Restructuring common folder, take 1

x-pack/plugins/security_solution/common/detection_engine/rule_management/api/urls.ts

@@ -0,0 +1,7 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+

x-pack/plugins/security_solution/common/detection_engine/rule_management/index.ts

@@ -0,0 +1,7 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+

x-pack/plugins/security_solution/common/detection_engine/rule_management/mocks.ts

@@ -0,0 +1,7 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+

x-pack/plugins/security_solution/common/detection_engine/rule_schema/index.ts

@@ -0,0 +1,28 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+export * from './model/common_to_all_types/field_overrides';
+export * from './model/common_to_all_types/main_attributes';
+export * from './model/common_to_all_types/misc_attributes';
+export * from './model/common_to_all_types/related_integrations';
+export * from './model/common_to_all_types/required_fields';
+export * from './model/common_to_all_types/risk_score';
+export * from './model/common_to_all_types/rule_actions';
+export * from './model/common_to_all_types/rule_schedule';
+export * from './model/common_to_all_types/saved_object';
+export * from './model/common_to_all_types/severity';
+export * from './model/common_to_all_types/timeline_template';
+
+export * from './model/common_to_some_types/temp';
+
+export * from './model/specific_to_eql/temp';
+export * from './model/specific_to_indicator_match/temp';
+export * from './model/specific_to_new_terms/temp';
+export * from './model/specific_to_query/temp';
+export * from './model/specific_to_threshold/temp';
+
+export * from './model/temp';

x-pack/plugins/security_solution/common/detection_engine/rule_schema/mocks.ts

@@ -0,0 +1,7 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+

x-pack/plugins/security_solution/common/detection_engine/rule_schema/model/common_to_all_types/field_overrides.ts

@@ -0,0 +1,26 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import * as t from 'io-ts';
+
+/**
+ * TODO: https://github.com/elastic/kibana/pull/142950 Add description
+ */
+export type RuleNameOverride = t.TypeOf<typeof RuleNameOverride>;
+export const RuleNameOverride = t.string; // should be non-empty string?
+
+/**
+ * TODO: https://github.com/elastic/kibana/pull/142950 Add description
+ */
+export type TimestampOverride = t.TypeOf<typeof TimestampOverride>;
+export const TimestampOverride = t.string; // should be non-empty string?
+
+/**
+ * TODO: https://github.com/elastic/kibana/pull/142950 Add description
+ */
+export type TimestampOverrideFallbackDisabled = t.TypeOf<typeof TimestampOverrideFallbackDisabled>;
+export const TimestampOverrideFallbackDisabled = t.boolean;

x-pack/plugins/security_solution/common/detection_engine/rule_schema/model/common_to_all_types/main_attributes.ts

@@ -0,0 +1,69 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import * as t from 'io-ts';
+import { NonEmptyString, version, UUID } from '@kbn/securitysolution-io-ts-types';
+
+/**
+ * TODO: https://github.com/elastic/kibana/pull/142950 Add description
+ */
+export type RuleObjectId = t.TypeOf<typeof RuleObjectId>;
+export const RuleObjectId = UUID;
+
+/**
+ * TODO: https://github.com/elastic/kibana/pull/142950 Add description
+ *
+ * NOTE: Never make this a strict uuid, we allow the rule_id to be any string at the moment
+ * in case we encounter 3rd party rule systems which might be using auto incrementing numbers
+ * or other different things.
+ */
+export type RuleSignatureId = t.TypeOf<typeof RuleSignatureId>;
+export const RuleSignatureId = t.string; // should be non-empty string?
+
+/**
+ * TODO: https://github.com/elastic/kibana/pull/142950 Add description
+ */
+export type RuleName = t.TypeOf<typeof RuleName>;
+export const RuleName = NonEmptyString;
+
+/**
+ * TODO: https://github.com/elastic/kibana/pull/142950 Add description
+ */
+export type RuleDescription = t.TypeOf<typeof RuleDescription>;
+export const RuleDescription = NonEmptyString;
+
+/**
+ * TODO: https://github.com/elastic/kibana/pull/142950 Add description
+ */
+export type RuleVersion = t.TypeOf<typeof RuleVersion>;
+export const RuleVersion = version;
+
+/**
+ * TODO: https://github.com/elastic/kibana/pull/142950 Add description
+ */
+export type RuleTagArray = t.TypeOf<typeof RuleTagArray>;
+export const RuleTagArray = t.array(t.string); // should be non-empty strings?
+
+/**
+ * TODO: https://github.com/elastic/kibana/pull/142950 Add description
+ * Note that this is a non-exact io-ts type as we allow extra meta information
+ * to be added to the meta object
+ */
+export type RuleMetadata = t.TypeOf<typeof RuleMetadata>;
+export const RuleMetadata = t.object; // should be a more specific type?
+
+/**
+ * TODO: https://github.com/elastic/kibana/pull/142950 Add description
+ */
+export type IsRuleImmutable = t.TypeOf<typeof IsRuleImmutable>;
+export const IsRuleImmutable = t.boolean;
+
+/**
+ * TODO: https://github.com/elastic/kibana/pull/142950 Add description
+ */
+export type IsRuleEnabled = t.TypeOf<typeof IsRuleEnabled>;
+export const IsRuleEnabled = t.boolean;

