diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index 3e53a8b2e6dcb..887b1e92a9d96 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -1113,6 +1113,7 @@ x-pack/solutions/security/packages/navigation @elastic/security-threat-hunting-i x-pack/solutions/security/packages/security-ai-prompts @elastic/security-generative-ai x-pack/solutions/security/packages/side-nav @elastic/security-threat-hunting-investigations x-pack/solutions/security/packages/storybook/config @elastic/security-threat-hunting-investigations +x-pack/solutions/security/packages/test-api-clients @elastic/security-detection-rule-management x-pack/solutions/security/packages/upselling @elastic/security-threat-hunting-investigations x-pack/solutions/security/plugins/cloud_security_posture @elastic/kibana-cloud-security-posture x-pack/solutions/security/plugins/ecs_data_quality_dashboard @elastic/security-threat-hunting-investigations diff --git a/package.json b/package.json index 9cc1882a3f5db..232c444f9486a 100644 --- a/package.json +++ b/package.json @@ -882,6 +882,7 @@ "@kbn/security-solution-serverless": "link:x-pack/solutions/security/plugins/security_solution_serverless", "@kbn/security-solution-side-nav": "link:x-pack/solutions/security/packages/side-nav", "@kbn/security-solution-storybook-config": "link:x-pack/solutions/security/packages/storybook/config", + "@kbn/security-solution-test-api-clients": "link:x-pack/solutions/security/packages/test-api-clients", "@kbn/security-solution-upselling": "link:x-pack/solutions/security/packages/upselling", "@kbn/security-test-endpoints-plugin": "link:x-pack/platform/test/security_functional/plugins/test_endpoints", "@kbn/security-ui-components": "link:x-pack/platform/packages/private/security/ui_components", diff --git a/src/platform/packages/shared/kbn-openapi-generator/src/template_service/templates/api_client_supertest.handlebars b/src/platform/packages/shared/kbn-openapi-generator/src/template_service/templates/api_client_supertest.handlebars index c57593aacf7e0..ce9101fce91af 100644 --- a/src/platform/packages/shared/kbn-openapi-generator/src/template_service/templates/api_client_supertest.handlebars +++ b/src/platform/packages/shared/kbn-openapi-generator/src/template_service/templates/api_client_supertest.handlebars @@ -9,17 +9,18 @@ import { ELASTIC_HTTP_VERSION_HEADER, X_ELASTIC_INTERNAL_ORIGIN_REQUEST } from '@kbn/core-http-common'; import { replaceParams } from '@kbn/openapi-common/shared'; -import { getRouteUrlForSpace } from '@kbn/spaces-plugin/common'; -import { FtrProviderContext } from 'x-pack/platform/test/api_integration/ftr_provider_context'; {{#each operations}} -import { +import type { {{operationId}}RequestQueryInput, {{operationId}}RequestParamsInput, {{operationId}}RequestBodyInput } from '{{replace sourcePath 'schema.yaml' 'gen'}}'; {{/each}} +import type { FtrProviderContext } from '@kbn/ftr-common-functional-services'; +import { getRouteUrlForSpace } from '@kbn/spaces-plugin/common'; + export function SecuritySolutionApiProvider({ getService }: FtrProviderContext) { const supertest = getService('supertest'); @@ -39,7 +40,7 @@ export function SecuritySolutionApiProvider({ getService }: FtrProviderContext) {{~#if requestBody}}.send(props.body as object){{/if}} {{~#if requestQuery}}.query(props.query){{/if}} }, - {{/each}} + {{/each}} } } diff --git a/tsconfig.base.json b/tsconfig.base.json index ab10767e2c61d..2c8af6c236ef0 100644 --- a/tsconfig.base.json +++ b/tsconfig.base.json @@ -1752,6 +1752,8 @@ "@kbn/security-solution-side-nav/*": ["x-pack/solutions/security/packages/side-nav/*"], "@kbn/security-solution-storybook-config": ["x-pack/solutions/security/packages/storybook/config"], "@kbn/security-solution-storybook-config/*": ["x-pack/solutions/security/packages/storybook/config/*"], + "@kbn/security-solution-test-api-clients": ["x-pack/solutions/security/packages/test-api-clients"], + "@kbn/security-solution-test-api-clients/*": ["x-pack/solutions/security/packages/test-api-clients/*"], "@kbn/security-solution-upselling": ["x-pack/solutions/security/packages/upselling"], "@kbn/security-solution-upselling/*": ["x-pack/solutions/security/packages/upselling/*"], "@kbn/security-test-endpoints-plugin": ["x-pack/platform/test/security_functional/plugins/test_endpoints"], diff --git a/x-pack/platform/plugins/shared/osquery/scripts/openapi/generate.js b/x-pack/platform/plugins/shared/osquery/scripts/openapi/generate.js index adedfb45532bd..a5930d4d6da74 100644 --- a/x-pack/platform/plugins/shared/osquery/scripts/openapi/generate.js +++ b/x-pack/platform/plugins/shared/osquery/scripts/openapi/generate.js @@ -32,7 +32,7 @@ const OSQUERY_ROOT = resolve(__dirname, '../..'); bundle: { outFile: join( REPO_ROOT, - 'x-pack/solutions/security/test/api_integration/services/security_solution_osquery_api.gen.ts' + 'x-pack/solutions/security/packages/test-api-clients/supertest/osquery.gen.ts' ), }, }); diff --git a/x-pack/solutions/security/packages/kbn-securitysolution-endpoint-exceptions-common/scripts/openapi_generate.js b/x-pack/solutions/security/packages/kbn-securitysolution-endpoint-exceptions-common/scripts/openapi_generate.js index 9568b61fa81a0..487d3ce16e6f8 100644 --- a/x-pack/solutions/security/packages/kbn-securitysolution-endpoint-exceptions-common/scripts/openapi_generate.js +++ b/x-pack/solutions/security/packages/kbn-securitysolution-endpoint-exceptions-common/scripts/openapi_generate.js @@ -30,7 +30,7 @@ const ROOT = resolve(__dirname, '..'); bundle: { outFile: join( REPO_ROOT, - 'x-pack/solutions/security/test/api_integration/services/security_solution_endpoint_exceptions_api.gen.ts' + 'x-pack/solutions/security/packages/test-api-clients/supertest/endpoint_exceptions.gen.ts' ), }, }); diff --git a/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/scripts/openapi_generate.js b/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/scripts/openapi_generate.js index eff40170c95c3..03568252a7ec6 100644 --- a/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/scripts/openapi_generate.js +++ b/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/scripts/openapi_generate.js @@ -30,7 +30,7 @@ const ROOT = resolve(__dirname, '..'); bundle: { outFile: join( REPO_ROOT, - 'x-pack/solutions/security/test/api_integration/services/security_solution_exceptions_api.gen.ts' + 'x-pack/solutions/security/packages/test-api-clients/supertest/exceptions.gen.ts' ), }, }); diff --git a/x-pack/solutions/security/packages/kbn-securitysolution-lists-common/scripts/openapi_generate.js b/x-pack/solutions/security/packages/kbn-securitysolution-lists-common/scripts/openapi_generate.js index 5562024645714..f7f69c9f06a63 100644 --- a/x-pack/solutions/security/packages/kbn-securitysolution-lists-common/scripts/openapi_generate.js +++ b/x-pack/solutions/security/packages/kbn-securitysolution-lists-common/scripts/openapi_generate.js @@ -30,7 +30,7 @@ const ROOT = resolve(__dirname, '..'); bundle: { outFile: join( REPO_ROOT, - 'x-pack/solutions/security/test/api_integration/services/security_solution_lists_api.gen.ts' + 'x-pack/solutions/security/packages/test-api-clients/supertest/lists.gen.ts' ), }, }); diff --git a/x-pack/solutions/security/packages/test-api-clients/README.md b/x-pack/solutions/security/packages/test-api-clients/README.md new file mode 100644 index 0000000000000..b5e4e6c637c53 --- /dev/null +++ b/x-pack/solutions/security/packages/test-api-clients/README.md @@ -0,0 +1,27 @@ +# @kbn/security-solution-test-api-clients + +Auto-generated API