From 57f7a48b8dd3047461fee36061701564a4030585 Mon Sep 17 00:00:00 2001 From: Rudolf Meijering Date: Wed, 27 Jul 2022 12:14:22 +0200 Subject: [PATCH 01/12] Migrations wait for index status green if create index returns acknowledged=false or shardsAcknowledged=false (#136605) * readWithPit set allow_partial_search_results: false * createIndex wait for green index if shardsAcknowledged=false * Fix cloneIndex tests * Ensure requestTimeout > timeout for waitForIndexStatus & updateAndPickupMappings * Elasticsearch requires string timeouts * Update waitForINdexStatus ts docs * Revert "Elasticsearch requires string timeouts" This reverts commit f774474a302b974bffaed07e0ba5224ab298e0fd. * Revert "Ensure requestTimeout > timeout for waitForIndexStatus & updateAndPickupMappings" This reverts commit 91df1788ce0395b19a50e5f64f446492b80a0069. * Use DEFAULT_TIMEOUT less than requestTimeout * Use child client for default options * Review feedback * Review feedback Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com> --- .../migrations/actions/actions.test.ts | 562 ++++++++++-------- .../server/saved_objects/migrations/README.md | 21 +- .../actions/check_for_unknown_docs.ts | 5 +- .../migrations/actions/clone_index.ts | 51 +- .../migrations/actions/constants.ts | 10 + .../migrations/actions/create_index.ts | 74 +-- .../migrations/actions/fetch_indices.ts | 14 +- .../saved_objects/migrations/actions/index.ts | 19 +- .../migrations/actions/open_pit.ts | 4 +- .../migrations/actions/read_with_pit.ts | 15 +- .../migrations/actions/remove_write_block.ts | 19 +- .../migrations/actions/update_aliases.ts | 11 +- .../migrations/actions/verify_reindex.ts | 54 -- ....test.ts => wait_for_index_status.test.ts} | 7 +- .../actions/wait_for_index_status.ts | 103 ++++ .../actions/wait_for_index_status_yellow.ts | 71 --- .../migrations/kibana_migrator.test.ts | 5 +- .../migrations/model/model.test.ts | 30 +- .../saved_objects/migrations/model/model.ts | 22 +- .../server/saved_objects/migrations/next.ts | 2 +- .../migrations/run_resilient_migrator.ts | 19 +- .../server/saved_objects/migrations/state.ts | 2 +- 22 files changed, 599 insertions(+), 521 deletions(-) delete mode 100644 src/core/server/saved_objects/migrations/actions/verify_reindex.ts rename src/core/server/saved_objects/migrations/actions/{wait_for_index_status_yellow.test.ts => wait_for_index_status.test.ts} (89%) create mode 100644 src/core/server/saved_objects/migrations/actions/wait_for_index_status.ts delete mode 100644 src/core/server/saved_objects/migrations/actions/wait_for_index_status_yellow.ts diff --git a/src/core/server/integration_tests/saved_objects/migrations/actions/actions.test.ts b/src/core/server/integration_tests/saved_objects/migrations/actions/actions.test.ts index 67dd9a54fa26fc..13c3e8c9cff9a3 100644 --- a/src/core/server/integration_tests/saved_objects/migrations/actions/actions.test.ts +++ b/src/core/server/integration_tests/saved_objects/migrations/actions/actions.test.ts @@ -16,7 +16,6 @@ import * as kbnTestServer from '../../../../../test_helpers/kbn_server'; import type { SavedObjectsRawDoc } from '../../../../saved_objects/serialization'; import { bulkOverwriteTransformedDocuments, - cloneIndex, closePit, createIndex, openPit, @@ -25,7 +24,7 @@ import { readWithPit, type ReadWithPit, searchForOutdatedDocuments, - SearchResponse, + type SearchResponse, setWriteBlock, updateAliases, waitForReindexTask, @@ -35,16 +34,17 @@ import { type UpdateByQueryResponse, updateAndPickupMappings, type UpdateAndPickupMappingsResponse, - verifyReindex, removeWriteBlock, transformDocs, - waitForIndexStatusYellow, + waitForIndexStatus, initAction, + cloneIndex, } from '../../../../saved_objects/migrations/actions'; import type { DocumentsTransformFailed, DocumentsTransformSuccess, } from '../../../../saved_objects/migrations/core'; +import { MIGRATION_CLIENT_OPTIONS } from '../../../../saved_objects/migrations/run_resilient_migrator'; const { startES } = kbnTestServer.createTestServers({ adjustTimeout: (t: number) => jest.setTimeout(t), @@ -63,7 +63,7 @@ describe('migration actions', () => { beforeAll(async () => { esServer = await startES(); - client = esServer.es.getClient(); + client = esServer.es.getClient().child(MIGRATION_CLIENT_OPTIONS); // Create test fixture data: await createIndex({ @@ -242,21 +242,21 @@ describe('migration actions', () => { expect.assertions(1); const task = setWriteBlock({ client, index: 'new_index_without_write_block' }); await expect(task()).resolves.toMatchInlineSnapshot(` - Object { - "_tag": "Right", - "right": "set_write_block_succeeded", - } - `); + Object { + "_tag": "Right", + "right": "set_write_block_succeeded", + } + `); }); it('resolves right when setting a write block on an index that already has one', async () => { expect.assertions(1); const task = setWriteBlock({ client, index: 'existing_index_with_write_block' }); await expect(task()).resolves.toMatchInlineSnapshot(` - Object { - "_tag": "Right", - "right": "set_write_block_succeeded", - } - `); + Object { + "_tag": "Right", + "right": "set_write_block_succeeded", + } + `); }); it('once resolved, prevents further writes to the index', async () => { expect.assertions(1); @@ -313,10 +313,10 @@ describe('migration actions', () => { expect.assertions(1); const task = removeWriteBlock({ client, index: 'existing_index_with_write_block_2' }); await expect(task()).resolves.toMatchInlineSnapshot(` - Object { - "_tag": "Right", - "right": "remove_write_block_succeeded", - } + Object { + "_tag": "Right", + "right": "remove_write_block_succeeded", + } `); }); it('resolves right if successful when an index does not have a write block', async () => { @@ -336,7 +336,7 @@ describe('migration actions', () => { }); }); - describe('waitForIndexStatusYellow', () => { + describe('waitForIndexStatus', () => { afterEach(async () => { try { await client.indices.delete({ index: 'red_then_yellow_index' }); @@ -365,9 +365,10 @@ describe('migration actions', () => { ); // Start tracking the index status - const indexStatusPromise = waitForIndexStatusYellow({ + const indexStatusPromise = waitForIndexStatus({ client, index: 'red_then_yellow_index', + status: 'yellow', })(); const redStatusResponse = await client.cluster.health({ index: 'red_then_yellow_index' }); @@ -405,10 +406,11 @@ describe('migration actions', () => { }) .catch((e) => {}); // try to wait for index status yellow: - const task = waitForIndexStatusYellow({ + const task = waitForIndexStatus({ client, index: 'red_index', timeout: '1s', + status: 'yellow', }); await expect(task()).resolves.toMatchInlineSnapshot(` Object { @@ -420,6 +422,39 @@ describe('migration actions', () => { } `); }); + + it('resolves left with "index_not_green_timeout" after waiting for an index status to be green timeout', async () => { + // Create a yellow index + await client.indices + .create({ + index: 'yellow_index', + timeout: '5s', + body: { + mappings: { properties: {} }, + settings: { + // Allocate no replicas so that this index stays yellow + number_of_replicas: '0', + }, + }, + }) + .catch((e) => {}); + // try to wait for index status yellow: + const task = waitForIndexStatus({ + client, + index: 'red_index', + timeout: '1s', + status: 'green', + }); + await expect(task()).resolves.toMatchInlineSnapshot(` + Object { + "_tag": "Left", + "left": Object { + "message": "[index_not_green_timeout] Timeout waiting for the status of the [red_index] index to become 'green'", + "type": "index_not_green_timeout", + }, + } + `); + }); }); describe('cloneIndex', () => { @@ -451,19 +486,19 @@ describe('migration actions', () => { } `); }); - it('resolves right after waiting for index status to be yellow if clone target already existed', async () => { + it('resolves right if clone target already existed after waiting for index status to be green ', async () => { expect.assertions(2); - // Create a yellow index + // Create a red index that we later turn into green await client.indices .create({ - index: 'clone_red_then_yellow_index', + index: 'clone_red_then_green_index', timeout: '5s', body: { mappings: { properties: {} }, settings: { - // Allocate 1 replica so that this index stays yellow - number_of_replicas: '1', + // Allocate 1 replica so that this index can go to green + number_of_replicas: '0', // Disable all shard allocation so that the index status is red index: { routing: { allocation: { enable: 'none' } } }, }, @@ -475,24 +510,24 @@ describe('migration actions', () => { const cloneIndexPromise = cloneIndex({ client, source: 'existing_index_with_write_block', - target: 'clone_red_then_yellow_index', + target: 'clone_red_then_green_index', })(); - let indexYellow = false; + let indexGreen = false; setTimeout(() => { client.indices.putSettings({ - index: 'clone_red_then_yellow_index', + index: 'clone_red_then_green_index', body: { - // Enable all shard allocation so that the index status goes yellow + // Enable all shard allocation so that the index status goes green routing: { allocation: { enable: 'all' } }, }, }); - indexYellow = true; + indexGreen = true; }, 10); await cloneIndexPromise.then((res) => { // Assert that the promise didn't resolve before the index became green - expect(indexYellow).toBe(true); + expect(indexGreen).toBe(true); expect(res).toMatchInlineSnapshot(` Object { "_tag": "Right", @@ -504,20 +539,7 @@ describe('migration actions', () => { `); }); }); - it('resolves left index_not_found_exception if the source index does not exist', async () => { - expect.assertions(1); - const task = cloneIndex({ client, source: 'no_such_index', target: 'clone_target_3' }); - await expect(task()).resolves.toMatchInlineSnapshot(` - Object { - "_tag": "Left", - "left": Object { - "index": "no_such_index", - "type": "index_not_found_exception", - }, - } - `); - }); - it('resolves left with a index_not_yellow_timeout if clone target already exists but takes longer than the specified timeout before turning yellow', async () => { + it('resolves left with a index_not_green_timeout if clone target already exists but takes longer than the specified timeout before turning green', async () => { // Create a red index await client.indices .create({ @@ -536,7 +558,7 @@ describe('migration actions', () => { .catch((e) => {}); // Call clone even though the index already exists - const cloneIndexPromise = cloneIndex({ + let cloneIndexPromise = cloneIndex({ client, source: 'existing_index_with_write_block', target: 'clone_red_index', @@ -544,16 +566,16 @@ describe('migration actions', () => { })(); await expect(cloneIndexPromise).resolves.toMatchInlineSnapshot(` - Object { - "_tag": "Left", - "left": Object { - "message": "[index_not_yellow_timeout] Timeout waiting for the status of the [clone_red_index] index to become 'yellow'", - "type": "index_not_yellow_timeout", - }, - } + Object { + "_tag": "Left", + "left": Object { + "message": "[index_not_green_timeout] Timeout waiting for the status of the [clone_red_index] index to become 'green'", + "type": "index_not_green_timeout", + }, + } `); - // Now that we know timeouts work, make the index yellow again and call cloneIndex a second time to verify that it completes + // Now make the index yellow and repeat await client.indices.putSettings({ index: 'clone_red_index', @@ -563,22 +585,63 @@ describe('migration actions', () => { }, }); - // Call clone even though the index already exists with yellow state - const cloneIndexPromise2 = cloneIndex({ + // Call clone even though the index already exists + cloneIndexPromise = cloneIndex({ + client, + source: 'existing_index_with_write_block', + target: 'clone_red_index', + timeout: '1s', + })(); + + await expect(cloneIndexPromise).resolves.toMatchInlineSnapshot(` + Object { + "_tag": "Left", + "left": Object { + "message": "[index_not_green_timeout] Timeout waiting for the status of the [clone_red_index] index to become 'green'", + "type": "index_not_green_timeout", + }, + } + `); + + // Now make the index green and it should succeed + + await client.indices.putSettings({ + index: 'clone_red_index', + body: { + // Set zero replicas so status goes green + number_of_replicas: 0, + }, + }); + + // Call clone even though the index already exists + cloneIndexPromise = cloneIndex({ client, source: 'existing_index_with_write_block', target: 'clone_red_index', timeout: '30s', })(); - await expect(cloneIndexPromise2).resolves.toMatchInlineSnapshot(` - Object { - "_tag": "Right", - "right": Object { - "acknowledged": true, - "shardsAcknowledged": true, - }, - } + await expect(cloneIndexPromise).resolves.toMatchInlineSnapshot(` + Object { + "_tag": "Right", + "right": Object { + "acknowledged": true, + "shardsAcknowledged": true, + }, + } + `); + }); + it('resolves left index_not_found_exception if the source index does not exist', async () => { + expect.assertions(1); + const task = cloneIndex({ client, source: 'no_such_index', target: 'clone_target_3' }); + await expect(task()).resolves.toMatchInlineSnapshot(` + Object { + "_tag": "Left", + "left": Object { + "index": "no_such_index", + "type": "index_not_found_exception", + }, + } `); }); it('resolves left cluster_shard_limit_exceeded when the action would exceed the maximum normal open shards', async () => { @@ -614,10 +677,10 @@ describe('migration actions', () => { })()) as Either.Right; const task = waitForReindexTask({ client, taskId: res.right.taskId, timeout: '10s' }); await expect(task()).resolves.toMatchInlineSnapshot(` - Object { - "_tag": "Right", - "right": "reindex_succeeded", - } + Object { + "_tag": "Right", + "right": "reindex_succeeded", + } `); const results = ( @@ -687,10 +750,10 @@ describe('migration actions', () => { })()) as Either.Right; const task = waitForReindexTask({ client, taskId: res.right.taskId, timeout: '10s' }); await expect(task()).resolves.toMatchInlineSnapshot(` - Object { - "_tag": "Right", - "right": "reindex_succeeded", - } + Object { + "_tag": "Right", + "right": "reindex_succeeded", + } `); const results = ( (await searchForOutdatedDocuments(client, { @@ -722,11 +785,11 @@ describe('migration actions', () => { })()) as Either.Right; let task = waitForReindexTask({ client, taskId: res.right.taskId, timeout: '10s' }); await expect(task()).resolves.toMatchInlineSnapshot(` - Object { - "_tag": "Right", - "right": "reindex_succeeded", - } - `); + Object { + "_tag": "Right", + "right": "reindex_succeeded", + } + `); // reindex without a script res = (await reindex({ @@ -739,11 +802,11 @@ describe('migration actions', () => { })()) as Either.Right; task = waitForReindexTask({ client, taskId: res.right.taskId, timeout: '10s' }); await expect(task()).resolves.toMatchInlineSnapshot(` - Object { - "_tag": "Right", - "right": "reindex_succeeded", - } - `); + Object { + "_tag": "Right", + "right": "reindex_succeeded", + } + `); // Assert that documents weren't overridden by the second, unscripted reindex const results = ( @@ -798,11 +861,11 @@ describe('migration actions', () => { })()) as Either.Right; const task = waitForReindexTask({ client, taskId: res.right.taskId, timeout: '10s' }); await expect(task()).resolves.toMatchInlineSnapshot(` - Object { - "_tag": "Right", - "right": "reindex_succeeded", - } - `); + Object { + "_tag": "Right", + "right": "reindex_succeeded", + } + `); // Assert that existing documents weren't overridden, but that missing // documents were added by the reindex const results = ( @@ -855,13 +918,13 @@ describe('migration actions', () => { const task = waitForReindexTask({ client, taskId: reindexTaskId, timeout: '10s' }); await expect(task()).resolves.toMatchInlineSnapshot(` - Object { - "_tag": "Left", - "left": Object { - "type": "incompatible_mapping_exception", - }, - } - `); + Object { + "_tag": "Left", + "left": Object { + "type": "incompatible_mapping_exception", + }, + } + `); }); it('resolves left incompatible_mapping_exception if all reindex failures are due to a mapper_parsing_exception', async () => { expect.assertions(1); @@ -894,13 +957,13 @@ describe('migration actions', () => { const task = waitForReindexTask({ client, taskId: reindexTaskId, timeout: '10s' }); await expect(task()).resolves.toMatchInlineSnapshot(` - Object { - "_tag": "Left", - "left": Object { - "type": "incompatible_mapping_exception", - }, - } - `); + Object { + "_tag": "Left", + "left": Object { + "type": "incompatible_mapping_exception", + }, + } + `); }); it('resolves left index_not_found_exception if source index does not exist', async () => { expect.assertions(1); @@ -916,14 +979,14 @@ describe('migration actions', () => { })()) as Either.Right; const task = waitForReindexTask({ client, taskId: res.right.taskId, timeout: '10s' }); await expect(task()).resolves.toMatchInlineSnapshot(` - Object { - "_tag": "Left", - "left": Object { - "index": "no_such_index", - "type": "index_not_found_exception", - }, - } - `); + Object { + "_tag": "Left", + "left": Object { + "index": "no_such_index", + "type": "index_not_found_exception", + }, + } + `); }); it('resolves left target_index_had_write_block if all failures are due to a write block', async () => { expect.assertions(1); @@ -939,13 +1002,13 @@ describe('migration actions', () => { const task = waitForReindexTask({ client, taskId: res.right.taskId, timeout: '10s' }); await expect(task()).resolves.toMatchInlineSnapshot(` - Object { - "_tag": "Left", - "left": Object { - "type": "target_index_had_write_block", - }, - } - `); + Object { + "_tag": "Left", + "left": Object { + "type": "target_index_had_write_block", + }, + } + `); }); it('resolves left if requireAlias=true and the target is not an alias', async () => { expect.assertions(1); @@ -961,20 +1024,21 @@ describe('migration actions', () => { const task = waitForReindexTask({ client, taskId: res.right.taskId, timeout: '10s' }); await expect(task()).resolves.toMatchInlineSnapshot(` - Object { - "_tag": "Left", - "left": Object { - "index": "existing_index_with_write_block", - "type": "index_not_found_exception", - }, - } - `); + Object { + "_tag": "Left", + "left": Object { + "index": "existing_index_with_write_block", + "type": "index_not_found_exception", + }, + } + `); }); it('resolves left wait_for_task_completion_timeout when the task does not finish within the timeout', async () => { - await waitForIndexStatusYellow({ + await waitForIndexStatus({ client, index: '.kibana_1', + status: 'yellow', })(); const res = (await reindex({ @@ -1001,65 +1065,6 @@ describe('migration actions', () => { }); }); - describe('verifyReindex', () => { - it('resolves right if source and target indices have the same amount of documents', async () => { - expect.assertions(1); - const res = (await reindex({ - client, - sourceIndex: 'existing_index_with_docs', - targetIndex: 'reindex_target_7', - reindexScript: Option.none, - requireAlias: false, - excludeOnUpgradeQuery: { match_all: {} }, - })()) as Either.Right; - await waitForReindexTask({ client, taskId: res.right.taskId, timeout: '10s' })(); - - const task = verifyReindex({ - client, - sourceIndex: 'existing_index_with_docs', - targetIndex: 'reindex_target_7', - }); - await expect(task()).resolves.toMatchInlineSnapshot(` - Object { - "_tag": "Right", - "right": "verify_reindex_succeeded", - } - `); - }); - it('resolves left if source and target indices have different amount of documents', async () => { - expect.assertions(1); - const task = verifyReindex({ - client, - sourceIndex: 'existing_index_with_docs', - targetIndex: 'existing_index_2', - }); - await expect(task()).resolves.toMatchInlineSnapshot(` - Object { - "_tag": "Left", - "left": Object { - "type": "verify_reindex_failed", - }, - } - `); - }); - it('rejects if source or target index does not exist', async () => { - expect.assertions(2); - let task = verifyReindex({ - client, - sourceIndex: 'no_such_index', - targetIndex: 'existing_index_2', - }); - await expect(task()).rejects.toThrow('index_not_found_exception'); - - task = verifyReindex({ - client, - sourceIndex: 'existing_index_2', - targetIndex: 'no_such_index', - }); - await expect(task()).rejects.toThrow('index_not_found_exception'); - }); - }); - describe('openPit', () => { it('opens PointInTime for an index', async () => { const openPitTask = openPit({ client, index: 'existing_index_with_docs' }); @@ -1372,11 +1377,11 @@ describe('migration actions', () => { }); await expect(task()).resolves.toMatchInlineSnapshot(` - Object { - "_tag": "Right", - "right": "pickup_updated_mappings_succeeded", - } - `); + Object { + "_tag": "Right", + "right": "pickup_updated_mappings_succeeded", + } + `); }); }); @@ -1460,14 +1465,14 @@ describe('migration actions', () => { ], }); await expect(task()).resolves.toMatchInlineSnapshot(` - Object { - "_tag": "Left", - "left": Object { - "index": "no_such_index", - "type": "index_not_found_exception", - }, - } - `); + Object { + "_tag": "Left", + "left": Object { + "index": "no_such_index", + "type": "index_not_found_exception", + }, + } + `); }); describe('with must_exist=false', () => { it('resolves left alias_not_found_exception when alias does not exist', async () => { @@ -1484,13 +1489,13 @@ describe('migration actions', () => { ], }); await expect(task()).resolves.toMatchInlineSnapshot(` - Object { - "_tag": "Left", - "left": Object { - "type": "alias_not_found_exception", - }, - } - `); + Object { + "_tag": "Left", + "left": Object { + "type": "alias_not_found_exception", + }, + } + `); }); }); describe('with must_exist=true', () => { @@ -1508,13 +1513,13 @@ describe('migration actions', () => { ], }); await expect(task()).resolves.toMatchInlineSnapshot(` - Object { - "_tag": "Left", - "left": Object { - "type": "alias_not_found_exception", - }, - } - `); + Object { + "_tag": "Left", + "left": Object { + "type": "alias_not_found_exception", + }, + } + `); }); it('resolves left alias_not_found_exception when alias does not exist', async () => { const task = updateAliases({ @@ -1530,13 +1535,13 @@ describe('migration actions', () => { ], }); await expect(task()).resolves.toMatchInlineSnapshot(` - Object { - "_tag": "Left", - "left": Object { - "type": "alias_not_found_exception", - }, - } - `); + Object { + "_tag": "Left", + "left": Object { + "type": "alias_not_found_exception", + }, + } + `); }); }); }); @@ -1553,14 +1558,14 @@ describe('migration actions', () => { ], }); await expect(task()).resolves.toMatchInlineSnapshot(` - Object { - "_tag": "Left", - "left": Object { - "index": "no_such_index", - "type": "index_not_found_exception", - }, - } - `); + Object { + "_tag": "Left", + "left": Object { + "index": "no_such_index", + "type": "index_not_found_exception", + }, + } + `); }); it('left remove_index_not_a_concrete_index when remove_index targets an alias', async () => { const task = updateAliases({ @@ -1574,13 +1579,13 @@ describe('migration actions', () => { ], }); await expect(task()).resolves.toMatchInlineSnapshot(` - Object { - "_tag": "Left", - "left": Object { - "type": "remove_index_not_a_concrete_index", - }, - } - `); + Object { + "_tag": "Left", + "left": Object { + "type": "remove_index_not_a_concrete_index", + }, + } + `); }); }); }); @@ -1591,9 +1596,24 @@ describe('migration actions', () => { await client.cluster.putSettings({ persistent: { cluster: { max_shards_per_node: null } } }); }); afterAll(async () => { - await client.indices.delete({ index: 'red_then_yellow_index' }); + await client.indices.delete({ index: 'red_then_yellow_index' }).catch(); + await client.indices.delete({ index: 'yellow_then_green_index' }).catch(); + await client.indices.delete({ index: 'create_new_index' }).catch(); }); - it('resolves right after waiting for an index status to be yellow if the index already existed', async () => { + it('resolves right after waiting for an index status to become green when cluster state is not propagated within the timeout', async () => { + // By specifying a very short timeout Elasticsearch will respond before the shard is allocated + const createIndexPromise = createIndex({ + client, + indexName: 'create_new_index', + mappings: undefined as any, + timeout: '1nanos', + })(); + await expect(createIndexPromise).resolves.toEqual({ + _tag: 'Right', + right: 'create_index_succeeded', + }); + }); + it('resolves left if an existing index status does not become green', async () => { expect.assertions(2); // Create a red index await client.indices @@ -1606,7 +1626,7 @@ describe('migration actions', () => { settings: { // Allocate 1 replica so that this index stays yellow number_of_replicas: '1', - // Disable all shard allocation so that the index status is red + // Disable all shard allocation so that the index status starts as red index: { routing: { allocation: { enable: 'none' } } }, }, }, @@ -1629,16 +1649,68 @@ describe('migration actions', () => { client.indices.putSettings({ index: 'red_then_yellow_index', body: { - // Disable all shard allocation so that the index status is red + // Renable allocation so that the status becomes yellow routing: { allocation: { enable: 'all' } }, }, }); indexYellow = true; }, 10); + await createIndexPromise.then((err) => { + // Assert that the promise didn't resolve before the index became yellow + expect(indexYellow).toBe(true); + expect(err).toMatchInlineSnapshot(` + Object { + "_tag": "Left", + "left": Object { + "message": "[index_not_green_timeout] Timeout waiting for the status of the [red_then_yellow_index] index to become 'green'", + "type": "index_not_green_timeout", + }, + } + `); + }); + }); + it('resolves right after waiting for an existing index status to become green', async () => { + expect.assertions(2); + // Create a yellow index + await client.indices + .create({ + index: 'yellow_then_green_index', + timeout: '5s', + body: { + mappings: { properties: {} }, + settings: { + // Allocate 1 replica so that this index stays yellow + number_of_replicas: '1', + }, + }, + }) + .catch((e) => { + /** ignore */ + }); + + // Call createIndex even though the index already exists + const createIndexPromise = createIndex({ + client, + indexName: 'yellow_then_green_index', + mappings: undefined as any, + })(); + let indexGreen = false; + + setTimeout(() => { + client.indices.putSettings({ + index: 'yellow_then_green_index', + body: { + // Set 0 replican so that this index becomes green + number_of_replicas: '0', + }, + }); + indexGreen = true; + }, 10); + await createIndexPromise.then((res) => { // Assert that the promise didn't resolve before the index became green - expect(indexYellow).toBe(true); + expect(indexGreen).toBe(true); expect(res).toMatchInlineSnapshot(` Object { "_tag": "Right", @@ -1652,7 +1724,7 @@ describe('migration actions', () => { await client.cluster.putSettings({ persistent: { cluster: { max_shards_per_node: 1 } } }); const createIndexPromise = createIndex({ client, - indexName: 'red_then_yellow_index_1', + indexName: 'create_index_1', mappings: undefined as any, })(); await expect(createIndexPromise).resolves.toMatchInlineSnapshot(` @@ -1688,10 +1760,10 @@ describe('migration actions', () => { }); await expect(task()).resolves.toMatchInlineSnapshot(` - Object { - "_tag": "Right", - "right": "bulk_index_succeeded", - } + Object { + "_tag": "Right", + "right": "bulk_index_succeeded", + } `); }); it('resolves right even if there were some version_conflict_engine_exception', async () => { diff --git a/src/core/server/saved_objects/migrations/README.md b/src/core/server/saved_objects/migrations/README.md index 03bbb0bc731c44..12d3b2d4905832 100644 --- a/src/core/server/saved_objects/migrations/README.md +++ b/src/core/server/saved_objects/migrations/README.md @@ -149,7 +149,7 @@ index. ### New control state 1. Two conditions have to be met before migrations begin: - 1. The Elasticsearch shard allocation cluster setting `cluster.routing.allocation.enable` needs to be unset or set to 'all'. When set to 'primaries', 'new_primaries' or 'none', the migration will timeout when waiting for index yellow status before bulk indexing because the replica cannot be allocated. + 1. The Elasticsearch shard allocation cluster setting `cluster.routing.allocation.enable` needs to be unset or set to 'all'. When set to 'primaries', 'new_primaries' or 'none', the migration will timeout when waiting for index green status before bulk indexing because the replica cannot be allocated. As per the Elasticsearch docs https://www.elastic.co/guide/en/elasticsearch/reference/8.2/restart-cluster.html#restart-cluster-rolling when Cloud performs a rolling restart such as during an upgrade, it will temporarily disable shard allocation. Kibana therefore keeps retrying the INIT step to wait for shard allocation to be enabled again. @@ -182,12 +182,12 @@ and the migration source index is the index the `.kibana` alias points to. ### Next action `createIndex` -Create the target index. This operation is idempotent, if the index already exist, we wait until its status turns yellow +Create the target index. This operation is idempotent, if the index already exist, we wait until its status turns green ### New control state 1. If the action succeeds → `MARK_VERSION_INDEX_READY` -2. If the action fails with a `index_not_yellow_timeout` +2. If the action fails with a `index_not_green_timeout` → `CREATE_NEW_TARGET` @@ -219,7 +219,7 @@ saved objects index in 7.4 it will be reindexed into `.kibana_pre7.4.0_001`) ### New control state 1. If the index creation succeeds → `LEGACY_REINDEX` -2. If the index creation task failed with a `index_not_yellow_timeout` +2. If the index creation task failed with a `index_not_green_timeout` → `LEGACY_REINDEX_WAIT_FOR_TASK` ## LEGACY_REINDEX ### Next action @@ -261,10 +261,9 @@ new `.kibana` alias that points to `.kibana_pre6.5.0_001`. ## WAIT_FOR_YELLOW_SOURCE ### Next action -`waitForIndexStatusYellow` +`waitForIndexStatus` (status='yellow') -Wait for the Elasticsearch cluster to be in "yellow" state. It means the index's primary shard is allocated and the index is ready for searching/indexing documents, but ES wasn't able to allocate the replicas. -We don't have as much data redundancy as we could have, but it's enough to start the migration. +Wait for the source index to become yellow. This means the index's primary has been allocated and is ready for reading/searching. On a multi node cluster the replicas for this index might not be ready yet but since we're never writing to the source index it does not matter. ### New control state 1. If the action succeeds @@ -285,7 +284,7 @@ Set a write block on the source index to prevent any older Kibana instances from ### Next action `createIndex` -This operation is idempotent, if the index already exist, we wait until its status turns yellow. +This operation is idempotent, if the index already exist, we wait until its status turns green. - Because we will be transforming documents before writing them into this index, we can already set the mappings to the target mappings for this version. The source index might contain documents belonging to a disabled plugin. So set `dynamic: false` mappings for any unknown saved object types. - (Since we never query the temporary index we can potentially disable refresh to speed up indexing performance. Profile to see if gains justify complexity) @@ -293,7 +292,7 @@ This operation is idempotent, if the index already exist, we wait until its stat ### New control state 1. If the action succeeds → `REINDEX_SOURCE_TO_TEMP_OPEN_PIT` -2. If the action fails with a `index_not_yellow_timeout` +2. If the action fails with a `index_not_green_timeout` → `CREATE_REINDEX_TEMP` ## REINDEX_SOURCE_TO_TEMP_OPEN_PIT @@ -368,14 +367,14 @@ Set a write block on the temporary index so that we can clone it. ### Next action `cloneIndex` -Ask elasticsearch to clone the temporary index into the target index. If the target index already exists (because another node already started the clone operation), wait until the clone is complete by waiting for a yellow index status. +Ask elasticsearch to clone the temporary index into the target index. If the target index already exists (because another node already started the clone operation), wait until the clone is complete by waiting for a green index status. We can’t use the temporary index as our target index because one instance can complete the migration, delete a document, and then a second instance starts the reindex operation and re-creates the deleted document. By cloning the temporary index and only accepting writes/deletes from the cloned target index, we prevent lost acknowledged deletes. ### New control state 1. If the action succeeds → `OUTDATED_DOCUMENTS_SEARCH` -2. If the action fails with a `index_not_yellow_timeout` +2. If the action fails with a `index_not_green_timeout` → `CLONE_TEMP_TO_TARGET` ## OUTDATED_DOCUMENTS_SEARCH diff --git a/src/core/server/saved_objects/migrations/actions/check_for_unknown_docs.ts b/src/core/server/saved_objects/migrations/actions/check_for_unknown_docs.ts index a7027c65d011e8..bc101416b9fee4 100644 --- a/src/core/server/saved_objects/migrations/actions/check_for_unknown_docs.ts +++ b/src/core/server/saved_objects/migrations/actions/check_for_unknown_docs.ts @@ -44,8 +44,9 @@ export interface UnknownDocsFound { } /** - * Performs a search in ES, aggregating documents by type, - * retrieving a bunch of documents for each type. + * Performs a search in ES, aggregating documents by type, retrieving a bunch + * of documents for each type. + * * @internal * @param esClient The ES client to perform the search query * @param targetIndices The ES indices to target diff --git a/src/core/server/saved_objects/migrations/actions/clone_index.ts b/src/core/server/saved_objects/migrations/actions/clone_index.ts index 8b0bce96989f27..80b2ff527740cc 100644 --- a/src/core/server/saved_objects/migrations/actions/clone_index.ts +++ b/src/core/server/saved_objects/migrations/actions/clone_index.ts @@ -15,8 +15,8 @@ import { catchRetryableEsClientErrors, RetryableEsClientError, } from './catch_retryable_es_client_errors'; -import type { IndexNotFound, AcknowledgeResponse, IndexNotYellowTimeout } from '.'; -import { waitForIndexStatusYellow } from './wait_for_index_status_yellow'; +import type { IndexNotFound, AcknowledgeResponse } from '.'; +import { type IndexNotGreenTimeout, waitForIndexStatus } from './wait_for_index_status'; import { DEFAULT_TIMEOUT, INDEX_AUTO_EXPAND_REPLICAS, @@ -52,7 +52,7 @@ export const cloneIndex = ({ target, timeout = DEFAULT_TIMEOUT, }: CloneIndexParams): TaskEither.TaskEither< - RetryableEsClientError | IndexNotFound | IndexNotYellowTimeout | ClusterShardLimitExceeded, + RetryableEsClientError | IndexNotFound | IndexNotGreenTimeout | ClusterShardLimitExceeded, CloneIndexResponse > => { const cloneTask: TaskEither.TaskEither< @@ -60,32 +60,29 @@ export const cloneIndex = ({ AcknowledgeResponse > = () => { return client.indices - .clone( - { - index: source, - target, - wait_for_active_shards: WAIT_FOR_ALL_SHARDS_TO_BE_ACTIVE, - body: { - settings: { - index: { - // The source we're cloning from will have a write block set, so - // we need to remove it to allow writes to our newly cloned index - 'blocks.write': false, - number_of_shards: INDEX_NUMBER_OF_SHARDS, - auto_expand_replicas: INDEX_AUTO_EXPAND_REPLICAS, - // Set an explicit refresh interval so that we don't inherit the - // value from incorrectly configured index templates (not required - // after we adopt system indices) - refresh_interval: '1s', - // Bump priority so that recovery happens before newer indices - priority: 10, - }, + .clone({ + index: source, + target, + wait_for_active_shards: WAIT_FOR_ALL_SHARDS_TO_BE_ACTIVE, + body: { + settings: { + index: { + // The source we're cloning from will have a write block set, so + // we need to remove it to allow writes to our newly cloned index + 'blocks.write': false, + number_of_shards: INDEX_NUMBER_OF_SHARDS, + auto_expand_replicas: INDEX_AUTO_EXPAND_REPLICAS, + // Set an explicit refresh interval so that we don't inherit the + // value from incorrectly configured index templates (not required + // after we adopt system indices) + refresh_interval: '1s', + // Bump priority so that recovery happens before newer indices + priority: 10, }, }, - timeout, }, - { maxRetries: 0 /** handle retry ourselves for now */ } - ) + timeout, + }) .then((response) => { /** * - acknowledged=false, we timed out before the cluster state was @@ -136,7 +133,7 @@ export const cloneIndex = ({ } else { // Otherwise, wait until the target index has a 'yellow' status. return pipe( - waitForIndexStatusYellow({ client, index: target, timeout }), + waitForIndexStatus({ client, index: target, timeout, status: 'green' }), TaskEither.map((value) => { /** When the index status is 'yellow' we know that all shards were started */ return { acknowledged: true, shardsAcknowledged: true }; diff --git a/src/core/server/saved_objects/migrations/actions/constants.ts b/src/core/server/saved_objects/migrations/actions/constants.ts index 5d0d2ffe5d695b..536ae1d2569601 100644 --- a/src/core/server/saved_objects/migrations/actions/constants.ts +++ b/src/core/server/saved_objects/migrations/actions/constants.ts @@ -11,6 +11,16 @@ * Uses the default value of 1000 for Elasticsearch reindex operation. */ export const BATCH_SIZE = 1_000; +/** + * When a request takes a long time to complete and hits the timeout or the + * client aborts that request due to the requestTimeout, our only course of + * action is to retry that request. This places our request at the end of the + * queue and adds more load to Elasticsearch just making things worse. + * + * So we want to choose as long a timeout as possible. Some load balancers / + * reverse proxies like ELB ignore TCP keep-alive packets so unless there's a + * request or response sent over the socket it will be dropped after 60s. + */ export const DEFAULT_TIMEOUT = '60s'; /** Allocate 1 replica if there are enough data nodes, otherwise continue with 0 */ export const INDEX_AUTO_EXPAND_REPLICAS = '0-1'; diff --git a/src/core/server/saved_objects/migrations/actions/create_index.ts b/src/core/server/saved_objects/migrations/actions/create_index.ts index 3436845f823820..41ee20fc9562db 100644 --- a/src/core/server/saved_objects/migrations/actions/create_index.ts +++ b/src/core/server/saved_objects/migrations/actions/create_index.ts @@ -22,7 +22,7 @@ import { INDEX_AUTO_EXPAND_REPLICAS, WAIT_FOR_ALL_SHARDS_TO_BE_ACTIVE, } from './constants'; -import { IndexNotYellowTimeout, waitForIndexStatusYellow } from './wait_for_index_status_yellow'; +import { type IndexNotGreenTimeout, waitForIndexStatus } from './wait_for_index_status'; import { isClusterShardLimitExceeded } from './es_errors'; function aliasArrayToRecord(aliases: string[]): Record { @@ -44,6 +44,7 @@ export interface CreateIndexParams { indexName: string; mappings: IndexMapping; aliases?: string[]; + timeout?: string; } /** * Creates an index with the given mappings @@ -60,8 +61,9 @@ export const createIndex = ({ indexName, mappings, aliases = [], + timeout = DEFAULT_TIMEOUT, }: CreateIndexParams): TaskEither.TaskEither< - RetryableEsClientError | IndexNotYellowTimeout | ClusterShardLimitExceeded, + RetryableEsClientError | IndexNotGreenTimeout | ClusterShardLimitExceeded, 'create_index_succeeded' > => { const createIndexTask: TaskEither.TaskEither< @@ -71,36 +73,34 @@ export const createIndex = ({ const aliasesObject = aliasArrayToRecord(aliases); return client.indices - .create( - { - index: indexName, - // wait until all shards are available before creating the index - // (since number_of_shards=1 this does not have any effect atm) - wait_for_active_shards: WAIT_FOR_ALL_SHARDS_TO_BE_ACTIVE, - // Wait up to 60s for the cluster state to update and all shards to be - // started - timeout: DEFAULT_TIMEOUT, - body: { - mappings, - aliases: aliasesObject, - settings: { - index: { - // ES rule of thumb: shards should be several GB to 10's of GB, so - // Kibana is unlikely to cross that limit. - number_of_shards: 1, - auto_expand_replicas: INDEX_AUTO_EXPAND_REPLICAS, - // Set an explicit refresh interval so that we don't inherit the - // value from incorrectly configured index templates (not required - // after we adopt system indices) - refresh_interval: '1s', - // Bump priority so that recovery happens before newer indices - priority: 10, - }, + .create({ + index: indexName, + // wait up to timeout until the following shards are available before + // creating the index: primary, replica (only on multi node clusters) + wait_for_active_shards: WAIT_FOR_ALL_SHARDS_TO_BE_ACTIVE, + // Timeout for the cluster state to update and all shards to become + // available. If the request doesn't complete within timeout, + // acknowledged or shards_acknowledged would be false. + timeout, + body: { + mappings, + aliases: aliasesObject, + settings: { + index: { + // ES rule of thumb: shards should be several GB to 10's of GB, so + // Kibana is unlikely to cross that limit. + number_of_shards: 1, + auto_expand_replicas: INDEX_AUTO_EXPAND_REPLICAS, + // Set an explicit refresh interval so that we don't inherit the + // value from incorrectly configured index templates (not required + // after we adopt system indices) + refresh_interval: '1s', + // Bump priority so that recovery happens before newer indices + priority: 10, }, }, }, - { maxRetries: 0 /** handle retry ourselves for now */ } - ) + }) .then((res) => { /** * - acknowledged=false, we timed out before the cluster state was @@ -140,19 +140,25 @@ export const createIndex = ({ return pipe( createIndexTask, TaskEither.chain< - RetryableEsClientError | IndexNotYellowTimeout | ClusterShardLimitExceeded, + RetryableEsClientError | IndexNotGreenTimeout | ClusterShardLimitExceeded, AcknowledgeResponse, 'create_index_succeeded' >((res) => { if (res.acknowledged && res.shardsAcknowledged) { - // If the cluster state was updated and all shards ackd we're done + // If the cluster state was updated and all shards started we're done return TaskEither.right('create_index_succeeded'); } else { - // Otherwise, wait until the target index has a 'yellow' status. + // Otherwise, wait until the target index has a 'green' status meaning + // the primary (and on multi node clusters) the replica has been started return pipe( - waitForIndexStatusYellow({ client, index: indexName, timeout: DEFAULT_TIMEOUT }), + waitForIndexStatus({ + client, + index: indexName, + timeout: DEFAULT_TIMEOUT, + status: 'green', + }), TaskEither.map(() => { - /** When the index status is 'yellow' we know that all shards were started */ + /** When the index status is 'green' we know that all shards were started */ return 'create_index_succeeded'; }) ); diff --git a/src/core/server/saved_objects/migrations/actions/fetch_indices.ts b/src/core/server/saved_objects/migrations/actions/fetch_indices.ts index a88d610a902215..922797f2ba2681 100644 --- a/src/core/server/saved_objects/migrations/actions/fetch_indices.ts +++ b/src/core/server/saved_objects/migrations/actions/fetch_indices.ts @@ -34,18 +34,14 @@ export const fetchIndices = client, indices, }: FetchIndicesParams): TaskEither.TaskEither => - // @ts-expect-error @elastic/elasticsearch IndexState.alias and IndexState.mappings should be required () => { return client.indices - .get( - { - index: indices, - ignore_unavailable: true, // Don't return an error for missing indices. Note this *will* include closed indices, the docs are misleading https://github.com/elastic/elasticsearch/issues/63607 - }, - { maxRetries: 0 } - ) + .get({ + index: indices, + ignore_unavailable: true, // Don't return an error for missing indices. Note this *will* include closed indices, the docs are misleading https://github.com/elastic/elasticsearch/issues/63607 + }) .then((body) => { - return Either.right(body); + return Either.right(body as FetchIndexResponse); }) .catch(catchRetryableEsClientErrors); }; diff --git a/src/core/server/saved_objects/migrations/actions/index.ts b/src/core/server/saved_objects/migrations/actions/index.ts index 4ac6bfa24fee69..2b6d501f787b09 100644 --- a/src/core/server/saved_objects/migrations/actions/index.ts +++ b/src/core/server/saved_objects/migrations/actions/index.ts @@ -35,11 +35,12 @@ export { removeWriteBlock } from './remove_write_block'; export type { CloneIndexResponse, CloneIndexParams } from './clone_index'; export { cloneIndex } from './clone_index'; -export type { - WaitForIndexStatusYellowParams, - IndexNotYellowTimeout, -} from './wait_for_index_status_yellow'; -import { IndexNotYellowTimeout, waitForIndexStatusYellow } from './wait_for_index_status_yellow'; +export type { WaitForIndexStatusParams, IndexNotYellowTimeout } from './wait_for_index_status'; +import { + type IndexNotGreenTimeout, + type IndexNotYellowTimeout, + waitForIndexStatus, +} from './wait_for_index_status'; export type { WaitForTaskResponse, WaitForTaskCompletionTimeout } from './wait_for_task'; import { waitForTask, WaitForTaskCompletionTimeout } from './wait_for_task'; @@ -48,7 +49,7 @@ export type { UpdateByQueryResponse } from './pickup_updated_mappings'; import { pickupUpdatedMappings } from './pickup_updated_mappings'; export type { OpenPitResponse, OpenPitParams } from './open_pit'; -export { openPit, pitKeepAlive } from './open_pit'; +export { openPit } from './open_pit'; export type { ReadWithPit, ReadWithPitParams } from './read_with_pit'; export { readWithPit } from './read_with_pit'; @@ -69,9 +70,6 @@ import type { IncompatibleMappingException } from './wait_for_reindex_task'; export { waitForReindexTask } from './wait_for_reindex_task'; -export type { VerifyReindexParams } from './verify_reindex'; -export { verifyReindex } from './verify_reindex'; - import type { AliasNotFound, RemoveIndexNotAConcreteIndex } from './update_aliases'; export type { AliasAction, UpdateAliasesParams } from './update_aliases'; @@ -114,7 +112,7 @@ export type { } from './calculate_exclude_filters'; export { calculateExcludeFilters } from './calculate_exclude_filters'; -export { pickupUpdatedMappings, waitForTask, waitForIndexStatusYellow }; +export { pickupUpdatedMappings, waitForTask, waitForIndexStatus }; export type { AliasNotFound, RemoveIndexNotAConcreteIndex }; export interface IndexNotFound { @@ -153,6 +151,7 @@ export interface ActionErrorTypeMap { request_entity_too_large_exception: RequestEntityTooLargeException; unknown_docs_found: UnknownDocsFound; incompatible_cluster_routing_allocation: IncompatibleClusterRoutingAllocation; + index_not_green_timeout: IndexNotGreenTimeout; index_not_yellow_timeout: IndexNotYellowTimeout; cluster_shard_limit_exceeded: ClusterShardLimitExceeded; } diff --git a/src/core/server/saved_objects/migrations/actions/open_pit.ts b/src/core/server/saved_objects/migrations/actions/open_pit.ts index c17b42d13a8c48..3966198393c219 100644 --- a/src/core/server/saved_objects/migrations/actions/open_pit.ts +++ b/src/core/server/saved_objects/migrations/actions/open_pit.ts @@ -25,7 +25,7 @@ export interface OpenPitParams { index: string; } // how long ES should keep PIT alive -export const pitKeepAlive = '10m'; +export const DEFAULT_PIT_KEEP_ALIVE = '10m'; /* * Creates a lightweight view of data when the request has been initiated. * See https://www.elastic.co/guide/en/elasticsearch/reference/current/point-in-time-api.html @@ -39,7 +39,7 @@ export const openPit = return client .openPointInTime({ index, - keep_alive: pitKeepAlive, + keep_alive: DEFAULT_PIT_KEEP_ALIVE, }) .then((response) => Either.right({ pitId: response.id })) .catch(catchRetryableEsClientErrors); diff --git a/src/core/server/saved_objects/migrations/actions/read_with_pit.ts b/src/core/server/saved_objects/migrations/actions/read_with_pit.ts index 10d5ff6bfff886..91e12ddc33c236 100644 --- a/src/core/server/saved_objects/migrations/actions/read_with_pit.ts +++ b/src/core/server/saved_objects/migrations/actions/read_with_pit.ts @@ -15,7 +15,7 @@ import { catchRetryableEsClientErrors, RetryableEsClientError, } from './catch_retryable_es_client_errors'; -import { pitKeepAlive } from './open_pit'; +import { DEFAULT_PIT_KEEP_ALIVE } from './open_pit'; /** @internal */ export interface ReadWithPit { @@ -49,11 +49,18 @@ export const readWithPit = () => { return client .search({ - allow_partial_search_results: false, seq_no_primary_term: seqNoPrimaryTerm, - // Sort fields are required to use searchAfter + // Fail if the index being searched doesn't exist or is closed + // allow_no_indices: false, + // By default ES returns a 200 with partial results if there are shard + // request timeouts or shard failures which can lead to data loss for + // migrations + allow_partial_search_results: false, + // Sort fields are required to use searchAfter so we sort by the + // natural order of the index which is the most efficient option + // as order is not important for the migration sort: '_shard_doc:asc', - pit: { id: pitId, keep_alive: pitKeepAlive }, + pit: { id: pitId, keep_alive: DEFAULT_PIT_KEEP_ALIVE }, size: batchSize, search_after: searchAfter, /** diff --git a/src/core/server/saved_objects/migrations/actions/remove_write_block.ts b/src/core/server/saved_objects/migrations/actions/remove_write_block.ts index e5c64c8385e910..d4e4ad4b8e7c86 100644 --- a/src/core/server/saved_objects/migrations/actions/remove_write_block.ts +++ b/src/core/server/saved_objects/migrations/actions/remove_write_block.ts @@ -33,19 +33,16 @@ export const removeWriteBlock = > => () => { return client.indices - .putSettings( - { - index, - // Don't change any existing settings - preserve_existing: true, - body: { - blocks: { - write: false, - }, + .putSettings({ + index, + // Don't change any existing settings + preserve_existing: true, + body: { + blocks: { + write: false, }, }, - { maxRetries: 0 /** handle retry ourselves for now */ } - ) + }) .then((res) => { return res.acknowledged === true ? Either.right('remove_write_block_succeeded' as const) diff --git a/src/core/server/saved_objects/migrations/actions/update_aliases.ts b/src/core/server/saved_objects/migrations/actions/update_aliases.ts index 1a5e487ce9205c..5843599e55afcc 100644 --- a/src/core/server/saved_objects/migrations/actions/update_aliases.ts +++ b/src/core/server/saved_objects/migrations/actions/update_aliases.ts @@ -49,14 +49,11 @@ export const updateAliases = > => () => { return client.indices - .updateAliases( - { - body: { - actions: aliasActions, - }, + .updateAliases({ + body: { + actions: aliasActions, }, - { maxRetries: 0 } - ) + }) .then(() => { // Ignore `acknowledged: false`. When the coordinating node accepts // the new cluster state update but not all nodes have applied the diff --git a/src/core/server/saved_objects/migrations/actions/verify_reindex.ts b/src/core/server/saved_objects/migrations/actions/verify_reindex.ts deleted file mode 100644 index 866ec9974e929d..00000000000000 --- a/src/core/server/saved_objects/migrations/actions/verify_reindex.ts +++ /dev/null @@ -1,54 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0 and the Server Side Public License, v 1; you may not use this file except - * in compliance with, at your election, the Elastic License 2.0 or the Server - * Side Public License, v 1. - */ - -import * as Either from 'fp-ts/lib/Either'; -import * as TaskEither from 'fp-ts/lib/TaskEither'; -import type { ElasticsearchClient } from '@kbn/core-elasticsearch-server'; -import { - catchRetryableEsClientErrors, - RetryableEsClientError, -} from './catch_retryable_es_client_errors'; - -/** @internal */ -export interface VerifyReindexParams { - client: ElasticsearchClient; - sourceIndex: string; - targetIndex: string; -} - -export const verifyReindex = - ({ - client, - sourceIndex, - targetIndex, - }: VerifyReindexParams): TaskEither.TaskEither< - RetryableEsClientError | { type: 'verify_reindex_failed' }, - 'verify_reindex_succeeded' - > => - () => { - const count = (index: string) => - client - .count({ - index, - // Return an error when targeting missing or closed indices - allow_no_indices: false, - }) - .then((res) => { - return res.count; - }); - - return Promise.all([count(sourceIndex), count(targetIndex)]) - .then(([sourceCount, targetCount]) => { - if (targetCount >= sourceCount) { - return Either.right('verify_reindex_succeeded' as const); - } else { - return Either.left({ type: 'verify_reindex_failed' as const }); - } - }) - .catch(catchRetryableEsClientErrors); - }; diff --git a/src/core/server/saved_objects/migrations/actions/wait_for_index_status_yellow.test.ts b/src/core/server/saved_objects/migrations/actions/wait_for_index_status.test.ts similarity index 89% rename from src/core/server/saved_objects/migrations/actions/wait_for_index_status_yellow.test.ts rename to src/core/server/saved_objects/migrations/actions/wait_for_index_status.test.ts index ecff30c595a78c..3a4968be27aa83 100644 --- a/src/core/server/saved_objects/migrations/actions/wait_for_index_status_yellow.test.ts +++ b/src/core/server/saved_objects/migrations/actions/wait_for_index_status.test.ts @@ -7,13 +7,13 @@ */ import { errors as EsErrors } from '@elastic/elasticsearch'; -import { waitForIndexStatusYellow } from './wait_for_index_status_yellow'; +import { waitForIndexStatus } from './wait_for_index_status'; import { elasticsearchClientMock } from '@kbn/core-elasticsearch-client-server-mocks'; import { catchRetryableEsClientErrors } from './catch_retryable_es_client_errors'; jest.mock('./catch_retryable_es_client_errors'); -describe('waitForIndexStatusYellow', () => { +describe('waitForIndexStatus', () => { beforeEach(() => { jest.clearAllMocks(); }); @@ -31,9 +31,10 @@ describe('waitForIndexStatusYellow', () => { ); it('calls catchRetryableEsClientErrors when the promise rejects', async () => { - const task = waitForIndexStatusYellow({ + const task = waitForIndexStatus({ client, index: 'my_index', + status: 'yellow', }); try { await task(); diff --git a/src/core/server/saved_objects/migrations/actions/wait_for_index_status.ts b/src/core/server/saved_objects/migrations/actions/wait_for_index_status.ts new file mode 100644 index 00000000000000..7ee63e75838511 --- /dev/null +++ b/src/core/server/saved_objects/migrations/actions/wait_for_index_status.ts @@ -0,0 +1,103 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0 and the Server Side Public License, v 1; you may not use this file except + * in compliance with, at your election, the Elastic License 2.0 or the Server + * Side Public License, v 1. + */ + +import * as Either from 'fp-ts/lib/Either'; +import * as TaskEither from 'fp-ts/lib/TaskEither'; +import type { ElasticsearchClient } from '@kbn/core-elasticsearch-server'; +import { + catchRetryableEsClientErrors, + RetryableEsClientError, +} from './catch_retryable_es_client_errors'; +import { DEFAULT_TIMEOUT } from './constants'; + +/** @internal */ +export interface WaitForIndexStatusParams { + client: ElasticsearchClient; + index: string; + timeout?: string; + status: 'yellow' | 'green'; +} + +export interface IndexNotYellowTimeout { + type: 'index_not_yellow_timeout'; + message: string; +} + +export interface IndexNotGreenTimeout { + type: 'index_not_green_timeout'; + message: string; +} + +export function waitForIndexStatus({ + client, + index, + timeout, + status, +}: WaitForIndexStatusParams & { status: 'yellow' }): TaskEither.TaskEither< + RetryableEsClientError | IndexNotYellowTimeout, + {} +>; + +export function waitForIndexStatus({ + client, + index, + timeout, + status, +}: WaitForIndexStatusParams & { status: 'green' }): TaskEither.TaskEither< + RetryableEsClientError | IndexNotGreenTimeout, + {} +>; + +/** + * Wait until an index status become either 'yellow' or 'green'. + * + * A yellow index status means the index's primary shard was allocated but ES + * wasn't able to allocate the replica. Thus a yellow index can be searched + * and read from but indexing documents with `wait_for_active_shards='all'` + * will fail. + * + * A green index status means the index's primary and replica shards has been + * allocated so we can search, read and index documents with + * `wait_for_active_shards='all'`. + */ +export function waitForIndexStatus({ + client, + index, + timeout = DEFAULT_TIMEOUT, + status, +}: WaitForIndexStatusParams): TaskEither.TaskEither< + RetryableEsClientError | IndexNotYellowTimeout | IndexNotGreenTimeout, + {} +> { + return () => { + return client.cluster + .health( + { + index, + wait_for_status: status, + timeout, + }, + { + /* Don't reject on status code 408 so that we can handle the timeout + * explicitly with a custom response type and provide more context in the error message + */ + ignore: [408], + } + ) + .then((res) => { + if (res.timed_out === true) { + return Either.left({ + type: `index_not_${status}_timeout` as const, + message: `[index_not_${status}_timeout] Timeout waiting for the status of the [${index}] index to become '${status}'`, + }); + } + return Either.right({}); + }) + .catch(catchRetryableEsClientErrors); + }; +} diff --git a/src/core/server/saved_objects/migrations/actions/wait_for_index_status_yellow.ts b/src/core/server/saved_objects/migrations/actions/wait_for_index_status_yellow.ts deleted file mode 100644 index a306c0d2d058c2..00000000000000 --- a/src/core/server/saved_objects/migrations/actions/wait_for_index_status_yellow.ts +++ /dev/null @@ -1,71 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0 and the Server Side Public License, v 1; you may not use this file except - * in compliance with, at your election, the Elastic License 2.0 or the Server - * Side Public License, v 1. - */ - -import * as Either from 'fp-ts/lib/Either'; -import * as TaskEither from 'fp-ts/lib/TaskEither'; -import type { ElasticsearchClient } from '@kbn/core-elasticsearch-server'; -import { - catchRetryableEsClientErrors, - RetryableEsClientError, -} from './catch_retryable_es_client_errors'; -import { DEFAULT_TIMEOUT } from './constants'; - -/** @internal */ -export interface WaitForIndexStatusYellowParams { - client: ElasticsearchClient; - index: string; - timeout?: string; -} - -export interface IndexNotYellowTimeout { - type: 'index_not_yellow_timeout'; - message: string; -} -/** - * A yellow index status means the index's primary shard is allocated and the - * index is ready for searching/indexing documents, but ES wasn't able to - * allocate the replicas. When migrations proceed with a yellow index it means - * we don't have as much data-redundancy as we could have, but waiting for - * replicas would mean that v2 migrations fail where v1 migrations would have - * succeeded. It doesn't feel like it's Kibana's job to force users to keep - * their clusters green and even if it's green when we migrate it can turn - * yellow at any point in the future. So ultimately data-redundancy is up to - * users to maintain. - */ -export const waitForIndexStatusYellow = - ({ - client, - index, - timeout = DEFAULT_TIMEOUT, - }: WaitForIndexStatusYellowParams): TaskEither.TaskEither< - RetryableEsClientError | IndexNotYellowTimeout, - {} - > => - () => { - return client.cluster - .health( - { - index, - wait_for_status: 'yellow', - timeout, - }, - // Don't reject on status code 408 so that we can handle the timeout - // explicitly with a custom response type and provide more context in the error message - { ignore: [408] } - ) - .then((res) => { - if (res.timed_out === true) { - return Either.left({ - type: 'index_not_yellow_timeout' as const, - message: `[index_not_yellow_timeout] Timeout waiting for the status of the [${index}] index to become 'yellow'`, - }); - } - return Either.right({}); - }) - .catch(catchRetryableEsClientErrors); - }; diff --git a/src/core/server/saved_objects/migrations/kibana_migrator.test.ts b/src/core/server/saved_objects/migrations/kibana_migrator.test.ts index 926b6efcf18037..df6ddb9624abeb 100644 --- a/src/core/server/saved_objects/migrations/kibana_migrator.test.ts +++ b/src/core/server/saved_objects/migrations/kibana_migrator.test.ts @@ -247,6 +247,9 @@ const mockV2MigrationOptions = () => { }; const mockOptions = () => { + const mockedClient = elasticsearchClientMock.createElasticsearchClient(); + (mockedClient as any).child = jest.fn().mockImplementation(() => mockedClient); + const options: MockedOptions = { logger: loggingSystemMock.create().get(), kibanaVersion: '8.2.3', @@ -284,7 +287,7 @@ const mockOptions = () => { skip: false, retryAttempts: 20, }, - client: elasticsearchClientMock.createElasticsearchClient(), + client: mockedClient, docLinks: docLinksServiceMock.createSetupContract(), }; return options; diff --git a/src/core/server/saved_objects/migrations/model/model.test.ts b/src/core/server/saved_objects/migrations/model/model.test.ts index b61fdc2c8ec8c7..eade744a004694 100644 --- a/src/core/server/saved_objects/migrations/model/model.test.ts +++ b/src/core/server/saved_objects/migrations/model/model.test.ts @@ -596,10 +596,10 @@ describe('migrations v2 model', () => { expect(newState.retryCount).toEqual(0); expect(newState.retryDelay).toEqual(0); }); - test('LEGACY_CREATE_REINDEX_TARGET -> LEGACY_CREATE_REINDEX_TARGET if action fails with index_not_yellow_timeout', () => { + test('LEGACY_CREATE_REINDEX_TARGET -> LEGACY_CREATE_REINDEX_TARGET if action fails with index_not_green_timeout', () => { const res: ResponseType<'LEGACY_CREATE_REINDEX_TARGET'> = Either.left({ - message: '[index_not_yellow_timeout] Timeout waiting for ...', - type: 'index_not_yellow_timeout', + message: '[index_not_green_timeout] Timeout waiting for ...', + type: 'index_not_green_timeout', }); const newState = model(legacyCreateReindexTargetState, res); expect(newState.controlState).toEqual('LEGACY_CREATE_REINDEX_TARGET'); @@ -608,7 +608,7 @@ describe('migrations v2 model', () => { expect(newState.logs[0]).toMatchInlineSnapshot(` Object { "level": "error", - "message": "Action failed with '[index_not_yellow_timeout] Timeout waiting for ... Refer to repeatedTimeoutRequests for information on how to resolve the issue.'. Retrying attempt 1 in 2 seconds.", + "message": "Action failed with '[index_not_green_timeout] Timeout waiting for ... Refer to repeatedTimeoutRequests for information on how to resolve the issue.'. Retrying attempt 1 in 2 seconds.", } `); }); @@ -1049,10 +1049,10 @@ describe('migrations v2 model', () => { expect(newState.retryCount).toEqual(0); expect(newState.retryDelay).toEqual(0); }); - it('CREATE_REINDEX_TEMP -> CREATE_REINDEX_TEMP if action fails with index_not_yellow_timeout', () => { + it('CREATE_REINDEX_TEMP -> CREATE_REINDEX_TEMP if action fails with index_not_green_timeout', () => { const res: ResponseType<'CREATE_REINDEX_TEMP'> = Either.left({ - message: '[index_not_yellow_timeout] Timeout waiting for ...', - type: 'index_not_yellow_timeout', + message: '[index_not_green_timeout] Timeout waiting for ...', + type: 'index_not_green_timeout', }); const newState = model(state, res); expect(newState.controlState).toEqual('CREATE_REINDEX_TEMP'); @@ -1061,7 +1061,7 @@ describe('migrations v2 model', () => { expect(newState.logs[0]).toMatchInlineSnapshot(` Object { "level": "error", - "message": "Action failed with '[index_not_yellow_timeout] Timeout waiting for ... Refer to repeatedTimeoutRequests for information on how to resolve the issue.'. Retrying attempt 1 in 2 seconds.", + "message": "Action failed with '[index_not_green_timeout] Timeout waiting for ... Refer to repeatedTimeoutRequests for information on how to resolve the issue.'. Retrying attempt 1 in 2 seconds.", } `); }); @@ -1434,10 +1434,10 @@ describe('migrations v2 model', () => { expect(newState.retryCount).toBe(0); expect(newState.retryDelay).toBe(0); }); - it('CLONE_TEMP_TO_TARGET -> CLONE_TEMP_TO_TARGET if action fails with index_not_yellow_timeout', () => { + it('CLONE_TEMP_TO_TARGET -> CLONE_TEMP_TO_TARGET if action fails with index_not_green_timeout', () => { const res: ResponseType<'CLONE_TEMP_TO_TARGET'> = Either.left({ - message: '[index_not_yellow_timeout] Timeout waiting for ...', - type: 'index_not_yellow_timeout', + message: '[index_not_green_timeout] Timeout waiting for ...', + type: 'index_not_green_timeout', }); const newState = model(state, res); expect(newState.controlState).toEqual('CLONE_TEMP_TO_TARGET'); @@ -1446,7 +1446,7 @@ describe('migrations v2 model', () => { expect(newState.logs[0]).toMatchInlineSnapshot(` Object { "level": "error", - "message": "Action failed with '[index_not_yellow_timeout] Timeout waiting for ... Refer to repeatedTimeoutRequests for information on how to resolve the issue.'. Retrying attempt 1 in 2 seconds.", + "message": "Action failed with '[index_not_green_timeout] Timeout waiting for ... Refer to repeatedTimeoutRequests for information on how to resolve the issue.'. Retrying attempt 1 in 2 seconds.", } `); }); @@ -1963,10 +1963,10 @@ describe('migrations v2 model', () => { expect(newState.retryCount).toEqual(0); expect(newState.retryDelay).toEqual(0); }); - test('CREATE_NEW_TARGET -> CREATE_NEW_TARGET if action fails with index_not_yellow_timeout', () => { + test('CREATE_NEW_TARGET -> CREATE_NEW_TARGET if action fails with index_not_green_timeout', () => { const res: ResponseType<'CREATE_NEW_TARGET'> = Either.left({ - message: '[index_not_yellow_timeout] Timeout waiting for ...', - type: 'index_not_yellow_timeout', + message: '[index_not_green_timeout] Timeout waiting for ...', + type: 'index_not_green_timeout', }); const newState = model(createNewTargetState, res); expect(newState.controlState).toEqual('CREATE_NEW_TARGET'); diff --git a/src/core/server/saved_objects/migrations/model/model.ts b/src/core/server/saved_objects/migrations/model/model.ts index 9ab668b547e21b..8eca6d12c4f0ad 100644 --- a/src/core/server/saved_objects/migrations/model/model.ts +++ b/src/core/server/saved_objects/migrations/model/model.ts @@ -241,8 +241,8 @@ export const model = (currentState: State, resW: ResponseType): const res = resW as ExcludeRetryableEsError>; if (Either.isLeft(res)) { const left = res.left; - if (isTypeof(left, 'index_not_yellow_timeout')) { - // `index_not_yellow_timeout` for the LEGACY_CREATE_REINDEX_TARGET source index: + if (isTypeof(left, 'index_not_green_timeout')) { + // `index_not_green_timeout` for the LEGACY_CREATE_REINDEX_TARGET source index: // A yellow status timeout could theoretically be temporary for a busy cluster // that takes a long time to allocate the primary and we retry the action to see if // we get a response. @@ -485,10 +485,10 @@ export const model = (currentState: State, resW: ResponseType): return { ...stateP, controlState: 'REINDEX_SOURCE_TO_TEMP_OPEN_PIT' }; } else if (Either.isLeft(res)) { const left = res.left; - if (isTypeof(left, 'index_not_yellow_timeout')) { - // `index_not_yellow_timeout` for the CREATE_REINDEX_TEMP target temp index: - // The index status did not go yellow within the specified timeout period. - // A yellow status timeout could theoretically be temporary for a busy cluster. + if (isTypeof(left, 'index_not_green_timeout')) { + // `index_not_green_timeout` for the CREATE_REINDEX_TEMP target temp index: + // The index status did not go green within the specified timeout period. + // A green status timeout could theoretically be temporary for a busy cluster. // // If there is a problem CREATE_REINDEX_TEMP action will // continue to timeout and eventually lead to a failed migration. @@ -753,9 +753,9 @@ export const model = (currentState: State, resW: ResponseType): ...stateP, controlState: 'REFRESH_TARGET', }; - } else if (isTypeof(left, 'index_not_yellow_timeout')) { - // `index_not_yellow_timeout` for the CLONE_TEMP_TO_TARGET source -> target index: - // The target index status did not go yellow within the specified timeout period. + } else if (isTypeof(left, 'index_not_green_timeout')) { + // `index_not_green_timeout` for the CLONE_TEMP_TO_TARGET source -> target index: + // The target index status did not go green within the specified timeout period. // The cluster could just be busy and we retry the action. // Once we run out of retries, the migration fails. @@ -1019,8 +1019,8 @@ export const model = (currentState: State, resW: ResponseType): }; } else if (Either.isLeft(res)) { const left = res.left; - if (isTypeof(left, 'index_not_yellow_timeout')) { - // `index_not_yellow_timeout` for the CREATE_NEW_TARGET target index: + if (isTypeof(left, 'index_not_green_timeout')) { + // `index_not_green_timeout` for the CREATE_NEW_TARGET target index: // The cluster might just be busy and we retry the action for a set number of times. // If the cluster hit the low watermark for disk usage the action will continue to timeout. // Unless the disk space is addressed, the LEGACY_CREATE_REINDEX_TARGET action will diff --git a/src/core/server/saved_objects/migrations/next.ts b/src/core/server/saved_objects/migrations/next.ts index 7d73d4830259bf..9ac29a3a849ba7 100644 --- a/src/core/server/saved_objects/migrations/next.ts +++ b/src/core/server/saved_objects/migrations/next.ts @@ -61,7 +61,7 @@ export const nextActionMap = (client: ElasticsearchClient, transformRawDocs: Tra INIT: (state: InitState) => Actions.initAction({ client, indices: [state.currentAlias, state.versionAlias] }), WAIT_FOR_YELLOW_SOURCE: (state: WaitForYellowSourceState) => - Actions.waitForIndexStatusYellow({ client, index: state.sourceIndex.value }), + Actions.waitForIndexStatus({ client, index: state.sourceIndex.value, status: 'yellow' }), CHECK_UNKNOWN_DOCUMENTS: (state: CheckUnknownDocumentsState) => Actions.checkForUnknownDocs({ client, diff --git a/src/core/server/saved_objects/migrations/run_resilient_migrator.ts b/src/core/server/saved_objects/migrations/run_resilient_migrator.ts index 337947c33b989c..ce8f9d921e2c65 100644 --- a/src/core/server/saved_objects/migrations/run_resilient_migrator.ts +++ b/src/core/server/saved_objects/migrations/run_resilient_migrator.ts @@ -20,6 +20,20 @@ import { migrationStateActionMachine } from './migrations_state_action_machine'; import { SavedObjectsMigrationConfigType } from '../saved_objects_config'; import type { ISavedObjectTypeRegistry } from '../saved_objects_type_registry'; +/** + * To avoid the Elasticsearch-js client aborting our requests before we + * receive a response from Elasticsearch we choose a requestTimeout that's + * longer than the DEFAULT_TIMEOUT. + * + * This timeout is only really valuable for preventing migrations from being + * stuck waiting forever for a response when the underlying socket is broken. + * + * We also set maxRetries to 0 so that the state action machine can handle all + * retries. This way we get exponential back-off and logging for failed + * actions. + */ +export const MIGRATION_CLIENT_OPTIONS = { maxRetries: 0, requestTimeout: 120_000 }; + /** * Migrates the provided indexPrefix index using a resilient algorithm that is * completely lock-free so that any failure can always be retried by @@ -61,11 +75,12 @@ export async function runResilientMigrator({ docLinks, logger, }); + const migrationClient = client.child(MIGRATION_CLIENT_OPTIONS); return migrationStateActionMachine({ initialState, logger, - next: next(client, transformRawDocs), + next: next(migrationClient, transformRawDocs), model, - client, + client: migrationClient, }); } diff --git a/src/core/server/saved_objects/migrations/state.ts b/src/core/server/saved_objects/migrations/state.ts index 02da8495c0d8af..c6f3273a18d47a 100644 --- a/src/core/server/saved_objects/migrations/state.ts +++ b/src/core/server/saved_objects/migrations/state.ts @@ -182,7 +182,7 @@ export interface FatalState extends BaseState { } export interface WaitForYellowSourceState extends BaseState { - /** Wait for the source index to be yellow before requesting it. */ + /** Wait for the source index to be yellow before reading from it. */ readonly controlState: 'WAIT_FOR_YELLOW_SOURCE'; readonly sourceIndex: Option.Some; readonly sourceIndexMappings: IndexMapping; From c1f21d4f4e017b0bdb679d720c4b619ebc724698 Mon Sep 17 00:00:00 2001 From: Sander Philipse <94373878+sphilipse@users.noreply.github.com> Date: Wed, 27 Jul 2022 12:56:35 +0200 Subject: [PATCH 02/12] [Enterprise Search] Add link for connector documentation on create index page (#137259) --- .../method_connector/method_connector.tsx | 1 + .../new_index/new_search_index_template.tsx | 24 +++++++++++-------- 2 files changed, 15 insertions(+), 10 deletions(-) diff --git a/x-pack/plugins/enterprise_search/public/applications/enterprise_search_content/components/new_index/method_connector/method_connector.tsx b/x-pack/plugins/enterprise_search/public/applications/enterprise_search_content/components/new_index/method_connector/method_connector.tsx index d9038e72523323..70d4ce17c879fc 100644 --- a/x-pack/plugins/enterprise_search/public/applications/enterprise_search_content/components/new_index/method_connector/method_connector.tsx +++ b/x-pack/plugins/enterprise_search/public/applications/enterprise_search_content/components/new_index/method_connector/method_connector.tsx @@ -119,6 +119,7 @@ export const MethodConnector: React.FC = () => { return ( = ({ children, + docsUrl, error, title, onNameChange, @@ -208,16 +210,18 @@ export const NewSearchIndexTemplate: React.FC = ({ )} - - - {i18n.translate( - 'xpack.enterpriseSearch.content.newIndex.newSearchIndexTemplate.viewDocumentation.linkText', - { - defaultMessage: 'View the documentation', - } - )} - - + {!!docsUrl && ( + + + {i18n.translate( + 'xpack.enterpriseSearch.content.newIndex.newSearchIndexTemplate.viewDocumentation.linkText', + { + defaultMessage: 'View the documentation', + } + )} + + + )} From 37d5dd6637067cf42f7015e0cff1e5104e42a1b9 Mon Sep 17 00:00:00 2001 From: Sander Philipse <94373878+sphilipse@users.noreply.github.com> Date: Wed, 27 Jul 2022 12:56:50 +0200 Subject: [PATCH 03/12] [Enterprise Search] Fix scheduling callout and restrict width (#137255) --- .../components/layout/page_template.tsx | 3 +- .../connector/connector_scheduling.tsx | 102 ++++++++++++------ 2 files changed, 71 insertions(+), 34 deletions(-) diff --git a/x-pack/plugins/enterprise_search/public/applications/enterprise_search_content/components/layout/page_template.tsx b/x-pack/plugins/enterprise_search/public/applications/enterprise_search_content/components/layout/page_template.tsx index 54dca0f8d921be..d512175f2842e5 100644 --- a/x-pack/plugins/enterprise_search/public/applications/enterprise_search_content/components/layout/page_template.tsx +++ b/x-pack/plugins/enterprise_search/public/applications/enterprise_search_content/components/layout/page_template.tsx @@ -23,9 +23,10 @@ export const EnterpriseSearchContentPageTemplate: React.FC = } > {pageViewTelemetry && ( diff --git a/x-pack/plugins/enterprise_search/public/applications/enterprise_search_content/components/search_index/connector/connector_scheduling.tsx b/x-pack/plugins/enterprise_search/public/applications/enterprise_search_content/components/search_index/connector/connector_scheduling.tsx index f1cc04e7260722..a0b9d08e457c38 100644 --- a/x-pack/plugins/enterprise_search/public/applications/enterprise_search_content/components/search_index/connector/connector_scheduling.tsx +++ b/x-pack/plugins/enterprise_search/public/applications/enterprise_search_content/components/search_index/connector/connector_scheduling.tsx @@ -7,6 +7,8 @@ import React, { useState } from 'react'; +import { generatePath } from 'react-router-dom'; + import { useActions, useValues } from 'kea'; import { @@ -27,14 +29,18 @@ import { i18n } from '@kbn/i18n'; import { Status } from '../../../../../../common/types/api'; import { ConnectorStatus } from '../../../../../../common/types/connectors'; import { ConnectorIndex } from '../../../../../../common/types/indices'; +import { EuiButtonTo } from '../../../../shared/react_router_helpers'; import { UnsavedChangesPrompt } from '../../../../shared/unsaved_changes_prompt'; import { UpdateConnectorSchedulingApiLogic } from '../../../api/connector_package/update_connector_scheduling_api_logic'; +import { SEARCH_INDEX_TAB_PATH } from '../../../routes'; import { IngestionStatus } from '../../../types'; import { isConnectorIndex } from '../../../utils/indices'; import { IndexViewLogic } from '../index_view_logic'; +import { SearchIndexTabId } from '../search_index'; + import { ConnectorSchedulingLogic } from './connector_scheduling_logic'; export const ConnectorSchedulingComponent: React.FC = () => { @@ -60,41 +66,52 @@ export const ConnectorSchedulingComponent: React.FC = () => { return <>; } - if (index.connector.status === ConnectorStatus.CREATED) { + if ( + index.connector.status === ConnectorStatus.CREATED || + index.connector.status === ConnectorStatus.NEEDS_CONFIGURATION + ) { return ( - - {i18n.translate( - 'xpack.enterpriseSearch.content.indices.connectorScheduling.notConnected.title', - { - defaultMessage: - 'Configure and deploy your connector, then return here to set your sync schedule. This schedule will dictate the interval that the connector will sync with your data source for updated documents.', - } - )} - + <> + + + + {i18n.translate( + 'xpack.enterpriseSearch.content.indices.connectorScheduling.notConnected.description', + { + defaultMessage: + 'Configure and deploy your connector, then return here to set your sync schedule. This schedule will dictate the interval that the connector will sync with your data source for updated documents.', + } + )} + + + + {i18n.translate( + 'xpack.enterpriseSearch.content.indices.connectorScheduling.notConnected.button.label', + { + defaultMessage: 'Configure', + } + )} + + + ); } - const editor = ( - { - setSimpleCron({ - expression, - frequency, - }); - setFieldToPreferredValueMap(newFieldToPreferredValueMap); - setScheduling({ ...scheduling, interval: expression }); - setHasChanges(true); - }} - /> - ); - return ( <> { )} /> - + {ingestionStatus === IngestionStatus.ERROR ? ( { )} - {editor} + + { + setSimpleCron({ + expression, + frequency, + }); + setFieldToPreferredValueMap(newFieldToPreferredValueMap); + setScheduling({ ...scheduling, interval: expression }); + setHasChanges(true); + }} + /> + From 58f7eaf0f8dc3c43cbfcd393e587f155e97b3d0d Mon Sep 17 00:00:00 2001 From: Sander Philipse <94373878+sphilipse@users.noreply.github.com> Date: Wed, 27 Jul 2022 12:57:04 +0200 Subject: [PATCH 04/12] [Enterprise Search] Add language analyzer to connector index creation (#137256) --- .../server/lib/connectors/add_connector.test.ts | 16 ++++++++++++---- .../server/lib/connectors/add_connector.ts | 6 +++++- 2 files changed, 17 insertions(+), 5 deletions(-) diff --git a/x-pack/plugins/enterprise_search/server/lib/connectors/add_connector.test.ts b/x-pack/plugins/enterprise_search/server/lib/connectors/add_connector.test.ts index 8f8e9d87f3524a..ac20e09284185c 100644 --- a/x-pack/plugins/enterprise_search/server/lib/connectors/add_connector.test.ts +++ b/x-pack/plugins/enterprise_search/server/lib/connectors/add_connector.test.ts @@ -14,6 +14,7 @@ import { ErrorCode } from '../../../common/types/error_codes'; import { setupConnectorsIndices } from '../../index_management/setup_indices'; import { fetchCrawlerByIndexName } from '../crawler/fetch_crawlers'; +import { textAnalysisSettings } from '../indices/text_analysis'; import { addConnector } from './add_connector'; import { fetchConnectorByIndexName } from './fetch_connectors'; @@ -52,7 +53,7 @@ describe('addConnector lib function', () => { await expect( addConnector(mockClient as unknown as IScopedClusterClient, { index_name: 'index_name', - language: 'en', + language: 'fr', }) ).resolves.toEqual({ id: 'fakeId', index_name: 'index_name' }); expect(mockClient.asCurrentUser.index).toHaveBeenCalledWith({ @@ -60,7 +61,7 @@ describe('addConnector lib function', () => { api_key_id: null, configuration: {}, index_name: 'index_name', - language: 'en', + language: 'fr', last_seen: null, last_sync_error: null, last_sync_status: null, @@ -73,7 +74,10 @@ describe('addConnector lib function', () => { }, index: CONNECTORS_INDEX, }); - expect(mockClient.asCurrentUser.indices.create).toHaveBeenCalledWith({ index: 'index_name' }); + expect(mockClient.asCurrentUser.indices.create).toHaveBeenCalledWith({ + index: 'index_name', + settings: textAnalysisSettings('fr'), + }); }); it('should reject if index already exists', async () => { @@ -156,7 +160,10 @@ describe('addConnector lib function', () => { }, index: CONNECTORS_INDEX, }); - expect(mockClient.asCurrentUser.indices.create).toHaveBeenCalledWith({ index: 'index_name' }); + expect(mockClient.asCurrentUser.indices.create).toHaveBeenCalledWith({ + index: 'index_name', + settings: textAnalysisSettings(undefined), + }); }); it('should create index if no connectors index exists', async () => { @@ -196,6 +203,7 @@ describe('addConnector lib function', () => { }); expect(mockClient.asCurrentUser.indices.create).toHaveBeenCalledWith({ index: 'search-index_name', + settings: textAnalysisSettings('en'), }); }); it('should not create index if status code is not 404', async () => { diff --git a/x-pack/plugins/enterprise_search/server/lib/connectors/add_connector.ts b/x-pack/plugins/enterprise_search/server/lib/connectors/add_connector.ts index 7a03f6817123f3..8528b28582bf02 100644 --- a/x-pack/plugins/enterprise_search/server/lib/connectors/add_connector.ts +++ b/x-pack/plugins/enterprise_search/server/lib/connectors/add_connector.ts @@ -14,6 +14,7 @@ import { setupConnectorsIndices } from '../../index_management/setup_indices'; import { isIndexNotFoundException } from '../../utils/identify_exceptions'; import { fetchCrawlerByIndexName } from '../crawler/fetch_crawlers'; +import { textAnalysisSettings } from '../indices/text_analysis'; import { deleteConnectorById } from './delete_connector'; @@ -51,7 +52,10 @@ const createConnector = async ( document, index: CONNECTORS_INDEX, }); - await client.asCurrentUser.indices.create({ index }); + await client.asCurrentUser.indices.create({ + index, + settings: textAnalysisSettings(language ?? undefined), + }); await client.asCurrentUser.indices.refresh({ index: CONNECTORS_INDEX }); return { id: result._id, index_name: document.index_name }; From 0be138c0a9eb8ff093f4a58df87558153b812ae5 Mon Sep 17 00:00:00 2001 From: Ari Aviran Date: Wed, 27 Jul 2022 14:14:18 +0300 Subject: [PATCH 05/12] [Cloud Posture] Fully integrate cloud posture pages into security solution (#137058) --- .../collectors/application_usage/schema.ts | 1 - src/plugins/telemetry/schema/oss_plugins.json | 131 --------------- .../common/constants.ts | 1 - .../public/application/app.tsx | 38 ----- .../public/application/constants.tsx | 7 - .../public/application/csp_router.tsx | 18 +- .../public/application/index.tsx | 28 ---- .../public/common/navigation/constants.ts | 7 +- .../security_solution_links.test.ts | 30 ++-- .../navigation/security_solution_links.ts | 68 ++++---- .../public/common/navigation/types.ts | 1 + .../use_navigate_to_cis_integration.ts | 2 +- .../public/components/cloud_posture_page.tsx | 156 +++++++++--------- .../public/components/csp_health_badge.tsx | 43 ----- .../public/components/csp_loading_state.tsx | 25 +-- .../components/csp_page_template.test.tsx | 33 ---- .../public/components/csp_page_template.tsx | 55 ------ .../components/full_size_centered_page.tsx | 28 ++++ .../public/components/no_findings_states.tsx | 7 +- .../public/components/unknown_route.tsx | 30 ---- .../cloud_security_posture/public/index.ts | 5 +- .../public/pages/benchmarks/benchmarks.tsx | 16 +- .../public/pages/benchmarks/index.ts | 2 +- .../compliance_dashboard.tsx | 17 +- .../public/pages/findings/findings.tsx | 16 +- .../latest_findings_container.tsx | 112 ++++++------- .../findings_by_resource_container.tsx | 130 +++++++-------- .../resource_findings_container.tsx | 128 +++++++------- .../pages/findings/layout/findings_layout.tsx | 15 -- .../public/pages/index.ts | 6 +- .../public/pages/rules/index.tsx | 11 +- .../cloud_security_posture/public/plugin.tsx | 43 +---- .../public/test/test_provider.tsx | 9 +- .../cloud_security_posture/public/types.ts | 7 +- .../common/experimental_features.ts | 5 - .../public/app/deep_links/index.ts | 23 ++- .../public/app/home/home_navigations.ts | 22 +++ .../public/app/translations.ts | 3 + .../public/cloud_security_posture/links.ts | 92 +++++------ .../public/cloud_security_posture/routes.tsx | 5 +- .../common/components/navigation/types.ts | 9 +- .../__snapshots__/index.test.tsx.snap | 36 ++++ .../index.test.tsx | 6 +- .../use_navigation_items.tsx | 6 + .../utils/timeline/use_show_timeline.tsx | 1 + .../schema/xpack_plugins.json | 26 +-- .../translations/translations/fr-FR.json | 5 - .../translations/translations/ja-JP.json | 5 - .../translations/translations/zh-CN.json | 5 - 49 files changed, 539 insertions(+), 936 deletions(-) delete mode 100755 x-pack/plugins/cloud_security_posture/public/application/app.tsx delete mode 100644 x-pack/plugins/cloud_security_posture/public/application/index.tsx delete mode 100644 x-pack/plugins/cloud_security_posture/public/components/csp_health_badge.tsx delete mode 100644 x-pack/plugins/cloud_security_posture/public/components/csp_page_template.test.tsx delete mode 100644 x-pack/plugins/cloud_security_posture/public/components/csp_page_template.tsx create mode 100644 x-pack/plugins/cloud_security_posture/public/components/full_size_centered_page.tsx delete mode 100644 x-pack/plugins/cloud_security_posture/public/components/unknown_route.tsx diff --git a/src/plugins/kibana_usage_collection/server/collectors/application_usage/schema.ts b/src/plugins/kibana_usage_collection/server/collectors/application_usage/schema.ts index d095da0b97ae54..e650dc5bbc3c4e 100644 --- a/src/plugins/kibana_usage_collection/server/collectors/application_usage/schema.ts +++ b/src/plugins/kibana_usage_collection/server/collectors/application_usage/schema.ts @@ -133,7 +133,6 @@ export const applicationUsageSchema = { // X-Pack apm: commonSchema, canvas: commonSchema, - csp: commonSchema, enterpriseSearch: commonSchema, enterpriseSearchContent: commonSchema, elasticsearch: commonSchema, diff --git a/src/plugins/telemetry/schema/oss_plugins.json b/src/plugins/telemetry/schema/oss_plugins.json index 4927723395e139..cacd8067e4e03f 100644 --- a/src/plugins/telemetry/schema/oss_plugins.json +++ b/src/plugins/telemetry/schema/oss_plugins.json @@ -2092,137 +2092,6 @@ } } }, - "csp": { - "properties": { - "appId": { - "type": "keyword", - "_meta": { - "description": "The application being tracked" - } - }, - "viewId": { - "type": "keyword", - "_meta": { - "description": "Always `main`" - } - }, - "clicks_total": { - "type": "long", - "_meta": { - "description": "General number of clicks in the application since we started counting them" - } - }, - "clicks_7_days": { - "type": "long", - "_meta": { - "description": "General number of clicks in the application over the last 7 days" - } - }, - "clicks_30_days": { - "type": "long", - "_meta": { - "description": "General number of clicks in the application over the last 30 days" - } - }, - "clicks_90_days": { - "type": "long", - "_meta": { - "description": "General number of clicks in the application over the last 90 days" - } - }, - "minutes_on_screen_total": { - "type": "float", - "_meta": { - "description": "Minutes the application is active and on-screen since we started counting them." - } - }, - "minutes_on_screen_7_days": { - "type": "float", - "_meta": { - "description": "Minutes the application is active and on-screen over the last 7 days" - } - }, - "minutes_on_screen_30_days": { - "type": "float", - "_meta": { - "description": "Minutes the application is active and on-screen over the last 30 days" - } - }, - "minutes_on_screen_90_days": { - "type": "float", - "_meta": { - "description": "Minutes the application is active and on-screen over the last 90 days" - } - }, - "views": { - "type": "array", - "items": { - "properties": { - "appId": { - "type": "keyword", - "_meta": { - "description": "The application being tracked" - } - }, - "viewId": { - "type": "keyword", - "_meta": { - "description": "The application view being tracked" - } - }, - "clicks_total": { - "type": "long", - "_meta": { - "description": "General number of clicks in the application sub view since we started counting them" - } - }, - "clicks_7_days": { - "type": "long", - "_meta": { - "description": "General number of clicks in the active application sub view over the last 7 days" - } - }, - "clicks_30_days": { - "type": "long", - "_meta": { - "description": "General number of clicks in the active application sub view over the last 30 days" - } - }, - "clicks_90_days": { - "type": "long", - "_meta": { - "description": "General number of clicks in the active application sub view over the last 90 days" - } - }, - "minutes_on_screen_total": { - "type": "float", - "_meta": { - "description": "Minutes the application sub view is active and on-screen since we started counting them." - } - }, - "minutes_on_screen_7_days": { - "type": "float", - "_meta": { - "description": "Minutes the application is active and on-screen active application sub view over the last 7 days" - } - }, - "minutes_on_screen_30_days": { - "type": "float", - "_meta": { - "description": "Minutes the application is active and on-screen active application sub view over the last 30 days" - } - }, - "minutes_on_screen_90_days": { - "type": "float", - "_meta": { - "description": "Minutes the application is active and on-screen active application sub view over the last 90 days" - } - } - } - } - } - } - }, "enterpriseSearch": { "properties": { "appId": { diff --git a/x-pack/plugins/cloud_security_posture/common/constants.ts b/x-pack/plugins/cloud_security_posture/common/constants.ts index 5900ad7189b974..af937016c7e839 100644 --- a/x-pack/plugins/cloud_security_posture/common/constants.ts +++ b/x-pack/plugins/cloud_security_posture/common/constants.ts @@ -36,7 +36,6 @@ export const RULE_FAILED = `failed`; // A mapping of in-development features to their status. These features should be hidden from users but can be easily // activated via a simple code change in a single location. export const INTERNAL_FEATURE_FLAGS = { - showBenchmarks: true, showManageRulesMock: false, showFindingsGroupBy: true, } as const; diff --git a/x-pack/plugins/cloud_security_posture/public/application/app.tsx b/x-pack/plugins/cloud_security_posture/public/application/app.tsx deleted file mode 100755 index 2521fe3b2be77d..00000000000000 --- a/x-pack/plugins/cloud_security_posture/public/application/app.tsx +++ /dev/null @@ -1,38 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ -import { EuiErrorBoundary } from '@elastic/eui'; -import { APP_WRAPPER_CLASS, type AppMountParameters, type CoreStart } from '@kbn/core/public'; -import { I18nProvider } from '@kbn/i18n-react'; -import { KibanaContextProvider, RedirectAppLinks } from '@kbn/kibana-react-plugin/public'; -import React from 'react'; -import { Router } from 'react-router-dom'; -import { cloudPosturePages } from '../common/navigation/constants'; -import type { CspClientPluginStartDeps } from '../types'; -import { pageToComponentMapping } from './constants'; -import { CspRouter, getRoutesFromMapping } from './csp_router'; - -export interface CspAppDeps { - core: CoreStart; - deps: CspClientPluginStartDeps; - params: AppMountParameters; -} - -const cspPluginRoutes = getRoutesFromMapping(cloudPosturePages, pageToComponentMapping); - -export const CspApp = ({ core, deps, params }: CspAppDeps) => ( - - - - - - - - - - - -); diff --git a/x-pack/plugins/cloud_security_posture/public/application/constants.tsx b/x-pack/plugins/cloud_security_posture/public/application/constants.tsx index adde8c7f674c7b..a1a57852866044 100644 --- a/x-pack/plugins/cloud_security_posture/public/application/constants.tsx +++ b/x-pack/plugins/cloud_security_posture/public/application/constants.tsx @@ -14,10 +14,3 @@ export const pageToComponentMapping: Record = benchmarks: pages.Benchmarks, rules: pages.Rules, }; - -export const pageToComponentMappingNoPageTemplate: Record = { - findings: pages.FindingsNoPageTemplate, - dashboard: pages.ComplianceDashboardNoPageTemplate, - benchmarks: pages.BenchmarksNoPageTemplate, - rules: pages.RulesNoPageTemplate, -}; diff --git a/x-pack/plugins/cloud_security_posture/public/application/csp_router.tsx b/x-pack/plugins/cloud_security_posture/public/application/csp_router.tsx index 93f2a833f9f640..2fd84c5967e290 100644 --- a/x-pack/plugins/cloud_security_posture/public/application/csp_router.tsx +++ b/x-pack/plugins/cloud_security_posture/public/application/csp_router.tsx @@ -11,8 +11,7 @@ import { Redirect, Route, RouteComponentProps, type RouteProps, Switch } from 'r import { CLOUD_SECURITY_POSTURE_BASE_PATH, type CspSecuritySolutionContext } from '..'; import { cloudPosturePages } from '../common/navigation/constants'; import type { CloudSecurityPosturePageId, CspPageNavigationItem } from '../common/navigation/types'; -import { UnknownRoute } from '../components/unknown_route'; -import { pageToComponentMappingNoPageTemplate } from './constants'; +import { pageToComponentMapping } from './constants'; import { SecuritySolutionContext } from './security_solution_context'; type CspRouteProps = RouteProps & { @@ -60,20 +59,14 @@ export const addSpyRouteComponentToRoute = ( return newRoute; }; -const securitySolutionRoutes = getRoutesFromMapping( - cloudPosturePages, - pageToComponentMappingNoPageTemplate -); +const securitySolutionRoutes = getRoutesFromMapping(cloudPosturePages, pageToComponentMapping); +/** Props for the cloud security posture router component */ export interface CspRouterProps { - routes?: readonly CspRouteProps[]; securitySolutionContext?: CspSecuritySolutionContext; } -export const CspRouter = ({ - routes = securitySolutionRoutes, - securitySolutionContext, -}: CspRouterProps) => { +export const CspRouter = ({ securitySolutionContext }: CspRouterProps) => { const SpyRoute = securitySolutionContext ? securitySolutionContext.getSpyRouteComponent() : undefined; @@ -81,12 +74,11 @@ export const CspRouter = ({ const routerElement = ( - {routes.map((route) => { + {securitySolutionRoutes.map((route) => { const routeProps = SpyRoute ? addSpyRouteComponentToRoute(route, SpyRoute) : route; return ; })} - ); diff --git a/x-pack/plugins/cloud_security_posture/public/application/index.tsx b/x-pack/plugins/cloud_security_posture/public/application/index.tsx deleted file mode 100644 index f299745fa2ba05..00000000000000 --- a/x-pack/plugins/cloud_security_posture/public/application/index.tsx +++ /dev/null @@ -1,28 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import React from 'react'; -import ReactDOM from 'react-dom'; -import { KibanaThemeProvider } from '@kbn/kibana-react-plugin/public'; -import type { AppMountParameters, CoreStart } from '@kbn/core/public'; -import { CspApp } from './app'; -import type { CspClientPluginStartDeps } from '../types'; - -export const renderApp = ( - core: CoreStart, - deps: CspClientPluginStartDeps, - params: AppMountParameters -) => { - ReactDOM.render( - - - , - params.element - ); - - return () => ReactDOM.unmountComponentAtNode(params.element); -}; diff --git a/x-pack/plugins/cloud_security_posture/public/common/navigation/constants.ts b/x-pack/plugins/cloud_security_posture/public/common/navigation/constants.ts index fcec1faf12474a..8cc626dfe332f7 100644 --- a/x-pack/plugins/cloud_security_posture/public/common/navigation/constants.ts +++ b/x-pack/plugins/cloud_security_posture/public/common/navigation/constants.ts @@ -6,18 +6,17 @@ */ import { i18n } from '@kbn/i18n'; -import { INTERNAL_FEATURE_FLAGS } from '../../../common/constants'; import type { CspPage, CspPageNavigationItem } from './types'; const NAV_ITEMS_NAMES = { DASHBOARD: i18n.translate('xpack.csp.navigation.dashboardNavItemLabel', { - defaultMessage: 'Dashboard', + defaultMessage: 'Cloud Posture', }), FINDINGS: i18n.translate('xpack.csp.navigation.findingsNavItemLabel', { defaultMessage: 'Findings', }), BENCHMARKS: i18n.translate('xpack.csp.navigation.myBenchmarksNavItemLabel', { - defaultMessage: 'My Benchmarks', + defaultMessage: 'CSP Benchmarks', }), RULES: i18n.translate('xpack.csp.navigation.rulesNavItemLabel', { defaultMessage: 'Rules', @@ -41,14 +40,12 @@ export const cloudPosturePages: Record = { rules: { name: NAV_ITEMS_NAMES.RULES, path: `${CLOUD_SECURITY_POSTURE_BASE_PATH}/benchmarks/:packagePolicyId/:policyId/rules`, - disabled: !INTERNAL_FEATURE_FLAGS.showBenchmarks, id: 'cloud_security_posture-rules', }, benchmarks: { name: NAV_ITEMS_NAMES.BENCHMARKS, path: `${CLOUD_SECURITY_POSTURE_BASE_PATH}/benchmarks`, exact: true, - disabled: !INTERNAL_FEATURE_FLAGS.showBenchmarks, id: 'cloud_security_posture-benchmarks', }, }; diff --git a/x-pack/plugins/cloud_security_posture/public/common/navigation/security_solution_links.test.ts b/x-pack/plugins/cloud_security_posture/public/common/navigation/security_solution_links.test.ts index d420078c00818d..08d3e6ba2a34ab 100644 --- a/x-pack/plugins/cloud_security_posture/public/common/navigation/security_solution_links.test.ts +++ b/x-pack/plugins/cloud_security_posture/public/common/navigation/security_solution_links.test.ts @@ -6,34 +6,34 @@ */ import { cloudPosturePages } from './constants'; -import { getSecuritySolutionLinks } from './security_solution_links'; +import { getSecuritySolutionLink, getSecuritySolutionNavTab } from './security_solution_links'; import { Chance } from 'chance'; import type { CspPage } from './types'; const chance = new Chance(); -describe('getSecuritySolutionLinks', () => { +describe('getSecuritySolutionLink', () => { it('gets the correct link properties', () => { const cspPage = chance.pickone(['dashboard', 'findings', 'benchmarks', 'rules']); - const links = getSecuritySolutionLinks(cspPage); + const link = getSecuritySolutionLink(cspPage); - expect(links.id).toEqual(cloudPosturePages[cspPage].id); - expect(links.path).toEqual(cloudPosturePages[cspPage].path); - expect(links.title).toEqual(cloudPosturePages[cspPage].name); + expect(link.id).toEqual(cloudPosturePages[cspPage].id); + expect(link.path).toEqual(cloudPosturePages[cspPage].path); + expect(link.title).toEqual(cloudPosturePages[cspPage].name); }); +}); - it('de-structures extensions correctly', () => { +describe('getSecuritySolutionNavTab', () => { + it('gets the correct nav tab properties', () => { const cspPage = chance.pickone(['dashboard', 'findings', 'benchmarks', 'rules']); - const overwrittenTitle = chance.word(); - const extensions = { - [cloudPosturePages[cspPage].id]: { title: overwrittenTitle }, - }; + const basePath = chance.word(); - const links = getSecuritySolutionLinks(cspPage, extensions); + const navTab = getSecuritySolutionNavTab(cspPage, basePath); - expect(links.id).toEqual(cloudPosturePages[cspPage].id); - expect(links.path).toEqual(cloudPosturePages[cspPage].path); - expect(links.title).toEqual(overwrittenTitle); + expect(navTab.id).toEqual(cloudPosturePages[cspPage].id); + expect(navTab.name).toEqual(cloudPosturePages[cspPage].name); + expect(navTab.href).toEqual(`${basePath}${cloudPosturePages[cspPage].path}`); + expect(navTab.disabled).toEqual(!!cloudPosturePages[cspPage].disabled); }); }); diff --git a/x-pack/plugins/cloud_security_posture/public/common/navigation/security_solution_links.ts b/x-pack/plugins/cloud_security_posture/public/common/navigation/security_solution_links.ts index efeaa6b25ba535..9942c95f080941 100644 --- a/x-pack/plugins/cloud_security_posture/public/common/navigation/security_solution_links.ts +++ b/x-pack/plugins/cloud_security_posture/public/common/navigation/security_solution_links.ts @@ -8,52 +8,42 @@ import { cloudPosturePages } from './constants'; import type { CloudSecurityPosturePageId, CspPage } from './types'; -interface BaseLinkItem { - id: string; +interface CloudSecurityPostureLinkItem { + id: TId; title: string; path: string; - links?: BaseLinkItem[]; } -type SecuritySolutionLinkExtensions = Partial< - Record> ->; - -export const getSecuritySolutionLinks = ( - cspPage: CspPage, - extensions?: SecuritySolutionLinkExtensions -): TLinkItem => - ({ - id: cloudPosturePages[cspPage].id, - title: cloudPosturePages[cspPage].name, - path: cloudPosturePages[cspPage].path, - ...(extensions?.[cloudPosturePages[cspPage].id] ?? {}), - } as TLinkItem); - -/** - * Gets the cloud security posture links for top-level navigation in the security solution. - * @param extensions extended configuration for the links. - */ -export const getSecuritySolutionRootLinks = ( - extensions?: SecuritySolutionLinkExtensions -): TLinkItem => getSecuritySolutionLinks('findings', extensions); +interface CloudSecurityPostureNavTab { + id: TId; + name: string; + href: string; + disabled: boolean; +} /** - * Gets the cloud security posture links for navigation in the security solution's "Dashboards" section. - * @param extensions extended configuration for the links. + * Gets the cloud security posture link properties of a CSP page for navigation in the security solution. + * @param cloudSecurityPosturePage the name of the cloud posture page. */ -export const getSecuritySolutionDashboardLinks = ( - extensions?: SecuritySolutionLinkExtensions -): TLinkItem => getSecuritySolutionLinks('dashboard', extensions); +export const getSecuritySolutionLink = ( + cloudSecurityPosturePage: CspPage +): CloudSecurityPostureLinkItem => ({ + id: cloudPosturePages[cloudSecurityPosturePage].id as TId, + title: cloudPosturePages[cloudSecurityPosturePage].name, + path: cloudPosturePages[cloudSecurityPosturePage].path, +}); /** - * Gets the cloud security posture links for navigation in the security solution's "Manage" section. - * @param extensions extended configuration for the links. + * Gets the cloud security posture link properties of a CSP page for navigation in the old security solution navigation. + * @param cloudSecurityPosturePage the name of the cloud posture page. + * @param basePath the base path for links. */ -export const getSecuritySolutionManageLinks = ( - extensions?: SecuritySolutionLinkExtensions -): TLinkItem => { - const manageLinks = getSecuritySolutionLinks('benchmarks', extensions); - manageLinks.links = [getSecuritySolutionLinks('rules', extensions)]; - return manageLinks; -}; +export const getSecuritySolutionNavTab = ( + cloudSecurityPosturePage: CspPage, + basePath: string +): CloudSecurityPostureNavTab => ({ + id: cloudPosturePages[cloudSecurityPosturePage].id as TId, + name: cloudPosturePages[cloudSecurityPosturePage].name, + href: `${basePath}${cloudPosturePages[cloudSecurityPosturePage].path}`, + disabled: !!cloudPosturePages[cloudSecurityPosturePage].disabled, +}); diff --git a/x-pack/plugins/cloud_security_posture/public/common/navigation/types.ts b/x-pack/plugins/cloud_security_posture/public/common/navigation/types.ts index 4b6b0804a7b6f1..f96510702fdd3e 100644 --- a/x-pack/plugins/cloud_security_posture/public/common/navigation/types.ts +++ b/x-pack/plugins/cloud_security_posture/public/common/navigation/types.ts @@ -27,6 +27,7 @@ export type CloudSecurityPosturePageId = | 'cloud_security_posture-benchmarks' | 'cloud_security_posture-rules'; +/** An entry for the cloud security posture breadcrumbs implementation. */ export interface BreadcrumbEntry { readonly name: string; readonly path: string; diff --git a/x-pack/plugins/cloud_security_posture/public/common/navigation/use_navigate_to_cis_integration.ts b/x-pack/plugins/cloud_security_posture/public/common/navigation/use_navigate_to_cis_integration.ts index 19949e352eaaf0..76d85983369ddc 100644 --- a/x-pack/plugins/cloud_security_posture/public/common/navigation/use_navigate_to_cis_integration.ts +++ b/x-pack/plugins/cloud_security_posture/public/common/navigation/use_navigate_to_cis_integration.ts @@ -22,7 +22,7 @@ export const useCISIntegrationLink = (): string | undefined => { version: cisIntegration.data.item.version, }), }) - .join('/'); + .join(''); return http.basePath.prepend(path); }; diff --git a/x-pack/plugins/cloud_security_posture/public/components/cloud_posture_page.tsx b/x-pack/plugins/cloud_security_posture/public/components/cloud_posture_page.tsx index c642a9fa7d56b6..dfa1c51f5226aa 100644 --- a/x-pack/plugins/cloud_security_posture/public/components/cloud_posture_page.tsx +++ b/x-pack/plugins/cloud_security_posture/public/components/cloud_posture_page.tsx @@ -11,6 +11,7 @@ import { EuiEmptyPrompt } from '@elastic/eui'; import { FormattedMessage } from '@kbn/i18n-react'; import { NoDataPage } from '@kbn/kibana-react-plugin/public'; import { css } from '@emotion/react'; +import { FullSizeCenteredPage } from './full_size_centered_page'; import { useCspSetupStatusApi } from '../common/api/use_setup_status_api'; import { CspLoadingState } from './csp_loading_state'; import { useCISIntegrationLink } from '../common/navigation/use_navigate_to_cis_integration'; @@ -42,37 +43,39 @@ export const isCommonError = (error: unknown): error is CommonError => { }; const packageNotInstalledRenderer = (cisIntegrationLink?: string) => ( - + + + ); const defaultLoadingRenderer = () => ( @@ -85,57 +88,58 @@ const defaultLoadingRenderer = () => ( ); const defaultErrorRenderer = (error: unknown) => ( - - - - } - body={ - isCommonError(error) ? ( -