x-pack/plugins/security_solution/common/detection_engine/rule_schema/model/common_to_all_types/misc_attributes.ts

@@ -0,0 +1,47 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import * as t from 'io-ts';
+
+/**
+ * TODO: https://github.com/elastic/kibana/pull/142950 Add description
+ */
+export type RuleLicense = t.TypeOf<typeof RuleLicense>;
+export const RuleLicense = t.string; // should be non-empty string?
+
+/**
+ * TODO: https://github.com/elastic/kibana/pull/142950 Add description
+ */
+export type RuleAuthorArray = t.TypeOf<typeof RuleAuthorArray>;
+export const RuleAuthorArray = t.array(t.string); // should be non-empty strings?
+
+/**
+ * TODO: https://github.com/elastic/kibana/pull/142950 Add description
+ */
+export type RuleFalsePositiveArray = t.TypeOf<typeof RuleFalsePositiveArray>;
+export const RuleFalsePositiveArray = t.array(t.string); // should be non-empty strings?
+
+/**
+ * TODO: https://github.com/elastic/kibana/pull/142950 Add description
+ */
+export type RuleReferenceArray = t.TypeOf<typeof RuleReferenceArray>;
+export const RuleReferenceArray = t.array(t.string); // should be non-empty strings?
+
+/**
+ * TODO: https://github.com/elastic/kibana/pull/142950 Add description
+ */
+export type InvestigationGuide = t.TypeOf<typeof InvestigationGuide>;
+export const InvestigationGuide = t.string;
+
+/**
+ * Any instructions for the user for setting up their environment in order to start receiving
+ * source events for a given rule.
+ *
+ * It's a multiline text. Markdown is supported.
+ */
+export type SetupGuide = t.TypeOf<typeof SetupGuide>;
+export const SetupGuide = t.string;

x-pack/plugins/security_solution/common/detection_engine/schemas/common/rule_params.ts → x-pack/plugins/security_solution/common/detection_engine/rule_schema/model/common_to_all_types/related_integrations.ts

@@ -8,9 +8,6 @@
 import * as t from 'io-ts';
 import { NonEmptyString } from '@kbn/securitysolution-io-ts-types';
 
