Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
21 commits
Select commit Hold shift + click to select a range
ce55940
fix to error when searching within session view. changed user.name to…
mitodrummer Apr 13, 2023
45c281b
Merge branch 'main' into session_view_and_k8s_fixes
mitodrummer Apr 13, 2023
35cccc6
fixed issue where event.category is handled as an array (for endpoint…
mitodrummer Apr 13, 2023
832b8c8
collapse all feature implemented. also sticky session leader :)
mitodrummer Apr 14, 2023
a2f68d0
[CI] Auto-commit changed files from 'node scripts/lint_ts_projects --…
kibanamachine Apr 14, 2023
e244e7f
cleanup
mitodrummer Apr 14, 2023
b127051
Merge branch 'session_view_and_k8s_fixes' of github.com:mitodrummer/k…
mitodrummer Apr 14, 2023
9b900c4
cleanup
mitodrummer Apr 14, 2023
185094a
CODEOWNERS updated for both session_view and k8s dashboard
mitodrummer Apr 15, 2023
bf095dc
[CI] Auto-commit changed files from 'node scripts/generate codeowners'
kibanamachine Apr 15, 2023
3a67040
type fix
mitodrummer Apr 15, 2023
21627fe
Merge branch 'session_view_and_k8s_fixes' of github.com:mitodrummer/k…
mitodrummer Apr 15, 2023
143a25c
code owners updated for k8s dash and session view
mitodrummer Apr 15, 2023
995be8b
removed unused translations
mitodrummer Apr 15, 2023
48c2428
Merge branch 'main' into session_view_and_k8s_fixes
mitodrummer Apr 15, 2023
e0fe3da
test / snapshot fixes
mitodrummer Apr 15, 2023
7cc316c
Merge branch 'session_view_and_k8s_fixes' of github.com:mitodrummer/k…
mitodrummer Apr 15, 2023
1cb6979
cleanup
mitodrummer Apr 15, 2023
f56f55d
sessionLeaderName and processUserId removed (wont be implemented in v1)
mitodrummer Apr 17, 2023
63bcf7c
added badge to show when a selector is not being used by a response
mitodrummer Apr 17, 2023
115e7ee
polish
mitodrummer Apr 17, 2023
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 4 additions & 4 deletions .github/CODEOWNERS
Original file line number Diff line number Diff line change
Expand Up @@ -431,7 +431,7 @@ src/plugins/kibana_overview @elastic/appex-sharedux
src/plugins/kibana_react @elastic/appex-sharedux
src/plugins/kibana_usage_collection @elastic/kibana-core
src/plugins/kibana_utils @elastic/kibana-app-services
x-pack/plugins/kubernetes_security @elastic/awp-viz
x-pack/plugins/kubernetes_security @elastic/sec-cloudnative-integrations
packages/kbn-language-documentation-popover @elastic/kibana-visualizations
x-pack/plugins/lens @elastic/kibana-visualizations
x-pack/plugins/license_api_guard @elastic/platform-deployment-management
Expand Down Expand Up @@ -565,7 +565,7 @@ packages/kbn-securitysolution-utils @elastic/security-solution-platform
packages/kbn-server-http-tools @elastic/kibana-core
packages/kbn-server-route-repository @elastic/apm-ui
test/plugin_functional/plugins/session_notifications @elastic/kibana-core
x-pack/plugins/session_view @elastic/awp-viz
x-pack/plugins/session_view @elastic/sec-cloudnative-integrations
packages/kbn-set-map @elastic/kibana-operations
examples/share_examples @elastic/kibana-app-services
src/plugins/share @elastic/appex-sharedux
Expand Down Expand Up @@ -1174,8 +1174,8 @@ x-pack/plugins/security_solution/cypress/README.md @elastic/security-engineering
x-pack/test/security_solution_cypress @elastic/security-engineering-productivity

## Security Solution sub teams - adaptive-workload-protection
x-pack/plugins/security_solution/public/common/components/sessions_viewer @elastic/awp-viz
x-pack/plugins/security_solution/public/kubernetes @elastic/awp-viz
x-pack/plugins/security_solution/public/common/components/sessions_viewer @elastic/sec-cloudnative-integrations
x-pack/plugins/security_solution/public/kubernetes @elastic/sec-cloudnative-integrations