+ + -

- ) : undefined - } - /> + + } + body={ + isCommonError(error) ? ( +

+ +

+ ) : undefined + } + /> + ); const defaultNoDataRenderer = () => { return ( - + + + ); }; diff --git a/x-pack/plugins/cloud_security_posture/public/components/csp_health_badge.tsx b/x-pack/plugins/cloud_security_posture/public/components/csp_health_badge.tsx deleted file mode 100644 index 9149a1cfac66e7..00000000000000 --- a/x-pack/plugins/cloud_security_posture/public/components/csp_health_badge.tsx +++ /dev/null @@ -1,43 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import React from 'react'; -import { EuiBadge } from '@elastic/eui'; -import { FormattedMessage } from '@kbn/i18n-react'; -import type { Score } from '../../common/types'; - -interface Props { - value: Score; -} - -export const CspHealthBadge = ({ value }: Props) => { - if (value <= 65) { - return ( - - - - ); - } - - if (value <= 86) { - return ( - - - - ); - } - - if (value <= 100) { - return ( - - - - ); - } - - return null; -}; diff --git a/x-pack/plugins/cloud_security_posture/public/components/csp_loading_state.tsx b/x-pack/plugins/cloud_security_posture/public/components/csp_loading_state.tsx index 7b2e9f0f03ae71..2c2e14c6f2dc7f 100644 --- a/x-pack/plugins/cloud_security_posture/public/components/csp_loading_state.tsx +++ b/x-pack/plugins/cloud_security_posture/public/components/csp_loading_state.tsx @@ -5,29 +5,20 @@ * 2.0. */ -import { EuiFlexGroup, EuiFlexItem, EuiLoadingSpinner, useEuiTheme } from '@elastic/eui'; +import { EuiLoadingSpinner, EuiSpacer } from '@elastic/eui'; import React from 'react'; -import { css } from '@emotion/react'; +import { FullSizeCenteredPage } from './full_size_centered_page'; +// Keep this component lean as it is part of the main app bundle export const CspLoadingState: React.FunctionComponent<{ ['data-test-subj']?: string }> = ({ children, ...rest }) => { - const { euiTheme } = useEuiTheme(); return ( - - - - - {children} - + + + + {children} + ); }; diff --git a/x-pack/plugins/cloud_security_posture/public/components/csp_page_template.test.tsx b/x-pack/plugins/cloud_security_posture/public/components/csp_page_template.test.tsx deleted file mode 100644 index 983da700b68424..00000000000000 --- a/x-pack/plugins/cloud_security_posture/public/components/csp_page_template.test.tsx +++ /dev/null @@ -1,33 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ -import Chance from 'chance'; -import { createPageNavigationItemFixture } from '../test/fixtures/navigation_item'; -import { getSideNavItems } from './csp_page_template'; - -const chance = new Chance(); - -describe('getSideNavItems', () => { - it('maps navigation items to side navigation items', () => { - const navigationItem = createPageNavigationItemFixture(); - const id = chance.word(); - const sideNavItems = getSideNavItems({ [id]: navigationItem }); - - expect(sideNavItems).toHaveLength(1); - expect(sideNavItems[0]).toMatchObject({ - id, - name: navigationItem.name, - renderItem: expect.any(Function), - }); - }); - - it('does not map disabled navigation items to side navigation items', () => { - const navigationItem = createPageNavigationItemFixture({ disabled: true }); - const id = chance.word(); - const sideNavItems = getSideNavItems({ [id]: navigationItem }); - expect(sideNavItems).toHaveLength(0); - }); -}); diff --git a/x-pack/plugins/cloud_security_posture/public/components/csp_page_template.tsx b/x-pack/plugins/cloud_security_posture/public/components/csp_page_template.tsx deleted file mode 100644 index 3ff67b85d910c4..00000000000000 --- a/x-pack/plugins/cloud_security_posture/public/components/csp_page_template.tsx +++ /dev/null @@ -1,55 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ -import React from 'react'; -import { NavLink } from 'react-router-dom'; -import { i18n } from '@kbn/i18n'; -import { EuiErrorBoundary } from '@elastic/eui'; -import { KibanaPageTemplate, type KibanaPageTemplateProps } from '@kbn/shared-ux-components'; -import { cloudPosturePages } from '../common/navigation/constants'; -import type { CspNavigationItem } from '../common/navigation/types'; - -const activeItemStyle = { fontWeight: 700 }; - -export const getSideNavItems = ( - navigationItems: Record -): NonNullable['items']> => - Object.entries(navigationItems) - .filter(([_, navigationItem]) => !navigationItem.disabled) - .map(([id, navigationItem]) => ({ - id, - name: navigationItem.name, - renderItem: () => ( - - {navigationItem.name} - - ), - })); - -const DEFAULT_PAGE_PROPS: KibanaPageTemplateProps = { - solutionNav: { - name: i18n.translate('xpack.csp.cspPageTemplate.navigationTitle', { - defaultMessage: 'Cloud Security Posture', - }), - items: getSideNavItems({ - dashboard: cloudPosturePages.dashboard, - findings: cloudPosturePages.findings, - benchmark: cloudPosturePages.benchmarks, - }), - }, - restrictWidth: false, -}; - -export const CspPageTemplate = ({ - children, - ...kibanaPageTemplateProps -}: KibanaPageTemplateProps) => { - return ( - - {children} - - ); -}; diff --git a/x-pack/plugins/cloud_security_posture/public/components/full_size_centered_page.tsx b/x-pack/plugins/cloud_security_posture/public/components/full_size_centered_page.tsx new file mode 100644 index 00000000000000..4e68797c8c21f3 --- /dev/null +++ b/x-pack/plugins/cloud_security_posture/public/components/full_size_centered_page.tsx @@ -0,0 +1,28 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ +import { EuiFlexGroup, type CommonProps } from '@elastic/eui'; +import { css } from '@emotion/react'; +import React from 'react'; + +// Keep this component lean as it is part of the main app bundle +export const FullSizeCenteredPage = ({ + children, + ...rest +}: { children: React.ReactNode } & CommonProps) => ( + + {children} + +); diff --git a/x-pack/plugins/cloud_security_posture/public/components/no_findings_states.tsx b/x-pack/plugins/cloud_security_posture/public/components/no_findings_states.tsx index d9309dc2ed03de..12b26d38ac7c01 100644 --- a/x-pack/plugins/cloud_security_posture/public/components/no_findings_states.tsx +++ b/x-pack/plugins/cloud_security_posture/public/components/no_findings_states.tsx @@ -8,6 +8,7 @@ import React from 'react'; import { EuiLoadingLogo, EuiButton, EuiEmptyPrompt } from '@elastic/eui'; import { FormattedMessage } from '@kbn/i18n-react'; +import { FullSizeCenteredPage } from './full_size_centered_page'; import { useCspBenchmarkIntegrations } from '../pages/benchmarks/use_csp_benchmark_integrations'; import { useCISIntegrationPoliciesLink } from '../common/navigation/use_navigate_to_cis_integration_policies'; import { NO_FINDINGS_STATUS_TEST_SUBJ } from './test_subjects'; @@ -131,5 +132,9 @@ export const NoFindingsStates = () => { if (status === 'index-timeout') return ; // agent added, index timeout has passed }; - return {render()}; + return ( + + {render()} + + ); }; diff --git a/x-pack/plugins/cloud_security_posture/public/components/unknown_route.tsx b/x-pack/plugins/cloud_security_posture/public/components/unknown_route.tsx deleted file mode 100644 index cc31605a6c83a4..00000000000000 --- a/x-pack/plugins/cloud_security_posture/public/components/unknown_route.tsx +++ /dev/null @@ -1,30 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import React from 'react'; -import { EuiEmptyPrompt } from '@elastic/eui'; -import { FormattedMessage } from '@kbn/i18n-react'; -import { CspPageTemplate } from './csp_page_template'; - -// TODO: Remove when CSP is rendered exclusively under the security solution -export const UnknownRoute = React.memo(() => ( - - - -

- } - /> - -)); diff --git a/x-pack/plugins/cloud_security_posture/public/index.ts b/x-pack/plugins/cloud_security_posture/public/index.ts index faf1b80a3f0f8e..532a30524845d7 100755 --- a/x-pack/plugins/cloud_security_posture/public/index.ts +++ b/x-pack/plugins/cloud_security_posture/public/index.ts @@ -10,9 +10,8 @@ export type { CspSecuritySolutionContext } from './types'; export { CLOUD_SECURITY_POSTURE_BASE_PATH } from './common/navigation/constants'; export type { CloudSecurityPosturePageId } from './common/navigation/types'; export { - getSecuritySolutionRootLinks, - getSecuritySolutionDashboardLinks, - getSecuritySolutionManageLinks, + getSecuritySolutionLink, + getSecuritySolutionNavTab, } from './common/navigation/security_solution_links'; export type { CspClientPluginSetup, CspClientPluginStart } from './types'; diff --git a/x-pack/plugins/cloud_security_posture/public/pages/benchmarks/benchmarks.tsx b/x-pack/plugins/cloud_security_posture/public/pages/benchmarks/benchmarks.tsx index f484ffea1abf2c..61dbd7121c3fb8 100644 --- a/x-pack/plugins/cloud_security_posture/public/pages/benchmarks/benchmarks.tsx +++ b/x-pack/plugins/cloud_security_posture/public/pages/benchmarks/benchmarks.tsx @@ -21,10 +21,7 @@ import { FormattedMessage } from '@kbn/i18n-react'; import useDebounce from 'react-use/lib/useDebounce'; import { i18n } from '@kbn/i18n'; import { CloudPosturePage } from '../../components/cloud_posture_page'; -import { cloudPosturePages } from '../../common/navigation/constants'; -import { useCspBreadcrumbs } from '../../common/navigation/use_csp_breadcrumbs'; import { useCISIntegrationLink } from '../../common/navigation/use_navigate_to_cis_integration'; -import { CspPageTemplate } from '../../components/csp_page_template'; import { BenchmarksTable } from './benchmarks_table'; import { useCspBenchmarkIntegrations, @@ -33,7 +30,6 @@ import { import { extractErrorMessage } from '../../../common/utils/helpers'; import * as TEST_SUBJ from './test_subjects'; -const BENCHMARKS_BREADCRUMBS = [cloudPosturePages.benchmarks]; const SEARCH_DEBOUNCE_MS = 300; const AddCisIntegrationButton = () => { @@ -128,7 +124,7 @@ const BenchmarkSearchField = ({ ); }; -export const BenchmarksNoPageTemplate = () => { +export const Benchmarks = () => { const [query, setQuery] = useState({ name: '', page: 1, @@ -194,13 +190,3 @@ export const BenchmarksNoPageTemplate = () => { ); }; - -export const Benchmarks = () => { - useCspBreadcrumbs(BENCHMARKS_BREADCRUMBS); - - return ( - - - - ); -}; diff --git a/x-pack/plugins/cloud_security_posture/public/pages/benchmarks/index.ts b/x-pack/plugins/cloud_security_posture/public/pages/benchmarks/index.ts index 62955da2daa87d..839cf37ebf49ea 100644 --- a/x-pack/plugins/cloud_security_posture/public/pages/benchmarks/index.ts +++ b/x-pack/plugins/cloud_security_posture/public/pages/benchmarks/index.ts @@ -5,4 +5,4 @@ * 2.0. */ -export { Benchmarks, BenchmarksNoPageTemplate } from './benchmarks'; +export { Benchmarks } from './benchmarks'; diff --git a/x-pack/plugins/cloud_security_posture/public/pages/compliance_dashboard/compliance_dashboard.tsx b/x-pack/plugins/cloud_security_posture/public/pages/compliance_dashboard/compliance_dashboard.tsx index 3314e794834c3e..87d908f630804d 100644 --- a/x-pack/plugins/cloud_security_posture/public/pages/compliance_dashboard/compliance_dashboard.tsx +++ b/x-pack/plugins/cloud_security_posture/public/pages/compliance_dashboard/compliance_dashboard.tsx @@ -9,18 +9,15 @@ import React from 'react'; import { EuiSpacer, EuiPageHeader } from '@elastic/eui'; import { i18n } from '@kbn/i18n'; import { css } from '@emotion/react'; -import { useCspBreadcrumbs } from '../../common/navigation/use_csp_breadcrumbs'; -import { cloudPosturePages } from '../../common/navigation/constants'; import { CloudPosturePage } from '../../components/cloud_posture_page'; import { DASHBOARD_CONTAINER } from './test_subjects'; import { SummarySection } from './dashboard_sections/summary_section'; import { BenchmarksSection } from './dashboard_sections/benchmarks_section'; import { useComplianceDashboardDataApi } from '../../common/api'; -import { CspPageTemplate } from '../../components/csp_page_template'; import { useCspSetupStatusApi } from '../../common/api/use_setup_status_api'; import { NoFindingsStates } from '../../components/no_findings_states'; -export const ComplianceDashboardNoPageTemplate = () => { +export const ComplianceDashboard = () => { const getSetupStatus = useCspSetupStatusApi(); const hasFindings = getSetupStatus.data?.status === 'indexed'; const getDashboardData = useComplianceDashboardDataApi({ @@ -54,15 +51,3 @@ export const ComplianceDashboardNoPageTemplate = () => { ); }; - -const COMPLIANCE_DASHBOARD_BREADCRUMBS = [cloudPosturePages.dashboard]; - -export const ComplianceDashboard = () => { - useCspBreadcrumbs(COMPLIANCE_DASHBOARD_BREADCRUMBS); - - return ( - - - - ); -}; diff --git a/x-pack/plugins/cloud_security_posture/public/pages/findings/findings.tsx b/x-pack/plugins/cloud_security_posture/public/pages/findings/findings.tsx index ee15d3c12d17bf..baf4391eb2cc8c 100644 --- a/x-pack/plugins/cloud_security_posture/public/pages/findings/findings.tsx +++ b/x-pack/plugins/cloud_security_posture/public/pages/findings/findings.tsx @@ -9,17 +9,15 @@ import type { UseQueryResult } from 'react-query'; import { Redirect, Switch, Route, useLocation } from 'react-router-dom'; import { useCspSetupStatusApi } from '../../common/api/use_setup_status_api'; import { NoFindingsStates } from '../../components/no_findings_states'; -import { useCspBreadcrumbs } from '../../common/navigation/use_csp_breadcrumbs'; import { CloudPosturePage } from '../../components/cloud_posture_page'; import { useFindingsEsPit } from './es_pit/use_findings_es_pit'; import { FindingsEsPitContext } from './es_pit/findings_es_pit_context'; import { useLatestFindingsDataView } from '../../common/api/use_latest_findings_data_view'; import { cloudPosturePages, findingsNavigation } from '../../common/navigation/constants'; -import { CspPageTemplate } from '../../components/csp_page_template'; import { FindingsByResourceContainer } from './latest_findings_by_resource/findings_by_resource_container'; import { LatestFindingsContainer } from './latest_findings/latest_findings_container'; -export const FindingsNoPageTemplate = () => { +export const Findings = () => { const location = useLocation(); const dataViewQuery = useLatestFindingsDataView(); // TODO: Consider splitting the PIT window so that each "group by" view has its own PIT @@ -74,15 +72,3 @@ export const FindingsNoPageTemplate = () => { ); }; - -const FINDINGS_BREADCRUMBS = [cloudPosturePages.findings]; - -export const Findings = () => { - useCspBreadcrumbs(FINDINGS_BREADCRUMBS); - - return ( - - - - ); -}; diff --git a/x-pack/plugins/cloud_security_posture/public/pages/findings/latest_findings/latest_findings_container.tsx b/x-pack/plugins/cloud_security_posture/public/pages/findings/latest_findings/latest_findings_container.tsx index f72e4b61bd17c7..3a35d2b5a9f75b 100644 --- a/x-pack/plugins/cloud_security_posture/public/pages/findings/latest_findings/latest_findings_container.tsx +++ b/x-pack/plugins/cloud_security_posture/public/pages/findings/latest_findings/latest_findings_container.tsx @@ -24,7 +24,7 @@ import { useBaseEsQuery, usePersistedQuery, } from '../utils'; -import { PageWrapper, PageTitle, PageTitleText } from '../layout/findings_layout'; +import { PageTitle, PageTitleText } from '../layout/findings_layout'; import { FindingsGroupBySelector } from '../layout/findings_group_by_selector'; import { useUrlQuery } from '../../../common/hooks/use_url_query'; import { ErrorCallout } from '../layout/error_callout'; @@ -74,64 +74,62 @@ export const LatestFindingsContainer = ({ dataView }: FindingsBaseProps) => { }} loading={findingsGroupByNone.isFetching} /> - - - {error && } - {!error && ( - <> - - {findingsGroupByNone.isSuccess && !!findingsGroupByNone.data.page.length && ( - - )} - - + {error && } + {!error && ( + <> + + {findingsGroupByNone.isSuccess && !!findingsGroupByNone.data.page.length && ( + - setUrlQuery({ - sort, - pageIndex: page.index, - pageSize: page.size, - }) - } - onAddFilter={(field, value, negate) => - setUrlQuery({ - pageIndex: 0, - filters: getFilters({ - filters: urlQuery.filters, - dataView, - field, - value, - negate, - }), - }) - } /> - - )} - + )} + + + setUrlQuery({ + sort, + pageIndex: page.index, + pageSize: page.size, + }) + } + onAddFilter={(field, value, negate) => + setUrlQuery({ + pageIndex: 0, + filters: getFilters({ + filters: urlQuery.filters, + dataView, + field, + value, + negate, + }), + }) + } + /> + + )} ); }; diff --git a/x-pack/plugins/cloud_security_posture/public/pages/findings/latest_findings_by_resource/findings_by_resource_container.tsx b/x-pack/plugins/cloud_security_posture/public/pages/findings/latest_findings_by_resource/findings_by_resource_container.tsx index 6ed71372c45802..706b04b55f4cec 100644 --- a/x-pack/plugins/cloud_security_posture/public/pages/findings/latest_findings_by_resource/findings_by_resource_container.tsx +++ b/x-pack/plugins/cloud_security_posture/public/pages/findings/latest_findings_by_resource/findings_by_resource_container.tsx @@ -23,7 +23,7 @@ import { useBaseEsQuery, usePersistedQuery, } from '../utils'; -import { PageTitle, PageTitleText, PageWrapper } from '../layout/findings_layout'; +import { PageTitle, PageTitleText } from '../layout/findings_layout'; import { FindingsGroupBySelector } from '../layout/findings_group_by_selector'; import { findingsNavigation } from '../../../common/navigation/constants'; import { ResourceFindings } from './resource_findings/resource_findings_container'; @@ -89,73 +89,71 @@ const LatestFindingsByResource = ({ dataView }: FindingsBaseProps) => { }} loading={findingsGroupByResource.isFetching} /> - - - - } - /> - - {error && } - {!error && ( - <> - - {findingsGroupByResource.isSuccess && !!findingsGroupByResource.data.page.length && ( - - )} - - - setUrlQuery({ - sortDirection: sort?.direction, - pageIndex: page.index, - pageSize: page.size, - }) - } - sorting={{ - sort: { field: 'failed_findings', direction: urlQuery.sortDirection }, + + + } + /> + + {error && } + {!error && ( + <> + + {findingsGroupByResource.isSuccess && !!findingsGroupByResource.data.page.length && ( + - setUrlQuery({ - pageIndex: 0, - filters: getFilters({ - filters: urlQuery.filters, - dataView, - field, - value, - negate, - }), - }) - } /> - - )} - + )} + + + setUrlQuery({ + sortDirection: sort?.direction, + pageIndex: page.index, + pageSize: page.size, + }) + } + sorting={{ + sort: { field: 'failed_findings', direction: urlQuery.sortDirection }, + }} + onAddFilter={(field, value, negate) => + setUrlQuery({ + pageIndex: 0, + filters: getFilters({ + filters: urlQuery.filters, + dataView, + field, + value, + negate, + }), + }) + } + /> + + )} ); }; diff --git a/x-pack/plugins/cloud_security_posture/public/pages/findings/latest_findings_by_resource/resource_findings/resource_findings_container.tsx b/x-pack/plugins/cloud_security_posture/public/pages/findings/latest_findings_by_resource/resource_findings/resource_findings_container.tsx index c3e23d2a865f1e..418b7419a826cf 100644 --- a/x-pack/plugins/cloud_security_posture/public/pages/findings/latest_findings_by_resource/resource_findings/resource_findings_container.tsx +++ b/x-pack/plugins/cloud_security_posture/public/pages/findings/latest_findings_by_resource/resource_findings/resource_findings_container.tsx @@ -12,7 +12,7 @@ import { useEuiTheme } from '@elastic/eui'; import { generatePath } from 'react-router-dom'; import { i18n } from '@kbn/i18n'; import * as TEST_SUBJECTS from '../../test_subjects'; -import { PageWrapper, PageTitle, PageTitleText } from '../../layout/findings_layout'; +import { PageTitle, PageTitleText } from '../../layout/findings_layout'; import { findingsNavigation } from '../../../../common/navigation/constants'; import { ResourceFindingsQuery, useResourceFindings } from './use_resource_findings'; import { useUrlQuery } from '../../../../common/hooks/use_url_query'; @@ -93,73 +93,71 @@ export const ResourceFindings = ({ dataView }: FindingsBaseProps) => { }} loading={resourceFindings.isFetching} /> - - - - - - - } - /> - - - {error && } - {!error && ( - <> - {resourceFindings.isSuccess && !!resourceFindings.data.page.length && ( - + + + - )} - - + } + /> + + + {error && } + {!error && ( + <> + {resourceFindings.isSuccess && !!resourceFindings.data.page.length && ( + - setUrlQuery({ pageIndex: page.index, pageSize: page.size, sort }) - } - onAddFilter={(field, value, negate) => - setUrlQuery({ - pageIndex: 0, - filters: getFilters({ - filters: urlQuery.filters, - dataView, - field, - value, - negate, - }), - }) - } /> - - )} - + )} + + + setUrlQuery({ pageIndex: page.index, pageSize: page.size, sort }) + } + onAddFilter={(field, value, negate) => + setUrlQuery({ + pageIndex: 0, + filters: getFilters({ + filters: urlQuery.filters, + dataView, + field, + value, + negate, + }), + }) + } + /> + + )} ); }; diff --git a/x-pack/plugins/cloud_security_posture/public/pages/findings/layout/findings_layout.tsx b/x-pack/plugins/cloud_security_posture/public/pages/findings/layout/findings_layout.tsx index 6677070237662c..1ff6fbdfa96c20 100644 --- a/x-pack/plugins/cloud_security_posture/public/pages/findings/layout/findings_layout.tsx +++ b/x-pack/plugins/cloud_security_posture/public/pages/findings/layout/findings_layout.tsx @@ -13,7 +13,6 @@ import { EuiTitle, EuiToolTip, PropsOf, - useEuiTheme, } from '@elastic/eui'; import { css } from '@emotion/react'; import moment from 'moment'; @@ -27,20 +26,6 @@ import { FINDINGS_TABLE_CELL_ADD_NEGATED_FILTER, } from '../test_subjects'; -// TODO: Remove when CSP is rendered exclusively under the security solution -export const PageWrapper: React.FC = ({ children }) => { - const { euiTheme } = useEuiTheme(); - return ( -
- {children} -
- ); -}; - export const PageTitle: React.FC = ({ children }) => (
diff --git a/x-pack/plugins/cloud_security_posture/public/pages/index.ts b/x-pack/plugins/cloud_security_posture/public/pages/index.ts index f43a5d955b3605..1e667a8949fc00 100644 --- a/x-pack/plugins/cloud_security_posture/public/pages/index.ts +++ b/x-pack/plugins/cloud_security_posture/public/pages/index.ts @@ -5,7 +5,7 @@ * 2.0. */ -export { Findings, FindingsNoPageTemplate } from './findings'; +export { Findings } from './findings'; export * from './compliance_dashboard'; -export { Benchmarks, BenchmarksNoPageTemplate } from './benchmarks'; -export { Rules, RulesNoPageTemplate } from './rules'; +export { Benchmarks } from './benchmarks'; +export { Rules } from './rules'; diff --git a/x-pack/plugins/cloud_security_posture/public/pages/rules/index.tsx b/x-pack/plugins/cloud_security_posture/public/pages/rules/index.tsx index 20016bc79bf784..49bd023482dbd6 100644 --- a/x-pack/plugins/cloud_security_posture/public/pages/rules/index.tsx +++ b/x-pack/plugins/cloud_security_posture/public/pages/rules/index.tsx @@ -15,7 +15,6 @@ import { RulesContainer, type PageUrlParams } from './rules_container'; import { cloudPosturePages } from '../../common/navigation/constants'; import { useCspBreadcrumbs } from '../../common/navigation/use_csp_breadcrumbs'; import { useCspIntegrationInfo } from './use_csp_integration'; -import { CspPageTemplate } from '../../components/csp_page_template'; import { useKibana } from '../../common/hooks/use_kibana'; import { CloudPosturePage } from '../../components/cloud_posture_page'; import { SecuritySolutionContext } from '../../application/security_solution_context'; @@ -40,7 +39,7 @@ const getRulesBreadcrumbs = ( return breadCrumbs; }; -export const RulesNoPageTemplate = ({ match: { params } }: RouteComponentProps) => { +export const Rules = ({ match: { params } }: RouteComponentProps) => { const { http } = useKibana().services; const integrationInfo = useCspIntegrationInfo(params); const securitySolutionContext = useContext(SecuritySolutionContext); @@ -112,11 +111,3 @@ export const RulesNoPageTemplate = ({ match: { params } }: RouteComponentProps

); }; - -export const Rules = (props: RouteComponentProps) => { - return ( - - - - ); -}; diff --git a/x-pack/plugins/cloud_security_posture/public/plugin.tsx b/x-pack/plugins/cloud_security_posture/public/plugin.tsx index 300ffbe186782a..9115935db204ce 100755 --- a/x-pack/plugins/cloud_security_posture/public/plugin.tsx +++ b/x-pack/plugins/cloud_security_posture/public/plugin.tsx @@ -5,35 +5,21 @@ * 2.0. */ import React, { lazy, Suspense } from 'react'; -import { EuiLoadingSpinner } from '@elastic/eui'; -import type { AppMountParameters, CoreSetup, CoreStart, Plugin } from '@kbn/core/public'; -import { DEFAULT_APP_CATEGORIES } from '@kbn/core/public'; +import type { CoreSetup, CoreStart, Plugin } from '@kbn/core/public'; import { KibanaContextProvider } from '@kbn/kibana-react-plugin/public'; -import { css } from '@emotion/react'; +import { RedirectAppLinks } from '@kbn/shared-ux-link-redirect-app'; +import { CspLoadingState } from './components/csp_loading_state'; import type { CspRouterProps } from './application/csp_router'; -import { CLOUD_SECURITY_POSTURE_BASE_PATH } from './common/navigation/constants'; import type { CspClientPluginSetup, CspClientPluginStart, CspClientPluginSetupDeps, CspClientPluginStartDeps, } from './types'; -import { PLUGIN_NAME, PLUGIN_ID } from '../common'; const CspRouterLazy = lazy(() => import('./application/csp_router')); const CspRouter = (props: CspRouterProps) => ( - - } - > + }> ); @@ -51,23 +37,6 @@ export class CspPlugin core: CoreSetup, plugins: CspClientPluginSetupDeps ): CspClientPluginSetup { - // Register an application into the side navigation menu - core.application.register({ - id: PLUGIN_ID, - title: PLUGIN_NAME, - euiIconType: 'logoSecurity', - category: DEFAULT_APP_CATEGORIES.security, - defaultPath: CLOUD_SECURITY_POSTURE_BASE_PATH, - async mount(params: AppMountParameters) { - // Load application bundle - const { renderApp } = await import('./application'); - // Get start services as specified in kibana.json - const [coreStart, depsStart] = await core.getStartServices(); - // Render the application - return renderApp(coreStart, depsStart, params); - }, - }); - // Return methods that should be available to other plugins return {}; } @@ -77,7 +46,9 @@ export class CspPlugin getCloudSecurityPostureRouter: () => (props: CspRouterProps) => ( - + + + ), }; diff --git a/x-pack/plugins/cloud_security_posture/public/test/test_provider.tsx b/x-pack/plugins/cloud_security_posture/public/test/test_provider.tsx index 7aaa00f7923b23..d57617f57de575 100755 --- a/x-pack/plugins/cloud_security_posture/public/test/test_provider.tsx +++ b/x-pack/plugins/cloud_security_posture/public/test/test_provider.tsx @@ -5,6 +5,7 @@ * 2.0. */ +import type { AppMountParameters, CoreStart } from '@kbn/core/public'; import React, { useMemo } from 'react'; import { I18nProvider } from '@kbn/i18n-react'; import { Router, Switch, Route } from 'react-router-dom'; @@ -15,7 +16,13 @@ import { KibanaContextProvider } from '@kbn/kibana-react-plugin/public'; import { chartPluginMock } from '@kbn/charts-plugin/public/mocks'; import { unifiedSearchPluginMock } from '@kbn/unified-search-plugin/public/mocks'; import { discoverPluginMock } from '@kbn/discover-plugin/public/mocks'; -import type { CspAppDeps } from '../application/app'; +import type { CspClientPluginStartDeps } from '../types'; + +interface CspAppDeps { + core: CoreStart; + deps: CspClientPluginStartDeps; + params: AppMountParameters; +} export const TestProvider: React.FC> = ({ core = coreMock.createStart(), diff --git a/x-pack/plugins/cloud_security_posture/public/types.ts b/x-pack/plugins/cloud_security_posture/public/types.ts index 889642d39dc523..6a08078a7aa21f 100755 --- a/x-pack/plugins/cloud_security_posture/public/types.ts +++ b/x-pack/plugins/cloud_security_posture/public/types.ts @@ -10,6 +10,7 @@ import type { UnifiedSearchPublicPluginStart } from '@kbn/unified-search-plugin/ import type { DataPublicPluginSetup, DataPublicPluginStart } from '@kbn/data-plugin/public'; import type { ChartsPluginStart } from '@kbn/charts-plugin/public'; import type { DiscoverStart } from '@kbn/discover-plugin/public'; +import type { CspRouterProps } from './application/csp_router'; import type { BreadcrumbEntry, CloudSecurityPosturePageId } from './common/navigation/types'; /** @@ -23,9 +24,7 @@ export interface CspClientPluginSetup {} */ export interface CspClientPluginStart { /** Gets the cloud security posture router component for embedding in the security solution. */ - getCloudSecurityPostureRouter(): ComponentType<{ - securitySolutionContext: CspSecuritySolutionContext; - }>; + getCloudSecurityPostureRouter(): ComponentType; } export interface CspClientPluginSetupDeps { @@ -53,5 +52,5 @@ export interface CspSecuritySolutionContext { /** Gets the `SpyRoute` component for navigation highlighting and breadcrumbs. */ getSpyRouteComponent: () => ComponentType<{ pageName?: CloudSecurityPosturePageId }>; /** Gets the `Manage` breadcrumb entry. */ - getManageBreadcrumbEntry: () => BreadcrumbEntry; + getManageBreadcrumbEntry: () => BreadcrumbEntry | undefined; } diff --git a/x-pack/plugins/security_solution/common/experimental_features.ts b/x-pack/plugins/security_solution/common/experimental_features.ts index 37076bd16a37a9..55a52c73f356c1 100644 --- a/x-pack/plugins/security_solution/common/experimental_features.ts +++ b/x-pack/plugins/security_solution/common/experimental_features.ts @@ -38,11 +38,6 @@ export const allowedExperimentalValues = Object.freeze({ */ responseActionsConsoleEnabled: true, - /** - * Enables the cloud security posture navigation inside the security solution - */ - cloudSecurityPostureNavigation: false, - /** * Enables the insights module for related alerts by process ancestry */ diff --git a/x-pack/plugins/security_solution/public/app/deep_links/index.ts b/x-pack/plugins/security_solution/public/app/deep_links/index.ts index c08c603b616ad7..d5e4b13bef56fe 100644 --- a/x-pack/plugins/security_solution/public/app/deep_links/index.ts +++ b/x-pack/plugins/security_solution/public/app/deep_links/index.ts @@ -7,6 +7,7 @@ import { i18n } from '@kbn/i18n'; +import { getSecuritySolutionLink } from '@kbn/cloud-security-posture-plugin/public'; import type { LicenseType } from '@kbn/licensing-plugin/common/types'; import { getCasesDeepLinks } from '@kbn/cases-plugin/public'; import { @@ -162,6 +163,10 @@ export const securitySolutionsDeepLinks: SecuritySolutionDeepLink[] = [ }), ], }, + { + ...getSecuritySolutionLink('dashboard'), + features: [FEATURE.general], + }, ], }, { @@ -219,12 +224,18 @@ export const securitySolutionsDeepLinks: SecuritySolutionDeepLink[] = [ }, ], }, + { + ...getSecuritySolutionLink('findings'), + features: [FEATURE.general], + navLinkStatus: AppNavLinkStatus.visible, + order: 9002, + }, { id: SecurityPageName.exploreLanding, title: EXPLORE, path: HOSTS_PATH, navLinkStatus: AppNavLinkStatus.visible, - order: 9004, + order: 9005, searchable: false, features: [FEATURE.general], keywords: [ @@ -405,7 +416,7 @@ export const securitySolutionsDeepLinks: SecuritySolutionDeepLink[] = [ title: TIMELINES, path: TIMELINES_PATH, navLinkStatus: AppNavLinkStatus.visible, - order: 9002, + order: 9003, features: [FEATURE.general], keywords: [ i18n.translate('xpack.securitySolution.search.timelines', { @@ -427,7 +438,7 @@ export const securitySolutionsDeepLinks: SecuritySolutionDeepLink[] = [ extend: { [SecurityPageName.case]: { navLinkStatus: AppNavLinkStatus.visible, - order: 9003, + order: 9004, features: [FEATURE.casesRead], }, [SecurityPageName.caseConfigure]: { @@ -447,7 +458,7 @@ export const securitySolutionsDeepLinks: SecuritySolutionDeepLink[] = [ path: ENDPOINTS_PATH, features: [FEATURE.general], navLinkStatus: AppNavLinkStatus.visible, - order: 9005, + order: 9006, searchable: false, keywords: [ i18n.translate('xpack.securitySolution.search.manage', { @@ -486,6 +497,10 @@ export const securitySolutionsDeepLinks: SecuritySolutionDeepLink[] = [ title: BLOCKLIST, path: BLOCKLIST_PATH, }, + { + ...getSecuritySolutionLink('benchmarks'), + deepLinks: [getSecuritySolutionLink('rules')], + }, { id: SecurityPageName.responseActions, title: RESPONSE_ACTIONS, diff --git a/x-pack/plugins/security_solution/public/app/home/home_navigations.ts b/x-pack/plugins/security_solution/public/app/home/home_navigations.ts index d732135c5337ba..e2388c710f59d6 100644 --- a/x-pack/plugins/security_solution/public/app/home/home_navigations.ts +++ b/x-pack/plugins/security_solution/public/app/home/home_navigations.ts @@ -5,6 +5,7 @@ * 2.0. */ +import { getSecuritySolutionNavTab } from '@kbn/cloud-security-posture-plugin/public'; import * as i18n from '../translations'; import type { SecurityNav, SecurityNavGroup } from '../../common/components/navigation/types'; import { SecurityNavGroupKey } from '../../common/components/navigation/types'; @@ -31,6 +32,7 @@ import { APP_LANDING_PATH, APP_RESPONSE_ACTIONS_PATH, APP_THREAT_INTELLIGENCE_PATH, + APP_PATH, } from '../../../common/constants'; export const navTabs: SecurityNav = { @@ -181,6 +183,22 @@ export const navTabs: SecurityNav = { disabled: false, urlKey: 'threat_intelligence', }, + [SecurityPageName.cloudSecurityPostureFindings]: { + ...getSecuritySolutionNavTab('findings', APP_PATH), + urlKey: 'findings', + }, + [SecurityPageName.cloudSecurityPostureDashboard]: { + ...getSecuritySolutionNavTab('dashboard', APP_PATH), + urlKey: 'cloud_posture', + }, + [SecurityPageName.cloudSecurityPostureBenchmarks]: { + ...getSecuritySolutionNavTab('benchmarks', APP_PATH), + urlKey: 'administration', + }, + [SecurityPageName.cloudSecurityPostureRules]: { + ...getSecuritySolutionNavTab('rules', APP_PATH), + urlKey: 'administration', + }, }; export const securityNavGroup: SecurityNavGroup = { @@ -192,6 +210,10 @@ export const securityNavGroup: SecurityNavGroup = { id: SecurityNavGroupKey.detect, name: i18n.DETECT, }, + [SecurityNavGroupKey.findings]: { + id: SecurityNavGroupKey.findings, + name: i18n.FINDINGS, + }, [SecurityNavGroupKey.explore]: { id: SecurityNavGroupKey.explore, name: i18n.EXPLORE, diff --git a/x-pack/plugins/security_solution/public/app/translations.ts b/x-pack/plugins/security_solution/public/app/translations.ts index 776df745b323fe..e23a68623896f6 100644 --- a/x-pack/plugins/security_solution/public/app/translations.ts +++ b/x-pack/plugins/security_solution/public/app/translations.ts @@ -96,6 +96,9 @@ export const HOST_ISOLATION_EXCEPTIONS = i18n.translate( export const DETECT = i18n.translate('xpack.securitySolution.navigation.detect', { defaultMessage: 'Detect', }); +export const FINDINGS = i18n.translate('xpack.securitySolution.navigation.findings', { + defaultMessage: 'Findings', +}); export const EXPLORE = i18n.translate('xpack.securitySolution.navigation.explore', { defaultMessage: 'Explore', }); diff --git a/x-pack/plugins/security_solution/public/cloud_security_posture/links.ts b/x-pack/plugins/security_solution/public/cloud_security_posture/links.ts index 690cdf18c95631..1d4c311b34e4cd 100644 --- a/x-pack/plugins/security_solution/public/cloud_security_posture/links.ts +++ b/x-pack/plugins/security_solution/public/cloud_security_posture/links.ts @@ -4,70 +4,56 @@ * 2.0; you may not use this file except in compliance with the Elastic License * 2.0. */ -import { - getSecuritySolutionDashboardLinks, - getSecuritySolutionManageLinks, - getSecuritySolutionRootLinks, -} from '@kbn/cloud-security-posture-plugin/public'; +import { getSecuritySolutionLink } from '@kbn/cloud-security-posture-plugin/public'; import { i18n } from '@kbn/i18n'; -import { SecurityPageName } from '../../common/constants'; +import { SecurityPageName, SERVER_APP_ID } from '../../common/constants'; import cloudSecurityPostureDashboardImage from '../common/images/cloud_security_posture_dashboard_page.png'; import type { LinkCategories, LinkItem } from '../common/links/types'; import { IconExceptionLists } from '../management/icons/exception_lists'; const commonLinkProperties: Partial = { hideTimeline: true, - experimentalKey: 'cloudSecurityPostureNavigation', + capabilities: [`${SERVER_APP_ID}.show`], }; -export const rootLinks: LinkItem = getSecuritySolutionRootLinks({ - [SecurityPageName.cloudSecurityPostureFindings]: { - globalNavEnabled: true, - globalNavOrder: 3, - ...commonLinkProperties, - }, -}); +export const rootLinks: LinkItem = { + ...getSecuritySolutionLink('findings'), + globalNavEnabled: true, + globalNavOrder: 3, + ...commonLinkProperties, +}; -export const dashboardLinks = getSecuritySolutionDashboardLinks({ - [SecurityPageName.cloudSecurityPostureDashboard]: { - description: i18n.translate( - 'xpack.securitySolution.appLinks.cloudSecurityPostureDashboardDescription', - { - defaultMessage: 'An overview of findings across all CSP integrations.', - } - ), - landingImage: cloudSecurityPostureDashboardImage, - // TODO: When CSP is rendered exclusively in the security solution - remove this and rename the title inside the - // CSP plugin - title: i18n.translate('xpack.securitySolution.appLinks.cloudSecurityPostureDashboard', { - defaultMessage: 'Cloud Posture', - }), - ...commonLinkProperties, - }, -}); +export const dashboardLinks: LinkItem = { + ...getSecuritySolutionLink('dashboard'), + description: i18n.translate( + 'xpack.securitySolution.appLinks.cloudSecurityPostureDashboardDescription', + { + defaultMessage: 'An overview of findings across all CSP integrations.', + } + ), + landingImage: cloudSecurityPostureDashboardImage, + ...commonLinkProperties, +}; -export const manageLinks: LinkItem = getSecuritySolutionManageLinks({ - [SecurityPageName.cloudSecurityPostureBenchmarks]: { - // TODO: When CSP is rendered exclusively in the security solution - remove this and rename the title inside the - // CSP plugin - title: i18n.translate('xpack.securitySolution.appLinks.cloudSecurityPostureBenchmarks', { - defaultMessage: 'CSP Benchmarks', - }), - description: i18n.translate( - 'xpack.securitySolution.appLinks.cloudSecurityPostureBenchmarksDescription', - { - defaultMessage: 'View, enable, and or disable benchmark rules.', - } - ), - landingIcon: IconExceptionLists, - ...commonLinkProperties, - }, - [SecurityPageName.cloudSecurityPostureRules]: { - sideNavDisabled: true, - globalSearchDisabled: true, - ...commonLinkProperties, - }, -}); +export const manageLinks: LinkItem = { + ...getSecuritySolutionLink('benchmarks'), + description: i18n.translate( + 'xpack.securitySolution.appLinks.cloudSecurityPostureBenchmarksDescription', + { + defaultMessage: 'View, enable, and or disable benchmark rules.', + } + ), + landingIcon: IconExceptionLists, + ...commonLinkProperties, + links: [ + { + ...getSecuritySolutionLink('rules'), + sideNavDisabled: true, + globalSearchDisabled: true, + ...commonLinkProperties, + }, + ], +}; export const manageCategories: LinkCategories = [ { diff --git a/x-pack/plugins/security_solution/public/cloud_security_posture/routes.tsx b/x-pack/plugins/security_solution/public/cloud_security_posture/routes.tsx index 1bc9bad3c90072..aa8355ef89e3f9 100644 --- a/x-pack/plugins/security_solution/public/cloud_security_posture/routes.tsx +++ b/x-pack/plugins/security_solution/public/cloud_security_posture/routes.tsx @@ -12,6 +12,7 @@ import { type CspSecuritySolutionContext, } from '@kbn/cloud-security-posture-plugin/public'; import { TrackApplicationView } from '@kbn/usage-collection-plugin/public'; +import { useIsGroupedNavigationEnabled } from '../common/components/navigation/helpers'; import { MANAGE_PATH } from '../../common/constants'; import type { SecurityPageName, SecuritySubPluginRoutes } from '../app/types'; import { useKibana } from '../common/lib/kibana'; @@ -27,11 +28,13 @@ const CloudPostureSpyRoute = ({ pageName }: { pageName?: CloudSecurityPosturePag const CloudSecurityPosture = memo(() => { const { cloudSecurityPosture } = useKibana().services; + const isGroupedNavigationEnabled = useIsGroupedNavigationEnabled(); const CloudSecurityPostureRouter = cloudSecurityPosture.getCloudSecurityPostureRouter(); const securitySolutionContext: CspSecuritySolutionContext = { getFiltersGlobalComponent: () => FiltersGlobal, getSpyRouteComponent: () => CloudPostureSpyRoute, - getManageBreadcrumbEntry: () => ({ name: MANAGE, path: MANAGE_PATH }), + getManageBreadcrumbEntry: () => + isGroupedNavigationEnabled ? { name: MANAGE, path: MANAGE_PATH } : undefined, }; return ( diff --git a/x-pack/plugins/security_solution/public/common/components/navigation/types.ts b/x-pack/plugins/security_solution/public/common/components/navigation/types.ts index 14d80fa332fc03..6ce333f10d7458 100644 --- a/x-pack/plugins/security_solution/public/common/components/navigation/types.ts +++ b/x-pack/plugins/security_solution/public/common/components/navigation/types.ts @@ -25,6 +25,7 @@ export interface NavGroupTab { export enum SecurityNavGroupKey { dashboards = 'dashboards', detect = 'detect', + findings = 'findings', explore = 'explore', investigate = 'investigate', manage = 'manage', @@ -46,7 +47,9 @@ export type UrlStateType = | 'timeline' | 'explore' | 'dashboards' - | 'threat_intelligence'; + | 'threat_intelligence' + | 'cloud_posture' + | 'findings'; export type SecurityNavGroup = Record; export interface NavTab { @@ -80,6 +83,10 @@ export const securityNavKeys = [ SecurityPageName.users, SecurityPageName.kubernetes, SecurityPageName.threatIntelligence, + SecurityPageName.cloudSecurityPostureDashboard, + SecurityPageName.cloudSecurityPostureFindings, + SecurityPageName.cloudSecurityPostureBenchmarks, + SecurityPageName.cloudSecurityPostureRules, ] as const; export type SecurityNavKey = typeof securityNavKeys[number]; diff --git a/x-pack/plugins/security_solution/public/common/components/navigation/use_security_solution_navigation/__snapshots__/index.test.tsx.snap b/x-pack/plugins/security_solution/public/common/components/navigation/use_security_solution_navigation/__snapshots__/index.test.tsx.snap index c02e7adbb6eaa9..75ba4ed32052a6 100644 --- a/x-pack/plugins/security_solution/public/common/components/navigation/use_security_solution_navigation/__snapshots__/index.test.tsx.snap +++ b/x-pack/plugins/security_solution/public/common/components/navigation/use_security_solution_navigation/__snapshots__/index.test.tsx.snap @@ -44,6 +44,16 @@ Object { "name": "Detection & Response", "onClick": [Function], }, + Object { + "data-href": "securitySolutionUI/cloud_security_posture-dashboard", + "data-test-subj": "navigation-cloud_security_posture-dashboard", + "disabled": false, + "href": "securitySolutionUI/cloud_security_posture-dashboard", + "id": "cloud_security_posture-dashboard", + "isSelected": false, + "name": "Cloud Posture", + "onClick": [Function], + }, ], "name": "Dashboards", }, @@ -83,6 +93,22 @@ Object { ], "name": "Detect", }, + Object { + "id": "findings", + "items": Array [ + Object { + "data-href": "securitySolutionUI/cloud_security_posture-findings", + "data-test-subj": "navigation-cloud_security_posture-findings", + "disabled": false, + "href": "securitySolutionUI/cloud_security_posture-findings", + "id": "cloud_security_posture-findings", + "isSelected": false, + "name": "Findings", + "onClick": [Function], + }, + ], + "name": "Findings", + }, Object { "id": "explore", "items": Array [ @@ -208,6 +234,16 @@ Object { "name": "Blocklist", "onClick": [Function], }, + Object { + "data-href": "securitySolutionUI/cloud_security_posture-benchmarks", + "data-test-subj": "navigation-cloud_security_posture-benchmarks", + "disabled": false, + "href": "securitySolutionUI/cloud_security_posture-benchmarks", + "id": "cloud_security_posture-benchmarks", + "isSelected": false, + "name": "CSP Benchmarks", + "onClick": [Function], + }, ], "name": "Manage", }, diff --git a/x-pack/plugins/security_solution/public/common/components/navigation/use_security_solution_navigation/index.test.tsx b/x-pack/plugins/security_solution/public/common/components/navigation/use_security_solution_navigation/index.test.tsx index b0fdfde5d6d1a0..d3a2015e82f73a 100644 --- a/x-pack/plugins/security_solution/public/common/components/navigation/use_security_solution_navigation/index.test.tsx +++ b/x-pack/plugins/security_solution/public/common/components/navigation/use_security_solution_navigation/index.test.tsx @@ -100,7 +100,7 @@ describe('useSecuritySolutionNavigation', () => { { wrapper: TestProviders } ); - expect(result?.current?.items?.