Skip to content

Commit

Permalink
[SIEM][Detections Engine] Add note markdown field to backend (#59796)
Browse files Browse the repository at this point in the history 
* add new note markdown field to DE backend

Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
  • Loading branch information
@yctercero @elasticmachine
yctercero and elasticmachine authored Mar 11, 2020
1 parent 4223658 commit f9273cc
Show file tree
Hide file tree
Showing 46 changed files with 612 additions and 2 deletions.
2 changes: 2 additions & 0 deletions x-pack/legacy/plugins/siem/server/lib/detection_engine/routes/__mocks__/request_responses.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -59,6 +59,7 @@ export const mockPrepackagedRule = (): PrepackagedRules => ({
version: 1,
false_positives: [],
max_signals: 100,
note: '',
timeline_id: 'timeline-id',
timeline_title: 'timeline-title',
});
Expand Down Expand Up @@ -392,6 +393,7 @@ export const getResult = (): RuleAlertType => ({
},
],
references: ['http://www.example.com', 'https://ww.example.com'],
note: '# Investigative notes',
version: 1,
},
createdAt: new Date('2019-12-13T16:40:33.400Z'),
Expand Down
3 changes: 3 additions & 0 deletions x-pack/legacy/plugins/siem/server/lib/detection_engine/routes/index/signals_mapping.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -133,6 +133,9 @@
}
}
},
"note": {
"type": "text"
},
"type": {
"type": "keyword"
},
Expand Down
2 changes: 2 additions & 0 deletions ...k/legacy/plugins/siem/server/lib/detection_engine/routes/rules/create_rules_bulk_route.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -78,6 +78,7 @@ export const createRulesBulkRoute = (router: IRouter) => {
to,
type,
references,
note,
timeline_id: timelineId,
timeline_title: timelineTitle,
version,
Expand Down Expand Up @@ -131,6 +132,7 @@ export const createRulesBulkRoute = (router: IRouter) => {
type,
threat,
references,
note,
version,
});
return transformValidateBulkError(ruleIdOrUuid, createdRule);
Expand Down
2 changes: 2 additions & 0 deletions x-pack/legacy/plugins/siem/server/lib/detection_engine/routes/rules/create_rules_route.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -55,6 +55,7 @@ export const createRulesRoute = (router: IRouter): void => {
to,
type,
references,
note,
} = request.body;
const siemResponse = buildSiemResponse(response);

