Show fields for aliases when selected in correlation rule and threat …

…intel monitor scan (#1064) (#1065) * get fields for aliases in correlation rules and threat intel monitor * updated snapshot --------- (cherry picked from commit 0cfb24e) Signed-off-by: Amardeepsingh Siglani <amardeep7194@gmail.com> Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
opensearch-project · Jul 2, 2024 · bca2c2c · bca2c2c
1 parent c57ed61
commit bca2c2c
Show file tree

Hide file tree

Showing 9 changed files with 207 additions and 82 deletions.
diff --git a/public/pages/Correlations/containers/CreateCorrelationRule.tsx b/public/pages/Correlations/containers/CreateCorrelationRule.tsx
diff --git a/...ic/pages/Detectors/containers/FieldMappings/__snapshots__/EditFieldMappings.test.tsx.snap b/...ic/pages/Detectors/containers/FieldMappings/__snapshots__/EditFieldMappings.test.tsx.snap
@@ -188,6 +188,7 @@ exports[`<EditFieldMappings /> spec renders the component 1`] = `
   filedMappingService={
     FieldMappingService {
       "createMappings": [Function],
+      "getIndexAliasFields": [Function],
       "getMappings": [Function],
       "getMappingsView": [Function],
       "httpClient": [MockFunction],
@@ -489,6 +490,7 @@ exports[`<EditFieldMappings /> spec renders the component 1`] = `
                         filedMappingService={
                           FieldMappingService {
                             "createMappings": [Function],
+                            "getIndexAliasFields": [Function],
                             "getMappings": [Function],
                             "getMappingsView": [Function],
                             "httpClient": [MockFunction],

diff --git a/public/pages/ThreatIntel/components/SelectLogSourcesForm/SelectThreatIntelLogSourcesForm.tsx b/public/pages/ThreatIntel/components/SelectLogSourcesForm/SelectThreatIntelLogSourcesForm.tsx
@@ -57,7 +57,7 @@ export const SelectThreatIntelLogSources: React.FC<SelectThreatIntelLogSourcesPr
   const getLogFields = useCallback(
     async (indexName: string) => {
       if (saContext && !logSourceMappingByName[indexName]) {
-        getFieldsForIndex(saContext.services.indexService, indexName).then((fields) => {
+        getFieldsForIndex(saContext.services.fieldMappingService, indexName).then((fields) => {
           setLogSourceMappingByName({
             ...logSourceMappingByName,
             [indexName]: fields,

diff --git a/public/services/FieldMappingService.ts b/public/services/FieldMappingService.ts
@@ -79,4 +79,13 @@ export default class FieldMappingService {
       },
     })) as ServerResponse<GetMappingsResponse>;
   };
+
+  getIndexAliasFields = async (indexName: string): Promise<ServerResponse<string[]>> => {
+    const url = `..${API.MAPPINGS_BASE}/fields/${indexName}`;
+    return (await this.httpClient.get(url, {
+      query: {
+        dataSourceId: dataSourceInfo.activeDataSource.id,
+      },
+    })) as ServerResponse<string[]>;
+  };
 }
diff --git a/public/utils/helpers.tsx b/public/utils/helpers.tsx
@@ -32,7 +32,7 @@ import {
 } from '../pages/CreateDetector/components/DefineDetector/components/DetectionRules/types/interfaces';
 import { RuleInfo } from '../../server/models/interfaces';
 import { NotificationsStart } from 'opensearch-dashboards/public';
-import { IndexService, OpenSearchService } from '../services';
+import { FieldMappingService, IndexService, OpenSearchService } from '../services';
 import { ruleSeverity, ruleTypes } from '../pages/Rules/utils/constants';
 import _ from 'lodash';
 import { AlertCondition, DateTimeFilter, Duration, LogType } from '../../types';
@@ -576,14 +576,17 @@ export function getIsNotificationPluginInstalled(): boolean {
   return isNotificationPluginInstalled;
 }
 
-export async function getFieldsForIndex(indexService: IndexService, indexName: string) {
+export async function getFieldsForIndex(
+  fieldMappingService: FieldMappingService,
+  indexName: string
+) {
   let fields: {
     label: string;
     value: string;
   }[] = [];
 
   if (indexName) {
-    const result = await indexService.getIndexFields(indexName);
+    const result = await fieldMappingService.getIndexAliasFields(indexName);
     if (result?.ok) {
       fields = result.response?.map((field) => ({
         label: field,

