Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Security Solution] [142435] add is one of operator #144988

Merged
merged 38 commits into from
Nov 16, 2022
Merged

[Security Solution] [142435] add is one of operator #144988

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
38 commits
Select commit Hold shift + click to select a range
8a5c107
Add is one of operator. and update tests
Oct 3, 2022
168650a
Prevent usage of is one of operator on timeline templates
Oct 3, 2022
f6a6bde
Merge branch 'main' into 142435-add-is-one-of-operator-for-data-provi…
Oct 3, 2022
570c53c
Fix some erroneous typings
Oct 3, 2022
b622169
fix linting errors
Oct 3, 2022
5be8952
[CI] Auto-commit changed files from 'node scripts/eslint --no-cache -…
kibanamachine Oct 3, 2022
5d795ff
fix failing tests and snapshots
Oct 3, 2022
de6add8
further changes from code review
Oct 4, 2022
c43f9ca
Merge branch '142435-add-is-one-of-operator-for-data-providers' of gi…
Oct 4, 2022
9105a6c
merge main and update useNavigateToTimeline
Oct 17, 2022
9d458f6
further changes from code review
Oct 20, 2022
35c4095
merge main
Oct 20, 2022
c95630a
fix lint problems
Oct 20, 2022
37c295e
further clean up
Oct 20, 2022
5242ddf
fixes
Oct 20, 2022
5ca3aab
add callout for no is one of template with preventing safe
Nov 9, 2022
33f86f0
fix typing
Nov 10, 2022
986ba6a
merge main
Nov 10, 2022
fcb27bf
further fixes
Nov 10, 2022
6bdaa09
add tests for kql equivolence
Nov 11, 2022
f5550d2
remove upper-case file
Nov 11, 2022
b3633e2
Merge branch 'main' into 142435-add-is-one-of-operstor
Nov 13, 2022
ecd1b18
use toString method instead of string literal
Nov 14, 2022
e9fa685
Merge branch 'main' into 142435-add-is-one-of-operstor
Nov 14, 2022
3837184
escape special characters within is one of queries
Nov 14, 2022
aee9d98
Merge branch 'main' into 142435-add-is-one-of-operstor
Nov 14, 2022
a538794
fix failing tests
Nov 14, 2022
c32be57
Merge branch 'main' into 142435-add-is-one-of-operstor
Nov 14, 2022
10160c8
further changes from code review
Nov 15, 2022
a4c41fb
Merge branch 'main' into 142435-add-is-one-of-operstor
Nov 15, 2022
8c4ad00
update isInvalid to handle empty array
Nov 15, 2022
7307630
Merge branch 'main' into 142435-add-is-one-of-operstor
Nov 15, 2022
b7ab0c9
further changes from code review
Nov 15, 2022
909a6f8
Merge branch 'main' into 142435-add-is-one-of-operstor
Nov 15, 2022
5424ce5
memoize values
Nov 16, 2022
cc9d2cc
Merge branch 'main' into 142435-add-is-one-of-operstor
Nov 16, 2022
fcad40d
Merge branch 'main' into 142435-add-is-one-of-operstor
jamster10 Nov 16, 2022
65abc5b
Merge branch 'main' into 142435-add-is-one-of-operstor
jamster10 Nov 16, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 6 additions & 2 deletions x-pack/plugins/security_solution/common/types/timeline/index.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -57,7 +57,11 @@ const SavedColumnHeaderRuntimeType = runtimeTypes.partial({
const SavedDataProviderQueryMatchBasicRuntimeType = runtimeTypes.partial({
field: unionWithNullType(runtimeTypes.string),
displayField: unionWithNullType(runtimeTypes.string),
value: unionWithNullType(runtimeTypes.string),
value: runtimeTypes.union([
runtimeTypes.null,
runtimeTypes.string,
runtimeTypes.array(runtimeTypes.string),
]),
displayValue: unionWithNullType(runtimeTypes.string),
operator: unionWithNullType(runtimeTypes.string),
});
Expand Down Expand Up @@ -652,7 +656,7 @@ export interface DataProviderResult {
export interface QueryMatchResult {
field?: Maybe<string>;
displayField?: Maybe<string>;
value?: Maybe<string>;
value?: Maybe<string | string[]>;
displayValue?: Maybe<string>;
operator?: Maybe<string>;
}
Expand Down
20 changes: 20 additions & 0 deletions ...lic/common/components/drag_and_drop/__snapshots__/drag_drop_context_wrapper.test.tsx.snap
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

