Skip to content

[7.x] [Security Solutions] Adds security detection rule actions as importable and exportable (#115243)#115579

Merged
kibanamachine merged 1 commit intoelastic:7.xfrom
kibanamachine:backport/7.x/pr-115243
Oct 19, 2021
Merged

[7.x] [Security Solutions] Adds security detection rule actions as importable and exportable (#115243)#115579
kibanamachine merged 1 commit intoelastic:7.xfrom
kibanamachine:backport/7.x/pr-115243

Conversation

@kibanamachine
Copy link
Contributor

@kibanamachine kibanamachine commented Oct 19, 2021

Backports the following commits to 7.x:

@FrankHassanabad @kibanamachine
[Security Solutions] Adds security detection rule actions as importab…
bd9ae18 
…le and exportable (elastic#115243)

## Summary

Adds the security detection rule actions as being exportable and importable.
* Adds exportable actions for legacy notification system
* Adds exportable actions for the new throttle notification system
* Adds importable but only imports into the new throttle notification system.
* Updates unit tests

In your `ndjson` file when you have actions exported you will see them like so:

```json
"actions": [
    {
      "group": "default",
      "id": "b55117e0-2df9-11ec-b789-7f03e3cdd668",
      "params": {
        "message": "Rule {{context.rule.name}} generated {{state.signals_count}} alerts"
      },
      "action_type_id": ".slack"
    }
  ]
```

where before it was `actions: []` and was not provided.

**Caveats**

If you delete your connector and have an invalid connector then the rule(s) that were referring to that invalid connector will not import and you will get an error like this:

<img width="802" alt="Screen Shot 2021-10-15 at 2 47 10 PM" src="https://user-images.githubusercontent.com/1151048/137554991-b3984be9-d2ad-488e-a309-29da656ca4ea.png">

This does _not_ export your connectors at this point in time. You have to export your connector through the Saved Object Management separate like so:
<img width="1545" alt="Screen Shot 2021-10-15 at 2 58 03 PM" src="https://user-images.githubusercontent.com/1151048/137555135-3f0bfd63-5d67-496b-8d5b-bdef01d6122f.png">

However, if remove everything and import your connector without changing its saved object ID and then go to import the rules everything should import ok and you will get your actions working.

**Manual Testing**:

* You can create normal actions on an alert and then do exports and you should see the actions in your ndjson file 
* You can create legacy notifications from 7.14.0 and then upgrade and export and you should see the actions in your ndjson file
* You can manually create legacy notifications by:

By getting an alert id first and ensuring that your `legacy_notifications/one_action.json` contains a valid action then running this command:
```ts
./post_legacy_notification.sh 3403c0d0-2d44-11ec-b147-3b0c6d563a60
```

* You can export your connector and remove everything and then do an import and you will have everything imported and working with your actions and connector wired up correctly.

### Checklist

- [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added
@kibanamachine kibanamachine added the backport This PR is a backport of another PR label Oct 19, 2021
@kibanamachine kibanamachine enabled auto-merge (squash) October 19, 2021 14:45
@kibanamachine kibanamachine mentioned this pull request Oct 19, 2021
Merged
1 task
@kibanamachine
Copy link
Contributor Author

kibanamachine commented Oct 19, 2021

💛 Build succeeded, but was flaky

Test Failures

Kibana Pipeline / general / Performance Tests.x-pack/test/performance/tests/reporting_dashboard·ts.performance reporting dashbaord downloaded PDF has OK status

Link to Jenkins

Standard Out

Failed Tests Reporter:
  - Test has failed 3 times on tracked branches: https://github.com/elastic/kibana/issues/110470