## Security Solution sub teams - Protections Experience
x-pack/plugins/security_solution/public/threat_intelligence @elastic/protections-experience
Expand Down
2 changes: 1 addition & 1 deletion api_docs/kubernetes_security.mdx
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ import kubernetesSecurityObj from './kubernetes_security.devdocs.json';



Contact [@elastic/awp-viz](https://github.com/orgs/elastic/teams/awp-viz) for questions regarding this plugin.
Contact [@elastic/sec-cloudnative-integrations](https://github.com/orgs/elastic/teams/sec-cloudnative-integrations) for questions regarding this plugin.

**Code health stats**

Expand Down
4 changes: 2 additions & 2 deletions api_docs/plugin_directory.mdx
Original file line number Diff line number Diff line change
Expand Up @@ -113,7 +113,7 @@ tags: ['contributor', 'dev', 'apidocs', 'kibana']
| <DocLink id="kibKibanaReactPluginApi" text="kibanaReact"/> | [@elastic/appex-sharedux](https://github.com/orgs/elastic/teams/appex-sharedux) | - | 185 | 1 | 153 | 5 |
| kibanaUsageCollection | [@elastic/kibana-core](https://github.com/orgs/elastic/teams/kibana-core) | - | 0 | 0 | 0 | 0 |
| <DocLink id="kibKibanaUtilsPluginApi" text="kibanaUtils"/> | [@elastic/kibana-app-services](https://github.com/orgs/elastic/teams/kibana-app-services) | - | 609 | 3 | 416 | 9 |
| <DocLink id="kibKubernetesSecurityPluginApi" text="kubernetesSecurity"/> | [@elastic/awp-viz](https://github.com/orgs/elastic/teams/awp-viz) | - | 3 | 0 | 3 | 1 |
| <DocLink id="kibKubernetesSecurityPluginApi" text="kubernetesSecurity"/> | [@elastic/sec-cloudnative-integrations](https://github.com/orgs/elastic/teams/sec-cloudnative-integrations) | - | 3 | 0 | 3 | 1 |
| <DocLink id="kibLensPluginApi" text="lens"/> | [@elastic/kibana-visualizations](https://github.com/orgs/elastic/teams/kibana-visualizations) | Visualization editor allowing to quickly and easily configure compelling visualizations to use on dashboards and canvas workpads. Exposes components to embed visualizations and link into the Lens editor from within other apps in Kibana. | 608 | 0 | 513 | 53 |
| <DocLink id="kibLicenseApiGuardPluginApi" text="licenseApiGuard"/> | [@elastic/platform-deployment-management](https://github.com/orgs/elastic/teams/platform-deployment-management) | - | 8 | 0 | 8 | 0 |
| <DocLink id="kibLicenseManagementPluginApi" text="licenseManagement"/> | [@elastic/platform-deployment-management](https://github.com/orgs/elastic/teams/platform-deployment-management) | - | 4 | 0 | 4 | 1 |
Expand Down Expand Up @@ -151,7 +151,7 @@ tags: ['contributor', 'dev', 'apidocs', 'kibana']
| searchprofiler | [@elastic/platform-deployment-management](https://github.com/orgs/elastic/teams/platform-deployment-management) | - | 0 | 0 | 0 | 0 |
| <DocLink id="kibSecurityPluginApi" text="security"/> | [@elastic/kibana-security](https://github.com/orgs/elastic/teams/kibana-security) | This plugin provides authentication and authorization features, and exposes functionality to understand the capabilities of the currently authenticated user. | 280 | 0 | 94 | 0 |
| <DocLink id="kibSecuritySolutionPluginApi" text="securitySolution"/> | [@elastic/security-solution](https://github.com/orgs/elastic/teams/security-solution) | - | 117 | 0 | 76 | 27 |
| <DocLink id="kibSessionViewPluginApi" text="sessionView"/> | [@elastic/awp-viz](https://github.com/orgs/elastic/teams/awp-viz) | - | 7 | 0 | 7 | 1 |
| <DocLink id="kibSessionViewPluginApi" text="sessionView"/> | [@elastic/sec-cloudnative-integrations](https://github.com/orgs/elastic/teams/sec-cloudnative-integrations) | - | 7 | 0 | 7 | 1 |
| <DocLink id="kibSharePluginApi" text="share"/> | [@elastic/appex-sharedux](https://github.com/orgs/elastic/teams/appex-sharedux) | Adds URL Service and sharing capabilities to Kibana | 118 | 0 | 59 | 10 |
| <DocLink id="kibSnapshotRestorePluginApi" text="snapshotRestore"/> | [@elastic/platform-deployment-management](https://github.com/orgs/elastic/teams/platform-deployment-management) | - | 22 | 1 | 22 | 1 |
| <DocLink id="kibSpacesPluginApi" text="spaces"/> | [@elastic/kibana-security](https://github.com/orgs/elastic/teams/kibana-security) | This plugin provides the Spaces feature, which allows saved objects to be organized into meaningful categories. | 253 | 0 | 65 | 0 |
Expand Down
2 changes: 1 addition & 1 deletion api_docs/session_view.mdx
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ import sessionViewObj from './session_view.devdocs.json';



