diff --git a/x-pack/plugins/threat_intelligence/common/constants.ts b/x-pack/plugins/threat_intelligence/common/constants.ts new file mode 100644 index 0000000000000..e5aa41d8ad2f4 --- /dev/null +++ b/x-pack/plugins/threat_intelligence/common/constants.ts @@ -0,0 +1,18 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +export const THREAT_INTELLIGENCE_SEARCH_STRATEGY_NAME = 'threatIntelligenceSearchStrategy'; + +export const BARCHART_AGGREGATION_NAME = 'barchartAggregation'; + +/** + * Used inside custom search strategy + */ +export const enum FactoryQueryType { + IndicatorGrid = 'indicatorGrid', + Barchart = 'barchart', +} diff --git a/x-pack/plugins/threat_intelligence/public/modules/indicators/types/indicator.ts b/x-pack/plugins/threat_intelligence/common/types/indicator.ts similarity index 100% rename from x-pack/plugins/threat_intelligence/public/modules/indicators/types/indicator.ts rename to x-pack/plugins/threat_intelligence/common/types/indicator.ts diff --git a/x-pack/plugins/threat_intelligence/kibana.json b/x-pack/plugins/threat_intelligence/kibana.json index c640782b90f3c..16fcf4eeb5c4c 100644 --- a/x-pack/plugins/threat_intelligence/kibana.json +++ b/x-pack/plugins/threat_intelligence/kibana.json @@ -3,7 +3,7 @@ "version": "1.0.0", "kibanaVersion": "kibana", "ui": true, - "server": false, + "server": true, "owner": { "name": "Protections Experience Team", "githubTeam": "protections-experience" diff --git a/x-pack/plugins/threat_intelligence/public/common/utils/dates.test.ts b/x-pack/plugins/threat_intelligence/public/common/utils/dates.test.ts index 0fba6d4088de0..3f8882a29c988 100644 --- a/x-pack/plugins/threat_intelligence/public/common/utils/dates.test.ts +++ b/x-pack/plugins/threat_intelligence/public/common/utils/dates.test.ts @@ -7,12 +7,7 @@ import moment from 'moment-timezone'; import { TimeRangeBounds } from '@kbn/data-plugin/common'; -import { - barChartTimeAxisLabelFormatter, - calculateBarchartColumnTimeInterval, - dateFormatter, - getDateDifferenceInDays, -} from './dates'; +import { dateFormatter, getDateDifferenceInDays, barChartTimeAxisLabelFormatter } from './dates'; import { EMPTY_VALUE } from '../constants'; const mockValidStringDate = '1 Jan 2022 00:00:00 GMT'; @@ -88,32 +83,4 @@ describe('dates', () => { expect(typeof barChartTimeAxisLabelFormatter(dateRange)).toBe('function'); }); }); - - describe('calculateBarchartTimeInterval', () => { - it('should handle number dates', () => { - const from = moment(mockValidStringDate).valueOf(); - const to = moment(mockValidStringDate).add(1, 'days').valueOf(); - - const interval = calculateBarchartColumnTimeInterval(from, to); - expect(interval).toContain('ms'); - expect(parseInt(interval, 10) > 0).toBeTruthy(); - }); - - it('should handle moment dates', () => { - const from = moment(mockValidStringDate); - const to = moment(mockValidStringDate).add(1, 'days'); - - const interval = calculateBarchartColumnTimeInterval(from, to); - expect(interval).toContain('ms'); - expect(parseInt(interval, 10) > 0).toBeTruthy(); - }); - - it('should handle dateTo older than dateFrom', () => { - const from = moment(mockValidStringDate).add(1, 'days'); - const to = moment(mockValidStringDate); - - const interval = calculateBarchartColumnTimeInterval(from, to); - expect(parseInt(interval, 10) > 0).toBeFalsy(); - }); - }); }); diff --git a/x-pack/plugins/threat_intelligence/public/common/utils/dates.tsx b/x-pack/plugins/threat_intelligence/public/common/utils/dates.tsx index 8adb49b3e95a7..2f5ab5d4c07e2 100644 --- a/x-pack/plugins/threat_intelligence/public/common/utils/dates.tsx +++ b/x-pack/plugins/threat_intelligence/public/common/utils/dates.tsx @@ -14,7 +14,6 @@ import { EMPTY_VALUE } from '../constants'; moment.suppressDeprecationWarnings = true; export const FULL_DATE = 'MMMM Do YYYY @ HH:mm:ss'; -export const BARCHART_NUMBER_OF_COLUMNS = 16; /** * Converts a string or moment date to the 'MMMM Do YYYY @ HH:mm:ss' format. @@ -62,20 +61,3 @@ export const barChartTimeAxisLabelFormatter = (dateRange: TimeRangeBounds): Tick const format = niceTimeFormatByDay(diff); return timeFormatter(format); }; - -/** - * Calculates the time interval in ms for a specific number of columns - * @param dateFrom Min (older) date for the barchart - * @param dateTo Max (newer) date for the barchart - * @param numberOfColumns Desired number of columns (defaulted to {@link BARCHART_NUMBER_OF_COLUMNS}) - * @returns The interval in ms for a column (for example '100000ms') - */ -export const calculateBarchartColumnTimeInterval = ( - dateFrom: number | moment.Moment, - dateTo: number | moment.Moment, - numberOfColumns = BARCHART_NUMBER_OF_COLUMNS -): string => { - const from: number = moment.isMoment(dateFrom) ? dateFrom.valueOf() : dateFrom; - const to: number = moment.isMoment(dateTo) ? dateTo.valueOf() : dateTo; - return `${Math.floor(moment(to).diff(moment(from)) / numberOfColumns)}ms`; -}; diff --git a/x-pack/plugins/threat_intelligence/public/modules/indicators/components/barchart/field_selector/field_selector.stories.tsx b/x-pack/plugins/threat_intelligence/public/modules/indicators/components/barchart/field_selector/field_selector.stories.tsx index 792e31ce109fe..e58dc9a7dcc81 100644 --- a/x-pack/plugins/threat_intelligence/public/modules/indicators/components/barchart/field_selector/field_selector.stories.tsx +++ b/x-pack/plugins/threat_intelligence/public/modules/indicators/components/barchart/field_selector/field_selector.stories.tsx @@ -8,7 +8,7 @@ import React from 'react'; import { Story } from '@storybook/react'; import { DataView, DataViewField } from '@kbn/data-views-plugin/common'; -import { RawIndicatorFieldId } from '../../../types'; +import { RawIndicatorFieldId } from '../../../../../../common/types/indicator'; import { IndicatorsFieldSelector } from '.'; const mockIndexPattern: DataView = { diff --git a/x-pack/plugins/threat_intelligence/public/modules/indicators/components/barchart/field_selector/field_selector.tsx b/x-pack/plugins/threat_intelligence/public/modules/indicators/components/barchart/field_selector/field_selector.tsx index 29af51472bd12..2707ba250784f 100644 --- a/x-pack/plugins/threat_intelligence/public/modules/indicators/components/barchart/field_selector/field_selector.tsx +++ b/x-pack/plugins/threat_intelligence/public/modules/indicators/components/barchart/field_selector/field_selector.tsx @@ -11,7 +11,7 @@ import { i18n } from '@kbn/i18n'; import { DataViewField } from '@kbn/data-views-plugin/common'; import { EuiComboBoxOptionOption } from '@elastic/eui/src/components/combo_box/types'; import { SecuritySolutionDataViewBase } from '../../../../../types'; -import { RawIndicatorFieldId } from '../../../types'; +import { RawIndicatorFieldId } from '../../../../../../common/types/indicator'; import { useStyles } from './styles'; export const DROPDOWN_TEST_ID = 'tiIndicatorFieldSelectorDropdown'; diff --git a/x-pack/plugins/threat_intelligence/public/modules/indicators/components/barchart/wrapper.stories.tsx b/x-pack/plugins/threat_intelligence/public/modules/indicators/components/barchart/wrapper.stories.tsx index 472bc7934bab2..30170d50ca266 100644 --- a/x-pack/plugins/threat_intelligence/public/modules/indicators/components/barchart/wrapper.stories.tsx +++ b/x-pack/plugins/threat_intelligence/public/modules/indicators/components/barchart/wrapper.stories.tsx @@ -14,10 +14,11 @@ import { DataView, DataViewField } from '@kbn/data-views-plugin/common'; import { TimeRange } from '@kbn/es-query'; import { DataPublicPluginStart } from '@kbn/data-plugin/public'; import { IUiSettingsClient } from '@kbn/core/public'; +import { BARCHART_AGGREGATION_NAME } from '../../../../../common/constants'; import { StoryProvidersComponent } from '../../../../common/mocks/story_providers'; import { mockKibanaTimelinesService } from '../../../../common/mocks/mock_kibana_timelines_service'; import { IndicatorsBarChartWrapper } from '.'; -import { Aggregation, AGGREGATION_NAME, ChartSeries } from '../../services'; +import { Aggregation, ChartSeries } from '../../services'; export default { component: IndicatorsBarChartWrapper, @@ -84,7 +85,7 @@ const dataServiceMock = { of({ rawResponse: { aggregations: { - [AGGREGATION_NAME]: { + [BARCHART_AGGREGATION_NAME]: { buckets: [aggregation1, aggregation2], }, }, diff --git a/x-pack/plugins/threat_intelligence/public/modules/indicators/components/barchart/wrapper.tsx b/x-pack/plugins/threat_intelligence/public/modules/indicators/components/barchart/wrapper.tsx index 6df40e3150094..57ec76d17bd41 100644 --- a/x-pack/plugins/threat_intelligence/public/modules/indicators/components/barchart/wrapper.tsx +++ b/x-pack/plugins/threat_intelligence/public/modules/indicators/components/barchart/wrapper.tsx @@ -18,7 +18,7 @@ import { FormattedMessage } from '@kbn/i18n-react'; import { TimeRange } from '@kbn/es-query'; import { TimeRangeBounds } from '@kbn/data-plugin/common'; import { SecuritySolutionDataViewBase } from '../../../../types'; -import { RawIndicatorFieldId } from '../../types'; +import { RawIndicatorFieldId } from '../../../../../common/types/indicator'; import { IndicatorsFieldSelector } from './field_selector'; import { IndicatorsBarChart } from './barchart'; import { ChartSeries } from '../../services'; diff --git a/x-pack/plugins/threat_intelligence/public/modules/indicators/components/field_label/field_label.tsx b/x-pack/plugins/threat_intelligence/public/modules/indicators/components/field_label/field_label.tsx index cf55e5ad9c809..64e85bc8c5d7e 100644 --- a/x-pack/plugins/threat_intelligence/public/modules/indicators/components/field_label/field_label.tsx +++ b/x-pack/plugins/threat_intelligence/public/modules/indicators/components/field_label/field_label.tsx @@ -7,7 +7,7 @@ import React, { VFC } from 'react'; import { i18n } from '@kbn/i18n'; -import { RawIndicatorFieldId } from '../../types'; +import { RawIndicatorFieldId } from '../../../../../common/types/indicator'; interface IndicatorFieldLabelProps { field: string; diff --git a/x-pack/plugins/threat_intelligence/public/modules/indicators/components/field_value/field.stories.tsx b/x-pack/plugins/threat_intelligence/public/modules/indicators/components/field_value/field.stories.tsx index b652ebe92e9fa..da56583404a15 100644 --- a/x-pack/plugins/threat_intelligence/public/modules/indicators/components/field_value/field.stories.tsx +++ b/x-pack/plugins/threat_intelligence/public/modules/indicators/components/field_value/field.stories.tsx @@ -7,7 +7,7 @@ import React from 'react'; import { StoryProvidersComponent } from '../../../../common/mocks/story_providers'; -import { generateMockIndicator } from '../../types'; +import { generateMockIndicator } from '../../../../../common/types/indicator'; import { IndicatorFieldValue } from '.'; export default { diff --git a/x-pack/plugins/threat_intelligence/public/modules/indicators/components/field_value/field.test.tsx b/x-pack/plugins/threat_intelligence/public/modules/indicators/components/field_value/field.test.tsx index c18d0caa5a6e5..94751080fa005 100644 --- a/x-pack/plugins/threat_intelligence/public/modules/indicators/components/field_value/field.test.tsx +++ b/x-pack/plugins/threat_intelligence/public/modules/indicators/components/field_value/field.test.tsx @@ -8,7 +8,10 @@ import React from 'react'; import { render } from '@testing-library/react'; import { IndicatorFieldValue } from '.'; -import { generateMockIndicator, generateMockIndicatorWithTlp } from '../../types'; +import { + generateMockIndicator, + generateMockIndicatorWithTlp, +} from '../../../../../common/types/indicator'; import { EMPTY_VALUE } from '../../../../common/constants'; import { TestProvidersComponent } from '../../../../common/mocks/test_providers'; diff --git a/x-pack/plugins/threat_intelligence/public/modules/indicators/components/field_value/field_value.tsx b/x-pack/plugins/threat_intelligence/public/modules/indicators/components/field_value/field_value.tsx index 00e52cd68bafd..ff3d09fe45906 100644 --- a/x-pack/plugins/threat_intelligence/public/modules/indicators/components/field_value/field_value.tsx +++ b/x-pack/plugins/threat_intelligence/public/modules/indicators/components/field_value/field_value.tsx @@ -8,7 +8,7 @@ import React, { VFC } from 'react'; import { useFieldTypes } from '../../../../hooks'; import { EMPTY_VALUE } from '../../../../common/constants'; -import { Indicator, RawIndicatorFieldId } from '../../types'; +import { Indicator, RawIndicatorFieldId } from '../../../../../common/types/indicator'; import { DateFormatter } from '../../../../components/date_formatter'; import { unwrapValue } from '../../utils'; import { TLPBadge } from '../tlp_badge'; diff --git a/x-pack/plugins/threat_intelligence/public/modules/indicators/components/flyout/fields_table/fields_table.stories.tsx b/x-pack/plugins/threat_intelligence/public/modules/indicators/components/flyout/fields_table/fields_table.stories.tsx index 7cb9254351beb..80bd24d59adc9 100644 --- a/x-pack/plugins/threat_intelligence/public/modules/indicators/components/flyout/fields_table/fields_table.stories.tsx +++ b/x-pack/plugins/threat_intelligence/public/modules/indicators/components/flyout/fields_table/fields_table.stories.tsx @@ -8,7 +8,7 @@ import React from 'react'; import { mockIndicatorsFiltersContext } from '../../../../../common/mocks/mock_indicators_filters_context'; import { IndicatorFieldsTable } from '.'; -import { generateMockIndicator } from '../../../types'; +import { generateMockIndicator } from '../../../../../../common/types/indicator'; import { StoryProvidersComponent } from '../../../../../common/mocks/story_providers'; import { IndicatorsFiltersContext } from '../../../containers/filters'; diff --git a/x-pack/plugins/threat_intelligence/public/modules/indicators/components/flyout/fields_table/fields_table.tsx b/x-pack/plugins/threat_intelligence/public/modules/indicators/components/flyout/fields_table/fields_table.tsx index e5d89910dca3b..3fe1f62599059 100644 --- a/x-pack/plugins/threat_intelligence/public/modules/indicators/components/flyout/fields_table/fields_table.tsx +++ b/x-pack/plugins/threat_intelligence/public/modules/indicators/components/flyout/fields_table/fields_table.tsx @@ -8,7 +8,7 @@ import { EuiBasicTableColumn, EuiInMemoryTable, EuiInMemoryTableProps } from '@elastic/eui'; import { FormattedMessage } from '@kbn/i18n-react'; import React, { useMemo, VFC } from 'react'; -import { Indicator } from '../../../types'; +import { Indicator } from '../../../../../../common/types/indicator'; import { IndicatorFieldValue } from '../../field_value'; import { IndicatorValueActions } from '../indicator_value_actions'; diff --git a/x-pack/plugins/threat_intelligence/public/modules/indicators/components/flyout/flyout.stories.tsx b/x-pack/plugins/threat_intelligence/public/modules/indicators/components/flyout/flyout.stories.tsx index 80b75a605cccf..b23dfca2e61d6 100644 --- a/x-pack/plugins/threat_intelligence/public/modules/indicators/components/flyout/flyout.stories.tsx +++ b/x-pack/plugins/threat_intelligence/public/modules/indicators/components/flyout/flyout.stories.tsx @@ -8,7 +8,7 @@ import React from 'react'; import { Story } from '@storybook/react'; import { StoryProvidersComponent } from '../../../../common/mocks/story_providers'; -import { generateMockIndicator, Indicator } from '../../types'; +import { generateMockIndicator, Indicator } from '../../../../../common/types/indicator'; import { IndicatorsFlyout } from '.'; export default { diff --git a/x-pack/plugins/threat_intelligence/public/modules/indicators/components/flyout/flyout.test.tsx b/x-pack/plugins/threat_intelligence/public/modules/indicators/components/flyout/flyout.test.tsx index fab9d2ed6d465..a50cf08b3f2b5 100644 --- a/x-pack/plugins/threat_intelligence/public/modules/indicators/components/flyout/flyout.test.tsx +++ b/x-pack/plugins/threat_intelligence/public/modules/indicators/components/flyout/flyout.test.tsx @@ -8,7 +8,7 @@ import React from 'react'; import { cleanup, render, screen } from '@testing-library/react'; import { IndicatorsFlyout, SUBTITLE_TEST_ID, TITLE_TEST_ID } from '.'; -import { generateMockIndicator, Indicator } from '../../types'; +import { generateMockIndicator, Indicator } from '../../../../../common/types/indicator'; import { TestProvidersComponent } from '../../../../common/mocks/test_providers'; const mockIndicator = generateMockIndicator(); diff --git a/x-pack/plugins/threat_intelligence/public/modules/indicators/components/flyout/flyout.tsx b/x-pack/plugins/threat_intelligence/public/modules/indicators/components/flyout/flyout.tsx index 97c5592b05e42..485ba92f61932 100644 --- a/x-pack/plugins/threat_intelligence/public/modules/indicators/components/flyout/flyout.tsx +++ b/x-pack/plugins/threat_intelligence/public/modules/indicators/components/flyout/flyout.tsx @@ -23,7 +23,7 @@ import { import { FormattedMessage } from '@kbn/i18n-react'; import { InvestigateInTimelineButton } from '../../../timeline'; import { DateFormatter } from '../../../../components/date_formatter/date_formatter'; -import { Indicator, RawIndicatorFieldId } from '../../types'; +import { Indicator, RawIndicatorFieldId } from '../../../../../common/types/indicator'; import { IndicatorsFlyoutJson } from './json_tab'; import { IndicatorsFlyoutTable } from './table_tab'; import { unwrapValue } from '../../utils'; diff --git a/x-pack/plugins/threat_intelligence/public/modules/indicators/components/flyout/indicator_value_actions/indicator_value_actions.tsx b/x-pack/plugins/threat_intelligence/public/modules/indicators/components/flyout/indicator_value_actions/indicator_value_actions.tsx index e64592cbea079..4d4f1d94d84e5 100644 --- a/x-pack/plugins/threat_intelligence/public/modules/indicators/components/flyout/indicator_value_actions/indicator_value_actions.tsx +++ b/x-pack/plugins/threat_intelligence/public/modules/indicators/components/flyout/indicator_value_actions/indicator_value_actions.tsx @@ -14,7 +14,7 @@ import { EuiToolTip, } from '@elastic/eui'; import { i18n } from '@kbn/i18n'; -import { Indicator } from '../../../types'; +import { Indicator } from '../../../../../../common/types/indicator'; import { FilterInButtonIcon, FilterOutButtonIcon } from '../../../../query_bar'; import { AddToTimelineContextMenu } from '../../../../timeline'; import { fieldAndValueValid, getIndicatorFieldAndValue } from '../../../utils'; diff --git a/x-pack/plugins/threat_intelligence/public/modules/indicators/components/flyout/json_tab/json_tab.stories.tsx b/x-pack/plugins/threat_intelligence/public/modules/indicators/components/flyout/json_tab/json_tab.stories.tsx index 9ae8576c8706e..8d2eead239f4e 100644 --- a/x-pack/plugins/threat_intelligence/public/modules/indicators/components/flyout/json_tab/json_tab.stories.tsx +++ b/x-pack/plugins/threat_intelligence/public/modules/indicators/components/flyout/json_tab/json_tab.stories.tsx @@ -7,7 +7,7 @@ import React from 'react'; import { Story } from '@storybook/react'; -import { generateMockIndicator, Indicator } from '../../../types'; +import { generateMockIndicator, Indicator } from '../../../../../../common/types/indicator'; import { IndicatorsFlyoutJson } from '.'; export default { diff --git a/x-pack/plugins/threat_intelligence/public/modules/indicators/components/flyout/json_tab/json_tab.test.tsx b/x-pack/plugins/threat_intelligence/public/modules/indicators/components/flyout/json_tab/json_tab.test.tsx index 496e362c1a384..d56b328c61597 100644 --- a/x-pack/plugins/threat_intelligence/public/modules/indicators/components/flyout/json_tab/json_tab.test.tsx +++ b/x-pack/plugins/threat_intelligence/public/modules/indicators/components/flyout/json_tab/json_tab.test.tsx @@ -8,7 +8,7 @@ import React from 'react'; import { render } from '@testing-library/react'; import { TestProvidersComponent } from '../../../../../common/mocks/test_providers'; -import { generateMockIndicator, Indicator } from '../../../types'; +import { generateMockIndicator, Indicator } from '../../../../../../common/types/indicator'; import { CODE_BLOCK_TEST_ID, IndicatorsFlyoutJson } from '.'; import { EMPTY_PROMPT_TEST_ID } from '../empty_prompt'; diff --git a/x-pack/plugins/threat_intelligence/public/modules/indicators/components/flyout/json_tab/json_tab.tsx b/x-pack/plugins/threat_intelligence/public/modules/indicators/components/flyout/json_tab/json_tab.tsx index b3791edc5b9fe..f7dc6ad59de00 100644 --- a/x-pack/plugins/threat_intelligence/public/modules/indicators/components/flyout/json_tab/json_tab.tsx +++ b/x-pack/plugins/threat_intelligence/public/modules/indicators/components/flyout/json_tab/json_tab.tsx @@ -7,7 +7,7 @@ import React, { VFC } from 'react'; import { EuiCodeBlock } from '@elastic/eui'; -import { Indicator } from '../../../types'; +import { Indicator } from '../../../../../../common/types/indicator'; import { IndicatorEmptyPrompt } from '../empty_prompt'; export const CODE_BLOCK_TEST_ID = 'tiFlyoutJsonCodeBlock'; diff --git a/x-pack/plugins/threat_intelligence/public/modules/indicators/components/flyout/overview_tab/block/block.stories.tsx b/x-pack/plugins/threat_intelligence/public/modules/indicators/components/flyout/overview_tab/block/block.stories.tsx index 0a0db7b114929..0ae9c8b962d9a 100644 --- a/x-pack/plugins/threat_intelligence/public/modules/indicators/components/flyout/overview_tab/block/block.stories.tsx +++ b/x-pack/plugins/threat_intelligence/public/modules/indicators/components/flyout/overview_tab/block/block.stories.tsx @@ -8,7 +8,7 @@ import React from 'react'; import { IndicatorsFiltersContext } from '../../../../containers/filters'; import { StoryProvidersComponent } from '../../../../../../common/mocks/story_providers'; -import { generateMockIndicator } from '../../../../types'; +import { generateMockIndicator } from '../../../../../../../common/types/indicator'; import { IndicatorBlock } from '.'; export default { diff --git a/x-pack/plugins/threat_intelligence/public/modules/indicators/components/flyout/overview_tab/block/block.tsx b/x-pack/plugins/threat_intelligence/public/modules/indicators/components/flyout/overview_tab/block/block.tsx index 48ac9867181b3..3baa182530b86 100644 --- a/x-pack/plugins/threat_intelligence/public/modules/indicators/components/flyout/overview_tab/block/block.tsx +++ b/x-pack/plugins/threat_intelligence/public/modules/indicators/components/flyout/overview_tab/block/block.tsx @@ -8,7 +8,7 @@ import { EuiPanel, EuiSpacer, EuiText } from '@elastic/eui'; import React, { VFC } from 'react'; import { css, euiStyled } from '@kbn/kibana-react-plugin/common'; -import { Indicator } from '../../../../types'; +import { Indicator } from '../../../../../../../common/types/indicator'; import { IndicatorFieldValue } from '../../../field_value'; import { IndicatorFieldLabel } from '../../../field_label'; import { IndicatorValueActions } from '../../indicator_value_actions'; diff --git a/x-pack/plugins/threat_intelligence/public/modules/indicators/components/flyout/overview_tab/highlighted_values_table/highlighted_values_table.tsx b/x-pack/plugins/threat_intelligence/public/modules/indicators/components/flyout/overview_tab/highlighted_values_table/highlighted_values_table.tsx index 193e550fc4012..5c60ed4684d9b 100644 --- a/x-pack/plugins/threat_intelligence/public/modules/indicators/components/flyout/overview_tab/highlighted_values_table/highlighted_values_table.tsx +++ b/x-pack/plugins/threat_intelligence/public/modules/indicators/components/flyout/overview_tab/highlighted_values_table/highlighted_values_table.tsx @@ -6,7 +6,7 @@ */ import React, { useMemo, VFC } from 'react'; -import { Indicator, RawIndicatorFieldId } from '../../../../types'; +import { Indicator, RawIndicatorFieldId } from '../../../../../../../common/types/indicator'; import { unwrapValue } from '../../../../utils'; import { IndicatorFieldsTable } from '../../fields_table'; diff --git a/x-pack/plugins/threat_intelligence/public/modules/indicators/components/flyout/overview_tab/overview_tab.stories.tsx b/x-pack/plugins/threat_intelligence/public/modules/indicators/components/flyout/overview_tab/overview_tab.stories.tsx index 3b1c57b19c73f..4c74ea25330d7 100644 --- a/x-pack/plugins/threat_intelligence/public/modules/indicators/components/flyout/overview_tab/overview_tab.stories.tsx +++ b/x-pack/plugins/threat_intelligence/public/modules/indicators/components/flyout/overview_tab/overview_tab.stories.tsx @@ -8,7 +8,7 @@ import React from 'react'; import { Story } from '@storybook/react'; import { StoryProvidersComponent } from '../../../../../common/mocks/story_providers'; -import { generateMockIndicator, Indicator } from '../../../types'; +import { generateMockIndicator, Indicator } from '../../../../../../common/types/indicator'; import { IndicatorsFlyoutOverview } from '.'; import { IndicatorsFiltersContext } from '../../../containers/filters'; diff --git a/x-pack/plugins/threat_intelligence/public/modules/indicators/components/flyout/overview_tab/overview_tab.test.tsx b/x-pack/plugins/threat_intelligence/public/modules/indicators/components/flyout/overview_tab/overview_tab.test.tsx index 94bdba9ea06fa..df4201761a98e 100644 --- a/x-pack/plugins/threat_intelligence/public/modules/indicators/components/flyout/overview_tab/overview_tab.test.tsx +++ b/x-pack/plugins/threat_intelligence/public/modules/indicators/components/flyout/overview_tab/overview_tab.test.tsx @@ -8,7 +8,7 @@ import { TestProvidersComponent } from '../../../../../common/mocks/test_providers'; import { render, screen } from '@testing-library/react'; import React from 'react'; -import { generateMockIndicator, Indicator } from '../../../types'; +import { generateMockIndicator, Indicator } from '../../../../../../common/types/indicator'; import { IndicatorsFlyoutOverview, TI_FLYOUT_OVERVIEW_HIGH_LEVEL_BLOCKS, diff --git a/x-pack/plugins/threat_intelligence/public/modules/indicators/components/flyout/overview_tab/overview_tab.tsx b/x-pack/plugins/threat_intelligence/public/modules/indicators/components/flyout/overview_tab/overview_tab.tsx index def4049aeee5c..2c3e6dee5ffcb 100644 --- a/x-pack/plugins/threat_intelligence/public/modules/indicators/components/flyout/overview_tab/overview_tab.tsx +++ b/x-pack/plugins/threat_intelligence/public/modules/indicators/components/flyout/overview_tab/overview_tab.tsx @@ -17,7 +17,7 @@ import { import { FormattedMessage } from '@kbn/i18n-react'; import React, { useMemo, VFC } from 'react'; import { EMPTY_VALUE } from '../../../../../common/constants'; -import { Indicator, RawIndicatorFieldId } from '../../../types'; +import { Indicator, RawIndicatorFieldId } from '../../../../../../common/types/indicator'; import { unwrapValue } from '../../../utils'; import { IndicatorEmptyPrompt } from '../empty_prompt'; import { IndicatorBlock } from './block'; diff --git a/x-pack/plugins/threat_intelligence/public/modules/indicators/components/flyout/table_tab/table_tab.stories.tsx b/x-pack/plugins/threat_intelligence/public/modules/indicators/components/flyout/table_tab/table_tab.stories.tsx index a8cea2e06ca2b..1842d52171db3 100644 --- a/x-pack/plugins/threat_intelligence/public/modules/indicators/components/flyout/table_tab/table_tab.stories.tsx +++ b/x-pack/plugins/threat_intelligence/public/modules/indicators/components/flyout/table_tab/table_tab.stories.tsx @@ -12,7 +12,7 @@ import { createKibanaReactContext } from '@kbn/kibana-react-plugin/public'; import { mockIndicatorsFiltersContext } from '../../../../../common/mocks/mock_indicators_filters_context'; import { mockUiSettingsService } from '../../../../../common/mocks/mock_kibana_ui_settings_service'; import { mockKibanaTimelinesService } from '../../../../../common/mocks/mock_kibana_timelines_service'; -import { generateMockIndicator, Indicator } from '../../../types'; +import { generateMockIndicator, Indicator } from '../../../../../../common/types/indicator'; import { IndicatorsFlyoutTable } from '.'; import { IndicatorsFiltersContext } from '../../../containers/filters'; diff --git a/x-pack/plugins/threat_intelligence/public/modules/indicators/components/flyout/table_tab/table_tab.test.tsx b/x-pack/plugins/threat_intelligence/public/modules/indicators/components/flyout/table_tab/table_tab.test.tsx index c70232da887ff..aae9aa41cbf2f 100644 --- a/x-pack/plugins/threat_intelligence/public/modules/indicators/components/flyout/table_tab/table_tab.test.tsx +++ b/x-pack/plugins/threat_intelligence/public/modules/indicators/components/flyout/table_tab/table_tab.test.tsx @@ -8,7 +8,11 @@ import React from 'react'; import { render } from '@testing-library/react'; import { TestProvidersComponent } from '../../../../../common/mocks/test_providers'; -import { generateMockIndicator, Indicator, RawIndicatorFieldId } from '../../../types'; +import { + generateMockIndicator, + Indicator, + RawIndicatorFieldId, +} from '../../../../../../common/types/indicator'; import { IndicatorsFlyoutTable, TABLE_TEST_ID } from '.'; import { unwrapValue } from '../../../utils'; import { EMPTY_PROMPT_TEST_ID } from '../empty_prompt'; diff --git a/x-pack/plugins/threat_intelligence/public/modules/indicators/components/flyout/table_tab/table_tab.tsx b/x-pack/plugins/threat_intelligence/public/modules/indicators/components/flyout/table_tab/table_tab.tsx index 5c152684f0fa9..0f0a699733ccb 100644 --- a/x-pack/plugins/threat_intelligence/public/modules/indicators/components/flyout/table_tab/table_tab.tsx +++ b/x-pack/plugins/threat_intelligence/public/modules/indicators/components/flyout/table_tab/table_tab.tsx @@ -6,7 +6,7 @@ */ import React, { VFC } from 'react'; -import { Indicator } from '../../../types'; +import { Indicator } from '../../../../../../common/types/indicator'; import { IndicatorEmptyPrompt } from '../empty_prompt'; import { IndicatorFieldsTable } from '../fields_table'; diff --git a/x-pack/plugins/threat_intelligence/public/modules/indicators/components/table/components/actions_row_cell.tsx b/x-pack/plugins/threat_intelligence/public/modules/indicators/components/table/components/actions_row_cell.tsx index 05b4f5b64c263..e8a58f2797669 100644 --- a/x-pack/plugins/threat_intelligence/public/modules/indicators/components/table/components/actions_row_cell.tsx +++ b/x-pack/plugins/threat_intelligence/public/modules/indicators/components/table/components/actions_row_cell.tsx @@ -8,7 +8,7 @@ import React, { useContext, VFC } from 'react'; import { EuiFlexGroup } from '@elastic/eui'; import { InvestigateInTimelineButtonIcon } from '../../../../timeline'; -import { Indicator } from '../../../types'; +import { Indicator } from '../../../../../../common/types/indicator'; import { OpenIndicatorFlyoutButton } from './open_flyout_button'; import { IndicatorsTableContext } from '../contexts'; diff --git a/x-pack/plugins/threat_intelligence/public/modules/indicators/components/table/components/cell_actions.tsx b/x-pack/plugins/threat_intelligence/public/modules/indicators/components/table/components/cell_actions.tsx index 8342a013bb112..2f606df1a8f12 100644 --- a/x-pack/plugins/threat_intelligence/public/modules/indicators/components/table/components/cell_actions.tsx +++ b/x-pack/plugins/threat_intelligence/public/modules/indicators/components/table/components/cell_actions.tsx @@ -7,7 +7,7 @@ import React, { VFC } from 'react'; import { EuiDataGridColumnCellActionProps } from '@elastic/eui/src/components/datagrid/data_grid_types'; -import { Indicator } from '../../../types'; +import { Indicator } from '../../../../../../common/types/indicator'; import { AddToTimelineCellAction } from '../../../../timeline'; import { FilterInCellAction, FilterOutCellAction } from '../../../../query_bar'; import { fieldAndValueValid, getIndicatorFieldAndValue } from '../../../utils'; diff --git a/x-pack/plugins/threat_intelligence/public/modules/indicators/components/table/components/cell_popover_renderer.tsx b/x-pack/plugins/threat_intelligence/public/modules/indicators/components/table/components/cell_popover_renderer.tsx index 95067ce87bc19..eba86eb4e8c35 100644 --- a/x-pack/plugins/threat_intelligence/public/modules/indicators/components/table/components/cell_popover_renderer.tsx +++ b/x-pack/plugins/threat_intelligence/public/modules/indicators/components/table/components/cell_popover_renderer.tsx @@ -16,7 +16,7 @@ import { CopyToClipboardButtonEmpty } from '../../copy_to_clipboard/copy_to_clip import { FilterInButtonEmpty, FilterOutButtonEmpty } from '../../../../query_bar'; import { AddToTimelineButtonEmpty } from '../../../../timeline'; import { fieldAndValueValid, getIndicatorFieldAndValue } from '../../../utils/field_value'; -import { Indicator } from '../../../types'; +import { Indicator } from '../../../../../../common/types/indicator'; import { Pagination } from '../../../services/fetch_indicators'; import { useStyles } from './styles'; diff --git a/x-pack/plugins/threat_intelligence/public/modules/indicators/components/table/components/cell_renderer.tsx b/x-pack/plugins/threat_intelligence/public/modules/indicators/components/table/components/cell_renderer.tsx index d4aa529f5dfc1..7a33c4d21dde6 100644 --- a/x-pack/plugins/threat_intelligence/public/modules/indicators/components/table/components/cell_renderer.tsx +++ b/x-pack/plugins/threat_intelligence/public/modules/indicators/components/table/components/cell_renderer.tsx @@ -9,7 +9,7 @@ import { EuiDataGridCellValueElementProps } from '@elastic/eui'; import React, { useContext, useEffect } from 'react'; import { euiDarkVars as themeDark, euiLightVars as themeLight } from '@kbn/ui-theme'; import { useKibana } from '../../../../../hooks'; -import { Indicator } from '../../../types'; +import { Indicator } from '../../../../../../common/types/indicator'; import { IndicatorFieldValue } from '../../field_value'; import { IndicatorsTableContext } from '../contexts'; import { ActionsRowCell } from '.'; diff --git a/x-pack/plugins/threat_intelligence/public/modules/indicators/components/table/components/open_flyout_button/open_flyout_button.stories.tsx b/x-pack/plugins/threat_intelligence/public/modules/indicators/components/table/components/open_flyout_button/open_flyout_button.stories.tsx index e7f62b73042df..d0bcec7068c21 100644 --- a/x-pack/plugins/threat_intelligence/public/modules/indicators/components/table/components/open_flyout_button/open_flyout_button.stories.tsx +++ b/x-pack/plugins/threat_intelligence/public/modules/indicators/components/table/components/open_flyout_button/open_flyout_button.stories.tsx @@ -9,7 +9,7 @@ import React from 'react'; import { ComponentStory } from '@storybook/react'; import { createKibanaReactContext } from '@kbn/kibana-react-plugin/public'; import { mockUiSettingsService } from '../../../../../../common/mocks/mock_kibana_ui_settings_service'; -import { generateMockIndicator, Indicator } from '../../../../types'; +import { generateMockIndicator, Indicator } from '../../../../../../../common/types/indicator'; import { OpenIndicatorFlyoutButton } from '.'; export default { diff --git a/x-pack/plugins/threat_intelligence/public/modules/indicators/components/table/components/open_flyout_button/open_flyout_button.test.tsx b/x-pack/plugins/threat_intelligence/public/modules/indicators/components/table/components/open_flyout_button/open_flyout_button.test.tsx index fe3fcca21129c..f68be6d7ea553 100644 --- a/x-pack/plugins/threat_intelligence/public/modules/indicators/components/table/components/open_flyout_button/open_flyout_button.test.tsx +++ b/x-pack/plugins/threat_intelligence/public/modules/indicators/components/table/components/open_flyout_button/open_flyout_button.test.tsx @@ -8,7 +8,7 @@ import React from 'react'; import { render } from '@testing-library/react'; import { BUTTON_TEST_ID, OpenIndicatorFlyoutButton } from '.'; -import { generateMockIndicator } from '../../../../types'; +import { generateMockIndicator } from '../../../../../../../common/types/indicator'; import { TestProvidersComponent } from '../../../../../../common/mocks/test_providers'; const mockIndicator = generateMockIndicator(); diff --git a/x-pack/plugins/threat_intelligence/public/modules/indicators/components/table/components/open_flyout_button/open_flyout_button.tsx b/x-pack/plugins/threat_intelligence/public/modules/indicators/components/table/components/open_flyout_button/open_flyout_button.tsx index dee079463f056..7ae0584447a5b 100644 --- a/x-pack/plugins/threat_intelligence/public/modules/indicators/components/table/components/open_flyout_button/open_flyout_button.tsx +++ b/x-pack/plugins/threat_intelligence/public/modules/indicators/components/table/components/open_flyout_button/open_flyout_button.tsx @@ -8,7 +8,7 @@ import React, { VFC } from 'react'; import { EuiButtonIcon, EuiToolTip } from '@elastic/eui'; import { i18n } from '@kbn/i18n'; -import { Indicator } from '../../../../types'; +import { Indicator } from '../../../../../../../common/types/indicator'; export const BUTTON_TEST_ID = 'tiToggleIndicatorFlyoutButton'; diff --git a/x-pack/plugins/threat_intelligence/public/modules/indicators/components/table/contexts/context.ts b/x-pack/plugins/threat_intelligence/public/modules/indicators/components/table/contexts/context.ts index 9bb89968c75ae..e0125544a6453 100644 --- a/x-pack/plugins/threat_intelligence/public/modules/indicators/components/table/contexts/context.ts +++ b/x-pack/plugins/threat_intelligence/public/modules/indicators/components/table/contexts/context.ts @@ -6,7 +6,7 @@ */ import { createContext, Dispatch, SetStateAction } from 'react'; -import { Indicator } from '../../../types'; +import { Indicator } from '../../../../../../common/types/indicator'; export interface IndicatorsTableContextValue { expanded: Indicator | undefined; diff --git a/x-pack/plugins/threat_intelligence/public/modules/indicators/components/table/hooks/use_column_settings.ts b/x-pack/plugins/threat_intelligence/public/modules/indicators/components/table/hooks/use_column_settings.ts index 680661f04d411..33f73922a3aa0 100644 --- a/x-pack/plugins/threat_intelligence/public/modules/indicators/components/table/hooks/use_column_settings.ts +++ b/x-pack/plugins/threat_intelligence/public/modules/indicators/components/table/hooks/use_column_settings.ts @@ -8,7 +8,7 @@ import { EuiDataGridColumn, EuiDataGridSorting } from '@elastic/eui'; import { useCallback, useEffect, useMemo, useState } from 'react'; import negate from 'lodash/negate'; -import { RawIndicatorFieldId } from '../../../types'; +import { RawIndicatorFieldId } from '../../../../../../common/types/indicator'; import { useKibana } from '../../../../../hooks'; import { translateFieldLabel } from '../../field_label'; diff --git a/x-pack/plugins/threat_intelligence/public/modules/indicators/components/table/table.stories.tsx b/x-pack/plugins/threat_intelligence/public/modules/indicators/components/table/table.stories.tsx index a4eccb880f6c1..4822d403e3f4b 100644 --- a/x-pack/plugins/threat_intelligence/public/modules/indicators/components/table/table.stories.tsx +++ b/x-pack/plugins/threat_intelligence/public/modules/indicators/components/table/table.stories.tsx @@ -9,7 +9,7 @@ import React from 'react'; import { DataView } from '@kbn/data-views-plugin/common'; import { mockIndicatorsFiltersContext } from '../../../../common/mocks/mock_indicators_filters_context'; import { StoryProvidersComponent } from '../../../../common/mocks/story_providers'; -import { generateMockIndicator, Indicator } from '../../types'; +import { generateMockIndicator, Indicator } from '../../../../../common/types/indicator'; import { IndicatorsTable } from '.'; import { IndicatorsFiltersContext } from '../../containers/filters/context'; import { DEFAULT_COLUMNS } from './hooks'; diff --git a/x-pack/plugins/threat_intelligence/public/modules/indicators/components/table/table.test.tsx b/x-pack/plugins/threat_intelligence/public/modules/indicators/components/table/table.test.tsx index af28ac88a4d44..2d51a75cd2c83 100644 --- a/x-pack/plugins/threat_intelligence/public/modules/indicators/components/table/table.test.tsx +++ b/x-pack/plugins/threat_intelligence/public/modules/indicators/components/table/table.test.tsx @@ -9,7 +9,7 @@ import { act, render, screen } from '@testing-library/react'; import React from 'react'; import { IndicatorsTable, IndicatorsTableProps, TABLE_UPDATE_PROGRESS_TEST_ID } from '.'; import { TestProvidersComponent } from '../../../../common/mocks/test_providers'; -import { generateMockIndicator, Indicator } from '../../types'; +import { generateMockIndicator, Indicator } from '../../../../../common/types/indicator'; import { BUTTON_TEST_ID } from './components/open_flyout_button'; import { TITLE_TEST_ID } from '../flyout'; import { SecuritySolutionDataViewBase } from '../../../../types'; diff --git a/x-pack/plugins/threat_intelligence/public/modules/indicators/components/table/table.tsx b/x-pack/plugins/threat_intelligence/public/modules/indicators/components/table/table.tsx index 62e142075305f..d27aaf0ea233d 100644 --- a/x-pack/plugins/threat_intelligence/public/modules/indicators/components/table/table.tsx +++ b/x-pack/plugins/threat_intelligence/public/modules/indicators/components/table/table.tsx @@ -21,7 +21,7 @@ import { FormattedMessage } from '@kbn/i18n-react'; import { EuiDataGridColumn } from '@elastic/eui/src/components/datagrid/data_grid_types'; import { CellActions, cellPopoverRendererFactory, cellRendererFactory } from './components'; import { BrowserFields, SecuritySolutionDataViewBase } from '../../../../types'; -import { Indicator, RawIndicatorFieldId } from '../../types'; +import { Indicator, RawIndicatorFieldId } from '../../../../../common/types/indicator'; import { EmptyState } from '../../../../components/empty_state'; import { IndicatorsTableContext, IndicatorsTableContextValue } from './contexts'; import { IndicatorsFlyout } from '../flyout'; diff --git a/x-pack/plugins/threat_intelligence/public/modules/indicators/hooks/use_aggregated_indicators.ts b/x-pack/plugins/threat_intelligence/public/modules/indicators/hooks/use_aggregated_indicators.ts index 52f7c01cac736..bdfd9fafa77e0 100644 --- a/x-pack/plugins/threat_intelligence/public/modules/indicators/hooks/use_aggregated_indicators.ts +++ b/x-pack/plugins/threat_intelligence/public/modules/indicators/hooks/use_aggregated_indicators.ts @@ -10,7 +10,7 @@ import { Filter, Query, TimeRange } from '@kbn/es-query'; import { useMemo, useState } from 'react'; import { TimeRangeBounds } from '@kbn/data-plugin/common'; import { useInspector, useKibana } from '../../../hooks'; -import { RawIndicatorFieldId } from '../types'; +import { RawIndicatorFieldId } from '../../../../common/types/indicator'; import { useSourcererDataView } from '.'; import { ChartSeries, diff --git a/x-pack/plugins/threat_intelligence/public/modules/indicators/hooks/use_indicators.ts b/x-pack/plugins/threat_intelligence/public/modules/indicators/hooks/use_indicators.ts index 399254fe75688..3011d9b5101f6 100644 --- a/x-pack/plugins/threat_intelligence/public/modules/indicators/hooks/use_indicators.ts +++ b/x-pack/plugins/threat_intelligence/public/modules/indicators/hooks/use_indicators.ts @@ -10,7 +10,7 @@ import { Filter, Query, TimeRange } from '@kbn/es-query'; import { useQuery } from '@tanstack/react-query'; import { EuiDataGridSorting } from '@elastic/eui'; import { useInspector, useKibana } from '../../../hooks'; -import { Indicator } from '../types'; +import { Indicator } from '../../../../common/types/indicator'; import { useSourcererDataView } from './use_sourcerer_data_view'; import { createFetchIndicators, FetchParams, Pagination } from '../services/fetch_indicators'; diff --git a/x-pack/plugins/threat_intelligence/public/modules/indicators/hooks/use_sourcerer_data_view.ts b/x-pack/plugins/threat_intelligence/public/modules/indicators/hooks/use_sourcerer_data_view.ts index 5128f47ee1a79..94e8c7a489fe9 100644 --- a/x-pack/plugins/threat_intelligence/public/modules/indicators/hooks/use_sourcerer_data_view.ts +++ b/x-pack/plugins/threat_intelligence/public/modules/indicators/hooks/use_sourcerer_data_view.ts @@ -7,7 +7,7 @@ import { useMemo } from 'react'; import { i18n } from '@kbn/i18n'; -import { RawIndicatorFieldId } from '../types'; +import { RawIndicatorFieldId } from '../../../../common/types/indicator'; import { SecuritySolutionDataViewBase } from '../../../types'; import { useSecurityContext } from '../../../hooks/use_security_context'; diff --git a/x-pack/plugins/threat_intelligence/public/modules/indicators/index.ts b/x-pack/plugins/threat_intelligence/public/modules/indicators/index.ts index a88503e53cc7b..73affbb6e8a63 100644 --- a/x-pack/plugins/threat_intelligence/public/modules/indicators/index.ts +++ b/x-pack/plugins/threat_intelligence/public/modules/indicators/index.ts @@ -11,4 +11,3 @@ export * from './hooks/use_sourcerer_data_view'; export * from './hooks/use_total_count'; export * from './utils/field_value'; export * from './utils/unwrap_value'; -export * from './types/indicator'; diff --git a/x-pack/plugins/threat_intelligence/public/modules/indicators/services/fetch_aggregated_indicators.test.ts