From 1acfaa63dfc96aa1f799393e2740c3bfc2594c8e Mon Sep 17 00:00:00 2001 From: Dan Panzarella Date: Mon, 31 Aug 2020 12:55:56 -0400 Subject: [PATCH] [Security Solution] Filter Default policy details (#76112) --- .../server/endpoint/routes/policy/index.ts | 2 ++ .../endpoint/routes/policy/service.test.ts | 19 +++++++++++++++++++ .../server/endpoint/routes/policy/service.ts | 14 ++++++++++++-- 3 files changed, 33 insertions(+), 2 deletions(-) diff --git a/x-pack/plugins/security_solution/server/endpoint/routes/policy/index.ts b/x-pack/plugins/security_solution/server/endpoint/routes/policy/index.ts index b233ff1af30fc4..5993b0b0e752e5 100644 --- a/x-pack/plugins/security_solution/server/endpoint/routes/policy/index.ts +++ b/x-pack/plugins/security_solution/server/endpoint/routes/policy/index.ts @@ -11,6 +11,8 @@ import { getHostPolicyResponseHandler } from './handlers'; export const BASE_POLICY_RESPONSE_ROUTE = `/api/endpoint/policy_response`; +export const INITIAL_POLICY_ID = '00000000-0000-0000-0000-000000000000'; + export function registerPolicyRoutes(router: IRouter, endpointAppContext: EndpointAppContext) { router.get( { diff --git a/x-pack/plugins/security_solution/server/endpoint/routes/policy/service.test.ts b/x-pack/plugins/security_solution/server/endpoint/routes/policy/service.test.ts index 7c8d006687a6bb..f05d9ef5b821a5 100644 --- a/x-pack/plugins/security_solution/server/endpoint/routes/policy/service.test.ts +++ b/x-pack/plugins/security_solution/server/endpoint/routes/policy/service.test.ts @@ -5,6 +5,7 @@ */ import { GetPolicyResponseSchema } from '../../../../common/endpoint/schema/policy'; +import { getESQueryPolicyResponseByHostID } from './service'; describe('test policy handlers schema', () => { it('validate that get policy response query schema', async () => { @@ -17,3 +18,21 @@ describe('test policy handlers schema', () => { expect(() => GetPolicyResponseSchema.query.validate({})).toThrowError(); }); }); + +describe('test policy query', () => { + it('queries for the correct host', async () => { + const hostID = 'f757d3c0-e874-11ea-9ad9-015510b487f4'; + const query = getESQueryPolicyResponseByHostID(hostID, 'anyindex'); + expect(query.body.query.bool.filter.term).toEqual({ 'host.id': hostID }); + }); + + it('filters out initial policy by ID', async () => { + const query = getESQueryPolicyResponseByHostID( + 'f757d3c0-e874-11ea-9ad9-015510b487f4', + 'anyindex' + ); + expect(query.body.query.bool.must_not.term).toEqual({ + 'Endpoint.policy.applied.id': '00000000-0000-0000-0000-000000000000', + }); + }); +}); diff --git a/x-pack/plugins/security_solution/server/endpoint/routes/policy/service.ts b/x-pack/plugins/security_solution/server/endpoint/routes/policy/service.ts index 703c46b05f7660..1b3d232f9421c9 100644 --- a/x-pack/plugins/security_solution/server/endpoint/routes/policy/service.ts +++ b/x-pack/plugins/security_solution/server/endpoint/routes/policy/service.ts @@ -7,13 +7,23 @@ import { SearchResponse } from 'elasticsearch'; import { ILegacyScopedClusterClient } from 'kibana/server'; import { GetHostPolicyResponse, HostPolicyResponse } from '../../../../common/endpoint/types'; +import { INITIAL_POLICY_ID } from './index'; export function getESQueryPolicyResponseByHostID(hostID: string, index: string) { return { body: { query: { - match: { - 'host.id': hostID, + bool: { + filter: { + term: { + 'host.id': hostID, + }, + }, + must_not: { + term: { + 'Endpoint.policy.applied.id': INITIAL_POLICY_ID, + }, + }, }, }, sort: [