diff --git a/server/clusters/addFieldMappingMethods.ts b/server/clusters/addFieldMappingMethods.ts
@@ -44,4 +44,18 @@ export function addFieldMappingMethods(securityAnalytics: any, createAction: any
     needBody: false,
     method: 'GET',
   });
+
+  securityAnalytics[METHOD_NAMES.GET_INDEX_ALIAS_MAPPINGS] = createAction({
+    url: {
+      fmt: `/<%=indexName%>/_mapping/field/*`,
+      req: {
+        indexName: {
+          type: 'string',
+          required: true,
+        },
+      },
+    },
+    needBody: false,
+    method: 'GET',
+  });
 }
diff --git a/server/routes/FieldMappingRoutes.ts b/server/routes/FieldMappingRoutes.ts
@@ -47,4 +47,16 @@ export function setupFieldMappingRoutes(services: NodeServices, router: IRouter)
     },
     fieldMappingService.createMappings
   );
+
+  router.get(
+    {
+      path: `${API.MAPPINGS_BASE}/fields/{indexName}`,
+      validate: {
+        params: schema.object({
+          indexName: schema.string(),
+        }),
+      },
+    },
+    fieldMappingService.getIndexAliasFields
+  );
 }
diff --git a/server/services/FieldMappingService.ts b/server/services/FieldMappingService.ts
@@ -141,4 +141,43 @@ export default class FieldMappingService extends MDSEnabledClientService {
       });
     }
   };
+
+  getIndexAliasFields = async (
+    context: RequestHandlerContext,
+    request: OpenSearchDashboardsRequest<{ indexName: string }, {}>,
+    response: OpenSearchDashboardsResponseFactory
+  ) => {
+    try {
+      const { indexName } = request.params;
+      const client = this.getClient(request, context);
+      const mappingsResponse: { [key: string]: { mappings: any } } = await client(
+        CLIENT_FIELD_MAPPINGS_METHODS.GET_INDEX_ALIAS_MAPPINGS,
+        {
+          indexName,
+        }
+      );
+
+      const fieldMappings = Object.values(mappingsResponse)[0]?.mappings;
+      const fields = Object.keys(fieldMappings || {}).filter(
+        (field) => Object.keys(fieldMappings[field].mapping).length > 0
+      );
+
+      return response.custom({
+        statusCode: 200,
+        body: {
+          ok: true,
+          response: fields,
+        },
+      });
+    } catch (error: any) {
+      console.error('Security Analytics - FieldMappingService - getIndexAliasFields:', error);
+      return response.custom({
+        statusCode: 200,
+        body: {
+          ok: false,
+          error: error.message,
+        },
+      });
+    }
+  };
 }
diff --git a/server/utils/constants.ts b/server/utils/constants.ts
@@ -79,6 +79,7 @@ export const METHOD_NAMES = {
   GET_MAPPINGS_VIEW: 'getFieldMappingsView',
   CREATE_MAPPINGS: 'createMappings',
   GET_MAPPINGS: 'getMappings',
+  GET_INDEX_ALIAS_MAPPINGS: 'getIndexAliasMappings',
 
   // Alerts methods
   GET_ALERTS: 'getAlerts',
@@ -140,13 +141,14 @@ export const CLIENT_CORRELATION_METHODS = {
   GET_CORRELATED_FINDINGS: `${PLUGIN_PROPERTY_NAME}.${METHOD_NAMES.GET_CORRELATED_FINDINGS}`,
   GET_ALL_CORRELATIONS: `${PLUGIN_PROPERTY_NAME}.${METHOD_NAMES.GET_ALL_CORRELATIONS}`,
   GET_CORRELATION_ALERTS: `${PLUGIN_PROPERTY_NAME}.${METHOD_NAMES.GET_CORRELATION_ALERTS}`,
-  ACK_CORRELATION_ALERTS: `${PLUGIN_PROPERTY_NAME}.${METHOD_NAMES.ACK_CORRELATION_ALERTS}`
+  ACK_CORRELATION_ALERTS: `${PLUGIN_PROPERTY_NAME}.${METHOD_NAMES.ACK_CORRELATION_ALERTS}`,
 };
 
 export const CLIENT_FIELD_MAPPINGS_METHODS = {
   GET_MAPPINGS_VIEW: `${PLUGIN_PROPERTY_NAME}.${METHOD_NAMES.GET_MAPPINGS_VIEW}`,
   CREATE_MAPPINGS: `${PLUGIN_PROPERTY_NAME}.${METHOD_NAMES.CREATE_MAPPINGS}`,
   GET_MAPPINGS: `${PLUGIN_PROPERTY_NAME}.${METHOD_NAMES.GET_MAPPINGS}`,
+  GET_INDEX_ALIAS_MAPPINGS: `${PLUGIN_PROPERTY_NAME}.${METHOD_NAMES.GET_INDEX_ALIAS_MAPPINGS}`,
 };
 
 export const CLIENT_ALERTS_METHODS = {