13 changes: 10 additions & 3 deletions ...ty_solution/public/common/components/event_details/table/use_action_cell_data_provider.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,10 +25,11 @@ import {
} from '../../../../timelines/components/timeline/body/renderers/constants';
import { BYTES_FORMAT } from '../../../../timelines/components/timeline/body/renderers/bytes';
import { EVENT_DURATION_FIELD_NAME } from '../../../../timelines/components/duration';
import { getDisplayValue } from '../../../../timelines/components/timeline/data_providers/helpers';
import { PORT_NAMES } from '../../../../network/components/port/helpers';
import { INDICATOR_REFERENCE } from '../../../../../common/cti/constants';
import type { BrowserField } from '../../../containers/source';
import type { DataProvider } from '../../../../../common/types';
import type { DataProvider, QueryOperator } from '../../../../../common/types';
import { IS_OPERATOR } from '../../../../../common/types';

export interface UseActionCellDataProvider {
Expand All @@ -48,7 +49,12 @@ export interface ActionCellValuesAndDataProvider {
dataProviders: DataProvider[];
}

export const getDataProvider = (field: string, id: string, value: string): DataProvider => ({
export const getDataProvider = (
field: string,
id: string,
value: string | string[],
operator: QueryOperator = IS_OPERATOR
): DataProvider => ({
and: [],
enabled: true,
id: escapeDataProviderId(id),
Expand All @@ -58,7 +64,8 @@ export const getDataProvider = (field: string, id: string, value: string): DataP
queryMatch: {
field,
value,
operator: IS_OPERATOR,
operator,
displayValue: getDisplayValue(value),
},
});

Expand Down
21 changes: 16 additions & 5 deletions ...ck/plugins/security_solution/public/common/components/hover_actions/use_hover_actions.tsx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -80,6 +80,20 @@ export const useHoverActions = ({

const { closeTopN, toggleTopN, isShowingTopN } = useTopNPopOver(handleClosePopOverTrigger);

const values = useMemo(() => {
const val = dataProvider.queryMatch.value;

if (typeof val === 'number') {
return val.toString();
}

if (Array.isArray(val)) {
return val.map((item) => String(item));
}

return val;
}, [dataProvider.queryMatch.value]);

const hoverContent = useMemo(() => {
// display links as additional content in the hover menu to enable keyboard
// navigation of links (when the draggable contains them):
Expand Down Expand Up @@ -110,11 +124,7 @@ export const useHoverActions = ({
showTopN={isShowingTopN}
scopeId={id}
toggleTopN={toggleTopN}
values={
typeof dataProvider.queryMatch.value !== 'number'
? dataProvider.queryMatch.value
: `${dataProvider.queryMatch.value}`
}
values={values}
/>
);
}, [
Expand All @@ -131,6 +141,7 @@ export const useHoverActions = ({
onFilterAdded,
id,
toggleTopN,
values,
]);

const setContainerRef = useCallback((e: HTMLDivElement) => {
Expand Down
20 changes: 20 additions & 0 deletions ...ugins/security_solution/public/common/containers/source/__snapshots__/index.test.tsx.snap
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

32 changes: 32 additions & 0 deletions x-pack/plugins/security_solution/public/common/containers/source/mock.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -439,6 +439,22 @@ export const mocksSource = {
},
},
},
{
aggregatable: false,
category: 'nestedField',
description: '',
example: '',
format: '',
indexes: ['auditbeat', 'filebeat', 'packetbeat'],
name: 'nestedField.thirdAttributes',
searchable: true,
type: 'date',
subType: {
nested: {
path: 'nestedField',
},
},
},
],
};

Expand Down Expand Up @@ -952,6 +968,22 @@ export const mockBrowserFields: BrowserFields = {
},
},
},
'nestedField.thirdAttributes': {
aggregatable: false,
category: 'nestedField',
description: '',
example: '',
format: '',
indexes: ['auditbeat', 'filebeat', 'packetbeat'],
name: 'nestedField.thirdAttributes',
searchable: true,
type: 'date',
subType: {
nested: {
path: 'nestedField',
},
},
},
},
},
};
Expand Down
27 changes: 18 additions & 9 deletions ...lugins/security_solution/public/overview/components/detection_response/hooks/mock_data.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -30,13 +30,14 @@ export const dataProviderWithOneFilter = [
{
and: [],
enabled: true,
id: '',
id: 'mock-id',
name: 'host.hostname',
excluded: false,
kqlQuery: '',
queryMatch: {
field: 'host.hostname',
value: 'Host-u6ou715rzy',
displayValue: 'Host-u6ou715rzy',
operator: ':' as QueryOperator,
},
},
Expand All @@ -49,25 +50,27 @@ export const dataProviderWithAndFilters = [
and: [],
enabled: true,
excluded: false,
id: '',
id: 'mock-id',
kqlQuery: '',
name: 'kibana.alerts.workflow_status',
queryMatch: {
field: 'kibana.alerts.workflow_status',
operator: ':' as QueryOperator,
value: 'open',
displayValue: 'open',
},
},
],

