHisrogramConfigs } from '../matrix_histogram/types'; +import { HistogramType } from '../../graphql/types'; + +export const alertsStackByOptions: MatrixHistogramOption[] = [ + { + text: 'event.category', + value: 'event.category', + }, + { + text: 'event.module', + value: 'event.module', + }, +]; + +const DEFAULT_STACK_BY = 'event.module'; + +export const histogramConfigs: MatrixHisrogramConfigs = { + defaultStackByOption: + alertsStackByOptions.find(o => o.text === DEFAULT_STACK_BY) ?? alertsStackByOptions[1], + errorMessage: i18n.ERROR_FETCHING_ALERTS_DATA, + histogramType: HistogramType.alerts, + stackByOptions: alertsStackByOptions, + subtitle: undefined, + title: i18n.ALERTS_GRAPH_TITLE, +}; diff --git a/x-pack/legacy/plugins/siem/public/components/alerts_viewer/index.tsx b/x-pack/legacy/plugins/siem/public/components/alerts_viewer/index.tsx index a8c2f429040ea6..587002c24d5269 100644 --- a/x-pack/legacy/plugins/siem/public/components/alerts_viewer/index.tsx +++ b/x-pack/legacy/plugins/siem/public/components/alerts_viewer/index.tsx @@ -3,30 +3,18 @@ * or more contributor license agreements. Licensed under the Elastic License; * you may not use this file except in compliance with the Elastic License. */ -import { noop } from 'lodash/fp'; -import React, { useEffect, useCallback } from 'react'; +import React, { useEffect, useCallback, useMemo } from 'react'; import numeral from '@elastic/numeral'; import { AlertsComponentsQueryProps } from './types'; import { AlertsTable } from './alerts_table'; import * as i18n from './translations'; -import { MatrixHistogramOption } from '../matrix_histogram/types'; -import { MatrixHistogramContainer } from '../../containers/matrix_histogram'; -import { MatrixHistogramGqlQuery } from '../../containers/matrix_histogram/index.gql_query'; import { useUiSetting$ } from '../../lib/kibana'; import { DEFAULT_NUMBER_FORMAT } from '../../../common/constants'; +import { MatrixHistogramContainer } from '../matrix_histogram'; +import { histogramConfigs } from './histogram_configs'; +import { MatrixHisrogramConfigs } from '../matrix_histogram/types'; const ID = 'alertsOverTimeQuery'; -export const alertsStackByOptions: MatrixHistogramOption[] = [ - { - text: 'event.category', - value: 'event.category', - }, - { - text: 'event.module', - value: 'event.module', - }, -]; -const dataKey = 'AlertsHistogram'; export const AlertsView = ({ deleteQuery, @@ -34,21 +22,10 @@ export const AlertsView = ({ filterQuery, pageFilters, setQuery, - skip, startDate, type, - updateDateRange = noop, }: AlertsComponentsQueryProps) => { const [defaultNumberFormat] = useUiSetting$(DEFAULT_NUMBER_FORMAT); - - useEffect(() => { - return () => { - if (deleteQuery) { - deleteQuery({ id: ID }); - } - }; - }, []); - const getSubtitle = useCallback( (totalCount: number) => `${i18n.SHOWING}: ${numeral(totalCount).format(defaultNumberFormat)} ${i18n.UNIT( @@ -56,27 +33,32 @@ export const AlertsView = ({ )}`, [] ); + const alertsHistogramConfigs: MatrixHisrogramConfigs = useMemo( + () => ({ + ...histogramConfigs, + subtitle: getSubtitle, + }), + [getSubtitle] + ); + useEffect(() => { + return () => { + if (deleteQuery) { + deleteQuery({ id: ID }); + } + }; + }, [deleteQuery]); return ( <> diff --git a/x-pack/legacy/plugins/siem/public/components/alerts_viewer/types.ts b/x-pack/legacy/plugins/siem/public/components/alerts_viewer/types.ts index e6d6fdf273ec86..a24c66e31e6708 100644 --- a/x-pack/legacy/plugins/siem/public/components/alerts_viewer/types.ts +++ b/x-pack/legacy/plugins/siem/public/components/alerts_viewer/types.ts @@ -13,14 +13,7 @@ type CommonQueryProps = HostsComponentsQueryProps | NetworkComponentQueryProps; export interface AlertsComponentsQueryProps extends Pick< CommonQueryProps, - | 'deleteQuery' - | 'endDate' - | 'filterQuery' - | 'skip' - | 'setQuery' - | 'startDate' - | 'type' - | 'updateDateRange' + 'deleteQuery' | 'endDate' | 'filterQuery' | 'skip' | 'setQuery' | 'startDate' | 'type' > { pageFilters: Filter[]; stackByOptions?: MatrixHistogramOption[]; diff --git a/x-pack/legacy/plugins/siem/public/components/charts/common.tsx b/x-pack/legacy/plugins/siem/public/components/charts/common.tsx index 62f1ac56890ca1..03b412f5756466 100644 --- a/x-pack/legacy/plugins/siem/public/components/charts/common.tsx +++ b/x-pack/legacy/plugins/siem/public/components/charts/common.tsx @@ -28,10 +28,10 @@ const chartDefaultRendering: Rendering = 'canvas'; export type UpdateDateRange = (min: number, max: number) => void; export interface ChartData { - x: number | string | null; - y: number | string | null; + x?: number | string | null; + y?: number | string | null; y0?: number; - g?: number | string; + g?: number | string | null; } export interface ChartSeriesConfigs { diff --git a/x-pack/legacy/plugins/siem/public/components/matrix_histogram/__snapshots__/index.test.tsx.snap b/x-pack/legacy/plugins/siem/public/components/matrix_histogram/__snapshots__/index.test.tsx.snap new file mode 100644 index 00000000000000..0e518e48e2e888 --- /dev/null +++ b/x-pack/legacy/plugins/siem/public/components/matrix_histogram/__snapshots__/index.test.tsx.snap @@ -0,0 +1,5 @@ +// Jest Snapshot v1, https://goo.gl/fbAQLP + +exports[`Matrix Histogram Component not initial load it renders no MatrixLoader 1`] = `"
"`; + +exports[`Matrix Histogram Component on initial load it renders MatrixLoader 1`] = `"
"`; diff --git a/x-pack/legacy/plugins/siem/public/components/matrix_histogram/index.test.tsx b/x-pack/legacy/plugins/siem/public/components/matrix_histogram/index.test.tsx index a44efed47372db..db5b1f7f03ee3d 100644 --- a/x-pack/legacy/plugins/siem/public/components/matrix_histogram/index.test.tsx +++ b/x-pack/legacy/plugins/siem/public/components/matrix_histogram/index.test.tsx @@ -6,17 +6,19 @@ /* eslint-disable react/display-name */ -import { shallow } from 'enzyme'; +import { mount, ReactWrapper } from 'enzyme'; import React from 'react'; import { MatrixHistogram } from '.'; -import { MatrixHistogramGqlQuery as mockQuery } from '../../containers/matrix_histogram/index.gql_query'; - +import { useQuery } from '../../containers/matrix_histogram'; +import { HistogramType } from '../../graphql/types'; jest.mock('../../lib/kibana'); -jest.mock('../loader', () => { +jest.mock('./matrix_loader', () => { return { - Loader: () =>
, + MatrixLoader: () => { + return
; + }, }; }); @@ -32,17 +34,31 @@ jest.mock('../charts/barchart', () => { }; }); +jest.mock('../../containers/matrix_histogram', () => { + return { + useQuery: jest.fn(), + }; +}); + +jest.mock('../../components/matrix_histogram/utils', () => { + return { + getBarchartConfigs: jest.fn(), + getCustomChartData: jest.fn().mockReturnValue(true), + }; +}); + describe('Matrix Histogram Component', () => { + let wrapper: ReactWrapper; + const mockMatrixOverTimeHistogramProps = { - dataKey: 'mockDataKey', defaultIndex: ['defaultIndex'], defaultStackByOption: { text: 'text', value: 'value' }, endDate: new Date('2019-07-18T20:00:00.000Z').valueOf(), errorMessage: 'error', + histogramType: HistogramType.alerts, id: 'mockId', isInspected: false, isPtrIncluded: false, - query: mockQuery, setQuery: jest.fn(), skip: false, sourceId: 'default', @@ -52,36 +68,56 @@ describe('Matrix Histogram Component', () => { subtitle: 'mockSubtitle', totalCount: -1, title: 'mockTitle', - updateDateRange: jest.fn(), + dispatchSetAbsoluteRangeDatePicker: jest.fn(), }; - describe('rendering', () => { - test('it renders EuiLoadingContent on initialLoad', () => { - const wrapper = shallow(); - expect(wrapper.find(`[data-test-subj="initialLoadingPanelMatrixOverTime"]`)).toBeTruthy(); + beforeAll(() => { + (useQuery as jest.Mock).mockReturnValue({ + data: null, + loading: false, + inspect: false, + totalCount: null, }); - - test('it renders Loader while fetching data if visited before', () => { - const mockProps = { - ...mockMatrixOverTimeHistogramProps, - data: [{ x: new Date('2019-09-16T02:20:00.000Z').valueOf(), y: 3787, g: 'config_change' }], - totalCount: 10, - loading: true, - }; - const wrapper = shallow(); - expect(wrapper.find('.loader')).toBeTruthy(); + wrapper = mount(); + }); + describe('on initial load', () => { + test('it renders MatrixLoader', () => { + expect(wrapper.html()).toMatchSnapshot(); + expect(wrapper.find('MatrixLoader').exists()).toBe(true); }); + }); - test('it renders BarChart if data available', () => { - const mockProps = { - ...mockMatrixOverTimeHistogramProps, - data: [{ x: new Date('2019-09-16T02:20:00.000Z').valueOf(), y: 3787, g: 'config_change' }], - totalCount: 10, + describe('not initial load', () => { + beforeAll(() => { + (useQuery as jest.Mock).mockReturnValue({ + data: [ + { x: 1, y: 2, g: 'g1' }, + { x: 2, y: 4, g: 'g1' }, + { x: 3, y: 6, g: 'g1' }, + { x: 1, y: 1, g: 'g2' }, + { x: 2, y: 3, g: 'g2' }, + { x: 3, y: 5, g: 'g2' }, + ], loading: false, - }; - const wrapper = shallow(); + inspect: false, + totalCount: 1, + }); + wrapper.setProps({ endDate: 100 }); + wrapper.update(); + }); + test('it renders no MatrixLoader', () => { + expect(wrapper.html()).toMatchSnapshot(); + expect(wrapper.find(`MatrixLoader`).exists()).toBe(false); + }); + + test('it shows BarChart if data available', () => { + expect(wrapper.find(`.barchart`).exists()).toBe(true); + }); + }); - expect(wrapper.find(`.barchart`)).toBeTruthy(); + describe('select dropdown', () => { + test('should be hidden if only one option is provided', () => { + expect(wrapper.find('EuiSelect').exists()).toBe(false); }); }); }); diff --git a/x-pack/legacy/plugins/siem/public/components/matrix_histogram/index.tsx b/x-pack/legacy/plugins/siem/public/components/matrix_histogram/index.tsx index 04b988f8270f37..cb9afde899cf80 100644 --- a/x-pack/legacy/plugins/siem/public/components/matrix_histogram/index.tsx +++ b/x-pack/legacy/plugins/siem/public/components/matrix_histogram/index.tsx @@ -4,19 +4,21 @@ * you may not use this file except in compliance with the Elastic License. */ -import React, { useState, useEffect, useCallback } from 'react'; -import { ScaleType } from '@elastic/charts'; +import React, { useState, useEffect, useCallback, useMemo } from 'react'; +import { Position } from '@elastic/charts'; import styled from 'styled-components'; import { EuiFlexGroup, EuiFlexItem, EuiProgress, EuiSelect, EuiSpacer } from '@elastic/eui'; import { noop } from 'lodash/fp'; +import { compose } from 'redux'; +import { connect } from 'react-redux'; import * as i18n from './translations'; import { BarChart } from '../charts/barchart'; import { HeaderSection } from '../header_section'; import { MatrixLoader } from './matrix_loader'; import { Panel } from '../panel'; -import { getBarchartConfigs, getCustomChartData } from './utils'; -import { useQuery } from '../../containers/matrix_histogram/utils'; +import { getBarchartConfigs, getCustomChartData } from '../../components/matrix_histogram/utils'; +import { useQuery } from '../../containers/matrix_histogram'; import { MatrixHistogramProps, MatrixHistogramOption, @@ -26,6 +28,35 @@ import { import { ChartSeriesData } from '../charts/common'; import { InspectButtonContainer } from '../inspect'; +import { State, inputsSelectors, hostsModel, networkModel } from '../../store'; + +import { + MatrixHistogramMappingTypes, + GetTitle, + GetSubTitle, +} from '../../components/matrix_histogram/types'; +import { SetQuery } from '../../pages/hosts/navigation/types'; +import { QueryTemplateProps } from '../../containers/query_template'; +import { setAbsoluteRangeDatePicker } from '../../store/inputs/actions'; +import { HistogramType } from '../../graphql/types'; + +export interface OwnProps extends QueryTemplateProps { + defaultStackByOption: MatrixHistogramOption; + errorMessage: string; + headerChildren?: React.ReactNode; + hideHistogramIfEmpty?: boolean; + histogramType: HistogramType; + id: string; + legendPosition?: Position; + mapping?: MatrixHistogramMappingTypes; + setQuery: SetQuery; + showLegend?: boolean; + stackByOptions: MatrixHistogramOption[]; + subtitle?: string | GetSubTitle; + title: string | GetTitle; + type: hostsModel.HostsType | networkModel.NetworkType; +} + const DEFAULT_PANEL_HEIGHT = 300; const HeaderChildrenFlexItem = styled(EuiFlexItem)` @@ -41,45 +72,50 @@ const HistogramPanel = styled(Panel)<{ height?: number }>` export const MatrixHistogramComponent: React.FC = ({ chartHeight, - dataKey, defaultStackByOption, endDate, errorMessage, filterQuery, headerChildren, + histogramType, hideHistogramIfEmpty = false, id, - isAlertsHistogram, - isAnomaliesHistogram, - isAuthenticationsHistogram, - isDnsHistogram, - isEventsHistogram, isInspected, - legendPosition = 'right', + legendPosition, mapping, panelHeight = DEFAULT_PANEL_HEIGHT, - query, - scaleType = ScaleType.Time, setQuery, - showLegend = true, - skip, + showLegend, stackByOptions, startDate, subtitle, title, - updateDateRange, + dispatchSetAbsoluteRangeDatePicker, yTickFormatter, }) => { - const barchartConfigs = getBarchartConfigs({ - chartHeight, - from: startDate, - legendPosition, - to: endDate, - onBrushEnd: updateDateRange, - scaleType, - yTickFormatter, - showLegend, - }); + const barchartConfigs = useMemo( + () => + getBarchartConfigs({ + chartHeight, + from: startDate, + legendPosition, + to: endDate, + onBrushEnd: (min: number, max: number) => { + dispatchSetAbsoluteRangeDatePicker({ id: 'global', from: min, to: max }); + }, + yTickFormatter, + showLegend, + }), + [ + chartHeight, + startDate, + legendPosition, + endDate, + dispatchSetAbsoluteRangeDatePicker, + yTickFormatter, + showLegend, + ] + ); const [isInitialLoading, setIsInitialLoading] = useState(true); const [selectedStackByOption, setSelectedStackByOption] = useState( defaultStackByOption @@ -100,19 +136,11 @@ export const MatrixHistogramComponent: React.FC( { - dataKey, endDate, errorMessage, filterQuery, - query, - skip, + histogramType, startDate, - title, - isAlertsHistogram, - isAnomaliesHistogram, - isAuthenticationsHistogram, - isDnsHistogram, - isEventsHistogram, isInspected, stackByField: selectedStackByOption.value, } @@ -129,7 +157,6 @@ export const MatrixHistogramComponent: React.FC= 0 ? subtitleWithCounts : null)} + subtitle={!isInitialLoading && (totalCount >= 0 ? subtitleWithCounts : null)} > @@ -197,7 +227,10 @@ export const MatrixHistogramComponent: React.FC= 0 ? subtitleWithCounts : null)} + subtitle={ + !isInitialLoading && + (totalCount != null && totalCount >= 0 ? subtitleWithCounts : null) + } > @@ -224,3 +257,20 @@ export const MatrixHistogramComponent: React.FC { + const getQuery = inputsSelectors.globalQueryByIdSelector(); + const mapStateToProps = (state: State, { type, id }: OwnProps) => { + const { isInspected } = getQuery(state, id); + return { + isInspected, + }; + }; + return mapStateToProps; +}; + +export const MatrixHistogramContainer = compose>( + connect(makeMapStateToProps, { + dispatchSetAbsoluteRangeDatePicker: setAbsoluteRangeDatePicker, + }) +)(MatrixHistogram); diff --git a/x-pack/legacy/plugins/siem/public/components/matrix_histogram/types.ts b/x-pack/legacy/plugins/siem/public/components/matrix_histogram/types.ts index 88f8f1ff28fa92..fda4f5d15d95c7 100644 --- a/x-pack/legacy/plugins/siem/public/components/matrix_histogram/types.ts +++ b/x-pack/legacy/plugins/siem/public/components/matrix_histogram/types.ts @@ -4,20 +4,14 @@ * you may not use this file except in compliance with the Elastic License. */ -import { ScaleType, Position } from '@elastic/charts'; -import { SetStateAction } from 'react'; -import { DocumentNode } from 'graphql'; -import { - MatrixOverTimeHistogramData, - MatrixOverOrdinalHistogramData, - NetworkDnsSortField, - PaginationInputPaginated, -} from '../../graphql/types'; -import { UpdateDateRange } from '../charts/common'; +import { ScaleType, Position, TickFormatter } from '@elastic/charts'; +import { ActionCreator } from 'redux'; import { ESQuery } from '../../../common/typed_json'; import { SetQuery } from '../../pages/hosts/navigation/types'; +import { InputsModelId } from '../../store/inputs/constants'; +import { HistogramType } from '../../graphql/types'; +import { UpdateDateRange } from '../charts/common'; -export type MatrixHistogramDataTypes = MatrixOverTimeHistogramData | MatrixOverOrdinalHistogramData; export type MatrixHistogramMappingTypes = Record< string, { key: string; value: null; color?: string | undefined } @@ -30,10 +24,27 @@ export interface MatrixHistogramOption { export type GetSubTitle = (count: number) => string; export type GetTitle = (matrixHistogramOption: MatrixHistogramOption) => string; -export interface MatrixHistogramBasicProps { +export interface MatrixHisrogramConfigs { + defaultStackByOption: MatrixHistogramOption; + errorMessage: string; + hideHistogramIfEmpty?: boolean; + histogramType: HistogramType; + legendPosition?: Position; + mapping?: MatrixHistogramMappingTypes; + stackByOptions: MatrixHistogramOption[]; + subtitle?: string | GetSubTitle; + title: string | GetTitle; +} + +interface MatrixHistogramBasicProps { chartHeight?: number; defaultIndex: string[]; defaultStackByOption: MatrixHistogramOption; + dispatchSetAbsoluteRangeDatePicker: ActionCreator<{ + id: InputsModelId; + from: number; + to: number; + }>; endDate: number; headerChildren?: React.ReactNode; hideHistogramIfEmpty?: boolean; @@ -42,35 +53,20 @@ export interface MatrixHistogramBasicProps { mapping?: MatrixHistogramMappingTypes; panelHeight?: number; setQuery: SetQuery; - sourceId: string; startDate: number; stackByOptions: MatrixHistogramOption[]; subtitle?: string | GetSubTitle; - title?: string; - updateDateRange: UpdateDateRange; + title?: string | GetTitle; } export interface MatrixHistogramQueryProps { - activePage?: number; - dataKey: string; endDate: number; errorMessage: string; filterQuery?: ESQuery | string | undefined; - limit?: number; - query: DocumentNode; - sort?: NetworkDnsSortField; stackByField: string; - skip: boolean; startDate: number; - title: string | GetTitle; - isAlertsHistogram?: boolean; - isAnomaliesHistogram?: boolean; - isAuthenticationsHistogram?: boolean; - isDnsHistogram?: boolean; - isEventsHistogram?: boolean; isInspected: boolean; - isPtrIncluded?: boolean; - pagination?: PaginationInputPaginated; + histogramType: HistogramType; } export interface MatrixHistogramProps extends MatrixHistogramBasicProps { @@ -98,31 +94,38 @@ export interface HistogramAggregation { }; } -export interface SignalsResponse { - took: number; - timeout: boolean; -} - -export interface SignalSearchResponse - extends SignalsResponse { - _shards: { - total: number; - successful: number; - skipped: number; - failed: number; +export interface BarchartConfigs { + series: { + xScaleType: ScaleType; + yScaleType: ScaleType; + stackAccessors: string[]; }; - aggregations?: Aggregations; - hits: { - total: { - value: number; - relation: string; + axis: { + xTickFormatter: TickFormatter; + yTickFormatter: TickFormatter; + tickSize: number; + }; + settings: { + legendPosition: Position; + onBrushEnd: UpdateDateRange; + showLegend: boolean; + theme: { + scales: { + barsPadding: number; + }; + chartMargins: { + left: number; + right: number; + top: number; + bottom: number; + }; + chartPaddings: { + left: number; + right: number; + top: number; + bottom: number; + }; }; - hits: Hit[]; }; + customHeight: number; } - -export type Return = [ - boolean, - SignalSearchResponse | null, - React.Dispatch> -]; diff --git a/x-pack/legacy/plugins/siem/public/components/matrix_histogram/utils.test.ts b/x-pack/legacy/plugins/siem/public/components/matrix_histogram/utils.test.ts new file mode 100644 index 00000000000000..2c34a307bfdedd --- /dev/null +++ b/x-pack/legacy/plugins/siem/public/components/matrix_histogram/utils.test.ts @@ -0,0 +1,139 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License; + * you may not use this file except in compliance with the Elastic License. + */ + +import { + getBarchartConfigs, + DEFAULT_CHART_HEIGHT, + DEFAULT_Y_TICK_FORMATTER, + formatToChartDataItem, + getCustomChartData, +} from './utils'; +import { UpdateDateRange } from '../charts/common'; +import { Position } from '@elastic/charts'; +import { MatrixOverTimeHistogramData } from '../../graphql/types'; +import { BarchartConfigs } from './types'; + +describe('utils', () => { + describe('getBarchartConfigs', () => { + describe('it should get correct default values', () => { + let configs: BarchartConfigs; + beforeAll(() => { + configs = getBarchartConfigs({ + from: 0, + to: 0, + onBrushEnd: jest.fn() as UpdateDateRange, + }); + }); + + test('it should set default chartHeight', () => { + expect(configs.customHeight).toEqual(DEFAULT_CHART_HEIGHT); + }); + + test('it should show legend by default', () => { + expect(configs.settings.showLegend).toEqual(true); + }); + + test('it should put legend on the right', () => { + expect(configs.settings.legendPosition).toEqual(Position.Right); + }); + + test('it should format Y tick to local string', () => { + expect(configs.axis.yTickFormatter).toEqual(DEFAULT_Y_TICK_FORMATTER); + }); + }); + + describe('it should set custom configs', () => { + let configs: BarchartConfigs; + const mockYTickFormatter = jest.fn(); + const mockChartHeight = 100; + + beforeAll(() => { + configs = getBarchartConfigs({ + chartHeight: mockChartHeight, + from: 0, + to: 0, + onBrushEnd: jest.fn() as UpdateDateRange, + yTickFormatter: mockYTickFormatter, + showLegend: false, + }); + }); + + test('it should set custom chart height', () => { + expect(configs.customHeight).toEqual(mockChartHeight); + }); + + test('it should hide legend', () => { + expect(configs.settings.showLegend).toEqual(false); + }); + + test('it should format y tick with custom formatter', () => { + expect(configs.axis.yTickFormatter).toEqual(mockYTickFormatter); + }); + }); + }); + + describe('formatToChartDataItem', () => { + test('it should format data correctly', () => { + const data: [string, MatrixOverTimeHistogramData[]] = [ + 'g1', + [ + { x: 1, y: 2, g: 'g1' }, + { x: 2, y: 4, g: 'g1' }, + { x: 3, y: 6, g: 'g1' }, + ], + ]; + const result = formatToChartDataItem(data); + expect(result).toEqual({ + key: 'g1', + value: [ + { x: 1, y: 2, g: 'g1' }, + { x: 2, y: 4, g: 'g1' }, + { x: 3, y: 6, g: 'g1' }, + ], + }); + }); + }); + + describe('getCustomChartData', () => { + test('should handle the case when no data provided', () => { + const data = null; + const result = getCustomChartData(data); + + expect(result).toEqual([]); + }); + + test('shoule format data correctly', () => { + const data = [ + { x: 1, y: 2, g: 'g1' }, + { x: 2, y: 4, g: 'g1' }, + { x: 3, y: 6, g: 'g1' }, + { x: 1, y: 1, g: 'g2' }, + { x: 2, y: 3, g: 'g2' }, + { x: 3, y: 5, g: 'g2' }, + ]; + const result = getCustomChartData(data); + + expect(result).toEqual([ + { + key: 'g1', + value: [ + { x: 1, y: 2, g: 'g1' }, + { x: 2, y: 4, g: 'g1' }, + { x: 3, y: 6, g: 'g1' }, + ], + }, + { + key: 'g2', + value: [ + { x: 1, y: 1, g: 'g2' }, + { x: 2, y: 3, g: 'g2' }, + { x: 3, y: 5, g: 'g2' }, + ], + }, + ]); + }); + }); +}); diff --git a/x-pack/legacy/plugins/siem/public/components/matrix_histogram/utils.ts b/x-pack/legacy/plugins/siem/public/components/matrix_histogram/utils.ts index 95b1cd806cf6cb..ccd1b03eb54741 100644 --- a/x-pack/legacy/plugins/siem/public/components/matrix_histogram/utils.ts +++ b/x-pack/legacy/plugins/siem/public/components/matrix_histogram/utils.ts @@ -7,7 +7,8 @@ import { ScaleType, Position } from '@elastic/charts'; import { get, groupBy, map, toPairs } from 'lodash/fp'; import { UpdateDateRange, ChartSeriesData } from '../charts/common'; -import { MatrixHistogramDataTypes, MatrixHistogramMappingTypes } from './types'; +import { MatrixHistogramMappingTypes, BarchartConfigs } from './types'; +import { MatrixOverTimeHistogramData } from '../../graphql/types'; import { histogramDateTimeFormatter } from '../utils'; interface GetBarchartConfigsProps { @@ -15,40 +16,35 @@ interface GetBarchartConfigsProps { from: number; legendPosition?: Position; to: number; - scaleType: ScaleType; onBrushEnd: UpdateDateRange; yTickFormatter?: (value: number) => string; showLegend?: boolean; } export const DEFAULT_CHART_HEIGHT = 174; +export const DEFAULT_Y_TICK_FORMATTER = (value: string | number): string => value.toLocaleString(); export const getBarchartConfigs = ({ chartHeight, from, legendPosition, to, - scaleType, onBrushEnd, yTickFormatter, showLegend, -}: GetBarchartConfigsProps) => ({ +}: GetBarchartConfigsProps): BarchartConfigs => ({ series: { - xScaleType: scaleType || ScaleType.Time, + xScaleType: ScaleType.Time, yScaleType: ScaleType.Linear, stackAccessors: ['g'], }, axis: { - xTickFormatter: - scaleType === ScaleType.Time ? histogramDateTimeFormatter([from, to]) : undefined, - yTickFormatter: - yTickFormatter != null - ? yTickFormatter - : (value: string | number): string => value.toLocaleString(), + xTickFormatter: histogramDateTimeFormatter([from, to]), + yTickFormatter: yTickFormatter != null ? yTickFormatter : DEFAULT_Y_TICK_FORMATTER, tickSize: 8, }, settings: { - legendPosition: legendPosition ?? Position.Bottom, + legendPosition: legendPosition ?? Position.Right, onBrushEnd, showLegend: showLegend ?? true, theme: { @@ -74,14 +70,14 @@ export const getBarchartConfigs = ({ export const formatToChartDataItem = ([key, value]: [ string, - MatrixHistogramDataTypes[] + MatrixOverTimeHistogramData[] ]): ChartSeriesData => ({ key, value, }); export const getCustomChartData = ( - data: MatrixHistogramDataTypes[] | null, + data: MatrixOverTimeHistogramData[] | null, mapping?: MatrixHistogramMappingTypes ): ChartSeriesData[] => { if (!data) return []; @@ -92,7 +88,7 @@ export const getCustomChartData = ( if (mapping) return map((item: ChartSeriesData) => { const mapItem = get(item.key, mapping); - return { ...item, color: mapItem.color }; + return { ...item, color: mapItem?.color }; }, formattedChartData); else return formattedChartData; }; diff --git a/x-pack/legacy/plugins/siem/public/containers/anomalies/anomalies_query_tab_body/histogram_configs.ts b/x-pack/legacy/plugins/siem/public/containers/anomalies/anomalies_query_tab_body/histogram_configs.ts new file mode 100644 index 00000000000000..f63349d3e573ad --- /dev/null +++ b/x-pack/legacy/plugins/siem/public/containers/anomalies/anomalies_query_tab_body/histogram_configs.ts @@ -0,0 +1,31 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License; + * you may not use this file except in compliance with the Elastic License. + */ +import * as i18n from './translations'; +import { + MatrixHistogramOption, + MatrixHisrogramConfigs, +} from '../../../components/matrix_histogram/types'; +import { HistogramType } from '../../../graphql/types'; + +export const anomaliesStackByOptions: MatrixHistogramOption[] = [ + { + text: i18n.ANOMALIES_STACK_BY_JOB_ID, + value: 'job_id', + }, +]; + +const DEFAULT_STACK_BY = i18n.ANOMALIES_STACK_BY_JOB_ID; + +export const histogramConfigs: MatrixHisrogramConfigs = { + defaultStackByOption: + anomaliesStackByOptions.find(o => o.text === DEFAULT_STACK_BY) ?? anomaliesStackByOptions[0], + errorMessage: i18n.ERROR_FETCHING_ANOMALIES_DATA, + hideHistogramIfEmpty: true, + histogramType: HistogramType.anomalies, + stackByOptions: anomaliesStackByOptions, + subtitle: undefined, + title: i18n.ANOMALIES_TITLE, +}; diff --git a/x-pack/legacy/plugins/siem/public/containers/anomalies/anomalies_query_tab_body/index.tsx b/x-pack/legacy/plugins/siem/public/containers/anomalies/anomalies_query_tab_body/index.tsx index e34832aa88c930..85e19248f2eb52 100644 --- a/x-pack/legacy/plugins/siem/public/containers/anomalies/anomalies_query_tab_body/index.tsx +++ b/x-pack/legacy/plugins/siem/public/containers/anomalies/anomalies_query_tab_body/index.tsx @@ -5,23 +5,14 @@ */ import React, { useEffect } from 'react'; -import * as i18n from './translations'; import { AnomaliesQueryTabBodyProps } from './types'; import { getAnomaliesFilterQuery } from './utils'; import { useSiemJobs } from '../../../components/ml_popover/hooks/use_siem_jobs'; import { useUiSetting$ } from '../../../lib/kibana'; import { DEFAULT_ANOMALY_SCORE } from '../../../../common/constants'; -import { MatrixHistogramContainer } from '../../matrix_histogram'; -import { MatrixHistogramOption } from '../../../components/matrix_histogram/types'; -import { MatrixHistogramGqlQuery } from '../../matrix_histogram/index.gql_query'; - +import { MatrixHistogramContainer } from '../../../components/matrix_histogram'; +import { histogramConfigs } from './histogram_configs'; const ID = 'anomaliesOverTimeQuery'; -const anomaliesStackByOptions: MatrixHistogramOption[] = [ - { - text: i18n.ANOMALIES_STACK_BY_JOB_ID, - value: 'job_id', - }, -]; export const AnomaliesQueryTabBody = ({ deleteQuery, @@ -33,7 +24,6 @@ export const AnomaliesQueryTabBody = ({ narrowDateRange, filterQuery, anomaliesFilterQuery, - updateDateRange = () => {}, AnomaliesTableComponent, flowTarget, ip, @@ -61,23 +51,14 @@ export const AnomaliesQueryTabBody = ({ return ( <> ({ + useApolloClient: jest.fn(), +})); + +jest.mock('../../lib/kibana', () => { + return { + useUiSetting$: jest.fn().mockReturnValue(['mockDefaultIndex']), + }; +}); + +jest.mock('./index.gql_query', () => { + return { + MatrixHistogramGqlQuery: 'mockGqlQuery', + }; +}); + +jest.mock('../../components/ml/api/error_to_toaster'); + +describe('useQuery', () => { + let result: { + data: MatrixOverTimeHistogramData[] | null; + loading: boolean; + inspect: InspectQuery | null; + totalCount: number; + refetch: Refetch | undefined; + }; + describe('happy path', () => { + beforeAll(() => { + (useApolloClient as jest.Mock).mockReturnValue({ + query: mockQuery, + }); + const TestComponent = () => { + result = useQuery({ + endDate: 100, + errorMessage: 'fakeErrorMsg', + filterQuery: '', + histogramType: HistogramType.alerts, + isInspected: false, + stackByField: 'fakeField', + startDate: 0, + }); + + return
; + }; + + mount(); + }); + + test('should set variables', () => { + expect(mockQuery).toBeCalledWith({ + query: 'mockGqlQuery', + fetchPolicy: 'network-only', + variables: { + filterQuery: '', + sourceId: 'default', + timerange: { + interval: '12h', + from: 0, + to: 100, + }, + defaultIndex: 'mockDefaultIndex', + inspect: false, + stackByField: 'fakeField', + histogramType: 'alerts', + }, + context: { + fetchOptions: { + abortSignal: new AbortController().signal, + }, + }, + }); + }); + + test('should setData', () => { + expect(result.data).toEqual([{}]); + }); + + test('should set total count', () => { + expect(result.totalCount).toEqual(1); + }); + + test('should set inspect', () => { + expect(result.inspect).toEqual(false); + }); + }); + + describe('failure path', () => { + beforeAll(() => { + mockQuery.mockClear(); + (useApolloClient as jest.Mock).mockReset(); + (useApolloClient as jest.Mock).mockReturnValue({ + query: mockRejectQuery, + }); + const TestComponent = () => { + result = useQuery({ + endDate: 100, + errorMessage: 'fakeErrorMsg', + filterQuery: '', + histogramType: HistogramType.alerts, + isInspected: false, + stackByField: 'fakeField', + startDate: 0, + }); + + return
; + }; + + mount(); + }); + + test('should setData', () => { + expect(result.data).toEqual(null); + }); + + test('should set total count', () => { + expect(result.totalCount).toEqual(-1); + }); + + test('should set inspect', () => { + expect(result.inspect).toEqual(null); + }); + + test('should set error to toster', () => { + expect(errorToToaster).toHaveBeenCalled(); + }); + }); +}); diff --git a/x-pack/legacy/plugins/siem/public/containers/matrix_histogram/utils.ts b/x-pack/legacy/plugins/siem/public/containers/matrix_histogram/index.ts similarity index 61% rename from x-pack/legacy/plugins/siem/public/containers/matrix_histogram/utils.ts rename to x-pack/legacy/plugins/siem/public/containers/matrix_histogram/index.ts index 1df1aec76627ce..683d5b68c305b4 100644 --- a/x-pack/legacy/plugins/siem/public/containers/matrix_histogram/utils.ts +++ b/x-pack/legacy/plugins/siem/public/containers/matrix_histogram/index.ts @@ -3,12 +3,8 @@ * or more contributor license agreements. Licensed under the Elastic License; * you may not use this file except in compliance with the Elastic License. */ -import { getOr } from 'lodash/fp'; -import { useEffect, useRef, useState } from 'react'; -import { - MatrixHistogramDataTypes, - MatrixHistogramQueryProps, -} from '../../components/matrix_histogram/types'; +import { useEffect, useState, useRef } from 'react'; +import { MatrixHistogramQueryProps } from '../../components/matrix_histogram/types'; import { DEFAULT_INDEX_KEY } from '../../../common/constants'; import { useStateToaster } from '../../components/toasters'; import { errorToToaster } from '../../components/ml/api/error_to_toaster'; @@ -16,20 +12,15 @@ import { useUiSetting$ } from '../../lib/kibana'; import { createFilter } from '../helpers'; import { useApolloClient } from '../../utils/apollo_context'; import { inputsModel } from '../../store'; -import { GetMatrixHistogramQuery } from '../../graphql/types'; +import { MatrixHistogramGqlQuery } from './index.gql_query'; +import { GetMatrixHistogramQuery, MatrixOverTimeHistogramData } from '../../graphql/types'; export const useQuery = ({ - dataKey, endDate, errorMessage, filterQuery, - isAlertsHistogram = false, - isAnomaliesHistogram = false, - isAuthenticationsHistogram = false, - isEventsHistogram = false, - isDnsHistogram = false, + histogramType, isInspected, - query, stackByField, startDate, }: MatrixHistogramQueryProps) => { @@ -37,30 +28,25 @@ export const useQuery = ({ const [, dispatchToaster] = useStateToaster(); const refetch = useRef(); const [loading, setLoading] = useState(false); - const [data, setData] = useState(null); + const [data, setData] = useState(null); const [inspect, setInspect] = useState(null); - const [totalCount, setTotalCount] = useState(-1); + const [totalCount, setTotalCount] = useState(-1); const apolloClient = useApolloClient(); - const matrixHistogramVariables: GetMatrixHistogramQuery.Variables = { - filterQuery: createFilter(filterQuery), - sourceId: 'default', - timerange: { - interval: '12h', - from: startDate!, - to: endDate!, - }, - defaultIndex, - inspect: isInspected, - stackByField, - isAlertsHistogram, - isAnomaliesHistogram, - isAuthenticationsHistogram, - isDnsHistogram, - isEventsHistogram, - }; - useEffect(() => { + const matrixHistogramVariables: GetMatrixHistogramQuery.Variables = { + filterQuery: createFilter(filterQuery), + sourceId: 'default', + timerange: { + interval: '12h', + from: startDate!, + to: endDate!, + }, + defaultIndex, + inspect: isInspected, + stackByField, + histogramType, + }; let isSubscribed = true; const abortCtrl = new AbortController(); const abortSignal = abortCtrl.signal; @@ -70,7 +56,7 @@ export const useQuery = ({ setLoading(true); return apolloClient .query({ - query, + query: MatrixHistogramGqlQuery, fetchPolicy: 'network-only', variables: matrixHistogramVariables, context: { @@ -82,13 +68,10 @@ export const useQuery = ({ .then( result => { if (isSubscribed) { - const isDataKeyAnArray = Array.isArray(dataKey); - const rootDataKey = isDataKeyAnArray ? dataKey[0] : `${dataKey}`; - const histogramDataKey = isDataKeyAnArray ? dataKey[1] : `matrixHistogramData`; - const source = getOr({}, `data.source.