[3].items?.[2].id).toEqual(SecurityPageName.users); + expect(result?.current?.items?.[4].items?.[2].id).toEqual(SecurityPageName.users); }); // TODO: [kubernetes] remove when no longer experimental @@ -110,7 +110,7 @@ describe('useSecuritySolutionNavigation', () => { () => useSecuritySolutionNavigation(), { wrapper: TestProviders } ); - expect(result?.current?.items?.[1].items?.[2].id).toEqual(SecurityPageName.kubernetes); + expect(result?.current?.items?.[1].items?.[3].id).toEqual(SecurityPageName.kubernetes); }); it('should omit host isolation exceptions if hook reports false', () => { @@ -138,7 +138,7 @@ describe('useSecuritySolutionNavigation', () => { { wrapper: TestProviders } ); - const caseNavItem = (result.current?.items || [])[4].items?.find( + const caseNavItem = (result.current?.items || [])[5].items?.find( (item) => item['data-test-subj'] === 'navigation-cases' ); expect(caseNavItem).toMatchInlineSnapshot(` diff --git a/x-pack/plugins/security_solution/public/common/components/navigation/use_security_solution_navigation/use_navigation_items.tsx b/x-pack/plugins/security_solution/public/common/components/navigation/use_security_solution_navigation/use_navigation_items.tsx index eb458f2e13eabe..7b0578e094f8f0 100644 --- a/x-pack/plugins/security_solution/public/common/components/navigation/use_security_solution_navigation/use_navigation_items.tsx +++ b/x-pack/plugins/security_solution/public/common/components/navigation/use_security_solution_navigation/use_navigation_items.tsx @@ -87,6 +87,7 @@ function usePrimaryNavigationItemsToDisplay(navTabs: Record) { items: [ navTabs[SecurityPageName.overview], navTabs[SecurityPageName.detectionAndResponse], + navTabs[SecurityPageName.cloudSecurityPostureDashboard], ...(navTabs[SecurityPageName.kubernetes] != null ? [navTabs[SecurityPageName.kubernetes]] : []), @@ -100,6 +101,10 @@ function usePrimaryNavigationItemsToDisplay(navTabs: Record) { navTabs[SecurityPageName.exceptions], ], }, + { + ...securityNavGroup[SecurityNavGroupKey.findings], + items: [navTabs[SecurityPageName.cloudSecurityPostureFindings]], + }, { ...securityNavGroup[SecurityNavGroupKey.explore], items: [ @@ -128,6 +133,7 @@ function usePrimaryNavigationItemsToDisplay(navTabs: Record) { ? [navTabs[SecurityPageName.hostIsolationExceptions]] : []), navTabs[SecurityPageName.blocklist], + navTabs[SecurityPageName.cloudSecurityPostureBenchmarks], ], }, ] diff --git a/x-pack/plugins/security_solution/public/common/utils/timeline/use_show_timeline.tsx b/x-pack/plugins/security_solution/public/common/utils/timeline/use_show_timeline.tsx index 25d175f46aad3f..63eecdc084a4cd 100644 --- a/x-pack/plugins/security_solution/public/common/utils/timeline/use_show_timeline.tsx +++ b/x-pack/plugins/security_solution/public/common/utils/timeline/use_show_timeline.tsx @@ -22,6 +22,7 @@ const DEPRECATED_HIDDEN_TIMELINE_ROUTES: readonly string[] = [ '/explore', '/dashboards', '/manage', + '/cloud_security_posture*', ]; const isTimelinePathVisible = ( diff --git a/x-pack/plugins/telemetry_collection_xpack/schema/xpack_plugins.json b/x-pack/plugins/telemetry_collection_xpack/schema/xpack_plugins.json index 85ef1e0778c67e..6ae9964a79414e 100644 --- a/x-pack/plugins/telemetry_collection_xpack/schema/xpack_plugins.json +++ b/x-pack/plugins/telemetry_collection_xpack/schema/xpack_plugins.json @@ -5719,19 +5719,6 @@ }, "attributesPerMap": { "properties": { - "customIconsCount": { - "properties": { - "min": { - "type": "long" - }, - "max": { - "type": "long" - }, - "avg": { - "type": "float" - } - } - }, "dataSourcesCount": { "properties": { "min": { @@ -5791,6 +5778,19 @@ } } } + }, + "customIconsCount": { + "properties": { + "min": { + "type": "long" + }, + "max": { + "type": "long" + }, + "avg": { + "type": "float" + } + } } } } diff --git a/x-pack/plugins/translations/translations/fr-FR.json b/x-pack/plugins/translations/translations/fr-FR.json index c54e3158d45c8f..2708c5f309d396 100644 --- a/x-pack/plugins/translations/translations/fr-FR.json +++ b/x-pack/plugins/translations/translations/fr-FR.json @@ -10384,10 +10384,6 @@ "xpack.csp.benchmarks.totalIntegrationsCountMessage": "Affichage de {pageCount} sur {totalCount, plural, one {# intégration} other {# intégrations}}", "xpack.csp.cspEvaluationBadge.failLabel": "Échec", "xpack.csp.cspEvaluationBadge.passLabel": "Réussite", - "xpack.csp.cspHealthBadge.criticalLabel": "Critique", - "xpack.csp.cspHealthBadge.healthyLabel": "Intègre", - "xpack.csp.cspHealthBadge.warningLabel": "Avertissement", - "xpack.csp.cspPageTemplate.navigationTitle": "Niveau de sécurité du cloud", "xpack.csp.cspSettings.rules": "Règles de sécurité du CSP - ", "xpack.csp.dashboard.risksTable.cisSectionColumnLabel": "Section CIS", "xpack.csp.expandColumnDescriptionLabel": "Développer", @@ -10415,7 +10411,6 @@ "xpack.csp.rules.manageIntegrationButtonLabel": "Gérer l'intégration", "xpack.csp.rules.selectAllButtonLabel": "Tout sélectionner", "xpack.csp.rules.tableHeader.lastModificationLabel": "Dernière modification de l'intégration {timeAgo} ", - "xpack.csp.unknownRoute.pageNotFoundTitle": "Page introuvable", "xpack.dashboard.components.DashboardDrilldownConfig.chooseDestinationDashboard": "Choisir le tableau de bord de destination", "xpack.dashboard.components.DashboardDrilldownConfig.openInNewTab": "Ouvrir le tableau de bord dans un nouvel onglet", "xpack.dashboard.components.DashboardDrilldownConfig.useCurrentDateRange": "Utiliser la plage de dates du tableau de bord d'origine", diff --git a/x-pack/plugins/translations/translations/ja-JP.json b/x-pack/plugins/translations/translations/ja-JP.json index 903aa49a216ab7..085cb50cee58fc 100644 --- a/x-pack/plugins/translations/translations/ja-JP.json +++ b/x-pack/plugins/translations/translations/ja-JP.json @@ -10376,10 +10376,6 @@ "xpack.csp.benchmarks.totalIntegrationsCountMessage": "{pageCount}/{totalCount, plural, other {#個の統合}}を表示しています", "xpack.csp.cspEvaluationBadge.failLabel": "失敗", "xpack.csp.cspEvaluationBadge.passLabel": "合格", - "xpack.csp.cspHealthBadge.criticalLabel": "重大", - "xpack.csp.cspHealthBadge.healthyLabel": "正常", - "xpack.csp.cspHealthBadge.warningLabel": "警告", - "xpack.csp.cspPageTemplate.navigationTitle": "クラウドセキュリティ態勢", "xpack.csp.cspSettings.rules": "CSPセキュリティルール - ", "xpack.csp.dashboard.risksTable.cisSectionColumnLabel": "CISセクション", "xpack.csp.expandColumnDescriptionLabel": "拡張", @@ -10407,7 +10403,6 @@ "xpack.csp.rules.manageIntegrationButtonLabel": "統合を管理", "xpack.csp.rules.selectAllButtonLabel": "すべて選択", "xpack.csp.rules.tableHeader.lastModificationLabel": "統合{timeAgo}の前回変更日 ", - "xpack.csp.unknownRoute.pageNotFoundTitle": "ページが見つかりません", "xpack.dashboard.components.DashboardDrilldownConfig.chooseDestinationDashboard": "対象ダッシュボードを選択", "xpack.dashboard.components.DashboardDrilldownConfig.openInNewTab": "新しいタブでダッシュボードを開く", "xpack.dashboard.components.DashboardDrilldownConfig.useCurrentDateRange": "元のダッシュボードから日付範囲を使用", diff --git a/x-pack/plugins/translations/translations/zh-CN.json b/x-pack/plugins/translations/translations/zh-CN.json index 4a9a574e373d4f..7058be934cd784 100644 --- a/x-pack/plugins/translations/translations/zh-CN.json +++ b/x-pack/plugins/translations/translations/zh-CN.json @@ -10390,10 +10390,6 @@ "xpack.csp.benchmarks.totalIntegrationsCountMessage": "正在显示 {pageCount}/{totalCount, plural, other {# 个集成}}", "xpack.csp.cspEvaluationBadge.failLabel": "失败", "xpack.csp.cspEvaluationBadge.passLabel": "通过", - "xpack.csp.cspHealthBadge.criticalLabel": "紧急", - "xpack.csp.cspHealthBadge.healthyLabel": "运行正常", - "xpack.csp.cspHealthBadge.warningLabel": "警告", - "xpack.csp.cspPageTemplate.navigationTitle": "云安全态势", "xpack.csp.cspSettings.rules": "CSP 安全规则 - ", "xpack.csp.dashboard.risksTable.cisSectionColumnLabel": "CIS 部分", "xpack.csp.expandColumnDescriptionLabel": "展开", @@ -10421,7 +10417,6 @@ "xpack.csp.rules.manageIntegrationButtonLabel": "管理集成", "xpack.csp.rules.selectAllButtonLabel": "全选", "xpack.csp.rules.tableHeader.lastModificationLabel": "上次修改集成 {timeAgo} ", - "xpack.csp.unknownRoute.pageNotFoundTitle": "未找到页面", "xpack.dashboard.components.DashboardDrilldownConfig.chooseDestinationDashboard": "选择目标仪表板", "xpack.dashboard.components.DashboardDrilldownConfig.openInNewTab": "在新选项卡中打开仪表板", "xpack.dashboard.components.DashboardDrilldownConfig.useCurrentDateRange": "使用源仪表板的日期范围", From 11d4866155e35cd657d1f8c6d825069922e55ba5 Mon Sep 17 00:00:00 2001 From: Jordan <51442161+JordanSh@users.noreply.github.com> Date: Wed, 27 Jul 2022 15:47:31 +0300 Subject: [PATCH 06/12] Limit findings page size (#137187) --- .../latest_findings_container.test.tsx | 2 +- .../latest_findings_container.tsx | 38 +++++++++++++++++-- .../latest_findings/use_latest_findings.ts | 2 +- .../findings_by_resource_container.tsx | 2 +- .../resource_findings_container.tsx | 2 +- .../use_resource_findings.ts | 2 +- .../use_findings_by_resource.ts | 2 +- .../findings/{ => utils}/get_filters.test.ts | 2 +- .../pages/findings/{ => utils}/get_filters.ts | 2 +- .../utils/get_limit_properties.test.ts | 31 +++++++++++++++ .../findings/utils/get_limit_properties.ts | 21 ++++++++++ .../pages/findings/{ => utils}/utils.ts | 4 +- 12 files changed, 96 insertions(+), 14 deletions(-) rename x-pack/plugins/cloud_security_posture/public/pages/findings/{ => utils}/get_filters.test.ts (94%) rename x-pack/plugins/cloud_security_posture/public/pages/findings/{ => utils}/get_filters.ts (96%) create mode 100644 x-pack/plugins/cloud_security_posture/public/pages/findings/utils/get_limit_properties.test.ts create mode 100644 x-pack/plugins/cloud_security_posture/public/pages/findings/utils/get_limit_properties.ts rename x-pack/plugins/cloud_security_posture/public/pages/findings/{ => utils}/utils.ts (96%) diff --git a/x-pack/plugins/cloud_security_posture/public/pages/findings/latest_findings/latest_findings_container.test.tsx b/x-pack/plugins/cloud_security_posture/public/pages/findings/latest_findings/latest_findings_container.test.tsx index c74b928100d8bc..aa492d43bfbf88 100644 --- a/x-pack/plugins/cloud_security_posture/public/pages/findings/latest_findings/latest_findings_container.test.tsx +++ b/x-pack/plugins/cloud_security_posture/public/pages/findings/latest_findings/latest_findings_container.test.tsx @@ -19,7 +19,7 @@ import { encodeQuery } from '../../../common/navigation/query_utils'; import { useLocation } from 'react-router-dom'; import { RisonObject } from 'rison-node'; import { buildEsQuery } from '@kbn/es-query'; -import { getPaginationQuery } from '../utils'; +import { getPaginationQuery } from '../utils/utils'; import { FindingsEsPitContext } from '../es_pit/findings_es_pit_context'; import { chartPluginMock } from '@kbn/charts-plugin/public/mocks'; import { discoverPluginMock } from '@kbn/discover-plugin/public/mocks'; diff --git a/x-pack/plugins/cloud_security_posture/public/pages/findings/latest_findings/latest_findings_container.tsx b/x-pack/plugins/cloud_security_posture/public/pages/findings/latest_findings/latest_findings_container.tsx index 3a35d2b5a9f75b..85b547da1535e1 100644 --- a/x-pack/plugins/cloud_security_posture/public/pages/findings/latest_findings/latest_findings_container.tsx +++ b/x-pack/plugins/cloud_security_posture/public/pages/findings/latest_findings/latest_findings_container.tsx @@ -4,9 +4,9 @@ * 2.0; you may not use this file except in compliance with the Elastic License * 2.0. */ -import React from 'react'; +import React, { useMemo } from 'react'; import { FormattedMessage } from '@kbn/i18n-react'; -import { EuiSpacer } from '@elastic/eui'; +import { EuiBottomBar, EuiSpacer, EuiText } from '@elastic/eui'; import { i18n } from '@kbn/i18n'; import type { FindingsBaseProps } from '../types'; import { FindingsTable } from './latest_findings_table'; @@ -23,11 +23,12 @@ import { getPaginationTableParams, useBaseEsQuery, usePersistedQuery, -} from '../utils'; +} from '../utils/utils'; import { PageTitle, PageTitleText } from '../layout/findings_layout'; import { FindingsGroupBySelector } from '../layout/findings_group_by_selector'; import { useUrlQuery } from '../../../common/hooks/use_url_query'; import { ErrorCallout } from '../layout/error_callout'; +import { getLimitProperties } from '../utils/get_limit_properties'; export const getDefaultQuery = ({ query, @@ -40,6 +41,8 @@ export const getDefaultQuery = ({ pageSize: 10, }); +const MAX_ITEMS = 500; + export const LatestFindingsContainer = ({ dataView }: FindingsBaseProps) => { const getPersistedDefaultQuery = usePersistedQuery(getDefaultQuery); const { urlQuery, setUrlQuery } = useUrlQuery(getPersistedDefaultQuery); @@ -65,6 +68,17 @@ export const LatestFindingsContainer = ({ dataView }: FindingsBaseProps) => { const error = findingsGroupByNone.error || baseEsQuery.error; + const { isLastLimitedPage, limitedTotalItemCount } = useMemo( + () => + getLimitProperties( + findingsGroupByNone.data?.total || 0, + MAX_ITEMS, + urlQuery.pageSize, + urlQuery.pageIndex + ), + [findingsGroupByNone.data?.total, urlQuery.pageIndex, urlQuery.pageSize] + ); + return (

{ pagination={getPaginationTableParams({ pageSize: urlQuery.pageSize, pageIndex: urlQuery.pageIndex, - totalItemCount: findingsGroupByNone.data?.total || 0, + totalItemCount: limitedTotalItemCount, })} sorting={{ sort: { field: urlQuery.sort.field, direction: urlQuery.sort.direction }, @@ -128,6 +142,22 @@ export const LatestFindingsContainer = ({ dataView }: FindingsBaseProps) => { }) } /> + {isLastLimitedPage && ( + <> + + + + + + + + )} )}
diff --git a/x-pack/plugins/cloud_security_posture/public/pages/findings/latest_findings/use_latest_findings.ts b/x-pack/plugins/cloud_security_posture/public/pages/findings/latest_findings/use_latest_findings.ts index 9212c6dd7fd921..2766ddbebb0478 100644 --- a/x-pack/plugins/cloud_security_posture/public/pages/findings/latest_findings/use_latest_findings.ts +++ b/x-pack/plugins/cloud_security_posture/public/pages/findings/latest_findings/use_latest_findings.ts @@ -19,7 +19,7 @@ import type { CspFinding, Sort } from '../types'; import { useKibana } from '../../../common/hooks/use_kibana'; import type { FindingsBaseEsQuery } from '../types'; import { FINDINGS_REFETCH_INTERVAL_MS } from '../constants'; -import { getAggregationCount, getFindingsCountAggQuery } from '../utils'; +import { getAggregationCount, getFindingsCountAggQuery } from '../utils/utils'; interface UseFindingsOptions extends FindingsBaseEsQuery { from: NonNullable; diff --git a/x-pack/plugins/cloud_security_posture/public/pages/findings/latest_findings_by_resource/findings_by_resource_container.tsx b/x-pack/plugins/cloud_security_posture/public/pages/findings/latest_findings_by_resource/findings_by_resource_container.tsx index 706b04b55f4cec..db19233b0979cd 100644 --- a/x-pack/plugins/cloud_security_posture/public/pages/findings/latest_findings_by_resource/findings_by_resource_container.tsx +++ b/x-pack/plugins/cloud_security_posture/public/pages/findings/latest_findings_by_resource/findings_by_resource_container.tsx @@ -22,7 +22,7 @@ import { getPaginationTableParams, useBaseEsQuery, usePersistedQuery, -} from '../utils'; +} from '../utils/utils'; import { PageTitle, PageTitleText } from '../layout/findings_layout'; import { FindingsGroupBySelector } from '../layout/findings_group_by_selector'; import { findingsNavigation } from '../../../common/navigation/constants'; diff --git a/x-pack/plugins/cloud_security_posture/public/pages/findings/latest_findings_by_resource/resource_findings/resource_findings_container.tsx b/x-pack/plugins/cloud_security_posture/public/pages/findings/latest_findings_by_resource/resource_findings/resource_findings_container.tsx index 418b7419a826cf..12b2c66fc282a4 100644 --- a/x-pack/plugins/cloud_security_posture/public/pages/findings/latest_findings_by_resource/resource_findings/resource_findings_container.tsx +++ b/x-pack/plugins/cloud_security_posture/public/pages/findings/latest_findings_by_resource/resource_findings/resource_findings_container.tsx @@ -24,7 +24,7 @@ import { getPaginationTableParams, useBaseEsQuery, usePersistedQuery, -} from '../../utils'; +} from '../../utils/utils'; import { ResourceFindingsTable } from './resource_findings_table'; import { FindingsSearchBar } from '../../layout/findings_search_bar'; import { ErrorCallout } from '../../layout/error_callout'; diff --git a/x-pack/plugins/cloud_security_posture/public/pages/findings/latest_findings_by_resource/resource_findings/use_resource_findings.ts b/x-pack/plugins/cloud_security_posture/public/pages/findings/latest_findings_by_resource/resource_findings/use_resource_findings.ts index 86d260bf59a748..44be336f1c0412 100644 --- a/x-pack/plugins/cloud_security_posture/public/pages/findings/latest_findings_by_resource/resource_findings/use_resource_findings.ts +++ b/x-pack/plugins/cloud_security_posture/public/pages/findings/latest_findings_by_resource/resource_findings/use_resource_findings.ts @@ -11,12 +11,12 @@ import type * as estypes from '@elastic/elasticsearch/lib/api/typesWithBodyKey'; import { Pagination } from '@elastic/eui'; import { useContext } from 'react'; import { number } from 'io-ts'; +import { getAggregationCount, getFindingsCountAggQuery } from '../../utils/utils'; import { FindingsEsPitContext } from '../../es_pit/findings_es_pit_context'; import { FINDINGS_REFETCH_INTERVAL_MS } from '../../constants'; import { useKibana } from '../../../../common/hooks/use_kibana'; import { showErrorToast } from '../../latest_findings/use_latest_findings'; import type { CspFinding, FindingsBaseEsQuery, Sort } from '../../types'; -import { getAggregationCount, getFindingsCountAggQuery } from '../../utils'; interface UseResourceFindingsOptions extends FindingsBaseEsQuery { resourceId: string; diff --git a/x-pack/plugins/cloud_security_posture/public/pages/findings/latest_findings_by_resource/use_findings_by_resource.ts b/x-pack/plugins/cloud_security_posture/public/pages/findings/latest_findings_by_resource/use_findings_by_resource.ts index e353e605409215..ebb8f56c84e403 100644 --- a/x-pack/plugins/cloud_security_posture/public/pages/findings/latest_findings_by_resource/use_findings_by_resource.ts +++ b/x-pack/plugins/cloud_security_posture/public/pages/findings/latest_findings_by_resource/use_findings_by_resource.ts @@ -15,7 +15,7 @@ import { FINDINGS_REFETCH_INTERVAL_MS } from '../constants'; import { useKibana } from '../../../common/hooks/use_kibana'; import { showErrorToast } from '../latest_findings/use_latest_findings'; import type { FindingsBaseEsQuery, Sort } from '../types'; -import { getAggregationCount, getFindingsCountAggQuery } from '../utils'; +import { getAggregationCount, getFindingsCountAggQuery } from '../utils/utils'; interface UseFindingsByResourceOptions extends FindingsBaseEsQuery { from: NonNullable; diff --git a/x-pack/plugins/cloud_security_posture/public/pages/findings/get_filters.test.ts b/x-pack/plugins/cloud_security_posture/public/pages/findings/utils/get_filters.test.ts similarity index 94% rename from x-pack/plugins/cloud_security_posture/public/pages/findings/get_filters.test.ts rename to x-pack/plugins/cloud_security_posture/public/pages/findings/utils/get_filters.test.ts index 39c88981a36981..7c73dacbd5e5c0 100644 --- a/x-pack/plugins/cloud_security_posture/public/pages/findings/get_filters.test.ts +++ b/x-pack/plugins/cloud_security_posture/public/pages/findings/utils/get_filters.test.ts @@ -4,7 +4,7 @@ * 2.0; you may not use this file except in compliance with the Elastic License * 2.0. */ -import { CSP_LATEST_FINDINGS_DATA_VIEW } from '../../../common/constants'; +import { CSP_LATEST_FINDINGS_DATA_VIEW } from '../../../../common/constants'; import { createStubDataView } from '@kbn/data-views-plugin/common/stubs'; import { DataView } from '@kbn/data-views-plugin/common'; import { getFilters } from './get_filters'; diff --git a/x-pack/plugins/cloud_security_posture/public/pages/findings/get_filters.ts b/x-pack/plugins/cloud_security_posture/public/pages/findings/utils/get_filters.ts similarity index 96% rename from x-pack/plugins/cloud_security_posture/public/pages/findings/get_filters.ts rename to x-pack/plugins/cloud_security_posture/public/pages/findings/utils/get_filters.ts index fec0efdcaba4c2..dd8593ad026a13 100644 --- a/x-pack/plugins/cloud_security_posture/public/pages/findings/get_filters.ts +++ b/x-pack/plugins/cloud_security_posture/public/pages/findings/utils/get_filters.ts @@ -14,7 +14,7 @@ import { FilterCompareOptions, } from '@kbn/es-query'; import type { Serializable } from '@kbn/utility-types'; -import type { FindingsBaseProps } from './types'; +import type { FindingsBaseProps } from '../types'; const compareOptions: FilterCompareOptions = { negate: false, diff --git a/x-pack/plugins/cloud_security_posture/public/pages/findings/utils/get_limit_properties.test.ts b/x-pack/plugins/cloud_security_posture/public/pages/findings/utils/get_limit_properties.test.ts new file mode 100644 index 00000000000000..f62062ba37f4d8 --- /dev/null +++ b/x-pack/plugins/cloud_security_posture/public/pages/findings/utils/get_limit_properties.test.ts @@ -0,0 +1,31 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { getLimitProperties } from './get_limit_properties'; + +describe('getLimitProperties', () => { + it('less items than limit', () => { + const { limitedTotalItemCount, isLastLimitedPage } = getLimitProperties(200, 500, 100, 1); + + expect(limitedTotalItemCount).toBe(200); + expect(isLastLimitedPage).toBe(false); + }); + + it('more items than limit', () => { + const { limitedTotalItemCount, isLastLimitedPage } = getLimitProperties(600, 500, 100, 4); + + expect(limitedTotalItemCount).toBe(500); + expect(isLastLimitedPage).toBe(true); + }); + + it('per page calculations are correct', () => { + const { limitedTotalItemCount, isLastLimitedPage } = getLimitProperties(600, 500, 25, 19); + + expect(limitedTotalItemCount).toBe(500); + expect(isLastLimitedPage).toBe(true); + }); +}); diff --git a/x-pack/plugins/cloud_security_posture/public/pages/findings/utils/get_limit_properties.ts b/x-pack/plugins/cloud_security_posture/public/pages/findings/utils/get_limit_properties.ts new file mode 100644 index 00000000000000..07c60e10bf0b3a --- /dev/null +++ b/x-pack/plugins/cloud_security_posture/public/pages/findings/utils/get_limit_properties.ts @@ -0,0 +1,21 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +export const getLimitProperties = ( + totalItems: number, + maxItems: number, + pageSize: number, + pageIndex: number +): { isLastLimitedPage: boolean; limitedTotalItemCount: number } => { + const limitItems = totalItems > maxItems; + const limitedTotalItemCount = limitItems ? maxItems : totalItems; + const lastLimitedPage = Math.ceil(limitedTotalItemCount / pageSize); + const isLastPage = lastLimitedPage === pageIndex + 1; + const isLastLimitedPage = limitItems && isLastPage; + + return { isLastLimitedPage, limitedTotalItemCount }; +}; diff --git a/x-pack/plugins/cloud_security_posture/public/pages/findings/utils.ts b/x-pack/plugins/cloud_security_posture/public/pages/findings/utils/utils.ts similarity index 96% rename from x-pack/plugins/cloud_security_posture/public/pages/findings/utils.ts rename to x-pack/plugins/cloud_security_posture/public/pages/findings/utils/utils.ts index 3e1740222b1f1c..27ea5dabc2e8e1 100644 --- a/x-pack/plugins/cloud_security_posture/public/pages/findings/utils.ts +++ b/x-pack/plugins/cloud_security_posture/public/pages/findings/utils/utils.ts @@ -10,8 +10,8 @@ import { EuiBasicTableProps, Pagination } from '@elastic/eui'; import { useCallback, useEffect, useMemo } from 'react'; import { i18n } from '@kbn/i18n'; import type { estypes } from '@elastic/elasticsearch'; -import type { FindingsBaseProps, FindingsBaseURLQuery } from './types'; -import { useKibana } from '../../common/hooks/use_kibana'; +import type { FindingsBaseProps, FindingsBaseURLQuery } from '../types'; +import { useKibana } from '../../../common/hooks/use_kibana'; export { getFilters } from './get_filters'; const getBaseQuery = ({ dataView, query, filters }: FindingsBaseURLQuery & FindingsBaseProps) => { From bc256148e3c917ae9bcbaaf8246e368df38fc3ed Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Cau=C3=AA=20Marcondes?= <55978943+cauemarcondes@users.noreply.github.com> Date: Wed, 27 Jul 2022 08:59:33 -0400 Subject: [PATCH 07/12] [APM] When comparison feature is disabled, we still see the shaded area (#137223) --- .../apm/public/components/shared/charts/spark_plot/index.tsx | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/x-pack/plugins/apm/public/components/shared/charts/spark_plot/index.tsx b/x-pack/plugins/apm/public/components/shared/charts/spark_plot/index.tsx index a726ab28cf04e4..ad3def19035176 100644 --- a/x-pack/plugins/apm/public/components/shared/charts/spark_plot/index.tsx +++ b/x-pack/plugins/apm/public/components/shared/charts/spark_plot/index.tsx @@ -113,8 +113,6 @@ function SparkPlotItem({ width: compact ? unit * 4 : unit * 5, }; - const Sparkline = hasComparisonSeries ? LineSeries : AreaSeries; - if (isLoading) { return (
- Date: Wed, 27 Jul 2022 15:20:07 +0200 Subject: [PATCH 08/12] [Security Solution][Detections] Update the MITRE ATT&CK model to v11.3 (#137122) **Related to:** https://github.com/elastic/detection-rules/pull/2073#issuecomment-1191758934, https://github.com/elastic/kibana/issues/89876 ## Summary Here we regenerate the MITRE ATT&CK model in the code based on the official MITRE content: - we update to the version `ATT&CK-v11.3` (see https://github.com/elastic/detection-rules/pull/2073#issuecomment-1194691383) - this corresponds to the `https://raw.githubusercontent.com/mitre/cti/ATT&CK-v11.3/enterprise-attack/enterprise-attack.json` content Also, this PR fixes the model regeneration script (check the comment below). --- .../mitre/mitre_tactics_techniques.ts | 5611 ++++++++++++++++- .../extract_tactics_techniques_mitre.js | 192 +- .../translations/translations/fr-FR.json | 9 - .../translations/translations/ja-JP.json | 9 - .../translations/translations/zh-CN.json | 9 - 5 files changed, 5452 insertions(+), 378 deletions(-) diff --git a/x-pack/plugins/security_solution/public/detections/mitre/mitre_tactics_techniques.ts b/x-pack/plugins/security_solution/public/detections/mitre/mitre_tactics_techniques.ts index 0d098588f6b264..d78cfaf2494b0c 100644 --- a/x-pack/plugins/security_solution/public/detections/mitre/mitre_tactics_techniques.ts +++ b/x-pack/plugins/security_solution/public/detections/mitre/mitre_tactics_techniques.ts @@ -246,6 +246,12 @@ export const technique = [ reference: 'https://attack.mitre.org/techniques/T1134', tactics: ['defense-evasion', 'privilege-escalation'], }, + { + name: 'Accessibility Features', + id: 'T1015', + reference: 'https://attack.mitre.org/techniques/T1015', + tactics: ['persistence', 'privilege-escalation'], + }, { name: 'Account Access Removal', id: 'T1531', @@ -282,12 +288,48 @@ export const technique = [ reference: 'https://attack.mitre.org/techniques/T1557', tactics: ['credential-access', 'collection'], }, + { + name: 'AppCert DLLs', + id: 'T1182', + reference: 'https://attack.mitre.org/techniques/T1182', + tactics: ['persistence', 'privilege-escalation'], + }, + { + name: 'AppInit DLLs', + id: 'T1103', + reference: 'https://attack.mitre.org/techniques/T1103', + tactics: ['persistence', 'privilege-escalation'], + }, + { + name: 'AppleScript', + id: 'T1155', + reference: 'https://attack.mitre.org/techniques/T1155', + tactics: ['execution'], + }, + { + name: 'Application Access Token', + id: 'T1527', + reference: 'https://attack.mitre.org/techniques/T1527', + tactics: ['defense-evasion', 'lateral-movement'], + }, + { + name: 'Application Deployment Software', + id: 'T1017', + reference: 'https://attack.mitre.org/techniques/T1017', + tactics: ['lateral-movement'], + }, { name: 'Application Layer Protocol', id: 'T1071', reference: 'https://attack.mitre.org/techniques/T1071', tactics: ['command-and-control'], }, + { + name: 'Application Shimming', + id: 'T1138', + reference: 'https://attack.mitre.org/techniques/T1138', + tactics: ['persistence', 'privilege-escalation'], + }, { name: 'Application Window Discovery', id: 'T1010', @@ -306,6 +348,12 @@ export const technique = [ reference: 'https://attack.mitre.org/techniques/T1123', tactics: ['collection'], }, + { + name: 'Authentication Package', + id: 'T1131', + reference: 'https://attack.mitre.org/techniques/T1131', + tactics: ['persistence'], + }, { name: 'Automated Collection', id: 'T1119', @@ -324,6 +372,18 @@ export const technique = [ reference: 'https://attack.mitre.org/techniques/T1197', tactics: ['defense-evasion', 'persistence'], }, + { + name: 'Bash History', + id: 'T1139', + reference: 'https://attack.mitre.org/techniques/T1139', + tactics: ['credential-access'], + }, + { + name: 'Binary Padding', + id: 'T1009', + reference: 'https://attack.mitre.org/techniques/T1009', + tactics: ['defense-evasion'], + }, { name: 'Boot or Logon Autostart Execution', id: 'T1547', @@ -336,6 +396,12 @@ export const technique = [ reference: 'https://attack.mitre.org/techniques/T1037', tactics: ['persistence', 'privilege-escalation'], }, + { + name: 'Bootkit', + id: 'T1067', + reference: 'https://attack.mitre.org/techniques/T1067', + tactics: ['persistence'], + }, { name: 'Browser Bookmark Discovery', id: 'T1217', @@ -366,6 +432,30 @@ export const technique = [ reference: 'https://attack.mitre.org/techniques/T1612', tactics: ['defense-evasion'], }, + { + name: 'Bypass User Account Control', + id: 'T1088', + reference: 'https://attack.mitre.org/techniques/T1088', + tactics: ['defense-evasion', 'privilege-escalation'], + }, + { + name: 'CMSTP', + id: 'T1191', + reference: 'https://attack.mitre.org/techniques/T1191', + tactics: ['defense-evasion', 'execution'], + }, + { + name: 'Change Default File Association', + id: 'T1042', + reference: 'https://attack.mitre.org/techniques/T1042', + tactics: ['persistence'], + }, + { + name: 'Clear Command History', + id: 'T1146', + reference: 'https://attack.mitre.org/techniques/T1146', + tactics: ['defense-evasion'], + }, { name: 'Clipboard Data', id: 'T1115', @@ -378,6 +468,12 @@ export const technique = [ reference: 'https://attack.mitre.org/techniques/T1580', tactics: ['discovery'], }, + { + name: 'Cloud Instance Metadata API', + id: 'T1522', + reference: 'https://attack.mitre.org/techniques/T1522', + tactics: ['credential-access'], + }, { name: 'Cloud Service Dashboard', id: 'T1538', @@ -396,6 +492,12 @@ export const technique = [ reference: 'https://attack.mitre.org/techniques/T1619', tactics: ['discovery'], }, + { + name: 'Code Signing', + id: 'T1116', + reference: 'https://attack.mitre.org/techniques/T1116', + tactics: ['defense-evasion'], + }, { name: 'Command and Scripting Interpreter', id: 'T1059', @@ -414,6 +516,30 @@ export const technique = [ reference: 'https://attack.mitre.org/techniques/T1092', tactics: ['command-and-control'], }, + { + name: 'Compile After Delivery', + id: 'T1500', + reference: 'https://attack.mitre.org/techniques/T1500', + tactics: ['defense-evasion'], + }, + { + name: 'Compiled HTML File', + id: 'T1223', + reference: 'https://attack.mitre.org/techniques/T1223', + tactics: ['defense-evasion', 'execution'], + }, + { + name: 'Component Firmware', + id: 'T1109', + reference: 'https://attack.mitre.org/techniques/T1109', + tactics: ['defense-evasion', 'persistence'], + }, + { + name: 'Component Object Model Hijacking', + id: 'T1122', + reference: 'https://attack.mitre.org/techniques/T1122', + tactics: ['defense-evasion', 'persistence'], + }, { name: 'Component Object Model and Distributed COM', id: 'T1175', @@ -450,6 +576,12 @@ export const technique = [ reference: 'https://attack.mitre.org/techniques/T1613', tactics: ['discovery'], }, + { + name: 'Control Panel Items', + id: 'T1196', + reference: 'https://attack.mitre.org/techniques/T1196', + tactics: ['defense-evasion', 'execution'], + }, { name: 'Create Account', id: 'T1136', @@ -468,6 +600,54 @@ export const technique = [ reference: 'https://attack.mitre.org/techniques/T1555', tactics: ['credential-access'], }, + { + name: 'Credentials from Web Browsers', + id: 'T1503', + reference: 'https://attack.mitre.org/techniques/T1503', + tactics: ['credential-access'], + }, + { + name: 'Credentials in Files', + id: 'T1081', + reference: 'https://attack.mitre.org/techniques/T1081', + tactics: ['credential-access'], + }, + { + name: 'Credentials in Registry', + id: 'T1214', + reference: 'https://attack.mitre.org/techniques/T1214', + tactics: ['credential-access'], + }, + { + name: 'Custom Command and Control Protocol', + id: 'T1094', + reference: 'https://attack.mitre.org/techniques/T1094', + tactics: ['command-and-control'], + }, + { + name: 'Custom Cryptographic Protocol', + id: 'T1024', + reference: 'https://attack.mitre.org/techniques/T1024', + tactics: ['command-and-control'], + }, + { + name: 'DLL Search Order Hijacking', + id: 'T1038', + reference: 'https://attack.mitre.org/techniques/T1038', + tactics: ['persistence', 'privilege-escalation', 'defense-evasion'], + }, + { + name: 'DLL Side-Loading', + id: 'T1073', + reference: 'https://attack.mitre.org/techniques/T1073', + tactics: ['defense-evasion'], + }, + { + name: 'Data Compressed', + id: 'T1002', + reference: 'https://attack.mitre.org/techniques/T1002', + tactics: ['exfiltration'], + }, { name: 'Data Destruction', id: 'T1485', @@ -480,6 +660,12 @@ export const technique = [ reference: 'https://attack.mitre.org/techniques/T1132', tactics: ['command-and-control'], }, + { + name: 'Data Encrypted', + id: 'T1022', + reference: 'https://attack.mitre.org/techniques/T1022', + tactics: ['exfiltration'], + }, { name: 'Data Encrypted for Impact', id: 'T1486', @@ -546,6 +732,12 @@ export const technique = [ reference: 'https://attack.mitre.org/techniques/T1025', tactics: ['collection'], }, + { + name: 'Debugger Evasion', + id: 'T1622', + reference: 'https://attack.mitre.org/techniques/T1622', + tactics: ['defense-evasion', 'discovery'], + }, { name: 'Defacement', id: 'T1491', @@ -576,12 +768,42 @@ export const technique = [ reference: 'https://attack.mitre.org/techniques/T1006', tactics: ['defense-evasion'], }, + { + name: 'Disabling Security Tools', + id: 'T1089', + reference: 'https://attack.mitre.org/techniques/T1089', + tactics: ['defense-evasion'], + }, + { + name: 'Disk Content Wipe', + id: 'T1488', + reference: 'https://attack.mitre.org/techniques/T1488', + tactics: ['impact'], + }, + { + name: 'Disk Structure Wipe', + id: 'T1487', + reference: 'https://attack.mitre.org/techniques/T1487', + tactics: ['impact'], + }, { name: 'Disk Wipe', id: 'T1561', reference: 'https://attack.mitre.org/techniques/T1561', tactics: ['impact'], }, + { + name: 'Domain Fronting', + id: 'T1172', + reference: 'https://attack.mitre.org/techniques/T1172', + tactics: ['command-and-control'], + }, + { + name: 'Domain Generation Algorithms', + id: 'T1483', + reference: 'https://attack.mitre.org/techniques/T1483', + tactics: ['command-and-control'], + }, { name: 'Domain Policy Modification', id: 'T1484', @@ -600,18 +822,42 @@ export const technique = [ reference: 'https://attack.mitre.org/techniques/T1189', tactics: ['initial-access'], }, + { + name: 'Dylib Hijacking', + id: 'T1157', + reference: 'https://attack.mitre.org/techniques/T1157', + tactics: ['persistence', 'privilege-escalation'], + }, + { + name: 'Dynamic Data Exchange', + id: 'T1173', + reference: 'https://attack.mitre.org/techniques/T1173', + tactics: ['execution'], + }, { name: 'Dynamic Resolution', id: 'T1568', reference: 'https://attack.mitre.org/techniques/T1568', tactics: ['command-and-control'], }, + { + name: 'Elevated Execution with Prompt', + id: 'T1514', + reference: 'https://attack.mitre.org/techniques/T1514', + tactics: ['privilege-escalation'], + }, { name: 'Email Collection', id: 'T1114', reference: 'https://attack.mitre.org/techniques/T1114', tactics: ['collection'], }, + { + name: 'Emond', + id: 'T1519', + reference: 'https://attack.mitre.org/techniques/T1519', + tactics: ['persistence', 'privilege-escalation'], + }, { name: 'Encrypted Channel', id: 'T1573', @@ -720,12 +966,30 @@ export const technique = [ reference: 'https://attack.mitre.org/techniques/T1133', tactics: ['persistence', 'initial-access'], }, + { + name: 'Extra Window Memory Injection', + id: 'T1181', + reference: 'https://attack.mitre.org/techniques/T1181', + tactics: ['defense-evasion', 'privilege-escalation'], + }, { name: 'Fallback Channels', id: 'T1008', reference: 'https://attack.mitre.org/techniques/T1008', tactics: ['command-and-control'], }, + { + name: 'File Deletion', + id: 'T1107', + reference: 'https://attack.mitre.org/techniques/T1107', + tactics: ['defense-evasion'], + }, + { + name: 'File System Permissions Weakness', + id: 'T1044', + reference: 'https://attack.mitre.org/techniques/T1044', + tactics: ['persistence', 'privilege-escalation'], + }, { name: 'File and Directory Discovery', id: 'T1083', @@ -756,6 +1020,12 @@ export const technique = [ reference: 'https://attack.mitre.org/techniques/T1606', tactics: ['credential-access'], }, + { + name: 'Gatekeeper Bypass', + id: 'T1144', + reference: 'https://attack.mitre.org/techniques/T1144', + tactics: ['defense-evasion'], + }, { name: 'Gather Victim Host Information', id: 'T1592', @@ -792,12 +1062,36 @@ export const technique = [ reference: 'https://attack.mitre.org/techniques/T1615', tactics: ['discovery'], }, + { + name: 'HISTCONTROL', + id: 'T1148', + reference: 'https://attack.mitre.org/techniques/T1148', + tactics: ['defense-evasion'], + }, { name: 'Hardware Additions', id: 'T1200', reference: 'https://attack.mitre.org/techniques/T1200', tactics: ['initial-access'], }, + { + name: 'Hidden Files and Directories', + id: 'T1158', + reference: 'https://attack.mitre.org/techniques/T1158', + tactics: ['defense-evasion', 'persistence'], + }, + { + name: 'Hidden Users', + id: 'T1147', + reference: 'https://attack.mitre.org/techniques/T1147', + tactics: ['defense-evasion'], + }, + { + name: 'Hidden Window', + id: 'T1143', + reference: 'https://attack.mitre.org/techniques/T1143', + tactics: ['defense-evasion'], + }, { name: 'Hide Artifacts', id: 'T1564', @@ -810,12 +1104,24 @@ export const technique = [ reference: 'https://attack.mitre.org/techniques/T1574', tactics: ['persistence', 'privilege-escalation', 'defense-evasion'], }, + { + name: 'Hooking', + id: 'T1179', + reference: 'https://attack.mitre.org/techniques/T1179', + tactics: ['persistence', 'privilege-escalation', 'credential-access'], + }, { name: 'Hypervisor', id: 'T1062', reference: 'https://attack.mitre.org/techniques/T1062', tactics: ['persistence'], }, + { + name: 'Image File Execution Options Injection', + id: 'T1183', + reference: 'https://attack.mitre.org/techniques/T1183', + tactics: ['privilege-escalation', 'persistence', 'defense-evasion'], + }, { name: 'Impair Defenses', id: 'T1562', @@ -828,6 +1134,18 @@ export const technique = [ reference: 'https://attack.mitre.org/techniques/T1525', tactics: ['persistence'], }, + { + name: 'Indicator Blocking', + id: 'T1054', + reference: 'https://attack.mitre.org/techniques/T1054', + tactics: ['defense-evasion'], + }, + { + name: 'Indicator Removal from Tools', + id: 'T1066', + reference: 'https://attack.mitre.org/techniques/T1066', + tactics: ['defense-evasion'], + }, { name: 'Indicator Removal on Host', id: 'T1070', @@ -858,6 +1176,24 @@ export const technique = [ reference: 'https://attack.mitre.org/techniques/T1056', tactics: ['collection', 'credential-access'], }, + { + name: 'Input Prompt', + id: 'T1141', + reference: 'https://attack.mitre.org/techniques/T1141', + tactics: ['credential-access'], + }, + { + name: 'Install Root Certificate', + id: 'T1130', + reference: 'https://attack.mitre.org/techniques/T1130', + tactics: ['defense-evasion'], + }, + { + name: 'InstallUtil', + id: 'T1118', + reference: 'https://attack.mitre.org/techniques/T1118', + tactics: ['defense-evasion', 'execution'], + }, { name: 'Inter-Process Communication', id: 'T1559', @@ -870,18 +1206,90 @@ export const technique = [ reference: 'https://attack.mitre.org/techniques/T1534', tactics: ['lateral-movement'], }, + { + name: 'Kerberoasting', + id: 'T1208', + reference: 'https://attack.mitre.org/techniques/T1208', + tactics: ['credential-access'], + }, + { + name: 'Kernel Modules and Extensions', + id: 'T1215', + reference: 'https://attack.mitre.org/techniques/T1215', + tactics: ['persistence'], + }, + { + name: 'Keychain', + id: 'T1142', + reference: 'https://attack.mitre.org/techniques/T1142', + tactics: ['credential-access'], + }, + { + name: 'LC_LOAD_DYLIB Addition', + id: 'T1161', + reference: 'https://attack.mitre.org/techniques/T1161', + tactics: ['persistence'], + }, { name: 'LC_MAIN Hijacking', id: 'T1149', reference: 'https://attack.mitre.org/techniques/T1149', tactics: ['defense-evasion'], }, + { + name: 'LLMNR/NBT-NS Poisoning and Relay', + id: 'T1171', + reference: 'https://attack.mitre.org/techniques/T1171', + tactics: ['credential-access'], + }, + { + name: 'LSASS Driver', + id: 'T1177', + reference: 'https://attack.mitre.org/techniques/T1177', + tactics: ['execution', 'persistence'], + }, { name: 'Lateral Tool Transfer', id: 'T1570', reference: 'https://attack.mitre.org/techniques/T1570', tactics: ['lateral-movement'], }, + { + name: 'Launch Agent', + id: 'T1159', + reference: 'https://attack.mitre.org/techniques/T1159', + tactics: ['persistence'], + }, + { + name: 'Launch Daemon', + id: 'T1160', + reference: 'https://attack.mitre.org/techniques/T1160', + tactics: ['persistence', 'privilege-escalation'], + }, + { + name: 'Launchctl', + id: 'T1152', + reference: 'https://attack.mitre.org/techniques/T1152', + tactics: ['defense-evasion', 'execution', 'persistence'], + }, + { + name: 'Local Job Scheduling', + id: 'T1168', + reference: 'https://attack.mitre.org/techniques/T1168', + tactics: ['persistence', 'execution'], + }, + { + name: 'Login Item', + id: 'T1162', + reference: 'https://attack.mitre.org/techniques/T1162', + tactics: ['persistence'], + }, + { + name: 'Malicious Shell Modification', + id: 'T1156', + reference: 'https://attack.mitre.org/techniques/T1156', + tactics: ['persistence'], + }, { name: 'Masquerading', id: 'T1036', @@ -900,6 +1308,12 @@ export const technique = [ reference: 'https://attack.mitre.org/techniques/T1578', tactics: ['defense-evasion'], }, + { + name: 'Modify Existing Service', + id: 'T1031', + reference: 'https://attack.mitre.org/techniques/T1031', + tactics: ['persistence'], + }, { name: 'Modify Registry', id: 'T1112', @@ -913,9 +1327,33 @@ export const technique = [ tactics: ['defense-evasion'], }, { - name: 'Multi-Stage Channels', - id: 'T1104', - reference: 'https://attack.mitre.org/techniques/T1104', + name: 'Mshta', + id: 'T1170', + reference: 'https://attack.mitre.org/techniques/T1170', + tactics: ['defense-evasion', 'execution'], + }, + { + name: 'Multi-Factor Authentication Interception', + id: 'T1111', + reference: 'https://attack.mitre.org/techniques/T1111', + tactics: ['credential-access'], + }, + { + name: 'Multi-Factor Authentication Request Generation', + id: 'T1621', + reference: 'https://attack.mitre.org/techniques/T1621', + tactics: ['credential-access'], + }, + { + name: 'Multi-Stage Channels', + id: 'T1104', + reference: 'https://attack.mitre.org/techniques/T1104', + tactics: ['command-and-control'], + }, + { + name: 'Multi-hop Proxy', + id: 'T1188', + reference: 'https://attack.mitre.org/techniques/T1188', tactics: ['command-and-control'], }, { @@ -924,12 +1362,30 @@ export const technique = [ reference: 'https://attack.mitre.org/techniques/T1026', tactics: ['command-and-control'], }, + { + name: 'Multilayer Encryption', + id: 'T1079', + reference: 'https://attack.mitre.org/techniques/T1079', + tactics: ['command-and-control'], + }, + { + name: 'NTFS File Attributes', + id: 'T1096', + reference: 'https://attack.mitre.org/techniques/T1096', + tactics: ['defense-evasion'], + }, { name: 'Native API', id: 'T1106', reference: 'https://attack.mitre.org/techniques/T1106', tactics: ['execution'], }, + { + name: 'Netsh Helper DLL', + id: 'T1128', + reference: 'https://attack.mitre.org/techniques/T1128', + tactics: ['persistence'], + }, { name: 'Network Boundary Bridging', id: 'T1599', @@ -943,11 +1399,17 @@ export const technique = [ tactics: ['impact'], }, { - name: 'Network Service Scanning', + name: 'Network Service Discovery', id: 'T1046', reference: 'https://attack.mitre.org/techniques/T1046', tactics: ['discovery'], }, + { + name: 'Network Share Connection Removal', + id: 'T1126', + reference: 'https://attack.mitre.org/techniques/T1126', + tactics: ['defense-evasion'], + }, { name: 'Network Share Discovery', id: 'T1135', @@ -960,6 +1422,12 @@ export const technique = [ reference: 'https://attack.mitre.org/techniques/T1040', tactics: ['credential-access', 'discovery'], }, + { + name: 'New Service', + id: 'T1050', + reference: 'https://attack.mitre.org/techniques/T1050', + tactics: ['persistence', 'privilege-escalation'], + }, { name: 'Non-Application Layer Protocol', id: 'T1095', @@ -996,6 +1464,30 @@ export const technique = [ reference: 'https://attack.mitre.org/techniques/T1137', tactics: ['persistence'], }, + { + name: 'Parent PID Spoofing', + id: 'T1502', + reference: 'https://attack.mitre.org/techniques/T1502', + tactics: ['defense-evasion', 'privilege-escalation'], + }, + { + name: 'Pass the Hash', + id: 'T1075', + reference: 'https://attack.mitre.org/techniques/T1075', + tactics: ['lateral-movement'], + }, + { + name: 'Pass the Ticket', + id: 'T1097', + reference: 'https://attack.mitre.org/techniques/T1097', + tactics: ['lateral-movement'], + }, + { + name: 'Password Filter DLL', + id: 'T1174', + reference: 'https://attack.mitre.org/techniques/T1174', + tactics: ['credential-access'], + }, { name: 'Password Policy Discovery', id: 'T1201', @@ -1032,18 +1524,66 @@ export const technique = [ reference: 'https://attack.mitre.org/techniques/T1598', tactics: ['reconnaissance'], }, + { + name: 'Plist File Modification', + id: 'T1647', + reference: 'https://attack.mitre.org/techniques/T1647', + tactics: ['defense-evasion'], + }, + { + name: 'Plist Modification', + id: 'T1150', + reference: 'https://attack.mitre.org/techniques/T1150', + tactics: ['defense-evasion', 'persistence', 'privilege-escalation'], + }, + { + name: 'Port Monitors', + id: 'T1013', + reference: 'https://attack.mitre.org/techniques/T1013', + tactics: ['persistence', 'privilege-escalation'], + }, + { + name: 'PowerShell', + id: 'T1086', + reference: 'https://attack.mitre.org/techniques/T1086', + tactics: ['execution'], + }, + { + name: 'PowerShell Profile', + id: 'T1504', + reference: 'https://attack.mitre.org/techniques/T1504', + tactics: ['persistence', 'privilege-escalation'], + }, { name: 'Pre-OS Boot', id: 'T1542', reference: 'https://attack.mitre.org/techniques/T1542', tactics: ['defense-evasion', 'persistence'], }, + { + name: 'Private Keys', + id: 'T1145', + reference: 'https://attack.mitre.org/techniques/T1145', + tactics: ['credential-access'], + }, { name: 'Process Discovery', id: 'T1057', reference: 'https://attack.mitre.org/techniques/T1057', tactics: ['discovery'], }, + { + name: 'Process Doppelgänging', + id: 'T1186', + reference: 'https://attack.mitre.org/techniques/T1186', + tactics: ['defense-evasion'], + }, + { + name: 'Process Hollowing', + id: 'T1093', + reference: 'https://attack.mitre.org/techniques/T1093', + tactics: ['defense-evasion'], + }, { name: 'Process Injection', id: 'T1055', @@ -1068,6 +1608,18 @@ export const technique = [ reference: 'https://attack.mitre.org/techniques/T1012', tactics: ['discovery'], }, + { + name: 'Rc.common', + id: 'T1163', + reference: 'https://attack.mitre.org/techniques/T1163', + tactics: ['persistence'], + }, + { + name: 'Re-opened Applications', + id: 'T1164', + reference: 'https://attack.mitre.org/techniques/T1164', + tactics: ['persistence'], + }, { name: 'Redundant Access', id: 'T1108', @@ -1080,12 +1632,36 @@ export const technique = [ reference: 'https://attack.mitre.org/techniques/T1620', tactics: ['defense-evasion'], }, + { + name: 'Registry Run Keys / Startup Folder', + id: 'T1060', + reference: 'https://attack.mitre.org/techniques/T1060', + tactics: ['persistence'], + }, + { + name: 'Regsvcs/Regasm', + id: 'T1121', + reference: 'https://attack.mitre.org/techniques/T1121', + tactics: ['defense-evasion', 'execution'], + }, + { + name: 'Regsvr32', + id: 'T1117', + reference: 'https://attack.mitre.org/techniques/T1117', + tactics: ['defense-evasion', 'execution'], + }, { name: 'Remote Access Software', id: 'T1219', reference: 'https://attack.mitre.org/techniques/T1219', tactics: ['command-and-control'], }, + { + name: 'Remote Desktop Protocol', + id: 'T1076', + reference: 'https://attack.mitre.org/techniques/T1076', + tactics: ['lateral-movement'], + }, { name: 'Remote