diff --git a/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/api/bootstrap_prebuilt_rules/bootstrap_prebuilt_rules_handler.ts b/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/api/bootstrap_prebuilt_rules/bootstrap_prebuilt_rules_handler.ts index 413f2ec6d5493..b26de7159603d 100644 --- a/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/api/bootstrap_prebuilt_rules/bootstrap_prebuilt_rules_handler.ts +++ b/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/api/bootstrap_prebuilt_rules/bootstrap_prebuilt_rules_handler.ts @@ -49,7 +49,7 @@ export const bootstrapPrebuiltRulesHandler = async ( const packageResults: PackageInstallStatus[] = []; // Install packages sequentially to avoid high memory usage - const prebuiltRulesResult = await installPrebuiltRulesPackage(config, securityContext); + const prebuiltRulesResult = await installPrebuiltRulesPackage(securityContext); packageResults.push({ name: prebuiltRulesResult.package.name, version: prebuiltRulesResult.package.version, diff --git a/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/api/install_prebuilt_rules_and_timelines/legacy_create_prepackaged_rules.ts b/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/api/install_prebuilt_rules_and_timelines/legacy_create_prepackaged_rules.ts index 5098f5f9e27bd..a5a59b1ef2e61 100644 --- a/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/api/install_prebuilt_rules_and_timelines/legacy_create_prepackaged_rules.ts +++ b/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/api/install_prebuilt_rules_and_timelines/legacy_create_prepackaged_rules.ts @@ -37,7 +37,6 @@ export const legacyCreatePrepackagedRules = async ( rulesClient: RulesClient, exceptionsClient?: ExceptionListClient ): Promise => { - const config = context.getConfig(); const savedObjectsClient = context.core.savedObjects.client; const siemClient = context.getAppClient(); const exceptionsListClient = context.getExceptionListClient() ?? exceptionsClient; @@ -53,11 +52,7 @@ export const legacyCreatePrepackagedRules = async ( await exceptionsListClient.createEndpointList(); } - const latestPrebuiltRules = await ensureLatestRulesPackageInstalled( - ruleAssetsClient, - config, - context - ); + const latestPrebuiltRules = await ensureLatestRulesPackageInstalled(ruleAssetsClient, context); const installedPrebuiltRules = rulesToMap(await getExistingPrepackagedRules({ rulesClient })); const rulesToInstall = getRulesToInstall(latestPrebuiltRules, installedPrebuiltRules); diff --git a/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/api/perform_rule_installation/perform_rule_installation_handler.ts b/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/api/perform_rule_installation/perform_rule_installation_handler.ts index 5c68db65e5c4d..39baaad17c002 100644 --- a/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/api/perform_rule_installation/perform_rule_installation_handler.ts +++ b/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/api/perform_rule_installation/perform_rule_installation_handler.ts @@ -32,7 +32,6 @@ export const performRuleInstallationHandler = async ( try { const ctx = await context.resolve(['core', 'alerting', 'securitySolution']); - const config = ctx.securitySolution.getConfig(); const soClient = ctx.core.savedObjects.client; const rulesClient = await ctx.alerting.getRulesClient(); const detectionRulesClient = ctx.securitySolution.getDetectionRulesClient(); @@ -47,7 +46,7 @@ export const performRuleInstallationHandler = async ( // If this API is used directly without hitting any detection engine // pages first, the rules package might be missing. - await ensureLatestRulesPackageInstalled(ruleAssetsClient, config, ctx.securitySolution); + await ensureLatestRulesPackageInstalled(ruleAssetsClient, ctx.securitySolution); const allLatestVersions = await ruleAssetsClient.fetchLatestVersions(); const currentRuleVersions = await ruleObjectsClient.fetchInstalledRuleVersions(); diff --git a/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/logic/integrations/ensure_latest_rules_package_installed.ts b/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/logic/integrations/ensure_latest_rules_package_installed.ts index 074f9a07f2a4d..0fd6f06183bc1 100644 --- a/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/logic/integrations/ensure_latest_rules_package_installed.ts +++ b/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/logic/integrations/ensure_latest_rules_package_installed.ts @@ -5,20 +5,18 @@ * 2.0. */ -import type { ConfigType } from '../../../../../config'; import type { SecuritySolutionApiRequestHandlerContext } from '../../../../../types'; import type { IPrebuiltRuleAssetsClient } from '../rule_assets/prebuilt_rule_assets_client'; import { installPrebuiltRulesPackage } from './install_prebuilt_rules_package'; export async function ensureLatestRulesPackageInstalled( ruleAssetsClient: IPrebuiltRuleAssetsClient, - config: ConfigType, securityContext: SecuritySolutionApiRequestHandlerContext ) { let latestPrebuiltRules = await ruleAssetsClient.fetchLatestAssets(); if (latestPrebuiltRules.length === 0) { // Seems no packages with prepackaged rules were installed, try to install the default rules package - await installPrebuiltRulesPackage(config, securityContext); + await installPrebuiltRulesPackage(securityContext); // Try to get the prepackaged rules again latestPrebuiltRules = await ruleAssetsClient.fetchLatestAssets(); diff --git a/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/logic/integrations/install_endpoint_security_prebuilt_rule.ts b/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/logic/integrations/install_endpoint_security_prebuilt_rule.ts index ad34630fca19c..34bfdc2d033d8 100644 --- a/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/logic/integrations/install_endpoint_security_prebuilt_rule.ts +++ b/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/logic/integrations/install_endpoint_security_prebuilt_rule.ts @@ -13,6 +13,7 @@ import { ELASTIC_SECURITY_RULE_ID } from '../../../../../../common'; import { createPrebuiltRuleObjectsClient } from '../rule_objects/prebuilt_rule_objects_client'; import { createPrebuiltRuleAssetsClient } from '../rule_assets/prebuilt_rule_assets_client'; import { createPrebuiltRules } from '../rule_objects/create_prebuilt_rules'; +import { ensureLatestRulesPackageInstalled } from './ensure_latest_rules_package_installed'; export interface InstallEndpointSecurityPrebuiltRuleProps { logger: Logger; @@ -65,6 +66,11 @@ export const installEndpointSecurityPrebuiltRule = async ({ // This will create the endpoint list if it does not exist yet await exceptionsListClient?.createEndpointList(); + // Make sure the latest prebuilt rules package is installed (in case the + // user installs Elastic Defend integration without visiting Security + // Solution first) + await ensureLatestRulesPackageInstalled(ruleAssetsClient, context); + const latestRuleVersion = await ruleAssetsClient.fetchLatestVersions([ ELASTIC_SECURITY_RULE_ID, ]); diff --git a/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/logic/integrations/install_prebuilt_rules_package.ts b/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/logic/integrations/install_prebuilt_rules_package.ts index 0fcb20531a34b..f9b61dae55091 100644 --- a/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/logic/integrations/install_prebuilt_rules_package.ts +++ b/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/logic/integrations/install_prebuilt_rules_package.ts @@ -7,7 +7,6 @@ import type { SecuritySolutionApiRequestHandlerContext } from '../../../../../types'; import { PREBUILT_RULES_PACKAGE_NAME } from '../../../../../../common/detection_engine/constants'; -import type { ConfigType } from '../../../../../config'; import { findLatestPackageVersion } from './find_latest_package_version'; /** @@ -17,9 +16,9 @@ import { findLatestPackageVersion } from './find_latest_package_version'; * @param context Request handler context */ export async function installPrebuiltRulesPackage( - config: ConfigType, context: SecuritySolutionApiRequestHandlerContext ) { + const config = context.getConfig(); let pkgVersion = config.prebuiltRulesPackageVersion; if (!pkgVersion) { diff --git a/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/import_rules/route.ts b/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/import_rules/route.ts index 1c235a878fff7..7f2f163615d69 100644 --- a/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/import_rules/route.ts +++ b/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/import_rules/route.ts @@ -148,7 +148,6 @@ export const importRulesRoute = (router: SecuritySolutionPluginRouter, config: C ); const ruleSourceImporter = createRuleSourceImporter({ - config, context: ctx.securitySolution, prebuiltRuleAssetsClient: createPrebuiltRuleAssetsClient(savedObjectsClient), prebuiltRuleObjectsClient: createPrebuiltRuleObjectsClient(rulesClient), diff --git a/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_management/logic/import/rule_source_importer/rule_source_importer.test.ts