[00:00:00]     │
[00:00:00]       └-: performance
[00:00:00]         └-> "before all" hook in "performance"
[00:00:00]         └-: reporting dashbaord
[00:00:00]           └-> "before all" hook for "downloaded PDF has OK status"
[00:00:00]           └-> "before all" hook for "downloaded PDF has OK status"
[00:00:00]             │ debg resolved import for x-pack/test/performance/kbn_archives/reporting_dashboard to /dev/shm/workspace/parallel/24/kibana/x-pack/test/performance/kbn_archives/reporting_dashboard.json
[00:00:00]             │ info importing 4 saved objects { space: undefined }
[00:00:00]             │ info [o.e.c.m.MetadataMappingService] [node-01] [.kibana_7.16.0_001/NEadSEVPTIKvORYz_xRkGg] update_mapping [_doc]
[00:00:00]             │ info [o.e.c.m.MetadataMappingService] [node-01] [.kibana_7.16.0_001/NEadSEVPTIKvORYz_xRkGg] update_mapping [_doc]
[00:00:00]             │ info [o.e.c.m.MetadataMappingService] [node-01] [.kibana_7.16.0_001/NEadSEVPTIKvORYz_xRkGg] update_mapping [_doc]
[00:00:00]             │ info [o.e.c.m.MetadataMappingService] [node-01] [.kibana_7.16.0_001/NEadSEVPTIKvORYz_xRkGg] update_mapping [_doc]
[00:00:00]             │ info [o.e.c.m.MetadataMappingService] [node-01] [.kibana_7.16.0_001/NEadSEVPTIKvORYz_xRkGg] update_mapping [_doc]
[00:00:00]             │ succ import success
[00:00:00]             │ info [x-pack/test/performance/es_archives/reporting_dashboard] Loading "mappings.json"
[00:00:00]             │ info [x-pack/test/performance/es_archives/reporting_dashboard] Loading "data.json.gz"
[00:00:00]             │ info [o.e.c.m.MetadataCreateIndexService] [node-01] [foo] creating index, cause [api], templates [], shards [1]/[1]
[00:00:00]             │ info [x-pack/test/performance/es_archives/reporting_dashboard] Created index "foo"
[00:00:00]             │ debg [x-pack/test/performance/es_archives/reporting_dashboard] "foo" settings {"index":{"number_of_replicas":"1","number_of_shards":"1"}}
[00:00:02]             │ info [x-pack/test/performance/es_archives/reporting_dashboard] Indexed 10000 docs into "foo"
[00:00:02]           └-> downloaded PDF has OK status
[00:00:02]             └-> "before each" hook: global before each for "downloaded PDF has OK status"
[00:00:02]             │ debg navigating to dashboards url: http://localhost:61241/app/dashboards
[00:00:02]             │ debg navigate to: http://localhost:61241/app/dashboards
[00:00:02]             │ debg browser[INFO] http://localhost:61241/login?next=%2Fapp%2Fdashboards%3F_t%3D1634660422194 281 Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'unsafe-eval' 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-P5polb1UreUSOe5V/Pv7tc+yeZuJXiOi/3fqhGsU7BE='), or a nonce ('nonce-...') is required to enable inline execution.
[00:00:02]             │
[00:00:02]             │ debg browser[INFO] http://localhost:61241/bootstrap.js 41:19 "^ A single error about an inline script not firing due to content security policy is expected!"
[00:00:02]             │ debg ... sleep(700) start
[00:00:03]             │ debg ... sleep(700) end
[00:00:03]             │ debg returned from get, calling refresh
[00:00:04]             │ debg browser[INFO] http://localhost:61241/login?next=%2Fapp%2Fdashboards%3F_t%3D1634660422194 281 Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'unsafe-eval' 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-P5polb1UreUSOe5V/Pv7tc+yeZuJXiOi/3fqhGsU7BE='), or a nonce ('nonce-...') is required to enable inline execution.
[00:00:04]             │
[00:00:04]             │ debg browser[INFO] http://localhost:61241/bootstrap.js 41:19 "^ A single error about an inline script not firing due to content security policy is expected!"
[00:00:05]             │ debg currentUrl = http://localhost:61241/login?next=%2Fapp%2Fdashboards%3F_t%3D1634660422194
[00:00:05]             │          appUrl = http://localhost:61241/app/dashboards
[00:00:05]             │ debg TestSubjects.find(kibanaChrome)
