Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

middleware receive immutable versions of state and actions #63802

Merged
merged 2 commits into from
Apr 17, 2020
Merged

middleware receive immutable versions of state and actions #63802

merged 2 commits into from
Apr 17, 2020

Conversation

oatkiller
Copy link
Contributor

@oatkiller oatkiller commented Apr 16, 2020
edited
Loading

Summary

Middleware receive state and actions, but they shouldn't mutate either. With this PR, middleware using the substateMiddlewareFactory helper will have this enforced via typescript.

  • replace MiddlewareFactory with ImmutableMiddlewareFactory
  • Added types: ImmutableMiddleware and ImmutableMiddlewareAPI which are similar to the ones built into redux but which enforce that state and actions aren't mutated (and which allow Immutable versions of actions to be dispatched.

No changes to runtime code.

See https://redux.js.org/faq/immutable-data for explanation of the pattern

Checklist

no runtime code changes intended

For maintainers

@oatkiller oatkiller added the release_note:skip Skip the PR/issue when compiling release notes label Apr 16, 2020
@oatkiller oatkiller requested a review from a team as a code owner April 16, 2020 22:16
@oatkiller oatkiller marked this pull request as draft April 16, 2020 22:19
@oatkiller oatkiller added the Feature:Endpoint Elastic Endpoint feature label Apr 17, 2020
@elasticmachine
Copy link
Contributor

Pinging @elastic/endpoint-app-team (Feature:Endpoint)

@oatkiller oatkiller force-pushed the immutable-stuff-in-middleware branch from 30b22d2 to 85722d8 Compare April 17, 2020 14:04
@oatkiller oatkiller marked this pull request as ready for review April 17, 2020 14:08
oatkiller
oatkiller commented Apr 17, 2020
View reviewed changes
x-pack/plugins/endpoint/public/applications/endpoint/store/alerts/middleware.ts
@@ -29,7 +31,7 @@ export const alertMiddlewareFactory: MiddlewareFactory<AlertListState> = (coreSt
return [indexPattern];
}

return api => next => async (action: AppAction) => {
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This will now be an Immutable version of AppAction.

oatkiller
oatkiller commented Apr 17, 2020
View reviewed changes
x-pack/plugins/endpoint/public/applications/endpoint/store/hosts/middleware.ts

export const hostMiddlewareFactory: MiddlewareFactory<HostListState> = coreStart => {
return ({ getState, dispatch }) => next => async (action: AppAction) => {
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This will now be an Immutable version of AppAction.

oatkiller
oatkiller commented Apr 17, 2020
View reviewed changes
x-pack/plugins/endpoint/public/applications/endpoint/store/index.ts
import { EndpointPluginStartDependencies } from '../../../plugin';

const composeWithReduxDevTools = (window as any).__REDUX_DEVTOOLS_EXTENSION_COMPOSE__
? (window as any).__REDUX_DEVTOOLS_EXTENSION_COMPOSE__({ name: 'EndpointApp' })
: compose;

export type Selector<S, R> = (state: S) => R;
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

moved type to types module. Code should be more readable now, and this type is relevant to the others there: ImmutableMiddleware, ImmutableMiddlewareAPI, ImmutableMidlewareFactory.

oatkiller
oatkiller commented Apr 17, 2020
View reviewed changes
x-pack/plugins/endpoint/public/applications/endpoint/store/index.ts
@@ -66,7 +47,7 @@ export const appStoreFactory: (middlewareDeps?: {
* Any additional Redux Middlewares
* (should only be used for testing - example: to inject the action spy middleware)
*/
additionalMiddleware?: Array<ReturnType<MiddlewareFactory>>;
additionalMiddleware?: Array<ReturnType<ImmutableMiddlewareFactory>>;
Copy link
Contributor Author

@oatkiller oatkiller Apr 17, 2020
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@paul-tavares objections to replacing this with:

actionSpyMiddleware?: ActionSpyMiddleware

I don't think code outside of the store should dictating what middleware are used, how they are constructed, or what order they are applied in.

Theoretical example of what i'm concerned about:

Assume we learn that the actionSpyMiddleware should really come before all other middleware (seems reasonable, since by being added last, other middleware could decide not to pass an action on to the action spy.) If we move all 'additional middleware' to the beginning of the chain, and if there were other additional middleware (as opposed to just the spy) then that could cause issues.

@kibanamachine
Copy link
Contributor

💛 Build succeeded, but was flaky

Test Failures

Kibana Pipeline / kibana-xpack-agent / X-Pack Detection Engine API Integration Tests.x-pack/test/detection_engine_api_integration/security_and_spaces/tests/find_statuses·ts.detection engine api security and spaces enabled find_statuses should return a single rule status when a single rule is loaded from a find status with defaults added

Link to Jenkins

Standard Out

Failed Tests Reporter:
  - Test has failed 9 times on tracked branches: https://github.com/elastic/kibana/issues/63747