Contact [@elastic/awp-viz](https://github.com/orgs/elastic/teams/awp-viz) for questions regarding this plugin.
Contact [@elastic/sec-cloudnative-integrations](https://github.com/orgs/elastic/teams/sec-cloudnative-integrations) for questions regarding this plugin.

**Code health stats**

Expand Down
2 changes: 1 addition & 1 deletion renovate.json
Original file line number Diff line number Diff line change
Expand Up @@ -270,7 +270,7 @@
{
"groupName": "TTY Output",
"matchPackageNames": ["xterm", "byte-size", "@types/byte-size"],
"reviewers": ["team:awp-viz"],
"reviewers": ["team:sec-cloudnative-integrations"],
"matchBaseBranches": ["main"],
"labels": ["Team: AWP: Visualization", "release_note:skip", "backport:skip"],
"enabled": true,
Expand Down
3 changes: 1 addition & 2 deletions x-pack/plugins/cloud_defend/public/common/utils.test.ts
Original file line number Diff line number Diff line change
Expand Up @@ -54,7 +54,7 @@ describe('getSelectorConditions', () => {

// check that process specific conditions are not included
expect(options.includes('processExecutable')).toBeFalsy();
expect(options.includes('processUserId')).toBeFalsy();
expect(options.includes('sessionLeaderInteractive')).toBeFalsy();
});

it('grabs process conditions for process selectors', () => {
Expand All @@ -70,7 +70,6 @@ describe('getSelectorConditions', () => {

// check that process specific conditions are not included
expect(options.includes('processExecutable')).toBeTruthy();
expect(options.includes('processUserId')).toBeTruthy();
expect(options.includes('sessionLeaderInteractive')).toBeTruthy();
});
});
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -338,13 +338,18 @@ export const ControlGeneralView = ({ policy, onChange, show }: ViewDeps) => {
</EuiFlexItem>

{selectors.map((selector, i) => {
const usedByResponse = !!responses.find((response) =>
response.match.includes(selector.name)
);

return (
<EuiFlexItem key={i}>
<ControlGeneralViewSelector
key={i}
index={i}
selector={selector}
selectors={selectors}
usedByResponse={usedByResponse}
onDuplicate={onDuplicateSelector}
onRemove={onRemoveSelector}
onChange={onSelectorChange}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -116,6 +116,14 @@ export const name = i18n.translate('xpack.cloudDefend.name', {
defaultMessage: 'Name',
});

export const unusedSelector = i18n.translate('xpack.cloudDefend.unusedSelector', {
defaultMessage: 'Not in use',
});

export const unusedSelectorHelp = i18n.translate('xpack.cloudDefend.unusedSelectorHelp', {
defaultMessage: 'This selector is not in use by any response.',
});

export const errorInvalidResourceLabel = i18n.translate(
'xpack.cloudDefend.errorInvalidResourceLabel',
{
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -50,6 +50,7 @@ describe('<ControlGeneralViewSelector />', () => {
onChange={onChange}
onRemove={onRemove}
onDuplicate={onDuplicate}
usedByResponse={false}
/>
</TestProvider>
);
Expand All @@ -68,6 +69,12 @@ describe('<ControlGeneralViewSelector />', () => {
expect(getByTestId('cloud-defend-selectorcondition-operation')).toBeTruthy();
});

it('renders a badge to show that the selector is unused', () => {
const { getByText } = render(<WrappedComponent />);

expect(getByText(i18n.unusedSelector)).toBeTruthy();
});

it('allows the user to add a limited set of operations', () => {
const { getByTestId, rerender } = render(<WrappedComponent />);