[00:00:05]             │ debg Find.findByCssSelector('[data-test-subj="kibanaChrome"]') with timeout=60000
[00:00:05]             │ debg Found login page
[00:00:05]             │ debg TestSubjects.setValue(loginUsername, test_user)
[00:00:05]             │ debg TestSubjects.click(loginUsername)
[00:00:05]             │ debg Find.clickByCssSelector('[data-test-subj="loginUsername"]') with timeout=10000
[00:00:05]             │ debg Find.findByCssSelector('[data-test-subj="loginUsername"]') with timeout=10000
[00:00:06]             │ warn browser[SEVERE] http://localhost:61241/api/licensing/info - Failed to load resource: the server responded with a status of 401 (Unauthorized)
[00:00:06]             │ debg TestSubjects.setValue(loginPassword, changeme)
[00:00:06]             │ debg TestSubjects.click(loginPassword)
[00:00:06]             │ debg Find.clickByCssSelector('[data-test-subj="loginPassword"]') with timeout=10000
[00:00:06]             │ debg Find.findByCssSelector('[data-test-subj="loginPassword"]') with timeout=10000
[00:00:06]             │ debg TestSubjects.click(loginSubmit)
[00:00:06]             │ debg Find.clickByCssSelector('[data-test-subj="loginSubmit"]') with timeout=10000
[00:00:06]             │ debg Find.findByCssSelector('[data-test-subj="loginSubmit"]') with timeout=10000
[00:00:06]             │ debg Find.waitForDeletedByCssSelector('.kibanaWelcomeLogo') with timeout=10000
[00:00:06]             │ proc [kibana]   log   [16:20:25.992] [info][plugins][routes][security] Logging in with provider "basic" (basic)
[00:00:07]             │ debg Find.findByCssSelector('[data-test-subj="kibanaChrome"]') with timeout=60000
[00:00:07]             │ debg Find.findByCssSelector('[data-test-subj="kibanaChrome"] nav:not(.ng-hide)') with timeout=60000
[00:00:09]             │ debg browser[INFO] http://localhost:61241/app/dashboards?_t=1634660422194 281 Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'unsafe-eval' 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-P5polb1UreUSOe5V/Pv7tc+yeZuJXiOi/3fqhGsU7BE='), or a nonce ('nonce-...') is required to enable inline execution.
[00:00:09]             │
[00:00:09]             │ debg browser[INFO] http://localhost:61241/bootstrap.js 41:19 "^ A single error about an inline script not firing due to content security policy is expected!"
[00:00:10]             │ debg browser[INFO] http://localhost:61241/app/dashboards?_t=1634660429159 281 Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'unsafe-eval' 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-P5polb1UreUSOe5V/Pv7tc+yeZuJXiOi/3fqhGsU7BE='), or a nonce ('nonce-...') is required to enable inline execution.
[00:00:10]             │
[00:00:10]             │ debg browser[INFO] http://localhost:61241/bootstrap.js 41:19 "^ A single error about an inline script not firing due to content security policy is expected!"
[00:00:10]             │ debg Finished login process currentUrl = http://localhost:61241/app/dashboards
[00:00:10]             │ debg ... sleep(501) start
[00:00:11]             │ debg ... sleep(501) end
[00:00:11]             │ debg in navigateTo url = http://localhost:61241/app/dashboards#/list?_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-15m,to:now))
[00:00:11]             │ debg --- retry.tryForTime error: URL changed, waiting for it to settle
[00:00:11]             │ debg ... sleep(501) start
[00:00:12]             │ debg ... sleep(501) end
[00:00:12]             │ debg in navigateTo url = http://localhost:61241/app/dashboards#/list?_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-15m,to:now))
[00:00:12]             │ debg Waiting up to 20000ms for dashboard landing page...
[00:00:12]             │ debg onDashboardLandingPage
[00:00:12]             │ debg TestSubjects.exists(dashboardLandingPage)
[00:00:12]             │ debg Find.existsByDisplayedByCssSelector('[data-test-subj="dashboardLandingPage"]') with timeout=5000