[00:00:00]       │
[00:00:00]         └-: detection engine api security and spaces enabled
[00:00:00]           └-> "before all" hook
[00:02:08]           └-: find_statuses
[00:02:08]             └-> "before all" hook
[00:02:08]             └-> should return an empty find statuses body correctly if no statuses are loaded
[00:02:08]               └-> "before each" hook: global before each
[00:02:08]               └-> "before each" hook
[00:02:08]                 │ info [o.e.x.i.a.TransportPutLifecycleAction] [kibana-ci-immutable-ubuntu-16-tests-xl-1587132347251903627] adding index lifecycle policy [.siem-signals-default]
[00:02:08]                 │ info [o.e.c.m.MetadataIndexTemplateService] [kibana-ci-immutable-ubuntu-16-tests-xl-1587132347251903627] adding template [.siem-signals-default] for index patterns [.siem-signals-default-*]
[00:02:08]                 │ info [o.e.c.m.MetadataCreateIndexService] [kibana-ci-immutable-ubuntu-16-tests-xl-1587132347251903627] applying create index request using v1 templates [{".siem-signals-default":{"order":0,"index_patterns":[".siem-signals-default-*"],"settings":{"index":{"lifecycle":{"name":".siem-signals-default","rollover_alias":".siem-signals-default"}}},"mappings":{"_doc":{"dynamic":false,"properties":{"container":{"properties":{"image":{"properties":{"name":{"ignore_above":1024,"type":"keyword"},"tag":{"ignore_above":1024,"type":"keyword"}}},"name":{"ignore_above":1024,"type":"keyword"},"runtime":{"ignore_above":1024,"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"},"labels":{"type":"object"}}},"server":{"properties":{"nat":{"properties":{"port":{"type":"long"},"ip":{"type":"ip"}}},"address":{"ignore_above":1024,"type":"keyword"},"top_level_domain":{"ignore_above":1024,"type":"keyword"},"ip":{"type":"ip"},"mac":{"ignore_above":1024,"type":"keyword"},"packets":{"type":"long"},"geo":{"properties":{"continent_name":{"ignore_above":1024,"type":"keyword"},"region_iso_code":{"ignore_above":1024,"type":"keyword"},"city_name":{"ignore_above":1024,"type":"keyword"},"country_iso_code":{"ignore_above":1024,"type":"keyword"},"country_name":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"type":"keyword"},"location":{"type":"geo_point"},"region_name":{"ignore_above":1024,"type":"keyword"}}},"as":{"properties":{"number":{"type":"long"},"organization":{"properties":{"name":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"}}}}},"registered_domain":{"ignore_above":1024,"type":"keyword"},"port":{"type":"long"},"bytes":{"type":"long"},"domain":{"ignore_above":1024,"type":"keyword"},"user":{"properties":{"full_name":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"domain":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"},"email":{"ignore_above":1024,"type":"keyword"},"hash":{"ignore_above":1024,"type":"keyword"},"group":{"properties":{"domain":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"}}}}}}},"agent":{"properties":{"name":{"ignore_above":1024,"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"},"ephemeral_id":{"ignore_above":1024,"type":"keyword"},"type":{"ignore_above":1024,"type":"keyword"},"version":{"ignore_above":1024,"type":"keyword"}}},"log":{"properties":{"original":{"ignore_above":1024,"index":false,"type":"keyword","doc_values":false},"level":{"ignore_above":1024,"type":"keyword"},"logger":{"ignore_above":1024,"type":"keyword"},"origin":{"properties":{"file":{"properties":{"line":{"type":"integer"},"name":{"ignore_above":1024,"type":"keyword"}}},"function":{"ignore_above":1024,"type":"keyword"}}},"syslog":{"type":"object","properties":{"severity":{"properties":{"code":{"type":"long"},"name":{"ignore_above":1024,"type":"keyword"}}},"priority":{"type":"long"},"facility":{"properties":{"code":{"type":"long"},"name":{"ignore_above":1024,"type":"keyword"}}}}}}},"destination":{"properties":{"nat":{"properties":{"port":{"type":"long"},"ip":{"type":"ip"}}},"address":{"ignore_above":1024,"type":"keyword"},"top_level_domain":{"ignore_above":1024,"type":"keyword"},"ip":{"type":"ip"},"mac":{"ignore_above":1024,"type":"keyword"},"packets":{"type":"long"},"geo":{"properties":{"continent_name":{"ignore_above":1024,"type":"keyword"},"region_iso_code":{"ignore_above":1024,"type":"keyword"},"city_name":{"ignore_above":1024,"type":"keyword"},"country_iso_code":{"ignore_above":1024,"type":"keyword"},"country_name":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"type":"keyword"},"location":{"type":"geo_point"},"region_name":{"ignore_above":1024,"type":"keyword"}}},"as":{"properties":{"number":{"type":"long"},"organization":{"properties":{"name":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"}}}}},"registered_domain":{"ignore_above":1024,"type":"keyword"},"port":{"type":"long"},"bytes":{"type":"long"},"domain":{"ignore_above":1024,"type":"keyword"},"user":{"properties":{"full_name":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"domain":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"},"email":{"ignore_above":1024,"type":"keyword"},"hash":{"ignore_above":1024,"type":"keyword"},"group":{"properties":{"domain":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"}}}}}}},"rule":{"properties":{"reference":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"type":"keyword"},"ruleset":{"ignore_above":1024,"type":"keyword"},"description":{"ignore_above":1024,"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"},"category":{"ignore_above":1024,"type":"keyword"},"uuid":{"ignore_above":1024,"type":"keyword"},"version":{"ignore_above":1024,"type":"keyword"}}},"source":{"properties":{"nat":{"properties":{"port":{"type":"long"},"ip":{"type":"ip"}}},"address":{"ignore_above":1024,"type":"keyword"},"top_level_domain":{"ignore_above":1024,"type":"keyword"},"ip":{"type":"ip"},"mac":{"ignore_above":1024,"type":"keyword"},"packets":{"type":"long"},"geo":{"properties":{"continent_name":{"ignore_above":1024,"type":"keyword"},"region_iso_code":{"ignore_above":1024,"type":"keyword"},"city_name":{"ignore_above":1024,"type":"keyword"},"country_iso_code":{"ignore_above":1024,"type":"keyword"},"country_name":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"type":"keyword"},"location":{"type":"geo_point"},"region_name":{"ignore_above":1024,"type":"keyword"}}},"as":{"properties":{"number":{"type":"long"},"organization":{"properties":{"name":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"}}}}},"registered_domain":{"ignore_above":1024,"type":"keyword"},"port":{"type":"long"},"bytes":{"type":"long"},"domain":{"ignore_above":1024,"type":"keyword"},"user":{"properties":{"full_name":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"domain":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"},"email":{"ignore_above":1024,"type":"keyword"},"hash":{"ignore_above":1024,"type":"keyword"},"group":{"properties":{"domain":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"}}}}}}},"error":{"properties":{"code":{"ignore_above":1024,"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"},"stack_trace":{"ignore_above":1024,"index":false,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword","doc_values":false},"message":{"norms":false,"type":"text"},"type":{"ignore_above":1024,"type":"keyword"}}},"network":{"properties":{"community_id":{"ignore_above":1024,"type":"keyword"},"forwarded_ip":{"type":"ip"},"protocol":{"ignore_above":1024,"type":"keyword"},"application":{"ignore_above":1024,"type":"keyword"},"bytes":{"type":"long"},"name":{"ignore_above":1024,"type":"keyword"},"transport":{"ignore_above":1024,"type":"keyword"},"type":{"ignore_above":1024,"type":"keyword"},"iana_number":{"ignore_above":1024,"type":"keyword"},"packets":{"type":"long"},"direction":{"ignore_above":1024,"type":"keyword"}}},"cloud":{"properties":{"availability_zone":{"ignore_above":1024,"type":"keyword"},"instance":{"properties":{"name":{"ignore_above":1024,"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"}}},"provider":{"ignore_above":1024,"type":"keyword"},"machine":{"properties":{"type":{"ignore_above":1024,"type":"keyword"}}},"region":{"ignore_above":1024,"type":"keyword"},"account":{"properties":{"id":{"ignore_above":1024,"type":"keyword"}}}}},"geo":{"properties":{"continent_name":{"ignore_above":1024,"type":"keyword"},"region_iso_code":{"ignore_above":1024,"type":"keyword"},"city_name":{"ignore_above":1024,"type":"keyword"},"country_iso_code":{"ignore_above":1024,"type":"keyword"},"country_name":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"type":"keyword"},"location":{"type":"geo_point"},"region_name":{"ignore_above":1024,"type":"keyword"}}},"observer":{"properties":{"geo":{"properties":{"continent_name":{"ignore_above":1024,"type":"keyword"},"region_iso_code":{"ignore_above":1024,"type":"keyword"},"city_name":{"ignore_above":1024,"type":"keyword"},"country_iso_code":{"ignore_above":1024,"type":"keyword"},"country_name":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"type":"keyword"},"location":{"type":"geo_point"},"region_name":{"ignore_above":1024,"type":"keyword"}}},"hostname":{"ignore_above":1024,"type":"keyword"},"product":{"ignore_above":1024,"type":"keyword"},"os":{"properties":{"kernel":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"family":{"ignore_above":1024,"type":"keyword"},"version":{"ignore_above":1024,"type":"keyword"},"platform":{"ignore_above":1024