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -184,6 +184,7 @@ const StringArrayCondition = ({
export const ControlGeneralViewSelector = ({
selector,
selectors,
usedByResponse,
index,
onRemove,
onDuplicate,
Expand Down Expand Up @@ -393,17 +394,24 @@ export const ControlGeneralViewSelector = ({
css={styles.accordion}
extraAction={
<EuiFlexGroup alignItems="center" gutterSize="none">
{accordionState === 'closed' && (
<div>
<EuiText css={styles.conditionsBadge} size="xs">
<b>{i18n.conditions}</b>
</EuiText>
<EuiBadge title={conditionsAdded.join(',')} color="hollow">
{conditionsAdded.length}
<div>
{accordionState === 'closed' && (
<>
<EuiText css={styles.conditionsBadge} size="xs">
<b>{i18n.conditions}</b>
</EuiText>
<EuiBadge title={conditionsAdded.join(',')} color="hollow">
{conditionsAdded.length}
</EuiBadge>
</>
)}
{!usedByResponse && (
<EuiBadge title={i18n.unusedSelectorHelp} color="warning">
{i18n.unusedSelector}
</EuiBadge>
<div css={styles.verticalDivider} />
</div>
)}
)}
<div css={styles.verticalDivider} />
</div>
<EuiFlexItem>
<EuiPopover
id={selector.name}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -240,14 +240,8 @@
{
"required": ["processName"]
},
{
"required": ["processUserId"]
},
{
"required": ["sessionLeaderInteractive"]
},
{
"required": ["sessionLeaderName"]
}
],
"properties": {
Expand Down Expand Up @@ -335,22 +329,8 @@
"type": "string"
}
},
"processUserId": {
"type": "array",
"minItems": 1,
"items": {
"type": "integer"
}
},
"sessionLeaderInteractive": {
"type": "boolean"
},
"sessionLeaderName": {
"type": "array",
"minItems": 1,
"items": {
"type": "string"
}
}
},
"dependencies": {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -72,6 +72,6 @@ describe('<ControlYamlView />', () => {
);

expect(getByTestId('cloudDefendAdditionalErrors')).toBeTruthy();
expect(getByText('"sessionLeaderName" values cannot exceed 16 bytes')).toBeTruthy();
expect(getByText('"targetFilePath" values cannot exceed 255 bytes')).toBeTruthy();
});
});
4 changes: 2 additions & 2 deletions x-pack/plugins/cloud_defend/public/test/mocks.ts
Original file line number Diff line number Diff line change
Expand Up @@ -55,8 +55,8 @@ export const MOCK_YAML_INVALID_STRING_ARRAY_CONDITION = `file:
operation:
- createExecutable
- modifyExecutable
sessionLeaderName:
- reallylongsessionleadernamethatshouldnotbeallowed
targetFilePath:
- /bin/${new Array(256).fill('a').join()}
responses:
- match:
- default
Expand Down
9 changes: 2 additions & 7 deletions x-pack/plugins/cloud_defend/public/types.ts
Original file line number Diff line number Diff line change
Expand Up @@ -78,9 +78,7 @@ export type SelectorCondition =
| 'operation'
| 'processExecutable'
| 'processName'
| 'processUserId'
| 'sessionLeaderInteractive'
| 'sessionLeaderName';
| 'sessionLeaderInteractive';

export interface SelectorConditionOptions {
type: SelectorConditionType;
Expand Down Expand Up @@ -141,9 +139,7 @@ export const SelectorConditionsMap: SelectorConditionsMapProps = {
ignoreVolumeMounts: { selectorType: 'file', type: 'flag', not: ['ignoreVolumeFiles'] },
processExecutable: { selectorType: 'process', type: 'stringArray', not: ['processName'] },
processName: { selectorType: 'process', type: 'stringArray', not: ['processExecutable'] },
processUserId: { selectorType: 'process', type: 'stringArray' },
sessionLeaderInteractive: { selectorType: 'process', type: 'boolean' },
sessionLeaderName: { selectorType: 'process', type: 'stringArray', maxValueBytes: 16 },
};

export type ResponseAction = 'log' | 'alert' | 'block';
Expand All @@ -168,9 +164,7 @@ export interface Selector {
// process selector properties
processExecutable?: string[];
processName?: string[];
processUserId?: string[];
sessionLeaderInteractive?: string[];
sessionLeaderName?: string[];