[00:00:12]             │ debg Load Saved Dashboard dashboard
[00:00:12]             │ debg gotoDashboardLandingPage
[00:00:12]             │ debg onDashboardLandingPage
[00:00:12]             │ debg TestSubjects.exists(dashboardLandingPage)
[00:00:12]             │ debg Find.existsByDisplayedByCssSelector('[data-test-subj="dashboardLandingPage"]') with timeout=5000
[00:00:12]             │ debg searchForItemWithName: dashboard
[00:00:12]             │ debg TestSubjects.find(tableListSearchBox)
[00:00:12]             │ debg Find.findByCssSelector('[data-test-subj="tableListSearchBox"]') with timeout=10000
[00:00:12]             │ debg isGlobalLoadingIndicatorVisible
[00:00:12]             │ debg TestSubjects.exists(globalLoadingIndicator)
[00:00:12]             │ debg Find.existsByDisplayedByCssSelector('[data-test-subj="globalLoadingIndicator"]') with timeout=1500
[00:00:12]             │ debg TestSubjects.exists(globalLoadingIndicator-hidden)
[00:00:12]             │ debg Find.existsByCssSelector('[data-test-subj="globalLoadingIndicator-hidden"]') with timeout=100000
[00:00:15]             │ debg TestSubjects.click(dashboardListingTitleLink-dashboard)
[00:00:15]             │ debg Find.clickByCssSelector('[data-test-subj="dashboardListingTitleLink-dashboard"]') with timeout=10000
[00:00:15]             │ debg Find.findByCssSelector('[data-test-subj="dashboardListingTitleLink-dashboard"]') with timeout=10000
[00:00:15]             │ debg isGlobalLoadingIndicatorVisible
[00:00:15]             │ debg TestSubjects.exists(globalLoadingIndicator)
[00:00:15]             │ debg Find.existsByDisplayedByCssSelector('[data-test-subj="globalLoadingIndicator"]') with timeout=1500
[00:00:15]             │ debg browser[INFO] http://localhost:61241/app/dashboards#/view/37b49c50-2dc6-11eb-8af3-cb3aa84dbabd?_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-15m,to:now)) 281 Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'unsafe-eval' 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-P5polb1UreUSOe5V/Pv7tc+yeZuJXiOi/3fqhGsU7BE='), or a nonce ('nonce-...') is required to enable inline execution.
[00:00:15]             │
[00:00:15]             │ debg browser[INFO] http://localhost:61241/bootstrap.js 41:19 "^ A single error about an inline script not firing due to content security policy is expected!"
[00:00:16]             │ debg --- retry.tryForTime error: [data-test-subj="globalLoadingIndicator"] is not displayed
[00:00:17]             │ debg TestSubjects.exists(globalLoadingIndicator-hidden)
[00:00:17]             │ debg Find.existsByCssSelector('[data-test-subj="globalLoadingIndicator-hidden"]') with timeout=100000
[00:00:17]             │ debg TestSubjects.missingOrFail(dashboardLandingPage)
[00:00:17]             │ debg Find.waitForDeletedByCssSelector('[data-test-subj="dashboardLandingPage"]') with timeout=10000
[00:00:18]             │ debg openPdfReportingPanel
[00:00:18]             │ debg openShareMenuItem title:PDF Reports
[00:00:18]             │ debg TestSubjects.exists(shareContextMenu)
[00:00:18]             │ debg Find.existsByDisplayedByCssSelector('[data-test-subj="shareContextMenu"]') with timeout=2500
[00:00:18]             │ info [o.e.c.m.MetadataCreateIndexService] [node-01] [.async-search] creating index, cause [api], templates [], shards [1]/[0]
[00:00:20]             │ debg --- retry.tryForTime error: [data-test-subj="shareContextMenu"] is not displayed
[00:00:20]             │ info [o.e.c.m.MetadataMappingService] [node-01] [.kibana_7.16.0_001/NEadSEVPTIKvORYz_xRkGg] update_mapping [_doc]
[00:00:21]             │ debg TestSubjects.click(shareTopNavButton)
[00:00:21]             │ debg Find.clickByCssSelector('[data-test-subj="shareTopNavButton"]') with timeout=10000
[00:00:21]             │ debg Find.findByCssSelector('[data-test-subj="shareTopNavButton"]') with timeout=10000
[00:00:22]             │ debg Find.findByCssSelector('div.euiContextMenuPanel') with timeout=10000