,"type":"keyword"},"full":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"}}},"vendor":{"ignore_above":1024,"type":"keyword"},"ip":{"type":"ip"},"name":{"ignore_above":1024,"type":"keyword"},"serial_number":{"ignore_above":1024,"type":"keyword"},"type":{"ignore_above":1024,"type":"keyword"},"version":{"ignore_above":1024,"type":"keyword"},"mac":{"ignore_above":1024,"type":"keyword"}}},"trace":{"properties":{"id":{"ignore_above":1024,"type":"keyword"}}},"file":{"properties":{"owner":{"ignore_above":1024,"type":"keyword"},"extension":{"ignore_above":1024,"type":"keyword"},"gid":{"ignore_above":1024,"type":"keyword"},"drive_letter":{"ignore_above":1,"type":"keyword"},"created":{"type":"date"},"accessed":{"type":"date"},"mtime":{"type":"date"},"type":{"ignore_above":1024,"type":"keyword"},"directory":{"ignore_above":1024,"type":"keyword"},"target_path":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"inode":{"ignore_above":1024,"type":"keyword"},"mode":{"ignore_above":1024,"type":"keyword"},"path":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"uid":{"ignore_above":1024,"type":"keyword"},"size":{"type":"long"},"name":{"ignore_above":1024,"type":"keyword"},"ctime":{"type":"date"},"attributes":{"ignore_above":1024,"type":"keyword"},"device":{"ignore_above":1024,"type":"keyword"},"hash":{"properties":{"sha1":{"ignore_above":1024,"type":"keyword"},"sha256":{"ignore_above":1024,"type":"keyword"},"sha512":{"ignore_above":1024,"type":"keyword"},"md5":{"ignore_above":1024,"type":"keyword"}}},"group":{"ignore_above":1024,"type":"keyword"}}},"ecs":{"properties":{"version":{"ignore_above":1024,"type":"keyword"}}},"related":{"properties":{"ip":{"type":"ip"},"user":{"ignore_above":1024,"type":"keyword"},"hash":{"ignore_above":1024,"type":"keyword"}}},"host":{"properties":{"geo":{"properties":{"continent_name":{"ignore_above":1024,"type":"keyword"},"region_iso_code":{"ignore_above":1024,"type":"keyword"},"city_name":{"ignore_above":1024,"type":"keyword"},"country_iso_code":{"ignore_above":1024,"type":"keyword"},"country_name":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"type":"keyword"},"location":{"type":"geo_point"},"region_name":{"ignore_above":1024,"type":"keyword"}}},"hostname":{"ignore_above":1024,"type":"keyword"},"os":{"properties":{"kernel":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"family":{"ignore_above":1024,"type":"keyword"},"version":{"ignore_above":1024,"type":"keyword"},"platform":{"ignore_above":1024,"type":"keyword"},"full":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"}}},"domain":{"ignore_above":1024,"type":"keyword"},"ip":{"type":"ip"},"name":{"ignore_above":1024,"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"},"type":{"ignore_above":1024,"type":"keyword"},"user":{"properties":{"full_name":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"domain":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"},"email":{"ignore_above":1024,"type":"keyword"},"hash":{"ignore_above":1024,"type":"keyword"},"group":{"properties":{"domain":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"}}}}},"mac":{"ignore_above":1024,"type":"keyword"},"architecture":{"ignore_above":1024,"type":"keyword"},"uptime":{"type":"long"}}},"client":{"properties":{"nat":{"properties":{"port":{"type":"long"},"ip":{"type":"ip"}}},"address":{"ignore_above":1024,"type":"keyword"},"top_level_domain":{"ignore_above":1024,"type":"keyword"},"ip":{"type":"ip"},"mac":{"ignore_above":1024,"type":"keyword"},"packets":{"type":"long"},"geo":{"properties":{"continent_name":{"ignore_above":1024,"type":"keyword"},"region_iso_code":{"ignore_above":1024,"type":"keyword"},"city_name":{"ignore_above":1024,"type":"keyword"},"country_iso_code":{"ignore_above":1024,"type":"keyword"},"country_name":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"type":"keyword"},"location":{"type":"geo_point"},"region_name":{"ignore_above":1024,"type":"keyword"}}},"as":{"properties":{"number":{"type":"long"},"organization":{"properties":{"name":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"}}}}},"registered_domain":{"ignore_above":1024,"type":"keyword"},"port":{"type":"long"},"bytes":{"type":"long"},"domain":{"ignore_above":1024,"type":"keyword"},"user":{"properties":{"full_name":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"domain":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"},"email":{"ignore_above":1024,"type":"keyword"},"hash":{"ignore_above":1024,"type":"keyword"},"group":{"properties":{"domain":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"}}}}}}},"event":{"properties":{"severity":{"type":"long"},"code":{"ignore_above":1024,"type":"keyword"},"original":{"ignore_above":1024,"index":false,"type":"keyword","doc_values":false},"risk_score":{"type":"float"},"created":{"type":"date"},"kind":{"ignore_above":1024,"type":"keyword"},"timezone":{"ignore_above":1024,"type":"keyword"},"module":{"ignore_above":1024,"type":"keyword"},"start":{"type":"date"},"type":{"ignore_above":1024,"type":"keyword"},"duration":{"type":"long"},"sequence":{"type":"long"},"ingested":{"type":"date"},"provider":{"ignore_above":1024,"type":"keyword"},"risk_score_norm":{"type":"float"},"action":{"ignore_above":1024,"type":"keyword"},"end":{"type":"date"},"id":{"ignore_above":1024,"type":"keyword"},"category":{"ignore_above":1024,"type":"keyword"},"dataset":{"ignore_above":1024,"type":"keyword"},"hash":{"ignore_above":1024,"type":"keyword"},"outcome":{"ignore_above":1024,"type":"keyword"}}},"signal":{"properties":{"parent":{"properties":{"depth":{"type":"long"},"rule":{"type":"keyword"},"index":{"type":"keyword"},"id":{"type":"keyword"},"type":{"type":"keyword"}}},"rule":{"properties":{"note":{"type":"text"},"references":{"type":"keyword"},"description":{"type":"keyword"},"created_at":{"type":"date"},"language":{"type":"keyword"},"output_index":{"type":"keyword"},"type":{"type":"keyword"},"enabled":{"type":"keyword"},"updated_at":{"type":"date"},"from":{"type":"keyword"},"id":{"type":"keyword"},"timeline_id":{"type":"keyword"},"max_signals":{"type":"keyword"},"severity":{"type":"keyword"},"risk_score":{"type":"keyword"},"query":{"type":"keyword"},"index":{"type":"keyword"},"filters":{"type":"object"},"created_by":{"type":"keyword"},"version":{"type":"keyword"},"saved_id":{"type":"keyword"},"tags":{"type":"keyword"},"rule_id":{"type":"keyword"},"immutable":{"type":"keyword"},"size":{"type":"keyword"},"timeline_title":{"type":"keyword"},"name":{"type":"keyword"},"updated_by":{"type":"keyword"},"interval":{"type":"keyword"},"false_positives":{"type":"keyword"},"threat":{"properties":{"framework":{"type":"keyword"},"technique":{"properties":{"reference":{"type":"keyword"},"name":{"type":"keyword"},"id":{"type":"keyword"}}},"tactic":{"properties":{"reference":{"type":"keyword"},"name":{"type":"keyword"},"id":{"type":"keyword"}}}}},"to":{"type":"keyword"}}},"original_time":{"type":"date"},"ancestors":{"properties":{"depth":{"type":"long"},"rule":{"type":"keyword"},"id":{"type":"keyword"},"type":{"type":"keyword"}}},"original_event":{"properties":{"severity":{"type":"long"},"code":{"type":"keyword"},"original":{"index":false,"type":"keyword","doc_values":false},"risk_score":{"type":"float"},"created":{"type":"date"},"kind":{"type":"keyword"},"timezone":{"type":"keyword"},"module":{"type":"keyword"},"start":{"type":"date"},"type":{"type":"keyword"},"duration":{"type":"long"},"sequence":{"type":"long"},"provider":{"type":"keyword"},"risk_score_norm":{"type":"float"},"action":{"type":"keyword"},"end":{"type":"date"},"id":{"type":"keyword"},"category":{"type":"keyword"},"dataset":{"type":"keyword"},"hash":{"type":"keyword"},"outcome":{"type":"keyword"}}},"status":{"type":"keyword"}}},"user_agent":{"properties":{"original":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"os":{"properties":{"kernel":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"family":{"ignore_above":1024,"type":"keyword"},"version":{"ignore_above":1024,"type":"keyword"},"platform":{"ignore_above":1024,"type":"keyword"},"full":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"}}},"name":{"ignore_above":1024,"type":"keyword"},"device":{"properties":{"name":{"ignore_above":1024,"type":"keyword"}}},"version":{"ignore_above":1024,"type":"keyword"}}},"group":{"properties":{"domain":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"}}},"registry":{"properties":{"hive":{"ignore_above":1024,"type":"keyword"},"path":{"ignore_above":1024,"type":"keyword"},"data":{"properties":{"strings":{"ignore_above":1024,"type":"keyword"},"bytes":{"ignore_above":1024,"type":"keyword"},"type":{"ignore_above":1024,"type":"keyword"}}},"value":{"ignore_above":1024,"type":"keyword"},"key":{"ignore_above":1024,"type":"keyword"}}},"process":{"properties":{"parent":{"properties":{"pgid":{"type":"long"},"start":{"type":"date"},"pid":{"type":"long"},"working_directory":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"thread":{"properties":{"name":{"ignore_above":1024,"type":"keyword"},"id":{"type":"long"}}},"title":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"executable":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"ppid":{"type":"long"},"uptime":{"type":"long"},"args":{"ignore_above":1024,"type":"keyword"},"exit_code":{"type":"long"},"name":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