${rootDataKey}`, result); - setData(getOr([], histogramDataKey, source)); - setTotalCount(getOr(-1, 'totalCount', source)); - setInspect(getOr(null, 'inspect', source)); + const source = result?.data?.source?.MatrixHistogram ?? {}; + setData(source?.matrixHistogramData ?? []); + setTotalCount(source?.totalCount ?? -1); + setInspect(source?.inspect ?? null); setLoading(false); } }, @@ -97,8 +80,8 @@ export const useQuery = ({ setData(null); setTotalCount(-1); setInspect(null); - errorToToaster({ title: errorMessage, error, dispatchToaster }); setLoading(false); + errorToToaster({ title: errorMessage, error, dispatchToaster }); } } ); @@ -111,13 +94,14 @@ export const useQuery = ({ }; }, [ defaultIndex, - query, + errorMessage, filterQuery, + histogramType, isInspected, - isDnsHistogram, stackByField, startDate, endDate, + data, ]); return { data, loading, inspect, totalCount, refetch: refetch.current }; diff --git a/x-pack/legacy/plugins/siem/public/containers/matrix_histogram/index.tsx b/x-pack/legacy/plugins/siem/public/containers/matrix_histogram/index.tsx deleted file mode 100644 index 9e0b1579a7b655..00000000000000 --- a/x-pack/legacy/plugins/siem/public/containers/matrix_histogram/index.tsx +++ /dev/null @@ -1,66 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import { Position } from '@elastic/charts'; -import React from 'react'; -import { compose } from 'redux'; - -import { connect } from 'react-redux'; -import { State, inputsSelectors, hostsModel, networkModel } from '../../store'; -import { QueryTemplateProps } from '../query_template'; - -import { Maybe } from '../../graphql/types'; -import { MatrixHistogram } from '../../components/matrix_histogram'; -import { - MatrixHistogramOption, - MatrixHistogramMappingTypes, - GetTitle, - GetSubTitle, -} from '../../components/matrix_histogram/types'; -import { UpdateDateRange } from '../../components/charts/common'; -import { SetQuery } from '../../pages/hosts/navigation/types'; - -export interface OwnProps extends QueryTemplateProps { - chartHeight?: number; - dataKey: string | string[]; - defaultStackByOption: MatrixHistogramOption; - errorMessage: string; - headerChildren?: React.ReactNode; - hideHistogramIfEmpty?: boolean; - isAlertsHistogram?: boolean; - isAnomaliesHistogram?: boolean; - isAuthenticationsHistogram?: boolean; - id: string; - isDnsHistogram?: boolean; - isEventsHistogram?: boolean; - legendPosition?: Position; - mapping?: MatrixHistogramMappingTypes; - panelHeight?: number; - query: Maybe; - setQuery: SetQuery; - showLegend?: boolean; - sourceId: string; - stackByOptions: MatrixHistogramOption[]; - subtitle?: string | GetSubTitle; - title: string | GetTitle; - type: hostsModel.HostsType | networkModel.NetworkType; - updateDateRange: UpdateDateRange; -} - -const makeMapStateToProps = () => { - const getQuery = inputsSelectors.globalQueryByIdSelector(); - const mapStateToProps = (state: State, { type, id }: OwnProps) => { - const { isInspected } = getQuery(state, id); - return { - isInspected, - }; - }; - return mapStateToProps; -}; - -export const MatrixHistogramContainer = compose>( - connect(makeMapStateToProps) -)(MatrixHistogram); diff --git a/x-pack/legacy/plugins/siem/public/graphql/introspection.json b/x-pack/legacy/plugins/siem/public/graphql/introspection.json index b356b67b75c7bb..9802a5f5bd3bf7 100644 --- a/x-pack/legacy/plugins/siem/public/graphql/introspection.json +++ b/x-pack/legacy/plugins/siem/public/graphql/introspection.json @@ -666,112 +666,6 @@ "isDeprecated": false, "deprecationReason": null }, - { - "name": "AlertsHistogram", - "description": "", - "args": [ - { - "name": "filterQuery", - "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null - }, - { - "name": "defaultIndex", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } - } - } - }, - "defaultValue": null - }, - { - "name": "timerange", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "INPUT_OBJECT", "name": "TimerangeInput", "ofType": null } - }, - "defaultValue": null - }, - { - "name": "stackByField", - "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null - } - ], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "AlertsOverTimeData", "ofType": null } - }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "AnomaliesHistogram", - "description": "", - "args": [ - { - "name": "timerange", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "INPUT_OBJECT", "name": "TimerangeInput", "ofType": null } - }, - "defaultValue": null - }, - { - "name": "filterQuery", - "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null - }, - { - "name": "defaultIndex", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } - } - } - }, - "defaultValue": null - }, - { - "name": "stackByField", - "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null - } - ], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "AnomaliesOverTimeData", "ofType": null } - }, - "isDeprecated": false, - "deprecationReason": null - }, { "name": "Authentications", "description": "Gets Authentication success and failures based on a timerange", @@ -833,59 +727,6 @@ "isDeprecated": false, "deprecationReason": null }, - { - "name": "AuthenticationsHistogram", - "description": "", - "args": [ - { - "name": "timerange", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "INPUT_OBJECT", "name": "TimerangeInput", "ofType": null } - }, - "defaultValue": null - }, - { - "name": "filterQuery", - "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null - }, - { - "name": "defaultIndex", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } - } - } - }, - "defaultValue": null - }, - { - "name": "stackByField", - "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null - } - ], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "AuthenticationsOverTimeData", "ofType": null } - }, - "isDeprecated": false, - "deprecationReason": null - }, { "name": "Timeline", "description": "", @@ -1075,59 +916,6 @@ "isDeprecated": false, "deprecationReason": null }, - { - "name": "EventsHistogram", - "description": "", - "args": [ - { - "name": "timerange", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "INPUT_OBJECT", "name": "TimerangeInput", "ofType": null } - }, - "defaultValue": null - }, - { - "name": "filterQuery", - "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null - }, - { - "name": "defaultIndex", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } - } - } - }, - "defaultValue": null - }, - { - "name": "stackByField", - "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null - } - ], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "EventsOverTimeData", "ofType": null } - }, - "isDeprecated": false, - "deprecationReason": null - }, { "name": "Hosts", "description": "Gets Hosts based on timerange and specified criteria, or all events in the timerange if no criteria is specified", @@ -1610,6 +1398,73 @@ "isDeprecated": false, "deprecationReason": null }, + { + "name": "MatrixHistogram", + "description": "", + "args": [ + { + "name": "filterQuery", + "description": "", + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "defaultValue": null + }, + { + "name": "defaultIndex", + "description": "", + "type": { + "kind": "NON_NULL", + "name": null, + "ofType": { + "kind": "LIST", + "name": null, + "ofType": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } + } + } + }, + "defaultValue": null + }, + { + "name": "timerange", + "description": "", + "type": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "INPUT_OBJECT", "name": "TimerangeInput", "ofType": null } + }, + "defaultValue": null + }, + { + "name": "stackByField", + "description": "", + "type": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } + }, + "defaultValue": null + }, + { + "name": "histogramType", + "description": "", + "type": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "ENUM", "name": "HistogramType", "ofType": null } + }, + "defaultValue": null + } + ], + "type": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "OBJECT", "name": "MatrixHistogramOverTimeData", "ofType": null } + }, + "isDeprecated": false, + "deprecationReason": null + }, { "name": "NetworkTopCountries", "description": "", @@ -2607,211 +2462,17 @@ }, { "name": "description", - "description": "Description of the field", - "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "format", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "INPUT_OBJECT", - "name": "TimerangeInput", - "description": "", - "fields": null, - "inputFields": [ - { - "name": "interval", - "description": "The interval string to use for last bucket. The format is '{value}{unit}'. For example '5m' would return the metrics for the last 5 minutes of the timespan.", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } - }, - "defaultValue": null - }, - { - "name": "to", - "description": "The end of the timerange", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "Float", "ofType": null } - }, - "defaultValue": null - }, - { - "name": "from", - "description": "The beginning of the timerange", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "Float", "ofType": null } - }, - "defaultValue": null - } - ], - "interfaces": null, - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "AlertsOverTimeData", - "description": "", - "fields": [ - { - "name": "inspect", - "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "Inspect", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "matrixHistogramData", - "description": "", - "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { - "kind": "OBJECT", - "name": "MatrixOverTimeHistogramData", - "ofType": null - } - } - } - }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "totalCount", - "description": "", - "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "Float", "ofType": null } - }, - "isDeprecated": false, - "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "Inspect", - "description": "", - "fields": [ - { - "name": "dsl", - "description": "", - "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } - } - } - }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "response", - "description": "", - "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } - } - } - }, - "isDeprecated": false, - "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "MatrixOverTimeHistogramData", - "description": "", - "fields": [ - { - "name": "x", - "description": "", - "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "Float", "ofType": null } - }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "y", - "description": "", - "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "Float", "ofType": null } - }, + "description": "Description of the field", + "args": [], + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "g", + "name": "format", "description": "", "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } - }, + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, "isDeprecated": false, "deprecationReason": null } @@ -2822,57 +2483,43 @@ "possibleTypes": null }, { - "kind": "OBJECT", - "name": "AnomaliesOverTimeData", + "kind": "INPUT_OBJECT", + "name": "TimerangeInput", "description": "", - "fields": [ + "fields": null, + "inputFields": [ { - "name": "inspect", - "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "Inspect", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null + "name": "interval", + "description": "The interval string to use for last bucket. The format is '{value}{unit}'. For example '5m' would return the metrics for the last 5 minutes of the timespan.", + "type": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } + }, + "defaultValue": null }, { - "name": "matrixHistogramData", - "description": "", - "args": [], + "name": "to", + "description": "The end of the timerange", "type": { "kind": "NON_NULL", "name": null, - "ofType": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { - "kind": "OBJECT", - "name": "MatrixOverTimeHistogramData", - "ofType": null - } - } - } + "ofType": { "kind": "SCALAR", "name": "Float", "ofType": null } }, - "isDeprecated": false, - "deprecationReason": null + "defaultValue": null }, { - "name": "totalCount", - "description": "", - "args": [], + "name": "from", + "description": "The beginning of the timerange", "type": { "kind": "NON_NULL", "name": null, "ofType": { "kind": "SCALAR", "name": "Float", "ofType": null } }, - "isDeprecated": false, - "deprecationReason": null + "defaultValue": null } ], - "inputFields": null, - "interfaces": [], + "interfaces": null, "enumValues": null, "possibleTypes": null }, @@ -3587,19 +3234,11 @@ }, { "kind": "OBJECT", - "name": "AuthenticationsOverTimeData", + "name": "Inspect", "description": "", "fields": [ { - "name": "inspect", - "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "Inspect", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "matrixHistogramData", + "name": "dsl", "description": "", "args": [], "type": { @@ -3611,11 +3250,7 @@ "ofType": { "kind": "NON_NULL", "name": null, - "ofType": { - "kind": "OBJECT", - "name": "MatrixOverTimeHistogramData", - "ofType": null - } + "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } } } }, @@ -3623,13 +3258,21 @@ "deprecationReason": null }, { - "name": "totalCount", + "name": "response", "description": "", "args": [], "type": { "kind": "NON_NULL", "name": null, - "ofType": { "kind": "SCALAR", "name": "Float", "ofType": null } + "ofType": { + "kind": "LIST", + "name": null, + "ofType": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } + } + } }, "isDeprecated": false, "deprecationReason": null @@ -6639,61 +6282,6 @@ "enumValues": null, "possibleTypes": null }, - { - "kind": "OBJECT", - "name": "EventsOverTimeData", - "description": "", - "fields": [ - { - "name": "inspect", - "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "Inspect", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "matrixHistogramData", - "description": "", - "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { - "kind": "OBJECT", - "name": "MatrixOverTimeHistogramData", - "ofType": null - } - } - } - }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "totalCount", - "description": "", - "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "Float", "ofType": null } - }, - "isDeprecated": false, - "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, { "kind": "INPUT_OBJECT", "name": "HostsSortField", @@ -7844,6 +7432,122 @@ "enumValues": null, "possibleTypes": null }, + { + "kind": "ENUM", + "name": "HistogramType", + "description": "", + "fields": null, + "inputFields": null, + "interfaces": null, + "enumValues": [ + { + "name": "authentications", + "description": "", + "isDeprecated": false, + "deprecationReason": null + }, + { + "name": "anomalies", + "description": "", + "isDeprecated": false, + "deprecationReason": null + }, + { "name": "events", "description": "", "isDeprecated": false, "deprecationReason": null }, + { "name": "alerts", "description": "", "isDeprecated": false, "deprecationReason": null }, + { "name": "dns", "description": "", "isDeprecated": false, "deprecationReason": null } + ], + "possibleTypes": null + }, + { + "kind": "OBJECT", + "name": "MatrixHistogramOverTimeData", + "description": "", + "fields": [ + { + "name": "inspect", + "description": "", + "args": [], + "type": { "kind": "OBJECT", "name": "Inspect", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null + }, + { + "name": "matrixHistogramData", + "description": "", + "args": [], + "type": { + "kind": "NON_NULL", + "name": null, + "ofType": { + "kind": "LIST", + "name": null, + "ofType": { + "kind": "NON_NULL", + "name": null, + "ofType": { + "kind": "OBJECT", + "name": "MatrixOverTimeHistogramData", + "ofType": null + } + } + } + }, + "isDeprecated": false, + "deprecationReason": null + }, + { + "name": "totalCount", + "description": "", + "args": [], + "type": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "SCALAR", "name": "Float", "ofType": null } + }, + "isDeprecated": false, + "deprecationReason": null + } + ], + "inputFields": null, + "interfaces": [], + "enumValues": null, + "possibleTypes": null + }, + { + "kind": "OBJECT", + "name": "MatrixOverTimeHistogramData", + "description": "", + "fields": [ + { + "name": "x", + "description": "", + "args": [], + "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null + }, + { + "name": "y", + "description": "", + "args": [], + "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null + }, + { + "name": "g", + "description": "", + "args": [], + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null + } + ], + "inputFields": null, + "interfaces": [], + "enumValues": null, + "possibleTypes": null + }, { "kind": "ENUM", "name": "FlowTargetSourceDest", diff --git a/x-pack/legacy/plugins/siem/public/graphql/types.ts b/x-pack/legacy/plugins/siem/public/graphql/types.ts index 0103713a8c8a2d..3528ee6e13a389 100644 --- a/x-pack/legacy/plugins/siem/public/graphql/types.ts +++ b/x-pack/legacy/plugins/siem/public/graphql/types.ts @@ -301,6 +301,14 @@ export enum FlowTarget { source = 'source', } +export enum HistogramType { + authentications = 'authentications', + anomalies = 'anomalies', + events = 'events', + alerts = 'alerts', + dns = 'dns', +} + export enum FlowTargetSourceDest { destination = 'destination', source = 'source', @@ -460,22 +468,14 @@ export interface Source { configuration: SourceConfiguration; /** The status of the source */ status: SourceStatus; - - AlertsHistogram: AlertsOverTimeData; - - AnomaliesHistogram: AnomaliesOverTimeData; /** Gets Authentication success and failures based on a timerange */ Authentications: AuthenticationsData; - AuthenticationsHistogram: AuthenticationsOverTimeData; - Timeline: TimelineData; TimelineDetails: TimelineDetailsData; LastEventTime: LastEventTimeData; - - EventsHistogram: EventsOverTimeData; /** Gets Hosts based on timerange and specified criteria, or all events in the timerange if no criteria is specified */ Hosts: HostsData; @@ -493,6 +493,8 @@ export interface Source { KpiHostDetails: KpiHostDetailsData; + MatrixHistogram: MatrixHistogramOverTimeData; + NetworkTopCountries: NetworkTopCountriesData; NetworkTopNFlow: NetworkTopNFlowData; @@ -566,36 +568,6 @@ export interface IndexField { format?: Maybe; } -export interface AlertsOverTimeData { - inspect?: Maybe; - - matrixHistogramData: MatrixOverTimeHistogramData[]; - - totalCount: number; -} - -export interface Inspect { - dsl: string[]; - - response: string[]; -} - -export interface MatrixOverTimeHistogramData { - x: number; - - y: number; - - g: string; -} - -export interface AnomaliesOverTimeData { - inspect?: Maybe; - - matrixHistogramData: MatrixOverTimeHistogramData[]; - - totalCount: number; -} - export interface AuthenticationsData { edges: AuthenticationsEdges[]; @@ -730,12 +702,10 @@ export interface PageInfoPaginated { showMorePagesIndicator: boolean; } -export interface AuthenticationsOverTimeData { - inspect?: Maybe; - - matrixHistogramData: MatrixOverTimeHistogramData[]; +export interface Inspect { + dsl: string[]; - totalCount: number; + response: string[]; } export interface TimelineData { @@ -1390,14 +1360,6 @@ export interface LastEventTimeData { inspect?: Maybe; } -export interface EventsOverTimeData { - inspect?: Maybe; - - matrixHistogramData: MatrixOverTimeHistogramData[]; - - totalCount: number; -} - export interface HostsData { edges: HostsEdges[]; @@ -1598,6 +1560,22 @@ export interface KpiHostDetailsData { inspect?: Maybe; } +export interface MatrixHistogramOverTimeData { + inspect?: Maybe; + + matrixHistogramData: MatrixOverTimeHistogramData[]; + + totalCount: number; +} + +export interface MatrixOverTimeHistogramData { + x?: Maybe; + + y?: Maybe; + + g?: Maybe; +} + export interface NetworkTopCountriesData { edges: NetworkTopCountriesEdges[]; @@ -2241,24 +2219,6 @@ export interface GetAllTimelineQueryArgs { onlyUserFavorite?: Maybe; } -export interface AlertsHistogramSourceArgs { - filterQuery?: Maybe; - - defaultIndex: string[]; - - timerange: TimerangeInput; - - stackByField?: Maybe; -} -export interface AnomaliesHistogramSourceArgs { - timerange: TimerangeInput; - - filterQuery?: Maybe; - - defaultIndex: string[]; - - stackByField?: Maybe; -} export interface AuthenticationsSourceArgs { timerange: TimerangeInput; @@ -2268,15 +2228,6 @@ export interface AuthenticationsSourceArgs { defaultIndex: string[]; } -export interface AuthenticationsHistogramSourceArgs { - timerange: TimerangeInput; - - filterQuery?: Maybe; - - defaultIndex: string[]; - - stackByField?: Maybe; -} export interface TimelineSourceArgs { pagination: PaginationInput; @@ -2306,15 +2257,6 @@ export interface LastEventTimeSourceArgs { defaultIndex: string[]; } -export interface EventsHistogramSourceArgs { - timerange: TimerangeInput; - - filterQuery?: Maybe; - - defaultIndex: string[]; - - stackByField?: Maybe; -} export interface HostsSourceArgs { id?: Maybe; @@ -2397,6 +2339,17 @@ export interface KpiHostDetailsSourceArgs { defaultIndex: string[]; } +export interface MatrixHistogramSourceArgs { + filterQuery?: Maybe; + + defaultIndex: string[]; + + timerange: TimerangeInput; + + stackByField: string; + + histogramType: HistogramType; +} export interface NetworkTopCountriesSourceArgs { id?: Maybe; @@ -3330,16 +3283,12 @@ export namespace GetKpiNetworkQuery { export namespace GetMatrixHistogramQuery { export type Variables = { - isAlertsHistogram: boolean; - isAnomaliesHistogram: boolean; - isAuthenticationsHistogram: boolean; - isDnsHistogram: boolean; defaultIndex: string[]; - isEventsHistogram: boolean; filterQuery?: Maybe; + histogramType: HistogramType; inspect: boolean; sourceId: string; - stackByField?: Maybe; + stackByField: string; timerange: TimerangeInput; }; @@ -3354,19 +3303,11 @@ export namespace GetMatrixHistogramQuery { id: string; - AlertsHistogram: AlertsHistogram; - - AnomaliesHistogram: AnomaliesHistogram; - - AuthenticationsHistogram: AuthenticationsHistogram; - - EventsHistogram: EventsHistogram; - - NetworkDnsHistogram: NetworkDnsHistogram; + MatrixHistogram: MatrixHistogram; }; - export type AlertsHistogram = { - __typename?: 'AlertsOverTimeData'; + export type MatrixHistogram = { + __typename?: 'MatrixHistogramOverTimeData'; matrixHistogramData: MatrixHistogramData[]; @@ -3378,11 +3319,11 @@ export namespace GetMatrixHistogramQuery { export type MatrixHistogramData = { __typename?: 'MatrixOverTimeHistogramData'; - x: number; + x: Maybe; - y: number; + y: Maybe; - g: string; + g: Maybe; }; export type Inspect = { @@ -3392,118 +3333,6 @@ export namespace GetMatrixHistogramQuery { response: string[]; }; - - export type AnomaliesHistogram = { - __typename?: 'AnomaliesOverTimeData'; - - matrixHistogramData: _MatrixHistogramData[]; - - totalCount: number; - - inspect: Maybe<_Inspect>; - }; - - export type _MatrixHistogramData = { - __typename?: 'MatrixOverTimeHistogramData'; - - x: number; - - y: number; - - g: string; - }; - - export type _Inspect = { - __typename?: 'Inspect'; - - dsl: string[]; - - response: string[]; - }; - - export type AuthenticationsHistogram = { - __typename?: 'AuthenticationsOverTimeData'; - - matrixHistogramData: __MatrixHistogramData[]; - - totalCount: number; - - inspect: Maybe<__Inspect>; - }; - - export type __MatrixHistogramData = { - __typename?: 'MatrixOverTimeHistogramData'; - - x: number; - - y: number; - - g: string; - }; - - export type __Inspect = { - __typename?: 'Inspect'; - - dsl: string[]; - - response: string[]; - }; - - export type EventsHistogram = { - __typename?: 'EventsOverTimeData'; - - matrixHistogramData: ___MatrixHistogramData[]; - - totalCount: number; - - inspect: Maybe<___Inspect>; - }; - - export type ___MatrixHistogramData = { - __typename?: 'MatrixOverTimeHistogramData'; - - x: number; - - y: number; - - g: string; - }; - - export type ___Inspect = { - __typename?: 'Inspect'; - - dsl: string[]; - - response: string[]; - }; - - export type NetworkDnsHistogram = { - __typename?: 'NetworkDsOverTimeData'; - - matrixHistogramData: ____MatrixHistogramData[]; - - totalCount: number; - - inspect: Maybe<____Inspect>; - }; - - export type ____MatrixHistogramData = { - __typename?: 'MatrixOverTimeHistogramData'; - - x: number; - - y: number; - - g: string; - }; - - export type ____Inspect = { - __typename?: 'Inspect'; - - dsl: string[]; - - response: string[]; - }; } export namespace GetNetworkDnsQuery { diff --git a/x-pack/legacy/plugins/siem/public/pages/detection_engine/detection_engine.tsx b/x-pack/legacy/plugins/siem/public/pages/detection_engine/detection_engine.tsx index 8a374617467736..8cfcac8fc862bd 100644 --- a/x-pack/legacy/plugins/siem/public/pages/detection_engine/detection_engine.tsx +++ b/x-pack/legacy/plugins/siem/public/pages/detection_engine/detection_engine.tsx @@ -193,7 +193,6 @@ const DetectionEnginePageComponent: React.FC hideHeaderChildren={true} indexPattern={indexPattern} query={query} - setAbsoluteRangeDatePicker={setAbsoluteRangeDatePicker!} setQuery={setQuery} to={to} /> diff --git a/x-pack/legacy/plugins/siem/public/pages/hosts/hosts.tsx b/x-pack/legacy/plugins/siem/public/pages/hosts/hosts.tsx index 2e2986fb632b19..06dffcdb220a94 100644 --- a/x-pack/legacy/plugins/siem/public/pages/hosts/hosts.tsx +++ b/x-pack/legacy/plugins/siem/public/pages/hosts/hosts.tsx @@ -29,6 +29,7 @@ import { useKibana } from '../../lib/kibana'; import { convertToBuildEsQuery } from '../../lib/keury'; import { inputsSelectors, State, hostsModel } from '../../store'; import { setAbsoluteRangeDatePicker as dispatchSetAbsoluteRangeDatePicker } from '../../store/inputs/actions'; + import { SpyRoute } from '../../utils/route/spy_routes'; import { esQuery } from '../../../../../../../src/plugins/data/public'; import { HostsEmptyPage } from './hosts_empty_page'; @@ -131,11 +132,11 @@ export const HostsComponent = React.memo( to={to} filterQuery={tabsFilterQuery} isInitializing={isInitializing} + setAbsoluteRangeDatePicker={setAbsoluteRangeDatePicker} setQuery={setQuery} from={from} type={hostsModel.HostsType.page} indexPattern={indexPattern} - setAbsoluteRangeDatePicker={setAbsoluteRangeDatePicker} hostsPagePath={hostsPagePath} /> diff --git a/x-pack/legacy/plugins/siem/public/pages/hosts/hosts_tabs.tsx b/x-pack/legacy/plugins/siem/public/pages/hosts/hosts_tabs.tsx index 9c13fc4ac386e5..0b83710a132935 100644 --- a/x-pack/legacy/plugins/siem/public/pages/hosts/hosts_tabs.tsx +++ b/x-pack/legacy/plugins/siem/public/pages/hosts/hosts_tabs.tsx @@ -52,9 +52,6 @@ const HostsTabs = memo( to: fromTo.to, }); }, - updateDateRange: (min: number, max: number) => { - setAbsoluteRangeDatePicker({ id: 'global', from: min, to: max }); - }, }; return ( diff --git a/x-pack/legacy/plugins/siem/public/pages/hosts/navigation/authentications_query_tab_body.tsx b/x-pack/legacy/plugins/siem/public/pages/hosts/navigation/authentications_query_tab_body.tsx index a6a0344599842a..fb083b7a7da2f3 100644 --- a/x-pack/legacy/plugins/siem/public/pages/hosts/navigation/authentications_query_tab_body.tsx +++ b/x-pack/legacy/plugins/siem/public/pages/hosts/navigation/authentications_query_tab_body.tsx @@ -14,11 +14,12 @@ import { hostsModel } from '../../../store/hosts'; import { MatrixHistogramOption, MatrixHistogramMappingTypes, + MatrixHisrogramConfigs, } from '../../../components/matrix_histogram/types'; -import { MatrixHistogramContainer } from '../../../containers/matrix_histogram'; +import { MatrixHistogramContainer } from '../../../components/matrix_histogram'; import { KpiHostsChartColors } from '../../../components/page/hosts/kpi_hosts/types'; -import { MatrixHistogramGqlQuery } from '../../../containers/matrix_histogram/index.gql_query'; import * as i18n from '../translations'; +import { HistogramType } from '../../../graphql/types'; const AuthenticationTableManage = manageQuery(AuthenticationTable); const ID = 'authenticationsOverTimeQuery'; @@ -28,6 +29,7 @@ const authStackByOptions: MatrixHistogramOption[] = [ value: 'event.type', }, ]; +const DEFAULT_STACK_BY = 'event.type'; enum AuthMatrixDataGroup { authSuccess = 'authentication_success', @@ -47,6 +49,16 @@ export const authMatrixDataMappingFields: MatrixHistogramMappingTypes = { }, }; +const histogramConfigs: MatrixHisrogramConfigs = { + defaultStackByOption: + authStackByOptions.find(o => o.text === DEFAULT_STACK_BY) ?? authStackByOptions[0], + errorMessage: i18n.ERROR_FETCHING_AUTHENTICATIONS_DATA, + histogramType: HistogramType.authentications, + mapping: authMatrixDataMappingFields, + stackByOptions: authStackByOptions, + title: i18n.NAVIGATION_AUTHENTICATIONS_TITLE, +}; + export const AuthenticationsQueryTabBody = ({ deleteQuery, endDate, @@ -55,7 +67,6 @@ export const AuthenticationsQueryTabBody = ({ setQuery, startDate, type, - updateDateRange = () => {}, }: HostsComponentsQueryProps) => { useEffect(() => { return () => { @@ -64,26 +75,18 @@ export const AuthenticationsQueryTabBody = ({ } }; }, [deleteQuery]); + return ( <> o.text === DEFAULT_STACK_BY) ?? eventsStackByOptions[0], + errorMessage: i18n.ERROR_FETCHING_EVENTS_DATA, + histogramType: HistogramType.events, + stackByOptions: eventsStackByOptions, + subtitle: undefined, + title: i18n.NAVIGATION_EVENTS_TITLE, +}; + export const EventsQueryTabBody = ({ deleteQuery, endDate, filterQuery, pageFilters, setQuery, - skip, startDate, - updateDateRange = () => {}, }: HostsComponentsQueryProps) => { useEffect(() => { return () => { @@ -49,25 +62,18 @@ export const EventsQueryTabBody = ({ } }; }, [deleteQuery]); + return ( <> = { + defaultStackByOption: + dnsStackByOptions.find(o => o.text === DEFAULT_STACK_BY) ?? dnsStackByOptions[0], + errorMessage: i18n.ERROR_FETCHING_DNS_DATA, + histogramType: HistogramType.dns, + stackByOptions: dnsStackByOptions, + subtitle: undefined, +}; + export const DnsQueryTabBody = ({ deleteQuery, endDate, @@ -36,7 +50,6 @@ export const DnsQueryTabBody = ({ startDate, setQuery, type, - updateDateRange = () => {}, }: NetworkComponentQueryProps) => { useEffect(() => { return () => { @@ -51,24 +64,26 @@ export const DnsQueryTabBody = ({ [] ); + const dnsHistogramConfigs: MatrixHisrogramConfigs = useMemo( + () => ({ + ...histogramConfigs, + title: getTitle, + }), + [getTitle] + ); + return ( <> { - setAbsoluteRangeDatePicker({ id: 'global', from: min, to: max }); - }, - [setAbsoluteRangeDatePicker] - ); const networkAnomaliesFilterQuery = { bool: { @@ -83,7 +77,6 @@ export const NetworkRoutes = ({ const tabProps = { ...commonProps, indexPattern, - updateDateRange, }; const anomaliesProps = { diff --git a/x-pack/legacy/plugins/siem/public/pages/network/navigation/types.ts b/x-pack/legacy/plugins/siem/public/pages/network/navigation/types.ts index b6063a81f31f65..222a99992917d3 100644 --- a/x-pack/legacy/plugins/siem/public/pages/network/navigation/types.ts +++ b/x-pack/legacy/plugins/siem/public/pages/network/navigation/types.ts @@ -13,7 +13,6 @@ import { ESTermQuery } from '../../../../common/typed_json'; import { GlobalTimeArgs } from '../../../containers/global_time'; import { SetAbsoluteRangeDatePicker } from '../types'; -import { UpdateDateRange } from '../../../components/charts/common'; import { NarrowDateRange } from '../../../components/ml/types'; interface QueryTabBodyProps extends Pick { @@ -22,7 +21,6 @@ interface QueryTabBodyProps extends Pick = ({ hideHeaderChildren = false, indexPattern, query = DEFAULT_QUERY, - setAbsoluteRangeDatePicker, setQuery, to, }) => { @@ -77,32 +74,26 @@ const AlertsByCategoryComponent: React.FC = ({ const kibana = useKibana(); const [defaultNumberFormat] = useUiSetting$(DEFAULT_NUMBER_FORMAT); - const updateDateRangeCallback = useCallback( - (min: number, max: number) => { - setAbsoluteRangeDatePicker!({ id: 'global', from: min, to: max }); - }, - [setAbsoluteRangeDatePicker] - ); const alertsCountViewAlertsButton = useMemo( () => {i18n.VIEW_ALERTS}, [] ); - const getSubtitle = useCallback( - (totalCount: number) => - `${SHOWING}: ${numeral(totalCount).format(defaultNumberFormat)} ${UNIT(totalCount)}`, + const alertsByCategoryHistogramConfigs: MatrixHisrogramConfigs = useMemo( + () => ({ + ...histogramConfigs, + defaultStackByOption: + alertsStackByOptions.find(o => o.text === DEFAULT_STACK_BY) ?? alertsStackByOptions[0], + getSubtitle: (totalCount: number) => + `${SHOWING}: ${numeral(totalCount).format(defaultNumberFormat)} ${UNIT(totalCount)}`, + legendPosition: Position.Right, + }), [] ); - const defaultStackByOption = - alertsStackByOptions.find(o => o.text === DEFAULT_STACK_BY) ?? alertsStackByOptions[0]; - return ( = ({ })} headerChildren={hideHeaderChildren ? null : alertsCountViewAlertsButton} id={ID} - isAlertsHistogram={true} - legendPosition={'right'} - query={MatrixHistogramGqlQuery} setQuery={setQuery} sourceId="default" - stackByOptions={alertsStackByOptions} startDate={from} - title={i18n.ALERTS_GRAPH_TITLE} - subtitle={getSubtitle} type={HostsType.page} - updateDateRange={updateDateRangeCallback} + {...alertsByCategoryHistogramConfigs} /> ); }; diff --git a/x-pack/legacy/plugins/siem/public/pages/overview/events_by_dataset/index.tsx b/x-pack/legacy/plugins/siem/public/pages/overview/events_by_dataset/index.tsx index 5b6ad69bcb15d0..315aac5fcae9ef 100644 --- a/x-pack/legacy/plugins/siem/public/pages/overview/events_by_dataset/index.tsx +++ b/x-pack/legacy/plugins/siem/public/pages/overview/events_by_dataset/index.tsx @@ -6,18 +6,14 @@ import { EuiButton } from '@elastic/eui'; import numeral from '@elastic/numeral'; -import React, { useCallback, useEffect, useMemo } from 'react'; +import React, { useEffect, useMemo } from 'react'; -import { - ERROR_FETCHING_EVENTS_DATA, - SHOWING, - UNIT, -} from '../../../components/events_viewer/translations'; +import { Position } from '@elastic/charts'; +import { SHOWING, UNIT } from '../../../components/events_viewer/translations'; import { convertToBuildEsQuery } from '../../../lib/keury'; -import { SetAbsoluteRangeDatePicker } from '../../network/types'; import { getTabsOnHostsUrl } from '../../../components/link_to/redirect_to_hosts'; -import { MatrixHistogramContainer } from '../../../containers/matrix_histogram'; -import { MatrixHistogramGqlQuery } from '../../../containers/matrix_histogram/index.gql_query'; +import { histogramConfigs } from '../../../pages/hosts/navigation/events_query_tab_body'; +import { MatrixHistogramContainer } from '../../../components/matrix_histogram'; import { eventsStackByOptions } from '../../hosts/navigation'; import { useKibana, useUiSetting$ } from '../../../lib/kibana'; import { @@ -31,6 +27,7 @@ import { HostsTableType, HostsType } from '../../../store/hosts/model'; import { DEFAULT_NUMBER_FORMAT } from '../../../../common/constants'; import * as i18n from '../translations'; +import { MatrixHisrogramConfigs } from '../../../components/matrix_histogram/types'; const NO_FILTERS: Filter[] = []; const DEFAULT_QUERY: Query = { query: '', language: 'kuery' }; @@ -44,7 +41,6 @@ interface Props { from: number; indexPattern: IIndexPattern; query?: Query; - setAbsoluteRangeDatePicker: SetAbsoluteRangeDatePicker; setQuery: (params: { id: string; inspect: inputsModel.InspectQuery | null; @@ -60,7 +56,6 @@ const EventsByDatasetComponent: React.FC = ({ from, indexPattern, query = DEFAULT_QUERY, - setAbsoluteRangeDatePicker, setQuery, to, }) => { @@ -70,31 +65,16 @@ const EventsByDatasetComponent: React.FC = ({ deleteQuery({ id: ID }); } }; - }, []); + }, [deleteQuery]); const kibana = useKibana(); const [defaultNumberFormat] = useUiSetting$(DEFAULT_NUMBER_FORMAT); - const updateDateRangeCallback = useCallback( - (min: number, max: number) => { - setAbsoluteRangeDatePicker!({ id: 'global', from: min, to: max }); - }, - [setAbsoluteRangeDatePicker] - ); const eventsCountViewEventsButton = useMemo( () => {i18n.VIEW_EVENTS}, [] ); - const getSubtitle = useCallback( - (totalCount: number) => - `${SHOWING}: ${numeral(totalCount).format(defaultNumberFormat)} ${UNIT(totalCount)}`, - [] - ); - - const defaultStackByOption = - eventsStackByOptions.find(o => o.text === DEFAULT_STACK_BY) ?? eventsStackByOptions[0]; - const filterQuery = useMemo( () => convertToBuildEsQuery({ @@ -106,26 +86,29 @@ const EventsByDatasetComponent: React.FC = ({ [kibana, indexPattern, query, filters] ); + const eventsByDatasetHistogramConfigs: MatrixHisrogramConfigs = useMemo( + () => ({ + ...histogramConfigs, + defaultStackByOption: + eventsStackByOptions.find(o => o.text === DEFAULT_STACK_BY) ?? eventsStackByOptions[0], + legendPosition: Position.Right, + subtitle: (totalCount: number) => + `${SHOWING}: ${numeral(totalCount).format(defaultNumberFormat)} ${UNIT(totalCount)}`, + }), + [] + ); + return ( ); }; diff --git a/x-pack/legacy/plugins/siem/public/pages/overview/overview.tsx b/x-pack/legacy/plugins/siem/public/pages/overview/overview.tsx index 6f8446a6b1609f..8505b91fe1ff56 100644 --- a/x-pack/legacy/plugins/siem/public/pages/overview/overview.tsx +++ b/x-pack/legacy/plugins/siem/public/pages/overview/overview.tsx @@ -85,7 +85,6 @@ const OverviewComponent: React.FC = ({ from={from} indexPattern={indexPattern} query={query} - setAbsoluteRangeDatePicker={setAbsoluteRangeDatePicker!} setQuery={setQuery} to={to} /> @@ -98,7 +97,6 @@ const OverviewComponent: React.FC = ({ from={from} indexPattern={indexPattern} query={query} - setAbsoluteRangeDatePicker={setAbsoluteRangeDatePicker!} setQuery={setQuery} to={to} /> diff --git a/x-pack/legacy/plugins/siem/server/graphql/alerts/index.ts b/x-pack/legacy/plugins/siem/server/graphql/alerts/index.ts deleted file mode 100644 index f2beae525ed6b7..00000000000000 --- a/x-pack/legacy/plugins/siem/server/graphql/alerts/index.ts +++ /dev/null @@ -1,8 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -export { createAlertsResolvers } from './resolvers'; -export { alertsSchema } from './schema.gql'; diff --git a/x-pack/legacy/plugins/siem/server/graphql/alerts/resolvers.ts b/x-pack/legacy/plugins/siem/server/graphql/alerts/resolvers.ts deleted file mode 100644 index 5a3a50d5c6ec68..00000000000000 --- a/x-pack/legacy/plugins/siem/server/graphql/alerts/resolvers.ts +++ /dev/null @@ -1,39 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import { Alerts } from '../../lib/alerts'; -import { AppResolverOf, ChildResolverOf } from '../../lib/framework'; -import { createOptions } from '../../utils/build_query/create_options'; -import { QuerySourceResolver } from '../sources/resolvers'; -import { SourceResolvers } from '../types'; - -export interface AlertsResolversDeps { - alerts: Alerts; -} - -type QueryAlertsHistogramResolver = ChildResolverOf< - AppResolverOf, - QuerySourceResolver ->; - -export const createAlertsResolvers = ( - libs: AlertsResolversDeps -): { - Source: { - AlertsHistogram: QueryAlertsHistogramResolver; - }; -} => ({ - Source: { - async AlertsHistogram(source, args, { req }, info) { - const options = { - ...createOptions(source, args, info), - defaultIndex: args.defaultIndex, - stackByField: args.stackByField, - }; - return libs.alerts.getAlertsHistogramData(req, options); - }, - }, -}); diff --git a/x-pack/legacy/plugins/siem/server/graphql/anomalies/schema.gql.ts b/x-pack/legacy/plugins/siem/server/graphql/anomalies/schema.gql.ts deleted file mode 100644 index a0b834f705696c..00000000000000 --- a/x-pack/legacy/plugins/siem/server/graphql/anomalies/schema.gql.ts +++ /dev/null @@ -1,24 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import gql from 'graphql-tag'; - -export const anomaliesSchema = gql` - type AnomaliesOverTimeData { - inspect: Inspect - matrixHistogramData: [MatrixOverTimeHistogramData!]! - totalCount: Float! - } - - extend type Source { - AnomaliesHistogram( - timerange: TimerangeInput! - filterQuery: String - defaultIndex: [String!]