Merge branch '7.x' into backport/7.x/pr-64540

Author: elasticmachine

x-pack/plugins/actions/server/lib/action_executor.ts

@@ -140,13 +140,18 @@ export class ActionExecutor {
       status: 'ok',
     };
 
+    event.event = event.event || {};
+
     if (result.status === 'ok') {
+      event.event.outcome = 'success';
       event.message = `action executed: ${actionLabel}`;
     } else if (result.status === 'error') {
+      event.event.outcome = 'failure';
       event.message = `action execution failure: ${actionLabel}`;
       event.error = event.error || {};
       event.error.message = actionErrorToMessage(result);
     } else {
+      event.event.outcome = 'failure';
       event.message = `action execution returned unexpected result: ${actionLabel}`;
       event.error = event.error || {};
       event.error.message = 'action execution returned unexpected result';

x-pack/plugins/alerting/server/task_runner/task_runner.test.ts

@@ -165,6 +165,7 @@ describe('Task Runner', () => {
       Object {
         "event": Object {
           "action": "execute",
+          "outcome": "success",
         },
         "kibana": Object {
           "saved_objects": Array [
@@ -226,6 +227,7 @@ describe('Task Runner', () => {
           Object {
             "event": Object {
               "action": "execute",
+              "outcome": "success",
             },
             "kibana": Object {
               "saved_objects": Array [
@@ -342,6 +344,7 @@ describe('Task Runner', () => {
           Object {
             "event": Object {
               "action": "execute",
+              "outcome": "success",
             },
             "kibana": Object {
               "saved_objects": Array [
@@ -558,6 +561,7 @@ describe('Task Runner', () => {
             },
             "event": Object {
               "action": "execute",
+              "outcome": "failure",
             },
             "kibana": Object {
               "saved_objects": Array [

x-pack/plugins/alerting/server/task_runner/task_runner.ts

@@ -202,12 +202,16 @@ export class TaskRunner {
       event.message = `alert execution failure: ${alertLabel}`;
       event.error = event.error || {};
       event.error.message = err.message;
+      event.event = event.event || {};
+      event.event.outcome = 'failure';
       eventLogger.logEvent(event);
       throw err;
     }
 
     eventLogger.stopTiming(event);
     event.message = `alert executed: ${alertLabel}`;
+    event.event = event.event || {};
+    event.event.outcome = 'success';
     eventLogger.logEvent(event);
 
     // Cleanup alert instances that are no longer scheduling actions to avoid over populating the alertInstances object

x-pack/plugins/endpoint/common/alert_constants.ts

@@ -0,0 +1,34 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License;
+ * you may not use this file except in compliance with the Elastic License.
+ */
+
+export class AlertConstants {
+  /**
+   * The prefix for all Alert APIs
+   */
+  static BASE_API_URL = '/api/endpoint';
+  /**
+   * The path for the Alert's Index Pattern API.
+   */
+  static INDEX_PATTERN_ROUTE = `${AlertConstants.BASE_API_URL}/index_pattern`;
+  /**
+   * Alert's Index pattern
+   */
+  static ALERT_INDEX_NAME = 'events-endpoint-1';
+  /**
+   * A paramter passed to Alert's Index Pattern.
+   */
+  static EVENT_DATASET = 'events';
+  /**
+   * Alert's Search API default page size
+   */
+  static DEFAULT_TOTAL_HITS = 10000;
+  /**
+   * Alerts
+   **/
+  static ALERT_LIST_DEFAULT_PAGE_SIZE = 10;
+  static ALERT_LIST_DEFAULT_SORT = '@timestamp';
+  static MAX_LONG_INT = '9223372036854775807'; // 2^63-1
+}

x-pack/plugins/endpoint/common/generate_data.ts

@@ -9,9 +9,9 @@ import seedrandom from 'seedrandom';
 import {
   AlertEvent,
   EndpointEvent,
-  HostFields,
+  Host,
   HostMetadata,
-  OSFields,
+  HostOS,
   PolicyData,
   HostPolicyResponse,
   HostPolicyResponseActionStatus,
@@ -29,7 +29,7 @@ interface EventOptions {
   processName?: string;
 }
 
-const Windows: OSFields[] = [
+const Windows: HostOS[] = [
   {
     name: 'windows 10.0',
     full: 'Windows 10',
@@ -56,11 +56,11 @@ const Windows: OSFields[] = [
   },
 ];
 
-const Linux: OSFields[] = [];
+const Linux: HostOS[] = [];
 
-const Mac: OSFields[] = [];
+const Mac: HostOS[] = [];
 
-const OS: OSFields[] = [...Windows, ...Mac, ...Linux];
+const OS: HostOS[] = [...Windows, ...Mac, ...Linux];
 
 const POLICIES: Array<{ name: string; id: string }> = [
   {
@@ -102,7 +102,7 @@ interface HostInfo {
     version: string;
     id: string;
   };
-  host: HostFields;
+  host: Host;
   endpoint: {
     policy: {
       id: string;

x-pack/plugins/endpoint/common/schema/alert_index.ts

@@ -7,7 +7,7 @@
 import { schema, Type } from '@kbn/config-schema';
 import { i18n } from '@kbn/i18n';
 import { decode } from 'rison-node';
-import { EndpointAppConstants } from '../types';
+import { AlertConstants } from '../alert_constants';
 
 /**
  * Used to validate GET requests against the index of the alerting APIs.
@@ -18,7 +18,7 @@ export const alertingIndexGetQuerySchema = schema.object(
       schema.number({
         min: 1,
         max: 100,
-        defaultValue: EndpointAppConstants.ALERT_LIST_DEFAULT_PAGE_SIZE,
+        defaultValue: AlertConstants.ALERT_LIST_DEFAULT_PAGE_SIZE,
       })
     ),
     page_index: schema.maybe(