"args_count":{"type":"long"},"command_line":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"}}},"pgid":{"type":"long"},"start":{"type":"date"},"pid":{"type":"long"},"working_directory":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"thread":{"properties":{"name":{"ignore_above":1024,"type":"keyword"},"id":{"type":"long"}}},"title":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"executable":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"ppid":{"type":"long"},"uptime":{"type":"long"},"args":{"ignore_above":1024,"type":"keyword"},"exit_code":{"type":"long"},"name":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"args_count":{"type":"long"},"command_line":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"hash":{"properties":{"sha1":{"ignore_above":1024,"type":"keyword"},"sha256":{"ignore_above":1024,"type":"keyword"},"sha512":{"ignore_above":1024,"type":"keyword"},"md5":{"ignore_above":1024,"type":"keyword"}}}}},"package":{"properties":{"installed":{"type":"date"},"build_version":{"ignore_above":1024,"type":"keyword"},"description":{"ignore_above":1024,"type":"keyword"},"type":{"ignore_above":1024,"type":"keyword"},"version":{"ignore_above":1024,"type":"keyword"},"reference":{"ignore_above":1024,"type":"keyword"},"license":{"ignore_above":1024,"type":"keyword"},"path":{"ignore_above":1024,"type":"keyword"},"install_scope":{"ignore_above":1024,"type":"keyword"},"size":{"type":"long"},"checksum":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"type":"keyword"},"architecture":{"ignore_above":1024,"type":"keyword"}}},"os":{"properties":{"kernel":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"family":{"ignore_above":1024,"type":"keyword"},"version":{"ignore_above":1024,"type":"keyword"},"platform":{"ignore_above":1024,"type":"keyword"},"full":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"}}},"dns":{"properties":{"op_code":{"ignore_above":1024,"type":"keyword"},"resolved_ip":{"type":"ip"},"response_code":{"ignore_above":1024,"type":"keyword"},"question":{"properties":{"registered_domain":{"ignore_above":1024,"type":"keyword"},"top_level_domain":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"type":"keyword"},"subdomain":{"ignore_above":1024,"type":"keyword"},"type":{"ignore_above":1024,"type":"keyword"},"class":{"ignore_above":1024,"type":"keyword"}}},"answers":{"type":"object","properties":{"data":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"type":"keyword"},"type":{"ignore_above":1024,"type":"keyword"},"class":{"ignore_above":1024,"type":"keyword"},"ttl":{"type":"long"}}},"header_flags":{"ignore_above":1024,"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"},"type":{"ignore_above":1024,"type":"keyword"}}},"vulnerability":{"properties":{"reference":{"ignore_above":1024,"type":"keyword"},"severity":{"ignore_above":1024,"type":"keyword"},"score":{"properties":{"environmental":{"type":"float"},"version":{"ignore_above":1024,"type":"keyword"},"temporal":{"type":"float"},"base":{"type":"float"}}},"report_id":{"ignore_above":1024,"type":"keyword"},"scanner":{"properties":{"vendor":{"ignore_above":1024,"type":"keyword"}}},"description":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"},"category":{"ignore_above":1024,"type":"keyword"},"classification":{"ignore_above":1024,"type":"keyword"},"enumeration":{"ignore_above":1024,"type":"keyword"}}},"message":{"norms":false,"type":"text"},"url":{"properties":{"extension":{"ignore_above":1024,"type":"keyword"},"original":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"scheme":{"ignore_above":1024,"type":"keyword"},"top_level_domain":{"ignore_above":1024,"type":"keyword"},"query":{"ignore_above":1024,"type":"keyword"},"path":{"ignore_above":1024,"type":"keyword"},"fragment":{"ignore_above":1024,"type":"keyword"},"password":{"ignore_above":1024,"type":"keyword"},"registered_domain":{"ignore_above":1024,"type":"keyword"},"port":{"type":"long"},"domain":{"ignore_above":1024,"type":"keyword"},"full":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"username":{"ignore_above":1024,"type":"keyword"}}},"labels":{"type":"object"},"tags":{"ignore_above":1024,"type":"keyword"},"as":{"properties":{"number":{"type":"long"},"organization":{"p
[00:02:08]                 │ info roperties":{"name":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"}}}}},"@timestamp":{"type":"date"},"service":{"properties":{"node":{"properties":{"name":{"ignore_above":1024,"type":"keyword"}}},"name":{"ignore_above":1024,"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"},"state":{"ignore_above":1024,"type":"keyword"},"ephemeral_id":{"ignore_above":1024,"type":"keyword"},"type":{"ignore_above":1024,"type":"keyword"},"version":{"ignore_above":1024,"type":"keyword"}}},"organization":{"properties":{"name":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"}}},"http":{"properties":{"request":{"properties":{"referrer":{"ignore_above":1024,"type":"keyword"},"method":{"ignore_above":1024,"type":"keyword"},"bytes":{"type":"long"},"body":{"properties":{"bytes":{"type":"long"},"content":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"}}}}},"response":{"properties":{"status_code":{"type":"long"},"bytes":{"type":"long"},"body":{"properties":{"bytes":{"type":"long"},"content":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"}}}}},"version":{"ignore_above":1024,"type":"keyword"}}},"tls":{"properties":{"cipher":{"ignore_above":1024,"type":"keyword"},"established":{"type":"boolean"},"server":{"properties":{"not_after":{"type":"date"},"ja3s":{"ignore_above":1024,"type":"keyword"},"not_before":{"type":"date"},"subject":{"ignore_above":1024,"type":"keyword"},"certificate":{"ignore_above":1024,"type":"keyword"},"certificate_chain":{"ignore_above":1024,"type":"keyword"},"hash":{"properties":{"sha1":{"ignore_above":1024,"type":"keyword"},"sha256":{"ignore_above":1024,"type":"keyword"},"md5":{"ignore_above":1024,"type":"keyword"}}},"issuer":{"ignore_above":1024,"type":"keyword"}}},"curve":{"ignore_above":1024,"type":"keyword"},"client":{"properties":{"not_after":{"type":"date"},"server_name":{"ignore_above":1024,"type":"keyword"},"not_before":{"type":"date"},"subject":{"ignore_above":1024,"type":"keyword"},"supported_ciphers":{"ignore_above":1024,"type":"keyword"},"certificate":{"ignore_above":1024,"type":"keyword"},"ja3":{"ignore_above":1024,"type":"keyword"},"certificate_chain":{"ignore_above":1024,"type":"keyword"},"hash":{"properties":{"sha1":{"ignore_above":1024,"type":"keyword"},"sha256":{"ignore_above":1024,"type":"keyword"},"md5":{"ignore_above":1024,"type":"keyword"}}},"issuer":{"ignore_above":1024,"type":"keyword"}}},"next_protocol":{"ignore_above":1024,"type":"keyword"},"resumed":{"type":"boolean"},"version":{"ignore_above":1024,"type":"keyword"},"version_protocol":{"ignore_above":1024,"type":"keyword"}}},"threat":{"properties":{"framework":{"ignore_above":1024,"type":"keyword"},"technique":{"properties":{"reference":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"}}},"tactic":{"properties":{"reference":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"}}}}},"user":{"properties":{"full_name":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"domain":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"},"email":{"ignore_above":1024,"type":"keyword"},"hash":{"ignore_above":1024,"type":"keyword"},"group":{"properties":{"domain":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"}}}}},"hash":{"properties":{"sha1":{"ignore_above":1024,"type":"keyword"},"sha256":{"ignore_above":1024,"type":"keyword"},"sha512":{"ignore_above":1024,"type":"keyword"},"md5":{"ignore_above":1024,"type":"keyword"}}},"transaction":{"properties":{"id":{"ignore_above":1024,"type":"keyword"}}}}}},"aliases":{}}}]
[00:02:08]                 │ info [o.e.c.m.MetadataCreateIndexService] [kibana-ci-immutable-ubuntu-16-tests-xl-1587132347251903627] [.siem-signals-default-000001] creating index, cause [api], templates [.siem-signals-default], shards [1]/[1], mappings [_doc]
[00:02:08]                 │ info [o.e.x.i.IndexLifecycleTransition] [kibana-ci-immutable-ubuntu-16-tests-xl-1587132347251903627] moving index [.siem-signals-default-000001] from [null] to [{"phase":"new","action":"complete","name":"complete"}] in policy [.siem-signals-default]
[00:02:08]                 │ info [o.e.x.i.IndexLifecycleTransition] [kibana-ci-immutable-ubuntu-16-tests-xl-1587132347251903627] moving index [.siem-signals-default-000001] from [{"phase":"new","action":"complete","name":"complete"}] to [{"phase":"hot","action":"unfollow","name":"wait-for-indexing-complete"}] in policy [.siem-signals-default]
[00:02:08]                 │ info [o.e.x.i.IndexLifecycleTransition] [kibana-ci-immutable-ubuntu-16-tests-xl-1587132347251903627] moving index [.siem-signals-default-000001] from [{"phase":"hot","action":"unfollow","name":"wait-for-indexing-complete"}] to [{"phase":"hot","action":"unfollow","name":"wait-for-follow-shard-tasks"}] in policy [.siem-signals-default]
[00:02:08]               └- ✓ pass  (54ms) "detection engine api security and spaces enabled find_statuses should return an empty find statuses body correctly if no statuses are loaded"
[00:02:08]             └-> "after each" hook