Service Session Hijacking', id: 'T1563', @@ -1116,6 +1692,12 @@ export const technique = [ reference: 'https://attack.mitre.org/techniques/T1496', tactics: ['impact'], }, + { + name: 'Revert Cloud Instance', + id: 'T1536', + reference: 'https://attack.mitre.org/techniques/T1536', + tactics: ['defense-evasion'], + }, { name: 'Rogue Domain Controller', id: 'T1207', @@ -1128,6 +1710,36 @@ export const technique = [ reference: 'https://attack.mitre.org/techniques/T1014', tactics: ['defense-evasion'], }, + { + name: 'Rundll32', + id: 'T1085', + reference: 'https://attack.mitre.org/techniques/T1085', + tactics: ['defense-evasion', 'execution'], + }, + { + name: 'Runtime Data Manipulation', + id: 'T1494', + reference: 'https://attack.mitre.org/techniques/T1494', + tactics: ['impact'], + }, + { + name: 'SID-History Injection', + id: 'T1178', + reference: 'https://attack.mitre.org/techniques/T1178', + tactics: ['privilege-escalation'], + }, + { + name: 'SIP and Trust Provider Hijacking', + id: 'T1198', + reference: 'https://attack.mitre.org/techniques/T1198', + tactics: ['defense-evasion', 'persistence'], + }, + { + name: 'SSH Hijacking', + id: 'T1184', + reference: 'https://attack.mitre.org/techniques/T1184', + tactics: ['lateral-movement'], + }, { name: 'Scheduled Task/Job', id: 'T1053', @@ -1146,6 +1758,12 @@ export const technique = [ reference: 'https://attack.mitre.org/techniques/T1113', tactics: ['collection'], }, + { + name: 'Screensaver', + id: 'T1180', + reference: 'https://attack.mitre.org/techniques/T1180', + tactics: ['persistence'], + }, { name: 'Scripting', id: 'T1064', @@ -1176,18 +1794,54 @@ export const technique = [ reference: 'https://attack.mitre.org/techniques/T1594', tactics: ['reconnaissance'], }, + { + name: 'Security Software Discovery', + id: 'T1063', + reference: 'https://attack.mitre.org/techniques/T1063', + tactics: ['discovery'], + }, + { + name: 'Security Support Provider', + id: 'T1101', + reference: 'https://attack.mitre.org/techniques/T1101', + tactics: ['persistence'], + }, + { + name: 'Securityd Memory', + id: 'T1167', + reference: 'https://attack.mitre.org/techniques/T1167', + tactics: ['credential-access'], + }, { name: 'Server Software Component', id: 'T1505', reference: 'https://attack.mitre.org/techniques/T1505', tactics: ['persistence'], }, + { + name: 'Service Execution', + id: 'T1035', + reference: 'https://attack.mitre.org/techniques/T1035', + tactics: ['execution'], + }, + { + name: 'Service Registry Permissions Weakness', + id: 'T1058', + reference: 'https://attack.mitre.org/techniques/T1058', + tactics: ['persistence', 'privilege-escalation'], + }, { name: 'Service Stop', id: 'T1489', reference: 'https://attack.mitre.org/techniques/T1489', tactics: ['impact'], }, + { + name: 'Setuid and Setgid', + id: 'T1166', + reference: 'https://attack.mitre.org/techniques/T1166', + tactics: ['privilege-escalation', 'persistence'], + }, { name: 'Shared Modules', id: 'T1129', @@ -1201,16 +1855,10 @@ export const technique = [ tactics: ['lateral-movement'], }, { - name: 'Signed Binary Proxy Execution', - id: 'T1218', - reference: 'https://attack.mitre.org/techniques/T1218', - tactics: ['defense-evasion'], - }, - { - name: 'Signed Script Proxy Execution', - id: 'T1216', - reference: 'https://attack.mitre.org/techniques/T1216', - tactics: ['defense-evasion'], + name: 'Shortcut Modification', + id: 'T1023', + reference: 'https://attack.mitre.org/techniques/T1023', + tactics: ['persistence'], }, { name: 'Software Deployment Tools', @@ -1224,18 +1872,60 @@ export const technique = [ reference: 'https://attack.mitre.org/techniques/T1518', tactics: ['discovery'], }, + { + name: 'Software Packing', + id: 'T1045', + reference: 'https://attack.mitre.org/techniques/T1045', + tactics: ['defense-evasion'], + }, { name: 'Source', id: 'T1153', reference: 'https://attack.mitre.org/techniques/T1153', tactics: ['execution'], }, + { + name: 'Space after Filename', + id: 'T1151', + reference: 'https://attack.mitre.org/techniques/T1151', + tactics: ['defense-evasion', 'execution'], + }, + { + name: 'Spearphishing Attachment', + id: 'T1193', + reference: 'https://attack.mitre.org/techniques/T1193', + tactics: ['initial-access'], + }, + { + name: 'Spearphishing Link', + id: 'T1192', + reference: 'https://attack.mitre.org/techniques/T1192', + tactics: ['initial-access'], + }, + { + name: 'Spearphishing via Service', + id: 'T1194', + reference: 'https://attack.mitre.org/techniques/T1194', + tactics: ['initial-access'], + }, { name: 'Stage Capabilities', id: 'T1608', reference: 'https://attack.mitre.org/techniques/T1608', tactics: ['resource-development'], }, + { + name: 'Standard Cryptographic Protocol', + id: 'T1032', + reference: 'https://attack.mitre.org/techniques/T1032', + tactics: ['command-and-control'], + }, + { + name: 'Startup Items', + id: 'T1165', + reference: 'https://attack.mitre.org/techniques/T1165', + tactics: ['persistence', 'privilege-escalation'], + }, { name: 'Steal Application Access Token', id: 'T1528', @@ -1254,18 +1944,48 @@ export const technique = [ reference: 'https://attack.mitre.org/techniques/T1558', tactics: ['credential-access'], }, + { + name: 'Stored Data Manipulation', + id: 'T1492', + reference: 'https://attack.mitre.org/techniques/T1492', + tactics: ['impact'], + }, { name: 'Subvert Trust Controls', id: 'T1553', reference: 'https://attack.mitre.org/techniques/T1553', tactics: ['defense-evasion'], }, + { + name: 'Sudo', + id: 'T1169', + reference: 'https://attack.mitre.org/techniques/T1169', + tactics: ['privilege-escalation'], + }, + { + name: 'Sudo Caching', + id: 'T1206', + reference: 'https://attack.mitre.org/techniques/T1206', + tactics: ['privilege-escalation'], + }, { name: 'Supply Chain Compromise', id: 'T1195', reference: 'https://attack.mitre.org/techniques/T1195', tactics: ['initial-access'], }, + { + name: 'System Binary Proxy Execution', + id: 'T1218', + reference: 'https://attack.mitre.org/techniques/T1218', + tactics: ['defense-evasion'], + }, + { + name: 'System Firmware', + id: 'T1019', + reference: 'https://attack.mitre.org/techniques/T1019', + tactics: ['persistence'], + }, { name: 'System Information Discovery', id: 'T1082', @@ -1296,6 +2016,12 @@ export const technique = [ reference: 'https://attack.mitre.org/techniques/T1033', tactics: ['discovery'], }, + { + name: 'System Script Proxy Execution', + id: 'T1216', + reference: 'https://attack.mitre.org/techniques/T1216', + tactics: ['defense-evasion'], + }, { name: 'System Service Discovery', id: 'T1007', @@ -1320,6 +2046,12 @@ export const technique = [ reference: 'https://attack.mitre.org/techniques/T1124', tactics: ['discovery'], }, + { + name: 'Systemd Service', + id: 'T1501', + reference: 'https://attack.mitre.org/techniques/T1501', + tactics: ['persistence'], + }, { name: 'Taint Shared Content', id: 'T1080', @@ -1332,6 +2064,18 @@ export const technique = [ reference: 'https://attack.mitre.org/techniques/T1221', tactics: ['defense-evasion'], }, + { + name: 'Time Providers', + id: 'T1209', + reference: 'https://attack.mitre.org/techniques/T1209', + tactics: ['persistence'], + }, + { + name: 'Timestomp', + id: 'T1099', + reference: 'https://attack.mitre.org/techniques/T1099', + tactics: ['defense-evasion'], + }, { name: 'Traffic Signaling', id: 'T1205', @@ -1344,6 +2088,18 @@ export const technique = [ reference: 'https://attack.mitre.org/techniques/T1537', tactics: ['exfiltration'], }, + { + name: 'Transmitted Data Manipulation', + id: 'T1493', + reference: 'https://attack.mitre.org/techniques/T1493', + tactics: ['impact'], + }, + { + name: 'Trap', + id: 'T1154', + reference: 'https://attack.mitre.org/techniques/T1154', + tactics: ['execution', 'persistence'], + }, { name: 'Trusted Developer Utilities Proxy Execution', id: 'T1127', @@ -1357,10 +2113,10 @@ export const technique = [ tactics: ['initial-access'], }, { - name: 'Two-Factor Authentication Interception', - id: 'T1111', - reference: 'https://attack.mitre.org/techniques/T1111', - tactics: ['credential-access'], + name: 'Uncommonly Used Port', + id: 'T1065', + reference: 'https://attack.mitre.org/techniques/T1065', + tactics: ['command-and-control'], }, { name: 'Unsecured Credentials', @@ -1416,6 +2172,24 @@ export const technique = [ reference: 'https://attack.mitre.org/techniques/T1102', tactics: ['command-and-control'], }, + { + name: 'Web Session Cookie', + id: 'T1506', + reference: 'https://attack.mitre.org/techniques/T1506', + tactics: ['defense-evasion', 'lateral-movement'], + }, + { + name: 'Web Shell', + id: 'T1100', + reference: 'https://attack.mitre.org/techniques/T1100', + tactics: ['persistence', 'privilege-escalation'], + }, + { + name: 'Windows Admin Shares', + id: 'T1077', + reference: 'https://attack.mitre.org/techniques/T1077', + tactics: ['lateral-movement'], + }, { name: 'Windows Management Instrumentation', id: 'T1047', @@ -1423,10 +2197,28 @@ export const technique = [ tactics: ['execution'], }, { - name: 'XSL Script Processing', - id: 'T1220', - reference: 'https://attack.mitre.org/techniques/T1220', - tactics: ['defense-evasion'], + name: 'Windows Management Instrumentation Event Subscription', + id: 'T1084', + reference: 'https://attack.mitre.org/techniques/T1084', + tactics: ['persistence'], + }, + { + name: 'Windows Remote Management', + id: 'T1028', + reference: 'https://attack.mitre.org/techniques/T1028', + tactics: ['execution', 'lateral-movement'], + }, + { + name: 'Winlogon Helper DLL', + id: 'T1004', + reference: 'https://attack.mitre.org/techniques/T1004', + tactics: ['persistence'], + }, + { + name: 'XSL Script Processing', + id: 'T1220', + reference: 'https://attack.mitre.org/techniques/T1220', + tactics: ['defense-evasion'], }, ]; @@ -1453,6 +2245,17 @@ export const techniquesOptions: MitreTechniquesOptions[] = [ tactics: 'defense-evasion,privilege-escalation', value: 'accessTokenManipulation', }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.accessibilityFeaturesDescription', + { defaultMessage: 'Accessibility Features (T1015)' } + ), + id: 'T1015', + name: 'Accessibility Features', + reference: 'https://attack.mitre.org/techniques/T1015', + tactics: 'persistence,privilege-escalation', + value: 'accessibilityFeatures', + }, { label: i18n.translate( 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.accountAccessRemovalDescription', @@ -1519,6 +2322,61 @@ export const techniquesOptions: MitreTechniquesOptions[] = [ tactics: 'credential-access,collection', value: 'adversaryInTheMiddle', }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.appCertDlLsDescription', + { defaultMessage: 'AppCert DLLs (T1182)' } + ), + id: 'T1182', + name: 'AppCert DLLs', + reference: 'https://attack.mitre.org/techniques/T1182', + tactics: 'persistence,privilege-escalation', + value: 'appCertDlLs', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.appInitDlLsDescription', + { defaultMessage: 'AppInit DLLs (T1103)' } + ), + id: 'T1103', + name: 'AppInit DLLs', + reference: 'https://attack.mitre.org/techniques/T1103', + tactics: 'persistence,privilege-escalation', + value: 'appInitDlLs', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.appleScriptDescription', + { defaultMessage: 'AppleScript (T1155)' } + ), + id: 'T1155', + name: 'AppleScript', + reference: 'https://attack.mitre.org/techniques/T1155', + tactics: 'execution', + value: 'appleScript', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.applicationAccessTokenDescription', + { defaultMessage: 'Application Access Token (T1527)' } + ), + id: 'T1527', + name: 'Application Access Token', + reference: 'https://attack.mitre.org/techniques/T1527', + tactics: 'defense-evasion,lateral-movement', + value: 'applicationAccessToken', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.applicationDeploymentSoftwareDescription', + { defaultMessage: 'Application Deployment Software (T1017)' } + ), + id: 'T1017', + name: 'Application Deployment Software', + reference: 'https://attack.mitre.org/techniques/T1017', + tactics: 'lateral-movement', + value: 'applicationDeploymentSoftware', + }, { label: i18n.translate( 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.applicationLayerProtocolDescription', @@ -1530,6 +2388,17 @@ export const techniquesOptions: MitreTechniquesOptions[] = [ tactics: 'command-and-control', value: 'applicationLayerProtocol', }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.applicationShimmingDescription', + { defaultMessage: 'Application Shimming (T1138)' } + ), + id: 'T1138', + name: 'Application Shimming', + reference: 'https://attack.mitre.org/techniques/T1138', + tactics: 'persistence,privilege-escalation', + value: 'applicationShimming', + }, { label: i18n.translate( 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.applicationWindowDiscoveryDescription', @@ -1563,6 +2432,17 @@ export const techniquesOptions: MitreTechniquesOptions[] = [ tactics: 'collection', value: 'audioCapture', }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.authenticationPackageDescription', + { defaultMessage: 'Authentication Package (T1131)' } + ), + id: 'T1131', + name: 'Authentication Package', + reference: 'https://attack.mitre.org/techniques/T1131', + tactics: 'persistence', + value: 'authenticationPackage', + }, { label: i18n.translate( 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.automatedCollectionDescription', @@ -1596,6 +2476,28 @@ export const techniquesOptions: MitreTechniquesOptions[] = [ tactics: 'defense-evasion,persistence', value: 'bitsJobs', }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.bashHistoryDescription', + { defaultMessage: 'Bash History (T1139)' } + ), + id: 'T1139', + name: 'Bash History', + reference: 'https://attack.mitre.org/techniques/T1139', + tactics: 'credential-access', + value: 'bashHistory', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.binaryPaddingDescription', + { defaultMessage: 'Binary Padding (T1009)' } + ), + id: 'T1009', + name: 'Binary Padding', + reference: 'https://attack.mitre.org/techniques/T1009', + tactics: 'defense-evasion', + value: 'binaryPadding', + }, { label: i18n.translate( 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.bootOrLogonAutostartExecutionDescription', @@ -1618,6 +2520,17 @@ export const techniquesOptions: MitreTechniquesOptions[] = [ tactics: 'persistence,privilege-escalation', value: 'bootOrLogonInitializationScripts', }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.bootkitDescription', + { defaultMessage: 'Bootkit (T1067)' } + ), + id: 'T1067', + name: 'Bootkit', + reference: 'https://attack.mitre.org/techniques/T1067', + tactics: 'persistence', + value: 'bootkit', + }, { label: i18n.translate( 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.browserBookmarkDiscoveryDescription', @@ -1673,6 +2586,50 @@ export const techniquesOptions: MitreTechniquesOptions[] = [ tactics: 'defense-evasion', value: 'buildImageOnHost', }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.bypassUserAccountControlDescription', + { defaultMessage: 'Bypass User Account Control (T1088)' } + ), + id: 'T1088', + name: 'Bypass User Account Control', + reference: 'https://attack.mitre.org/techniques/T1088', + tactics: 'defense-evasion,privilege-escalation', + value: 'bypassUserAccountControl', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.cmstpDescription', + { defaultMessage: 'CMSTP (T1191)' } + ), + id: 'T1191', + name: 'CMSTP', + reference: 'https://attack.mitre.org/techniques/T1191', + tactics: 'defense-evasion,execution', + value: 'cmstp', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.changeDefaultFileAssociationDescription', + { defaultMessage: 'Change Default File Association (T1042)' } + ), + id: 'T1042', + name: 'Change Default File Association', + reference: 'https://attack.mitre.org/techniques/T1042', + tactics: 'persistence', + value: 'changeDefaultFileAssociation', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.clearCommandHistoryDescription', + { defaultMessage: 'Clear Command History (T1146)' } + ), + id: 'T1146', + name: 'Clear Command History', + reference: 'https://attack.mitre.org/techniques/T1146', + tactics: 'defense-evasion', + value: 'clearCommandHistory', + }, { label: i18n.translate( 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.clipboardDataDescription', @@ -1695,6 +2652,17 @@ export const techniquesOptions: MitreTechniquesOptions[] = [ tactics: 'discovery', value: 'cloudInfrastructureDiscovery', }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.cloudInstanceMetadataApiDescription', + { defaultMessage: 'Cloud Instance Metadata API (T1522)' } + ), + id: 'T1522', + name: 'Cloud Instance Metadata API', + reference: 'https://attack.mitre.org/techniques/T1522', + tactics: 'credential-access', + value: 'cloudInstanceMetadataApi', + }, { label: i18n.translate( 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.cloudServiceDashboardDescription', @@ -1728,6 +2696,17 @@ export const techniquesOptions: MitreTechniquesOptions[] = [ tactics: 'discovery', value: 'cloudStorageObjectDiscovery', }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.codeSigningDescription', + { defaultMessage: 'Code Signing (T1116)' } + ), + id: 'T1116', + name: 'Code Signing', + reference: 'https://attack.mitre.org/techniques/T1116', + tactics: 'defense-evasion', + value: 'codeSigning', + }, { label: i18n.translate( 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.commandAndScriptingInterpreterDescription', @@ -1761,6 +2740,50 @@ export const techniquesOptions: MitreTechniquesOptions[] = [ tactics: 'command-and-control', value: 'communicationThroughRemovableMedia', }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.compileAfterDeliveryDescription', + { defaultMessage: 'Compile After Delivery (T1500)' } + ), + id: 'T1500', + name: 'Compile After Delivery', + reference: 'https://attack.mitre.org/techniques/T1500', + tactics: 'defense-evasion', + value: 'compileAfterDelivery', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.compiledHtmlFileDescription', + { defaultMessage: 'Compiled HTML File (T1223)' } + ), + id: 'T1223', + name: 'Compiled HTML File', + reference: 'https://attack.mitre.org/techniques/T1223', + tactics: 'defense-evasion,execution', + value: 'compiledHtmlFile', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.componentFirmwareDescription', + { defaultMessage: 'Component Firmware (T1109)' } + ), + id: 'T1109', + name: 'Component Firmware', + reference: 'https://attack.mitre.org/techniques/T1109', + tactics: 'defense-evasion,persistence', + value: 'componentFirmware', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.componentObjectModelHijackingDescription', + { defaultMessage: 'Component Object Model Hijacking (T1122)' } + ), + id: 'T1122', + name: 'Component Object Model Hijacking', + reference: 'https://attack.mitre.org/techniques/T1122', + tactics: 'defense-evasion,persistence', + value: 'componentObjectModelHijacking', + }, { label: i18n.translate( 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.componentObjectModelAndDistributedComDescription', @@ -1827,6 +2850,17 @@ export const techniquesOptions: MitreTechniquesOptions[] = [ tactics: 'discovery', value: 'containerAndResourceDiscovery', }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.controlPanelItemsDescription', + { defaultMessage: 'Control Panel Items (T1196)' } + ), + id: 'T1196', + name: 'Control Panel Items', + reference: 'https://attack.mitre.org/techniques/T1196', + tactics: 'defense-evasion,execution', + value: 'controlPanelItems', + }, { label: i18n.translate( 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.createAccountDescription', @@ -1860,6 +2894,94 @@ export const techniquesOptions: MitreTechniquesOptions[] = [ tactics: 'credential-access', value: 'credentialsFromPasswordStores', }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.credentialsFromWebBrowsersDescription', + { defaultMessage: 'Credentials from Web Browsers (T1503)' } + ), + id: 'T1503', + name: 'Credentials from Web Browsers', + reference: 'https://attack.mitre.org/techniques/T1503', + tactics: 'credential-access', + value: 'credentialsFromWebBrowsers', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.credentialsInFilesDescription', + { defaultMessage: 'Credentials in Files (T1081)' } + ), + id: 'T1081', + name: 'Credentials in Files', + reference: 'https://attack.mitre.org/techniques/T1081', + tactics: 'credential-access', + value: 'credentialsInFiles', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.credentialsInRegistryDescription', + { defaultMessage: 'Credentials in Registry (T1214)' } + ), + id: 'T1214', + name: 'Credentials in Registry', + reference: 'https://attack.mitre.org/techniques/T1214', + tactics: 'credential-access', + value: 'credentialsInRegistry', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.customCommandAndControlProtocolDescription', + { defaultMessage: 'Custom Command and Control Protocol (T1094)' } + ), + id: 'T1094', + name: 'Custom Command and Control Protocol', + reference: 'https://attack.mitre.org/techniques/T1094', + tactics: 'command-and-control', + value: 'customCommandAndControlProtocol', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.customCryptographicProtocolDescription', + { defaultMessage: 'Custom Cryptographic Protocol (T1024)' } + ), + id: 'T1024', + name: 'Custom Cryptographic Protocol', + reference: 'https://attack.mitre.org/techniques/T1024', + tactics: 'command-and-control', + value: 'customCryptographicProtocol', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.dllSearchOrderHijackingDescription', + { defaultMessage: 'DLL Search Order Hijacking (T1038)' } + ), + id: 'T1038', + name: 'DLL Search Order Hijacking', + reference: 'https://attack.mitre.org/techniques/T1038', + tactics: 'persistence,privilege-escalation,defense-evasion', + value: 'dllSearchOrderHijacking', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.dllSideLoadingDescription', + { defaultMessage: 'DLL Side-Loading (T1073)' } + ), + id: 'T1073', + name: 'DLL Side-Loading', + reference: 'https://attack.mitre.org/techniques/T1073', + tactics: 'defense-evasion', + value: 'dllSideLoading', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.dataCompressedDescription', + { defaultMessage: 'Data Compressed (T1002)' } + ), + id: 'T1002', + name: 'Data Compressed', + reference: 'https://attack.mitre.org/techniques/T1002', + tactics: 'exfiltration', + value: 'dataCompressed', + }, { label: i18n.translate( 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.dataDestructionDescription', @@ -1882,6 +3004,17 @@ export const techniquesOptions: MitreTechniquesOptions[] = [ tactics: 'command-and-control', value: 'dataEncoding', }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.dataEncryptedDescription', + { defaultMessage: 'Data Encrypted (T1022)' } + ), + id: 'T1022', + name: 'Data Encrypted', + reference: 'https://attack.mitre.org/techniques/T1022', + tactics: 'exfiltration', + value: 'dataEncrypted', + }, { label: i18n.translate( 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.dataEncryptedForImpactDescription', @@ -2003,6 +3136,17 @@ export const techniquesOptions: MitreTechniquesOptions[] = [ tactics: 'collection', value: 'dataFromRemovableMedia', }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.debuggerEvasionDescription', + { defaultMessage: 'Debugger Evasion (T1622)' } + ), + id: 'T1622', + name: 'Debugger Evasion', + reference: 'https://attack.mitre.org/techniques/T1622', + tactics: 'defense-evasion,discovery', + value: 'debuggerEvasion', + }, { label: i18n.translate( 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.defacementDescription', @@ -2058,6 +3202,39 @@ export const techniquesOptions: MitreTechniquesOptions[] = [ tactics: 'defense-evasion', value: 'directVolumeAccess', }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.disablingSecurityToolsDescription', + { defaultMessage: 'Disabling Security Tools (T1089)' } + ), + id: 'T1089', + name: 'Disabling Security Tools', + reference: 'https://attack.mitre.org/techniques/T1089', + tactics: 'defense-evasion', + value: 'disablingSecurityTools', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.diskContentWipeDescription', + { defaultMessage: 'Disk Content Wipe (T1488)' } + ), + id: 'T1488', + name: 'Disk Content Wipe', + reference: 'https://attack.mitre.org/techniques/T1488', + tactics: 'impact', + value: 'diskContentWipe', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.diskStructureWipeDescription', + { defaultMessage: 'Disk Structure Wipe (T1487)' } + ), + id: 'T1487', + name: 'Disk Structure Wipe', + reference: 'https://attack.mitre.org/techniques/T1487', + tactics: 'impact', + value: 'diskStructureWipe', + }, { label: i18n.translate( 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.diskWipeDescription', @@ -2071,19 +3248,41 @@ export const techniquesOptions: MitreTechniquesOptions[] = [ }, { label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.domainPolicyModificationDescription', - { defaultMessage: 'Domain Policy Modification (T1484)' } + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.domainFrontingDescription', + { defaultMessage: 'Domain Fronting (T1172)' } ), - id: 'T1484', - name: 'Domain Policy Modification', - reference: 'https://attack.mitre.org/techniques/T1484', - tactics: 'defense-evasion,privilege-escalation', - value: 'domainPolicyModification', + id: 'T1172', + name: 'Domain Fronting', + reference: 'https://attack.mitre.org/techniques/T1172', + tactics: 'command-and-control', + value: 'domainFronting', }, { label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.domainTrustDiscoveryDescription', - { defaultMessage: 'Domain Trust Discovery (T1482)' } + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.domainGenerationAlgorithmsDescription', + { defaultMessage: 'Domain Generation Algorithms (T1483)' } + ), + id: 'T1483', + name: 'Domain Generation Algorithms', + reference: 'https://attack.mitre.org/techniques/T1483', + tactics: 'command-and-control', + value: 'domainGenerationAlgorithms', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.domainPolicyModificationDescription', + { defaultMessage: 'Domain Policy Modification (T1484)' } + ), + id: 'T1484', + name: 'Domain Policy Modification', + reference: 'https://attack.mitre.org/techniques/T1484', + tactics: 'defense-evasion,privilege-escalation', + value: 'domainPolicyModification', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.domainTrustDiscoveryDescription', + { defaultMessage: 'Domain Trust Discovery (T1482)' } ), id: 'T1482', name: 'Domain Trust Discovery', @@ -2102,6 +3301,28 @@ export const techniquesOptions: MitreTechniquesOptions[] = [ tactics: 'initial-access', value: 'driveByCompromise', }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.dylibHijackingDescription', + { defaultMessage: 'Dylib Hijacking (T1157)' } + ), + id: 'T1157', + name: 'Dylib Hijacking', + reference: 'https://attack.mitre.org/techniques/T1157', + tactics: 'persistence,privilege-escalation', + value: 'dylibHijacking', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.dynamicDataExchangeDescription', + { defaultMessage: 'Dynamic Data Exchange (T1173)' } + ), + id: 'T1173', + name: 'Dynamic Data Exchange', + reference: 'https://attack.mitre.org/techniques/T1173', + tactics: 'execution', + value: 'dynamicDataExchange', + }, { label: i18n.translate( 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.dynamicResolutionDescription', @@ -2113,6 +3334,17 @@ export const techniquesOptions: MitreTechniquesOptions[] = [ tactics: 'command-and-control', value: 'dynamicResolution', }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.elevatedExecutionWithPromptDescription', + { defaultMessage: 'Elevated Execution with Prompt (T1514)' } + ), + id: 'T1514', + name: 'Elevated Execution with Prompt', + reference: 'https://attack.mitre.org/techniques/T1514', + tactics: 'privilege-escalation', + value: 'elevatedExecutionWithPrompt', + }, { label: i18n.translate( 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.emailCollectionDescription', @@ -2124,6 +3356,17 @@ export const techniquesOptions: MitreTechniquesOptions[] = [ tactics: 'collection', value: 'emailCollection', }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.emondDescription', + { defaultMessage: 'Emond (T1519)' } + ), + id: 'T1519', + name: 'Emond', + reference: 'https://attack.mitre.org/techniques/T1519', + tactics: 'persistence,privilege-escalation', + value: 'emond', + }, { label: i18n.translate( 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.encryptedChannelDescription', @@ -2322,6 +3565,17 @@ export const techniquesOptions: MitreTechniquesOptions[] = [ tactics: 'persistence,initial-access', value: 'externalRemoteServices', }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.extraWindowMemoryInjectionDescription', + { defaultMessage: 'Extra Window Memory Injection (T1181)' } + ), + id: 'T1181', + name: 'Extra Window Memory Injection', + reference: 'https://attack.mitre.org/techniques/T1181', + tactics: 'defense-evasion,privilege-escalation', + value: 'extraWindowMemoryInjection', + }, { label: i18n.translate( 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.fallbackChannelsDescription', @@ -2333,6 +3587,28 @@ export const techniquesOptions: MitreTechniquesOptions[] = [ tactics: 'command-and-control', value: 'fallbackChannels', }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.fileDeletionDescription', + { defaultMessage: 'File Deletion (T1107)' } + ), + id: 'T1107', + name: 'File Deletion', + reference: 'https://attack.mitre.org/techniques/T1107', + tactics: 'defense-evasion', + value: 'fileDeletion', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.fileSystemPermissionsWeaknessDescription', + { defaultMessage: 'File System Permissions Weakness (T1044)' } + ), + id: 'T1044', + name: 'File System Permissions Weakness', + reference: 'https://attack.mitre.org/techniques/T1044', + tactics: 'persistence,privilege-escalation', + value: 'fileSystemPermissionsWeakness', + }, { label: i18n.translate( 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.fileAndDirectoryDiscoveryDescription', @@ -2388,6 +3664,17 @@ export const techniquesOptions: MitreTechniquesOptions[] = [ tactics: 'credential-access', value: 'forgeWebCredentials', }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.gatekeeperBypassDescription', + { defaultMessage: 'Gatekeeper Bypass (T1144)' } + ), + id: 'T1144', + name: 'Gatekeeper Bypass', + reference: 'https://attack.mitre.org/techniques/T1144', + tactics: 'defense-evasion', + value: 'gatekeeperBypass', + }, { label: i18n.translate( 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.gatherVictimHostInformationDescription', @@ -2454,6 +3741,17 @@ export const techniquesOptions: MitreTechniquesOptions[] = [ tactics: 'discovery', value: 'groupPolicyDiscovery', }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.histcontrolDescription', + { defaultMessage: 'HISTCONTROL (T1148)' } + ), + id: 'T1148', + name: 'HISTCONTROL', + reference: 'https://attack.mitre.org/techniques/T1148', + tactics: 'defense-evasion', + value: 'histcontrol', + }, { label: i18n.translate( 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.hardwareAdditionsDescription', @@ -2465,6 +3763,39 @@ export const techniquesOptions: MitreTechniquesOptions[] = [ tactics: 'initial-access', value: 'hardwareAdditions', }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.hiddenFilesAndDirectoriesDescription', + { defaultMessage: 'Hidden Files and Directories (T1158)' } + ), + id: 'T1158', + name: 'Hidden Files and Directories', + reference: 'https://attack.mitre.org/techniques/T1158', + tactics: 'defense-evasion,persistence', + value: 'hiddenFilesAndDirectories', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.hiddenUsersDescription', + { defaultMessage: 'Hidden Users (T1147)' } + ), + id: 'T1147', + name: 'Hidden Users', + reference: 'https://attack.mitre.org/techniques/T1147', + tactics: 'defense-evasion', + value: 'hiddenUsers', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.hiddenWindowDescription', + { defaultMessage: 'Hidden Window (T1143)' } + ), + id: 'T1143', + name: 'Hidden Window', + reference: 'https://attack.mitre.org/techniques/T1143', + tactics: 'defense-evasion', + value: 'hiddenWindow', + }, { label: i18n.translate( 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.hideArtifactsDescription', @@ -2487,6 +3818,17 @@ export const techniquesOptions: MitreTechniquesOptions[] = [ tactics: 'persistence,privilege-escalation,defense-evasion', value: 'hijackExecutionFlow', }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.hookingDescription', + { defaultMessage: 'Hooking (T1179)' } + ), + id: 'T1179', + name: 'Hooking', + reference: 'https://attack.mitre.org/techniques/T1179', + tactics: 'persistence,privilege-escalation,credential-access', + value: 'hooking', + }, { label: i18n.translate( 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.hypervisorDescription', @@ -2498,6 +3840,17 @@ export const techniquesOptions: MitreTechniquesOptions[] = [ tactics: 'persistence', value: 'hypervisor', }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.imageFileExecutionOptionsInjectionDescription', + { defaultMessage: 'Image File Execution Options Injection (T1183)' } + ), + id: 'T1183', + name: 'Image File Execution Options Injection', + reference: 'https://attack.mitre.org/techniques/T1183', + tactics: 'privilege-escalation,persistence,defense-evasion', + value: 'imageFileExecutionOptionsInjection', + }, { label: i18n.translate( 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.impairDefensesDescription', @@ -2520,6 +3873,28 @@ export const techniquesOptions: MitreTechniquesOptions[] = [ tactics: 'persistence', value: 'implantInternalImage', }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.indicatorBlockingDescription', + { defaultMessage: 'Indicator Blocking (T1054)' } + ), + id: 'T1054', + name: 'Indicator Blocking', + reference: 'https://attack.mitre.org/techniques/T1054', + tactics: 'defense-evasion', + value: 'indicatorBlocking', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.indicatorRemovalFromToolsDescription', + { defaultMessage: 'Indicator Removal from Tools (T1066)' } + ), + id: 'T1066', + name: 'Indicator Removal from Tools', + reference: 'https://attack.mitre.org/techniques/T1066', + tactics: 'defense-evasion', + value: 'indicatorRemovalFromTools', + }, { label: i18n.translate( 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.indicatorRemovalOnHostDescription', @@ -2575,6 +3950,39 @@ export const techniquesOptions: MitreTechniquesOptions[] = [ tactics: 'collection,credential-access', value: 'inputCapture', }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.inputPromptDescription', + { defaultMessage: 'Input Prompt (T1141)' } + ), + id: 'T1141', + name: 'Input Prompt', + reference: 'https://attack.mitre.org/techniques/T1141', + tactics: 'credential-access', + value: 'inputPrompt', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.installRootCertificateDescription', + { defaultMessage: 'Install Root Certificate (T1130)' } + ), + id: 'T1130', + name: 'Install Root Certificate', + reference: 'https://attack.mitre.org/techniques/T1130', + tactics: 'defense-evasion', + value: 'installRootCertificate', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.installUtilDescription', + { defaultMessage: 'InstallUtil (T1118)' } + ), + id: 'T1118', + name: 'InstallUtil', + reference: 'https://attack.mitre.org/techniques/T1118', + tactics: 'defense-evasion,execution', + value: 'installUtil', + }, { label: i18n.translate( 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.interProcessCommunicationDescription', @@ -2597,6 +4005,50 @@ export const techniquesOptions: MitreTechniquesOptions[] = [ tactics: 'lateral-movement', value: 'internalSpearphishing', }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.kerberoastingDescription', + { defaultMessage: 'Kerberoasting (T1208)' } + ), + id: 'T1208', + name: 'Kerberoasting', + reference: 'https://attack.mitre.org/techniques/T1208', + tactics: 'credential-access', + value: 'kerberoasting', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.kernelModulesAndExtensionsDescription', + { defaultMessage: 'Kernel Modules and Extensions (T1215)' } + ), + id: 'T1215', + name: 'Kernel Modules and Extensions', + reference: 'https://attack.mitre.org/techniques/T1215', + tactics: 'persistence', + value: 'kernelModulesAndExtensions', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.keychainDescription', + { defaultMessage: 'Keychain (T1142)' } + ), + id: 'T1142', + name: 'Keychain', + reference: 'https://attack.mitre.org/techniques/T1142', + tactics: 'credential-access', + value: 'keychain', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.lcLoadDylibAdditionDescription', + { defaultMessage: 'LC_LOAD_DYLIB Addition (T1161)' } + ), + id: 'T1161', + name: 'LC_LOAD_DYLIB Addition', + reference: 'https://attack.mitre.org/techniques/T1161', + tactics: 'persistence', + value: 'lcLoadDylibAddition', + }, { label: i18n.translate( 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.lcMainHijackingDescription', @@ -2608,6 +4060,28 @@ export const techniquesOptions: MitreTechniquesOptions[] = [ tactics: 'defense-evasion', value: 'lcMainHijacking', }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.llmnrNbtNsPoisoningAndRelayDescription', + { defaultMessage: 'LLMNR/NBT-NS Poisoning and Relay (T1171)' } + ), + id: 'T1171', + name: 'LLMNR/NBT-NS Poisoning and Relay', + reference: 'https://attack.mitre.org/techniques/T1171', + tactics: 'credential-access', + value: 'llmnrNbtNsPoisoningAndRelay', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.lsassDriverDescription', + { defaultMessage: 'LSASS Driver (T1177)' } + ), + id: 'T1177', + name: 'LSASS Driver', + reference: 'https://attack.mitre.org/techniques/T1177', + tactics: 'execution,persistence', + value: 'lsassDriver', + }, { label: i18n.translate( 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.lateralToolTransferDescription', @@ -2619,6 +4093,72 @@ export const techniquesOptions: MitreTechniquesOptions[] = [ tactics: 'lateral-movement', value: 'lateralToolTransfer', }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.launchAgentDescription', + { defaultMessage: 'Launch Agent (T1159)' } + ), + id: 'T1159', + name: 'Launch Agent', + reference: 'https://attack.mitre.org/techniques/T1159', + tactics: 'persistence', + value: 'launchAgent', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.launchDaemonDescription', + { defaultMessage: 'Launch Daemon (T1160)' } + ), + id: 'T1160', + name: 'Launch Daemon', + reference: 'https://attack.mitre.org/techniques/T1160', + tactics: 'persistence,privilege-escalation', + value: 'launchDaemon', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.launchctlDescription', + { defaultMessage: 'Launchctl (T1152)' } + ), + id: 'T1152', + name: 'Launchctl', + reference: 'https://attack.mitre.org/techniques/T1152', + tactics: 'defense-evasion,execution,persistence', + value: 'launchctl', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.localJobSchedulingDescription', + { defaultMessage: 'Local Job Scheduling (T1168)' } + ), + id: 'T1168', + name: 'Local Job Scheduling', + reference: 'https://attack.mitre.org/techniques/T1168', + tactics: 'persistence,execution', + value: 'localJobScheduling', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.loginItemDescription', + { defaultMessage: 'Login Item (T1162)' } + ), + id: 'T1162', + name: 'Login Item', + reference: 'https://attack.mitre.org/techniques/T1162', + tactics: 'persistence', + value: 'loginItem', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.maliciousShellModificationDescription', + { defaultMessage: 'Malicious Shell Modification (T1156)' } + ), + id: 'T1156', + name: 'Malicious Shell Modification', + reference: 'https://attack.mitre.org/techniques/T1156', + tactics: 'persistence', + value: 'maliciousShellModification', + }, { label: i18n.translate( 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.masqueradingDescription', @@ -2652,6 +4192,17 @@ export const techniquesOptions: MitreTechniquesOptions[] = [ tactics: 'defense-evasion', value: 'modifyCloudComputeInfrastructure', }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.modifyExistingServiceDescription', + { defaultMessage: 'Modify Existing Service (T1031)' } + ), + id: 'T1031', + name: 'Modify Existing Service', + reference: 'https://attack.mitre.org/techniques/T1031', + tactics: 'persistence', + value: 'modifyExistingService', + }, { label: i18n.translate( 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.modifyRegistryDescription', @@ -2674,6 +4225,39 @@ export const techniquesOptions: MitreTechniquesOptions[] = [ tactics: 'defense-evasion', value: 'modifySystemImage', }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.mshtaDescription', + { defaultMessage: 'Mshta (T1170)' } + ), + id: 'T1170', + name: 'Mshta', + reference: 'https://attack.mitre.org/techniques/T1170', + tactics: 'defense-evasion,execution', + value: 'mshta', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.multiFactorAuthenticationInterceptionDescription', + { defaultMessage: 'Multi-Factor Authentication Interception (T1111)' } + ), + id: 'T1111', + name: 'Multi-Factor Authentication Interception', + reference: 'https://attack.mitre.org/techniques/T1111', + tactics: 'credential-access', + value: 'multiFactorAuthenticationInterception', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.multiFactorAuthenticationRequestGenerationDescription', + { defaultMessage: 'Multi-Factor Authentication Request Generation (T1621)' } + ), + id: 'T1621', + name: 'Multi-Factor Authentication Request Generation', + reference: 'https://attack.mitre.org/techniques/T1621', + tactics: 'credential-access', + value: 'multiFactorAuthenticationRequestGeneration', + }, { label: i18n.translate( 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.multiStageChannelsDescription', @@ -2685,6 +4269,17 @@ export const techniquesOptions: MitreTechniquesOptions[] = [ tactics: 'command-and-control', value: 'multiStageChannels', }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.multiHopProxyDescription', + { defaultMessage: 'Multi-hop Proxy (T1188)' } + ), + id: 'T1188', + name: 'Multi-hop Proxy', + reference: 'https://attack.mitre.org/techniques/T1188', + tactics: 'command-and-control', + value: 'multiHopProxy', + }, { label: i18n.translate( 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.multibandCommunicationDescription', @@ -2698,18 +4293,51 @@ export const techniquesOptions: MitreTechniquesOptions[] = [ }, { label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.nativeApiDescription', - { defaultMessage: 'Native API (T1106)' } + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.multilayerEncryptionDescription', + { defaultMessage: 'Multilayer Encryption (T1079)' } ), - id: 'T1106', - name: 'Native API', - reference: 'https://attack.mitre.org/techniques/T1106', - tactics: 'execution', - value: 'nativeApi', + id: 'T1079', + name: 'Multilayer Encryption', + reference: 'https://attack.mitre.org/techniques/T1079', + tactics: 'command-and-control', + value: 'multilayerEncryption', }, { label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.networkBoundaryBridgingDescription', + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.ntfsFileAttributesDescription', + { defaultMessage: 'NTFS File Attributes (T1096)' } + ), + id: 'T1096', + name: 'NTFS File Attributes', + reference: 'https://attack.mitre.org/techniques/T1096', + tactics: 'defense-evasion', + value: 'ntfsFileAttributes', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.nativeApiDescription', + { defaultMessage: 'Native API (T1106)' } + ), + id: 'T1106', + name: 'Native API', + reference: 'https://attack.mitre.org/techniques/T1106', + tactics: 'execution', + value: 'nativeApi', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.netshHelperDllDescription', + { defaultMessage: 'Netsh Helper DLL (T1128)' } + ), + id: 'T1128', + name: 'Netsh Helper DLL', + reference: 'https://attack.mitre.org/techniques/T1128', + tactics: 'persistence', + value: 'netshHelperDll', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.networkBoundaryBridgingDescription', { defaultMessage: 'Network Boundary Bridging (T1599)' } ), id: 'T1599', @@ -2731,14 +4359,25 @@ export const techniquesOptions: MitreTechniquesOptions[] = [ }, { label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.networkServiceScanningDescription', - { defaultMessage: 'Network Service Scanning (T1046)' } + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.networkServiceDiscoveryDescription', + { defaultMessage: 'Network Service Discovery (T1046)' } ), id: 'T1046', - name: 'Network Service Scanning', + name: 'Network Service Discovery', reference: 'https://attack.mitre.org/techniques/T1046', tactics: 'discovery', - value: 'networkServiceScanning', + value: 'networkServiceDiscovery', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.networkShareConnectionRemovalDescription', + { defaultMessage: 'Network Share Connection Removal (T1126)' } + ), + id: 'T1126', + name: 'Network Share Connection Removal', + reference: 'https://attack.mitre.org/techniques/T1126', + tactics: 'defense-evasion', + value: 'networkShareConnectionRemoval', }, { label: i18n.translate( @@ -2762,6 +4401,17 @@ export const techniquesOptions: MitreTechniquesOptions[] = [ tactics: 'credential-access,discovery', value: 'networkSniffing', }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.newServiceDescription', + { defaultMessage: 'New Service (T1050)' } + ), + id: 'T1050', + name: 'New Service', + reference: 'https://attack.mitre.org/techniques/T1050', + tactics: 'persistence,privilege-escalation', + value: 'newService', + }, { label: i18n.translate( 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.nonApplicationLayerProtocolDescription', @@ -2828,6 +4478,50 @@ export const techniquesOptions: MitreTechniquesOptions[] = [ tactics: 'persistence', value: 'officeApplicationStartup', }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.parentPidSpoofingDescription', + { defaultMessage: 'Parent PID Spoofing (T1502)' } + ), + id: 'T1502', + name: 'Parent PID Spoofing', + reference: 'https://attack.mitre.org/techniques/T1502', + tactics: 'defense-evasion,privilege-escalation', + value: 'parentPidSpoofing', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.passTheHashDescription', + { defaultMessage: 'Pass the Hash (T1075)' } + ), + id: 'T1075', + name: 'Pass the Hash', + reference: 'https://attack.mitre.org/techniques/T1075', + tactics: 'lateral-movement', + value: 'passTheHash', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.passTheTicketDescription', + { defaultMessage: 'Pass the Ticket (T1097)' } + ), + id: 'T1097', + name: 'Pass the Ticket', + reference: 'https://attack.mitre.org/techniques/T1097', + tactics: 'lateral-movement', + value: 'passTheTicket', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.passwordFilterDllDescription', + { defaultMessage: 'Password Filter DLL (T1174)' } + ), + id: 'T1174', + name: 'Password Filter DLL', + reference: 'https://attack.mitre.org/techniques/T1174', + tactics: 'credential-access', + value: 'passwordFilterDll', + }, { label: i18n.translate( 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.passwordPolicyDiscoveryDescription', @@ -2894,6 +4588,61 @@ export const techniquesOptions: MitreTechniquesOptions[] = [ tactics: 'reconnaissance', value: 'phishingForInformation', }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.plistFileModificationDescription', + { defaultMessage: 'Plist File Modification (T1647)' } + ), + id: 'T1647', + name: 'Plist File Modification', + reference: 'https://attack.mitre.org/techniques/T1647', + tactics: 'defense-evasion', + value: 'plistFileModification', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.plistModificationDescription', + { defaultMessage: 'Plist Modification (T1150)' } + ), + id: 'T1150', + name: 'Plist Modification', + reference: 'https://attack.mitre.org/techniques/T1150', + tactics: 'defense-evasion,persistence,privilege-escalation', + value: 'plistModification', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.portMonitorsDescription', + { defaultMessage: 'Port Monitors (T1013)' } + ), + id: 'T1013', + name: 'Port Monitors', + reference: 'https://attack.mitre.org/techniques/T1013', + tactics: 'persistence,privilege-escalation', + value: 'portMonitors', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.powerShellDescription', + { defaultMessage: 'PowerShell (T1086)' } + ), + id: 'T1086', + name: 'PowerShell', + reference: 'https://attack.mitre.org/techniques/T1086', + tactics: 'execution', + value: 'powerShell', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.powerShellProfileDescription', + { defaultMessage: 'PowerShell Profile (T1504)' } + ), + id: 'T1504', + name: 'PowerShell Profile', + reference: 'https://attack.mitre.org/techniques/T1504', + tactics: 'persistence,privilege-escalation', + value: 'powerShellProfile', + }, { label: i18n.translate( 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.preOsBootDescription', @@ -2905,6 +4654,17 @@ export const techniquesOptions: MitreTechniquesOptions[] = [ tactics: 'defense-evasion,persistence', value: 'preOsBoot', }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.privateKeysDescription', + { defaultMessage: 'Private Keys (T1145)' } + ), + id: 'T1145', + name: 