Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[SIEM] [Case] Case workflow api schema #51535

Merged
merged 44 commits into from
Jan 8, 2020
Merged

[SIEM] [Case] Case workflow api schema #51535

merged 44 commits into from
Jan 8, 2020

Conversation

stephmilovic
Copy link
Contributor

@stephmilovic stephmilovic commented Nov 22, 2019
edited
Loading

Summary

To test locally, add the following line to your kibana.dev.yml:

xpack.case.enabled: true

This PR establishes the initial Case Workflow API, including case and comment schema. Please reference this Postman generated documentation of the API.

Case & Comment mappings are in this temp file, see note below: x-pack/legacy/plugins/siem/server/lib/case/saved_object_mappings_temp.ts

Big Time Note

I needed to use the legacy API in order to to write mappings for case as the Saved Object Mappings API is not yet available on the NP. See: #50309
Therefore, I had to create some temporary files in the siem dir. I plan to commit this to master as I may need to change mappings. Eventually, this will get moved to the new platform.

Checklist

For maintainers

@elasticmachine
Copy link
Contributor

Pinging @elastic/siem (Team:SIEM)

@stephmilovic stephmilovic changed the title [SIEM] [Case] Case workflow api schema [skip-ci] [SIEM] [Case] Case workflow api schema Nov 22, 2019
@elasticmachine
Copy link
Contributor

💔 Build Failed

@MikePaquette MikePaquette mentioned this pull request Jan 2, 2020
Open
9 tasks
@stephmilovic
Copy link
Contributor Author

retest

1 similar comment
@stephmilovic
Copy link
Contributor Author

retest

@tylersmalley
Copy link
Contributor

@elasticmachine merge upstream

@stephmilovic
Copy link
Contributor Author

@elasticmachine merge upstream

tylersmalley
tylersmalley reviewed Jan 8, 2020
View reviewed changes
.eslintrc.js Outdated Show resolved Hide resolved
tylersmalley
tylersmalley suggested changes Jan 8, 2020
View reviewed changes
x-pack/legacy/plugins/siem/index.ts Outdated
// TODO: Remove once while Saved Object Mappings API is programmed for the NP See: https://github.com/elastic/kibana/issues/50309
savedObjectSchemas: {
'case-workflow': {
indexPattern: '.case-testing-ground', // TODO: Change this name and use kibana.yml settings to override it.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What's the reason for having this stored in a separate index? If we can avoid it, we should as a failed migration requires each of these indices to to removed currently and won't be resolved until 8.0.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

i will need it in a separate index, but apparently there is a way to get access to the kibana.yml from this part of the code which I had not believed to be possible. I need to track down an example, brb!

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I removed these lines for now since they will need to be done from the NP side ultimately. could have to do with these failures, we'll see

@tylersmalley
Copy link
Contributor

Something is blocking the Kibana server from starting for me, which is probably the cause of the CI failures. If I disable the plugin --xpack.siem.enabled=false all is well again.

Are you able to reproduce this if you remove the configuration from your kibana.dev.yml?

@stephmilovic
Copy link
Contributor Author

Something is blocking the Kibana server from starting for me, which is probably the cause of the CI failures. If I disable the plugin --xpack.siem.enabled=false all is well again.

Are you able to reproduce this if you remove the configuration from your kibana.dev.yml?

I think this all has to do with creating NP case saved objects from legacy siem. That was a temporary work around anyways. I removed that code, have the kibana server running locally without issues, let's see if we can get a green build

@kibanamachine
Copy link
Contributor

💚 Build Succeeded

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

@stephmilovic stephmilovic merged commit 303e484 into elastic:master Jan 8, 2020
@stephmilovic stephmilovic deleted the case-workflow-api-schema branch January 8, 2020 21:28
@stephmilovic stephmilovic mentioned this pull request Jan 8, 2020
Merged
stephmilovic added a commit to stephmilovic/kibana that referenced this pull request Jan 8, 2020
@stephmilovic
[SIEM] [Case] Case workflow api schema (elastic#51535)
9953624
gmmorris added a commit to gmmorris/kibana that referenced this pull request Jan 9, 2020
@gmmorris
Merge branch 'master' into task-manager/schema-config
3dd94d5 
* master: (23 commits)
  [Vis: Default editor] Reactify the timelion editor (elastic#52990)
  [Discover] fix histogram min interval (elastic#53979)
  [Telemetry] [Monitoring] Only retry fetching usage once monito… (elastic#54309)
  [docs][APM] Add runtime index config documentation (elastic#53907)
  [SIEM] Detection engine timeline (elastic#53783)
  Filter scripted fields preview field list to source fields (elastic#53826)
  Management - New platform api (elastic#52579)
  Reset region and Account when switching inventory (elastic#54287)
  [SIEM] [Case] Case workflow api schema (elastic#51535)
  Code coverage setup on CI (elastic#49003)
  [ML] DF Analytics Results: adds link to docs (elastic#54189)
  Update schemas boolean, byteSize, and duration to coerce strings (elastic#54177)
  [Metrics UI] Pass relevant shouldAllowEdit capabilities into SettingsPage (elastic#49781)
  [Canvas] Fixes bugs with autoplay and refresh (elastic#53149)
  [ML] DF Analytics Classification: ensure confusion matrix can be fetched (elastic#53629)
  Fix Vega react eslint errors (elastic#54259)
  Remove non existing codeowners (elastic#54274)
  use correct type (elastic#54244)
  [Dashboard] Removing 100% as dshDashboardViewport height (elastic#54263)
  add `examples/` to no-restricted-path config (elastic#54252)
  ...
stephmilovic added a commit that referenced this pull request Jan 9, 2020
@stephmilovic
[SIEM] [Case] Case workflow api schema (#51535) (#54304)
4fbf9c7
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@XavierM XavierM XavierM approved these changes

@kobelb kobelb kobelb left review comments

@azasypkin azasypkin azasypkin left review comments

@tylersmalley tylersmalley tylersmalley approved these changes

@jbudz jbudz jbudz approved these changes

@legrego legrego legrego approved these changes

Assignees
No one assigned
Labels
release_note:enhancement Team:SIEM v7.7.0 v8.0.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[SIEM] [Case] Establish API and schema
9 participants
@stephmilovic @elasticmachine @XavierM @tylersmalley @kibanamachine @kobelb @azasypkin @jbudz @legrego