[00:02:08]               │ info [o.e.c.m.MetadataDeleteIndexService] [kibana-ci-immutable-ubuntu-16-tests-xl-1587132347251903627] [.siem-signals-default-000001/dd0hVMcAQaaTAgbZWlNNpw] deleting index
[00:02:08]               │ info [o.e.c.m.MetadataIndexTemplateService] [kibana-ci-immutable-ubuntu-16-tests-xl-1587132347251903627] removing template [.siem-signals-default]
[00:02:09]             └-> should return a single rule status when a single rule is loaded from a find status with defaults added
[00:02:09]               └-> "before each" hook: global before each
[00:02:09]               └-> "before each" hook
[00:02:09]                 │ info [o.e.x.i.a.TransportPutLifecycleAction] [kibana-ci-immutable-ubuntu-16-tests-xl-1587132347251903627] adding index lifecycle policy [.siem-signals-default]
[00:02:09]                 │ info [o.e.c.m.MetadataIndexTemplateService] [kibana-ci-immutable-ubuntu-16-tests-xl-1587132347251903627] adding template [.siem-signals-default] for index patterns [.siem-signals-default-*]
[00:02:09]                 │ info [o.e.c.m.MetadataCreateIndexService] [kibana-ci-immutable-ubuntu-16-tests-xl-1587132347251903627] applying create index request using v1 templates [{".siem-signals-default":{"order":0,"index_patterns":[".siem-signals-default-*"],"settings":{"index":{"lifecycle":{"name":".siem-signals-default","rollover_alias":".siem-signals-default"}}},"mappings":{"_doc":{"dynamic":false,"properties":{"container":{"properties":{"image":{"properties":{"name":{"ignore_above":1024,"type":"keyword"},"tag":{"ignore_above":1024,"type":"keyword"}}},"name":{"ignore_above":1024,"type":"keyword"},"runtime":{"ignore_above":1024,"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"},"labels":{"type":"object"}}},"server":{"properties":{"nat":{"properties":{"port":{"type":"long"},"ip":{"type":"ip"}}},"address":{"ignore_above":1024,"type":"keyword"},"top_level_domain":{"ignore_above":1024,"type":"keyword"},"ip":{"type":"ip"},"mac":{"ignore_above":1024,"type":"keyword"},"packets":{"type":"long"},"geo":{"properties":{"continent_name":{"ignore_above":1024,"type":"keyword"},"region_iso_code":{"ignore_above":1024,"type":"keyword"},"city_name":{"ignore_above":1024,"type":"keyword"},"country_iso_code":{"ignore_above":1024,"type":"keyword"},"country_name":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"type":"keyword"},"location":{"type":"geo_point"},"region_name":{"ignore_above":1024,"type":"keyword"}}},"as":{"properties":{"number":{"type":"long"},"organization":{"properties":{"name":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"}}}}},"registered_domain":{"ignore_above":1024,"type":"keyword"},"port":{"type":"long"},"bytes":{"type":"long"},"domain":{"ignore_above":1024,"type":"keyword"},"user":{"properties":{"full_name":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"domain":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"},"email":{"ignore_above":1024,"type":"keyword"},"hash":{"ignore_above":1024,"type":"keyword"},"group":{"properties":{"domain":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"}}}}}}},"agent":{"properties":{"name":{"ignore_above":1024,"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"},"ephemeral_id":{"ignore_above":1024,"type":"keyword"},"type":{"ignore_above":1024,"type":"keyword"},"version":{"ignore_above":1024,"type":"keyword"}}},"log":{"properties":{"original":{"ignore_above":1024,"index":false,"type":"keyword","doc_values":false},"level":{"ignore_above":1024,"type":"keyword"},"logger":{"ignore_above":1024,"type":"keyword"},"origin":{"properties":{"file":{"properties":{"line":{"type":"integer"},"name":{"ignore_above":1024,"type":"keyword"}}},"function":{"ignore_above":1024,"type":"keyword"}}},"syslog":{"type":"object","properties":{"severity":{"properties":{"code":{"type":"long"},"name":{"ignore_above":1024,"type":"keyword"}}},"priority":{"type":"long"},"facility":{"properties":{"code":{"type":"long"},"name":{"ignore_above":1024,"type":"keyword"}}}}}}},"destination":{"properties":{"nat":{"properties":{"port":{"type":"long"},"ip":{"type":"ip"}}},"address":{"ignore_above":1024,"type":"keyword"},"top_level_domain":{"ignore_above":1024,"type":"keyword"},"ip":{"type":"ip"},"mac":{"ignore_above":1024,"type":"keyword"},"packets":{"type":"long"},"geo":{"properties":{"continent_name":{"ignore_above":1024,"type":"keyword"},"region_iso_code":{"ignore_above":1024,"type":"keyword"},"city_name":{"ignore_above":1024,"type":"keyword"},"country_iso_code":{"ignore_above":1024,"type":"keyword"},"country_name":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"type":"keyword"},"location":{"type":"geo_point"},"region_name":{"ignore_above":1024,"type":"keyword"}}},"as":{"properties":{"number":{"type":"long"},"organization":{"properties":{"name":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"}}}}},"registered_domain":{"ignore_above":1024,"type":"keyword"},"port":{"type":"long"},"bytes":{"type":"long"},"domain":{"ignore_above":1024,"type":"keyword"},"user":{"properties":{"full_name":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"domain":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"},"email":{"ignore_above":1024,"type":"keyword"},"hash":{"ignore_above":1024,"type":"keyword"},"group":{"properties":{"domain":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"}}}}}}},"rule":{"properties":{"reference":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"type":"keyword"},"ruleset":{"ignore_above":1024,"type":"keyword"},"description":{"ignore_above":1024,"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"},"category":{"ignore_above":1024,"type":"keyword"},"uuid":{"ignore_above":1024,"type":"keyword"},"version":{"ignore_above":1024,"type":"keyword"}}},"source":{"properties":{"nat":{"properties":{"port":{"type":"long"},"ip":{"type":"ip"}}},"address":{"ignore_above":1024,"type":"keyword"},"top_level_domain":{"ignore_above":1024,"type":"keyword"},"ip":{"type":"ip"},"mac":{"ignore_above":1024,"type":"keyword"},"packets":{"type":"long"},"geo":{"properties":{"continent_name":{"ignore_above":1024,"type":"keyword"},"region_iso_code":{"ignore_above":1024,"type":"keyword"},"city_name":{"ignore_above":1024,"type":"keyword"},"country_iso_code":{"ignore_above":1024,"type":"keyword"},"country_name":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"type":"keyword"},"location":{"type":"geo_point"},"region_name":{"ignore_above":1024,"type":"keyword"}}},"as":{"properties":{"number":{"type":"long"},"organization":{"properties":{"name":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"}}}}},"registered_domain":{"ignore_above":1024,"type":"keyword"},"port":{"type":"long"},"bytes":{"type":"long"},"domain":{"ignore_above":1024,"type":"keyword"},"user":{"properties":{"full_name":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"domain":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"},"email":{"ignore_above":1024,"type":"keyword"},"hash":{"ignore_above":1024,"type":"keyword"},"group":{"properties":{"domain":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"}}}}}}},"error":{"properties":{"code":{"ignore_above":1024,"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"},"stack_trace":{"ignore_above":1024,"index":false,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword","doc_values":false},"message":{"norms":false,"type":"text"},"type":{"ignore_above":1024,"type":"keyword"}}},"network":{"properties":{"community_id":{"ignore_above":1024,"type":"keyword"},"forwarded_ip":{"type":"ip"},"protocol":{"ignore_above":1024,"type":"keyword"},"application":{"ignore_above":1024,"type":"keyword"},"bytes":{"type":"long"},"name":{"ignore_above":1024,"type":"keyword"},"transport":{"ignore_above":1024,"type":"keyword"},"type":{"ignore_above":1024,"type":"keyword"},"iana_number":{"ignore_above":1024,"type":"keyword"},"packets":{"type":"long"},"direction":{"ignore_above":1024,"type":"keyword"}}},"cloud":{"properties":{"availability_zone":{"ignore_above":1024,"type":"keyword"},"instance":{"properties":{"name":{"ignore_above":1024,"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"}}},"provider":{"ignore_above":1024,"type":"keyword"},"machine":{"properties":{"type":{"ignore_above":1024,"type":"keyword"}}},"region":{"ignore_above":1024,"type":"keyword"},"account":{"properties":{"id":{"ignore_above":1024,"type":"keyword"}}}}},"geo":{"properties":{"continent_name":{"ignore_above":1024,"type":"keyword"},"region_iso_code":{"ignore_above":1024,"type":"keyword"},"city_name":{"ignore_above":1024,"type":"keyword"},"country_iso_code":{"ignore_above":1024,"type":"keyword"},"country_name":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"type":"keyword"},"location":{"type":"geo_point"},"region_name":{"ignore_above":1024,"type":"keyword"}}},"observer":{"properties":{"geo":{"properties":{"continent_name":{"ignore_above":1024,"type":"keyword"},"region_iso_code":{"ignore_above":1024,"type":"keyword"},"city_name":{"ignore_above":1024,"type":"keyword"},"country_iso_code":{"ignore_above":1024,"type":"keyword"},"country_name":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"type":"keyword"},"location":{"type":"geo_point"},"region_name":{"ignore_above":1024,"type":"keyword"}}},"hostname":{"ignore_above":1024,"type":"keyword"},"product":{"ignore_above":1024,"type":"keyword"},"os":{"properties":{"kernel":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"family":{"ignore_above":1024,"type":