b/x-pack/plugins/threat_intelligence/public/modules/indicators/services/fetch_aggregated_indicators.test.ts index 007623943c531..45190d813714b 100644 --- a/x-pack/plugins/threat_intelligence/public/modules/indicators/services/fetch_aggregated_indicators.test.ts +++ b/x-pack/plugins/threat_intelligence/public/modules/indicators/services/fetch_aggregated_indicators.test.ts @@ -8,15 +8,11 @@ import { mockedQueryService, mockedSearchService } from '../../../common/mocks/test_providers'; import { BehaviorSubject, throwError } from 'rxjs'; import { RequestAdapter } from '@kbn/inspector-plugin/common'; -import { - Aggregation, - AGGREGATION_NAME, - convertAggregationToChartSeries, - createFetchAggregatedIndicators, -} from '.'; +import { Aggregation, convertAggregationToChartSeries, createFetchAggregatedIndicators } from '.'; +import { BARCHART_AGGREGATION_NAME, FactoryQueryType } from '../../../../common/constants'; const aggregationResponse = { - rawResponse: { aggregations: { [AGGREGATION_NAME]: { buckets: [] } } }, + rawResponse: { aggregations: { [BARCHART_AGGREGATION_NAME]: { buckets: [] } } }, }; const aggregation1: Aggregation = { @@ -88,33 +84,13 @@ describe('FetchAggregatedIndicatorsService', () => { expect.objectContaining({ params: expect.objectContaining({ body: expect.objectContaining({ - size: 0, query: expect.objectContaining({ bool: expect.anything() }), - runtime_mappings: { - 'threat.indicator.name': { script: expect.anything(), type: 'keyword' }, - 'threat.indicator.name_origin': { script: expect.anything(), type: 'keyword' }, - }, - aggregations: { - [AGGREGATION_NAME]: { - terms: { - field: 'myField', - }, - aggs: { - events: { - date_histogram: { - field: '@timestamp', - fixed_interval: expect.anything(), - min_doc_count: 0, - extended_bounds: expect.anything(), - }, - }, - }, - }, - }, - fields: ['@timestamp', 'myField'], }), index: [], }), + factoryQueryType: FactoryQueryType.Barchart, + dateRange: expect.anything(), + field: 'myField', }), expect.anything() ); diff --git a/x-pack/plugins/threat_intelligence/public/modules/indicators/services/fetch_aggregated_indicators.ts b/x-pack/plugins/threat_intelligence/public/modules/indicators/services/fetch_aggregated_indicators.ts index f64b0eb7a6684..88f880122e426 100644 --- a/x-pack/plugins/threat_intelligence/public/modules/indicators/services/fetch_aggregated_indicators.ts +++ b/x-pack/plugins/threat_intelligence/public/modules/indicators/services/fetch_aggregated_indicators.ts @@ -9,14 +9,13 @@ import { TimeRangeBounds } from '@kbn/data-plugin/common'; import type { ISearchStart, QueryStart } from '@kbn/data-plugin/public'; import type { Filter, Query, TimeRange } from '@kbn/es-query'; import { RequestAdapter } from '@kbn/inspector-plugin/common'; -import { calculateBarchartColumnTimeInterval } from '../../../common/utils/dates'; -import { RawIndicatorFieldId } from '../types'; -import { getIndicatorQueryParams, search } from '../utils'; +import { BARCHART_AGGREGATION_NAME, FactoryQueryType } from '../../../../common/constants'; +import { RawIndicatorFieldId } from '../../../../common/types/indicator'; +import { search } from '../utils/search'; +import { getIndicatorQueryParams } from '../utils/get_indicator_query_params'; const TIMESTAMP_FIELD = RawIndicatorFieldId.TimeStamp; -export const AGGREGATION_NAME = 'barchartAggregation'; - export interface AggregationValue { doc_count: number; key: number; @@ -33,7 +32,7 @@ export interface Aggregation { export interface RawAggregatedIndicatorsResponse { aggregations: { - [AGGREGATION_NAME]: { + [BARCHART_AGGREGATION_NAME]: { buckets: Aggregation[]; }; }; @@ -90,45 +89,33 @@ export const createFetchAggregatedIndicators = const dateFrom: number = (dateRange.min as moment.Moment).toDate().getTime(); const dateTo: number = (dateRange.max as moment.Moment).toDate().getTime(); - const interval = calculateBarchartColumnTimeInterval(dateFrom, dateTo); const sharedParams = getIndicatorQueryParams({ timeRange, filters, filterQuery }); const searchRequestBody = { - aggregations: { - [AGGREGATION_NAME]: { - terms: { - field, - }, - aggs: { - events: { - date_histogram: { - field: TIMESTAMP_FIELD, - fixed_interval: interval, - min_doc_count: 0, - extended_bounds: { - min: dateFrom, - max: dateTo, - }, - }, - }, - }, - }, - }, fields: [TIMESTAMP_FIELD, field], size: 0, ...sharedParams, }; const { - aggregations: { [AGGREGATION_NAME]: aggregation }, - } = await search( + aggregations: { [BARCHART_AGGREGATION_NAME]: aggregation }, + } = await search< + RawAggregatedIndicatorsResponse, + { dateRange: { from: number; to: number }; field: string } + >( searchService, { params: { index: selectedPatterns, body: searchRequestBody, }, + factoryQueryType: FactoryQueryType.Barchart, + dateRange: { + from: dateFrom, + to: dateTo, + }, + field, }, { signal, inspectorAdapter, requestName: 'Indicators barchart' } ); diff --git a/x-pack/plugins/threat_intelligence/public/modules/indicators/services/fetch_indicators.test.ts b/x-pack/plugins/threat_intelligence/public/modules/indicators/services/fetch_indicators.test.ts index 388b1c9c9e7c5..73cde89df4c74 100644 --- a/x-pack/plugins/threat_intelligence/public/modules/indicators/services/fetch_indicators.test.ts +++ b/x-pack/plugins/threat_intelligence/public/modules/indicators/services/fetch_indicators.test.ts @@ -9,6 +9,7 @@ import { mockedSearchService } from '../../../common/mocks/test_providers'; import { BehaviorSubject, throwError } from 'rxjs'; import { createFetchIndicators } from './fetch_indicators'; import { RequestAdapter } from '@kbn/inspector-plugin/common'; +import { FactoryQueryType } from '../../../../common/constants'; const indicatorsResponse = { rawResponse: { hits: { hits: [], total: 0 } } }; @@ -47,15 +48,12 @@ describe('FetchIndicatorsService', () => { fields: [{ field: '*', include_unmapped: true }], from: 0, query: expect.objectContaining({ bool: expect.anything() }), - runtime_mappings: { - 'threat.indicator.name': { script: expect.anything(), type: 'keyword' }, - 'threat.indicator.name_origin': { script: expect.anything(), type: 'keyword' }, - }, size: 25, sort: [], }, index: [], }, + factoryQueryType: FactoryQueryType.IndicatorGrid, }), expect.anything() ); diff --git a/x-pack/plugins/threat_intelligence/public/modules/indicators/services/fetch_indicators.ts b/x-pack/plugins/threat_intelligence/public/modules/indicators/services/fetch_indicators.ts index 0bdd5c52f4133..c8dfd374920c5 100644 --- a/x-pack/plugins/threat_intelligence/public/modules/indicators/services/fetch_indicators.ts +++ b/x-pack/plugins/threat_intelligence/public/modules/indicators/services/fetch_indicators.ts @@ -8,8 +8,10 @@ import { ISearchStart } from '@kbn/data-plugin/public'; import type { Filter, Query, TimeRange } from '@kbn/es-query'; import { RequestAdapter } from '@kbn/inspector-plugin/common'; -import { Indicator } from '../types'; -import { getIndicatorQueryParams, search } from '../utils'; +import { FactoryQueryType } from '../../../../common/constants'; +import { Indicator } from '../../../../common/types/indicator'; +import { getIndicatorQueryParams } from '../utils/get_indicator_query_params'; +import { search } from '../utils/search'; export interface RawIndicatorsResponse { hits: { @@ -75,6 +77,7 @@ export const createFetchIndicators = index: selectedPatterns, body: searchRequestBody, }, + factoryQueryType: FactoryQueryType.IndicatorGrid, }, { inspectorAdapter, requestName: 'Indicators table', signal } ); diff --git a/x-pack/plugins/threat_intelligence/public/modules/indicators/utils/field_value.test.ts b/x-pack/plugins/threat_intelligence/public/modules/indicators/utils/field_value.test.ts index 8c38d85955331..6bdbca5b51877 100644 --- a/x-pack/plugins/threat_intelligence/public/modules/indicators/utils/field_value.test.ts +++ b/x-pack/plugins/threat_intelligence/public/modules/indicators/utils/field_value.test.ts @@ -6,7 +6,10 @@ */ import { fieldAndValueValid, getIndicatorFieldAndValue } from './field_value'; -import { generateMockFileIndicator, generateMockUrlIndicator } from '../types'; +import { + generateMockFileIndicator, + generateMockUrlIndicator, +} from '../../../../common/types/indicator'; import { EMPTY_VALUE } from '../../../common/constants'; describe('field_value', () => { diff --git a/x-pack/plugins/threat_intelligence/public/modules/indicators/utils/field_value.ts b/x-pack/plugins/threat_intelligence/public/modules/indicators/utils/field_value.ts index 5756248a61f55..1211ebb48ffba 100644 --- a/x-pack/plugins/threat_intelligence/public/modules/indicators/utils/field_value.ts +++ b/x-pack/plugins/threat_intelligence/public/modules/indicators/utils/field_value.ts @@ -7,7 +7,7 @@ import { EMPTY_VALUE } from '../../../common/constants'; import { unwrapValue } from './unwrap_value'; -import { Indicator, RawIndicatorFieldId } from '../types'; +import { Indicator, RawIndicatorFieldId } from '../../../../common/types/indicator'; /** * Retrieves a field/value pair from an Indicator diff --git a/x-pack/plugins/threat_intelligence/public/modules/indicators/utils/get_indicator_query_params.ts b/x-pack/plugins/threat_intelligence/public/modules/indicators/utils/get_indicator_query_params.ts index cdf4e846c2ca2..4bd091195fd6c 100644 --- a/x-pack/plugins/threat_intelligence/public/modules/indicators/utils/get_indicator_query_params.ts +++ b/x-pack/plugins/threat_intelligence/public/modules/indicators/utils/get_indicator_query_params.ts @@ -7,13 +7,12 @@ import { buildEsQuery, Filter, Query, TimeRange } from '@kbn/es-query'; import { THREAT_QUERY_BASE } from '../../../common/constants'; -import { RawIndicatorFieldId } from '..'; -import { threatIndicatorNamesOriginScript, threatIndicatorNamesScript } from './display_name'; +import { RawIndicatorFieldId } from '../../../../common/types/indicator'; const TIMESTAMP_FIELD = RawIndicatorFieldId.TimeStamp; /** - * Prepare shared `runtime_mappings` and `query` fields used within indicator search request + * Prepare shared `query` fields used within indicator search request */ export const getIndicatorQueryParams = ({ filters, @@ -25,20 +24,6 @@ export const getIndicatorQueryParams = ({ timeRange?: TimeRange; }) => { return { - runtime_mappings: { - [RawIndicatorFieldId.Name]: { - type: 'keyword', - script: { - source: threatIndicatorNamesScript(), - }, - }, - [RawIndicatorFieldId.NameOrigin]: { - type: 'keyword', - script: { - source: threatIndicatorNamesOriginScript(), - }, - }, - } as const, query: buildEsQuery( undefined, [ diff --git a/x-pack/plugins/threat_intelligence/public/modules/indicators/utils/index.ts b/x-pack/plugins/threat_intelligence/public/modules/indicators/utils/index.ts index 9a542d2960bd1..04ca3df2a509e 100644 --- a/x-pack/plugins/threat_intelligence/public/modules/indicators/utils/index.ts +++ b/x-pack/plugins/threat_intelligence/public/modules/indicators/utils/index.ts @@ -5,10 +5,8 @@ * 2.0. */ -export * from './display_name'; export * from './field_value'; export * from './get_field_schema'; export * from './get_indicator_query_params'; -export * from './get_runtime_mappings'; export * from './search'; export * from './unwrap_value'; diff --git a/x-pack/plugins/threat_intelligence/public/modules/indicators/utils/search.ts b/x-pack/plugins/threat_intelligence/public/modules/indicators/utils/search.ts