Expand Down Expand Up @@ -117,6 +118,7 @@ export const createRulesRoute = (router: IRouter): void => {
type,
threat,
references,
note,
version: 1,
});
const ruleStatuses = await savedObjectsClient.find<
Expand Down
3 changes: 3 additions & 0 deletions x-pack/legacy/plugins/siem/server/lib/detection_engine/routes/rules/import_rules_route.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -134,6 +134,7 @@ export const importRulesRoute = (router: IRouter, config: LegacyServices['config
to,
type,
references,
note,
timeline_id: timelineId,
timeline_title: timelineTitle,
version,
Expand Down Expand Up @@ -183,6 +184,7 @@ export const importRulesRoute = (router: IRouter, config: LegacyServices['config
type,
threat,
references,
note,
version,
});
resolve({ rule_id: ruleId, status_code: 200 });
Expand Down Expand Up @@ -217,6 +219,7 @@ export const importRulesRoute = (router: IRouter, config: LegacyServices['config
type,
threat,
references,
note,
version,
});
resolve({ rule_id: ruleId, status_code: 200 });
Expand Down
2 changes: 2 additions & 0 deletions ...ck/legacy/plugins/siem/server/lib/detection_engine/routes/rules/patch_rules_bulk_route.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -71,6 +71,7 @@ export const patchRulesBulkRoute = (router: IRouter) => {
type,
threat,
references,
note,
version,
} = payloadRule;
const idOrRuleIdOrUnknown = id ?? ruleId ?? '(unknown id)';
Expand Down Expand Up @@ -104,6 +105,7 @@ export const patchRulesBulkRoute = (router: IRouter) => {
type,
threat,
references,
note,
version,
});
if (rule != null) {
Expand Down
2 changes: 2 additions & 0 deletions x-pack/legacy/plugins/siem/server/lib/detection_engine/routes/rules/patch_rules_route.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -55,6 +55,7 @@ export const patchRulesRoute = (router: IRouter) => {
type,
threat,
references,
note,
version,
} = request.body;
const siemResponse = buildSiemResponse(response);
Expand Down Expand Up @@ -101,6 +102,7 @@ export const patchRulesRoute = (router: IRouter) => {
type,
threat,
references,
note,
version,
});
if (rule != null) {
Expand Down
2 changes: 2 additions & 0 deletions ...k/legacy/plugins/siem/server/lib/detection_engine/routes/rules/update_rules_bulk_route.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -72,6 +72,7 @@ export const updateRulesBulkRoute = (router: IRouter) => {
type,
threat,
references,
note,
version,
} = payloadRule;
const finalIndex = outputIndex ?? siemClient.signalsIndex;
Expand Down Expand Up @@ -107,6 +108,7 @@ export const updateRulesBulkRoute = (router: IRouter) => {
type,
threat,
references,
note,
version,
});
if (rule != null) {
Expand Down
2 changes: 2 additions & 0 deletions x-pack/legacy/plugins/siem/server/lib/detection_engine/routes/rules/update_rules_route.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -55,6 +55,7 @@ export const updateRulesRoute = (router: IRouter) => {
type,
threat,
references,
note,
version,
} = request.body;
const siemResponse = buildSiemResponse(response);
Expand Down Expand Up @@ -103,6 +104,7 @@ export const updateRulesRoute = (router: IRouter) => {
type,
threat,
references,
note,
version,
});
if (rule != null) {
Expand Down
14 changes: 14 additions & 0 deletions x-pack/legacy/plugins/siem/server/lib/detection_engine/routes/rules/utils.test.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -92,6 +92,7 @@ describe('utils', () => {
timeline_title: 'some-timeline-title',
to: 'now',
type: 'query',
note: '# Investigative notes',
version: 1,
};
expect(rule).toEqual(expected);
Expand Down Expand Up @@ -154,6 +155,7 @@ describe('utils', () => {
timeline_title: 'some-timeline-title',
to: 'now',
type: 'query',
note: '# Investigative notes',
version: 1,
};
expect(omitData).toEqual(expected);
Expand Down Expand Up @@ -218,6 +220,7 @@ describe('utils', () => {
timeline_title: 'some-timeline-title',
to: 'now',
type: 'query',
note: '# Investigative notes',
version: 1,
};
expect(rule).toEqual(expected);
Expand Down Expand Up @@ -282,6 +285,7 @@ describe('utils', () => {
timeline_title: 'some-timeline-title',
to: 'now',
type: 'query',
note: '# Investigative notes',
version: 1,
};
expect(rule).toEqual(expected);
Expand Down Expand Up @@ -344,6 +348,7 @@ describe('utils', () => {
timeline_title: 'some-timeline-title',
to: 'now',
type: 'query',
note: '# Investigative notes',
version: 1,
};
expect(omitData).toEqual(expected);
Expand Down Expand Up @@ -409,6 +414,7 @@ describe('utils', () => {
timeline_title: 'some-timeline-title',
to: 'now',
type: 'query',
note: '# Investigative notes',
version: 1,
};
expect(ruleWithEnabledFalse).toEqual(expected);
Expand Down Expand Up @@ -474,6 +480,7 @@ describe('utils', () => {
timeline_title: 'some-timeline-title',
to: 'now',
type: 'query',
note: '# Investigative notes',
version: 1,
};
expect(ruleWithEnabledFalse).toEqual(expected);
Expand Down Expand Up @@ -539,6 +546,7 @@ describe('utils', () => {
timeline_title: 'some-timeline-title',
to: 'now',
type: 'query',
note: '# Investigative notes',
version: 1,
};
expect(rule).toEqual(expected);
Expand Down Expand Up @@ -688,6 +696,7 @@ describe('utils', () => {
},
timeline_id: 'some-timeline-id',
timeline_title: 'some-timeline-title',
note: '# Investigative notes',
version: 1,
};
expect(output).toEqual({
Expand Down Expand Up @@ -769,6 +778,7 @@ describe('utils', () => {
},
timeline_id: 'some-timeline-id',
timeline_title: 'some-timeline-title',
note: '# Investigative notes',
version: 1,
};
expect(output).toEqual(expected);
Expand Down Expand Up @@ -941,6 +951,7 @@ describe('utils', () => {
},
timeline_id: 'some-timeline-id',
timeline_title: 'some-timeline-title',
note: '# Investigative notes',
version: 1,
};
expect(output).toEqual(expected);
Expand Down Expand Up @@ -1053,6 +1064,7 @@ describe('utils', () => {
type: 'query',
updated_at: '2019-12-13T16:40:33.400Z',
updated_by: 'elastic',
note: '# Investigative notes',
version: 1,
},
]);
Expand Down Expand Up @@ -1112,6 +1124,7 @@ describe('utils', () => {
type: 'query',
updated_at: '2019-12-13T16:40:33.400Z',
updated_by: 'elastic',
note: '# Investigative notes',
version: 1,
},
{
Expand Down Expand Up @@ -1160,6 +1173,7 @@ describe('utils', () => {
type: 'query',
updated_at: '2019-12-13T16:40:33.400Z',
updated_by: 'elastic',
note: '# Investigative notes',
version: 1,
},
]);
Expand Down
1 change: 1 addition & 0 deletions x-pack/legacy/plugins/siem/server/lib/detection_engine/routes/rules/utils.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -131,6 +131,7 @@ export const transformAlertToRule = (
to: alert.params.to,
type: alert.params.type,
threat: alert.params.threat,
note: alert.params.note,
version: alert.params.version,
status: ruleStatus?.attributes.status,
status_date: ruleStatus?.attributes.statusDate,
Expand Down
1 change: 1 addition & 0 deletions x-pack/legacy/plugins/siem/server/lib/detection_engine/routes/rules/validate.test.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -72,6 +72,7 @@ export const ruleOutput: RulesSchema = {
meta: {
someMeta: 'someField',
},
note: '# Investigative notes',
timeline_title: 'some-timeline-title',
timeline_id: 'some-timeline-id',
};
Expand Down
58 changes: 58 additions & 0 deletions ...gins/siem/server/lib/detection_engine/routes/schemas/add_prepackaged_rules_schema.test.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1274,4 +1274,62 @@ describe('add prepackaged rules schema', () => {
'child "severity" fails because ["severity" must be one of [low, medium, high, critical]]'
);
});