'Private Keys', + reference: 'https://attack.mitre.org/techniques/T1145', + tactics: 'credential-access', + value: 'privateKeys', + }, { label: i18n.translate( 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.processDiscoveryDescription', @@ -2916,6 +4676,28 @@ export const techniquesOptions: MitreTechniquesOptions[] = [ tactics: 'discovery', value: 'processDiscovery', }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.processDoppelgangingDescription', + { defaultMessage: 'Process Doppelgänging (T1186)' } + ), + id: 'T1186', + name: 'Process Doppelgänging', + reference: 'https://attack.mitre.org/techniques/T1186', + tactics: 'defense-evasion', + value: 'processDoppelganging', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.processHollowingDescription', + { defaultMessage: 'Process Hollowing (T1093)' } + ), + id: 'T1093', + name: 'Process Hollowing', + reference: 'https://attack.mitre.org/techniques/T1093', + tactics: 'defense-evasion', + value: 'processHollowing', + }, { label: i18n.translate( 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.processInjectionDescription', @@ -2960,6 +4742,28 @@ export const techniquesOptions: MitreTechniquesOptions[] = [ tactics: 'discovery', value: 'queryRegistry', }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.rcCommonDescription', + { defaultMessage: 'Rc.common (T1163)' } + ), + id: 'T1163', + name: 'Rc.common', + reference: 'https://attack.mitre.org/techniques/T1163', + tactics: 'persistence', + value: 'rcCommon', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.reOpenedApplicationsDescription', + { defaultMessage: 'Re-opened Applications (T1164)' } + ), + id: 'T1164', + name: 'Re-opened Applications', + reference: 'https://attack.mitre.org/techniques/T1164', + tactics: 'persistence', + value: 'reOpenedApplications', + }, { label: i18n.translate( 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.redundantAccessDescription', @@ -2982,6 +4786,39 @@ export const techniquesOptions: MitreTechniquesOptions[] = [ tactics: 'defense-evasion', value: 'reflectiveCodeLoading', }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.registryRunKeysStartupFolderDescription', + { defaultMessage: 'Registry Run Keys / Startup Folder (T1060)' } + ), + id: 'T1060', + name: 'Registry Run Keys / Startup Folder', + reference: 'https://attack.mitre.org/techniques/T1060', + tactics: 'persistence', + value: 'registryRunKeysStartupFolder', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.regsvcsRegasmDescription', + { defaultMessage: 'Regsvcs/Regasm (T1121)' } + ), + id: 'T1121', + name: 'Regsvcs/Regasm', + reference: 'https://attack.mitre.org/techniques/T1121', + tactics: 'defense-evasion,execution', + value: 'regsvcsRegasm', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.regsvr32Description', + { defaultMessage: 'Regsvr32 (T1117)' } + ), + id: 'T1117', + name: 'Regsvr32', + reference: 'https://attack.mitre.org/techniques/T1117', + tactics: 'defense-evasion,execution', + value: 'regsvr32', + }, { label: i18n.translate( 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.remoteAccessSoftwareDescription', @@ -2993,6 +4830,17 @@ export const techniquesOptions: MitreTechniquesOptions[] = [ tactics: 'command-and-control', value: 'remoteAccessSoftware', }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.remoteDesktopProtocolDescription', + { defaultMessage: 'Remote Desktop Protocol (T1076)' } + ), + id: 'T1076', + name: 'Remote Desktop Protocol', + reference: 'https://attack.mitre.org/techniques/T1076', + tactics: 'lateral-movement', + value: 'remoteDesktopProtocol', + }, { label: i18n.translate( 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.remoteServiceSessionHijackingDescription', @@ -3048,6 +4896,17 @@ export const techniquesOptions: MitreTechniquesOptions[] = [ tactics: 'impact', value: 'resourceHijacking', }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.revertCloudInstanceDescription', + { defaultMessage: 'Revert Cloud Instance (T1536)' } + ), + id: 'T1536', + name: 'Revert Cloud Instance', + reference: 'https://attack.mitre.org/techniques/T1536', + tactics: 'defense-evasion', + value: 'revertCloudInstance', + }, { label: i18n.translate( 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.rogueDomainControllerDescription', @@ -3070,6 +4929,61 @@ export const techniquesOptions: MitreTechniquesOptions[] = [ tactics: 'defense-evasion', value: 'rootkit', }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.rundll32Description', + { defaultMessage: 'Rundll32 (T1085)' } + ), + id: 'T1085', + name: 'Rundll32', + reference: 'https://attack.mitre.org/techniques/T1085', + tactics: 'defense-evasion,execution', + value: 'rundll32', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.runtimeDataManipulationDescription', + { defaultMessage: 'Runtime Data Manipulation (T1494)' } + ), + id: 'T1494', + name: 'Runtime Data Manipulation', + reference: 'https://attack.mitre.org/techniques/T1494', + tactics: 'impact', + value: 'runtimeDataManipulation', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.sidHistoryInjectionDescription', + { defaultMessage: 'SID-History Injection (T1178)' } + ), + id: 'T1178', + name: 'SID-History Injection', + reference: 'https://attack.mitre.org/techniques/T1178', + tactics: 'privilege-escalation', + value: 'sidHistoryInjection', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.sipAndTrustProviderHijackingDescription', + { defaultMessage: 'SIP and Trust Provider Hijacking (T1198)' } + ), + id: 'T1198', + name: 'SIP and Trust Provider Hijacking', + reference: 'https://attack.mitre.org/techniques/T1198', + tactics: 'defense-evasion,persistence', + value: 'sipAndTrustProviderHijacking', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.sshHijackingDescription', + { defaultMessage: 'SSH Hijacking (T1184)' } + ), + id: 'T1184', + name: 'SSH Hijacking', + reference: 'https://attack.mitre.org/techniques/T1184', + tactics: 'lateral-movement', + value: 'sshHijacking', + }, { label: i18n.translate( 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.scheduledTaskJobDescription', @@ -3103,6 +5017,17 @@ export const techniquesOptions: MitreTechniquesOptions[] = [ tactics: 'collection', value: 'screenCapture', }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.screensaverDescription', + { defaultMessage: 'Screensaver (T1180)' } + ), + id: 'T1180', + name: 'Screensaver', + reference: 'https://attack.mitre.org/techniques/T1180', + tactics: 'persistence', + value: 'screensaver', + }, { label: i18n.translate( 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.scriptingDescription', @@ -3158,6 +5083,39 @@ export const techniquesOptions: MitreTechniquesOptions[] = [ tactics: 'reconnaissance', value: 'searchVictimOwnedWebsites', }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.securitySoftwareDiscoveryDescription', + { defaultMessage: 'Security Software Discovery (T1063)' } + ), + id: 'T1063', + name: 'Security Software Discovery', + reference: 'https://attack.mitre.org/techniques/T1063', + tactics: 'discovery', + value: 'securitySoftwareDiscovery', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.securitySupportProviderDescription', + { defaultMessage: 'Security Support Provider (T1101)' } + ), + id: 'T1101', + name: 'Security Support Provider', + reference: 'https://attack.mitre.org/techniques/T1101', + tactics: 'persistence', + value: 'securitySupportProvider', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.securitydMemoryDescription', + { defaultMessage: 'Securityd Memory (T1167)' } + ), + id: 'T1167', + name: 'Securityd Memory', + reference: 'https://attack.mitre.org/techniques/T1167', + tactics: 'credential-access', + value: 'securitydMemory', + }, { label: i18n.translate( 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.serverSoftwareComponentDescription', @@ -3169,6 +5127,28 @@ export const techniquesOptions: MitreTechniquesOptions[] = [ tactics: 'persistence', value: 'serverSoftwareComponent', }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.serviceExecutionDescription', + { defaultMessage: 'Service Execution (T1035)' } + ), + id: 'T1035', + name: 'Service Execution', + reference: 'https://attack.mitre.org/techniques/T1035', + tactics: 'execution', + value: 'serviceExecution', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.serviceRegistryPermissionsWeaknessDescription', + { defaultMessage: 'Service Registry Permissions Weakness (T1058)' } + ), + id: 'T1058', + name: 'Service Registry Permissions Weakness', + reference: 'https://attack.mitre.org/techniques/T1058', + tactics: 'persistence,privilege-escalation', + value: 'serviceRegistryPermissionsWeakness', + }, { label: i18n.translate( 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.serviceStopDescription', @@ -3180,6 +5160,17 @@ export const techniquesOptions: MitreTechniquesOptions[] = [ tactics: 'impact', value: 'serviceStop', }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.setuidAndSetgidDescription', + { defaultMessage: 'Setuid and Setgid (T1166)' } + ), + id: 'T1166', + name: 'Setuid and Setgid', + reference: 'https://attack.mitre.org/techniques/T1166', + tactics: 'privilege-escalation,persistence', + value: 'setuidAndSetgid', + }, { label: i18n.translate( 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.sharedModulesDescription', @@ -3204,30 +5195,19 @@ export const techniquesOptions: MitreTechniquesOptions[] = [ }, { label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.signedBinaryProxyExecutionDescription', - { defaultMessage: 'Signed Binary Proxy Execution (T1218)' } + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.shortcutModificationDescription', + { defaultMessage: 'Shortcut Modification (T1023)' } ), - id: 'T1218', - name: 'Signed Binary Proxy Execution', - reference: 'https://attack.mitre.org/techniques/T1218', - tactics: 'defense-evasion', - value: 'signedBinaryProxyExecution', + id: 'T1023', + name: 'Shortcut Modification', + reference: 'https://attack.mitre.org/techniques/T1023', + tactics: 'persistence', + value: 'shortcutModification', }, { label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.signedScriptProxyExecutionDescription', - { defaultMessage: 'Signed Script Proxy Execution (T1216)' } - ), - id: 'T1216', - name: 'Signed Script Proxy Execution', - reference: 'https://attack.mitre.org/techniques/T1216', - tactics: 'defense-evasion', - value: 'signedScriptProxyExecution', - }, - { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.softwareDeploymentToolsDescription', - { defaultMessage: 'Software Deployment Tools (T1072)' } + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.softwareDeploymentToolsDescription', + { defaultMessage: 'Software Deployment Tools (T1072)' } ), id: 'T1072', name: 'Software Deployment Tools', @@ -3246,6 +5226,17 @@ export const techniquesOptions: MitreTechniquesOptions[] = [ tactics: 'discovery', value: 'softwareDiscovery', }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.softwarePackingDescription', + { defaultMessage: 'Software Packing (T1045)' } + ), + id: 'T1045', + name: 'Software Packing', + reference: 'https://attack.mitre.org/techniques/T1045', + tactics: 'defense-evasion', + value: 'softwarePacking', + }, { label: i18n.translate( 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.sourceDescription', @@ -3257,6 +5248,50 @@ export const techniquesOptions: MitreTechniquesOptions[] = [ tactics: 'execution', value: 'source', }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.spaceAfterFilenameDescription', + { defaultMessage: 'Space after Filename (T1151)' } + ), + id: 'T1151', + name: 'Space after Filename', + reference: 'https://attack.mitre.org/techniques/T1151', + tactics: 'defense-evasion,execution', + value: 'spaceAfterFilename', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.spearphishingAttachmentDescription', + { defaultMessage: 'Spearphishing Attachment (T1193)' } + ), + id: 'T1193', + name: 'Spearphishing Attachment', + reference: 'https://attack.mitre.org/techniques/T1193', + tactics: 'initial-access', + value: 'spearphishingAttachment', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.spearphishingLinkDescription', + { defaultMessage: 'Spearphishing Link (T1192)' } + ), + id: 'T1192', + name: 'Spearphishing Link', + reference: 'https://attack.mitre.org/techniques/T1192', + tactics: 'initial-access', + value: 'spearphishingLink', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.spearphishingViaServiceDescription', + { defaultMessage: 'Spearphishing via Service (T1194)' } + ), + id: 'T1194', + name: 'Spearphishing via Service', + reference: 'https://attack.mitre.org/techniques/T1194', + tactics: 'initial-access', + value: 'spearphishingViaService', + }, { label: i18n.translate( 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.stageCapabilitiesDescription', @@ -3268,6 +5303,28 @@ export const techniquesOptions: MitreTechniquesOptions[] = [ tactics: 'resource-development', value: 'stageCapabilities', }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.standardCryptographicProtocolDescription', + { defaultMessage: 'Standard Cryptographic Protocol (T1032)' } + ), + id: 'T1032', + name: 'Standard Cryptographic Protocol', + reference: 'https://attack.mitre.org/techniques/T1032', + tactics: 'command-and-control', + value: 'standardCryptographicProtocol', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.startupItemsDescription', + { defaultMessage: 'Startup Items (T1165)' } + ), + id: 'T1165', + name: 'Startup Items', + reference: 'https://attack.mitre.org/techniques/T1165', + tactics: 'persistence,privilege-escalation', + value: 'startupItems', + }, { label: i18n.translate( 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.stealApplicationAccessTokenDescription', @@ -3301,6 +5358,17 @@ export const techniquesOptions: MitreTechniquesOptions[] = [ tactics: 'credential-access', value: 'stealOrForgeKerberosTickets', }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.storedDataManipulationDescription', + { defaultMessage: 'Stored Data Manipulation (T1492)' } + ), + id: 'T1492', + name: 'Stored Data Manipulation', + reference: 'https://attack.mitre.org/techniques/T1492', + tactics: 'impact', + value: 'storedDataManipulation', + }, { label: i18n.translate( 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.subvertTrustControlsDescription', @@ -3312,6 +5380,28 @@ export const techniquesOptions: MitreTechniquesOptions[] = [ tactics: 'defense-evasion', value: 'subvertTrustControls', }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.sudoDescription', + { defaultMessage: 'Sudo (T1169)' } + ), + id: 'T1169', + name: 'Sudo', + reference: 'https://attack.mitre.org/techniques/T1169', + tactics: 'privilege-escalation', + value: 'sudo', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.sudoCachingDescription', + { defaultMessage: 'Sudo Caching (T1206)' } + ), + id: 'T1206', + name: 'Sudo Caching', + reference: 'https://attack.mitre.org/techniques/T1206', + tactics: 'privilege-escalation', + value: 'sudoCaching', + }, { label: i18n.translate( 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.supplyChainCompromiseDescription', @@ -3323,6 +5413,28 @@ export const techniquesOptions: MitreTechniquesOptions[] = [ tactics: 'initial-access', value: 'supplyChainCompromise', }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.systemBinaryProxyExecutionDescription', + { defaultMessage: 'System Binary Proxy Execution (T1218)' } + ), + id: 'T1218', + name: 'System Binary Proxy Execution', + reference: 'https://attack.mitre.org/techniques/T1218', + tactics: 'defense-evasion', + value: 'systemBinaryProxyExecution', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.systemFirmwareDescription', + { defaultMessage: 'System Firmware (T1019)' } + ), + id: 'T1019', + name: 'System Firmware', + reference: 'https://attack.mitre.org/techniques/T1019', + tactics: 'persistence', + value: 'systemFirmware', + }, { label: i18n.translate( 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.systemInformationDiscoveryDescription', @@ -3378,6 +5490,17 @@ export const techniquesOptions: MitreTechniquesOptions[] = [ tactics: 'discovery', value: 'systemOwnerUserDiscovery', }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.systemScriptProxyExecutionDescription', + { defaultMessage: 'System Script Proxy Execution (T1216)' } + ), + id: 'T1216', + name: 'System Script Proxy Execution', + reference: 'https://attack.mitre.org/techniques/T1216', + tactics: 'defense-evasion', + value: 'systemScriptProxyExecution', + }, { label: i18n.translate( 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.systemServiceDiscoveryDescription', @@ -3422,6 +5545,17 @@ export const techniquesOptions: MitreTechniquesOptions[] = [ tactics: 'discovery', value: 'systemTimeDiscovery', }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.systemdServiceDescription', + { defaultMessage: 'Systemd Service (T1501)' } + ), + id: 'T1501', + name: 'Systemd Service', + reference: 'https://attack.mitre.org/techniques/T1501', + tactics: 'persistence', + value: 'systemdService', + }, { label: i18n.translate( 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.taintSharedContentDescription', @@ -3444,6 +5578,28 @@ export const techniquesOptions: MitreTechniquesOptions[] = [ tactics: 'defense-evasion', value: 'templateInjection', }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.timeProvidersDescription', + { defaultMessage: 'Time Providers (T1209)' } + ), + id: 'T1209', + name: 'Time Providers', + reference: 'https://attack.mitre.org/techniques/T1209', + tactics: 'persistence', + value: 'timeProviders', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.timestompDescription', + { defaultMessage: 'Timestomp (T1099)' } + ), + id: 'T1099', + name: 'Timestomp', + reference: 'https://attack.mitre.org/techniques/T1099', + tactics: 'defense-evasion', + value: 'timestomp', + }, { label: i18n.translate( 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.trafficSignalingDescription', @@ -3466,6 +5622,28 @@ export const techniquesOptions: MitreTechniquesOptions[] = [ tactics: 'exfiltration', value: 'transferDataToCloudAccount', }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.transmittedDataManipulationDescription', + { defaultMessage: 'Transmitted Data Manipulation (T1493)' } + ), + id: 'T1493', + name: 'Transmitted Data Manipulation', + reference: 'https://attack.mitre.org/techniques/T1493', + tactics: 'impact', + value: 'transmittedDataManipulation', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.trapDescription', + { defaultMessage: 'Trap (T1154)' } + ), + id: 'T1154', + name: 'Trap', + reference: 'https://attack.mitre.org/techniques/T1154', + tactics: 'execution,persistence', + value: 'trap', + }, { label: i18n.translate( 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.trustedDeveloperUtilitiesProxyExecutionDescription', @@ -3490,14 +5668,14 @@ export const techniquesOptions: MitreTechniquesOptions[] = [ }, { label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.twoFactorAuthenticationInterceptionDescription', - { defaultMessage: 'Two-Factor Authentication Interception (T1111)' } + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.uncommonlyUsedPortDescription', + { defaultMessage: 'Uncommonly Used Port (T1065)' } ), - id: 'T1111', - name: 'Two-Factor Authentication Interception', - reference: 'https://attack.mitre.org/techniques/T1111', - tactics: 'credential-access', - value: 'twoFactorAuthenticationInterception', + id: 'T1065', + name: 'Uncommonly Used Port', + reference: 'https://attack.mitre.org/techniques/T1065', + tactics: 'command-and-control', + value: 'uncommonlyUsedPort', }, { label: i18n.translate( @@ -3598,6 +5776,39 @@ export const techniquesOptions: MitreTechniquesOptions[] = [ tactics: 'command-and-control', value: 'webService', }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.webSessionCookieDescription', + { defaultMessage: 'Web Session Cookie (T1506)' } + ), + id: 'T1506', + name: 'Web Session Cookie', + reference: 'https://attack.mitre.org/techniques/T1506', + tactics: 'defense-evasion,lateral-movement', + value: 'webSessionCookie', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.webShellDescription', + { defaultMessage: 'Web Shell (T1100)' } + ), + id: 'T1100', + name: 'Web Shell', + reference: 'https://attack.mitre.org/techniques/T1100', + tactics: 'persistence,privilege-escalation', + value: 'webShell', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.windowsAdminSharesDescription', + { defaultMessage: 'Windows Admin Shares (T1077)' } + ), + id: 'T1077', + name: 'Windows Admin Shares', + reference: 'https://attack.mitre.org/techniques/T1077', + tactics: 'lateral-movement', + value: 'windowsAdminShares', + }, { label: i18n.translate( 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.windowsManagementInstrumentationDescription', @@ -3609,6 +5820,39 @@ export const techniquesOptions: MitreTechniquesOptions[] = [ tactics: 'execution', value: 'windowsManagementInstrumentation', }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.windowsManagementInstrumentationEventSubscriptionDescription', + { defaultMessage: 'Windows Management Instrumentation Event Subscription (T1084)' } + ), + id: 'T1084', + name: 'Windows Management Instrumentation Event Subscription', + reference: 'https://attack.mitre.org/techniques/T1084', + tactics: 'persistence', + value: 'windowsManagementInstrumentationEventSubscription', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.windowsRemoteManagementDescription', + { defaultMessage: 'Windows Remote Management (T1028)' } + ), + id: 'T1028', + name: 'Windows Remote Management', + reference: 'https://attack.mitre.org/techniques/T1028', + tactics: 'execution,lateral-movement', + value: 'windowsRemoteManagement', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.winlogonHelperDllDescription', + { defaultMessage: 'Winlogon Helper DLL (T1004)' } + ), + id: 'T1004', + name: 'Winlogon Helper DLL', + reference: 'https://attack.mitre.org/techniques/T1004', + tactics: 'persistence', + value: 'winlogonHelperDll', + }, { label: i18n.translate( 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.xslScriptProcessingDescription', @@ -3622,114 +5866,2845 @@ export const techniquesOptions: MitreTechniquesOptions[] = [ }, ]; -export const subtechniquesOptions: MitreSubtechniquesOptions[] = [ +export const subtechniques = [ { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.etcPasswdAndEtcShadowT1003Description', - { defaultMessage: '/etc/passwd and /etc/shadow (T1003.008)' } - ), - id: 'T1003.008', name: '/etc/passwd and /etc/shadow', + id: 'T1003.008', reference: 'https://attack.mitre.org/techniques/T1003/008', - tactics: 'credential-access', + tactics: ['credential-access'], techniqueId: 'T1003', - value: 'etcPasswdAndEtcShadow', }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.arpCachePoisoningT1557Description', - { defaultMessage: 'ARP Cache Poisoning (T1557.002)' } - ), - id: 'T1557.002', name: 'ARP Cache Poisoning', + id: 'T1557.002', reference: 'https://attack.mitre.org/techniques/T1557/002', - tactics: 'credential-access,collection', + tactics: ['credential-access', 'collection'], techniqueId: 'T1557', - value: 'arpCachePoisoning', }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.asRepRoastingT1558Description', - { defaultMessage: 'AS-REP Roasting (T1558.004)' } - ), - id: 'T1558.004', name: 'AS-REP Roasting', + id: 'T1558.004', reference: 'https://attack.mitre.org/techniques/T1558/004', - tactics: 'credential-access', + tactics: ['credential-access'], techniqueId: 'T1558', - value: 'asRepRoasting', }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.accessibilityFeaturesT1546Description', - { defaultMessage: 'Accessibility Features (T1546.008)' } - ), - id: 'T1546.008', name: 'Accessibility Features', + id: 'T1546.008', reference: 'https://attack.mitre.org/techniques/T1546/008', - tactics: 'privilege-escalation,persistence', + tactics: ['privilege-escalation', 'persistence'], techniqueId: 'T1546', - value: 'accessibilityFeatures', }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.activeSetupT1547Description', - { defaultMessage: 'Active Setup (T1547.014)' } - ), - id: 'T1547.014', name: 'Active Setup', + id: 'T1547.014', reference: 'https://attack.mitre.org/techniques/T1547/014', - tactics: 'persistence,privilege-escalation', + tactics: ['persistence', 'privilege-escalation'], techniqueId: 'T1547', - value: 'activeSetup', - }, - { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.addOffice365GlobalAdministratorRoleT1098Description', - { defaultMessage: 'Add Office 365 Global Administrator Role (T1098.003)' } - ), - id: 'T1098.003', - name: 'Add Office 365 Global Administrator Role', - reference: 'https://attack.mitre.org/techniques/T1098/003', - tactics: 'persistence', - techniqueId: 'T1098', - value: 'addOffice365GlobalAdministratorRole', }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.addInsT1137Description', - { defaultMessage: 'Add-ins (T1137.006)' } - ), - id: 'T1137.006', name: 'Add-ins', + id: 'T1137.006', reference: 'https://attack.mitre.org/techniques/T1137/006', - tactics: 'persistence', + tactics: ['persistence'], techniqueId: 'T1137', - value: 'addIns', }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.additionalCloudCredentialsT1098Description', - { defaultMessage: 'Additional Cloud Credentials (T1098.001)' } - ), - id: 'T1098.001', name: 'Additional Cloud Credentials', + id: 'T1098.001', reference: 'https://attack.mitre.org/techniques/T1098/001', - tactics: 'persistence', + tactics: ['persistence'], techniqueId: 'T1098', - value: 'additionalCloudCredentials', - }, - { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.appCertDlLsT1546Description', - { defaultMessage: 'AppCert DLLs (T1546.009)' } - ), - id: 'T1546.009', - name: 'AppCert DLLs', - reference: 'https://attack.mitre.org/techniques/T1546/009', - tactics: 'privilege-escalation,persistence', - techniqueId: 'T1546', - value: 'appCertDlLs', + }, + { + name: 'Additional Cloud Roles', + id: 'T1098.003', + reference: 'https://attack.mitre.org/techniques/T1098/003', + tactics: ['persistence'], + techniqueId: 'T1098', + }, + { + name: 'Additional Email Delegate Permissions', + id: 'T1098.002', + reference: 'https://attack.mitre.org/techniques/T1098/002', + tactics: ['persistence'], + techniqueId: 'T1098', + }, + { + name: 'AppCert DLLs', + id: 'T1546.009', + reference: 'https://attack.mitre.org/techniques/T1546/009', + tactics: ['privilege-escalation', 'persistence'], + techniqueId: 'T1546', + }, + { + name: 'AppInit DLLs', + id: 'T1546.010', + reference: 'https://attack.mitre.org/techniques/T1546/010', + tactics: ['privilege-escalation', 'persistence'], + techniqueId: 'T1546', + }, + { + name: 'AppleScript', + id: 'T1059.002', + reference: 'https://attack.mitre.org/techniques/T1059/002', + tactics: ['execution'], + techniqueId: 'T1059', + }, + { + name: 'Application Access Token', + id: 'T1550.001', + reference: 'https://attack.mitre.org/techniques/T1550/001', + tactics: ['defense-evasion', 'lateral-movement'], + techniqueId: 'T1550', + }, + { + name: 'Application Exhaustion Flood', + id: 'T1499.003', + reference: 'https://attack.mitre.org/techniques/T1499/003', + tactics: ['impact'], + techniqueId: 'T1499', + }, + { + name: 'Application Shimming', + id: 'T1546.011', + reference: 'https://attack.mitre.org/techniques/T1546/011', + tactics: ['privilege-escalation', 'persistence'], + techniqueId: 'T1546', + }, + { + name: 'Application or System Exploitation', + id: 'T1499.004', + reference: 'https://attack.mitre.org/techniques/T1499/004', + tactics: ['impact'], + techniqueId: 'T1499', + }, + { + name: 'Archive via Custom Method', + id: 'T1560.003', + reference: 'https://attack.mitre.org/techniques/T1560/003', + tactics: ['collection'], + techniqueId: 'T1560', + }, + { + name: 'Archive via Library', + id: 'T1560.002', + reference: 'https://attack.mitre.org/techniques/T1560/002', + tactics: ['collection'], + techniqueId: 'T1560', + }, + { + name: 'Archive via Utility', + id: 'T1560.001', + reference: 'https://attack.mitre.org/techniques/T1560/001', + tactics: ['collection'], + techniqueId: 'T1560', + }, + { + name: 'Asymmetric Cryptography', + id: 'T1573.002', + reference: 'https://attack.mitre.org/techniques/T1573/002', + tactics: ['command-and-control'], + techniqueId: 'T1573', + }, + { + name: 'Asynchronous Procedure Call', + id: 'T1055.004', + reference: 'https://attack.mitre.org/techniques/T1055/004', + tactics: ['defense-evasion', 'privilege-escalation'], + techniqueId: 'T1055', + }, + { + name: 'At', + id: 'T1053.002', + reference: 'https://attack.mitre.org/techniques/T1053/002', + tactics: ['execution', 'persistence', 'privilege-escalation'], + techniqueId: 'T1053', + }, + { + name: 'At (Linux)', + id: 'T1053.001', + reference: 'https://attack.mitre.org/techniques/T1053/001', + tactics: ['execution', 'persistence', 'privilege-escalation'], + techniqueId: 'T1053', + }, + { + name: 'Authentication Package', + id: 'T1547.002', + reference: 'https://attack.mitre.org/techniques/T1547/002', + tactics: ['persistence', 'privilege-escalation'], + techniqueId: 'T1547', + }, + { + name: 'Bash History', + id: 'T1552.003', + reference: 'https://attack.mitre.org/techniques/T1552/003', + tactics: ['credential-access'], + techniqueId: 'T1552', + }, + { + name: 'Bidirectional Communication', + id: 'T1102.002', + reference: 'https://attack.mitre.org/techniques/T1102/002', + tactics: ['command-and-control'], + techniqueId: 'T1102', + }, + { + name: 'Binary Padding', + id: 'T1027.001', + reference: 'https://attack.mitre.org/techniques/T1027/001', + tactics: ['defense-evasion'], + techniqueId: 'T1027', + }, + { + name: 'Bootkit', + id: 'T1542.003', + reference: 'https://attack.mitre.org/techniques/T1542/003', + tactics: ['persistence', 'defense-evasion'], + techniqueId: 'T1542', + }, + { + name: 'Botnet', + id: 'T1583.005', + reference: 'https://attack.mitre.org/techniques/T1583/005', + tactics: ['resource-development'], + techniqueId: 'T1583', + }, + { + name: 'Botnet', + id: 'T1584.005', + reference: 'https://attack.mitre.org/techniques/T1584/005', + tactics: ['resource-development'], + techniqueId: 'T1584', + }, + { + name: 'Business Relationships', + id: 'T1591.002', + reference: 'https://attack.mitre.org/techniques/T1591/002', + tactics: ['reconnaissance'], + techniqueId: 'T1591', + }, + { + name: 'Bypass User Account Control', + id: 'T1548.002', + reference: 'https://attack.mitre.org/techniques/T1548/002', + tactics: ['privilege-escalation', 'defense-evasion'], + techniqueId: 'T1548', + }, + { + name: 'CDNs', + id: 'T1596.004', + reference: 'https://attack.mitre.org/techniques/T1596/004', + tactics: ['reconnaissance'], + techniqueId: 'T1596', + }, + { + name: 'CMSTP', + id: 'T1218.003', + reference: 'https://attack.mitre.org/techniques/T1218/003', + tactics: ['defense-evasion'], + techniqueId: 'T1218', + }, + { + name: 'COR_PROFILER', + id: 'T1574.012', + reference: 'https://attack.mitre.org/techniques/T1574/012', + tactics: ['persistence', 'privilege-escalation', 'defense-evasion'], + techniqueId: 'T1574', + }, + { + name: 'Cached Domain Credentials', + id: 'T1003.005', + reference: 'https://attack.mitre.org/techniques/T1003/005', + tactics: ['credential-access'], + techniqueId: 'T1003', + }, + { + name: 'Change Default File Association', + id: 'T1546.001', + reference: 'https://attack.mitre.org/techniques/T1546/001', + tactics: ['privilege-escalation', 'persistence'], + techniqueId: 'T1546', + }, + { + name: 'Clear Command History', + id: 'T1070.003', + reference: 'https://attack.mitre.org/techniques/T1070/003', + tactics: ['defense-evasion'], + techniqueId: 'T1070', + }, + { + name: 'Clear Linux or Mac System Logs', + id: 'T1070.002', + reference: 'https://attack.mitre.org/techniques/T1070/002', + tactics: ['defense-evasion'], + techniqueId: 'T1070', + }, + { + name: 'Clear Windows Event Logs', + id: 'T1070.001', + reference: 'https://attack.mitre.org/techniques/T1070/001', + tactics: ['defense-evasion'], + techniqueId: 'T1070', + }, + { + name: 'Client Configurations', + id: 'T1592.004', + reference: 'https://attack.mitre.org/techniques/T1592/004', + tactics: ['reconnaissance'], + techniqueId: 'T1592', + }, + { + name: 'Cloud Account', + id: 'T1087.004', + reference: 'https://attack.mitre.org/techniques/T1087/004', + tactics: ['discovery'], + techniqueId: 'T1087', + }, + { + name: 'Cloud Account', + id: 'T1136.003', + reference: 'https://attack.mitre.org/techniques/T1136/003', + tactics: ['persistence'], + techniqueId: 'T1136', + }, + { + name: 'Cloud Accounts', + id: 'T1078.004', + reference: 'https://attack.mitre.org/techniques/T1078/004', + tactics: ['defense-evasion', 'persistence', 'privilege-escalation', 'initial-access'], + techniqueId: 'T1078', + }, + { + name: 'Cloud Groups', + id: 'T1069.003', + reference: 'https://attack.mitre.org/techniques/T1069/003', + tactics: ['discovery'], + techniqueId: 'T1069', + }, + { + name: 'Cloud Instance Metadata API', + id: 'T1552.005', + reference: 'https://attack.mitre.org/techniques/T1552/005', + tactics: ['credential-access'], + techniqueId: 'T1552', + }, + { + name: 'Code Repositories', + id: 'T1213.003', + reference: 'https://attack.mitre.org/techniques/T1213/003', + tactics: ['collection'], + techniqueId: 'T1213', + }, + { + name: 'Code Signing', + id: 'T1553.002', + reference: 'https://attack.mitre.org/techniques/T1553/002', + tactics: ['defense-evasion'], + techniqueId: 'T1553', + }, + { + name: 'Code Signing Certificates', + id: 'T1587.002', + reference: 'https://attack.mitre.org/techniques/T1587/002', + tactics: ['resource-development'], + techniqueId: 'T1587', + }, + { + name: 'Code Signing Certificates', + id: 'T1588.003', + reference: 'https://attack.mitre.org/techniques/T1588/003', + tactics: ['resource-development'], + techniqueId: 'T1588', + }, + { + name: 'Code Signing Policy Modification', + id: 'T1553.006', + reference: 'https://attack.mitre.org/techniques/T1553/006', + tactics: ['defense-evasion'], + techniqueId: 'T1553', + }, + { + name: 'Compile After Delivery', + id: 'T1027.004', + reference: 'https://attack.mitre.org/techniques/T1027/004', + tactics: ['defense-evasion'], + techniqueId: 'T1027', + }, + { + name: 'Compiled HTML File', + id: 'T1218.001', + reference: 'https://attack.mitre.org/techniques/T1218/001', + tactics: ['defense-evasion'], + techniqueId: 'T1218', + }, + { + name: 'Component Firmware', + id: 'T1542.002', + reference: 'https://attack.mitre.org/techniques/T1542/002', + tactics: ['persistence', 'defense-evasion'], + techniqueId: 'T1542', + }, + { + name: 'Component Object Model', + id: 'T1559.001', + reference: 'https://attack.mitre.org/techniques/T1559/001', + tactics: ['execution'], + techniqueId: 'T1559', + }, + { + name: 'Component Object Model Hijacking', + id: 'T1546.015', + reference: 'https://attack.mitre.org/techniques/T1546/015', + tactics: ['privilege-escalation', 'persistence'], + techniqueId: 'T1546', + }, + { + name: 'Compromise Hardware Supply Chain', + id: 'T1195.003', + reference: 'https://attack.mitre.org/techniques/T1195/003', + tactics: ['initial-access'], + techniqueId: 'T1195', + }, + { + name: 'Compromise Software Dependencies and Development Tools', + id: 'T1195.001', + reference: 'https://attack.mitre.org/techniques/T1195/001', + tactics: ['initial-access'], + techniqueId: 'T1195', + }, + { + name: 'Compromise Software Supply Chain', + id: 'T1195.002', + reference: 'https://attack.mitre.org/techniques/T1195/002', + tactics: ['initial-access'], + techniqueId: 'T1195', + }, + { + name: 'Confluence', + id: 'T1213.001', + reference: 'https://attack.mitre.org/techniques/T1213/001', + tactics: ['collection'], + techniqueId: 'T1213', + }, + { + name: 'Container API', + id: 'T1552.007', + reference: 'https://attack.mitre.org/techniques/T1552/007', + tactics: ['credential-access'], + techniqueId: 'T1552', + }, + { + name: 'Container Orchestration Job', + id: 'T1053.007', + reference: 'https://attack.mitre.org/techniques/T1053/007', + tactics: ['execution', 'persistence', 'privilege-escalation'], + techniqueId: 'T1053', + }, + { + name: 'Control Panel', + id: 'T1218.002', + reference: 'https://attack.mitre.org/techniques/T1218/002', + tactics: ['defense-evasion'], + techniqueId: 'T1218', + }, + { + name: 'Create Cloud Instance', + id: 'T1578.002', + reference: 'https://attack.mitre.org/techniques/T1578/002', + tactics: ['defense-evasion'], + techniqueId: 'T1578', + }, + { + name: 'Create Process with Token', + id: 'T1134.002', + reference: 'https://attack.mitre.org/techniques/T1134/002', + tactics: ['defense-evasion', 'privilege-escalation'], + techniqueId: 'T1134', + }, + { + name: 'Create Snapshot', + id: 'T1578.001', + reference: 'https://attack.mitre.org/techniques/T1578/001', + tactics: ['defense-evasion'], + techniqueId: 'T1578', + }, + { + name: 'Credential API Hooking', + id: 'T1056.004', + reference: 'https://attack.mitre.org/techniques/T1056/004', + tactics: ['collection', 'credential-access'], + techniqueId: 'T1056', + }, + { + name: 'Credential Stuffing', + id: 'T1110.004', + reference: 'https://attack.mitre.org/techniques/T1110/004', + tactics: ['credential-access'], + techniqueId: 'T1110', + }, + { + name: 'Credentials', + id: 'T1589.001', + reference: 'https://attack.mitre.org/techniques/T1589/001', + tactics: ['reconnaissance'], + techniqueId: 'T1589', + }, + { + name: 'Credentials In Files', + id: 'T1552.001', + reference: 'https://attack.mitre.org/techniques/T1552/001', + tactics: ['credential-access'], + techniqueId: 'T1552', + }, + { + name: 'Credentials from Web Browsers', + id: 'T1555.003', + reference: 'https://attack.mitre.org/techniques/T1555/003', + tactics: ['credential-access'], + techniqueId: 'T1555', + }, + { + name: 'Credentials in Registry', + id: 'T1552.002', + reference: 'https://attack.mitre.org/techniques/T1552/002', + tactics: ['credential-access'], + techniqueId: 'T1552', + }, + { + name: 'Cron', + id: 'T1053.003', + reference: 'https://attack.mitre.org/techniques/T1053/003', + tactics: ['execution', 'persistence', 'privilege-escalation'], + techniqueId: 'T1053', + }, + { + name: 'DCSync', + id: 'T1003.006', + reference: 'https://attack.mitre.org/techniques/T1003/006', + tactics: ['credential-access'], + techniqueId: 'T1003', + }, + { + name: 'DHCP Spoofing', + id: 'T1557.003', + reference: 'https://attack.mitre.org/techniques/T1557/003', + tactics: ['credential-access', 'collection'], + techniqueId: 'T1557', + }, + { + name: 'DLL Search Order Hijacking', + id: 'T1574.001', + reference: 'https://attack.mitre.org/techniques/T1574/001', + tactics: ['persistence', 'privilege-escalation', 'defense-evasion'], + techniqueId: 'T1574', + }, + { + name: 'DLL Side-Loading', + id: 'T1574.002', + reference: 'https://attack.mitre.org/techniques/T1574/002', + tactics: ['persistence', 'privilege-escalation', 'defense-evasion'], + techniqueId: 'T1574', + }, + { + name: 'DNS', + id: 'T1590.002', + reference: 'https://attack.mitre.org/techniques/T1590/002', + tactics: ['reconnaissance'], + techniqueId: 'T1590', + }, + { + name: 'DNS', + id: 'T1071.004', + reference: 'https://attack.mitre.org/techniques/T1071/004', + tactics: ['command-and-control'], + techniqueId: 'T1071', + }, + { + name: 'DNS Calculation', + id: 'T1568.003', + reference: 'https://attack.mitre.org/techniques/T1568/003', + tactics: ['command-and-control'], + techniqueId: 'T1568', + }, + { + name: 'DNS Server', + id: 'T1583.002', + reference: 'https://attack.mitre.org/techniques/T1583/002', + tactics: ['resource-development'], + techniqueId: 'T1583', + }, + { + name: 'DNS Server', + id: 'T1584.002', + reference: 'https://attack.mitre.org/techniques/T1584/002', + tactics: ['resource-development'], + techniqueId: 'T1584', + }, + { + name: 'DNS/Passive DNS', + id: 'T1596.001', + reference: 'https://attack.mitre.org/techniques/T1596/001', + tactics: ['reconnaissance'], + techniqueId: 'T1596', + }, + { + name: 'Dead Drop Resolver', + id: 'T1102.001', + reference: 'https://attack.mitre.org/techniques/T1102/001', + tactics: ['command-and-control'], + techniqueId: 'T1102', + }, + { + name: 'Default Accounts', + id: 'T1078.001', + reference: 'https://attack.mitre.org/techniques/T1078/001', + tactics: ['defense-evasion', 'persistence', 'privilege-escalation', 'initial-access'], + techniqueId: 'T1078', + }, + { + name: 'Delete Cloud Instance', + id: 'T1578.003', + reference: 'https://attack.mitre.org/techniques/T1578/003', + tactics: ['defense-evasion'], + techniqueId: 'T1578', + }, + { + name: 'Determine Physical Locations', + id: 'T1591.001', + reference: 'https://attack.mitre.org/techniques/T1591/001', + tactics: ['reconnaissance'], + techniqueId: 'T1591', + }, + { + name: 'Device Registration', + id: 'T1098.005', + reference: 'https://attack.mitre.org/techniques/T1098/005', + tactics: ['persistence'], + techniqueId: 'T1098', + }, + { + name: 'Digital Certificates', + id: 'T1596.003', + reference: 'https://attack.mitre.org/techniques/T1596/003', + tactics: ['reconnaissance'], + techniqueId: 'T1596', + }, + { + name: 'Digital Certificates', + id: 'T1588.004', + reference: 'https://attack.mitre.org/techniques/T1588/004', + tactics: ['resource-development'], + techniqueId: 'T1588', + }, + { + name: 'Digital Certificates', + id: 'T1587.003', + reference: 'https://attack.mitre.org/techniques/T1587/003', + tactics: ['resource-development'], + techniqueId: 'T1587', + }, + { + name: 'Direct Network Flood', + id: 'T1498.001', + reference: 'https://attack.mitre.org/techniques/T1498/001', + tactics: ['impact'], + techniqueId: 'T1498', + }, + { + name: 'Disable Cloud Logs', + id: 'T1562.008', + reference: 'https://attack.mitre.org/techniques/T1562/008', + tactics: ['defense-evasion'], + techniqueId: 'T1562', + }, + { + name: 'Disable Crypto Hardware', + id: 'T1600.002', + reference: 'https://attack.mitre.org/techniques/T1600/002', + tactics: ['defense-evasion'], + techniqueId: 'T1600', + }, + { + name: 'Disable Windows Event Logging', + id: 'T1562.002', + reference: 'https://attack.mitre.org/techniques/T1562/002', + tactics: ['defense-evasion'], + techniqueId: 'T1562', + }, + { + name: 'Disable or Modify Cloud Firewall', + id: 'T1562.007', + reference: 'https://attack.mitre.org/techniques/T1562/007', + tactics: ['defense-evasion'], + techniqueId: 'T1562', + }, + { + name: 'Disable or Modify System Firewall', + id: 'T1562.004', + reference: 'https://attack.mitre.org/techniques/T1562/004', + tactics: ['defense-evasion'], + techniqueId: 'T1562', + }, + { + name: 'Disable or Modify Tools', + id: 'T1562.001', + reference: 'https://attack.mitre.org/techniques/T1562/001', + tactics: ['defense-evasion'], + techniqueId: 'T1562', + }, + { + name: 'Disk Content Wipe', + id: 'T1561.001', + reference: 'https://attack.mitre.org/techniques/T1561/001', + tactics: ['impact'], + techniqueId: 'T1561', + }, + { + name: 'Disk Structure Wipe', + id: 'T1561.002', + reference: 'https://attack.mitre.org/techniques/T1561/002', + tactics: ['impact'], + techniqueId: 'T1561', + }, + { + name: 'Distributed Component Object Model', + id: 'T1021.003', + reference: 'https://attack.mitre.org/techniques/T1021/003', + tactics: ['lateral-movement'], + techniqueId: 'T1021', + }, + { + name: 'Domain Account', + id: 'T1087.002', + reference: 'https://attack.mitre.org/techniques/T1087/002', + tactics: ['discovery'], + techniqueId: 'T1087', + }, + { + name: 'Domain Account', + id: 'T1136.002', + reference: 'https://attack.mitre.org/techniques/T1136/002', + tactics: ['persistence'], + techniqueId: 'T1136', + }, + { + name: 'Domain Accounts', + id: 'T1078.002', + reference: 'https://attack.mitre.org/techniques/T1078/002', + tactics: ['defense-evasion', 'persistence', 'privilege-escalation', 'initial-access'], + techniqueId: 'T1078', + }, + { + name: 'Domain Controller Authentication', + id: 'T1556.001', + reference: 'https://attack.mitre.org/techniques/T1556/001', + tactics: ['credential-access', 'defense-evasion', 'persistence'], + techniqueId: 'T1556', + }, + { + name: 'Domain Fronting', + id: 'T1090.004', + reference: 'https://attack.mitre.org/techniques/T1090/004', + tactics: ['command-and-control'], + techniqueId: 'T1090', + }, + { + name: 'Domain Generation Algorithms', + id: 'T1568.002', + reference: 'https://attack.mitre.org/techniques/T1568/002', + tactics: ['command-and-control'], + techniqueId: 'T1568', + }, + { + name: 'Domain Groups', + id: 'T1069.002', + reference: 'https://attack.mitre.org/techniques/T1069/002', + tactics: ['discovery'], + techniqueId: 'T1069', + }, + { + name: 'Domain Properties', + id: 'T1590.001', + reference: 'https://attack.mitre.org/techniques/T1590/001', + tactics: ['reconnaissance'], + techniqueId: 'T1590', + }, + { + name: 'Domain Trust Modification', + id: 'T1484.002', + reference: 'https://attack.mitre.org/techniques/T1484/002', + tactics: ['defense-evasion', 'privilege-escalation'], + techniqueId: 'T1484', + }, + { + name: 'Domains', + id: 'T1583.001', + reference: 'https://attack.mitre.org/techniques/T1583/001', + tactics: ['resource-development'], + techniqueId: 'T1583', + }, + { + name: 'Domains', + id: 'T1584.001', + reference: 'https://attack.mitre.org/techniques/T1584/001', + tactics: ['resource-development'], + techniqueId: 'T1584', + }, + { + name: 'Double File Extension', + id: 'T1036.007', + reference: 'https://attack.mitre.org/techniques/T1036/007', + tactics: ['defense-evasion'], + techniqueId: 'T1036', + }, + { + name: 'Downgrade Attack', + id: 'T1562.010', + reference: 'https://attack.mitre.org/techniques/T1562/010', + tactics: ['defense-evasion'], + techniqueId: 'T1562', + }, + { + name: 'Downgrade System Image', + id: 'T1601.002', + reference: 'https://attack.mitre.org/techniques/T1601/002', + tactics: ['defense-evasion'], + techniqueId: 'T1601', + }, + { + name: 'Drive-by Target', + id: 'T1608.004', + reference: 'https://attack.mitre.org/techniques/T1608/004', + tactics: ['resource-development'], + techniqueId: 'T1608', + }, + { + name: 'Dylib Hijacking', + id: 'T1574.004', + reference: 'https://attack.mitre.org/techniques/T1574/004', + tactics: ['persistence', 'privilege-escalation', 'defense-evasion'], + techniqueId: 'T1574', + }, + { + name: 'Dynamic Data Exchange', + id: 'T1559.002', + reference: 'https://attack.mitre.org/techniques/T1559/002', + tactics: ['execution'], + techniqueId: 'T1559', + }, + { + name: 'Dynamic Linker Hijacking', + id: 'T1574.006', + reference: 'https://attack.mitre.org/techniques/T1574/006', + tactics: ['persistence', 'privilege-escalation', 'defense-evasion'], + techniqueId: 'T1574', + }, + { + name: 'Dynamic-link Library Injection', + id: 'T1055.001', + reference: 'https://attack.mitre.org/techniques/T1055/001', + tactics: ['defense-evasion', 'privilege-escalation'], + techniqueId: 'T1055', + }, + { + name: 'Elevated Execution with Prompt', + id: 'T1548.004', + reference: 'https://attack.mitre.org/techniques/T1548/004', + tactics: ['privilege-escalation', 'defense-evasion'], + techniqueId: 'T1548', + }, + { + name: 'Email Account', + id: 'T1087.003', + reference: 'https://attack.mitre.org/techniques/T1087/003', + tactics: ['discovery'], + techniqueId: 'T1087', + }, + { + name: 'Email Accounts', + id: 'T1586.002', + reference: 'https://attack.mitre.org/techniques/T1586/002', + tactics: ['resource-development'], + techniqueId: 'T1586', + }, + { + name: 'Email Accounts', + id: 'T1585.002', + reference: 'https://attack.mitre.org/techniques/T1585/002', + tactics: ['resource-development'], + techniqueId: 'T1585', + }, + { + name: 'Email Addresses', + id: 'T1589.002', + reference: 'https://attack.mitre.org/techniques/T1589/002', + tactics: ['reconnaissance'], + techniqueId: 'T1589', + }, + { + name: 'Email Forwarding Rule', + id: 'T1114.003', + reference: 'https://attack.mitre.org/techniques/T1114/003', + tactics: ['collection'], + techniqueId: 'T1114', + }, + { + name: 'Email Hiding Rules', + id: 'T1564.008', + reference: 'https://attack.mitre.org/techniques/T1564/008', + tactics: ['defense-evasion'], + techniqueId: 'T1564', + }, + { + name: 'Emond', + id: 'T1546.014', + reference: 'https://attack.mitre.org/techniques/T1546/014', + tactics: ['privilege-escalation', 'persistence'], + techniqueId: 'T1546', + }, + { + name: 'Employee Names', + id: 'T1589.003', + reference: 'https://attack.mitre.org/techniques/T1589/003', + tactics: ['reconnaissance'], + techniqueId: 'T1589', + }, + { + name: 'Environmental Keying', + id: 'T1480.001', + reference: 'https://attack.mitre.org/techniques/T1480/001', + tactics: ['defense-evasion'], + techniqueId: 'T1480', + }, + { + name: 'Executable Installer File Permissions Weakness', + id: 'T1574.005', + reference: 'https://attack.mitre.org/techniques/T1574/005', + tactics: ['persistence', 'privilege-escalation', 'defense-evasion'], + techniqueId: 'T1574', + }, + { + name: 'Exfiltration Over Asymmetric Encrypted Non-C2 Protocol', + id: 'T1048.002', + reference: 'https://attack.mitre.org/techniques/T1048/002', + tactics: ['exfiltration'], + techniqueId: 'T1048', + }, + { + name: 'Exfiltration Over Bluetooth', + id: 'T1011.001', + reference: 'https://attack.mitre.org/techniques/T1011/001', + tactics: ['exfiltration'], + techniqueId: 'T1011', + }, + { + name: 'Exfiltration Over Symmetric Encrypted Non-C2 Protocol', + id: 'T1048.001', + reference: 'https://attack.mitre.org/techniques/T1048/001', + tactics: ['exfiltration'], + techniqueId: 'T1048', + }, + { + name: 'Exfiltration