Saved Object Mapping for Entity Source Sync Configuration

packages/kbn-check-mappings-update-cli/current_fields.json

@@ -309,6 +309,19 @@
     "schemaVersion"
   ],
   "enterprise_search_telemetry": [],
+  "entity-analytics-monitoring-entity-source": [
+    "enabled",
+    "error",
+    "filter",
+    "indexPattern",
+    "integrationName",
+    "managed",
+    "matchers",
+    "matchers.fields",
+    "matchers.values",
+    "name",
+    "type"
+  ],
   "entity-definition": [
     "description",
     "filter",
@@ -828,6 +841,19 @@
     "job.job_id",
     "model_id"
   ],
+  "monitoring-entity-source": [
+    "enabled",
+    "error",
+    "filter",
+    "indexPattern",
+    "integrationName",
+    "managed",
+    "matchers",
+    "matchers.fields",
+    "matchers.values",
+    "name",
+    "type"
+  ],
   "monitoring-telemetry": [
     "reportedClusterUuids"
   ],

packages/kbn-check-mappings-update-cli/current_mappings.json

@@ -1059,6 +1059,37 @@
     "dynamic": false,
     "properties": {}
   },
+  "entity-analytics-monitoring-entity-source": {
+    "dynamic": false,
+    "properties": {
+      "enabled": {
+        "type": "boolean"
+      },
+      "error": {
+        "type": "keyword"
+      },
+      "filter": {
+        "dynamic": false,
+        "type": "object"
+      },
+      "integrationName": {
+        "type": "keyword"
+      },
+      "managed": {
+        "type": "boolean"
+      },
+        "matchers": {
+        "dynamic": false,
+        "type": "object"
+      },
+      "name": {
+        "type": "keyword"
+      },
+      "type": {
+        "type": "keyword"
+      }
+    }
+  },
   "entity-definition": {
     "dynamic": false,
     "properties": {

src/core/packages/saved-objects/server-internal/src/object_types/index.ts

@@ -10,5 +10,5 @@
 export { registerCoreObjectTypes } from './registration';
 
 // set minimum number of registered saved objects to ensure no object types are removed after 8.8
-// declared in internal implementation exclicilty to prevent unintended changes.
-export const SAVED_OBJECT_TYPES_COUNT = 133 as const;
+// declared in internal implementation explicitly to prevent unintended changes.
+export const SAVED_OBJECT_TYPES_COUNT = 134 as const;

src/core/server/integration_tests/ci_checks/saved_objects/check_registered_types.test.ts

@@ -96,6 +96,7 @@ describe('checking migration metadata changes on all registered SO types', () =>
         "endpoint:unified-user-artifact-manifest": "71c7fcb52c658b21ea2800a6b6a76972ae1c776e",
         "endpoint:user-artifact-manifest": "1c3533161811a58772e30cdc77bac4631da3ef2b",
         "enterprise_search_telemetry": "9ac912e1417fc8681e0cd383775382117c9e3d3d",
+        "entity-analytics-monitoring-entity-source": "207ca6f7ed3a04ebe33d81675a09e253446fe897",
         "entity-definition": "1c6bff35c423d5dc5650bc806cf2899e4706a0bc",
         "entity-discovery-api-key": "c267a65c69171d1804362155c1378365f5acef88",
         "entity-engine-status": "09f6a617020708e4f638137e5ef35bd9534133be",

src/core/server/integration_tests/saved_objects/registration/type_registrations.test.ts

@@ -56,6 +56,7 @@ const previouslyRegisteredTypes = [
   'endpoint:user-artifact-manifest',
   'endpoint:unified-user-artifact-manifest',
   'enterprise_search_telemetry',
+  'entity-analytics-monitoring-entity-source',
   'entity-definition',
   'entity-discovery-api-key',
   'epm-packages',

x-pack/solutions/security/plugins/security_solution/common/api/entity_analytics/privilege_monitoring/monitoring_entity_source/monitoring_entity_source.gen.ts