[00:00:23]             │ debg TestSubjects.click(sharePanel-PDFReports)
[00:00:23]             │ debg Find.clickByCssSelector('[data-test-subj="sharePanel-PDFReports"]') with timeout=10000
[00:00:23]             │ debg Find.findByCssSelector('[data-test-subj="sharePanel-PDFReports"]') with timeout=10000
[00:00:23]             │ debg Find.waitForElementStale with timeout=10000
[00:00:24]             │ debg TestSubjects.click(generateReportButton)
[00:00:24]             │ debg Find.clickByCssSelector('[data-test-subj="generateReportButton"]') with timeout=10000
[00:00:24]             │ debg Find.findByCssSelector('[data-test-subj="generateReportButton"]') with timeout=10000
[00:00:24]             │ info [o.e.c.m.MetadataMappingService] [node-01] [.kibana_7.16.0_001/NEadSEVPTIKvORYz_xRkGg] update_mapping [_doc]
[00:00:24]             │ debg getReportURL
[00:00:24]             │ debg TestSubjects.getAttribute(downloadCompletedReportButton, href, tryTimeout=120000, findTimeout=60000)
[00:00:24]             │ debg TestSubjects.find(downloadCompletedReportButton)
[00:00:24]             │ debg Find.findByCssSelector('[data-test-subj="downloadCompletedReportButton"]') with timeout=60000
[00:01:25]             │ debg --- retry.tryForTime error: Waiting for element to be located By(css selector, [data-test-subj="downloadCompletedReportButton"])
[00:01:25]             │      Wait timed out after 61151ms
[00:01:26]             │ debg TestSubjects.find(downloadCompletedReportButton)
[00:01:26]             │ debg Find.findByCssSelector('[data-test-subj="downloadCompletedReportButton"]') with timeout=60000
[00:02:27]             │ debg --- retry.tryForTime error: Waiting for element to be located By(css selector, [data-test-subj="downloadCompletedReportButton"])
[00:02:27]             │      Wait timed out after 61155ms
[00:02:27]             │ debg Find.findByCssSelector('[data-test-errorText]') with timeout=10000
[00:02:37]             │ info Taking screenshot "/dev/shm/workspace/parallel/24/kibana/x-pack/test/functional/screenshots/failure/performance reporting dashbaord downloaded PDF has OK status.png"
[00:02:37]             │ info Current URL is: http://localhost:61241/app/dashboards#/view/37b49c50-2dc6-11eb-8af3-cb3aa84dbabd?_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-15m,to:now))
[00:02:37]             │ info Saving page source to: /dev/shm/workspace/parallel/24/kibana/x-pack/test/performance/failure_debug/html/performance reporting dashbaord downloaded PDF has OK status.html
[00:02:37]             └- ✖ fail: performance reporting dashbaord downloaded PDF has OK status
[00:02:37]             │      TimeoutError: Waiting for element to be located By(css selector, [data-test-errorText])
[00:02:37]             │ Wait timed out after 10058ms
[00:02:37]             │       at /dev/shm/workspace/parallel/24/kibana/node_modules/selenium-webdriver/lib/webdriver.js:842:17
[00:02:37]             │       at runMicrotasks (<anonymous>)
[00:02:37]             │       at processTicksAndRejections (node:internal/process/task_queues:96:5)
[00:02:37]             │ 
[00:02:37]             │

Stack Trace

TimeoutError: Waiting for element to be located By(css selector, [data-test-errorText])
Wait timed out after 10058ms
    at /dev/shm/workspace/parallel/24/kibana/node_modules/selenium-webdriver/lib/webdriver.js:842:17
    at runMicrotasks (<anonymous>)
    at processTicksAndRejections (node:internal/process/task_queues:96:5) {
  remoteStacktrace: ''
}

Metrics [docs]

✅ unchanged

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

cc @FrankHassanabad

@kibanamachine kibanamachine merged commit 33de724 into elastic:7.x Oct 19, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@FrankHassanabad FrankHassanabad

Labels

backport This PR is a backport of another PR

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@kibanamachine @FrankHassanabad