-// -------------------------------------------------------------------------------------------------
-// Related integrations
-
 /**
  * Related integration is a potential dependency of a rule. It's assumed that if the user installs
  * one of the related integrations of a rule, the rule might start to work properly because it will
@@ -74,72 +71,3 @@ export const RelatedIntegration = t.exact(
  */
 export type RelatedIntegrationArray = t.TypeOf<typeof RelatedIntegrationArray>;
 export const RelatedIntegrationArray = t.array(RelatedIntegration);
-
-// -------------------------------------------------------------------------------------------------
-// Required fields
-
-/**
- * Almost all types of Security rules check source event documents for a match to some kind of
- * query or filter. If a document has certain field with certain values, then it's a match and
- * the rule will generate an alert.
- *
- * Required field is an event field that must be present in the source indices of a given rule.
- *
- * @example
- * const standardEcsField: RequiredField = {
- *   name: 'event.action',
- *   type: 'keyword',
- *   ecs: true,
- * };
- *
- * @example
- * const nonEcsField: RequiredField = {
- *   name: 'winlog.event_data.AttributeLDAPDisplayName',
- *   type: 'keyword',
- *   ecs: false,
- * };
- */
-export const RequiredField = t.exact(
-  t.type({
-    name: NonEmptyString,
-    type: NonEmptyString,
-    ecs: t.boolean,
-  })
-);
-
-/**
- * Array of event fields that must be present in the source indices of a given rule.
- *
- * @example
- * const x: RequiredFieldArray = [
- *   {
- *     name: 'event.action',
- *     type: 'keyword',
- *     ecs: true,
- *   },
- *   {
- *     name: 'event.code',
- *     type: 'keyword',
- *     ecs: true,
- *   },
- *   {
- *     name: 'winlog.event_data.AttributeLDAPDisplayName',
- *     type: 'keyword',
- *     ecs: false,
- *   },
- * ];
- */
-export type RequiredFieldArray = t.TypeOf<typeof RequiredFieldArray>;
-export const RequiredFieldArray = t.array(RequiredField);
-
-// -------------------------------------------------------------------------------------------------
-// Setup guide
-
-/**
- * Any instructions for the user for setting up their environment in order to start receiving
- * source events for a given rule.
- *
- * It's a multiline text. Markdown is supported.
- */
-export type SetupGuide = t.TypeOf<typeof SetupGuide>;
-export const SetupGuide = t.string;

x-pack/plugins/security_solution/common/detection_engine/rule_schema/model/common_to_all_types/required_fields.ts

@@ -0,0 +1,64 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import * as t from 'io-ts';
+import { NonEmptyString } from '@kbn/securitysolution-io-ts-types';
+
+/**
+ * Almost all types of Security rules check source event documents for a match to some kind of
+ * query or filter. If a document has certain field with certain values, then it's a match and
+ * the rule will generate an alert.
+ *
+ * Required field is an event field that must be present in the source indices of a given rule.
+ *
+ * @example
+ * const standardEcsField: RequiredField = {
+ *   name: 'event.action',
+ *   type: 'keyword',
+ *   ecs: true,
+ * };
+ *
+ * @example
+ * const nonEcsField: RequiredField = {
+ *   name: 'winlog.event_data.AttributeLDAPDisplayName',
+ *   type: 'keyword',
+ *   ecs: false,
+ * };
+ */
+export type RequiredField = t.TypeOf<typeof RequiredField>;
+export const RequiredField = t.exact(
+  t.type({
+    name: NonEmptyString,
+    type: NonEmptyString,
+    ecs: t.boolean,
+  })
+);
+
+/**
+ * Array of event fields that must be present in the source indices of a given rule.
+ *
+ * @example
+ * const x: RequiredFieldArray = [
+ *   {
+ *     name: 'event.action',
+ *     type: 'keyword',
+ *     ecs: true,
+ *   },
+ *   {
+ *     name: 'event.code',
+ *     type: 'keyword',
+ *     ecs: true,
+ *   },
+ *   {
+ *     name: 'winlog.event_data.AttributeLDAPDisplayName',
+ *     type: 'keyword',
+ *     ecs: false,
+ *   },
+ * ];
+ */
+export type RequiredFieldArray = t.TypeOf<typeof RequiredFieldArray>;
+export const RequiredFieldArray = t.array(RequiredField);

x-pack/plugins/security_solution/common/detection_engine/rule_schema/model/common_to_all_types/risk_score.ts

@@ -0,0 +1,21 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import type * as t from 'io-ts';
+import { risk_score, risk_score_mapping } from '@kbn/securitysolution-io-ts-alerting-types';
+
+/**
+ * TODO: https://github.com/elastic/kibana/pull/142950 Add description
+ */
+export type RiskScore = t.TypeOf<typeof RiskScore>;
+export const RiskScore = risk_score;
+
+/**
+ * TODO: https://github.com/elastic/kibana/pull/142950 Add description
+ */
+export type RiskScoreMapping = t.TypeOf<typeof RiskScoreMapping>;
+export const RiskScoreMapping = risk_score_mapping;