@@ -0,0 +1,55 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+/*
+ * NOTICE: Do not edit this file manually.
+ * This file is automatically generated by the OpenAPI Generator, @kbn/openapi-generator.
+ *
+ * info:
+ *   title: Monitoring Entity Source Schema
+ *   version: 1
+ */
+
+import { z } from '@kbn/zod';
+
+export type MonitoringEntitySourceDescriptor = z.infer<typeof MonitoringEntitySourceDescriptor>;
+export const MonitoringEntitySourceDescriptor = z.object({
+  type: z.string(),
+  name: z.string(),
+  managed: z.boolean().optional(),
+  indexPattern: z.string().optional(),
+  enabled: z.boolean().optional(),
+  error: z.string().optional(),
+  integrationName: z.string().optional(),
+  matchers: z
+    .array(
+      z.object({
+        fields: z.array(z.string()),
+        values: z.array(z.string()),
+      })
+    )
+    .optional(),
+  filter: z.object({}).optional(),
+});
+
+export type MonitoringEntitySourceResponse = z.infer<typeof MonitoringEntitySourceResponse>;
+export const MonitoringEntitySourceResponse = z.object({
+  id: z.string().optional(),
+  name: z.string().optional(),
+  type: z.string().optional(),
+  indexPattern: z.string().optional(),
+  integrationName: z.string().optional(),
+  enabled: z.boolean().optional(),
+  matchers: z
+    .array(
+      z.object({
+        fields: z.array(z.string()),
+        values: z.array(z.string()),
+      })
+    )
+    .optional(),
+});

x-pack/solutions/security/plugins/security_solution/common/api/entity_analytics/privilege_monitoring/monitoring_entity_source/monitoring_entity_source.schema.yaml

@@ -0,0 +1,145 @@
+openapi: 3.0.0
+info:
+  title: Monitoring Entity Source Schema
+  description: Schema for managing entity source configurations in the monitoring system.
+  version: "1"
+
+paths:
+  /api/entity_analytics/monitoring/entity_source:
+    post:
+      operationId: createEntitySource
+      summary: Create a new entity source configuration
+      requestBody:
+        required: true
+        content:
+          application/json:
+            schema:
+              $ref: "#/components/schemas/MonitoringEntitySourceDescriptor"
+      responses:
+        "200":
+          description: Entity source created successfully
+          content:
+            application/json:
+              schema:
+                $ref: "#/components/schemas/MonitoringEntitySourceResponse"
+
+  /api/entity_analytics/monitoring/entity_source/{id}:
+    get:
+      operationId: getEntitySource
+      summary: Get an entity source configuration by ID
+      parameters:
+        - name: id
+          in: path
+          required: true
+          schema:
+            type: string
+      responses:
+        "200":
+          description: Entity source details retrieved
+          content:
+            application/json:
+              schema:
+                $ref: "#/components/schemas/MonitoringEntitySourceResponse"
+
+    put:
+      operationId: updateEntitySource
+      summary: Update an entity source configuration
+      parameters:
+        - name: id
+          in: path
+          required: true
+          schema:
+            type: string
+      requestBody:
+        required: true
+        content:
+          application/json:
+            schema:
+              $ref: "#/components/schemas/MonitoringEntitySourceDescriptor"
+      responses:
+        "200":
+          description: Entity source updated successfully
+
+    delete:
+      operationId: deleteEntitySource
+      summary: Delete an entity source configuration
+      parameters:
+        - name: id
+          in: path
+          required: true
+          schema:
+            type: string
+      responses:
+        "200":
+          description: Entity source deleted successfully
+
+components:
+  schemas:
+    MonitoringEntitySourceDescriptor:
+      type: object
+      required: [type, name]
+      properties:
+        type:
+          type: string
+        name:
+          type: string
+        managed:
+          type: boolean
+        indexPattern:
+          type: string
+        enabled:
+          type: boolean
+        error:
+          type: string
+        integrationName:
+          type: string
+        matchers:
+          type: array
+          items:
+            type: object
+            required:
+            - fields
+            - values
+            properties:
+              fields:
+                type: array
+                items:
+                  type: string                  
+              values:
+                type: array
+                items:
+                  type: string                
+        filter:
+          type: object
+
+    MonitoringEntitySourceResponse:
+      type: object
+      properties:
+        id:
+          type: string
+        name:
+          type: string
+        type:
+          type: string
+        indexPattern:
+          type: string
+        integrationName:
+          type: string
+        enabled:
+          type: boolean
+        matchers:
+          type: array
+          items:
+            type: object
+            required:
+            - fields
+            - values
+            properties:
+              fields:
+                type: array
+                items:
+                  type: string                
+              values:
+                type: array
+                items:
+                  type: string

x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/routes/__mocks__/request_context.ts

@@ -191,6 +191,7 @@ const createSecuritySolutionRequestContextMock = (
     getEntityStoreApiKeyManager: jest.fn(),
     getEntityStoreDataClient: jest.fn(() => clients.entityStoreDataClient),
     getPrivilegeMonitoringDataClient: jest.fn(() => clients.privilegeMonitorDataClient),
+    getMonitoringEntitySourceDataClient: jest.fn(),
     getSiemRuleMigrationsClient: jest.fn(() => clients.siemRuleMigrationsClient),
     getInferenceClient: jest.fn(() => clients.getInferenceClient()),
     getAssetInventoryClient: jest.fn(() => clients.assetInventoryDataClient),