Over Unencrypted Non-C2 Protocol', + id: 'T1048.003', + reference: 'https://attack.mitre.org/techniques/T1048/003', + tactics: ['exfiltration'], + techniqueId: 'T1048', + }, + { + name: 'Exfiltration over USB', + id: 'T1052.001', + reference: 'https://attack.mitre.org/techniques/T1052/001', + tactics: ['exfiltration'], + techniqueId: 'T1052', + }, + { + name: 'Exfiltration to Cloud Storage', + id: 'T1567.002', + reference: 'https://attack.mitre.org/techniques/T1567/002', + tactics: ['exfiltration'], + techniqueId: 'T1567', + }, + { + name: 'Exfiltration to Code Repository', + id: 'T1567.001', + reference: 'https://attack.mitre.org/techniques/T1567/001', + tactics: ['exfiltration'], + techniqueId: 'T1567', + }, + { + name: 'Exploits', + id: 'T1587.004', + reference: 'https://attack.mitre.org/techniques/T1587/004', + tactics: ['resource-development'], + techniqueId: 'T1587', + }, + { + name: 'Exploits', + id: 'T1588.005', + reference: 'https://attack.mitre.org/techniques/T1588/005', + tactics: ['resource-development'], + techniqueId: 'T1588', + }, + { + name: 'External Defacement', + id: 'T1491.002', + reference: 'https://attack.mitre.org/techniques/T1491/002', + tactics: ['impact'], + techniqueId: 'T1491', + }, + { + name: 'External Proxy', + id: 'T1090.002', + reference: 'https://attack.mitre.org/techniques/T1090/002', + tactics: ['command-and-control'], + techniqueId: 'T1090', + }, + { + name: 'Extra Window Memory Injection', + id: 'T1055.011', + reference: 'https://attack.mitre.org/techniques/T1055/011', + tactics: ['defense-evasion', 'privilege-escalation'], + techniqueId: 'T1055', + }, + { + name: 'Fast Flux DNS', + id: 'T1568.001', + reference: 'https://attack.mitre.org/techniques/T1568/001', + tactics: ['command-and-control'], + techniqueId: 'T1568', + }, + { + name: 'File Deletion', + id: 'T1070.004', + reference: 'https://attack.mitre.org/techniques/T1070/004', + tactics: ['defense-evasion'], + techniqueId: 'T1070', + }, + { + name: 'File Transfer Protocols', + id: 'T1071.002', + reference: 'https://attack.mitre.org/techniques/T1071/002', + tactics: ['command-and-control'], + techniqueId: 'T1071', + }, + { + name: 'Firmware', + id: 'T1592.003', + reference: 'https://attack.mitre.org/techniques/T1592/003', + tactics: ['reconnaissance'], + techniqueId: 'T1592', + }, + { + name: 'GUI Input Capture', + id: 'T1056.002', + reference: 'https://attack.mitre.org/techniques/T1056/002', + tactics: ['collection', 'credential-access'], + techniqueId: 'T1056', + }, + { + name: 'Gatekeeper Bypass', + id: 'T1553.001', + reference: 'https://attack.mitre.org/techniques/T1553/001', + tactics: ['defense-evasion'], + techniqueId: 'T1553', + }, + { + name: 'Golden Ticket', + id: 'T1558.001', + reference: 'https://attack.mitre.org/techniques/T1558/001', + tactics: ['credential-access'], + techniqueId: 'T1558', + }, + { + name: 'Group Policy Modification', + id: 'T1484.001', + reference: 'https://attack.mitre.org/techniques/T1484/001', + tactics: ['defense-evasion', 'privilege-escalation'], + techniqueId: 'T1484', + }, + { + name: 'Group Policy Preferences', + id: 'T1552.006', + reference: 'https://attack.mitre.org/techniques/T1552/006', + tactics: ['credential-access'], + techniqueId: 'T1552', + }, + { + name: 'HTML Smuggling', + id: 'T1027.006', + reference: 'https://attack.mitre.org/techniques/T1027/006', + tactics: ['defense-evasion'], + techniqueId: 'T1027', + }, + { + name: 'Hardware', + id: 'T1592.001', + reference: 'https://attack.mitre.org/techniques/T1592/001', + tactics: ['reconnaissance'], + techniqueId: 'T1592', + }, + { + name: 'Hidden File System', + id: 'T1564.005', + reference: 'https://attack.mitre.org/techniques/T1564/005', + tactics: ['defense-evasion'], + techniqueId: 'T1564', + }, + { + name: 'Hidden Files and Directories', + id: 'T1564.001', + reference: 'https://attack.mitre.org/techniques/T1564/001', + tactics: ['defense-evasion'], + techniqueId: 'T1564', + }, + { + name: 'Hidden Users', + id: 'T1564.002', + reference: 'https://attack.mitre.org/techniques/T1564/002', + tactics: ['defense-evasion'], + techniqueId: 'T1564', + }, + { + name: 'Hidden Window', + id: 'T1564.003', + reference: 'https://attack.mitre.org/techniques/T1564/003', + tactics: ['defense-evasion'], + techniqueId: 'T1564', + }, + { + name: 'IIS Components', + id: 'T1505.004', + reference: 'https://attack.mitre.org/techniques/T1505/004', + tactics: ['persistence'], + techniqueId: 'T1505', + }, + { + name: 'IP Addresses', + id: 'T1590.005', + reference: 'https://attack.mitre.org/techniques/T1590/005', + tactics: ['reconnaissance'], + techniqueId: 'T1590', + }, + { + name: 'Identify Business Tempo', + id: 'T1591.003', + reference: 'https://attack.mitre.org/techniques/T1591/003', + tactics: ['reconnaissance'], + techniqueId: 'T1591', + }, + { + name: 'Identify Roles', + id: 'T1591.004', + reference: 'https://attack.mitre.org/techniques/T1591/004', + tactics: ['reconnaissance'], + techniqueId: 'T1591', + }, + { + name: 'Image File Execution Options Injection', + id: 'T1546.012', + reference: 'https://attack.mitre.org/techniques/T1546/012', + tactics: ['privilege-escalation', 'persistence'], + techniqueId: 'T1546', + }, + { + name: 'Impair Command History Logging', + id: 'T1562.003', + reference: 'https://attack.mitre.org/techniques/T1562/003', + tactics: ['defense-evasion'], + techniqueId: 'T1562', + }, + { + name: 'Indicator Blocking', + id: 'T1562.006', + reference: 'https://attack.mitre.org/techniques/T1562/006', + tactics: ['defense-evasion'], + techniqueId: 'T1562', + }, + { + name: 'Indicator Removal from Tools', + id: 'T1027.005', + reference: 'https://attack.mitre.org/techniques/T1027/005', + tactics: ['defense-evasion'], + techniqueId: 'T1027', + }, + { + name: 'Install Digital Certificate', + id: 'T1608.003', + reference: 'https://attack.mitre.org/techniques/T1608/003', + tactics: ['resource-development'], + techniqueId: 'T1608', + }, + { + name: 'Install Root Certificate', + id: 'T1553.004', + reference: 'https://attack.mitre.org/techniques/T1553/004', + tactics: ['defense-evasion'], + techniqueId: 'T1553', + }, + { + name: 'InstallUtil', + id: 'T1218.004', + reference: 'https://attack.mitre.org/techniques/T1218/004', + tactics: ['defense-evasion'], + techniqueId: 'T1218', + }, + { + name: 'Internal Defacement', + id: 'T1491.001', + reference: 'https://attack.mitre.org/techniques/T1491/001', + tactics: ['impact'], + techniqueId: 'T1491', + }, + { + name: 'Internal Proxy', + id: 'T1090.001', + reference: 'https://attack.mitre.org/techniques/T1090/001', + tactics: ['command-and-control'], + techniqueId: 'T1090', + }, + { + name: 'Internet Connection Discovery', + id: 'T1016.001', + reference: 'https://attack.mitre.org/techniques/T1016/001', + tactics: ['discovery'], + techniqueId: 'T1016', + }, + { + name: 'Invalid Code Signature', + id: 'T1036.001', + reference: 'https://attack.mitre.org/techniques/T1036/001', + tactics: ['defense-evasion'], + techniqueId: 'T1036', + }, + { + name: 'JavaScript', + id: 'T1059.007', + reference: 'https://attack.mitre.org/techniques/T1059/007', + tactics: ['execution'], + techniqueId: 'T1059', + }, + { + name: 'Junk Data', + id: 'T1001.001', + reference: 'https://attack.mitre.org/techniques/T1001/001', + tactics: ['command-and-control'], + techniqueId: 'T1001', + }, + { + name: 'Kerberoasting', + id: 'T1558.003', + reference: 'https://attack.mitre.org/techniques/T1558/003', + tactics: ['credential-access'], + techniqueId: 'T1558', + }, + { + name: 'Kernel Modules and Extensions', + id: 'T1547.006', + reference: 'https://attack.mitre.org/techniques/T1547/006', + tactics: ['persistence', 'privilege-escalation'], + techniqueId: 'T1547', + }, + { + name: 'KernelCallbackTable', + id: 'T1574.013', + reference: 'https://attack.mitre.org/techniques/T1574/013', + tactics: ['persistence', 'privilege-escalation', 'defense-evasion'], + techniqueId: 'T1574', + }, + { + name: 'Keychain', + id: 'T1555.001', + reference: 'https://attack.mitre.org/techniques/T1555/001', + tactics: ['credential-access'], + techniqueId: 'T1555', + }, + { + name: 'Keylogging', + id: 'T1056.001', + reference: 'https://attack.mitre.org/techniques/T1056/001', + tactics: ['collection', 'credential-access'], + techniqueId: 'T1056', + }, + { + name: 'LC_LOAD_DYLIB Addition', + id: 'T1546.006', + reference: 'https://attack.mitre.org/techniques/T1546/006', + tactics: ['privilege-escalation', 'persistence'], + techniqueId: 'T1546', + }, + { + name: 'LLMNR/NBT-NS Poisoning and SMB Relay', + id: 'T1557.001', + reference: 'https://attack.mitre.org/techniques/T1557/001', + tactics: ['credential-access', 'collection'], + techniqueId: 'T1557', + }, + { + name: 'LSA Secrets', + id: 'T1003.004', + reference: 'https://attack.mitre.org/techniques/T1003/004', + tactics: ['credential-access'], + techniqueId: 'T1003', + }, + { + name: 'LSASS Driver', + id: 'T1547.008', + reference: 'https://attack.mitre.org/techniques/T1547/008', + tactics: ['persistence', 'privilege-escalation'], + techniqueId: 'T1547', + }, + { + name: 'LSASS Memory', + id: 'T1003.001', + reference: 'https://attack.mitre.org/techniques/T1003/001', + tactics: ['credential-access'], + techniqueId: 'T1003', + }, + { + name: 'Launch Agent', + id: 'T1543.001', + reference: 'https://attack.mitre.org/techniques/T1543/001', + tactics: ['persistence', 'privilege-escalation'], + techniqueId: 'T1543', + }, + { + name: 'Launch Daemon', + id: 'T1543.004', + reference: 'https://attack.mitre.org/techniques/T1543/004', + tactics: ['persistence', 'privilege-escalation'], + techniqueId: 'T1543', + }, + { + name: 'Launchctl', + id: 'T1569.001', + reference: 'https://attack.mitre.org/techniques/T1569/001', + tactics: ['execution'], + techniqueId: 'T1569', + }, + { + name: 'Launchd', + id: 'T1053.004', + reference: 'https://attack.mitre.org/techniques/T1053/004', + tactics: ['execution', 'persistence', 'privilege-escalation'], + techniqueId: 'T1053', + }, + { + name: 'Link Target', + id: 'T1608.005', + reference: 'https://attack.mitre.org/techniques/T1608/005', + tactics: ['resource-development'], + techniqueId: 'T1608', + }, + { + name: 'Linux and Mac File and Directory Permissions Modification', + id: 'T1222.002', + reference: 'https://attack.mitre.org/techniques/T1222/002', + tactics: ['defense-evasion'], + techniqueId: 'T1222', + }, + { + name: 'ListPlanting', + id: 'T1055.015', + reference: 'https://attack.mitre.org/techniques/T1055/015', + tactics: ['defense-evasion', 'privilege-escalation'], + techniqueId: 'T1055', + }, + { + name: 'Local Account', + id: 'T1087.001', + reference: 'https://attack.mitre.org/techniques/T1087/001', + tactics: ['discovery'], + techniqueId: 'T1087', + }, + { + name: 'Local Account', + id: 'T1136.001', + reference: 'https://attack.mitre.org/techniques/T1136/001', + tactics: ['persistence'], + techniqueId: 'T1136', + }, + { + name: 'Local Accounts', + id: 'T1078.003', + reference: 'https://attack.mitre.org/techniques/T1078/003', + tactics: ['defense-evasion', 'persistence', 'privilege-escalation', 'initial-access'], + techniqueId: 'T1078', + }, + { + name: 'Local Data Staging', + id: 'T1074.001', + reference: 'https://attack.mitre.org/techniques/T1074/001', + tactics: ['collection'], + techniqueId: 'T1074', + }, + { + name: 'Local Email Collection', + id: 'T1114.001', + reference: 'https://attack.mitre.org/techniques/T1114/001', + tactics: ['collection'], + techniqueId: 'T1114', + }, + { + name: 'Local Groups', + id: 'T1069.001', + reference: 'https://attack.mitre.org/techniques/T1069/001', + tactics: ['discovery'], + techniqueId: 'T1069', + }, + { + name: 'Login Hook', + id: 'T1037.002', + reference: 'https://attack.mitre.org/techniques/T1037/002', + tactics: ['persistence', 'privilege-escalation'], + techniqueId: 'T1037', + }, + { + name: 'Login Items', + id: 'T1547.015', + reference: 'https://attack.mitre.org/techniques/T1547/015', + tactics: ['persistence', 'privilege-escalation'], + techniqueId: 'T1547', + }, + { + name: 'Logon Script (Windows)', + id: 'T1037.001', + reference: 'https://attack.mitre.org/techniques/T1037/001', + tactics: ['persistence', 'privilege-escalation'], + techniqueId: 'T1037', + }, + { + name: 'MMC', + id: 'T1218.014', + reference: 'https://attack.mitre.org/techniques/T1218/014', + tactics: ['defense-evasion'], + techniqueId: 'T1218', + }, + { + name: 'MSBuild', + id: 'T1127.001', + reference: 'https://attack.mitre.org/techniques/T1127/001', + tactics: ['defense-evasion'], + techniqueId: 'T1127', + }, + { + name: 'Mail Protocols', + id: 'T1071.003', + reference: 'https://attack.mitre.org/techniques/T1071/003', + tactics: ['command-and-control'], + techniqueId: 'T1071', + }, + { + name: 'Make and Impersonate Token', + id: 'T1134.003', + reference: 'https://attack.mitre.org/techniques/T1134/003', + tactics: ['defense-evasion', 'privilege-escalation'], + techniqueId: 'T1134', + }, + { + name: 'Malicious File', + id: 'T1204.002', + reference: 'https://attack.mitre.org/techniques/T1204/002', + tactics: ['execution'], + techniqueId: 'T1204', + }, + { + name: 'Malicious Image', + id: 'T1204.003', + reference: 'https://attack.mitre.org/techniques/T1204/003', + tactics: ['execution'], + techniqueId: 'T1204', + }, + { + name: 'Malicious Link', + id: 'T1204.001', + reference: 'https://attack.mitre.org/techniques/T1204/001', + tactics: ['execution'], + techniqueId: 'T1204', + }, + { + name: 'Malware', + id: 'T1587.001', + reference: 'https://attack.mitre.org/techniques/T1587/001', + tactics: ['resource-development'], + techniqueId: 'T1587', + }, + { + name: 'Malware', + id: 'T1588.001', + reference: 'https://attack.mitre.org/techniques/T1588/001', + tactics: ['resource-development'], + techniqueId: 'T1588', + }, + { + name: 'Mark-of-the-Web Bypass', + id: 'T1553.005', + reference: 'https://attack.mitre.org/techniques/T1553/005', + tactics: ['defense-evasion'], + techniqueId: 'T1553', + }, + { + name: 'Masquerade Task or Service', + id: 'T1036.004', + reference: 'https://attack.mitre.org/techniques/T1036/004', + tactics: ['defense-evasion'], + techniqueId: 'T1036', + }, + { + name: 'Match Legitimate Name or Location', + id: 'T1036.005', + reference: 'https://attack.mitre.org/techniques/T1036/005', + tactics: ['defense-evasion'], + techniqueId: 'T1036', + }, + { + name: 'Mavinject', + id: 'T1218.013', + reference: 'https://attack.mitre.org/techniques/T1218/013', + tactics: ['defense-evasion'], + techniqueId: 'T1218', + }, + { + name: 'Mshta', + id: 'T1218.005', + reference: 'https://attack.mitre.org/techniques/T1218/005', + tactics: ['defense-evasion'], + techniqueId: 'T1218', + }, + { + name: 'Msiexec', + id: 'T1218.007', + reference: 'https://attack.mitre.org/techniques/T1218/007', + tactics: ['defense-evasion'], + techniqueId: 'T1218', + }, + { + name: 'Multi-hop Proxy', + id: 'T1090.003', + reference: 'https://attack.mitre.org/techniques/T1090/003', + tactics: ['command-and-control'], + techniqueId: 'T1090', + }, + { + name: 'NTDS', + id: 'T1003.003', + reference: 'https://attack.mitre.org/techniques/T1003/003', + tactics: ['credential-access'], + techniqueId: 'T1003', + }, + { + name: 'NTFS File Attributes', + id: 'T1564.004', + reference: 'https://attack.mitre.org/techniques/T1564/004', + tactics: ['defense-evasion'], + techniqueId: 'T1564', + }, + { + name: 'Netsh Helper DLL', + id: 'T1546.007', + reference: 'https://attack.mitre.org/techniques/T1546/007', + tactics: ['privilege-escalation', 'persistence'], + techniqueId: 'T1546', + }, + { + name: 'Network Address Translation Traversal', + id: 'T1599.001', + reference: 'https://attack.mitre.org/techniques/T1599/001', + tactics: ['defense-evasion'], + techniqueId: 'T1599', + }, + { + name: 'Network Device Authentication', + id: 'T1556.004', + reference: 'https://attack.mitre.org/techniques/T1556/004', + tactics: ['credential-access', 'defense-evasion', 'persistence'], + techniqueId: 'T1556', + }, + { + name: 'Network Device CLI', + id: 'T1059.008', + reference: 'https://attack.mitre.org/techniques/T1059/008', + tactics: ['execution'], + techniqueId: 'T1059', + }, + { + name: 'Network Device Configuration Dump', + id: 'T1602.002', + reference: 'https://attack.mitre.org/techniques/T1602/002', + tactics: ['collection'], + techniqueId: 'T1602', + }, + { + name: 'Network Logon Script', + id: 'T1037.003', + reference: 'https://attack.mitre.org/techniques/T1037/003', + tactics: ['persistence', 'privilege-escalation'], + techniqueId: 'T1037', + }, + { + name: 'Network Security Appliances', + id: 'T1590.006', + reference: 'https://attack.mitre.org/techniques/T1590/006', + tactics: ['reconnaissance'], + techniqueId: 'T1590', + }, + { + name: 'Network Share Connection Removal', + id: 'T1070.005', + reference: 'https://attack.mitre.org/techniques/T1070/005', + tactics: ['defense-evasion'], + techniqueId: 'T1070', + }, + { + name: 'Network Topology', + id: 'T1590.004', + reference: 'https://attack.mitre.org/techniques/T1590/004', + tactics: ['reconnaissance'], + techniqueId: 'T1590', + }, + { + name: 'Network Trust Dependencies', + id: 'T1590.003', + reference: 'https://attack.mitre.org/techniques/T1590/003', + tactics: ['reconnaissance'], + techniqueId: 'T1590', + }, + { + name: 'Non-Standard Encoding', + id: 'T1132.002', + reference: 'https://attack.mitre.org/techniques/T1132/002', + tactics: ['command-and-control'], + techniqueId: 'T1132', + }, + { + name: 'OS Exhaustion Flood', + id: 'T1499.001', + reference: 'https://attack.mitre.org/techniques/T1499/001', + tactics: ['impact'], + techniqueId: 'T1499', + }, + { + name: 'Odbcconf', + id: 'T1218.008', + reference: 'https://attack.mitre.org/techniques/T1218/008', + tactics: ['defense-evasion'], + techniqueId: 'T1218', + }, + { + name: 'Office Template Macros', + id: 'T1137.001', + reference: 'https://attack.mitre.org/techniques/T1137/001', + tactics: ['persistence'], + techniqueId: 'T1137', + }, + { + name: 'Office Test', + id: 'T1137.002', + reference: 'https://attack.mitre.org/techniques/T1137/002', + tactics: ['persistence'], + techniqueId: 'T1137', + }, + { + name: 'One-Way Communication', + id: 'T1102.003', + reference: 'https://attack.mitre.org/techniques/T1102/003', + tactics: ['command-and-control'], + techniqueId: 'T1102', + }, + { + name: 'Outlook Forms', + id: 'T1137.003', + reference: 'https://attack.mitre.org/techniques/T1137/003', + tactics: ['persistence'], + techniqueId: 'T1137', + }, + { + name: 'Outlook Home Page', + id: 'T1137.004', + reference: 'https://attack.mitre.org/techniques/T1137/004', + tactics: ['persistence'], + techniqueId: 'T1137', + }, + { + name: 'Outlook Rules', + id: 'T1137.005', + reference: 'https://attack.mitre.org/techniques/T1137/005', + tactics: ['persistence'], + techniqueId: 'T1137', + }, + { + name: 'Parent PID Spoofing', + id: 'T1134.004', + reference: 'https://attack.mitre.org/techniques/T1134/004', + tactics: ['defense-evasion', 'privilege-escalation'], + techniqueId: 'T1134', + }, + { + name: 'Pass the Hash', + id: 'T1550.002', + reference: 'https://attack.mitre.org/techniques/T1550/002', + tactics: ['defense-evasion', 'lateral-movement'], + techniqueId: 'T1550', + }, + { + name: 'Pass the Ticket', + id: 'T1550.003', + reference: 'https://attack.mitre.org/techniques/T1550/003', + tactics: ['defense-evasion', 'lateral-movement'], + techniqueId: 'T1550', + }, + { + name: 'Password Cracking', + id: 'T1110.002', + reference: 'https://attack.mitre.org/techniques/T1110/002', + tactics: ['credential-access'], + techniqueId: 'T1110', + }, + { + name: 'Password Filter DLL', + id: 'T1556.002', + reference: 'https://attack.mitre.org/techniques/T1556/002', + tactics: ['credential-access', 'defense-evasion', 'persistence'], + techniqueId: 'T1556', + }, + { + name: 'Password Guessing', + id: 'T1110.001', + reference: 'https://attack.mitre.org/techniques/T1110/001', + tactics: ['credential-access'], + techniqueId: 'T1110', + }, + { + name: 'Password Managers', + id: 'T1555.005', + reference: 'https://attack.mitre.org/techniques/T1555/005', + tactics: ['credential-access'], + techniqueId: 'T1555', + }, + { + name: 'Password Spraying', + id: 'T1110.003', + reference: 'https://attack.mitre.org/techniques/T1110/003', + tactics: ['credential-access'], + techniqueId: 'T1110', + }, + { + name: 'Patch System Image', + id: 'T1601.001', + reference: 'https://attack.mitre.org/techniques/T1601/001', + tactics: ['defense-evasion'], + techniqueId: 'T1601', + }, + { + name: 'Path Interception by PATH Environment Variable', + id: 'T1574.007', + reference: 'https://attack.mitre.org/techniques/T1574/007', + tactics: ['persistence', 'privilege-escalation', 'defense-evasion'], + techniqueId: 'T1574', + }, + { + name: 'Path Interception by Search Order Hijacking', + id: 'T1574.008', + reference: 'https://attack.mitre.org/techniques/T1574/008', + tactics: ['persistence', 'privilege-escalation', 'defense-evasion'], + techniqueId: 'T1574', + }, + { + name: 'Path Interception by Unquoted Path', + id: 'T1574.009', + reference: 'https://attack.mitre.org/techniques/T1574/009', + tactics: ['persistence', 'privilege-escalation', 'defense-evasion'], + techniqueId: 'T1574', + }, + { + name: 'Plist Modification', + id: 'T1547.011', + reference: 'https://attack.mitre.org/techniques/T1547/011', + tactics: ['persistence', 'privilege-escalation'], + techniqueId: 'T1547', + }, + { + name: 'Pluggable Authentication Modules', + id: 'T1556.003', + reference: 'https://attack.mitre.org/techniques/T1556/003', + tactics: ['credential-access', 'defense-evasion', 'persistence'], + techniqueId: 'T1556', + }, + { + name: 'Port Knocking', + id: 'T1205.001', + reference: 'https://attack.mitre.org/techniques/T1205/001', + tactics: ['defense-evasion', 'persistence', 'command-and-control'], + techniqueId: 'T1205', + }, + { + name: 'Port Monitors', + id: 'T1547.010', + reference: 'https://attack.mitre.org/techniques/T1547/010', + tactics: ['persistence', 'privilege-escalation'], + techniqueId: 'T1547', + }, + { + name: 'Portable Executable Injection', + id: 'T1055.002', + reference: 'https://attack.mitre.org/techniques/T1055/002', + tactics: ['defense-evasion', 'privilege-escalation'], + techniqueId: 'T1055', + }, + { + name: 'PowerShell', + id: 'T1059.001', + reference: 'https://attack.mitre.org/techniques/T1059/001', + tactics: ['execution'], + techniqueId: 'T1059', + }, + { + name: 'PowerShell Profile', + id: 'T1546.013', + reference: 'https://attack.mitre.org/techniques/T1546/013', + tactics: ['privilege-escalation', 'persistence'], + techniqueId: 'T1546', + }, + { + name: 'Print Processors', + id: 'T1547.012', + reference: 'https://attack.mitre.org/techniques/T1547/012', + tactics: ['persistence', 'privilege-escalation'], + techniqueId: 'T1547', + }, + { + name: 'Private Keys', + id: 'T1552.004', + reference: 'https://attack.mitre.org/techniques/T1552/004', + tactics: ['credential-access'], + techniqueId: 'T1552', + }, + { + name: 'Proc Filesystem', + id: 'T1003.007', + reference: 'https://attack.mitre.org/techniques/T1003/007', + tactics: ['credential-access'], + techniqueId: 'T1003', + }, + { + name: 'Proc Memory', + id: 'T1055.009', + reference: 'https://attack.mitre.org/techniques/T1055/009', + tactics: ['defense-evasion', 'privilege-escalation'], + techniqueId: 'T1055', + }, + { + name: 'Process Argument Spoofing', + id: 'T1564.010', + reference: 'https://attack.mitre.org/techniques/T1564/010', + tactics: ['defense-evasion'], + techniqueId: 'T1564', + }, + { + name: 'Process Doppelgänging', + id: 'T1055.013', + reference: 'https://attack.mitre.org/techniques/T1055/013', + tactics: ['defense-evasion', 'privilege-escalation'], + techniqueId: 'T1055', + }, + { + name: 'Process Hollowing', + id: 'T1055.012', + reference: 'https://attack.mitre.org/techniques/T1055/012', + tactics: ['defense-evasion', 'privilege-escalation'], + techniqueId: 'T1055', + }, + { + name: 'Protocol Impersonation', + id: 'T1001.003', + reference: 'https://attack.mitre.org/techniques/T1001/003', + tactics: ['command-and-control'], + techniqueId: 'T1001', + }, + { + name: 'Ptrace System Calls', + id: 'T1055.008', + reference: 'https://attack.mitre.org/techniques/T1055/008', + tactics: ['defense-evasion', 'privilege-escalation'], + techniqueId: 'T1055', + }, + { + name: 'PubPrn', + id: 'T1216.001', + reference: 'https://attack.mitre.org/techniques/T1216/001', + tactics: ['defense-evasion'], + techniqueId: 'T1216', + }, + { + name: 'Purchase Technical Data', + id: 'T1597.002', + reference: 'https://attack.mitre.org/techniques/T1597/002', + tactics: ['reconnaissance'], + techniqueId: 'T1597', + }, + { + name: 'Python', + id: 'T1059.006', + reference: 'https://attack.mitre.org/techniques/T1059/006', + tactics: ['execution'], + techniqueId: 'T1059', + }, + { + name: 'RC Scripts', + id: 'T1037.004', + reference: 'https://attack.mitre.org/techniques/T1037/004', + tactics: ['persistence', 'privilege-escalation'], + techniqueId: 'T1037', + }, + { + name: 'RDP Hijacking', + id: 'T1563.002', + reference: 'https://attack.mitre.org/techniques/T1563/002', + tactics: ['lateral-movement'], + techniqueId: 'T1563', + }, + { + name: 'ROMMONkit', + id: 'T1542.004', + reference: 'https://attack.mitre.org/techniques/T1542/004', + tactics: ['defense-evasion', 'persistence'], + techniqueId: 'T1542', + }, + { + name: 'Re-opened Applications', + id: 'T1547.007', + reference: 'https://attack.mitre.org/techniques/T1547/007', + tactics: ['persistence', 'privilege-escalation'], + techniqueId: 'T1547', + }, + { + name: 'Reduce Key Space', + id: 'T1600.001', + reference: 'https://attack.mitre.org/techniques/T1600/001', + tactics: ['defense-evasion'], + techniqueId: 'T1600', + }, + { + name: 'Reflection Amplification', + id: 'T1498.002', + reference: 'https://attack.mitre.org/techniques/T1498/002', + tactics: ['impact'], + techniqueId: 'T1498', + }, + { + name: 'Registry Run Keys / Startup Folder', + id: 'T1547.001', + reference: 'https://attack.mitre.org/techniques/T1547/001', + tactics: ['persistence', 'privilege-escalation'], + techniqueId: 'T1547', + }, + { + name: 'Regsvcs/Regasm', + id: 'T1218.009', + reference: 'https://attack.mitre.org/techniques/T1218/009', + tactics: ['defense-evasion'], + techniqueId: 'T1218', + }, + { + name: 'Regsvr32', + id: 'T1218.010', + reference: 'https://attack.mitre.org/techniques/T1218/010', + tactics: ['defense-evasion'], + techniqueId: 'T1218', + }, + { + name: 'Remote Data Staging', + id: 'T1074.002', + reference: 'https://attack.mitre.org/techniques/T1074/002', + tactics: ['collection'], + techniqueId: 'T1074', + }, + { + name: 'Remote Desktop Protocol', + id: 'T1021.001', + reference: 'https://attack.mitre.org/techniques/T1021/001', + tactics: ['lateral-movement'], + techniqueId: 'T1021', + }, + { + name: 'Remote Email Collection', + id: 'T1114.002', + reference: 'https://attack.mitre.org/techniques/T1114/002', + tactics: ['collection'], + techniqueId: 'T1114', + }, + { + name: 'Rename System Utilities', + id: 'T1036.003', + reference: 'https://attack.mitre.org/techniques/T1036/003', + tactics: ['defense-evasion'], + techniqueId: 'T1036', + }, + { + name: 'Resource Forking', + id: 'T1564.009', + reference: 'https://attack.mitre.org/techniques/T1564/009', + tactics: ['defense-evasion'], + techniqueId: 'T1564', + }, + { + name: 'Reversible Encryption', + id: 'T1556.005', + reference: 'https://attack.mitre.org/techniques/T1556/005', + tactics: ['credential-access', 'defense-evasion', 'persistence'], + techniqueId: 'T1556', + }, + { + name: 'Revert Cloud Instance', + id: 'T1578.004', + reference: 'https://attack.mitre.org/techniques/T1578/004', + tactics: ['defense-evasion'], + techniqueId: 'T1578', + }, + { + name: 'Right-to-Left Override', + id: 'T1036.002', + reference: 'https://attack.mitre.org/techniques/T1036/002', + tactics: ['defense-evasion'], + techniqueId: 'T1036', + }, + { + name: 'Run Virtual Instance', + id: 'T1564.006', + reference: 'https://attack.mitre.org/techniques/T1564/006', + tactics: ['defense-evasion'], + techniqueId: 'T1564', + }, + { + name: 'Rundll32', + id: 'T1218.011', + reference: 'https://attack.mitre.org/techniques/T1218/011', + tactics: ['defense-evasion'], + techniqueId: 'T1218', + }, + { + name: 'Runtime Data Manipulation', + id: 'T1565.003', + reference: 'https://attack.mitre.org/techniques/T1565/003', + tactics: ['impact'], + techniqueId: 'T1565', + }, + { + name: 'SAML Tokens', + id: 'T1606.002', + reference: 'https://attack.mitre.org/techniques/T1606/002', + tactics: ['credential-access'], + techniqueId: 'T1606', + }, + { + name: 'SID-History Injection', + id: 'T1134.005', + reference: 'https://attack.mitre.org/techniques/T1134/005', + tactics: ['defense-evasion', 'privilege-escalation'], + techniqueId: 'T1134', + }, + { + name: 'SIP and Trust Provider Hijacking', + id: 'T1553.003', + reference: 'https://attack.mitre.org/techniques/T1553/003', + tactics: ['defense-evasion'], + techniqueId: 'T1553', + }, + { + name: 'SMB/Windows Admin Shares', + id: 'T1021.002', + reference: 'https://attack.mitre.org/techniques/T1021/002', + tactics: ['lateral-movement'], + techniqueId: 'T1021', + }, + { + name: 'SNMP (MIB Dump)', + id: 'T1602.001', + reference: 'https://attack.mitre.org/techniques/T1602/001', + tactics: ['collection'], + techniqueId: 'T1602', + }, + { + name: 'SQL Stored Procedures', + id: 'T1505.001', + reference: 'https://attack.mitre.org/techniques/T1505/001', + tactics: ['persistence'], + techniqueId: 'T1505', + }, + { + name: 'SSH', + id: 'T1021.004', + reference: 'https://attack.mitre.org/techniques/T1021/004', + tactics: ['lateral-movement'], + techniqueId: 'T1021', + }, + { + name: 'SSH Authorized Keys', + id: 'T1098.004', + reference: 'https://attack.mitre.org/techniques/T1098/004', + tactics: ['persistence'], + techniqueId: 'T1098', + }, + { + name: 'SSH Hijacking', + id: 'T1563.001', + reference: 'https://attack.mitre.org/techniques/T1563/001', + tactics: ['lateral-movement'], + techniqueId: 'T1563', + }, + { + name: 'Safe Mode Boot', + id: 'T1562.009', + reference: 'https://attack.mitre.org/techniques/T1562/009', + tactics: ['defense-evasion'], + techniqueId: 'T1562', + }, + { + name: 'Scan Databases', + id: 'T1596.005', + reference: 'https://attack.mitre.org/techniques/T1596/005', + tactics: ['reconnaissance'], + techniqueId: 'T1596', + }, + { + name: 'Scanning IP Blocks', + id: 'T1595.001', + reference: 'https://attack.mitre.org/techniques/T1595/001', + tactics: ['reconnaissance'], + techniqueId: 'T1595', + }, + { + name: 'Scheduled Task', + id: 'T1053.005', + reference: 'https://attack.mitre.org/techniques/T1053/005', + tactics: ['execution', 'persistence', 'privilege-escalation'], + techniqueId: 'T1053', + }, + { + name: 'Screensaver', + id: 'T1546.002', + reference: 'https://attack.mitre.org/techniques/T1546/002', + tactics: ['privilege-escalation', 'persistence'], + techniqueId: 'T1546', + }, + { + name: 'Search Engines', + id: 'T1593.002', + reference: 'https://attack.mitre.org/techniques/T1593/002', + tactics: ['reconnaissance'], + techniqueId: 'T1593', + }, + { + name: 'Security Account Manager', + id: 'T1003.002', + reference: 'https://attack.mitre.org/techniques/T1003/002', + tactics: ['credential-access'], + techniqueId: 'T1003', + }, + { + name: 'Security Software Discovery', + id: 'T1518.001', + reference: 'https://attack.mitre.org/techniques/T1518/001', + tactics: ['discovery'], + techniqueId: 'T1518', + }, + { + name: 'Security Support Provider', + id: 'T1547.005', + reference: 'https://attack.mitre.org/techniques/T1547/005', + tactics: ['persistence', 'privilege-escalation'], + techniqueId: 'T1547', + }, + { + name: 'Securityd Memory', + id: 'T1555.002', + reference: 'https://attack.mitre.org/techniques/T1555/002', + tactics: ['credential-access'], + techniqueId: 'T1555', + }, + { + name: 'Server', + id: 'T1583.004', + reference: 'https://attack.mitre.org/techniques/T1583/004', + tactics: ['resource-development'], + techniqueId: 'T1583', + }, + { + name: 'Server', + id: 'T1584.004', + reference: 'https://attack.mitre.org/techniques/T1584/004', + tactics: ['resource-development'], + techniqueId: 'T1584', + }, + { + name: 'Service Execution', + id: 'T1569.002', + reference: 'https://attack.mitre.org/techniques/T1569/002', + tactics: ['execution'], + techniqueId: 'T1569', + }, + { + name: 'Service Exhaustion Flood', + id: 'T1499.002', + reference: 'https://attack.mitre.org/techniques/T1499/002', + tactics: ['impact'], + techniqueId: 'T1499', + }, + { + name: 'Services File Permissions Weakness', + id: 'T1574.010', + reference: 'https://attack.mitre.org/techniques/T1574/010', + tactics: ['persistence', 'privilege-escalation', 'defense-evasion'], + techniqueId: 'T1574', + }, + { + name: 'Services Registry Permissions Weakness', + id: 'T1574.011', + reference: 'https://attack.mitre.org/techniques/T1574/011', + tactics: ['persistence', 'privilege-escalation', 'defense-evasion'], + techniqueId: 'T1574', + }, + { + name: 'Setuid and Setgid', + id: 'T1548.001', + reference: 'https://attack.mitre.org/techniques/T1548/001', + tactics: ['privilege-escalation', 'defense-evasion'], + techniqueId: 'T1548', + }, + { + name: 'Sharepoint', + id: 'T1213.002', + reference: 'https://attack.mitre.org/techniques/T1213/002', + tactics: ['collection'], + techniqueId: 'T1213', + }, + { + name: 'Shortcut Modification', + id: 'T1547.009', + reference: 'https://attack.mitre.org/techniques/T1547/009', + tactics: ['persistence', 'privilege-escalation'], + techniqueId: 'T1547', + }, + { + name: 'Silver Ticket', + id: 'T1558.002', + reference: 'https://attack.mitre.org/techniques/T1558/002', + tactics: ['credential-access'], + techniqueId: 'T1558', + }, + { + name: 'Social Media', + id: 'T1593.001', + reference: 'https://attack.mitre.org/techniques/T1593/001', + tactics: ['reconnaissance'], + techniqueId: 'T1593', + }, + { + name: 'Social Media Accounts', + id: 'T1586.001', + reference: 'https://attack.mitre.org/techniques/T1586/001', + tactics: ['resource-development'], + techniqueId: 'T1586', + }, + { + name: 'Social Media Accounts', + id: 'T1585.001', + reference: 'https://attack.mitre.org/techniques/T1585/001', + tactics: ['resource-development'], + techniqueId: 'T1585', + }, + { + name: 'Software', + id: 'T1592.002', + reference: 'https://attack.mitre.org/techniques/T1592/002', + tactics: ['reconnaissance'], + techniqueId: 'T1592', + }, + { + name: 'Software Packing', + id: 'T1027.002', + reference: 'https://attack.mitre.org/techniques/T1027/002', + tactics: ['defense-evasion'], + techniqueId: 'T1027', + }, + { + name: 'Space after Filename', + id: 'T1036.006', + reference: 'https://attack.mitre.org/techniques/T1036/006', + tactics: ['defense-evasion'], + techniqueId: 'T1036', + }, + { + name: 'Spearphishing Attachment', + id: 'T1566.001', + reference: 'https://attack.mitre.org/techniques/T1566/001', + tactics: ['initial-access'], + techniqueId: 'T1566', + }, + { + name: 'Spearphishing Attachment', + id: 'T1598.002', + reference: 'https://attack.mitre.org/techniques/T1598/002', + tactics: ['reconnaissance'], + techniqueId: 'T1598', + }, + { + name: 'Spearphishing Link', + id: 'T1566.002', + reference: 'https://attack.mitre.org/techniques/T1566/002', + tactics: ['initial-access'], + techniqueId: 'T1566', + }, + { + name: 'Spearphishing Link', + id: 'T1598.003', + reference: 'https://attack.mitre.org/techniques/T1598/003', + tactics: ['reconnaissance'], + techniqueId: 'T1598', + }, + { + name: 'Spearphishing Service', + id: 'T1598.001', + reference: 'https://attack.mitre.org/techniques/T1598/001', + tactics: ['reconnaissance'], + techniqueId: 'T1598', + }, + { + name: 'Spearphishing via Service', + id: 'T1566.003', + reference: 'https://attack.mitre.org/techniques/T1566/003', + tactics: ['initial-access'], + techniqueId: 'T1566', + }, + { + name: 'Standard Encoding', + id: 'T1132.001', + reference: 'https://attack.mitre.org/techniques/T1132/001', + tactics: ['command-and-control'], + techniqueId: 'T1132', + }, + { + name: 'Startup Items', + id: 'T1037.005', + reference: 'https://attack.mitre.org/techniques/T1037/005', + tactics: ['persistence', 'privilege-escalation'], + techniqueId: 'T1037', + }, + { + name: 'Steganography', + id: 'T1027.003', + reference: 'https://attack.mitre.org/techniques/T1027/003', + tactics: ['defense-evasion'], + techniqueId: 'T1027', + }, + { + name: 'Steganography', + id: 'T1001.002', + reference: 'https://attack.mitre.org/techniques/T1001/002', + tactics: ['command-and-control'], + techniqueId: 'T1001', + }, + { + name: 'Stored Data Manipulation', + id: 'T1565.001', + reference: 'https://attack.mitre.org/techniques/T1565/001', + tactics: ['impact'], + techniqueId: 'T1565', + }, + { + name: 'Sudo and Sudo Caching', + id: 'T1548.003', + reference: 'https://attack.mitre.org/techniques/T1548/003', + tactics: ['privilege-escalation', 'defense-evasion'], + techniqueId: 'T1548', + }, + { + name: 'Symmetric Cryptography', + id: 'T1573.001', + reference: 'https://attack.mitre.org/techniques/T1573/001', + tactics: ['command-and-control'], + techniqueId: 'T1573', + }, + { + name: 'System Checks', + id: 'T1497.001', + reference: 'https://attack.mitre.org/techniques/T1497/001', + tactics: ['defense-evasion', 'discovery'], + techniqueId: 'T1497', + }, + { + name: 'System Firmware', + id: 'T1542.001', + reference: 'https://attack.mitre.org/techniques/T1542/001', + tactics: ['persistence', 'defense-evasion'], + techniqueId: 'T1542', + }, + { + name: 'System Language Discovery', + id: 'T1614.001', + reference: 'https://attack.mitre.org/techniques/T1614/001', + tactics: ['discovery'], + techniqueId: 'T1614', + }, + { + name: 'Systemd Service', + id: 'T1543.002', + reference: 'https://attack.mitre.org/techniques/T1543/002', + tactics: ['persistence', 'privilege-escalation'], + techniqueId: 'T1543', + }, + { + name: 'Systemd Timers', + id: 'T1053.006', + reference: 'https://attack.mitre.org/techniques/T1053/006', + tactics: ['execution', 'persistence', 'privilege-escalation'], + techniqueId: 'T1053', + }, + { + name: 'TFTP Boot', + id: 'T1542.005', + reference: 'https://attack.mitre.org/techniques/T1542/005', + tactics: ['defense-evasion', 'persistence'], + techniqueId: 'T1542', + }, + { + name: 'Terminal Services DLL', + id: 'T1505.005', + reference: 'https://attack.mitre.org/techniques/T1505/005', + tactics: ['persistence'], + techniqueId: 'T1505', + }, + { + name: 'Thread Execution Hijacking', + id: 'T1055.003', + reference: 'https://attack.mitre.org/techniques/T1055/003', + tactics: ['defense-evasion', 'privilege-escalation'], + techniqueId: 'T1055', + }, + { + name: 'Thread Local Storage', + id: 'T1055.005', + reference: 'https://attack.mitre.org/techniques/T1055/005', + tactics: ['defense-evasion', 'privilege-escalation'], + techniqueId: 'T1055', + }, + { + name: 'Threat Intel Vendors', + id: 'T1597.001', + reference: 'https://attack.mitre.org/techniques/T1597/001', + tactics: ['reconnaissance'], + techniqueId: 'T1597', + }, + { + name: 'Time Based Evasion', + id: 'T1497.003', + reference: 'https://attack.mitre.org/techniques/T1497/003', + tactics: ['defense-evasion', 'discovery'], + techniqueId: 'T1497', + }, + { + name: 'Time Providers', + id: 'T1547.003', + reference: 'https://attack.mitre.org/techniques/T1547/003', + tactics: ['persistence', 'privilege-escalation'], + techniqueId: 'T1547', + }, + { + name: 'Timestomp', + id: 'T1070.006', + reference: 'https://attack.mitre.org/techniques/T1070/006', + tactics: ['defense-evasion'], + techniqueId: 'T1070', + }, + { + name: 'Token Impersonation/Theft', + id: 'T1134.001', + reference: 'https://attack.mitre.org/techniques/T1134/001', + tactics: ['defense-evasion', 'privilege-escalation'], + techniqueId: 'T1134', + }, + { + name: 'Tool', + id: 'T1588.002', + reference: 'https://attack.mitre.org/techniques/T1588/002', + tactics: ['resource-development'], + techniqueId: 'T1588', + }, + { + name: 'Traffic Duplication', + id: 'T1020.001', + reference: 'https://attack.mitre.org/techniques/T1020/001', + tactics: ['exfiltration'], + techniqueId: 'T1020', + }, + { + name: 'Transmitted Data Manipulation', + id: 'T1565.002', + reference: 'https://attack.mitre.org/techniques/T1565/002', + tactics: ['impact'], + techniqueId: 'T1565', + }, + { + name: 'Transport Agent', + id: 'T1505.002', + reference: 'https://attack.mitre.org/techniques/T1505/002', + tactics: ['persistence'], + techniqueId: 'T1505', + }, + { + name: 'Trap', + id: 'T1546.005', + reference: 'https://attack.mitre.org/techniques/T1546/005', + tactics: ['privilege-escalation', 'persistence'], + techniqueId: 'T1546', + }, + { + name: 'Unix Shell', + id: 'T1059.004', + reference: 'https://attack.mitre.org/techniques/T1059/004', + tactics: ['execution'], + techniqueId: 'T1059', + }, + { + name: 'Unix Shell Configuration Modification', + id: 'T1546.004', + reference: 'https://attack.mitre.org/techniques/T1546/004', + tactics: ['privilege-escalation', 'persistence'], + techniqueId: 'T1546', + }, + { + name: 'Upload Malware', + id: 'T1608.001', + reference: 'https://attack.mitre.org/techniques/T1608/001', + tactics: ['resource-development'], + techniqueId: 'T1608', + }, + { + name: 'Upload Tool', + id: 'T1608.002', + reference: 'https://attack.mitre.org/techniques/T1608/002', + tactics: ['resource-development'], + techniqueId: 'T1608', + }, + { + name: 'User Activity Based Checks', + id: 'T1497.002', + reference: 'https://attack.mitre.org/techniques/T1497/002', + tactics: ['defense-evasion', 'discovery'], + techniqueId: 'T1497', + }, + { + name: 'VBA Stomping', + id: 'T1564.007', + reference: 'https://attack.mitre.org/techniques/T1564/007', + tactics: ['defense-evasion'], + techniqueId: 'T1564', + }, + { + name: 'VDSO Hijacking', + id: 'T1055.014', + reference: 'https://attack.mitre.org/techniques/T1055/014', + tactics: ['defense-evasion', 'privilege-escalation'], + techniqueId: 'T1055', + }, + { + name: 'VNC', + id: 'T1021.005', + reference: 'https://attack.mitre.org/techniques/T1021/005', + tactics: ['lateral-movement'], + techniqueId: 'T1021', + }, + { + name: 'Verclsid', + id: 'T1218.012', + reference: 'https://attack.mitre.org/techniques/T1218/012', + tactics: ['defense-evasion'], + techniqueId: 'T1218', + }, + { + name: 'Virtual Private Server', + id: 'T1584.003', + reference: 'https://attack.mitre.org/techniques/T1584/003', + tactics: ['resource-development'], + techniqueId: 'T1584', + }, + { + name: 'Virtual Private Server', + id: 'T1583.003', + reference: 'https://attack.mitre.org/techniques/T1583/003', + tactics: ['resource-development'], + techniqueId: 'T1583', + }, + { + name: 'Visual Basic', + id: 'T1059.005', + reference: 'https://attack.mitre.org/techniques/T1059/005', + tactics: ['execution'], + techniqueId: 'T1059', + }, + { + name: 'Vulnerabilities', + id: 'T1588.006', + reference: 'https://attack.mitre.org/techniques/T1588/006', + tactics: ['resource-development'], + techniqueId: 'T1588', + }, + { + name: 'Vulnerability Scanning', + id: 'T1595.002', + reference: 'https://attack.mitre.org/techniques/T1595/002', + tactics: ['reconnaissance'], + techniqueId: 'T1595', + }, + { + name: 'WHOIS', + id: 'T1596.002', + reference: 'https://attack.mitre.org/techniques/T1596/002', + tactics: ['reconnaissance'], + techniqueId: 'T1596', + }, + { + name: 'Web Cookies', + id: 'T1606.001', + reference: 'https://attack.mitre.org/techniques/T1606/001', + tactics: ['credential-access'], + techniqueId: 'T1606', + }, + { + name: 'Web Portal Capture', + id: 'T1056.003', + reference: 'https://attack.mitre.org/techniques/T1056/003', + tactics: ['collection', 'credential-access'], + techniqueId: 'T1056', + }, + { + name: 'Web Protocols', + id: 'T1071.001', + reference: 'https://attack.mitre.org/techniques/T1071/001', + tactics: ['command-and-control'], + techniqueId: 'T1071', + }, + { + name: 'Web Services', + id: 'T1583.006', + reference: 'https://attack.mitre.org/techniques/T1583/006', + tactics: ['resource-development'], + techniqueId: 'T1583', + }, + { + name: 'Web Services', + id: 'T1584.006', + reference: 'https://attack.mitre.org/techniques/T1584/006', + tactics: ['resource-development'], + techniqueId: 'T1584', + }, + { + name: 'Web Session Cookie', + id: 'T1550.004', + reference: 'https://attack.mitre.org/techniques/T1550/004', + tactics: ['defense-evasion', 'lateral-movement'], + techniqueId: 'T1550', + }, + { + name: 'Web Shell', + id: 'T1505.003', + reference: 'https://attack.mitre.org/techniques/T1505/003', + tactics: ['persistence'], + techniqueId: 'T1505', + }, + { + name: 'Windows Command Shell', + id: 'T1059.003', + reference: 'https://attack.mitre.org/techniques/T1059/003', + tactics: ['execution'], + techniqueId: 'T1059', + }, + { + name: 'Windows Credential Manager', + id: 'T1555.004', + reference: 'https://attack.mitre.org/techniques/T1555/004', + tactics: ['credential-access'], + techniqueId: 'T1555', + }, + { + name: 'Windows File and Directory Permissions Modification', + id: 'T1222.001', + reference: 'https://attack.mitre.org/techniques/T1222/001', + tactics: ['defense-evasion'], + techniqueId: 'T1222', + }, + { + name: 'Windows Management Instrumentation Event Subscription', + id: 'T1546.003', + reference: 'https://attack.mitre.org/techniques/T1546/003', + tactics: ['privilege-escalation', 'persistence'], + techniqueId: 'T1546', + }, + { + name: 'Windows Remote Management', + id: 'T1021.006', + reference: 'https://attack.mitre.org/techniques/T1021/006', + tactics: ['lateral-movement'], + techniqueId: 'T1021', + }, + { + name: 'Windows Service', + id: 'T1543.003', + reference: 'https://attack.mitre.org/techniques/T1543/003', + tactics: ['persistence', 'privilege-escalation'], + techniqueId: 'T1543', + }, + { + name: 'Winlogon Helper DLL', + id: 'T1547.004', + reference: 'https://attack.mitre.org/techniques/T1547/004', + tactics: ['persistence', 'privilege-escalation'], + techniqueId: 'T1547', + }, + { + name: 'Wordlist Scanning', + id: 'T1595.003', + reference: 'https://attack.mitre.org/techniques/T1595/003', + tactics: ['reconnaissance'], + techniqueId: 'T1595', + }, + { + name: 'XDG Autostart Entries', + id: 'T1547.013', + reference: 'https://attack.mitre.org/techniques/T1547/013', + tactics: ['persistence', 'privilege-escalation'], + techniqueId: 'T1547', + }, + { + name: 'XPC Services', + id: 'T1559.003', + reference: 'https://attack.mitre.org/techniques/T1559/003', + tactics: ['execution'], + techniqueId: 'T1559', + }, +]; + +export const subtechniquesOptions: MitreSubtechniquesOptions[] = [ + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.etcPasswdAndEtcShadowT1003Description', + { defaultMessage: '/etc/passwd and /etc/shadow (T1003.008)' } + ), + id: 'T1003.008', + name: '/etc/passwd and /etc/shadow', + reference: 'https://attack.mitre.org/techniques/T1003/008', + tactics: 'credential-access', + techniqueId: 'T1003', + value: 'etcPasswdAndEtcShadow', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.arpCachePoisoningT1557Description', + { defaultMessage: 'ARP Cache Poisoning (T1557.002)' } + ), + id: 'T1557.002', + name: 'ARP Cache Poisoning', + reference: 'https://attack.mitre.org/techniques/T1557/002', + tactics: 'credential-access,collection', + techniqueId: 'T1557', + value: 'arpCachePoisoning', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.asRepRoastingT1558Description', + { defaultMessage: 'AS-REP Roasting (T1558.004)' } + ), + id: 'T1558.004', + name: 'AS-REP Roasting', + reference: 'https://attack.mitre.org/techniques/T1558/004', + tactics: 'credential-access', + techniqueId: 'T1558', + value: 'asRepRoasting', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.accessibilityFeaturesT1546Description', + { defaultMessage: 'Accessibility Features (T1546.008)' } + ), + id: 'T1546.008', + name: 'Accessibility Features', + reference: 'https://attack.mitre.org/techniques/T1546/008', + tactics: 'privilege-escalation,persistence', + techniqueId: 'T1546', + value: 'accessibilityFeatures', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.activeSetupT1547Description', + { defaultMessage: 'Active Setup (T1547.014)' } + ), + id: 'T1547.014', + name: 'Active Setup', + reference: 'https://attack.mitre.org/techniques/T1547/014', + tactics: 'persistence,privilege-escalation', + techniqueId: 'T1547', + value: 'activeSetup', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.addInsT1137Description', + { defaultMessage: 'Add-ins (T1137.006)' } + ), + id: 'T1137.006', + name: 'Add-ins', + reference: 'https://attack.mitre.org/techniques/T1137/006', + tactics: 'persistence', + techniqueId: 'T1137', + value: 'addIns', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.additionalCloudCredentialsT1098Description', + { defaultMessage: 'Additional Cloud Credentials (T1098.001)' } + ), + id: 'T1098.001', + name: 'Additional Cloud Credentials', + reference: 'https://attack.mitre.org/techniques/T1098/001', + tactics: 'persistence', + techniqueId: 'T1098', + value: 'additionalCloudCredentials', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.additionalCloudRolesT1098Description', + { defaultMessage: 'Additional Cloud Roles (T1098.003)' } + ), + id: 'T1098.003', + name: 'Additional Cloud Roles', + reference: 'https://attack.mitre.org/techniques/T1098/003', + tactics: 'persistence', + techniqueId: 'T1098', + value: 'additionalCloudRoles', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.additionalEmailDelegatePermissionsT1098Description', + { defaultMessage: 'Additional Email Delegate Permissions (T1098.002)' } + ), + id: 'T1098.002', + name: 'Additional Email Delegate