! - stackByField: String - ): AnomaliesOverTimeData! - } -`; diff --git a/x-pack/legacy/plugins/siem/server/graphql/authentications/resolvers.ts b/x-pack/legacy/plugins/siem/server/graphql/authentications/resolvers.ts index ce1c86ac8926c4..b66ccd9a111b70 100644 --- a/x-pack/legacy/plugins/siem/server/graphql/authentications/resolvers.ts +++ b/x-pack/legacy/plugins/siem/server/graphql/authentications/resolvers.ts @@ -7,7 +7,7 @@ import { SourceResolvers } from '../../graphql/types'; import { Authentications } from '../../lib/authentications'; import { AppResolverOf, ChildResolverOf } from '../../lib/framework'; -import { createOptionsPaginated, createOptions } from '../../utils/build_query/create_options'; +import { createOptionsPaginated } from '../../utils/build_query/create_options'; import { QuerySourceResolver } from '../sources/resolvers'; type QueryAuthenticationsResolver = ChildResolverOf< @@ -15,11 +15,6 @@ type QueryAuthenticationsResolver = ChildResolverOf< QuerySourceResolver >; -type QueryAuthenticationsOverTimeResolver = ChildResolverOf< - AppResolverOf, - QuerySourceResolver ->; - export interface AuthenticationsResolversDeps { authentications: Authentications; } @@ -29,7 +24,6 @@ export const createAuthenticationsResolvers = ( ): { Source: { Authentications: QueryAuthenticationsResolver; - AuthenticationsHistogram: QueryAuthenticationsOverTimeResolver; }; } => ({ Source: { @@ -37,13 +31,5 @@ export const createAuthenticationsResolvers = ( const options = createOptionsPaginated(source, args, info); return libs.authentications.getAuthentications(req, options); }, - async AuthenticationsHistogram(source, args, { req }, info) { - const options = { - ...createOptions(source, args, info), - defaultIndex: args.defaultIndex, - stackByField: args.stackByField, - }; - return libs.authentications.getAuthenticationsOverTime(req, options); - }, }, }); diff --git a/x-pack/legacy/plugins/siem/server/graphql/authentications/schema.gql.ts b/x-pack/legacy/plugins/siem/server/graphql/authentications/schema.gql.ts index 4acc72a5b0b6f1..20935ce9ed03fc 100644 --- a/x-pack/legacy/plugins/siem/server/graphql/authentications/schema.gql.ts +++ b/x-pack/legacy/plugins/siem/server/graphql/authentications/schema.gql.ts @@ -34,12 +34,6 @@ export const authenticationsSchema = gql` inspect: Inspect } - type AuthenticationsOverTimeData { - inspect: Inspect - matrixHistogramData: [MatrixOverTimeHistogramData!]! - totalCount: Float! - } - extend type Source { "Gets Authentication success and failures based on a timerange" Authentications( @@ -48,11 +42,5 @@ export const authenticationsSchema = gql` filterQuery: String defaultIndex: [String!]! ): AuthenticationsData! - AuthenticationsHistogram( - timerange: TimerangeInput! - filterQuery: String - defaultIndex: [String!]! - stackByField: String - ): AuthenticationsOverTimeData! } `; diff --git a/x-pack/legacy/plugins/siem/server/graphql/events/resolvers.ts b/x-pack/legacy/plugins/siem/server/graphql/events/resolvers.ts index 335f4c3bf4da37..a9ef6bc682c845 100644 --- a/x-pack/legacy/plugins/siem/server/graphql/events/resolvers.ts +++ b/x-pack/legacy/plugins/siem/server/graphql/events/resolvers.ts @@ -31,12 +31,6 @@ type QueryLastEventTimeResolver = ChildResolverOf< export interface EventsResolversDeps { events: Events; } - -type QueryEventsOverTimeResolver = ChildResolverOf< - AppResolverOf, - QuerySourceResolver ->; - export const createEventsResolvers = ( libs: EventsResolversDeps ): { @@ -44,7 +38,6 @@ export const createEventsResolvers = ( Timeline: QueryTimelineResolver; TimelineDetails: QueryTimelineDetailsResolver; LastEventTime: QueryLastEventTimeResolver; - EventsHistogram: QueryEventsOverTimeResolver; }; } => ({ Source: { @@ -71,14 +64,6 @@ export const createEventsResolvers = ( }; return libs.events.getLastEventTimeData(req, options); }, - async EventsHistogram(source, args, { req }, info) { - const options = { - ...createOptions(source, args, info), - defaultIndex: args.defaultIndex, - stackByField: args.stackByField, - }; - return libs.events.getEventsOverTime(req, options); - }, }, }); diff --git a/x-pack/legacy/plugins/siem/server/graphql/events/schema.gql.ts b/x-pack/legacy/plugins/siem/server/graphql/events/schema.gql.ts index 9b321d10614fc2..3b71977bc0d478 100644 --- a/x-pack/legacy/plugins/siem/server/graphql/events/schema.gql.ts +++ b/x-pack/legacy/plugins/siem/server/graphql/events/schema.gql.ts @@ -68,18 +68,6 @@ export const eventsSchema = gql` network } - type MatrixOverTimeHistogramData { - x: Float! - y: Float! - g: String! - } - - type EventsOverTimeData { - inspect: Inspect - matrixHistogramData: [MatrixOverTimeHistogramData!]! - totalCount: Float! - } - extend type Source { Timeline( pagination: PaginationInput! @@ -100,11 +88,5 @@ export const eventsSchema = gql` details: LastTimeDetails! defaultIndex: [String!]! ): LastEventTimeData! - EventsHistogram( - timerange: TimerangeInput! - filterQuery: String - defaultIndex: [String!]! - stackByField: String - ): EventsOverTimeData! } `; diff --git a/x-pack/legacy/plugins/siem/server/graphql/index.ts b/x-pack/legacy/plugins/siem/server/graphql/index.ts index 60853e2ce7bed4..7e257357078939 100644 --- a/x-pack/legacy/plugins/siem/server/graphql/index.ts +++ b/x-pack/legacy/plugins/siem/server/graphql/index.ts @@ -7,7 +7,6 @@ import { rootSchema } from '../../common/graphql/root'; import { sharedSchema } from '../../common/graphql/shared'; -import { anomaliesSchema } from './anomalies'; import { authenticationsSchema } from './authentications'; import { ecsSchema } from './ecs'; import { eventsSchema } from './events'; @@ -30,10 +29,8 @@ import { timelineSchema } from './timeline'; import { tlsSchema } from './tls'; import { uncommonProcessesSchema } from './uncommon_processes'; import { whoAmISchema } from './who_am_i'; -import { alertsSchema } from './alerts'; +import { matrixHistogramSchema } from './matrix_histogram'; export const schemas = [ - alertsSchema, - anomaliesSchema, authenticationsSchema, ecsSchema, eventsSchema, @@ -46,6 +43,7 @@ export const schemas = [ ...ipDetailsSchemas, kpiNetworkSchema, kpiHostsSchema, + matrixHistogramSchema, networkSchema, noteSchema, overviewSchema, diff --git a/x-pack/legacy/plugins/siem/server/graphql/anomalies/index.ts b/x-pack/legacy/plugins/siem/server/graphql/matrix_histogram/index.ts similarity index 67% rename from x-pack/legacy/plugins/siem/server/graphql/anomalies/index.ts rename to x-pack/legacy/plugins/siem/server/graphql/matrix_histogram/index.ts index 4bfd6be173105d..1460b6022bb133 100644 --- a/x-pack/legacy/plugins/siem/server/graphql/anomalies/index.ts +++ b/x-pack/legacy/plugins/siem/server/graphql/matrix_histogram/index.ts @@ -4,5 +4,5 @@ * you may not use this file except in compliance with the Elastic License. */ -export { createAnomaliesResolvers } from './resolvers'; -export { anomaliesSchema } from './schema.gql'; +export { createMatrixHistogramResolvers } from './resolvers'; +export { matrixHistogramSchema } from './schema.gql'; diff --git a/x-pack/legacy/plugins/siem/server/graphql/anomalies/resolvers.ts b/x-pack/legacy/plugins/siem/server/graphql/matrix_histogram/resolvers.ts similarity index 55% rename from x-pack/legacy/plugins/siem/server/graphql/anomalies/resolvers.ts rename to x-pack/legacy/plugins/siem/server/graphql/matrix_histogram/resolvers.ts index e7b7a640c58d23..35cebe4777dcf3 100644 --- a/x-pack/legacy/plugins/siem/server/graphql/anomalies/resolvers.ts +++ b/x-pack/legacy/plugins/siem/server/graphql/matrix_histogram/resolvers.ts @@ -4,36 +4,36 @@ * you may not use this file except in compliance with the Elastic License. */ -import { Anomalies } from '../../lib/anomalies'; +import { MatrixHistogram } from '../../lib/matrix_histogram'; import { AppResolverOf, ChildResolverOf } from '../../lib/framework'; import { createOptions } from '../../utils/build_query/create_options'; import { QuerySourceResolver } from '../sources/resolvers'; import { SourceResolvers } from '../types'; -export interface AnomaliesResolversDeps { - anomalies: Anomalies; +export interface MatrixHistogramResolversDeps { + matrixHistogram: MatrixHistogram; } -type QueryAnomaliesOverTimeResolver = ChildResolverOf< - AppResolverOf, +type QueryMatrixHistogramResolver = ChildResolverOf< + AppResolverOf, QuerySourceResolver >; -export const createAnomaliesResolvers = ( - libs: AnomaliesResolversDeps +export const createMatrixHistogramResolvers = ( + libs: MatrixHistogramResolversDeps ): { Source: { - AnomaliesHistogram: QueryAnomaliesOverTimeResolver; + MatrixHistogram: QueryMatrixHistogramResolver; }; } => ({ Source: { - async AnomaliesHistogram(source, args, { req }, info) { + async MatrixHistogram(source, args, { req }, info) { const options = { ...createOptions(source, args, info), - defaultIndex: args.defaultIndex, stackByField: args.stackByField, + histogramType: args.histogramType, }; - return libs.anomalies.getAnomaliesOverTime(req, options); + return libs.matrixHistogram.getMatrixHistogramData(req, options); }, }, }); diff --git a/x-pack/legacy/plugins/siem/server/graphql/alerts/schema.gql.ts b/x-pack/legacy/plugins/siem/server/graphql/matrix_histogram/schema.gql.ts similarity index 57% rename from x-pack/legacy/plugins/siem/server/graphql/alerts/schema.gql.ts rename to x-pack/legacy/plugins/siem/server/graphql/matrix_histogram/schema.gql.ts index ca91468b1e0f22..deda6dc6e5c1a7 100644 --- a/x-pack/legacy/plugins/siem/server/graphql/alerts/schema.gql.ts +++ b/x-pack/legacy/plugins/siem/server/graphql/matrix_histogram/schema.gql.ts @@ -6,19 +6,34 @@ import gql from 'graphql-tag'; -export const alertsSchema = gql` - type AlertsOverTimeData { +export const matrixHistogramSchema = gql` + type MatrixOverTimeHistogramData { + x: Float + y: Float + g: String + } + + type MatrixHistogramOverTimeData { inspect: Inspect matrixHistogramData: [MatrixOverTimeHistogramData!]! totalCount: Float! } + enum HistogramType { + authentications + anomalies + events + alerts + dns + } + extend type Source { - AlertsHistogram( + MatrixHistogram( filterQuery: String defaultIndex: [String!]! timerange: TimerangeInput! - stackByField: String - ): AlertsOverTimeData! + stackByField: String! + histogramType: HistogramType! + ): MatrixHistogramOverTimeData! } `; diff --git a/x-pack/legacy/plugins/siem/server/graphql/network/resolvers.ts b/x-pack/legacy/plugins/siem/server/graphql/network/resolvers.ts index 06d6b8c516d8bd..db15babc42a722 100644 --- a/x-pack/legacy/plugins/siem/server/graphql/network/resolvers.ts +++ b/x-pack/legacy/plugins/siem/server/graphql/network/resolvers.ts @@ -7,7 +7,7 @@ import { SourceResolvers } from '../../graphql/types'; import { AppResolverOf, ChildResolverOf } from '../../lib/framework'; import { Network } from '../../lib/network'; -import { createOptionsPaginated, createOptions } from '../../utils/build_query/create_options'; +import { createOptionsPaginated } from '../../utils/build_query/create_options'; import { QuerySourceResolver } from '../sources/resolvers'; type QueryNetworkTopCountriesResolver = ChildResolverOf< @@ -30,10 +30,6 @@ type QueryDnsResolver = ChildResolverOf< QuerySourceResolver >; -type QueryDnsHistogramResolver = ChildResolverOf< - AppResolverOf, - QuerySourceResolver ->; export interface NetworkResolversDeps { network: Network; } @@ -46,7 +42,6 @@ export const createNetworkResolvers = ( NetworkTopCountries: QueryNetworkTopCountriesResolver; NetworkTopNFlow: QueryNetworkTopNFlowResolver; NetworkDns: QueryDnsResolver; - NetworkDnsHistogram: QueryDnsHistogramResolver; }; } => ({ Source: { @@ -84,12 +79,5 @@ export const createNetworkResolvers = ( }; return libs.network.getNetworkDns(req, options); }, - async NetworkDnsHistogram(source, args, { req }, info) { - const options = { - ...createOptions(source, args, info), - stackByField: args.stackByField, - }; - return libs.network.getNetworkDnsHistogramData(req, options); - }, }, }); diff --git a/x-pack/legacy/plugins/siem/server/graphql/types.ts b/x-pack/legacy/plugins/siem/server/graphql/types.ts index c3fd6e9dde2865..f42da48f2c1dac 100644 --- a/x-pack/legacy/plugins/siem/server/graphql/types.ts +++ b/x-pack/legacy/plugins/siem/server/graphql/types.ts @@ -303,6 +303,14 @@ export enum FlowTarget { source = 'source', } +export enum HistogramType { + authentications = 'authentications', + anomalies = 'anomalies', + events = 'events', + alerts = 'alerts', + dns = 'dns', +} + export enum FlowTargetSourceDest { destination = 'destination', source = 'source', @@ -462,22 +470,14 @@ export interface Source { configuration: SourceConfiguration; /** The status of the source */ status: SourceStatus; - - AlertsHistogram: AlertsOverTimeData; - - AnomaliesHistogram: AnomaliesOverTimeData; /** Gets Authentication success and failures based on a timerange */ Authentications: AuthenticationsData; - AuthenticationsHistogram: AuthenticationsOverTimeData; - Timeline: TimelineData; TimelineDetails: TimelineDetailsData; LastEventTime: LastEventTimeData; - - EventsHistogram: EventsOverTimeData; /** Gets Hosts based on timerange and specified criteria, or all events in the timerange if no criteria is specified */ Hosts: HostsData; @@ -495,6 +495,8 @@ export interface Source { KpiHostDetails: KpiHostDetailsData; + MatrixHistogram: MatrixHistogramOverTimeData; + NetworkTopCountries: NetworkTopCountriesData; NetworkTopNFlow: NetworkTopNFlowData; @@ -568,36 +570,6 @@ export interface IndexField { format?: Maybe; } -export interface AlertsOverTimeData { - inspect?: Maybe; - - matrixHistogramData: MatrixOverTimeHistogramData[]; - - totalCount: number; -} - -export interface Inspect { - dsl: string[]; - - response: string[]; -} - -export interface MatrixOverTimeHistogramData { - x: number; - - y: number; - - g: string; -} - -export interface AnomaliesOverTimeData { - inspect?: Maybe; - - matrixHistogramData: MatrixOverTimeHistogramData[]; - - totalCount: number; -} - export interface AuthenticationsData { edges: AuthenticationsEdges[]; @@ -732,12 +704,10 @@ export interface PageInfoPaginated { showMorePagesIndicator: boolean; } -export interface AuthenticationsOverTimeData { - inspect?: Maybe; - - matrixHistogramData: MatrixOverTimeHistogramData[]; +export interface Inspect { + dsl: string[]; - totalCount: number; + response: string[]; } export interface TimelineData { @@ -1392,14 +1362,6 @@ export interface LastEventTimeData { inspect?: Maybe; } -export interface EventsOverTimeData { - inspect?: Maybe; - - matrixHistogramData: MatrixOverTimeHistogramData[]; - - totalCount: number; -} - export interface HostsData { edges: HostsEdges[]; @@ -1600,6 +1562,22 @@ export interface KpiHostDetailsData { inspect?: Maybe; } +export interface MatrixHistogramOverTimeData { + inspect?: Maybe; + + matrixHistogramData: MatrixOverTimeHistogramData[]; + + totalCount: number; +} + +export interface MatrixOverTimeHistogramData { + x?: Maybe; + + y?: Maybe; + + g?: Maybe; +} + export interface NetworkTopCountriesData { edges: NetworkTopCountriesEdges[]; @@ -2243,24 +2221,6 @@ export interface GetAllTimelineQueryArgs { onlyUserFavorite?: Maybe; } -export interface AlertsHistogramSourceArgs { - filterQuery?: Maybe; - - defaultIndex: string[]; - - timerange: TimerangeInput; - - stackByField?: Maybe; -} -export interface AnomaliesHistogramSourceArgs { - timerange: TimerangeInput; - - filterQuery?: Maybe; - - defaultIndex: string[]; - - stackByField?: Maybe; -} export interface AuthenticationsSourceArgs { timerange: TimerangeInput; @@ -2270,15 +2230,6 @@ export interface AuthenticationsSourceArgs { defaultIndex: string[]; } -export interface AuthenticationsHistogramSourceArgs { - timerange: TimerangeInput; - - filterQuery?: Maybe; - - defaultIndex: string[]; - - stackByField?: Maybe; -} export interface TimelineSourceArgs { pagination: PaginationInput; @@ -2308,15 +2259,6 @@ export interface LastEventTimeSourceArgs { defaultIndex: string[]; } -export interface EventsHistogramSourceArgs { - timerange: TimerangeInput; - - filterQuery?: Maybe; - - defaultIndex: string[]; - - stackByField?: Maybe; -} export interface HostsSourceArgs { id?: Maybe; @@ -2399,6 +2341,17 @@ export interface KpiHostDetailsSourceArgs { defaultIndex: string[]; } +export interface MatrixHistogramSourceArgs { + filterQuery?: Maybe; + + defaultIndex: string[]; + + timerange: TimerangeInput; + + stackByField: string; + + histogramType: HistogramType; +} export interface NetworkTopCountriesSourceArgs { id?: Maybe; @@ -2910,26 +2863,14 @@ export namespace SourceResolvers { configuration?: ConfigurationResolver; /** The status of the source */ status?: StatusResolver; - - AlertsHistogram?: AlertsHistogramResolver; - - AnomaliesHistogram?: AnomaliesHistogramResolver; /** Gets Authentication success and failures based on a timerange */ Authentications?: AuthenticationsResolver; - AuthenticationsHistogram?: AuthenticationsHistogramResolver< - AuthenticationsOverTimeData, - TypeParent, - TContext - >; - Timeline?: TimelineResolver; TimelineDetails?: TimelineDetailsResolver; LastEventTime?: LastEventTimeResolver; - - EventsHistogram?: EventsHistogramResolver; /** Gets Hosts based on timerange and specified criteria, or all events in the timerange if no criteria is specified */ Hosts?: HostsResolver; @@ -2947,6 +2888,8 @@ export namespace SourceResolvers { KpiHostDetails?: KpiHostDetailsResolver; + MatrixHistogram?: MatrixHistogramResolver; + NetworkTopCountries?: NetworkTopCountriesResolver< NetworkTopCountriesData, TypeParent, @@ -2987,36 +2930,6 @@ export namespace SourceResolvers { Parent, TContext >; - export type AlertsHistogramResolver< - R = AlertsOverTimeData, - Parent = Source, - TContext = SiemContext - > = Resolver; - export interface AlertsHistogramArgs { - filterQuery?: Maybe; - - defaultIndex: string[]; - - timerange: TimerangeInput; - - stackByField?: Maybe; - } - - export type AnomaliesHistogramResolver< - R = AnomaliesOverTimeData, - Parent = Source, - TContext = SiemContext - > = Resolver; - export interface AnomaliesHistogramArgs { - timerange: TimerangeInput; - - filterQuery?: Maybe; - - defaultIndex: string[]; - - stackByField?: Maybe; - } - export type AuthenticationsResolver< R = AuthenticationsData, Parent = Source, @@ -3032,21 +2945,6 @@ export namespace SourceResolvers { defaultIndex: string[]; } - export type AuthenticationsHistogramResolver< - R = AuthenticationsOverTimeData, - Parent = Source, - TContext = SiemContext - > = Resolver; - export interface AuthenticationsHistogramArgs { - timerange: TimerangeInput; - - filterQuery?: Maybe; - - defaultIndex: string[]; - - stackByField?: Maybe; - } - export type TimelineResolver< R = TimelineData, Parent = Source, @@ -3094,21 +2992,6 @@ export namespace SourceResolvers { defaultIndex: string[]; } - export type EventsHistogramResolver< - R = EventsOverTimeData, - Parent = Source, - TContext = SiemContext - > = Resolver; - export interface EventsHistogramArgs { - timerange: TimerangeInput; - - filterQuery?: Maybe; - - defaultIndex: string[]; - - stackByField?: Maybe; - } - export type HostsResolver = Resolver< R, Parent, @@ -3241,6 +3124,23 @@ export namespace SourceResolvers { defaultIndex: string[]; } + export type MatrixHistogramResolver< + R = MatrixHistogramOverTimeData, + Parent = Source, + TContext = SiemContext + > = Resolver; + export interface MatrixHistogramArgs { + filterQuery?: Maybe; + + defaultIndex: string[]; + + timerange: TimerangeInput; + + stackByField: string; + + histogramType: HistogramType; + } + export type NetworkTopCountriesResolver< R = NetworkTopCountriesData, Parent = Source, @@ -3579,111 +3479,6 @@ export namespace IndexFieldResolvers { > = Resolver; } -export namespace AlertsOverTimeDataResolvers { - export interface Resolvers { - inspect?: InspectResolver, TypeParent, TContext>; - - matrixHistogramData?: MatrixHistogramDataResolver< - MatrixOverTimeHistogramData[], - TypeParent, - TContext - >; - - totalCount?: TotalCountResolver; - } - - export type InspectResolver< - R = Maybe, - Parent = AlertsOverTimeData, - TContext = SiemContext - > = Resolver; - export type MatrixHistogramDataResolver< - R = MatrixOverTimeHistogramData[], - Parent = AlertsOverTimeData, - TContext = SiemContext - > = Resolver; - export type TotalCountResolver< - R = number, - Parent = AlertsOverTimeData, - TContext = SiemContext - > = Resolver; -} - -export namespace InspectResolvers { - export interface Resolvers { - dsl?: DslResolver; - - response?: ResponseResolver; - } - - export type DslResolver = Resolver< - R, - Parent, - TContext - >; - export type ResponseResolver = Resolver< - R, - Parent, - TContext - >; -} - -export namespace MatrixOverTimeHistogramDataResolvers { - export interface Resolvers { - x?: XResolver; - - y?: YResolver; - - g?: GResolver; - } - - export type XResolver< - R = number, - Parent = MatrixOverTimeHistogramData, - TContext = SiemContext - > = Resolver; - export type YResolver< - R = number, - Parent = MatrixOverTimeHistogramData, - TContext = SiemContext - > = Resolver; - export type GResolver< - R = string, - Parent = MatrixOverTimeHistogramData, - TContext = SiemContext - > = Resolver; -} - -export namespace AnomaliesOverTimeDataResolvers { - export interface Resolvers { - inspect?: InspectResolver, TypeParent, TContext>; - - matrixHistogramData?: MatrixHistogramDataResolver< - MatrixOverTimeHistogramData[], - TypeParent, - TContext - >; - - totalCount?: TotalCountResolver; - } - - export type InspectResolver< - R = Maybe, - Parent = AnomaliesOverTimeData, - TContext = SiemContext - > = Resolver; - export type MatrixHistogramDataResolver< - R = MatrixOverTimeHistogramData[], - Parent = AnomaliesOverTimeData, - TContext = SiemContext - > = Resolver; - export type TotalCountResolver< - R = number, - Parent = AnomaliesOverTimeData, - TContext = SiemContext - > = Resolver; -} - export namespace AuthenticationsDataResolvers { export interface Resolvers { edges?: EdgesResolver; @@ -4129,34 +3924,23 @@ export namespace PageInfoPaginatedResolvers { > = Resolver; } -export namespace AuthenticationsOverTimeDataResolvers { - export interface Resolvers { - inspect?: InspectResolver, TypeParent, TContext>; - - matrixHistogramData?: MatrixHistogramDataResolver< - MatrixOverTimeHistogramData[], - TypeParent, - TContext - >; +export namespace InspectResolvers { + export interface Resolvers { + dsl?: DslResolver; - totalCount?: TotalCountResolver; + response?: ResponseResolver; } - export type InspectResolver< - R = Maybe, - Parent = AuthenticationsOverTimeData, - TContext = SiemContext - > = Resolver; - export type MatrixHistogramDataResolver< - R = MatrixOverTimeHistogramData[], - Parent = AuthenticationsOverTimeData, - TContext = SiemContext - > = Resolver; - export type TotalCountResolver< - R = number, - Parent = AuthenticationsOverTimeData, - TContext = SiemContext - > = Resolver; + export type DslResolver = Resolver< + R, + Parent, + TContext + >; + export type ResponseResolver = Resolver< + R, + Parent, + TContext + >; } export namespace TimelineDataResolvers { @@ -6343,36 +6127,6 @@ export namespace LastEventTimeDataResolvers { > = Resolver; } -export namespace EventsOverTimeDataResolvers { - export interface Resolvers { - inspect?: InspectResolver, TypeParent, TContext>; - - matrixHistogramData?: MatrixHistogramDataResolver< - MatrixOverTimeHistogramData[], - TypeParent, - TContext - >; - - totalCount?: TotalCountResolver; - } - - export type InspectResolver< - R = Maybe, - Parent = EventsOverTimeData, - TContext = SiemContext - > = Resolver; - export type MatrixHistogramDataResolver< - R = MatrixOverTimeHistogramData[], - Parent = EventsOverTimeData, - TContext = SiemContext - > = Resolver; - export type TotalCountResolver< - R = number, - Parent = EventsOverTimeData, - TContext = SiemContext - > = Resolver; -} - export namespace HostsDataResolvers { export interface Resolvers { edges?: EdgesResolver; @@ -7077,6 +6831,62 @@ export namespace KpiHostDetailsDataResolvers { > = Resolver; } +export namespace MatrixHistogramOverTimeDataResolvers { + export interface Resolvers { + inspect?: InspectResolver, TypeParent, TContext>; + + matrixHistogramData?: MatrixHistogramDataResolver< + MatrixOverTimeHistogramData[], + TypeParent, + TContext + >; + + totalCount?: TotalCountResolver; + } + + export type InspectResolver< + R = Maybe, + Parent = MatrixHistogramOverTimeData, + TContext = SiemContext + > = Resolver; + export type MatrixHistogramDataResolver< + R = MatrixOverTimeHistogramData[], + Parent = MatrixHistogramOverTimeData, + TContext = SiemContext + > = Resolver; + export type TotalCountResolver< + R = number, + Parent = MatrixHistogramOverTimeData, + TContext = SiemContext + > = Resolver; +} + +export namespace MatrixOverTimeHistogramDataResolvers { + export interface Resolvers { + x?: XResolver, TypeParent, TContext>; + + y?: YResolver, TypeParent, TContext>; + + g?: GResolver, TypeParent, TContext>; + } + + export type XResolver< + R = Maybe, + Parent = MatrixOverTimeHistogramData, + TContext = SiemContext + > = Resolver; + export type YResolver< + R = Maybe, + Parent = MatrixOverTimeHistogramData, + TContext = SiemContext + > = Resolver; + export type GResolver< + R = Maybe, + Parent = MatrixOverTimeHistogramData, + TContext = SiemContext + > = Resolver; +} + export namespace NetworkTopCountriesDataResolvers { export interface Resolvers { edges?: EdgesResolver; @@ -9224,10 +9034,6 @@ export type IResolvers = { SourceFields?: SourceFieldsResolvers.Resolvers; SourceStatus?: SourceStatusResolvers.Resolvers; IndexField?: IndexFieldResolvers.Resolvers; - AlertsOverTimeData?: AlertsOverTimeDataResolvers.Resolvers; - Inspect?: InspectResolvers.Resolvers; - MatrixOverTimeHistogramData?: MatrixOverTimeHistogramDataResolvers.Resolvers; - AnomaliesOverTimeData?: AnomaliesOverTimeDataResolvers.Resolvers; AuthenticationsData?: AuthenticationsDataResolvers.Resolvers; AuthenticationsEdges?: AuthenticationsEdgesResolvers.Resolvers; AuthenticationItem?: AuthenticationItemResolvers.Resolvers; @@ -9240,7 +9046,7 @@ export type IResolvers = { OsEcsFields?: OsEcsFieldsResolvers.Resolvers; CursorType?: CursorTypeResolvers.Resolvers; PageInfoPaginated?: PageInfoPaginatedResolvers.Resolvers; - AuthenticationsOverTimeData?: AuthenticationsOverTimeDataResolvers.Resolvers; + Inspect?: InspectResolvers.Resolvers; TimelineData?: TimelineDataResolvers.Resolvers; TimelineEdges?: TimelineEdgesResolvers.Resolvers; TimelineItem?: TimelineItemResolvers.Resolvers; @@ -9294,7 +9100,6 @@ export type IResolvers = { TimelineDetailsData?: TimelineDetailsDataResolvers.Resolvers; DetailItem?: DetailItemResolvers.Resolvers; LastEventTimeData?: LastEventTimeDataResolvers.Resolvers; - EventsOverTimeData?: EventsOverTimeDataResolvers.Resolvers; HostsData?: HostsDataResolvers.Resolvers; HostsEdges?: HostsEdgesResolvers.Resolvers; HostItem?: HostItemResolvers.Resolvers; @@ -9315,6 +9120,8 @@ export type IResolvers = { KpiHostsData?: KpiHostsDataResolvers.Resolvers; KpiHostHistogramData?: KpiHostHistogramDataResolvers.Resolvers; KpiHostDetailsData?: KpiHostDetailsDataResolvers.Resolvers; + MatrixHistogramOverTimeData?: MatrixHistogramOverTimeDataResolvers.Resolvers; + MatrixOverTimeHistogramData?: MatrixOverTimeHistogramDataResolvers.Resolvers; NetworkTopCountriesData?: NetworkTopCountriesDataResolvers.Resolvers; NetworkTopCountriesEdges?: NetworkTopCountriesEdgesResolvers.Resolvers; NetworkTopCountriesItem?: NetworkTopCountriesItemResolvers.Resolvers; diff --git a/x-pack/legacy/plugins/siem/server/init_server.ts b/x-pack/legacy/plugins/siem/server/init_server.ts index 1f4f1b176497fd..6158a33c25cfa2 100644 --- a/x-pack/legacy/plugins/siem/server/init_server.ts +++ b/x-pack/legacy/plugins/siem/server/init_server.ts @@ -6,7 +6,6 @@ import { IResolvers, makeExecutableSchema } from 'graphql-tools'; import { schemas } from './graphql'; -import { createAnomaliesResolvers } from './graphql/anomalies'; import { createAuthenticationsResolvers } from './graphql/authentications'; import { createScalarToStringArrayValueResolvers } from './graphql/ecs'; import { createEsValueResolvers, createEventsResolvers } from './graphql/events'; @@ -30,19 +29,18 @@ import { createUncommonProcessesResolvers } from './graphql/uncommon_processes'; import { createWhoAmIResolvers } from './graphql/who_am_i'; import { AppBackendLibs } from './lib/types'; import { createTlsResolvers } from './graphql/tls'; -import { createAlertsResolvers } from './graphql/alerts'; +import { createMatrixHistogramResolvers } from './graphql/matrix_histogram'; export const initServer = (libs: AppBackendLibs) => { const schema = makeExecutableSchema({ resolvers: [ - createAlertsResolvers(libs) as IResolvers, - createAnomaliesResolvers(libs) as IResolvers, createAuthenticationsResolvers(libs) as IResolvers, createEsValueResolvers() as IResolvers, createEventsResolvers(libs) as IResolvers, createHostsResolvers(libs) as IResolvers, createIpDetailsResolvers(libs) as IResolvers, createKpiNetworkResolvers(libs) as IResolvers, + createMatrixHistogramResolvers(libs) as IResolvers, createNoteResolvers(libs) as IResolvers, createPinnedEventResolvers(libs) as IResolvers, createSourcesResolvers(libs) as IResolvers, diff --git a/x-pack/legacy/plugins/siem/server/lib/alerts/elasticsearch_adapter.ts b/x-pack/legacy/plugins/siem/server/lib/alerts/elasticsearch_adapter.ts deleted file mode 100644 index cedd7815968120..00000000000000 --- a/x-pack/legacy/plugins/siem/server/lib/alerts/elasticsearch_adapter.ts +++ /dev/null @@ -1,63 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import { get, getOr } from 'lodash/fp'; - -import { AlertsOverTimeData, MatrixOverTimeHistogramData } from '../../graphql/types'; - -import { inspectStringifyObject } from '../../utils/build_query'; - -import { FrameworkAdapter, FrameworkRequest, MatrixHistogramRequestOptions } from '../framework'; -import { buildAlertsHistogramQuery } from './query.dsl'; - -import { AlertsAdapter, AlertsGroupData, AlertsBucket } from './types'; -import { TermAggregation } from '../types'; -import { EventHit } from '../events/types'; - -export class ElasticsearchAlertsAdapter implements AlertsAdapter { - constructor(private readonly framework: FrameworkAdapter) {} - - public async getAlertsHistogramData( - request: FrameworkRequest, - options: MatrixHistogramRequestOptions - ): Promise { - const dsl = buildAlertsHistogramQuery(options); - const response = await this.framework.callWithRequest( - request, - 'search', - dsl - ); - const totalCount = getOr(0, 'hits.total.value', response); - const matrixHistogramData = getOr([], 'aggregations.alertsByModuleGroup.buckets', response); - const inspect = { - dsl: [inspectStringifyObject(dsl)], - response: [inspectStringifyObject(response)], - }; - return { - inspect, - matrixHistogramData: getAlertsOverTimeByModule(matrixHistogramData), - totalCount, - }; - } -} - -const getAlertsOverTimeByModule = (data: AlertsGroupData[]): MatrixOverTimeHistogramData[] => { - let result: MatrixOverTimeHistogramData[] = []; - data.forEach(({ key: group, alerts }) => { - const alertsData: AlertsBucket[] = get('buckets', alerts); - - result = [ - ...result, - ...alertsData.map(({ key, doc_count }: AlertsBucket) => ({ - x: key, - y: doc_count, - g: group, - })), - ]; - }); - - return result; -}; diff --git a/x-pack/legacy/plugins/siem/server/lib/alerts/index.ts b/x-pack/legacy/plugins/siem/server/lib/alerts/index.ts deleted file mode 100644 index 9cfb1841edfefe..00000000000000 --- a/x-pack/legacy/plugins/siem/server/lib/alerts/index.ts +++ /dev/null @@ -1,21 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import { FrameworkRequest, MatrixHistogramRequestOptions } from '../framework'; -export * from './elasticsearch_adapter'; -import { AlertsAdapter } from './types'; -import { AlertsOverTimeData } from '../../graphql/types'; - -export class Alerts { - constructor(private readonly adapter: AlertsAdapter) {} - - public async getAlertsHistogramData( - req: FrameworkRequest, - options: MatrixHistogramRequestOptions - ): Promise { - return this.adapter.getAlertsHistogramData(req, options); - } -} diff --git a/x-pack/legacy/plugins/siem/server/lib/alerts/types.ts b/x-pack/legacy/plugins/siem/server/lib/alerts/types.ts deleted file mode 100644 index 67da38e8052d29..00000000000000 --- a/x-pack/legacy/plugins/siem/server/lib/alerts/types.ts +++ /dev/null @@ -1,27 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import { AlertsOverTimeData } from '../../graphql/types'; -import { FrameworkRequest, MatrixHistogramRequestOptions } from '../framework'; - -export interface AlertsBucket { - key: number; - doc_count: number; -} - -export interface AlertsGroupData { - key: string; - doc_count: number; - alerts: { - buckets: AlertsBucket[]; - }; -} -export interface AlertsAdapter { - getAlertsHistogramData( - request: FrameworkRequest, - options: MatrixHistogramRequestOptions - ): Promise; -} diff --git a/x-pack/legacy/plugins/siem/server/lib/anomalies/elasticsearch_adapter.ts b/x-pack/legacy/plugins/siem/server/lib/anomalies/elasticsearch_adapter.ts deleted file mode 100644 index 0955bc69c7c939..00000000000000 --- a/x-pack/legacy/plugins/siem/server/lib/anomalies/elasticsearch_adapter.ts +++ /dev/null @@ -1,64 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import { getOr } from 'lodash/fp'; - -import { AnomaliesOverTimeData } from '../../graphql/types'; -import { inspectStringifyObject } from '../../utils/build_query'; -import { FrameworkAdapter, FrameworkRequest, MatrixHistogramRequestOptions } from '../framework'; -import { TermAggregation } from '../types'; - -import { AnomalyHit, AnomaliesAdapter, AnomaliesActionGroupData } from './types'; -import { buildAnomaliesOverTimeQuery } from './query.anomalies_over_time.dsl'; -import { MatrixOverTimeHistogramData } from '../../../public/graphql/types'; - -export class ElasticsearchAnomaliesAdapter implements AnomaliesAdapter { - constructor(private readonly framework: FrameworkAdapter) {} - - public async getAnomaliesOverTime( - request: FrameworkRequest, - options: MatrixHistogramRequestOptions - ): Promise { - const dsl = buildAnomaliesOverTimeQuery(options); - - const response = await this.framework.callWithRequest( - request, - 'search', - dsl - ); - - const totalCount = getOr(0, 'hits.total.value', response); - const anomaliesOverTimeBucket = getOr([], 'aggregations.anomalyActionGroup.buckets', response); - - const inspect = { - dsl: [inspectStringifyObject(dsl)], - response: [inspectStringifyObject(response)], - }; - return { - inspect, - matrixHistogramData: getAnomaliesOverTimeByJobId(anomaliesOverTimeBucket), - totalCount, - }; - } -} - -const getAnomaliesOverTimeByJobId = ( - data: AnomaliesActionGroupData[] -): MatrixOverTimeHistogramData[] => { - let result: MatrixOverTimeHistogramData[] = []; - data.forEach(({ key: group, anomalies }) => { - const anomaliesData = getOr([], 'buckets', anomalies).map( - ({ key, doc_count }: { key: number; doc_count: number }) => ({ - x: key, - y: doc_count, - g: group, - }) - ); - result = [...result, ...anomaliesData]; - }); - - return result; -}; diff --git a/x-pack/legacy/plugins/siem/server/lib/anomalies/types.ts b/x-pack/legacy/plugins/siem/server/lib/anomalies/types.ts deleted file mode 100644 index 9fde81da63ec79..00000000000000 --- a/x-pack/legacy/plugins/siem/server/lib/anomalies/types.ts +++ /dev/null @@ -1,42 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import { AnomaliesOverTimeData } from '../../graphql/types'; -import { FrameworkRequest, MatrixHistogramRequestOptions } from '../framework'; -import { SearchHit } from '../types'; - -export interface AnomaliesAdapter { - getAnomaliesOverTime( - req: FrameworkRequest, - options: MatrixHistogramRequestOptions - ): Promise; -} - -export interface AnomalySource { - [field: string]: any; // eslint-disable-line @typescript-eslint/no-explicit-any -} - -export interface AnomalyHit extends SearchHit { - sort: string[]; - _source: AnomalySource; - aggregations: { - [agg: string]: any; // eslint-disable-line @typescript-eslint/no-explicit-any - }; -} - -interface AnomaliesOverTimeHistogramData { - key_as_string: string; - key: number; - doc_count: number; -} - -export interface AnomaliesActionGroupData { - key: number; - anomalies: { - bucket: AnomaliesOverTimeHistogramData[]; - }; - doc_count: number; -} diff --git a/x-pack/legacy/plugins/siem/server/lib/authentications/elasticsearch_adapter.ts b/x-pack/legacy/plugins/siem/server/lib/authentications/elasticsearch_adapter.ts index 85008adcd985f8..79f13ce4461e5a 100644 --- a/x-pack/legacy/plugins/siem/server/lib/authentications/elasticsearch_adapter.ts +++ b/x-pack/legacy/plugins/siem/server/lib/authentications/elasticsearch_adapter.ts @@ -6,50 +6,20 @@ import { getOr } from 'lodash/fp'; -import { - AuthenticationsData, - AuthenticationsEdges, - AuthenticationsOverTimeData, - MatrixOverTimeHistogramData, -} from '../../graphql/types'; +import { AuthenticationsData, AuthenticationsEdges } from '../../graphql/types'; import { mergeFieldsWithHit, inspectStringifyObject } from '../../utils/build_query'; -import { - FrameworkAdapter, - FrameworkRequest, - RequestOptionsPaginated, - MatrixHistogramRequestOptions, -} from '../framework'; +import { FrameworkAdapter, FrameworkRequest, RequestOptionsPaginated } from '../framework'; import { TermAggregation } from '../types'; import { DEFAULT_MAX_TABLE_QUERY_SIZE } from '../../../common/constants'; import { auditdFieldsMap, buildQuery } from './query.dsl'; -import { buildAuthenticationsOverTimeQuery } from './query.authentications_over_time.dsl'; import { AuthenticationBucket, AuthenticationData, AuthenticationHit, AuthenticationsAdapter, - AuthenticationsActionGroupData, } from './types'; -const getAuthenticationsOverTimeByAuthenticationResult = ( - data: AuthenticationsActionGroupData[] -): MatrixOverTimeHistogramData[] => { - let result: MatrixOverTimeHistogramData[] = []; - data.forEach(({ key: group, events }) => { - const eventsData = getOr([], 'buckets', events).map( - ({ key, doc_count }: { key: number; doc_count: number }) => ({ - x: key, - y: doc_count, - g: group, - }) - ); - result = [...result, ...eventsData]; - }); - - return result; -}; - export class ElasticsearchAuthenticationAdapter implements AuthenticationsAdapter { constructor(private readonly framework: FrameworkAdapter) {} @@ -109,35 +79,6 @@ export class ElasticsearchAuthenticationAdapter implements AuthenticationsAdapte }, }; } - - public async getAuthenticationsOverTime( - request: FrameworkRequest, - options: MatrixHistogramRequestOptions - ): Promise { - const dsl = buildAuthenticationsOverTimeQuery(options); - const response = await this.framework.callWithRequest( - request, - 'search', - dsl - ); - const totalCount = getOr(0, 'hits.total.value', response); - const authenticationsOverTimeBucket = getOr( - [], - 'aggregations.eventActionGroup.buckets', - response - ); - const inspect = { - dsl: [inspectStringifyObject(dsl)], - response: [inspectStringifyObject(response)], - }; - return { - inspect, - matrixHistogramData: getAuthenticationsOverTimeByAuthenticationResult( - authenticationsOverTimeBucket - ), - totalCount, - }; - } } export const formatAuthenticationData = ( diff --git a/x-pack/legacy/plugins/siem/server/lib/authentications/index.ts b/x-pack/legacy/plugins/siem/server/lib/authentications/index.ts index bd5712c105f31d..c1b93818943dbe 100644 --- a/x-pack/legacy/plugins/siem/server/lib/authentications/index.ts +++ b/x-pack/legacy/plugins/siem/server/lib/authentications/index.ts @@ -5,14 +5,9 @@ */ import { AuthenticationsData } from '../../graphql/types'; -import { - FrameworkRequest, - RequestOptionsPaginated, - MatrixHistogramRequestOptions, -} from '../framework'; +import { FrameworkRequest, RequestOptionsPaginated } from '../framework'; import { AuthenticationsAdapter } from './types'; -import { AuthenticationsOverTimeData } from '../../../public/graphql/types'; export class Authentications { constructor(private readonly adapter: AuthenticationsAdapter) {} @@ -23,11 +18,4 @@ export class Authentications { ): Promise { return this.adapter.getAuthentications(req, options); } - - public async getAuthenticationsOverTime( - req: FrameworkRequest, - options: MatrixHistogramRequestOptions - ): Promise { - return this.adapter.getAuthenticationsOverTime(req, options); - } } diff --git a/x-pack/legacy/plugins/siem/server/lib/authentications/types.ts b/x-pack/legacy/plugins/siem/server/lib/authentications/types.ts index e1ec871ff4b589..2d2c7ba547c094 100644 --- a/x-pack/legacy/plugins/siem/server/lib/authentications/types.ts +++ b/x-pack/legacy/plugins/siem/server/lib/authentications/types.ts @@ -4,16 +4,8 @@ * you may not use this file except in compliance with the Elastic License. */ -import { - AuthenticationsData, - AuthenticationsOverTimeData, - LastSourceHost, -} from '../../graphql/types'; -import { - FrameworkRequest, - RequestOptionsPaginated, - MatrixHistogramRequestOptions, -} from '../framework'; +import { AuthenticationsData, LastSourceHost } from '../../graphql/types'; +import { FrameworkRequest, RequestOptionsPaginated } from '../framework'; import { Hit, SearchHit, TotalHit } from '../types'; export interface AuthenticationsAdapter { @@ -21,10 +13,6 @@ export interface AuthenticationsAdapter { req: FrameworkRequest, options: RequestOptionsPaginated ): Promise; - getAuthenticationsOverTime( - req: FrameworkRequest, - options: MatrixHistogramRequestOptions - ): Promise; } type StringOrNumber = string | number; @@ -72,17 +60,3 @@ export interface AuthenticationData extends SearchHit { }; }; } - -interface AuthenticationsOverTimeHistogramData { - key_as_string: string; - key: number; - doc_count: number; -} - -export interface AuthenticationsActionGroupData { - key: number; - events: { - bucket: AuthenticationsOverTimeHistogramData[]; - }; - doc_count: number; -} diff --git a/x-pack/legacy/plugins/siem/server/lib/compose/kibana.ts b/x-pack/legacy/plugins/siem/server/lib/compose/kibana.ts index 0ab6f1a8df779d..9c46f3320e37ec 100644 --- a/x-pack/legacy/plugins/siem/server/lib/compose/kibana.ts +++ b/x-pack/legacy/plugins/siem/server/lib/compose/kibana.ts @@ -6,8 +6,6 @@ import { CoreSetup, SetupPlugins } from '../../plugin'; -import { Anomalies } from '../anomalies'; -import { ElasticsearchAnomaliesAdapter } from '../anomalies/elasticsearch_adapter'; import { Authentications } from '../authentications'; import { ElasticsearchAuthenticationAdapter } from '../authentications/elasticsearch_adapter'; import { ElasticsearchEventsAdapter, Events } from '../events'; @@ -32,7 +30,7 @@ import { ElasticsearchUncommonProcessesAdapter, UncommonProcesses } from '../unc import { Note } from '../note/saved_object'; import { PinnedEvent } from '../pinned_event/saved_object'; import { Timeline } from '../timeline/saved_object'; -import { Alerts, ElasticsearchAlertsAdapter } from '../alerts'; +import { ElasticsearchMatrixHistogramAdapter, MatrixHistogram } from '../matrix_histogram'; export function compose( core: CoreSetup, @@ -48,8 +46,6 @@ export function compose( const pinnedEvent = new PinnedEvent(); const domainLibs: AppDomainLibs = { - alerts: new Alerts(new ElasticsearchAlertsAdapter(framework)), - anomalies: new Anomalies(new ElasticsearchAnomaliesAdapter(framework)), authentications: new Authentications(new ElasticsearchAuthenticationAdapter(framework)), events: new Events(new ElasticsearchEventsAdapter(framework)), fields: new IndexFields(new ElasticsearchIndexFieldAdapter(framework)), @@ -58,6 +54,7 @@ export function compose( tls: new TLS(new ElasticsearchTlsAdapter(framework)), kpiHosts: new KpiHosts(new ElasticsearchKpiHostsAdapter(framework)), kpiNetwork: new KpiNetwork(new ElasticsearchKpiNetworkAdapter(framework)), + matrixHistogram: new MatrixHistogram(new ElasticsearchMatrixHistogramAdapter(framework)), network: new Network(new ElasticsearchNetworkAdapter(framework)), overview: new Overview(new ElasticsearchOverviewAdapter(framework)), uncommonProcesses: new UncommonProcesses(new ElasticsearchUncommonProcessesAdapter(framework)), diff --git a/x-pack/legacy/plugins/siem/server/lib/events/elasticsearch_adapter.ts b/x-pack/legacy/plugins/siem/server/lib/events/elasticsearch_adapter.ts index 38b95cc5772f2e..af6f8314b362a1 100644 --- a/x-pack/legacy/plugins/siem/server/lib/events/elasticsearch_adapter.ts +++ b/x-pack/legacy/plugins/siem/server/lib/events/elasticsearch_adapter.ts @@ -25,13 +25,12 @@ import { TimelineData, TimelineDetailsData, TimelineEdges, - EventsOverTimeData, } from '../../graphql/types'; import { baseCategoryFields } from '../../utils/beat_schema/8.0.0'; import { reduceFields } from '../../utils/build_query/reduce_fields'; import { mergeFieldsWithHit, inspectStringifyObject } from '../../utils/build_query'; import { eventFieldsMap } from '../ecs_fields'; -import { FrameworkAdapter, FrameworkRequest, MatrixHistogramRequestOptions } from '../framework'; +import { FrameworkAdapter, FrameworkRequest } from '../framework'; import { TermAggregation } from '../types'; import { buildDetailsQuery, buildTimelineQuery } from './query.dsl'; @@ -43,10 +42,7 @@ import { LastEventTimeRequestOptions, RequestDetailsOptions, TimelineRequestOptions, - EventsActionGroupData, } from './types'; -import { buildEventsOverTimeQuery } from './query.events_over_time.dsl'; -import { MatrixOverTimeHistogramData } from '../../../public/graphql/types'; export class ElasticsearchEventsAdapter implements EventsAdapter { constructor(private readonly framework: FrameworkAdapter) {} @@ -129,65 +125,8 @@ export class ElasticsearchEventsAdapter implements EventsAdapter { lastSeen: getOr(null, 'aggregations.last_seen_event.value_as_string', response), }; } - - public async getEventsOverTime( - request: FrameworkRequest, - options: MatrixHistogramRequestOptions - ): Promise { - const dsl = buildEventsOverTimeQuery(options); - const response = await this.framework.callWithRequest( - request, - 'search', - dsl - ); - const totalCount = getOr(0, 'hits.total.value', response); - const eventsOverTimeBucket = getOr([], 'aggregations.eventActionGroup.buckets', response); - const inspect = { - dsl: [inspectStringifyObject(dsl)], - response: [inspectStringifyObject(response)], - }; - return { - inspect, - matrixHistogramData: getEventsOverTimeByActionName(eventsOverTimeBucket), - totalCount, - }; - } } -/** - * Not in use at the moment, - * reserved this parser for next feature of switchign between total events and grouped events - */ -export const getTotalEventsOverTime = ( - data: EventsActionGroupData[] -): MatrixOverTimeHistogramData[] => { - return data && data.length > 0 - ? data.map(({ key, doc_count }) => ({ - x: key, - y: doc_count, - g: 'total events', - })) - : []; -}; - -const getEventsOverTimeByActionName = ( - data: EventsActionGroupData[] -): MatrixOverTimeHistogramData[] => { - let result: MatrixOverTimeHistogramData[] = []; - data.forEach(({ key: group, events }) => { - const eventsData = getOr([], 'buckets', events).map( - ({ key, doc_count }: { key: number; doc_count: number }) => ({ - x: key, - y: doc_count, - g: group, - }) - ); - result = [...result, ...eventsData]; - }); - - return result; -}; - export const formatEventsData = ( fields: readonly string[], hit: EventHit, diff --git a/x-pack/legacy/plugins/siem/server/lib/events/index.ts b/x-pack/legacy/plugins/siem/server/lib/events/index.ts index 9e2457904f8c0d..9c1f87aa3d8bf9 100644 --- a/x-pack/legacy/plugins/siem/server/lib/events/index.ts +++ b/x-pack/legacy/plugins/siem/server/lib/events/index.ts @@ -5,7 +5,7 @@ */ import { LastEventTimeData, TimelineData, TimelineDetailsData } from '../../graphql/types'; -import { FrameworkRequest, RequestBasicOptions } from '../framework'; +import { FrameworkRequest } from '../framework'; export * from './elasticsearch_adapter'; import { EventsAdapter, @@ -13,7 +13,6 @@ import { LastEventTimeRequestOptions, RequestDetailsOptions, } from './types'; -import { EventsOverTimeData } from '../../../public/graphql/types'; export class Events { constructor(private readonly adapter: EventsAdapter) {} @@ -38,11 +37,4 @@ export class Events { ): Promise { return this.adapter.getLastEventTimeData(req, options); } - - public async getEventsOverTime( - req: FrameworkRequest, - options: RequestBasicOptions - ): Promise { - return this.adapter.getEventsOverTime(req, options); - } } diff --git a/x-pack/legacy/plugins/siem/server/lib/events/types.ts b/x-pack/legacy/plugins/siem/server/lib/events/types.ts index 2da0ff13638e1d..3a4a8705f73873 100644 --- a/x-pack/legacy/plugins/siem/server/lib/events/types.ts +++ b/x-pack/legacy/plugins/siem/server/lib/events/types.ts @@ -11,14 +11,8 @@ import { SourceConfiguration, TimelineData, TimelineDetailsData, - EventsOverTimeData, } from '../../graphql/types'; -import { - FrameworkRequest, - RequestOptions, - RequestOptionsPaginated, - RequestBasicOptions, -} from '../framework'; +import { FrameworkRequest, RequestOptions, RequestOptionsPaginated } from '../framework'; import { SearchHit } from '../types'; export interface EventsAdapter { @@ -31,10 +25,6 @@ export interface EventsAdapter { req: FrameworkRequest, options: LastEventTimeRequestOptions ): Promise; - getEventsOverTime( - req: FrameworkRequest, - options: RequestBasicOptions - ): Promise; } export interface TimelineRequestOptions extends RequestOptions { diff --git a/x-pack/legacy/plugins/siem/server/lib/framework/types.ts b/x-pack/legacy/plugins/siem/server/lib/framework/types.ts index 9fc78e6fb84fe0..7d049d1dcd1954 100644 --- a/x-pack/legacy/plugins/siem/server/lib/framework/types.ts +++ b/x-pack/legacy/plugins/siem/server/lib/framework/types.ts @@ -17,6 +17,7 @@ import { SourceConfiguration, TimerangeInput, Maybe, + HistogramType, } from '../../graphql/types'; export * from '../../utils/typed_resolvers'; @@ -117,7 +118,8 @@ export interface RequestBasicOptions { } export interface MatrixHistogramRequestOptions extends RequestBasicOptions { - stackByField?: Maybe; + stackByField: Maybe; + histogramType: HistogramType; } export interface RequestOptions extends RequestBasicOptions { diff --git a/x-pack/legacy/plugins/siem/server/lib/matrix_histogram/elasticsearch_adapter.ts b/x-pack/legacy/plugins/siem/server/lib/matrix_histogram/elasticsearch_adapter.ts new file mode 100644 index 00000000000000..f661fe165130ee --- /dev/null +++ b/x-pack/legacy/plugins/siem/server/lib/matrix_histogram/elasticsearch_adapter.ts @@ -0,0 +1,81 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License; + * you may not use this file except in compliance with the Elastic License. + */ + +import { getOr } from 'lodash/fp'; + +import { MatrixHistogramOverTimeData, HistogramType } from '../../graphql/types'; +import { inspectStringifyObject } from '../../utils/build_query'; +import { FrameworkAdapter, FrameworkRequest, MatrixHistogramRequestOptions } from '../framework'; +import { MatrixHistogramAdapter, MatrixHistogramDataConfig, MatrixHistogramHit } from './types'; +import { TermAggregation } from '../types'; +import { buildAnomaliesOverTimeQuery } from './query.anomalies_over_time.dsl'; +import { buildDnsHistogramQuery } from './query_dns_histogram.dsl'; +import { buildEventsOverTimeQuery } from './query.events_over_time.dsl'; +import { getDnsParsedData, getGenericData } from './utils'; +import { buildAuthenticationsOverTimeQuery } from './query.authentications_over_time.dsl'; +import { buildAlertsHistogramQuery } from './query_alerts.dsl'; + +const matrixHistogramConfig: MatrixHistogramDataConfig = { + [HistogramType.alerts]: { + buildDsl: buildAlertsHistogramQuery, + aggName: 'aggregations.alertsGroup.buckets', + parseKey: 'alerts.buckets', + }, + [HistogramType.anomalies]: { + buildDsl: buildAnomaliesOverTimeQuery, + aggName: 'aggregations.anomalyActionGroup.buckets', + parseKey: 'anomalies.buckets', + }, + [HistogramType.authentications]: { + buildDsl: buildAuthenticationsOverTimeQuery, + aggName: 'aggregations.eventActionGroup.buckets', + parseKey: 'events.buckets', + }, + [HistogramType.dns]: { + buildDsl: buildDnsHistogramQuery, + aggName: 'aggregations.NetworkDns.buckets', + parseKey: 'dns.buckets', + parser: getDnsParsedData, + }, + [HistogramType.events]: { + buildDsl: buildEventsOverTimeQuery, + aggName: 'aggregations.eventActionGroup.buckets', + parseKey: 'events.buckets', + }, +}; + +export class ElasticsearchMatrixHistogramAdapter implements MatrixHistogramAdapter { + constructor(private readonly framework: FrameworkAdapter) {} + + public async getHistogramData( + request: FrameworkRequest, + options: MatrixHistogramRequestOptions + ): Promise { + const myConfig = getOr(null, options.histogramType, matrixHistogramConfig); + if (myConfig == null) { + throw new Error(`This histogram type ${options.histogramType} is unknown to the server side`); + } + const dsl = myConfig.buildDsl(options); + const response = await this.framework.callWithRequest< + MatrixHistogramHit, + TermAggregation + >(request, 'search', dsl); + const totalCount = getOr(0, 'hits.total.value', response); + const matrixHistogramData = getOr([], myConfig.aggName, response); + const inspect = { + dsl: [inspectStringifyObject(dsl)], + response: [inspectStringifyObject(response)], + }; + + return { + inspect, + matrixHistogramData: myConfig.parser + ? myConfig.parser(matrixHistogramData, myConfig.parseKey) + : getGenericData(matrixHistogramData, myConfig.parseKey), + totalCount, + }; + } +} diff --git a/x-pack/legacy/plugins/siem/server/lib/alerts/elasticseatch_adapter.test.ts b/x-pack/legacy/plugins/siem/server/lib/matrix_histogram/elasticseatch_adapter.test.ts similarity index 86% rename from x-pack/legacy/plugins/siem/server/lib/alerts/elasticseatch_adapter.test.ts rename to x-pack/legacy/plugins/siem/server/lib/matrix_histogram/elasticseatch_adapter.test.ts index 210c97892e25c8..0b63785d2203bc 100644 --- a/x-pack/legacy/plugins/siem/server/lib/alerts/elasticseatch_adapter.test.ts +++ b/x-pack/legacy/plugins/siem/server/lib/matrix_histogram/elasticseatch_adapter.test.ts @@ -6,7 +6,7 @@ import { FrameworkAdapter, FrameworkRequest, MatrixHistogramRequestOptions } from '../framework'; import expect from '@kbn/expect'; -import { ElasticsearchAlertsAdapter } from './elasticsearch_adapter'; +import { ElasticsearchMatrixHistogramAdapter } from './elasticsearch_adapter'; import { mockRequest, mockOptions, @@ -15,7 +15,7 @@ import { mockAlertsHistogramDataFormattedResponse, } from './mock'; -jest.mock('./query.dsl', () => { +jest.mock('./query_alerts.dsl', () => { return { buildAlertsHistogramQuery: jest.fn(() => mockAlertsHistogramQueryDsl), }; @@ -37,8 +37,8 @@ describe('alerts elasticsearch_adapter', () => { callWithRequest: mockCallWithRequest, })); - const EsNetworkTimelineAlerts = new ElasticsearchAlertsAdapter(mockFramework); - const data = await EsNetworkTimelineAlerts.getAlertsHistogramData( + const adapter = new ElasticsearchMatrixHistogramAdapter(mockFramework); + const data = await adapter.getHistogramData( (mockRequest as unknown) as FrameworkRequest, (mockOptions as unknown) as MatrixHistogramRequestOptions ); diff --git a/x-pack/legacy/plugins/siem/server/lib/anomalies/index.ts b/x-pack/legacy/plugins/siem/server/lib/matrix_histogram/index.ts similarity index 55% rename from x-pack/legacy/plugins/siem/server/lib/anomalies/index.ts rename to x-pack/legacy/plugins/siem/server/lib/matrix_histogram/index.ts index 727c45a3bac44e..900a6ab619ae03 100644 --- a/x-pack/legacy/plugins/siem/server/lib/anomalies/index.ts +++ b/x-pack/legacy/plugins/siem/server/lib/matrix_histogram/index.ts @@ -6,16 +6,16 @@ import { FrameworkRequest, MatrixHistogramRequestOptions } from '../framework'; export * from './elasticsearch_adapter'; -import { AnomaliesAdapter } from './types'; -import { AnomaliesOverTimeData } from '../../../public/graphql/types'; +import { MatrixHistogramAdapter } from './types'; +import { MatrixHistogramOverTimeData } from '../../graphql/types'; -export class Anomalies { - constructor(private readonly adapter: AnomaliesAdapter) {} +export class MatrixHistogram { + constructor(private readonly adapter: MatrixHistogramAdapter) {} - public async getAnomaliesOverTime( + public async getMatrixHistogramData( req: FrameworkRequest, options: MatrixHistogramRequestOptions - ): Promise { - return this.adapter.getAnomaliesOverTime(req, options); + ): Promise { + return this.adapter.getHistogramData(req, options); } } diff --git a/x-pack/legacy/plugins/siem/server/lib/alerts/mock.ts b/x-pack/legacy/plugins/siem/server/lib/matrix_histogram/mock.ts similarity index 95% rename from x-pack/legacy/plugins/siem/server/lib/alerts/mock.ts rename to x-pack/legacy/plugins/siem/server/lib/matrix_histogram/mock.ts index fe0b6673f3191a..3e51e926bea875 100644 --- a/x-pack/legacy/plugins/siem/server/lib/alerts/mock.ts +++ b/x-pack/legacy/plugins/siem/server/lib/matrix_histogram/mock.ts @@ -5,6 +5,7 @@ */ import { defaultIndexPattern } from '../../../default_index_pattern'; +import { HistogramType } from '../../graphql/types'; export const mockAlertsHistogramDataResponse = { took: 513, @@ -36,7 +37,7 @@ export const mockAlertsHistogramDataResponse = { hits: [], }, aggregations: { - alertsByModuleGroup: { + alertsGroup: { doc_count_error_upper_bound: 0, sum_other_doc_count: 802087, buckets: [ @@ -112,4 +113,6 @@ export const mockOptions = { }, defaultIndex: defaultIndexPattern, filterQuery: '', + stackByField: 'event.module', + histogramType: HistogramType.alerts, }; diff --git a/x-pack/legacy/plugins/siem/server/lib/anomalies/query.anomalies_over_time.dsl.ts b/x-pack/legacy/plugins/siem/server/lib/matrix_histogram/query.anomalies_over_time.dsl.ts similarity index 100% rename from x-pack/legacy/plugins/siem/server/lib/anomalies/query.anomalies_over_time.dsl.ts rename to x-pack/legacy/plugins/siem/server/lib/matrix_histogram/query.anomalies_over_time.dsl.ts diff --git a/x-pack/legacy/plugins/siem/server/lib/authentications/query.authentications_over_time.dsl.ts