"keyword"},"version":{"ignore_above":1024,"type":"keyword"},"platform":{"ignore_above":1024,"type":"keyword"},"full":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"}}},"vendor":{"ignore_above":1024,"type":"keyword"},"ip":{"type":"ip"},"name":{"ignore_above":1024,"type":"keyword"},"serial_number":{"ignore_above":1024,"type":"keyword"},"type":{"ignore_above":1024,"type":"keyword"},"version":{"ignore_above":1024,"type":"keyword"},"mac":{"ignore_above":1024,"type":"keyword"}}},"trace":{"properties":{"id":{"ignore_above":1024,"type":"keyword"}}},"file":{"properties":{"owner":{"ignore_above":1024,"type":"keyword"},"extension":{"ignore_above":1024,"type":"keyword"},"gid":{"ignore_above":1024,"type":"keyword"},"drive_letter":{"ignore_above":1,"type":"keyword"},"created":{"type":"date"},"accessed":{"type":"date"},"mtime":{"type":"date"},"type":{"ignore_above":1024,"type":"keyword"},"directory":{"ignore_above":1024,"type":"keyword"},"target_path":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"inode":{"ignore_above":1024,"type":"keyword"},"mode":{"ignore_above":1024,"type":"keyword"},"path":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"uid":{"ignore_above":1024,"type":"keyword"},"size":{"type":"long"},"name":{"ignore_above":1024,"type":"keyword"},"ctime":{"type":"date"},"attributes":{"ignore_above":1024,"type":"keyword"},"device":{"ignore_above":1024,"type":"keyword"},"hash":{"properties":{"sha1":{"ignore_above":1024,"type":"keyword"},"sha256":{"ignore_above":1024,"type":"keyword"},"sha512":{"ignore_above":1024,"type":"keyword"},"md5":{"ignore_above":1024,"type":"keyword"}}},"group":{"ignore_above":1024,"type":"keyword"}}},"ecs":{"properties":{"version":{"ignore_above":1024,"type":"keyword"}}},"related":{"properties":{"ip":{"type":"ip"},"user":{"ignore_above":1024,"type":"keyword"},"hash":{"ignore_above":1024,"type":"keyword"}}},"host":{"properties":{"geo":{"properties":{"continent_name":{"ignore_above":1024,"type":"keyword"},"region_iso_code":{"ignore_above":1024,"type":"keyword"},"city_name":{"ignore_above":1024,"type":"keyword"},"country_iso_code":{"ignore_above":1024,"type":"keyword"},"country_name":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"type":"keyword"},"location":{"type":"geo_point"},"region_name":{"ignore_above":1024,"type":"keyword"}}},"hostname":{"ignore_above":1024,"type":"keyword"},"os":{"properties":{"kernel":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"family":{"ignore_above":1024,"type":"keyword"},"version":{"ignore_above":1024,"type":"keyword"},"platform":{"ignore_above":1024,"type":"keyword"},"full":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"}}},"domain":{"ignore_above":1024,"type":"keyword"},"ip":{"type":"ip"},"name":{"ignore_above":1024,"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"},"type":{"ignore_above":1024,"type":"keyword"},"user":{"properties":{"full_name":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"domain":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"},"email":{"ignore_above":1024,"type":"keyword"},"hash":{"ignore_above":1024,"type":"keyword"},"group":{"properties":{"domain":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"}}}}},"mac":{"ignore_above":1024,"type":"keyword"},"architecture":{"ignore_above":1024,"type":"keyword"},"uptime":{"type":"long"}}},"client":{"properties":{"nat":{"properties":{"port":{"type":"long"},"ip":{"type":"ip"}}},"address":{"ignore_above":1024,"type":"keyword"},"top_level_domain":{"ignore_above":1024,"type":"keyword"},"ip":{"type":"ip"},"mac":{"ignore_above":1024,"type":"keyword"},"packets":{"type":"long"},"geo":{"properties":{"continent_name":{"ignore_above":1024,"type":"keyword"},"region_iso_code":{"ignore_above":1024,"type":"keyword"},"city_name":{"ignore_above":1024,"type":"keyword"},"country_iso_code":{"ignore_above":1024,"type":"keyword"},"country_name":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"type":"keyword"},"location":{"type":"geo_point"},"region_name":{"ignore_above":1024,"type":"keyword"}}},"as":{"properties":{"number":{"type":"long"},"organization":{"properties":{"name":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"}}}}},"registered_domain":{"ignore_above":1024,"type":"keyword"},"port":{"type":"long"},"bytes":{"type":"long"},"domain":{"ignore_above":1024,"type":"keyword"},"user":{"properties":{"full_name":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"domain":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"},"email":{"ignore_above":1024,"type":"keyword"},"hash":{"ignore_above":1024,"type":"keyword"},"group":{"properties":{"domain":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"}}}}}}},"event":{"properties":{"severity":{"type":"long"},"code":{"ignore_above":1024,"type":"keyword"},"original":{"ignore_above":1024,"index":false,"type":"keyword","doc_values":false},"risk_score":{"type":"float"},"created":{"type":"date"},"kind":{"ignore_above":1024,"type":"keyword"},"timezone":{"ignore_above":1024,"type":"keyword"},"module":{"ignore_above":1024,"type":"keyword"},"start":{"type":"date"},"type":{"ignore_above":1024,"type":"keyword"},"duration":{"type":"long"},"sequence":{"type":"long"},"ingested":{"type":"date"},"provider":{"ignore_above":1024,"type":"keyword"},"risk_score_norm":{"type":"float"},"action":{"ignore_above":1024,"type":"keyword"},"end":{"type":"date"},"id":{"ignore_above":1024,"type":"keyword"},"category":{"ignore_above":1024,"type":"keyword"},"dataset":{"ignore_above":1024,"type":"keyword"},"hash":{"ignore_above":1024,"type":"keyword"},"outcome":{"ignore_above":1024,"type":"keyword"}}},"signal":{"properties":{"parent":{"properties":{"depth":{"type":"long"},"rule":{"type":"keyword"},"index":{"type":"keyword"},"id":{"type":"keyword"},"type":{"type":"keyword"}}},"rule":{"properties":{"note":{"type":"text"},"references":{"type":"keyword"},"description":{"type":"keyword"},"created_at":{"type":"date"},"language":{"type":"keyword"},"output_index":{"type":"keyword"},"type":{"type":"keyword"},"enabled":{"type":"keyword"},"updated_at":{"type":"date"},"from":{"type":"keyword"},"id":{"type":"keyword"},"timeline_id":{"type":"keyword"},"max_signals":{"type":"keyword"},"severity":{"type":"keyword"},"risk_score":{"type":"keyword"},"query":{"type":"keyword"},"index":{"type":"keyword"},"filters":{"type":"object"},"c
[00:02:09]                 │ info reated_by":{"type":"keyword"},"version":{"type":"keyword"},"saved_id":{"type":"keyword"},"tags":{"type":"keyword"},"rule_id":{"type":"keyword"},"immutable":{"type":"keyword"},"size":{"type":"keyword"},"timeline_title":{"type":"keyword"},"name":{"type":"keyword"},"updated_by":{"type":"keyword"},"interval":{"type":"keyword"},"false_positives":{"type":"keyword"},"threat":{"properties":{"framework":{"type":"keyword"},"technique":{"properties":{"reference":{"type":"keyword"},"name":{"type":"keyword"},"id":{"type":"keyword"}}},"tactic":{"properties":{"reference":{"type":"keyword"},"name":{"type":"keyword"},"id":{"type":"keyword"}}}}},"to":{"type":"keyword"}}},"original_time":{"type":"date"},"ancestors":{"properties":{"depth":{"type":"long"},"rule":{"type":"keyword"},"id":{"type":"keyword"},"type":{"type":"keyword"}}},"original_event":{"properties":{"severity":{"type":"long"},"code":{"type":"keyword"},"original":{"index":false,"type":"keyword","doc_values":false},"risk_score":{"type":"float"},"created":{"type":"date"},"kind":{"type":"keyword"},"timezone":{"type":"keyword"},"module":{"type":"keyword"},"start":{"type":"date"},"type":{"type":"keyword"},"duration":{"type":"long"},"sequence":{"type":"long"},"provider":{"type":"keyword"},"risk_score_norm":{"type":"float"},"action":{"type":"keyword"},"end":{"type":"date"},"id":{"type":"keyword"},"category":{"type":"keyword"},"dataset":{"type":"keyword"},"hash":{"type":"keyword"},"outcome":{"type":"keyword"}}},"status":{"type":"keyword"}}},"user_agent":{"properties":{"original":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"os":{"properties":{"kernel":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"family":{"ignore_above":1024,"type":"keyword"},"version":{"ignore_above":1024,"type":"keyword"},"platform":{"ignore_above":1024,"type":"keyword"},"full":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"}}},"name":{"ignore_above":1024,"type":"keyword"},"device":{"properties":{"name":{"ignore_above":1024,"type":"keyword"}}},"version":{"ignore_above":1024,"type":"keyword"}}},"group":{"properties":{"domain":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"}}},"registry":{"properties":{"hive":{"ignore_above":1024,"type":"keyword"},"path":{"ignore_above":1024,"type":"keyword"},"data":{"properties":{"strings":{"ignore_above":1024,"type":"keyword"},"bytes":{"ignore_above":1024,"type":"keyword"},"type":{"ignore_above":1024,"type":"keyword"}}},"value":{"ignore_above":1024,"type":"keyword"},"key":{"ignore_above":1024,"type":"keyword"}}},"process":{"properties":{"parent":{"properties":{"pgid":{"type":"long"},"start":{"type":"date"},"pid":{"type":"long"},"working_directory":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"thread":{"properties":{"name":{"ignore_above":1024,"type":"keyword"},"id":{"type":"long"}}},"title":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"executable":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"ppid":{"type":"long"},"uptime":{"type":"long