Permissions', + reference: 'https://attack.mitre.org/techniques/T1098/002', + tactics: 'persistence', + techniqueId: 'T1098', + value: 'additionalEmailDelegatePermissions', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.appCertDlLsT1546Description', + { defaultMessage: 'AppCert DLLs (T1546.009)' } + ), + id: 'T1546.009', + name: 'AppCert DLLs', + reference: 'https://attack.mitre.org/techniques/T1546/009', + tactics: 'privilege-escalation,persistence', + techniqueId: 'T1546', + value: 'appCertDlLs', }, { label: i18n.translate( @@ -3865,27 +8840,27 @@ export const subtechniquesOptions: MitreSubtechniquesOptions[] = [ }, { label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.atLinuxT1053Description', - { defaultMessage: 'At (Linux) (T1053.001)' } + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.atT1053Description', + { defaultMessage: 'At (T1053.002)' } ), - id: 'T1053.001', - name: 'At (Linux)', - reference: 'https://attack.mitre.org/techniques/T1053/001', + id: 'T1053.002', + name: 'At', + reference: 'https://attack.mitre.org/techniques/T1053/002', tactics: 'execution,persistence,privilege-escalation', techniqueId: 'T1053', - value: 'atLinux', + value: 'at', }, { label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.atWindowsT1053Description', - { defaultMessage: 'At (Windows) (T1053.002)' } + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.atLinuxT1053Description', + { defaultMessage: 'At (Linux) (T1053.001)' } ), - id: 'T1053.002', - name: 'At (Windows)', - reference: 'https://attack.mitre.org/techniques/T1053/002', + id: 'T1053.001', + name: 'At (Linux)', + reference: 'https://attack.mitre.org/techniques/T1053/001', tactics: 'execution,persistence,privilege-escalation', techniqueId: 'T1053', - value: 'atWindows', + value: 'atLinux', }, { label: i18n.translate( @@ -4103,18 +9078,6 @@ export const subtechniquesOptions: MitreSubtechniquesOptions[] = [ techniqueId: 'T1592', value: 'clientConfigurations', }, - { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.cloudAccountT1136Description', - { defaultMessage: 'Cloud Account (T1136.003)' } - ), - id: 'T1136.003', - name: 'Cloud Account', - reference: 'https://attack.mitre.org/techniques/T1136/003', - tactics: 'persistence', - techniqueId: 'T1136', - value: 'cloudAccount', - }, { label: i18n.translate( 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.cloudAccountT1087Description', @@ -4127,6 +9090,18 @@ export const subtechniquesOptions: MitreSubtechniquesOptions[] = [ techniqueId: 'T1087', value: 'cloudAccount', }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.cloudAccountT1136Description', + { defaultMessage: 'Cloud Account (T1136.003)' } + ), + id: 'T1136.003', + name: 'Cloud Account', + reference: 'https://attack.mitre.org/techniques/T1136/003', + tactics: 'persistence', + techniqueId: 'T1136', + value: 'cloudAccount', + }, { label: i18n.translate( 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.cloudAccountsT1078Description', @@ -4499,6 +9474,18 @@ export const subtechniquesOptions: MitreSubtechniquesOptions[] = [ techniqueId: 'T1003', value: 'dcSync', }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.dhcpSpoofingT1557Description', + { defaultMessage: 'DHCP Spoofing (T1557.003)' } + ), + id: 'T1557.003', + name: 'DHCP Spoofing', + reference: 'https://attack.mitre.org/techniques/T1557/003', + tactics: 'credential-access,collection', + techniqueId: 'T1557', + value: 'dhcpSpoofing', + }, { label: i18n.translate( 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.dllSearchOrderHijackingT1574Description', @@ -4523,18 +9510,6 @@ export const subtechniquesOptions: MitreSubtechniquesOptions[] = [ techniqueId: 'T1574', value: 'dllSideLoading', }, - { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.dnsT1071Description', - { defaultMessage: 'DNS (T1071.004)' } - ), - id: 'T1071.004', - name: 'DNS', - reference: 'https://attack.mitre.org/techniques/T1071/004', - tactics: 'command-and-control', - techniqueId: 'T1071', - value: 'dns', - }, { label: i18n.translate( 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.dnsT1590Description', @@ -4547,6 +9522,18 @@ export const subtechniquesOptions: MitreSubtechniquesOptions[] = [ techniqueId: 'T1590', value: 'dns', }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.dnsT1071Description', + { defaultMessage: 'DNS (T1071.004)' } + ), + id: 'T1071.004', + name: 'DNS', + reference: 'https://attack.mitre.org/techniques/T1071/004', + tactics: 'command-and-control', + techniqueId: 'T1071', + value: 'dns', + }, { label: i18n.translate( 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.dnsCalculationT1568Description', @@ -4645,14 +9632,26 @@ export const subtechniquesOptions: MitreSubtechniquesOptions[] = [ }, { label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.digitalCertificatesT1587Description', - { defaultMessage: 'Digital Certificates (T1587.003)' } + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.deviceRegistrationT1098Description', + { defaultMessage: 'Device Registration (T1098.005)' } ), - id: 'T1587.003', + id: 'T1098.005', + name: 'Device Registration', + reference: 'https://attack.mitre.org/techniques/T1098/005', + tactics: 'persistence', + techniqueId: 'T1098', + value: 'deviceRegistration', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.digitalCertificatesT1596Description', + { defaultMessage: 'Digital Certificates (T1596.003)' } + ), + id: 'T1596.003', name: 'Digital Certificates', - reference: 'https://attack.mitre.org/techniques/T1587/003', - tactics: 'resource-development', - techniqueId: 'T1587', + reference: 'https://attack.mitre.org/techniques/T1596/003', + tactics: 'reconnaissance', + techniqueId: 'T1596', value: 'digitalCertificates', }, { @@ -4669,14 +9668,14 @@ export const subtechniquesOptions: MitreSubtechniquesOptions[] = [ }, { label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.digitalCertificatesT1596Description', - { defaultMessage: 'Digital Certificates (T1596.003)' } + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.digitalCertificatesT1587Description', + { defaultMessage: 'Digital Certificates (T1587.003)' } ), - id: 'T1596.003', + id: 'T1587.003', name: 'Digital Certificates', - reference: 'https://attack.mitre.org/techniques/T1596/003', - tactics: 'reconnaissance', - techniqueId: 'T1596', + reference: 'https://attack.mitre.org/techniques/T1587/003', + tactics: 'resource-development', + techniqueId: 'T1587', value: 'digitalCertificates', }, { @@ -4799,18 +9798,6 @@ export const subtechniquesOptions: MitreSubtechniquesOptions[] = [ techniqueId: 'T1021', value: 'distributedComponentObjectModel', }, - { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.domainAccountT1136Description', - { defaultMessage: 'Domain Account (T1136.002)' } - ), - id: 'T1136.002', - name: 'Domain Account', - reference: 'https://attack.mitre.org/techniques/T1136/002', - tactics: 'persistence', - techniqueId: 'T1136', - value: 'domainAccount', - }, { label: i18n.translate( 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.domainAccountT1087Description', @@ -4823,6 +9810,18 @@ export const subtechniquesOptions: MitreSubtechniquesOptions[] = [ techniqueId: 'T1087', value: 'domainAccount', }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.domainAccountT1136Description', + { defaultMessage: 'Domain Account (T1136.002)' } + ), + id: 'T1136.002', + name: 'Domain Account', + reference: 'https://attack.mitre.org/techniques/T1136/002', + tactics: 'persistence', + techniqueId: 'T1136', + value: 'domainAccount', + }, { label: i18n.translate( 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.domainAccountsT1078Description', @@ -5053,26 +10052,26 @@ export const subtechniquesOptions: MitreSubtechniquesOptions[] = [ }, { label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.emailAccountsT1585Description', - { defaultMessage: 'Email Accounts (T1585.002)' } + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.emailAccountsT1586Description', + { defaultMessage: 'Email Accounts (T1586.002)' } ), - id: 'T1585.002', + id: 'T1586.002', name: 'Email Accounts', - reference: 'https://attack.mitre.org/techniques/T1585/002', + reference: 'https://attack.mitre.org/techniques/T1586/002', tactics: 'resource-development', - techniqueId: 'T1585', + techniqueId: 'T1586', value: 'emailAccounts', }, { label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.emailAccountsT1586Description', - { defaultMessage: 'Email Accounts (T1586.002)' } + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.emailAccountsT1585Description', + { defaultMessage: 'Email Accounts (T1585.002)' } ), - id: 'T1586.002', + id: 'T1585.002', name: 'Email Accounts', - reference: 'https://attack.mitre.org/techniques/T1586/002', + reference: 'https://attack.mitre.org/techniques/T1585/002', tactics: 'resource-development', - techniqueId: 'T1586', + techniqueId: 'T1585', value: 'emailAccounts', }, { @@ -5147,18 +10146,6 @@ export const subtechniquesOptions: MitreSubtechniquesOptions[] = [ techniqueId: 'T1480', value: 'environmentalKeying', }, - { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.exchangeEmailDelegatePermissionsT1098Description', - { defaultMessage: 'Exchange Email Delegate Permissions (T1098.002)' } - ), - id: 'T1098.002', - name: 'Exchange Email Delegate Permissions', - reference: 'https://attack.mitre.org/techniques/T1098/002', - tactics: 'persistence', - techniqueId: 'T1098', - value: 'exchangeEmailDelegatePermissions', - }, { label: i18n.translate( 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.executableInstallerFilePermissionsWeaknessT1574Description', @@ -5209,15 +10196,15 @@ export const subtechniquesOptions: MitreSubtechniquesOptions[] = [ }, { label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.exfiltrationOverUnencryptedObfuscatedNonC2ProtocolT1048Description', - { defaultMessage: 'Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol (T1048.003)' } + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.exfiltrationOverUnencryptedNonC2ProtocolT1048Description', + { defaultMessage: 'Exfiltration Over Unencrypted Non-C2 Protocol (T1048.003)' } ), id: 'T1048.003', - name: 'Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol', + name: 'Exfiltration Over Unencrypted Non-C2 Protocol', reference: 'https://attack.mitre.org/techniques/T1048/003', tactics: 'exfiltration', techniqueId: 'T1048', - value: 'exfiltrationOverUnencryptedObfuscatedNonC2Protocol', + value: 'exfiltrationOverUnencryptedNonC2Protocol', }, { label: i18n.translate( @@ -5723,6 +10710,18 @@ export const subtechniquesOptions: MitreSubtechniquesOptions[] = [ techniqueId: 'T1547', value: 'kernelModulesAndExtensions', }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.kernelCallbackTableT1574Description', + { defaultMessage: 'KernelCallbackTable (T1574.013)' } + ), + id: 'T1574.013', + name: 'KernelCallbackTable', + reference: 'https://attack.mitre.org/techniques/T1574/013', + tactics: 'persistence,privilege-escalation,defense-evasion', + techniqueId: 'T1574', + value: 'kernelCallbackTable', + }, { label: i18n.translate( 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.keychainT1555Description', @@ -5881,15 +10880,15 @@ export const subtechniquesOptions: MitreSubtechniquesOptions[] = [ }, { label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.localAccountT1136Description', - { defaultMessage: 'Local Account (T1136.001)' } + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.listPlantingT1055Description', + { defaultMessage: 'ListPlanting (T1055.015)' } ), - id: 'T1136.001', - name: 'Local Account', - reference: 'https://attack.mitre.org/techniques/T1136/001', - tactics: 'persistence', - techniqueId: 'T1136', - value: 'localAccount', + id: 'T1055.015', + name: 'ListPlanting', + reference: 'https://attack.mitre.org/techniques/T1055/015', + tactics: 'defense-evasion,privilege-escalation', + techniqueId: 'T1055', + value: 'listPlanting', }, { label: i18n.translate( @@ -5903,6 +10902,18 @@ export const subtechniquesOptions: MitreSubtechniquesOptions[] = [ techniqueId: 'T1087', value: 'localAccount', }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.localAccountT1136Description', + { defaultMessage: 'Local Account (T1136.001)' } + ), + id: 'T1136.001', + name: 'Local Account', + reference: 'https://attack.mitre.org/techniques/T1136/001', + tactics: 'persistence', + techniqueId: 'T1136', + value: 'localAccount', + }, { label: i18n.translate( 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.localAccountsT1078Description', @@ -5951,6 +10962,18 @@ export const subtechniquesOptions: MitreSubtechniquesOptions[] = [ techniqueId: 'T1069', value: 'localGroups', }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.loginHookT1037Description', + { defaultMessage: 'Login Hook (T1037.002)' } + ), + id: 'T1037.002', + name: 'Login Hook', + reference: 'https://attack.mitre.org/techniques/T1037/002', + tactics: 'persistence,privilege-escalation', + techniqueId: 'T1037', + value: 'loginHook', + }, { label: i18n.translate( 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.loginItemsT1547Description', @@ -5963,18 +10986,6 @@ export const subtechniquesOptions: MitreSubtechniquesOptions[] = [ techniqueId: 'T1547', value: 'loginItems', }, - { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.logonScriptMacT1037Description', - { defaultMessage: 'Logon Script (Mac) (T1037.002)' } - ), - id: 'T1037.002', - name: 'Logon Script (Mac)', - reference: 'https://attack.mitre.org/techniques/T1037/002', - tactics: 'persistence,privilege-escalation', - techniqueId: 'T1037', - value: 'logonScriptMac', - }, { label: i18n.translate( 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.logonScriptWindowsT1037Description', @@ -6707,6 +11718,18 @@ export const subtechniquesOptions: MitreSubtechniquesOptions[] = [ techniqueId: 'T1055', value: 'procMemory', }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.processArgumentSpoofingT1564Description', + { defaultMessage: 'Process Argument Spoofing (T1564.010)' } + ), + id: 'T1564.010', + name: 'Process Argument Spoofing', + reference: 'https://attack.mitre.org/techniques/T1564/010', + tactics: 'defense-evasion', + techniqueId: 'T1564', + value: 'processArgumentSpoofing', + }, { label: i18n.translate( 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.processDoppelgangingT1055Description', @@ -6959,6 +11982,18 @@ export const subtechniquesOptions: MitreSubtechniquesOptions[] = [ techniqueId: 'T1564', value: 'resourceForking', }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.reversibleEncryptionT1556Description', + { defaultMessage: 'Reversible Encryption (T1556.005)' } + ), + id: 'T1556.005', + name: 'Reversible Encryption', + reference: 'https://attack.mitre.org/techniques/T1556/005', + tactics: 'credential-access,defense-evasion,persistence', + techniqueId: 'T1556', + value: 'reversibleEncryption', + }, { label: i18n.translate( 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.revertCloudInstanceT1578Description', @@ -7381,26 +12416,26 @@ export const subtechniquesOptions: MitreSubtechniquesOptions[] = [ }, { label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.socialMediaAccountsT1585Description', - { defaultMessage: 'Social Media Accounts (T1585.001)' } + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.socialMediaAccountsT1586Description', + { defaultMessage: 'Social Media Accounts (T1586.001)' } ), - id: 'T1585.001', + id: 'T1586.001', name: 'Social Media Accounts', - reference: 'https://attack.mitre.org/techniques/T1585/001', + reference: 'https://attack.mitre.org/techniques/T1586/001', tactics: 'resource-development', - techniqueId: 'T1585', + techniqueId: 'T1586', value: 'socialMediaAccounts', }, { label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.socialMediaAccountsT1586Description', - { defaultMessage: 'Social Media Accounts (T1586.001)' } + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.socialMediaAccountsT1585Description', + { defaultMessage: 'Social Media Accounts (T1585.001)' } ), - id: 'T1586.001', + id: 'T1585.001', name: 'Social Media Accounts', - reference: 'https://attack.mitre.org/techniques/T1586/001', + reference: 'https://attack.mitre.org/techniques/T1585/001', tactics: 'resource-development', - techniqueId: 'T1586', + techniqueId: 'T1585', value: 'socialMediaAccounts', }, { @@ -7667,6 +12702,18 @@ export const subtechniquesOptions: MitreSubtechniquesOptions[] = [ techniqueId: 'T1542', value: 'tftpBoot', }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.terminalServicesDllT1505Description', + { defaultMessage: 'Terminal Services DLL (T1505.005)' } + ), + id: 'T1505.005', + name: 'Terminal Services DLL', + reference: 'https://attack.mitre.org/techniques/T1505/005', + tactics: 'persistence', + techniqueId: 'T1505', + value: 'terminalServicesDll', + }, { label: i18n.translate( 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.threadExecutionHijackingT1055Description', @@ -7921,26 +12968,26 @@ export const subtechniquesOptions: MitreSubtechniquesOptions[] = [ }, { label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.virtualPrivateServerT1583Description', - { defaultMessage: 'Virtual Private Server (T1583.003)' } + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.virtualPrivateServerT1584Description', + { defaultMessage: 'Virtual Private Server (T1584.003)' } ), - id: 'T1583.003', + id: 'T1584.003', name: 'Virtual Private Server', - reference: 'https://attack.mitre.org/techniques/T1583/003', + reference: 'https://attack.mitre.org/techniques/T1584/003', tactics: 'resource-development', - techniqueId: 'T1583', + techniqueId: 'T1584', value: 'virtualPrivateServer', }, { label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.virtualPrivateServerT1584Description', - { defaultMessage: 'Virtual Private Server (T1584.003)' } + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.virtualPrivateServerT1583Description', + { defaultMessage: 'Virtual Private Server (T1583.003)' } ), - id: 'T1584.003', + id: 'T1583.003', name: 'Virtual Private Server', - reference: 'https://attack.mitre.org/techniques/T1584/003', + reference: 'https://attack.mitre.org/techniques/T1583/003', tactics: 'resource-development', - techniqueId: 'T1584', + techniqueId: 'T1583', value: 'virtualPrivateServer', }, { @@ -8159,6 +13206,18 @@ export const subtechniquesOptions: MitreSubtechniquesOptions[] = [ techniqueId: 'T1547', value: 'winlogonHelperDll', }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.wordlistScanningT1595Description', + { defaultMessage: 'Wordlist Scanning (T1595.003)' } + ), + id: 'T1595.003', + name: 'Wordlist Scanning', + reference: 'https://attack.mitre.org/techniques/T1595/003', + tactics: 'reconnaissance', + techniqueId: 'T1595', + value: 'wordlistScanning', + }, { label: i18n.translate( 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.xdgAutostartEntriesT1547Description', @@ -8171,6 +13230,18 @@ export const subtechniquesOptions: MitreSubtechniquesOptions[] = [ techniqueId: 'T1547', value: 'xdgAutostartEntries', }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.xpcServicesT1559Description', + { defaultMessage: 'XPC Services (T1559.003)' } + ), + id: 'T1559.003', + name: 'XPC Services', + reference: 'https://attack.mitre.org/techniques/T1559/003', + tactics: 'execution', + techniqueId: 'T1559', + value: 'xpcServices', + }, ]; /** diff --git a/x-pack/plugins/security_solution/scripts/extract_tactics_techniques_mitre.js b/x-pack/plugins/security_solution/scripts/extract_tactics_techniques_mitre.js index b0b963872585a6..162357ae61e824 100644 --- a/x-pack/plugins/security_solution/scripts/extract_tactics_techniques_mitre.js +++ b/x-pack/plugins/security_solution/scripts/extract_tactics_techniques_mitre.js @@ -11,12 +11,16 @@ const fs = require('fs'); // eslint-disable-next-line import/no-extraneous-dependencies const fetch = require('node-fetch'); // eslint-disable-next-line import/no-extraneous-dependencies -const { camelCase, startCase } = require('lodash'); +const { camelCase, sortBy } = require('lodash'); const { resolve } = require('path'); const OUTPUT_DIRECTORY = resolve('public', 'detections', 'mitre'); -const MITRE_ENTERPRISE_ATTACK_URL = - 'https://raw.githubusercontent.com/mitre/cti/master/enterprise-attack/enterprise-attack.json'; + +// Every release we should update the version of MITRE ATT&CK content and regenerate the model in our code. +// This version must correspond to the one used for prebuilt rules in https://github.com/elastic/detection-rules. +// This version is basically a tag on https://github.com/mitre/cti/tags, or can be a branch name like `master`. +const MITRE_CONTENT_VERSION = 'ATT&CK-v11.3'; // last updated when preparing for 8.4.0 release +const MITRE_CONTENT_URL = `https://raw.githubusercontent.com/mitre/cti/${MITRE_CONTENT_VERSION}/enterprise-attack/enterprise-attack.json`; const getTacticsOptions = (tactics) => tactics.map((t) => @@ -67,98 +71,124 @@ const getSubtechniquesOptions = (subtechniques) => }`.replace(/(\r\n|\n|\r)/gm, ' ') ); -const getIdReference = (references) => - references.reduce( - (obj, extRef) => { - if (extRef.source_name === 'mitre-attack') { - return { - id: extRef.external_id, - reference: extRef.url, - }; +const getIdReference = (references) => { + const ref = references.find((r) => r.source_name === 'mitre-attack'); + if (ref != null) { + return { + id: ref.external_id, + reference: ref.url, + }; + } else { + return { id: '', reference: '' }; + } +}; + +const extractTacticsData = (mitreData) => { + const tactics = mitreData + .filter((obj) => obj.type === 'x-mitre-tactic') + .reduce((acc, item) => { + const { id, reference } = getIdReference(item.external_references); + + return [ + ...acc, + { + displayName: item.name, + shortName: item.x_mitre_shortname, + id, + reference, + }, + ]; + }, []); + + return sortBy(tactics, 'displayName'); +}; + +const normalizeTacticsData = (tacticsData) => { + return tacticsData.map((data) => { + const { displayName, id, reference } = data; + return { name: displayName, id, reference }; + }); +}; + +const extractTechniques = (mitreData) => { + const techniques = mitreData + .filter( + (obj) => + obj.type === 'attack-pattern' && + (obj.x_mitre_is_subtechnique === false || obj.x_mitre_is_subtechnique === undefined) + ) + .reduce((acc, item) => { + let tactics = []; + const { id, reference } = getIdReference(item.external_references); + if (item.kill_chain_phases != null && item.kill_chain_phases.length > 0) { + item.kill_chain_phases.forEach((tactic) => { + tactics = [...tactics, tactic.phase_name]; + }); } - return obj; - }, - { id: '', reference: '' } - ); -const buildMockThreatData = (tactics, techniques, subtechniques) => { + return [ + ...acc, + { + name: item.name, + id, + reference, + tactics, + }, + ]; + }, []); + + return sortBy(techniques, 'name'); +}; + +const extractSubtechniques = (mitreData) => { + const subtechniques = mitreData + .filter((obj) => obj.x_mitre_is_subtechnique === true) + .reduce((acc, item) => { + let tactics = []; + const { id, reference } = getIdReference(item.external_references); + if (item.kill_chain_phases != null && item.kill_chain_phases.length > 0) { + item.kill_chain_phases.forEach((tactic) => { + tactics = [...tactics, tactic.phase_name]; + }); + } + const techniqueId = id.split('.')[0]; + + return [ + ...acc, + { + name: item.name, + id, + reference, + tactics, + techniqueId, + }, + ]; + }, []); + + return sortBy(subtechniques, 'name'); +}; + +const buildMockThreatData = (tacticsData, techniques, subtechniques) => { const subtechnique = subtechniques[0]; const technique = techniques.find((technique) => technique.id === subtechnique.techniqueId); - const tactic = tactics.find( - (tactic) => tactic.name === startCase(camelCase(technique.tactics[0])) - ); + const tactic = tacticsData.find((tactic) => tactic.shortName === technique.tactics[0]); return { - tactic, + tactic: normalizeTacticsData([tactic])[0], technique, subtechnique, }; }; async function main() { - fetch(MITRE_ENTERPRISE_ATTACK_URL) + fetch(MITRE_CONTENT_URL) .then((res) => res.json()) .then((json) => { const mitreData = json.objects; - const tactics = mitreData - .filter((obj) => obj.type === 'x-mitre-tactic') - .reduce((acc, item) => { - const { id, reference } = getIdReference(item.external_references); - - return [ - ...acc, - { - name: item.name, - id, - reference, - }, - ]; - }, []); - const techniques = mitreData - .filter((obj) => obj.type === 'attack-pattern' && obj.x_mitre_is_subtechnique === false) - .reduce((acc, item) => { - let tactics = []; - const { id, reference } = getIdReference(item.external_references); - if (item.kill_chain_phases != null && item.kill_chain_phases.length > 0) { - item.kill_chain_phases.forEach((tactic) => { - tactics = [...tactics, tactic.phase_name]; - }); - } - - return [ - ...acc, - { - name: item.name, - id, - reference, - tactics, - }, - ]; - }, []); - - const subtechniques = mitreData - .filter((obj) => obj.x_mitre_is_subtechnique === true) - .reduce((acc, item) => { - let tactics = []; - const { id, reference } = getIdReference(item.external_references); - if (item.kill_chain_phases != null && item.kill_chain_phases.length > 0) { - item.kill_chain_phases.forEach((tactic) => { - tactics = [...tactics, tactic.phase_name]; - }); - } - const techniqueId = id.split('.')[0]; - - return [ - ...acc, - { - name: item.name, - id, - reference, - tactics, - techniqueId, - }, - ]; - }, []); + const tacticsData = extractTacticsData(mitreData); + const tactics = normalizeTacticsData(tacticsData); + const techniques = extractTechniques(mitreData); + const subtechniques = extractSubtechniques(mitreData); const body = `/* * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one @@ -202,7 +232,7 @@ async function main() { * Is built alongside and sampled from the data in the file so to always be valid with the most up to date MITRE ATT&CK data */ export const getMockThreatData = () => (${JSON.stringify( - buildMockThreatData(tactics, techniques, subtechniques), + buildMockThreatData(tacticsData, techniques, subtechniques), null, 2 ) diff --git a/x-pack/plugins/translations/translations/fr-FR.json b/x-pack/plugins/translations/translations/fr-FR.json index 2708c5f309d396..b1b768ec9c036e 100644 --- a/x-pack/plugins/translations/translations/fr-FR.json +++ b/x-pack/plugins/translations/translations/fr-FR.json @@ -24723,7 +24723,6 @@ "xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.activeSetupT1547Description": "Configuration active (T1547.014)", "xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.addInsT1137Description": "Compléments (T1137.006)", "xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.additionalCloudCredentialsT1098Description": "Informations d'identification de cloud supplémentaires (T1098.001)", - "xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.addOffice365GlobalAdministratorRoleT1098Description": "Ajouter un rôle d'administrateur global Office 365 (T1098.003)", "xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.appCertDlLsT1546Description": "DLL AppCert (T1546.009)", "xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.appInitDlLsT1546Description": "DLL AppInit (T1546.010)", "xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.appleScriptT1059Description": "AppleScript (T1059.002)", @@ -24739,7 +24738,6 @@ "xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.asymmetricCryptographyT1573Description": "Cryptographie asymétrique (T1573.002)", "xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.asynchronousProcedureCallT1055Description": "Procédure d'appel asynchrone (T1055.004)", "xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.atLinuxT1053Description": "At (Linux) (T1053.001)", - "xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.atWindowsT1053Description": "At (Windows) (T1053.002)", "xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.authenticationPackageT1547Description": "Pack d'authentification (T1547.002)", "xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.bashHistoryT1552Description": "Historique bash (T1552.003)", "xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.bidirectionalCommunicationT1102Description": "Communication bidirectionnelle (T1102.002)", @@ -24846,12 +24844,10 @@ "xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.employeeNamesT1589Description": "Noms d'employés (T1589.003)", "xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.environmentalKeyingT1480Description": "Saisie environnementale (T1480.001)", "xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.etcPasswdAndEtcShadowT1003Description": "/etc/passwd et /etc/shadow (T1003.008)", - "xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.exchangeEmailDelegatePermissionsT1098Description": "Autorisations de délégation du courrier Exchange (T1098.002)", "xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.executableInstallerFilePermissionsWeaknessT1574Description": "Faiblesse d'autorisations du fichier d'installation exécutable (T1574.005)", "xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.exfiltrationOverAsymmetricEncryptedNonC2ProtocolT1048Description": "Exfiltration sur protocole chiffré asymétrique non C2 (T1048.002)", "xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.exfiltrationOverBluetoothT1011Description": "Exfiltration sur Bluetooth (T1011.001)", "xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.exfiltrationOverSymmetricEncryptedNonC2ProtocolT1048Description": "Exfiltration sur protocole chiffré symétrique non C2 (T1048.001)", - "xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.exfiltrationOverUnencryptedObfuscatedNonC2ProtocolT1048Description": "Exfiltration sur protocole non chiffré/brouillé non C2 (T1048.003)", "xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.exfiltrationOverUsbT1052Description": "Exfiltration sur USB (T1052.001)", "xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.exfiltrationToCloudStorageT1567Description": "Exfiltration vers stockage cloud (T1567.002)", "xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.exfiltrationToCodeRepositoryT1567Description": "Exfiltration vers référentiel de code (T1567.001)", @@ -24911,7 +24907,6 @@ "xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.localEmailCollectionT1114Description": "Collection d'e-mails locaux (T1114.001)", "xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.localGroupsT1069Description": "Groupes locaux (T1069.001)", "xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.loginItemsT1547Description": "Éléments de connexion (T1547.015)", - "xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.logonScriptMacT1037Description": "Script de connexion (Mac) (T1037.002)", "xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.logonScriptWindowsT1037Description": "Script de connexion (Windows) (T1037.001)", "xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.lsaSecretsT1003Description": "Secrets LSA (T1003.004)", "xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.lsassDriverT1547Description": "Pilote LSASS (T1547.008)", @@ -25230,7 +25225,6 @@ "xpack.securitySolution.detectionEngine.mitreAttackTechniques.nativeApiDescription": "API native (T1106)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.networkBoundaryBridgingDescription": "Franchissement des limites du réseau (T1599)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.networkDenialOfServiceDescription": "Déni de service réseau (T1498)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.networkServiceScanningDescription": "Analyse du service réseau (T1046)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.networkShareDiscoveryDescription": "Découverte de partages réseau (T1135)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.networkSniffingDescription": "Sniffing réseau (T1040)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.nonApplicationLayerProtocolDescription": "Protocole de couche non applicative (T1095)", @@ -25273,8 +25267,6 @@ "xpack.securitySolution.detectionEngine.mitreAttackTechniques.serviceStopDescription": "Arrêt de service (T1489)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.sharedModulesDescription": "Modules partagés (T1129)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.sharedWebrootDescription": "Répertoire racine du Web partagé (T1051)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.signedBinaryProxyExecutionDescription": "Exécution du proxy binaire signé (T1218)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.signedScriptProxyExecutionDescription": "Exécution du proxy de script signé (T1216)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.softwareDeploymentToolsDescription": "Outils de déploiement logiciel (T1072)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.softwareDiscoveryDescription": "Découverte de logiciels (T1518)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.sourceDescription": "Source (T1153)", @@ -25299,7 +25291,6 @@ "xpack.securitySolution.detectionEngine.mitreAttackTechniques.transferDataToCloudAccountDescription": "Transfert de données vers le compte cloud (T1537)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.trustedDeveloperUtilitiesProxyExecutionDescription": "Exécution de proxy d'utilitaires de développeur de confiance (T1127)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.trustedRelationshipDescription": "Relation de confiance (T1199)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.twoFactorAuthenticationInterceptionDescription": "Interception d'authentification à deux facteurs (T1111)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.unsecuredCredentialsDescription": "Informations d'identification non sécurisées (T1552)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.unusedUnsupportedCloudRegionsDescription": "Régions cloud non utilisées/non prises en charge (T1535)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.useAlternateAuthenticationMaterialDescription": "Utilisation d'autres supports d'authentification (T1550)", diff --git a/x-pack/plugins/translations/translations/ja-JP.json b/x-pack/plugins/translations/translations/ja-JP.json index 085cb50cee58fc..878cb6de2e5407 100644 --- a/x-pack/plugins/translations/translations/ja-JP.json +++ b/x-pack/plugins/translations/translations/ja-JP.json @@ -24803,7 +24803,6 @@ "xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.activeSetupT1547Description": "アクティブな設定 (T1547.014)", "xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.addInsT1137Description": "アドイン(T1137.006)", "xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.additionalCloudCredentialsT1098Description": "追加のクラウド資格情報(T1098.001)", - "xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.addOffice365GlobalAdministratorRoleT1098Description": "Office 365 グローバル管理者ロールの追加(T1098.003)", "xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.appCertDlLsT1546Description": "AppCert DLL(T1546.009)", "xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.appInitDlLsT1546Description": "AppInit DLLs (T1546.010)", "xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.appleScriptT1059Description": "AppleScript (T1059.002)", @@ -24819,7 +24818,6 @@ "xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.asymmetricCryptographyT1573Description": "非対称暗号化(T1573.002)", "xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.asynchronousProcedureCallT1055Description": "非同期プローシージャーコール(T1055.004)", "xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.atLinuxT1053Description": "(Linux)(T1053.001)", - "xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.atWindowsT1053Description": "(Windows)(T1053.002)", "xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.authenticationPackageT1547Description": "認証パッケージ(T1547.002)", "xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.bashHistoryT1552Description": "Bash 履歴(T1552.003)", "xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.bidirectionalCommunicationT1102Description": "双方向通信(T1102.002)", @@ -24926,12 +24924,10 @@ "xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.employeeNamesT1589Description": "従業員名(T1589.003)", "xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.environmentalKeyingT1480Description": "環境キーイング(T1480.001)", "xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.etcPasswdAndEtcShadowT1003Description": "/etc/passwd and /etc/shadow(T1003.008)", - "xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.exchangeEmailDelegatePermissionsT1098Description": "Exchange 電子メール委任権限(T1098.002)", "xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.executableInstallerFilePermissionsWeaknessT1574Description": "実行ファイルインストーラーファイル権限脆弱性(T1574.005)", "xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.exfiltrationOverAsymmetricEncryptedNonC2ProtocolT1048Description": "非対称暗号化非 C2 プロトコルでのデータ抽出(T1048.002)", "xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.exfiltrationOverBluetoothT1011Description": "Bluetooth でのデータ抽出(T1011.001)", "xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.exfiltrationOverSymmetricEncryptedNonC2ProtocolT1048Description": "対称暗号化非 C2 プロトコルでのデータ抽出(T1048.001)", - "xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.exfiltrationOverUnencryptedObfuscatedNonC2ProtocolT1048Description": "非暗号化/難読化非 C2 プロトコルでのデータ抽出(T1048.003)", "xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.exfiltrationOverUsbT1052Description": "USB でのデータ抽出(T1052.001)", "xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.exfiltrationToCloudStorageT1567Description": "クラウドストレージへのデータ抽出(T1567.002)", "xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.exfiltrationToCodeRepositoryT1567Description": "コードリポジトリへのデータ抽出(T1567.001)", @@ -24991,7 +24987,6 @@ "xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.localEmailCollectionT1114Description": "ローカル電子メール収集(T1114.001)", "xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.localGroupsT1069Description": "ローカルグループ(T1069.001)", "xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.loginItemsT1547Description": "Login Items (T1547.015)", - "xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.logonScriptMacT1037Description": "ログオンスクリプト(Mac)(T1037.002)", "xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.logonScriptWindowsT1037Description": "ログオンスクリプト(Windows)(T1037.001)", "xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.lsaSecretsT1003Description": "LSA シークレット(T1003.004)", "xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.lsassDriverT1547Description": "LSASS ドライバー(T1547.008)", @@ -25310,7 +25305,6 @@ "xpack.securitySolution.detectionEngine.mitreAttackTechniques.nativeApiDescription": "ネイティブ API(T1106)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.networkBoundaryBridgingDescription": "ネットワーク境界ブリッジ(T1599)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.networkDenialOfServiceDescription": "ネットワークサービス妨害(T1498)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.networkServiceScanningDescription": "ネットワークサービススキャン(T1046)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.networkShareDiscoveryDescription": "ネットワーク共有検出(T1135)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.networkSniffingDescription": "ネットワーク検査(T1040)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.nonApplicationLayerProtocolDescription": "非アプリケーション層プロトコル(T1095)", @@ -25353,8 +25347,6 @@ "xpack.securitySolution.detectionEngine.mitreAttackTechniques.serviceStopDescription": "サービス停止(T1489)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.sharedModulesDescription": "共有モジュール(T1129)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.sharedWebrootDescription": "共有 Webroot(T1051)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.signedBinaryProxyExecutionDescription": "署名されたバイナリプロキシ実行(T1218)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.signedScriptProxyExecutionDescription": "署名されたスクリプトプロキシ実行(T1216)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.softwareDeploymentToolsDescription": "ソフトウェア開発ツール(T1072)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.softwareDiscoveryDescription": "ソフトウェア検出(T1518)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.sourceDescription": "ソース(T1153)", @@ -25379,7 +25371,6 @@ "xpack.securitySolution.detectionEngine.mitreAttackTechniques.transferDataToCloudAccountDescription": "クラウドアカウントへのデータ転送(T1537)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.trustedDeveloperUtilitiesProxyExecutionDescription": "信頼できる開発者のユーティリティのプロキシ実行(T1127)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.trustedRelationshipDescription": "信頼できる関係(T1199)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.twoFactorAuthenticationInterceptionDescription": "二要素認証傍受(T1111)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.unsecuredCredentialsDescription": "保護されていない資格情報(T1552)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.unusedUnsupportedCloudRegionsDescription": "未使用/サポートされていないクラウドリージョン(T1535)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.useAlternateAuthenticationMaterialDescription": "代替認証方法の使用(T1550)", diff --git a/x-pack/plugins/translations/translations/zh-CN.json b/x-pack/plugins/translations/translations/zh-CN.json index 7058be934cd784..8b0226270bd75f 100644 --- a/x-pack/plugins/translations/translations/zh-CN.json +++ b/x-pack/plugins/translations/translations/zh-CN.json @@ -24828,7 +24828,6 @@ "xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.activeSetupT1547Description": "Active Setup (T1547.014)", "xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.addInsT1137Description": "Add-ins (T1137.006)", "xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.additionalCloudCredentialsT1098Description": "Additional Cloud Credentials (T1098.001)", - "xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.addOffice365GlobalAdministratorRoleT1098Description": "Add Office 365 Global Administrator Role (T1098.003)", "xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.appCertDlLsT1546Description": "AppCert DLLs (T1546.009)", "xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.appInitDlLsT1546Description": "AppInit DLLs (T1546.010)", "xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.appleScriptT1059Description": "AppleScript (T1059.002)", @@ -24844,7 +24843,6 @@ "xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.asymmetricCryptographyT1573Description": "Asymmetric Cryptography (T1573.002)", "xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.asynchronousProcedureCallT1055Description": "Asynchronous Procedure Call (T1055.004)", "xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.atLinuxT1053Description": "At (Linux) (T1053.001)", - "xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.atWindowsT1053Description": "At (Windows) (T1053.002)", "xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.authenticationPackageT1547Description": "Authentication Package (T1547.002)", "xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.bashHistoryT1552Description": "Bash History (T1552.003)", "xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.bidirectionalCommunicationT1102Description": "Bidirectional Communication (T1102.002)", @@ -24951,12 +24949,10 @@ "xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.employeeNamesT1589Description": "Employee Names (T1589.003)", "xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.environmentalKeyingT1480Description": "Environmental Keying (T1480.001)", "xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.etcPasswdAndEtcShadowT1003Description": "/etc/passwd and /etc/shadow (T1003.008)", - "xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.exchangeEmailDelegatePermissionsT1098Description": "Exchange Email Delegate Permissions (T1098.002)", "xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.executableInstallerFilePermissionsWeaknessT1574Description": "Executable Installer File Permissions Weakness (T1574.005)", "xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.exfiltrationOverAsymmetricEncryptedNonC2ProtocolT1048Description": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol (T1048.002)", "xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.exfiltrationOverBluetoothT1011Description": "Exfiltration Over Bluetooth (T1011.001)", "xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.exfiltrationOverSymmetricEncryptedNonC2ProtocolT1048Description": "Exfiltration Over Symmetric Encrypted Non-C2 Protocol (T1048.001)", - "xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.exfiltrationOverUnencryptedObfuscatedNonC2ProtocolT1048Description": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol (T1048.003)", "xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.exfiltrationOverUsbT1052Description": "Exfiltration over USB (T1052.001)", "xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.exfiltrationToCloudStorageT1567Description": "Exfiltration to Cloud Storage (T1567.002)", "xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.exfiltrationToCodeRepositoryT1567Description": "Exfiltration to Code Repository (T1567.001)", @@ -25016,7 +25012,6 @@ "xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.localEmailCollectionT1114Description": "Local Email Collection (T1114.001)", "xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.localGroupsT1069Description": "Local Groups (T1069.001)", "xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.loginItemsT1547Description": "Login Items (T1547.015)", - "xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.logonScriptMacT1037Description": "Logon Script (Mac) (T1037.002)", "xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.logonScriptWindowsT1037Description": "Logon Script (Windows) (T1037.001)", "xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.lsaSecretsT1003Description": "LSA Secrets (T1003.004)", "xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.lsassDriverT1547Description": "LSASS Driver (T1547.008)", @@ -25335,7 +25330,6 @@ "xpack.securitySolution.detectionEngine.mitreAttackTechniques.nativeApiDescription": "Native API (T1106)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.networkBoundaryBridgingDescription": "Network Boundary Bridging (T1599)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.networkDenialOfServiceDescription": "Network Denial of Service (T1498)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.networkServiceScanningDescription": "Network Service Scanning (T1046)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.networkShareDiscoveryDescription": "Network Share Discovery (T1135)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.networkSniffingDescription": "Network Sniffing (T1040)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.nonApplicationLayerProtocolDescription": "Non-Application Layer Protocol (T1095)", @@ -25378,8 +25372,6 @@ "xpack.securitySolution.detectionEngine.mitreAttackTechniques.serviceStopDescription": "Service Stop (T1489)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.sharedModulesDescription": "Shared Modules (T1129)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.sharedWebrootDescription": "Shared Webroot (T1051)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.signedBinaryProxyExecutionDescription": "Signed Binary Proxy Execution (T1218)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.signedScriptProxyExecutionDescription": "Signed Script Proxy Execution (T1216)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.softwareDeploymentToolsDescription": "Software Deployment Tools (T1072)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.softwareDiscoveryDescription": "Software Discovery (T1518)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.sourceDescription": "Source (T1153)", @@ -25404,7 +25396,6 @@ "xpack.securitySolution.detectionEngine.mitreAttackTechniques.transferDataToCloudAccountDescription": "Transfer Data to Cloud Account (T1537)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.trustedDeveloperUtilitiesProxyExecutionDescription": "Trusted Developer Utilities Proxy Execution (T1127)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.trustedRelationshipDescription": "Trusted Relationship (T1199)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.twoFactorAuthenticationInterceptionDescription": "Two-Factor Authentication Interception (T1111)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.unsecuredCredentialsDescription": "Unsecured Credentials (T1552)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.unusedUnsupportedCloudRegionsDescription": "Unused/Unsupported Cloud Regions (T1535)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.useAlternateAuthenticationMaterialDescription": "Use Alternate Authentication Material (T1550)", From a428a418d92607e728f7603bb9fd2e24d61023f9 Mon Sep 17 00:00:00 2001 From: Matthew Kime Date: Wed, 27 Jul 2022 09:06:41 -0500 Subject: [PATCH 09/12] [data views] Set default data view name (#137120) * autopopulate name field when name isn't provided --- .../public/components/data_view_editor_flyout_content.tsx | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/src/plugins/data_view_editor/public/components/data_view_editor_flyout_content.tsx b/src/plugins/data_view_editor/public/components/data_view_editor_flyout_content.tsx index 3c1305d8e7860a..c9baa374ed1de3 100644 --- a/src/plugins/data_view_editor/public/components/data_view_editor_flyout_content.tsx +++ b/src/plugins/data_view_editor/public/components/data_view_editor_flyout_content.tsx @@ -410,7 +410,12 @@ const IndexPatternEditorFlyoutContentComponent = ({