b/x-pack/legacy/plugins/siem/server/lib/matrix_histogram/query.authentications_over_time.dsl.ts similarity index 100% rename from x-pack/legacy/plugins/siem/server/lib/authentications/query.authentications_over_time.dsl.ts rename to x-pack/legacy/plugins/siem/server/lib/matrix_histogram/query.authentications_over_time.dsl.ts diff --git a/x-pack/legacy/plugins/siem/server/lib/events/query.events_over_time.dsl.ts b/x-pack/legacy/plugins/siem/server/lib/matrix_histogram/query.events_over_time.dsl.ts similarity index 100% rename from x-pack/legacy/plugins/siem/server/lib/events/query.events_over_time.dsl.ts rename to x-pack/legacy/plugins/siem/server/lib/matrix_histogram/query.events_over_time.dsl.ts diff --git a/x-pack/legacy/plugins/siem/server/lib/alerts/query.dsl.ts b/x-pack/legacy/plugins/siem/server/lib/matrix_histogram/query_alerts.dsl.ts similarity index 98% rename from x-pack/legacy/plugins/siem/server/lib/alerts/query.dsl.ts rename to x-pack/legacy/plugins/siem/server/lib/matrix_histogram/query_alerts.dsl.ts index eb823271975439..4963f01d67a4f0 100644 --- a/x-pack/legacy/plugins/siem/server/lib/alerts/query.dsl.ts +++ b/x-pack/legacy/plugins/siem/server/lib/matrix_histogram/query_alerts.dsl.ts @@ -82,7 +82,7 @@ export const buildAlertsHistogramQuery = ({ }, }; return { - alertsByModuleGroup: { + alertsGroup: { terms: { field: stackByField, missing: 'All others', diff --git a/x-pack/legacy/plugins/siem/server/lib/network/query_dns_histogram.dsl.ts b/x-pack/legacy/plugins/siem/server/lib/matrix_histogram/query_dns_histogram.dsl.ts similarity index 98% rename from x-pack/legacy/plugins/siem/server/lib/network/query_dns_histogram.dsl.ts rename to x-pack/legacy/plugins/siem/server/lib/matrix_histogram/query_dns_histogram.dsl.ts index 1ce324e0ffff89..a6c75fe01eb151 100644 --- a/x-pack/legacy/plugins/siem/server/lib/network/query_dns_histogram.dsl.ts +++ b/x-pack/legacy/plugins/siem/server/lib/matrix_histogram/query_dns_histogram.dsl.ts @@ -42,7 +42,7 @@ export const buildDnsHistogramQuery = ({ NetworkDns: { ...dateHistogram, aggs: { - histogram: { + dns: { terms: { field: stackByField, order: { diff --git a/x-pack/legacy/plugins/siem/server/lib/matrix_histogram/types.ts b/x-pack/legacy/plugins/siem/server/lib/matrix_histogram/types.ts new file mode 100644 index 00000000000000..87ea4b81f5fba9 --- /dev/null +++ b/x-pack/legacy/plugins/siem/server/lib/matrix_histogram/types.ts @@ -0,0 +1,144 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License; + * you may not use this file except in compliance with the Elastic License. + */ + +import { + MatrixHistogramOverTimeData, + HistogramType, + MatrixOverTimeHistogramData, +} from '../../graphql/types'; +import { FrameworkRequest, MatrixHistogramRequestOptions } from '../framework'; +import { SearchHit } from '../types'; +import { EventHit } from '../events/types'; +import { AuthenticationHit } from '../authentications/types'; + +export interface HistogramBucket { + key: number; + doc_count: number; +} + +interface AlertsGroupData { + key: string; + doc_count: number; + alerts: { + buckets: HistogramBucket[]; + }; +} + +interface AnomaliesOverTimeHistogramData { + key_as_string: string; + key: number; + doc_count: number; +} + +export interface AnomaliesActionGroupData { + key: number; + anomalies: { + bucket: AnomaliesOverTimeHistogramData[]; + }; + doc_count: number; +} + +export interface AnomalySource { + [field: string]: any; // eslint-disable-line @typescript-eslint/no-explicit-any +} + +export interface AnomalyHit extends SearchHit { + sort: string[]; + _source: AnomalySource; + aggregations: { + [agg: string]: any; // eslint-disable-line @typescript-eslint/no-explicit-any + }; +} + +interface EventsOverTimeHistogramData { + key_as_string: string; + key: number; + doc_count: number; +} + +export interface EventsActionGroupData { + key: number; + events: { + bucket: EventsOverTimeHistogramData[]; + }; + doc_count: number; +} + +export interface DnsHistogramSubBucket { + key: string; + doc_count: number; + orderAgg: { + value: number; + }; +} +interface DnsHistogramBucket { + doc_count_error_upper_bound: number; + sum_other_doc_count: number; + buckets: DnsHistogramSubBucket[]; +} + +export interface DnsHistogramGroupData { + key: number; + doc_count: number; + key_as_string: string; + histogram: DnsHistogramBucket; +} + +export interface MatrixHistogramSchema { + buildDsl: (options: MatrixHistogramRequestOptions) => {}; + aggName: string; + parseKey: string; + parser?: ( + data: MatrixHistogramParseData, + keyBucket: string + ) => MatrixOverTimeHistogramData[]; +} + +export type MatrixHistogramParseData = T extends HistogramType.alerts + ? AlertsGroupData[] + : T extends HistogramType.anomalies + ? AnomaliesActionGroupData[] + : T extends HistogramType.dns + ? DnsHistogramGroupData[] + : T extends HistogramType.authentications + ? AuthenticationsActionGroupData[] + : T extends HistogramType.events + ? EventsActionGroupData[] + : never; + +export type MatrixHistogramHit = T extends HistogramType.alerts + ? EventHit + : T extends HistogramType.anomalies + ? AnomalyHit + : T extends HistogramType.dns + ? EventHit + : T extends HistogramType.authentications + ? AuthenticationHit + : T extends HistogramType.events + ? EventHit + : never; + +export type MatrixHistogramDataConfig = Record>; +interface AuthenticationsOverTimeHistogramData { + key_as_string: string; + key: number; + doc_count: number; +} + +export interface AuthenticationsActionGroupData { + key: number; + events: { + bucket: AuthenticationsOverTimeHistogramData[]; + }; + doc_count: number; +} + +export interface MatrixHistogramAdapter { + getHistogramData( + request: FrameworkRequest, + options: MatrixHistogramRequestOptions + ): Promise; +} diff --git a/x-pack/legacy/plugins/siem/server/lib/matrix_histogram/utils.ts b/x-pack/legacy/plugins/siem/server/lib/matrix_histogram/utils.ts new file mode 100644 index 00000000000000..67568b96fee906 --- /dev/null +++ b/x-pack/legacy/plugins/siem/server/lib/matrix_histogram/utils.ts @@ -0,0 +1,48 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License; + * you may not use this file except in compliance with the Elastic License. + */ + +import { get, getOr } from 'lodash/fp'; +import { MatrixHistogramParseData, DnsHistogramSubBucket, HistogramBucket } from './types'; +import { MatrixOverTimeHistogramData } from '../../graphql/types'; + +export const getDnsParsedData = ( + data: MatrixHistogramParseData, + keyBucket: string +): MatrixOverTimeHistogramData[] => { + let result: MatrixOverTimeHistogramData[] = []; + data.forEach((bucketData: unknown) => { + const time = get('key', bucketData); + const histData = getOr([], keyBucket, bucketData).map( + ({ key, doc_count }: DnsHistogramSubBucket) => ({ + x: time, + y: doc_count, + g: key, + }) + ); + result = [...result, ...histData]; + }); + return result; +}; + +export const getGenericData = ( + data: MatrixHistogramParseData, + keyBucket: string +): MatrixOverTimeHistogramData[] => { + let result: MatrixOverTimeHistogramData[] = []; + data.forEach((bucketData: unknown) => { + const group = get('key', bucketData); + const histData = getOr([], keyBucket, bucketData).map( + ({ key, doc_count }: HistogramBucket) => ({ + x: key, + y: doc_count, + g: group, + }) + ); + result = [...result, ...histData]; + }); + + return result; +}; diff --git a/x-pack/legacy/plugins/siem/server/lib/network/elasticsearch_adapter.ts b/x-pack/legacy/plugins/siem/server/lib/network/elasticsearch_adapter.ts index 4bd980fd2ff803..39babc58ee138c 100644 --- a/x-pack/legacy/plugins/siem/server/lib/network/elasticsearch_adapter.ts +++ b/x-pack/legacy/plugins/siem/server/lib/network/elasticsearch_adapter.ts @@ -18,16 +18,9 @@ import { NetworkHttpData, NetworkHttpEdges, NetworkTopNFlowEdges, - NetworkDsOverTimeData, - MatrixOverTimeHistogramData, } from '../../graphql/types'; import { inspectStringifyObject } from '../../utils/build_query'; -import { - DatabaseSearchResponse, - FrameworkAdapter, - FrameworkRequest, - MatrixHistogramRequestOptions, -} from '../framework'; +import { DatabaseSearchResponse, FrameworkAdapter, FrameworkRequest } from '../framework'; import { TermAggregation } from '../types'; import { DEFAULT_MAX_TABLE_QUERY_SIZE } from '../../../common/constants'; @@ -38,7 +31,6 @@ import { NetworkTopNFlowRequestOptions, } from './index'; import { buildDnsQuery } from './query_dns.dsl'; -import { buildDnsHistogramQuery } from './query_dns_histogram.dsl'; import { buildTopNFlowQuery, getOppositeField } from './query_top_n_flow.dsl'; import { buildHttpQuery } from './query_http.dsl'; import { buildTopCountriesQuery } from './query_top_countries.dsl'; @@ -48,9 +40,7 @@ import { NetworkTopCountriesBuckets, NetworkHttpBuckets, NetworkTopNFlowBuckets, - DnsHistogramGroupData, } from './types'; -import { EventHit } from '../events/types'; export class ElasticsearchNetworkAdapter implements NetworkAdapter { constructor(private readonly framework: FrameworkAdapter) {} @@ -202,41 +192,8 @@ export class ElasticsearchNetworkAdapter implements NetworkAdapter { totalCount, }; } - - public async getNetworkDnsHistogramData( - request: FrameworkRequest, - options: MatrixHistogramRequestOptions - ): Promise { - const dsl = buildDnsHistogramQuery(options); - const response = await this.framework.callWithRequest( - request, - 'search', - dsl - ); - const totalCount = getOr(0, 'hits.total.value', response); - const matrixHistogramData = getOr([], 'aggregations.NetworkDns.buckets', response); - const inspect = { - dsl: [inspectStringifyObject(dsl)], - response: [inspectStringifyObject(response)], - }; - return { - inspect, - matrixHistogramData: getHistogramData(matrixHistogramData), - totalCount, - }; - } } -const getHistogramData = (data: DnsHistogramGroupData[]): MatrixOverTimeHistogramData[] => { - return data.reduce( - (acc: MatrixOverTimeHistogramData[], { key: time, histogram: { buckets } }) => { - const temp = buckets.map(({ key, doc_count }) => ({ x: time, y: doc_count, g: key })); - return [...acc, ...temp]; - }, - [] - ); -}; - const getTopNFlowEdges = ( response: DatabaseSearchResponse, options: NetworkTopNFlowRequestOptions diff --git a/x-pack/legacy/plugins/siem/server/lib/network/index.ts b/x-pack/legacy/plugins/siem/server/lib/network/index.ts index cbcd33b753d8ad..42ce9f0726ddb6 100644 --- a/x-pack/legacy/plugins/siem/server/lib/network/index.ts +++ b/x-pack/legacy/plugins/siem/server/lib/network/index.ts @@ -14,13 +14,8 @@ import { NetworkTopCountriesData, NetworkTopNFlowData, NetworkTopTablesSortField, - NetworkDsOverTimeData, } from '../../graphql/types'; -import { - FrameworkRequest, - RequestOptionsPaginated, - MatrixHistogramRequestOptions, -} from '../framework'; +import { FrameworkRequest, RequestOptionsPaginated } from '../framework'; export * from './elasticsearch_adapter'; import { NetworkAdapter } from './types'; @@ -73,13 +68,6 @@ export class Network { return this.adapter.getNetworkDns(req, options); } - public async getNetworkDnsHistogramData( - req: FrameworkRequest, - options: MatrixHistogramRequestOptions - ): Promise { - return this.adapter.getNetworkDnsHistogramData(req, options); - } - public async getNetworkHttp( req: FrameworkRequest, options: NetworkHttpRequestOptions diff --git a/x-pack/legacy/plugins/siem/server/lib/network/types.ts b/x-pack/legacy/plugins/siem/server/lib/network/types.ts index b5563f9a2fef12..b7848be0971514 100644 --- a/x-pack/legacy/plugins/siem/server/lib/network/types.ts +++ b/x-pack/legacy/plugins/siem/server/lib/network/types.ts @@ -9,13 +9,8 @@ import { NetworkHttpData, NetworkTopCountriesData, NetworkTopNFlowData, - NetworkDsOverTimeData, } from '../../graphql/types'; -import { - FrameworkRequest, - RequestOptionsPaginated, - MatrixHistogramRequestOptions, -} from '../framework'; +import { FrameworkRequest, RequestOptionsPaginated } from '../framework'; import { TotalValue } from '../types'; import { NetworkDnsRequestOptions } from '.'; @@ -29,10 +24,6 @@ export interface NetworkAdapter { options: RequestOptionsPaginated ): Promise; getNetworkDns(req: FrameworkRequest, options: NetworkDnsRequestOptions): Promise; - getNetworkDnsHistogramData( - request: FrameworkRequest, - options: MatrixHistogramRequestOptions - ): Promise; getNetworkHttp(req: FrameworkRequest, options: RequestOptionsPaginated): Promise; } diff --git a/x-pack/legacy/plugins/siem/server/lib/types.ts b/x-pack/legacy/plugins/siem/server/lib/types.ts index 34a50cf9624129..323ced734d24ba 100644 --- a/x-pack/legacy/plugins/siem/server/lib/types.ts +++ b/x-pack/legacy/plugins/siem/server/lib/types.ts @@ -8,7 +8,6 @@ import { AuthenticatedUser } from '../../../../../plugins/security/public'; import { RequestHandlerContext } from '../../../../../../src/core/server'; export { ConfigType as Configuration } from '../../../../../plugins/siem/server'; -import { Anomalies } from './anomalies'; import { Authentications } from './authentications'; import { Events } from './events'; import { FrameworkAdapter, FrameworkRequest } from './framework'; @@ -26,18 +25,17 @@ import { Note } from './note/saved_object'; import { PinnedEvent } from './pinned_event/saved_object'; import { Timeline } from './timeline/saved_object'; import { TLS } from './tls'; -import { Alerts } from './alerts'; +import { MatrixHistogram } from './matrix_histogram'; export * from './hosts'; export interface AppDomainLibs { - alerts: Alerts; - anomalies: Anomalies; authentications: Authentications; events: Events; fields: IndexFields; hosts: Hosts; ipDetails: IpDetails; + matrixHistogram: MatrixHistogram; network: Network; kpiNetwork: KpiNetwork; overview: Overview; From cefe28c1f421d8f407a0512741cce1cadbe0bb08 Mon Sep 17 00:00:00 2001 From: Walter Rafelsberger Date: Fri, 14 Feb 2020 14:52:04 +0100 Subject: [PATCH 2/4] [ML] Fix single metric viewer chart resize. (#57578) Fix to trigger a chart update with the correct width when resizing the browser window. Previously after a browser refresh, or opening the view from a bookmarked URL, the chart would not resize until a state change was made to the view (such as moving the zoom slider or altering the time range). --- .../components/timeseries_chart/timeseries_chart.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/x-pack/legacy/plugins/ml/public/application/timeseriesexplorer/components/timeseries_chart/timeseries_chart.js b/x-pack/legacy/plugins/ml/public/application/timeseriesexplorer/components/timeseries_chart/timeseries_chart.js index 4d7d0953216119..bafb12de068bbb 100644 --- a/x-pack/legacy/plugins/ml/public/application/timeseriesexplorer/components/timeseries_chart/timeseries_chart.js +++ b/x-pack/legacy/plugins/ml/public/application/timeseriesexplorer/components/timeseries_chart/timeseries_chart.js @@ -225,8 +225,8 @@ class TimeseriesChartIntl extends Component { this.renderFocusChart(); } - componentDidUpdate() { - if (this.props.renderFocusChartOnly === false) { + componentDidUpdate(prevProps) { + if (this.props.renderFocusChartOnly === false || prevProps.svgWidth !== this.props.svgWidth) { this.renderChart(); this.drawContextChartSelection(); } From 343bc9c30394d679791dcae56ea821552fdfeea3 Mon Sep 17 00:00:00 2001 From: Spencer Date: Fri, 14 Feb 2020 06:54:24 -0700 Subject: [PATCH 3/4] [kbn/optimizer] Fix windows support (#57592) * [kbn/optimizer] simplify run_workers.ts a smidge * use Path.resolve() to create windows paths from normalized ones Co-authored-by: Elastic Machine --- .../src/optimizer/kibana_platform_plugins.ts | 5 +- .../kbn-optimizer/src/worker/run_worker.ts | 49 ++++++++----------- 2 files changed, 25 insertions(+), 29 deletions(-) diff --git a/packages/kbn-optimizer/src/optimizer/kibana_platform_plugins.ts b/packages/kbn-optimizer/src/optimizer/kibana_platform_plugins.ts index b7e5e12f46a7fa..2165878e92ff4d 100644 --- a/packages/kbn-optimizer/src/optimizer/kibana_platform_plugins.ts +++ b/packages/kbn-optimizer/src/optimizer/kibana_platform_plugins.ts @@ -44,7 +44,10 @@ export function findKibanaPlatformPlugins(scanDirs: string[], paths: string[]) { absolute: true, } ) - .map(path => readKibanaPlatformPlugin(path)); + .map(path => + // absolute paths returned from globby are using normalize or something so the path separators are `/` even on windows, Path.resolve solves this + readKibanaPlatformPlugin(Path.resolve(path)) + ); } function readKibanaPlatformPlugin(manifestPath: string): KibanaPlatformPlugin { diff --git a/packages/kbn-optimizer/src/worker/run_worker.ts b/packages/kbn-optimizer/src/worker/run_worker.ts index d6ca2aa94fb1a9..cbec4c3f44c7d8 100644 --- a/packages/kbn-optimizer/src/worker/run_worker.ts +++ b/packages/kbn-optimizer/src/worker/run_worker.ts @@ -18,7 +18,6 @@ */ import * as Rx from 'rxjs'; -import { mergeMap } from 'rxjs/operators'; import { parseBundles, parseWorkerConfig, WorkerMsg, isWorkerMsg, WorkerMsgs } from '../common'; @@ -75,33 +74,27 @@ setInterval(() => { }, 1000).unref(); Rx.defer(() => { - return Rx.of({ - workerConfig: parseWorkerConfig(process.argv[2]), - bundles: parseBundles(process.argv[3]), - }); -}) - .pipe( - mergeMap(({ workerConfig, bundles }) => { - // set BROWSERSLIST_ENV so that style/babel loaders see it before running compilers - process.env.BROWSERSLIST_ENV = workerConfig.browserslistEnv; + const workerConfig = parseWorkerConfig(process.argv[2]); + const bundles = parseBundles(process.argv[3]); - return runCompilers(workerConfig, bundles); - }) - ) - .subscribe( - msg => { - send(msg); - }, - error => { - if (isWorkerMsg(error)) { - send(error); - } else { - send(workerMsgs.error(error)); - } + // set BROWSERSLIST_ENV so that style/babel loaders see it before running compilers + process.env.BROWSERSLIST_ENV = workerConfig.browserslistEnv; - exit(1); - }, - () => { - exit(0); + return runCompilers(workerConfig, bundles); +}).subscribe( + msg => { + send(msg); + }, + error => { + if (isWorkerMsg(error)) { + send(error); + } else { + send(workerMsgs.error(error)); } - ); + + exit(1); + }, + () => { + exit(0); + } +); From c965a9efa8490539327a04bb005987c72fb1e58d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mike=20C=C3=B4t=C3=A9?= Date: Fri, 14 Feb 2020 08:55:13 -0500 Subject: [PATCH 4/4] Skip flaky test (#57675) --- .../functional_with_es_ssl/apps/triggers_actions_ui/details.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/x-pack/test/functional_with_es_ssl/apps/triggers_actions_ui/details.ts b/x-pack/test/functional_with_es_ssl/apps/triggers_actions_ui/details.ts index 95371b5b501f5e..6d83e0bbf1df72 100644 --- a/x-pack/test/functional_with_es_ssl/apps/triggers_actions_ui/details.ts +++ b/x-pack/test/functional_with_es_ssl/apps/triggers_actions_ui/details.ts @@ -204,7 +204,7 @@ export default ({ getPageObjects, getService }: FtrProviderContext) => { }); }); - it('renders the active alert instances', async () => { + it.skip('renders the active alert instances', async () => { const testBeganAt = moment().utc(); // Verify content