"},"args":{"ignore_above":1024,"type":"keyword"},"exit_code":{"type":"long"},"name":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"args_count":{"type":"long"},"command_line":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"}}},"pgid":{"type":"long"},"start":{"type":"date"},"pid":{"type":"long"},"working_directory":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"thread":{"properties":{"name":{"ignore_above":1024,"type":"keyword"},"id":{"type":"long"}}},"title":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"executable":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"ppid":{"type":"long"},"uptime":{"type":"long"},"args":{"ignore_above":1024,"type":"keyword"},"exit_code":{"type":"long"},"name":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"args_count":{"type":"long"},"command_line":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"hash":{"properties":{"sha1":{"ignore_above":1024,"type":"keyword"},"sha256":{"ignore_above":1024,"type":"keyword"},"sha512":{"ignore_above":1024,"type":"keyword"},"md5":{"ignore_above":1024,"type":"keyword"}}}}},"package":{"properties":{"installed":{"type":"date"},"build_version":{"ignore_above":1024,"type":"keyword"},"description":{"ignore_above":1024,"type":"keyword"},"type":{"ignore_above":1024,"type":"keyword"},"version":{"ignore_above":1024,"type":"keyword"},"reference":{"ignore_above":1024,"type":"keyword"},"license":{"ignore_above":1024,"type":"keyword"},"path":{"ignore_above":1024,"type":"keyword"},"install_scope":{"ignore_above":1024,"type":"keyword"},"size":{"type":"long"},"checksum":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"type":"keyword"},"architecture":{"ignore_above":1024,"type":"keyword"}}},"os":{"properties":{"kernel":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"family":{"ignore_above":1024,"type":"keyword"},"version":{"ignore_above":1024,"type":"keyword"},"platform":{"ignore_above":1024,"type":"keyword"},"full":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"}}},"dns":{"properties":{"op_code":{"ignore_above":1024,"type":"keyword"},"resolved_ip":{"type":"ip"},"response_code":{"ignore_above":1024,"type":"keyword"},"question":{"properties":{"registered_domain":{"ignore_above":1024,"type":"keyword"},"top_level_domain":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"type":"keyword"},"subdomain":{"ignore_above":1024,"type":"keyword"},"type":{"ignore_above":1024,"type":"keyword"},"class":{"ignore_above":1024,"type":"keyword"}}},"answers":{"type":"object","properties":{"data":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"type":"keyword"},"type":{"ignore_above":1024,"type":"keyword"},"class":{"ignore_above":1024,"type":"keyword"},"ttl":{"type":"long"}}},"header_flags":{"ignore_above":1024,"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"},"type":{"ignore_above":1024,"type":"keyword"}}},"vulnerability":{"properties":{"reference":{"ignore_above":1024,"type":"keyword"},"severity":{"ignore_above":1024,"type":"keyword"},"score":{"properties":{"environmental":{"type":"float"},"version":{"ignore_above":1024,"type":"keyword"},"temporal":{"type":"float"},"base":{"type":"float"}}},"report_id":{"ignore_above":1024,"type":"keyword"},"scanner":{"properties":{"vendor":{"ignore_above":1024,"type":"keyword"}}},"description":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"},"category":{"ignore_above":1024,"type":"keyword"},"classification":{"ignore_above":1024,"type":"keyword"},"enumeration":{"ignore_above":1024,"type":"keyword"}}},"message":{"norms":false,"type":"text"},"url":{"properties":{"extension":{"ignore_above":1024,"type":"keyword"},"original":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"scheme":{"ignore_above":1024,"type":"keyword"},"top_level_domain":{"ignore_above":1024,"type":"keyword"},"query":{"ignore_above":1024,"type":"keyword"},"path":{"ignore_above":1024,"type":"keyword"},"fragment":{"ignore_above":1024,"type":"keyword"},"password":{"ignore_above":1024,"type":"keyword"},"registered_domain":{"ignore_above":1024,"type":"keyword"},"port":{"type":"long"},"domain":{"ignore_above":1024,"type":"keyword"},"full":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"username":{"ignore_above":1024,"type":"keyword"}}},"labels":{"type":"object"},"tags":{"ignore_above":1024,"type":"keyword"},"as":{"properties":{"number":{"type":"long"},"organization":{"properties":{"name":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"}}}}},"@timestamp":{"type":"date"},"service":{"properties":{"node":{"properties":{"name":{"ignore_above":1024,"type":"keyword"}}},"name":{"ignore_above":1024,"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"},"state":{"ignore_above":1024,"type":"keyword"},"ephemeral_id":{"ignore_above":1024,"type":"keyword"},"type":{"ignore_above":1024,"type":"keyword"},"version":{"ignore_above":1024,"type":"keyword"}}},"organization":{"properties":{"name":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"}}},"http":{"properties":{"request":{"properties":{"referrer":{"ignore_above":1024,"type":"keyword"},"method":{"ignore_above":1024,"type":"keyword"},"bytes":{"type":"long"},"body":{"properties":{"bytes":{"type":"long"},"content":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"}}}}},"response":{"properties":{"status_code":{"type":"long"},"bytes":{"type":"long"},"body":{"properties":{"bytes":{"type":"long"},"content":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"}}}}},"version":{"ignore_above":1024,"type":"keyword"}}},"tls":{"properties":{"cipher":{"ignore_above":1024,"type":"keyword"},"established":{"type":"boolean"},"server":{"properties":{"not_after":{"type":"date"},"ja3s":{"ignore_above":1024,"type":"keyword"},"not_before":{"type":"date"},"subject":{"ignore_above":1024,"type":"keyword"},"certificate":{"ignore_above":1024,"type":"keyword"},"certificate_chain":{"ignore_above":1024,"type":"keyword"},"hash":{"properties":{"sha1":{"ignore_above":1024,"type":"keyword"},"sha256":{"ignore_above":1024,"type":"keyword"},"md5":{"ignore_above":1024,"type":"keyword"}}},"issuer":{"ignore_above":1024,"type":"keyword"}}},"curve":{"ignore_above":1024,"type":"keyword"},"client":{"properties":{"not_after":{"type":"date"},"server_name":{"ignore_above":1024,"type":"keyword"},"not_before":{"type":"date"},"subject":{"ignore_above":1024,"type":"keyword"},"supported_ciphers":{"ignore_above":1024,"type":"keyword"},"certificate":{"ignore_above":1024,"type":"keyword"},"ja3":{"ignore_above":1024,"type":"keyword"},"certificate_chain":{"ignore_above":1024,"type":"keyword"},"hash":{"properties":{"sha1":{"ignore_above":1024,"type":"keyword"},"sha256":{"ignore_above":1024,"type":"keyword"},"md5":{"ignore_above":1024,"type":"keyword"}}},"issuer":{"ignore_above":1024,"type":"keyword"}}},"next_protocol":{"ignore_above":1024,"type":"keyword"},"resumed":{"type":"boolean"},"version":{"ignore_above":1024,"type":"keyword"},"version_protocol":{"ignore_above":1024,"type":"keyword"}}},"threat":{"properties":{"framework":{"ignore_above":1024,"type":"keyword"},"technique":{"properties":{"reference":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"}}},"tactic":{"properties":{"reference":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"}}}}},"user":{"properties":{"full_name":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"domain":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"},"email":{"ignore_above":1024,"type":"keyword"},"hash":{"ignore_above":1024,"type":"keyword"},"group":{"properties":{"domain":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"}}}}},"hash":{"properties":{"sha1":{"ignore_above":1024,"type":"keyword"},"sha256":{"ignore_above":1024,"type":"keyword"},"sha512":{"ignore_above":1024,"type":"keyword"},"md5":{"ignore_above":1024,"type":"keyword"}}},"transaction":{"properties":{"id":{"ignore_above":1024,"type":"keyword"}}}}}},"aliases":{}}}]
[00:02:09]                 │ info [o.e.c.m.MetadataCreateIndexService] [kibana-ci-immutable-ubuntu-16-tests-xl-1587132347251903627] [.siem-signals-default-000001] creating index, cause [api], templates [.siem-signals-default], shards [1]/[1], mappings [_doc]
[00:02:09]                 │ info [o.e.x.i.IndexLifecycleTransition] [kibana-ci-immutable-ubuntu-16-tests-xl-1587132347251903627] moving index [.siem-signals-default-000001] from [null] to [{"phase":"new","action":"complete","name":"complete"}] in policy [.siem-signals-default]
[00:02:09]                 │ info [o.e.x.i.IndexLifecycleTransition] [kibana-ci-immutable-ubuntu-16-tests-xl-1587132347251903627] moving index [.siem-signals-default-000001] from [{"phase":"new","action":"complete","name":"complete"}] to [{"phase":"hot","action":"unfollow","name":"wait-for-indexing-complete"}] in policy [.siem-signals-default]
[00:02:09]                 │ info [o.e.x.i.IndexLifecycleTransition] [kibana-ci-immutable-ubuntu-16-tests-xl-1587132347251903627] moving index [.siem-signals-default-000001] from [{"phase":"hot","action":"unfollow","name":"wait-for-indexing-complete"}] to [{"phase":"hot","action":"unfollow","name":"wait-for-follow-shard-tasks"}] in policy [.siem-signals-default]
[00:02:13]               └- ✖ fail: "detection engine api security and spaces enabled find_statuses should return a single rule status when a single rule is loaded from a find status with defaults added"
[00:02:13]               │