index 49cd371680ce0..92ede2d4f3d92 100644 --- a/x-pack/plugins/threat_intelligence/public/modules/indicators/utils/search.ts +++ b/x-pack/plugins/threat_intelligence/public/modules/indicators/utils/search.ts @@ -13,6 +13,7 @@ import { } from '@kbn/data-plugin/common'; import { ISearchStart } from '@kbn/data-plugin/public'; import { RequestAdapter } from '@kbn/inspector-plugin/common'; +import { THREAT_INTELLIGENCE_SEARCH_STRATEGY_NAME } from '../../../../common/constants'; interface SearchOptions { /** @@ -35,9 +36,9 @@ interface SearchOptions { * This is a searchService wrapper that will instrument your query with `inspector` and turn it into a Promise, * resolved when complete result set is returned or rejected on any error, other than Abort. */ -export const search = async ( +export const search = async ( searchService: ISearchStart, - searchRequest: IEsSearchRequest, + searchRequest: IEsSearchRequest & { factoryQueryType: string } & T, { inspectorAdapter, requestName, signal }: SearchOptions ): Promise => { const requestId = `${Date.now()}`; @@ -47,6 +48,7 @@ export const search = async ( searchService .search>(searchRequest, { abortSignal: signal, + strategy: THREAT_INTELLIGENCE_SEARCH_STRATEGY_NAME, }) .subscribe({ next: (response) => { diff --git a/x-pack/plugins/threat_intelligence/public/modules/indicators/utils/unwrap_value.test.ts b/x-pack/plugins/threat_intelligence/public/modules/indicators/utils/unwrap_value.test.ts index 85d2e9b147871..8edb6b5397209 100644 --- a/x-pack/plugins/threat_intelligence/public/modules/indicators/utils/unwrap_value.test.ts +++ b/x-pack/plugins/threat_intelligence/public/modules/indicators/utils/unwrap_value.test.ts @@ -5,7 +5,7 @@ * 2.0. */ -import { RawIndicatorFieldId } from '../types'; +import { RawIndicatorFieldId } from '../../../../common/types/indicator'; import { unwrapValue } from './unwrap_value'; describe('unwrapValue()', () => { diff --git a/x-pack/plugins/threat_intelligence/public/modules/indicators/utils/unwrap_value.ts b/x-pack/plugins/threat_intelligence/public/modules/indicators/utils/unwrap_value.ts index a79e17c99c498..8d3ef63ec9f0b 100644 --- a/x-pack/plugins/threat_intelligence/public/modules/indicators/utils/unwrap_value.ts +++ b/x-pack/plugins/threat_intelligence/public/modules/indicators/utils/unwrap_value.ts @@ -5,7 +5,7 @@ * 2.0. */ -import { Indicator, RawIndicatorFieldId } from '../types'; +import { Indicator, RawIndicatorFieldId } from '../../../../common/types/indicator'; /** * Unpacks field value from raw indicator fields. Will return null if fields are missing entirely diff --git a/x-pack/plugins/threat_intelligence/public/modules/query_bar/components/filter_in/filter_in.stories.tsx b/x-pack/plugins/threat_intelligence/public/modules/query_bar/components/filter_in/filter_in.stories.tsx index 7ce8a72c17516..6c0619492cac1 100644 --- a/x-pack/plugins/threat_intelligence/public/modules/query_bar/components/filter_in/filter_in.stories.tsx +++ b/x-pack/plugins/threat_intelligence/public/modules/query_bar/components/filter_in/filter_in.stories.tsx @@ -10,7 +10,8 @@ import { Story } from '@storybook/react'; import { EuiContextMenuPanel, EuiDataGrid, EuiDataGridColumn } from '@elastic/eui'; import { EuiDataGridColumnVisibility } from '@elastic/eui/src/components/datagrid/data_grid_types'; import { mockIndicatorsFiltersContext } from '../../../../common/mocks/mock_indicators_filters_context'; -import { generateMockIndicator, Indicator, IndicatorsFiltersContext } from '../../../indicators'; +import { IndicatorsFiltersContext } from '../../../indicators'; +import { generateMockIndicator, Indicator } from '../../../../../common/types/indicator'; import { FilterInButtonIcon, FilterInCellAction, FilterInContextMenu } from '.'; export default { diff --git a/x-pack/plugins/threat_intelligence/public/modules/query_bar/components/filter_in/filter_in.test.tsx b/x-pack/plugins/threat_intelligence/public/modules/query_bar/components/filter_in/filter_in.test.tsx index 9273ea007cb43..0bcb4d0a33581 100644 --- a/x-pack/plugins/threat_intelligence/public/modules/query_bar/components/filter_in/filter_in.test.tsx +++ b/x-pack/plugins/threat_intelligence/public/modules/query_bar/components/filter_in/filter_in.test.tsx @@ -8,7 +8,8 @@ import React, { FunctionComponent } from 'react'; import { render } from '@testing-library/react'; import { EuiButtonIcon } from '@elastic/eui'; -import { generateMockIndicator, Indicator, useIndicatorsFiltersContext } from '../../../indicators'; +import { useIndicatorsFiltersContext } from '../../../indicators'; +import { generateMockIndicator, Indicator } from '../../../../../common/types/indicator'; import { mockIndicatorsFiltersContext } from '../../../../common/mocks/mock_indicators_filters_context'; import { FilterInButtonEmpty, diff --git a/x-pack/plugins/threat_intelligence/public/modules/query_bar/components/filter_in/filter_in.tsx b/x-pack/plugins/threat_intelligence/public/modules/query_bar/components/filter_in/filter_in.tsx index 43fb9d06a79da..f87bb0813249d 100644 --- a/x-pack/plugins/threat_intelligence/public/modules/query_bar/components/filter_in/filter_in.tsx +++ b/x-pack/plugins/threat_intelligence/public/modules/query_bar/components/filter_in/filter_in.tsx @@ -10,7 +10,7 @@ import { i18n } from '@kbn/i18n'; import { EuiButtonEmpty, EuiButtonIcon, EuiContextMenuItem, EuiToolTip } from '@elastic/eui'; import { useFilterInOut } from '../../hooks'; import { FilterIn } from '../../utils'; -import { Indicator } from '../../../indicators'; +import { Indicator } from '../../../../../common/types/indicator'; import { useStyles } from './styles'; const ICON_TYPE = 'plusInCircle'; diff --git a/x-pack/plugins/threat_intelligence/public/modules/query_bar/components/filter_out/filter_out.stories.tsx b/x-pack/plugins/threat_intelligence/public/modules/query_bar/components/filter_out/filter_out.stories.tsx index 93cba542f8988..1585741bfbfa7 100644 --- a/x-pack/plugins/threat_intelligence/public/modules/query_bar/components/filter_out/filter_out.stories.tsx +++ b/x-pack/plugins/threat_intelligence/public/modules/query_bar/components/filter_out/filter_out.stories.tsx @@ -10,7 +10,8 @@ import { Story } from '@storybook/react'; import { EuiContextMenuPanel, EuiDataGrid, EuiDataGridColumn } from '@elastic/eui'; import { EuiDataGridColumnVisibility } from '@elastic/eui/src/components/datagrid/data_grid_types'; import { mockIndicatorsFiltersContext } from '../../../../common/mocks/mock_indicators_filters_context'; -import { generateMockIndicator, Indicator, IndicatorsFiltersContext } from '../../../indicators'; +import { IndicatorsFiltersContext } from '../../../indicators'; +import { generateMockIndicator, Indicator } from '../../../../../common/types/indicator'; import { FilterOutButtonIcon, FilterOutCellAction, FilterOutContextMenu } from '.'; export default { diff --git a/x-pack/plugins/threat_intelligence/public/modules/query_bar/components/filter_out/filter_out.test.tsx b/x-pack/plugins/threat_intelligence/public/modules/query_bar/components/filter_out/filter_out.test.tsx index 0f58416a25a82..ff9997960ef8f 100644 --- a/x-pack/plugins/threat_intelligence/public/modules/query_bar/components/filter_out/filter_out.test.tsx +++ b/x-pack/plugins/threat_intelligence/public/modules/query_bar/components/filter_out/filter_out.test.tsx @@ -8,7 +8,8 @@ import React, { FunctionComponent } from 'react'; import { render } from '@testing-library/react'; import { EuiButtonIcon } from '@elastic/eui'; -import { generateMockIndicator, Indicator, useIndicatorsFiltersContext } from '../../../indicators'; +import { useIndicatorsFiltersContext } from '../../../indicators'; +import { generateMockIndicator, Indicator } from '../../../../../common/types/indicator'; import { mockIndicatorsFiltersContext } from '../../../../common/mocks/mock_indicators_filters_context'; import { FilterOutButtonEmpty, diff --git a/x-pack/plugins/threat_intelligence/public/modules/query_bar/components/filter_out/filter_out.tsx b/x-pack/plugins/threat_intelligence/public/modules/query_bar/components/filter_out/filter_out.tsx index b2ed00a6f0f55..590cee62b1e26 100644 --- a/x-pack/plugins/threat_intelligence/public/modules/query_bar/components/filter_out/filter_out.tsx +++ b/x-pack/plugins/threat_intelligence/public/modules/query_bar/components/filter_out/filter_out.tsx @@ -10,7 +10,7 @@ import { i18n } from '@kbn/i18n'; import { EuiButtonEmpty, EuiButtonIcon, EuiContextMenuItem, EuiToolTip } from '@elastic/eui'; import { useFilterInOut } from '../../hooks'; import { FilterOut } from '../../utils'; -import { Indicator } from '../../../indicators'; +import { Indicator } from '../../../../../common/types/indicator'; import { useStyles } from './styles'; const ICON_TYPE = 'minusInCircle'; diff --git a/x-pack/plugins/threat_intelligence/public/modules/query_bar/hooks/use_filter_in_out.test.ts b/x-pack/plugins/threat_intelligence/public/modules/query_bar/hooks/use_filter_in_out.test.ts index bd301c3b8d7c8..369c6758df278 100644 --- a/x-pack/plugins/threat_intelligence/public/modules/query_bar/hooks/use_filter_in_out.test.ts +++ b/x-pack/plugins/threat_intelligence/public/modules/query_bar/hooks/use_filter_in_out.test.ts @@ -6,7 +6,11 @@ */ import { Renderer, renderHook, RenderHookResult } from '@testing-library/react-hooks'; -import { generateMockIndicator, generateMockUrlIndicator, Indicator } from '../../indicators'; +import { + generateMockIndicator, + generateMockUrlIndicator, + Indicator, +} from '../../../../common/types/indicator'; import { TestProvidersComponent } from '../../../common/mocks/test_providers'; import { useFilterInOut, UseFilterInValue } from '.'; import { FilterIn } from '../utils'; diff --git a/x-pack/plugins/threat_intelligence/public/modules/query_bar/hooks/use_filter_in_out.ts b/x-pack/plugins/threat_intelligence/public/modules/query_bar/hooks/use_filter_in_out.ts index d869271025d7d..d45a5e3dd231f 100644 --- a/x-pack/plugins/threat_intelligence/public/modules/query_bar/hooks/use_filter_in_out.ts +++ b/x-pack/plugins/threat_intelligence/public/modules/query_bar/hooks/use_filter_in_out.ts @@ -10,9 +10,9 @@ import { Filter } from '@kbn/es-query'; import { fieldAndValueValid, getIndicatorFieldAndValue, - Indicator, useIndicatorsFiltersContext, } from '../../indicators'; +import { Indicator } from '../../../../common/types/indicator'; import { FilterIn, FilterOut, updateFiltersArray } from '../utils'; export interface UseFilterInParam { diff --git a/x-pack/plugins/threat_intelligence/public/modules/timeline/components/add_to_timeline/add_to_timeline.stories.tsx b/x-pack/plugins/threat_intelligence/public/modules/timeline/components/add_to_timeline/add_to_timeline.stories.tsx index 2f5cb1707388e..eef3b90782f6b 100644 --- a/x-pack/plugins/threat_intelligence/public/modules/timeline/components/add_to_timeline/add_to_timeline.stories.tsx +++ b/x-pack/plugins/threat_intelligence/public/modules/timeline/components/add_to_timeline/add_to_timeline.stories.tsx @@ -11,7 +11,7 @@ import { CoreStart } from '@kbn/core/public'; import { createKibanaReactContext } from '@kbn/kibana-react-plugin/public'; import { EuiContextMenuPanel } from '@elastic/eui'; import { mockKibanaTimelinesService } from '../../../../common/mocks/mock_kibana_timelines_service'; -import { generateMockIndicator, Indicator } from '../../../indicators'; +import { generateMockIndicator, Indicator } from '../../../../../common/types/indicator'; import { AddToTimelineButtonIcon, AddToTimelineContextMenu } from '.'; export default { diff --git a/x-pack/plugins/threat_intelligence/public/modules/timeline/components/add_to_timeline/add_to_timeline.test.tsx b/x-pack/plugins/threat_intelligence/public/modules/timeline/components/add_to_timeline/add_to_timeline.test.tsx index c69336cfa27a6..2147987b9e1c1 100644 --- a/x-pack/plugins/threat_intelligence/public/modules/timeline/components/add_to_timeline/add_to_timeline.test.tsx +++ b/x-pack/plugins/threat_intelligence/public/modules/timeline/components/add_to_timeline/add_to_timeline.test.tsx @@ -7,7 +7,7 @@ import React from 'react'; import { render } from '@testing-library/react'; -import { generateMockIndicator, Indicator } from '../../../indicators'; +import { generateMockIndicator, Indicator } from '../../../../../common/types/indicator'; import { EMPTY_VALUE } from '../../../../common/constants'; import { AddToTimelineButtonIcon } from '.'; import { TestProvidersComponent } from '../../../../common/mocks/test_providers'; diff --git a/x-pack/plugins/threat_intelligence/public/modules/timeline/components/add_to_timeline/add_to_timeline.tsx b/x-pack/plugins/threat_intelligence/public/modules/timeline/components/add_to_timeline/add_to_timeline.tsx index 98b46b8cd9e0d..d15c06426311f 100644 --- a/x-pack/plugins/threat_intelligence/public/modules/timeline/components/add_to_timeline/add_to_timeline.tsx +++ b/x-pack/plugins/threat_intelligence/public/modules/timeline/components/add_to_timeline/add_to_timeline.tsx @@ -17,7 +17,8 @@ import { } from '@elastic/eui'; import { i18n } from '@kbn/i18n'; import { generateDataProvider } from '../../utils'; -import { fieldAndValueValid, getIndicatorFieldAndValue, Indicator } from '../../../indicators'; +import { fieldAndValueValid, getIndicatorFieldAndValue } from '../../../indicators'; +import { Indicator } from '../../../../../common/types/indicator'; import { useKibana } from '../../../../hooks'; import { useStyles } from './styles'; import { useAddToTimeline } from '../../hooks'; diff --git a/x-pack/plugins/threat_intelligence/public/modules/timeline/components/investigate_in_timeline/investigate_in_timeline.stories.tsx b/x-pack/plugins/threat_intelligence/public/modules/timeline/components/investigate_in_timeline/investigate_in_timeline.stories.tsx index 572675e9d2328..08fe4b782c2c0 100644 --- a/x-pack/plugins/threat_intelligence/public/modules/timeline/components/investigate_in_timeline/investigate_in_timeline.stories.tsx +++ b/x-pack/plugins/threat_intelligence/public/modules/timeline/components/investigate_in_timeline/investigate_in_timeline.stories.tsx @@ -8,7 +8,7 @@ import React from 'react'; import { Story } from '@storybook/react'; import { StoryProvidersComponent } from '../../../../common/mocks/story_providers'; -import { generateMockUrlIndicator } from '../../../indicators'; +import { generateMockUrlIndicator } from '../../../../../common/types/indicator'; import { InvestigateInTimelineButton, InvestigateInTimelineButtonIcon } from '.'; export default { diff --git a/x-pack/plugins/threat_intelligence/public/modules/timeline/components/investigate_in_timeline/investigate_in_timeline.test.tsx b/x-pack/plugins/threat_intelligence/public/modules/timeline/components/investigate_in_timeline/investigate_in_timeline.test.tsx index c155fba23a0f0..81850d049d830 100644 --- a/x-pack/plugins/threat_intelligence/public/modules/timeline/components/investigate_in_timeline/investigate_in_timeline.test.tsx +++ b/x-pack/plugins/threat_intelligence/public/modules/timeline/components/investigate_in_timeline/investigate_in_timeline.test.tsx @@ -7,7 +7,11 @@ import React from 'react'; import { render } from '@testing-library/react'; -import { generateMockIndicator, generateMockUrlIndicator, Indicator } from '../../../indicators'; +import { + generateMockIndicator, + generateMockUrlIndicator, + Indicator, +} from '../../../../../common/types/indicator'; import { TestProvidersComponent } from '../../../../common/mocks/test_providers'; import { InvestigateInTimelineButton, InvestigateInTimelineButtonIcon } from '.'; import { EMPTY_VALUE } from '../../../../common/constants'; diff --git a/x-pack/plugins/threat_intelligence/public/modules/timeline/components/investigate_in_timeline/investigate_in_timeline.tsx b/x-pack/plugins/threat_intelligence/public/modules/timeline/components/investigate_in_timeline/investigate_in_timeline.tsx index 2ded440b80c41..c99c02ac8f8a2 100644 --- a/x-pack/plugins/threat_intelligence/public/modules/timeline/components/investigate_in_timeline/investigate_in_timeline.tsx +++ b/x-pack/plugins/threat_intelligence/public/modules/timeline/components/investigate_in_timeline/investigate_in_timeline.tsx @@ -10,7 +10,7 @@ import { EuiButton, EuiButtonIcon, EuiToolTip } from '@elastic/eui'; import { FormattedMessage } from '@kbn/i18n-react'; import { i18n } from '@kbn/i18n'; import { useInvestigateInTimeline } from '../../hooks'; -import { Indicator } from '../../../indicators'; +import { Indicator } from '../../../../../common/types/indicator'; const BUTTON_ICON_LABEL: string = i18n.translate( 'xpack.threatIntelligence.timeline.investigateInTimelineButtonIcon', diff --git a/x-pack/plugins/threat_intelligence/public/modules/timeline/hooks/use_add_to_timeline.test.tsx b/x-pack/plugins/threat_intelligence/public/modules/timeline/hooks/use_add_to_timeline.test.tsx index 94c7914c98698..f77219f7f5c6d 100644 --- a/x-pack/plugins/threat_intelligence/public/modules/timeline/hooks/use_add_to_timeline.test.tsx +++ b/x-pack/plugins/threat_intelligence/public/modules/timeline/hooks/use_add_to_timeline.test.tsx @@ -7,7 +7,11 @@ import { EMPTY_VALUE } from '../../../common/constants'; import { Renderer, renderHook, RenderHookResult } from '@testing-library/react-hooks'; -import { generateMockIndicator, generateMockUrlIndicator, Indicator } from '../../indicators'; +import { + generateMockIndicator, + generateMockUrlIndicator, + Indicator, +} from '../../../../common/types/indicator'; import { TestProvidersComponent } from '../../../common/mocks/test_providers'; import { useAddToTimeline, UseAddToTimelineValue } from '.'; diff --git a/x-pack/plugins/threat_intelligence/public/modules/timeline/hooks/use_add_to_timeline.ts b/x-pack/plugins/threat_intelligence/public/modules/timeline/hooks/use_add_to_timeline.ts index 0cc0daf1a40d8..f23866ac5e3ea 100644 --- a/x-pack/plugins/threat_intelligence/public/modules/timeline/hooks/use_add_to_timeline.ts +++ b/x-pack/plugins/threat_intelligence/public/modules/timeline/hooks/use_add_to_timeline.ts @@ -8,7 +8,8 @@ import { DataProvider } from '@kbn/timelines-plugin/common'; import { AddToTimelineButtonProps } from '@kbn/timelines-plugin/public'; import { generateDataProvider } from '../utils'; -import { fieldAndValueValid, getIndicatorFieldAndValue, Indicator } from '../../indicators'; +import { fieldAndValueValid, getIndicatorFieldAndValue } from '../../indicators'; +import { Indicator } from '../../../../common/types/indicator'; export interface UseAddToTimelineParam { /** diff --git a/x-pack/plugins/threat_intelligence/public/modules/timeline/hooks/use_investigate_in_timeline.test.tsx b/x-pack/plugins/threat_intelligence/public/modules/timeline/hooks/use_investigate_in_timeline.test.tsx index 661d8188eb878..b8c45e2095204 100644 --- a/x-pack/plugins/threat_intelligence/public/modules/timeline/hooks/use_investigate_in_timeline.test.tsx +++ b/x-pack/plugins/threat_intelligence/public/modules/timeline/hooks/use_investigate_in_timeline.test.tsx @@ -7,7 +7,11 @@ import { Renderer, renderHook, RenderHookResult } from '@testing-library/react-hooks'; import { useInvestigateInTimeline, UseInvestigateInTimelineValue } from '.'; -import { generateMockIndicator, generateMockUrlIndicator, Indicator } from '../../indicators'; +import { + generateMockIndicator, + generateMockUrlIndicator, + Indicator, +} from '../../../../common/types/indicator'; import { TestProvidersComponent } from '../../../common/mocks/test_providers'; describe('useInvestigateInTimeline()', () => { diff --git a/x-pack/plugins/threat_intelligence/public/modules/timeline/hooks/use_investigate_in_timeline.ts b/x-pack/plugins/threat_intelligence/public/modules/timeline/hooks/use_investigate_in_timeline.ts index 5717b831d7951..d656976cfa4b2 100644 --- a/x-pack/plugins/threat_intelligence/public/modules/timeline/hooks/use_investigate_in_timeline.ts +++ b/x-pack/plugins/threat_intelligence/public/modules/timeline/hooks/use_investigate_in_timeline.ts @@ -10,14 +10,12 @@ import moment from 'moment'; import { DataProvider } from '@kbn/timelines-plugin/common'; import { generateDataProvider } from '../utils'; import { SecuritySolutionContext } from '../../../containers/security_solution_context'; +import { fieldAndValueValid, getIndicatorFieldAndValue, unwrapValue } from '../../indicators'; import { - fieldAndValueValid, - getIndicatorFieldAndValue, Indicator, IndicatorFieldEventEnrichmentMap, RawIndicatorFieldId, - unwrapValue, -} from '../../indicators'; +} from '../../../../common/types/indicator'; export interface UseInvestigateInTimelineParam { /** diff --git a/x-pack/plugins/threat_intelligence/public/modules/indicators/types/index.ts b/x-pack/plugins/threat_intelligence/server/index.ts similarity index 52% rename from x-pack/plugins/threat_intelligence/public/modules/indicators/types/index.ts rename to x-pack/plugins/threat_intelligence/server/index.ts index 4ea5306322ded..c658a352a6077 100644 --- a/x-pack/plugins/threat_intelligence/public/modules/indicators/types/index.ts +++ b/x-pack/plugins/threat_intelligence/server/index.ts @@ -5,4 +5,9 @@ * 2.0. */ -export * from './indicator'; +import { PluginInitializerContext } from '@kbn/core/server'; +import { ThreatIntelligencePlugin } from './plugin'; + +export const plugin = (context: PluginInitializerContext) => { + return new ThreatIntelligencePlugin(context); +}; diff --git a/x-pack/plugins/threat_intelligence/server/plugin.ts b/x-pack/plugins/threat_intelligence/server/plugin.ts new file mode 100644 index 0000000000000..731659208dacc --- /dev/null +++ b/x-pack/plugins/threat_intelligence/server/plugin.ts @@ -0,0 +1,54 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import type { PluginInitializerContext, Logger } from '@kbn/core/server'; +import { THREAT_INTELLIGENCE_SEARCH_STRATEGY_NAME } from '../common/constants'; +import { + IThreatIntelligencePlugin, + ThreatIntelligencePluginCoreSetupDependencies, + ThreatIntelligencePluginSetupDependencies, +} from './types'; +import { threatIntelligenceSearchStrategyProvider } from './search_strategy'; + +export class ThreatIntelligencePlugin implements IThreatIntelligencePlugin { + private readonly logger: Logger; + + constructor(context: PluginInitializerContext) { + this.logger = context.logger.get(); + } + + setup( + core: ThreatIntelligencePluginCoreSetupDependencies, + plugins: ThreatIntelligencePluginSetupDependencies + ) { + this.logger.debug('setup'); + + core.getStartServices().then(([_, { data: dataStartService }]) => { + const threatIntelligenceSearchStrategy = + threatIntelligenceSearchStrategyProvider(dataStartService); + + plugins.data.search.registerSearchStrategy( + THREAT_INTELLIGENCE_SEARCH_STRATEGY_NAME, + threatIntelligenceSearchStrategy + ); + + this.logger.debug(`search strategy "${THREAT_INTELLIGENCE_SEARCH_STRATEGY_NAME}" registered`); + }); + + return {}; + } + + start() { + this.logger.debug('start'); + + return {}; + } + + stop() { + this.logger.debug('stop'); + } +} diff --git a/x-pack/plugins/threat_intelligence/server/search_strategy.ts b/x-pack/plugins/threat_intelligence/server/search_strategy.ts new file mode 100644 index 0000000000000..0ea7a7a9458a8 --- /dev/null +++ b/x-pack/plugins/threat_intelligence/server/search_strategy.ts @@ -0,0 +1,110 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { + ENHANCED_ES_SEARCH_STRATEGY, + IEsSearchRequest, + ISearchRequestParams, +} from '@kbn/data-plugin/common'; +import { ISearchStrategy, PluginStart, shimHitsTotal } from '@kbn/data-plugin/server'; +import { map } from 'rxjs/operators'; +import { BARCHART_AGGREGATION_NAME, FactoryQueryType } from '../common/constants'; +import { RawIndicatorFieldId } from '../common/types/indicator'; +import { calculateBarchartColumnTimeInterval } from './utils/calculate_barchart_time_interval'; +import { createRuntimeMappings } from './utils/get_indicator_query_params'; + +const TIMESTAMP_FIELD = RawIndicatorFieldId.TimeStamp; + +function isObj(req: unknown): req is Record { + return typeof req === 'object' && req !