enabled: true,
id: '',
id: 'mock-id',
name: 'host.hostname',
excluded: false,
kqlQuery: '',
queryMatch: {
field: 'host.hostname',
value: 'Host-u6ou715rzy',
displayValue: 'Host-u6ou715rzy',
operator: ':' as QueryOperator,
},
},
Expand All @@ -79,25 +82,27 @@ export const dataProviderWithOrFilters = [
{
and: [],
enabled: true,
id: '',
id: 'mock-id',
name: 'kibana.alerts.workflow_status',
excluded: false,
kqlQuery: '',
queryMatch: {
field: 'kibana.alerts.workflow_status',
value: 'open',
displayValue: 'open',
operator: ':' as QueryOperator,
},
},
],
enabled: true,
id: '',
id: 'mock-id',
name: 'host.hostname',
excluded: false,
kqlQuery: '',
queryMatch: {
field: 'host.hostname',
value: 'Host-u6ou715rzy',
displayValue: 'Host-u6ou715rzy',
operator: ':' as QueryOperator,
},
},
Expand All @@ -106,25 +111,27 @@ export const dataProviderWithOrFilters = [
{
and: [],
enabled: true,
id: '',
id: 'mock-id',
name: 'kibana.alerts.workflow_status',
excluded: false,
kqlQuery: '',
queryMatch: {
field: 'kibana.alerts.workflow_status',
value: 'closed',
displayValue: 'closed',
operator: ':' as QueryOperator,
},
},
],
enabled: true,
id: '',
id: 'mock-id',
name: 'host.hostname',
excluded: false,
kqlQuery: '',
queryMatch: {
field: 'host.hostname',
value: 'Host-u6ou715rzy',
displayValue: 'Host-u6ou715rzy',
operator: ':' as QueryOperator,
},
},
Expand All @@ -133,25 +140,27 @@ export const dataProviderWithOrFilters = [
{
and: [],
enabled: true,
id: '',
id: 'mock-id',
name: 'kibana.alerts.workflow_status',
excluded: false,
kqlQuery: '',
queryMatch: {
field: 'kibana.alerts.workflow_status',
value: 'acknowledged',
displayValue: 'acknowledged',
operator: ':' as QueryOperator,
},
},
],
enabled: true,
id: '',
id: 'mock-id',
name: 'host.hostname',
excluded: false,
kqlQuery: '',
queryMatch: {
field: 'host.hostname',
value: 'Host-u6ou715rzy',
displayValue: 'Host-u6ou715rzy',
operator: ':' as QueryOperator,
},
},
Expand Down
4 changes: 4 additions & 0 deletions ...tion/public/overview/components/detection_response/hooks/use_navigate_to_timeline.test.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,10 @@ jest.mock('react-redux', () => {
};
});

jest.mock('uuid', () => ({
v4: () => 'mock-id',
}));

const id = 'timeline-1';
const renderUseNavigatgeToTimeline = () => renderHook(() => useNavigateToTimeline());

Expand Down
17 changes: 13 additions & 4 deletions ...solution/public/overview/components/detection_response/hooks/use_navigate_to_timeline.tsx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,12 +7,13 @@

import { useCallback, useMemo } from 'react';
import { useDispatch } from 'react-redux';
import { v4 as uuid } from 'uuid';

import { useDeepEqualSelector } from '../../../../common/hooks/use_selector';
import { SourcererScopeName } from '../../../../common/store/sourcerer/model';
import { sourcererActions } from '../../../../common/store/sourcerer';
import { getDataProvider } from '../../../../common/components/event_details/table/use_action_cell_data_provider';
import type { DataProvider } from '../../../../../common/types/timeline';
import type { DataProvider, QueryOperator } from '../../../../../common/types/timeline';
import { TimelineId, TimelineType } from '../../../../../common/types/timeline';
import { useCreateTimeline } from '../../../../timelines/components/timeline/properties/use_create_timeline';
import { updateProviders } from '../../../../timelines/store/timeline/actions';
Expand All @@ -21,7 +22,8 @@ import type { TimeRange } from '../../../../common/store/inputs/model';

export interface Filter {
field: string;
value: string;
value: string | string[];
operator?: QueryOperator;
}

export const useNavigateToTimeline = () => {
Expand Down Expand Up @@ -79,10 +81,17 @@ export const useNavigateToTimeline = () => {
const mainFilter = orFilterGroup[0];

if (mainFilter) {
const dataProvider = getDataProvider(mainFilter.field, '', mainFilter.value);
const dataProvider = getDataProvider(
mainFilter.field,
uuid(),
mainFilter.value,
mainFilter.operator
);

for (const filter of orFilterGroup.slice(1)) {
dataProvider.and.push(getDataProvider(filter.field, '', filter.value));
dataProvider.and.push(
getDataProvider(filter.field, uuid(), filter.value, filter.operator)
);
}
dataProviders.push(dataProvider);
}
Expand Down
Loading