Stack Trace

TypeError: Cannot read property 'status' of null
    at Promise.then (test/detection_engine_api_integration/security_and_spaces/tests/find_statuses.ts:62:90)

History

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

@oatkiller oatkiller merged commit c0c21d1 into elastic:master Apr 17, 2020
@oatkiller oatkiller deleted the immutable-stuff-in-middleware branch April 17, 2020 17:52
@oatkiller oatkiller mentioned this pull request Apr 17, 2020
Merged
oatkiller pushed a commit to oatkiller/kibana that referenced this pull request Apr 17, 2020
Endpoint: middleware receive immutable versions of state and actions (e…
1dd5720 
…lastic#63802)

Middleware receive state and actions, but they shouldn't mutate either. With this PR, middleware using the `substateMiddlewareFactory` helper will have this enforced via typescript.

* replace `MiddlewareFactory` with `ImmutableMiddlewareFactory`
* Added types: `ImmutableMiddleware` and `ImmutableMiddlewareAPI` which are similar to the ones built into redux but which enforce that state and actions aren't mutated (and which allow `Immutable` versions of actions to be dispatched.

No changes to runtime code.
jloleysens added a commit to jloleysens/kibana that referenced this pull request Apr 20, 2020
@jloleysens
Merge branch 'feature/ingest-node-pipelines' of github.com:elastic/ki…
0c9eee7 
…bana into ingest-node-pipelines/privileges

* 'feature/ingest-node-pipelines' of github.com:elastic/kibana: (126 commits)
  [SEARCH] Cleanup fetch soon (elastic#63320)
  skip flaky suite (elastic#58692)
  [Uptime] Refresh index and also show more info to user regardi… (elastic#62606)
  [Drilldowns] Fix back button by removing panels from url in dashboard in view mode (elastic#62415)
  [platform] serve plugins from /bundles/plugin:${id}
  [Alerting] Documentation for how to pre-configure connectors. (elastic#63807)
  skip flaky suite (elastic#63621)
  Revert "skip flaky suite (elastic#63747)"
  skip flaky suite (elastic#63747)
  [SIEM][Detections Engine] - Update rule.lists to be rule.exceptions_list (elastic#63717)
  [SIEM] Flaky test fix: Bump find_statuses timeout (elastic#63900)
  [Uptime] Add cert API request and runtime type checking (elastic#63062)
  [Lens] Allow table to scroll horizontally (elastic#63805)
  [Metrics UI] Allow users to create alerts from the central Alerts UI (elastic#63803)
  Migrate legacy maps licensing (x-pack/tilemap) to NP (elastic#63539)
  [Alerting] "Create alert" and alert list design improvements (elastic#63515)
  [Lens] Fix existence for dotted paths in _source (elastic#63752)
  Example plugins in X-Pack (elastic#63823)
  [ML] Migrate Mocha unit tests to Jest: migrate job utils and query utils tests (elastic#63775)
  Endpoint: middleware receive immutable versions of state and actions (elastic#63802)
  ...
@kibanamachine
Copy link
Contributor

Looks like this PR has a backport PR but it still hasn't been merged. Please merge it ASAP to keep the branches relatively in sync.

@kibanamachine kibanamachine added backport missing Added to PRs automatically when the are determined to be missing a backport. and removed backport missing Added to PRs automatically when the are determined to be missing a backport. labels Apr 21, 2020
oatkiller pushed a commit that referenced this pull request Apr 22, 2020
@elasticmachine
Endpoint: middleware receive immutable versions of state and actions (#…
a35d220 
…63802) (#63887)

Middleware receive state and actions, but they shouldn't mutate either. With this PR, middleware using the `substateMiddlewareFactory` helper will have this enforced via typescript.

* replace `MiddlewareFactory` with `ImmutableMiddlewareFactory`
* Added types: `ImmutableMiddleware` and `ImmutableMiddlewareAPI` which are similar to the ones built into redux but which enforce that state and actions aren't mutated (and which allow `Immutable` versions of actions to be dispatched.

No changes to runtime code.

Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@madirey madirey madirey approved these changes

@jonathan-buttner jonathan-buttner jonathan-buttner approved these changes

@dplumlee dplumlee dplumlee approved these changes

Assignees
No one assigned
Labels
Feature:Endpoint Elastic Endpoint feature release_note:skip Skip the PR/issue when compiling release notes v7.8.0 v8.0.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
6 participants
@oatkiller @elasticmachine @kibanamachine @madirey @jonathan-buttner @dplumlee