== null; +} + +function assertValidRequestType(req: unknown): asserts req is Record { + if (!isObj(req) || req.factoryQueryType == null) { + throw new Error('factoryQueryType is required'); + } +} + +type BarchartAggregationRequest = IEsSearchRequest & { + dateRange: { + from: number; + to: number; + }; + field: string; +}; + +function isBarchartRequest(req: unknown): req is BarchartAggregationRequest { + return isObj(req) && req.factoryQueryType === FactoryQueryType.Barchart; +} + +const getAggregationsQuery = (request: BarchartAggregationRequest) => { + const { + dateRange: { from: min, to: max }, + field, + } = request; + + const interval = calculateBarchartColumnTimeInterval(min, max); + + return { + aggregations: { + [BARCHART_AGGREGATION_NAME]: { + terms: { + field, + }, + aggs: { + events: { + date_histogram: { + field: TIMESTAMP_FIELD, + fixed_interval: interval, + min_doc_count: 0, + extended_bounds: { + min, + max, + }, + }, + }, + }, + }, + }, + fields: [TIMESTAMP_FIELD, field], + size: 0, + }; +}; + +export const threatIntelligenceSearchStrategyProvider = (data: PluginStart): ISearchStrategy => { + const es = data.search.getSearchStrategy(ENHANCED_ES_SEARCH_STRATEGY); + + return { + search: (request, options, deps) => { + assertValidRequestType(request); + + const runtimeMappings = createRuntimeMappings(); + + const dsl = { + ...request.params, + runtime_mappings: runtimeMappings, + ...(isBarchartRequest(request) ? getAggregationsQuery(request) : {}), + } as unknown as ISearchRequestParams; + + return es.search({ ...request, params: dsl }, options, deps).pipe( + map((response) => { + return { + ...response, + ...{ + rawResponse: shimHitsTotal(response.rawResponse, options), + }, + }; + }) + ); + }, + cancel: async (id, options, deps) => { + if (es.cancel) { + return es.cancel(id, options, deps); + } + }, + }; +}; diff --git a/x-pack/plugins/threat_intelligence/server/types.ts b/x-pack/plugins/threat_intelligence/server/types.ts new file mode 100644 index 0000000000000..a9ad87a3f27c5 --- /dev/null +++ b/x-pack/plugins/threat_intelligence/server/types.ts @@ -0,0 +1,32 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { CoreSetup, CoreStart, Plugin } from '@kbn/core/server'; + +import { DataPluginSetup, DataPluginStart } from '@kbn/data-plugin/server/plugin'; + +export interface ThreatIntelligencePluginSetupDependencies { + data: DataPluginSetup; +} + +export interface ThreatIntelligencePluginStartDependencies { + data: DataPluginStart; +} + +export type ThreatIntelligencePluginCoreSetupDependencies = CoreSetup< + ThreatIntelligencePluginStartDependencies, + {} +>; + +export type ThreatIntelligencePluginCoreStartDependencies = CoreStart; + +export type IThreatIntelligencePlugin = Plugin< + {}, + {}, + ThreatIntelligencePluginSetupDependencies, + ThreatIntelligencePluginStartDependencies +>; diff --git a/x-pack/plugins/threat_intelligence/server/utils/calculate_barchart_time_interval.test.ts b/x-pack/plugins/threat_intelligence/server/utils/calculate_barchart_time_interval.test.ts new file mode 100644 index 0000000000000..98f705bf9d111 --- /dev/null +++ b/x-pack/plugins/threat_intelligence/server/utils/calculate_barchart_time_interval.test.ts @@ -0,0 +1,39 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import moment from 'moment'; +import { calculateBarchartColumnTimeInterval } from './calculate_barchart_time_interval'; + +const mockValidStringDate = '1 Jan 2022 00:00:00 GMT'; + +describe('calculateBarchartTimeInterval', () => { + it('should handle number dates', () => { + const from = moment(mockValidStringDate).valueOf(); + const to = moment(mockValidStringDate).add(1, 'days').valueOf(); + + const interval = calculateBarchartColumnTimeInterval(from, to); + expect(interval).toContain('ms'); + expect(parseInt(interval, 10) > 0).toBeTruthy(); + }); + + it('should handle moment dates', () => { + const from = moment(mockValidStringDate); + const to = moment(mockValidStringDate).add(1, 'days'); + + const interval = calculateBarchartColumnTimeInterval(from, to); + expect(interval).toContain('ms'); + expect(parseInt(interval, 10) > 0).toBeTruthy(); + }); + + it('should handle dateTo older than dateFrom', () => { + const from = moment(mockValidStringDate).add(1, 'days'); + const to = moment(mockValidStringDate); + + const interval = calculateBarchartColumnTimeInterval(from, to); + expect(parseInt(interval, 10) > 0).toBeFalsy(); + }); +}); diff --git a/x-pack/plugins/threat_intelligence/server/utils/calculate_barchart_time_interval.ts b/x-pack/plugins/threat_intelligence/server/utils/calculate_barchart_time_interval.ts new file mode 100644 index 0000000000000..111e47bb6d193 --- /dev/null +++ b/x-pack/plugins/threat_intelligence/server/utils/calculate_barchart_time_interval.ts @@ -0,0 +1,27 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import moment from 'moment'; + +export const BARCHART_NUMBER_OF_COLUMNS = 16; + +/** + * Calculates the time interval in ms for a specific number of columns + * @param dateFrom Min (older) date for the barchart + * @param dateTo Max (newer) date for the barchart + * @param numberOfColumns Desired number of columns (defaulted to {@link BARCHART_NUMBER_OF_COLUMNS}) + * @returns The interval in ms for a column (for example '100000ms') + */ +export const calculateBarchartColumnTimeInterval = ( + dateFrom: number | moment.Moment, + dateTo: number | moment.Moment, + numberOfColumns = BARCHART_NUMBER_OF_COLUMNS +): string => { + const from: number = moment.isMoment(dateFrom) ? dateFrom.valueOf() : dateFrom; + const to: number = moment.isMoment(dateTo) ? dateTo.valueOf() : dateTo; + return `${Math.floor(moment(to).diff(moment(from)) / numberOfColumns)}ms`; +}; diff --git a/x-pack/plugins/threat_intelligence/server/utils/get_indicator_query_params.ts b/x-pack/plugins/threat_intelligence/server/utils/get_indicator_query_params.ts new file mode 100644 index 0000000000000..5142c543c1871 --- /dev/null +++ b/x-pack/plugins/threat_intelligence/server/utils/get_indicator_query_params.ts @@ -0,0 +1,27 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { RawIndicatorFieldId } from '../../common/types/indicator'; +import { threatIndicatorNamesOriginScript, threatIndicatorNamesScript } from './indicator_name'; + +/** + * Prepare `runtime_mappings` used within TI search + */ +export const createRuntimeMappings = () => ({ + [RawIndicatorFieldId.Name]: { + type: 'keyword', + script: { + source: threatIndicatorNamesScript(), + }, + }, + [RawIndicatorFieldId.NameOrigin]: { + type: 'keyword', + script: { + source: threatIndicatorNamesOriginScript(), + }, + }, +}); diff --git a/x-pack/plugins/threat_intelligence/public/modules/indicators/utils/get_runtime_mappings.ts b/x-pack/plugins/threat_intelligence/server/utils/get_runtime_mappings.ts similarity index 95% rename from x-pack/plugins/threat_intelligence/public/modules/indicators/utils/get_runtime_mappings.ts rename to x-pack/plugins/threat_intelligence/server/utils/get_runtime_mappings.ts index ed62b18e7c9b2..36380ffeaf0ab 100644 --- a/x-pack/plugins/threat_intelligence/public/modules/indicators/utils/get_runtime_mappings.ts +++ b/x-pack/plugins/threat_intelligence/server/utils/get_runtime_mappings.ts @@ -5,7 +5,7 @@ * 2.0. */ -import { threatIndicatorNamesOriginScript, threatIndicatorNamesScript } from './display_name'; +import { threatIndicatorNamesOriginScript, threatIndicatorNamesScript } from './indicator_name'; export const getRuntimeMappings = () => ({ diff --git a/x-pack/plugins/threat_intelligence/public/modules/indicators/utils/display_name.test.ts b/x-pack/plugins/threat_intelligence/server/utils/indicator_name.test.ts similarity index 99% rename from x-pack/plugins/threat_intelligence/public/modules/indicators/utils/display_name.test.ts rename to x-pack/plugins/threat_intelligence/server/utils/indicator_name.test.ts index cfc7f73a8d7f3..a3b11eed667c4 100644 --- a/x-pack/plugins/threat_intelligence/public/modules/indicators/utils/display_name.test.ts +++ b/x-pack/plugins/threat_intelligence/server/utils/indicator_name.test.ts @@ -5,7 +5,7 @@ * 2.0. */ -import { threatIndicatorNamesOriginScript, threatIndicatorNamesScript } from './display_name'; +import { threatIndicatorNamesOriginScript, threatIndicatorNamesScript } from './indicator_name'; describe('display name generation', () => { describe('threatIndicatorNamesScript()', () => { diff --git a/x-pack/plugins/threat_intelligence/public/modules/indicators/utils/display_name.ts b/x-pack/plugins/threat_intelligence/server/utils/indicator_name.ts similarity index 98% rename from x-pack/plugins/threat_intelligence/public/modules/indicators/utils/display_name.ts rename to x-pack/plugins/threat_intelligence/server/utils/indicator_name.ts index 31a149322efa9..60486ab767a80 100644 --- a/x-pack/plugins/threat_intelligence/public/modules/indicators/utils/display_name.ts +++ b/x-pack/plugins/threat_intelligence/server/utils/indicator_name.ts @@ -6,7 +6,7 @@ */ import dedent from 'dedent'; -import { RawIndicatorFieldId } from '../types'; +import { RawIndicatorFieldId } from '../../common/types/indicator'; /** * Mapping connects one ore more types to field values that should be used to generate threat.indicator.name field. diff --git a/x-pack/plugins/threat_intelligence/tsconfig.json b/x-pack/plugins/threat_intelligence/tsconfig.json index aea4550210c13..ccdf417105b16 100644 --- a/x-pack/plugins/threat_intelligence/tsconfig.json +++ b/x-pack/plugins/threat_intelligence/tsconfig.json @@ -4,12 +4,15 @@ "outDir": "./target/types", "emitDeclarationOnly": true, "declaration": true, + "declarationMap": true }, "include": [ "common/**/*", "public/**/*", + "server/**/*", "scripts/**/*", "public/**/*.json", + "server/**/*.json", "../../../typings/**/*" ], "kbn_references": [