describe('note', () => {
test('You can set note to any string you want', () => {
expect(
addPrepackagedRulesSchema.validate<Partial<PrepackagedRules>>({
rule_id: 'rule-1',
risk_score: 50,
description: 'some description',
from: 'now-5m',
to: 'now',
index: ['index-1'],
name: 'some-name',
severity: 'low',
interval: '5m',
type: 'query',
references: ['index-1'],
query: 'some query',
language: 'kuery',
max_signals: 1,
meta: {
somethingMadeUp: { somethingElse: true },
},
note: '# test header',
version: 1,
}).error
).toBeFalsy();
});

test('You cannot create note as anything other than a string', () => {
expect(
addPrepackagedRulesSchema.validate<
Partial<Omit<PrepackagedRules, 'note'> & { note: object }>
>({
rule_id: 'rule-1',
risk_score: 50,
description: 'some description',
from: 'now-5m',
to: 'now',
index: ['index-1'],
name: 'some-name',
severity: 'low',
interval: '5m',
type: 'query',
references: ['index-1'],
query: 'some query',
language: 'kuery',
max_signals: 1,
meta: {
somethingMadeUp: { somethingElse: true },
},
note: {
somethingMadeUp: { somethingElse: true },
},
version: 1,
}).error.message
).toEqual('child "note" fails because ["note" must be a string]');
});
});
});
2 changes: 2 additions & 0 deletions ...y/plugins/siem/server/lib/detection_engine/routes/schemas/add_prepackaged_rules_schema.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -32,6 +32,7 @@ import {
type,
threat,
references,
note,
version,
} from './schemas';
/* eslint-enable @typescript-eslint/camelcase */
Expand Down Expand Up @@ -79,5 +80,6 @@ export const addPrepackagedRulesSchema = Joi.object({
type: type.required(),
threat: threat.default([]),
references: references.default([]),
note: note.allow(''),
version: version.required(),
});
Loading

0 comments on commit f9273cc

Please sign in to comment.