b/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_management/logic/import/rule_source_importer/rule_source_importer.test.ts index 80ee5be20271e..0c9884ea3b4e8 100644 --- a/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_management/logic/import/rule_source_importer/rule_source_importer.test.ts +++ b/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_management/logic/import/rule_source_importer/rule_source_importer.test.ts @@ -11,21 +11,19 @@ import type { } from '../../../../../../../common/api/detection_engine'; import { createPrebuiltRuleAssetsClient as createPrebuiltRuleAssetsClientMock } from '../../../../prebuilt_rules/logic/rule_assets/__mocks__/prebuilt_rule_assets_client'; import { createPrebuiltRuleObjectsClient as createPrebuiltRuleObjectsClientMock } from '../../../../prebuilt_rules/logic/rule_objects/__mocks__/prebuilt_rule_objects_client'; -import { createMockConfig, requestContextMock } from '../../../../routes/__mocks__'; +import { requestContextMock } from '../../../../routes/__mocks__'; import { getPrebuiltRuleMock } from '../../../../prebuilt_rules/mocks'; import { createRuleSourceImporter } from './rule_source_importer'; describe('ruleSourceImporter', () => { let ruleAssetsClientMock: ReturnType; let ruleObjectsClientMock: ReturnType; - let config: ReturnType; let context: ReturnType['securitySolution']; let ruleToImport: RuleToImport; let subject: ReturnType; beforeEach(() => { jest.clearAllMocks(); - config = createMockConfig(); context = requestContextMock.create().securitySolution; ruleAssetsClientMock = createPrebuiltRuleAssetsClientMock(); ruleAssetsClientMock.fetchLatestAssets.mockResolvedValue([{}]); @@ -37,7 +35,6 @@ describe('ruleSourceImporter', () => { subject = createRuleSourceImporter({ context, - config, prebuiltRuleAssetsClient: ruleAssetsClientMock, prebuiltRuleObjectsClient: ruleObjectsClientMock, }); diff --git a/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_management/logic/import/rule_source_importer/rule_source_importer.ts b/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_management/logic/import/rule_source_importer/rule_source_importer.ts index a22ca4ff7e7b9..03493ba68d69d 100644 --- a/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_management/logic/import/rule_source_importer/rule_source_importer.ts +++ b/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_management/logic/import/rule_source_importer/rule_source_importer.ts @@ -13,7 +13,6 @@ */ import type { SecuritySolutionApiRequestHandlerContext } from '../../../../../../types'; -import type { ConfigType } from '../../../../../../config'; import type { RuleResponse, RuleToImport, @@ -95,7 +94,6 @@ const fetchMatchingAssets = async ({ */ export class RuleSourceImporter implements IRuleSourceImporter { private context: SecuritySolutionApiRequestHandlerContext; - private config: ConfigType; private ruleAssetsClient: IPrebuiltRuleAssetsClient; private ruleObjectsClient: IPrebuiltRuleObjectsClient; private latestPackagesInstalled: boolean = false; @@ -105,17 +103,14 @@ export class RuleSourceImporter implements IRuleSourceImporter { private availableRuleAssetIds: Set = new Set(); constructor({ - config, context, prebuiltRuleAssetsClient, prebuiltRuleObjectsClient, }: { - config: ConfigType; context: SecuritySolutionApiRequestHandlerContext; prebuiltRuleAssetsClient: IPrebuiltRuleAssetsClient; prebuiltRuleObjectsClient: IPrebuiltRuleObjectsClient; }) { - this.config = config; this.ruleAssetsClient = prebuiltRuleAssetsClient; this.ruleObjectsClient = prebuiltRuleObjectsClient; this.context = context; @@ -128,7 +123,7 @@ export class RuleSourceImporter implements IRuleSourceImporter { */ public async setup(rules: RuleToImport[]): Promise { if (!this.latestPackagesInstalled) { - await ensureLatestRulesPackageInstalled(this.ruleAssetsClient, this.config, this.context); + await ensureLatestRulesPackageInstalled(this.ruleAssetsClient, this.context); this.latestPackagesInstalled = true; } @@ -209,18 +204,15 @@ export class RuleSourceImporter implements IRuleSourceImporter { } export const createRuleSourceImporter = ({ - config, context, prebuiltRuleAssetsClient, prebuiltRuleObjectsClient, }: { - config: ConfigType; context: SecuritySolutionApiRequestHandlerContext; prebuiltRuleAssetsClient: IPrebuiltRuleAssetsClient; prebuiltRuleObjectsClient: IPrebuiltRuleObjectsClient; }): RuleSourceImporter => { return new RuleSourceImporter({ - config, context, prebuiltRuleAssetsClient, prebuiltRuleObjectsClient,