// non yaml fields
type: SelectorType;
Expand Down Expand Up @@ -230,6 +224,7 @@ export interface ViewDeps extends SettingsDeps {
export interface ControlGeneralViewSelectorDeps {
selector: Selector;
selectors: Selector[];
usedByResponse: boolean;
index: number;
onChange(selector: Selector, index: number): void;
onRemove(index: number): void;
Expand Down
2 changes: 1 addition & 1 deletion x-pack/plugins/kubernetes_security/kibana.jsonc
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
{
"type": "plugin",
"id": "@kbn/kubernetes-security-plugin",
"owner": "@elastic/awp-viz",
"owner": "@elastic/sec-cloudnative-integrations",
"plugin": {
"id": "kubernetesSecurity",
"server": true,
Expand Down

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ import { DEFAULT_DATE_COLUMN_MIN_WIDTH } from '../../../timelines/components/tim
import {
COLUMN_SESSION_START,
COLUMN_EXECUTABLE,
COLUMN_ENTRY_USER,
COLUMN_ENTRY_USER_ID,
COLUMN_INTERACTIVE,
COLUMN_HOST_NAME,
COLUMN_ENTRY_TYPE,
Expand All @@ -34,8 +34,8 @@ export const sessionsHeaders: ColumnHeaderOptions[] = [
},
{
columnHeaderType: defaultColumnHeaderType,
id: 'process.entry_leader.user.name',
display: COLUMN_ENTRY_USER,
id: 'process.entry_leader.user.id',
display: COLUMN_ENTRY_USER_ID,
},
{
columnHeaderType: defaultColumnHeaderType,
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -39,10 +39,10 @@ export const COLUMN_EXECUTABLE = i18n.translate(
}
);

export const COLUMN_ENTRY_USER = i18n.translate(
'xpack.securitySolution.sessionsView.columnEntryUser',
export const COLUMN_ENTRY_USER_ID = i18n.translate(
'xpack.securitySolution.sessionsView.columnEntryUserID',
{
defaultMessage: 'User',
defaultMessage: 'User ID',
}
);

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -191,7 +191,7 @@ export interface ProcessEvent {
'@timestamp'?: string;
event?: {
kind?: EventKind;
category?: string[];
category?: string | string[];
action?: EventAction | EventAction[];
id?: string;
};
Expand Down
2 changes: 1 addition & 1 deletion x-pack/plugins/session_view/kibana.jsonc
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
{
"type": "plugin",
"id": "@kbn/session-view-plugin",
"owner": "@elastic/awp-viz",
"owner": "@elastic/sec-cloudnative-integrations",
"plugin": {
"id": "sessionView",
"server": true,
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -64,7 +64,9 @@ export const DetailPanelAlertListItem = ({
const { args, name: processName } = event.process ?? {};
const { event: processEvent } = event;
const forceState = !isInvestigated ? 'open' : undefined;
const category = processEvent?.category?.[0];
const category = Array.isArray(processEvent?.category)
? processEvent?.category?.[0]
: processEvent?.category;
const processEventAlertCategory = category ?? ProcessEventAlertCategory.process;
const alertCategoryDetailDisplayText =
category !== ProcessEventAlertCategory.process
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -266,6 +266,20 @@ export const autoExpandProcessTree = (processMap: ProcessMap, jumpToEntityId?: s
return processMap;
};

// recusively collapses all children below provided node
export const collapseProcessTree = (node: Process) => {
if (!node.autoExpand) {
return;
}

if (node.children) {
node.children.forEach((child) => {
child.autoExpand = false;
collapseProcessTree(child);
});
}
};

export const processNewEvents = (
eventsProcessMap: ProcessMap,
events: ProcessEvent[] | undefined,
Expand Down
Loading