clients for Security Solution testing. + +This package contains Supertest API clients generated from OpenAPI schemas for use in Security Solution integration tests. + +## Usage example + +Add a service to your test services configuration +```typescript +import { SecuritySolutionApiProvider } from '@kbn/security-solution-test-api-clients/supertest/detections.gen'; + +export const services = { + detectionsApi: SecuritySolutionApiProvider, + // ... other services +}; +``` + +Then use the service in your test +```typescript +export default ({ getService }: FtrProviderContext): void => { + const detectionsApi = getService('detectionsApi'); + + // ... + + detectionsApi.findRules({ query: {} }).expect(200); +``` diff --git a/x-pack/solutions/security/packages/test-api-clients/kibana.jsonc b/x-pack/solutions/security/packages/test-api-clients/kibana.jsonc new file mode 100644 index 0000000000000..982132fc2392d --- /dev/null +++ b/x-pack/solutions/security/packages/test-api-clients/kibana.jsonc @@ -0,0 +1,9 @@ +{ + "id": "@kbn/security-solution-test-api-clients", + "type": "shared-common", + "owner": [ + "@elastic/security-detection-rule-management" + ], + "group": "security", + "visibility": "private" +} \ No newline at end of file diff --git a/x-pack/solutions/security/packages/test-api-clients/package.json b/x-pack/solutions/security/packages/test-api-clients/package.json new file mode 100644 index 0000000000000..69a171c7e01f1 --- /dev/null +++ b/x-pack/solutions/security/packages/test-api-clients/package.json @@ -0,0 +1,7 @@ +{ + "name": "@kbn/security-solution-test-api-clients", + "description": "Security Solution API clients for testing", + "private": true, + "version": "1.0.0", + "license": "Elastic License 2.0" +} diff --git a/x-pack/solutions/security/packages/test-api-clients/supertest/detections.gen.ts b/x-pack/solutions/security/packages/test-api-clients/supertest/detections.gen.ts new file mode 100644 index 0000000000000..d88d9408d5259 --- /dev/null +++ b/x-pack/solutions/security/packages/test-api-clients/supertest/detections.gen.ts @@ -0,0 +1,607 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +/* + * NOTICE: Do not edit this file manually. + * This file is automatically generated by the OpenAPI Generator, @kbn/openapi-generator. + * + * info: + * title: Detections API client for tests + * version: Bundle (no version) + */ + +import { + ELASTIC_HTTP_VERSION_HEADER, + X_ELASTIC_INTERNAL_ORIGIN_REQUEST, +} from '@kbn/core-http-common'; +import { replaceParams } from '@kbn/openapi-common/shared'; + +import type { AlertsMigrationCleanupRequestBodyInput } from '@kbn/security-solution-plugin/common/api/detection_engine/signals_migration/delete_signals_migration/delete_signals_migration.gen'; +import type { CreateAlertsMigrationRequestBodyInput } from '@kbn/security-solution-plugin/common/api/detection_engine/signals_migration/create_signals_migration/create_signals_migration.gen'; +import type { CreateRuleRequestBodyInput } from '@kbn/security-solution-plugin/common/api/detection_engine/rule_management/crud/create_rule/create_rule_route.gen'; +import type { DeleteRuleRequestQueryInput } from '@kbn/security-solution-plugin/common/api/detection_engine/rule_management/crud/delete_rule/delete_rule_route.gen'; +import type { + ExportRulesRequestQueryInput, + ExportRulesRequestBodyInput, +} from '@kbn/security-solution-plugin/common/api/detection_engine/rule_management/export_rules/export_rules_route.gen'; +import type { FinalizeAlertsMigrationRequestBodyInput } from '@kbn/security-solution-plugin/common/api/detection_engine/signals_migration/finalize_signals_migration/finalize_signals_migration.gen'; +import type { FindRulesRequestQueryInput } from '@kbn/security-solution-plugin/common/api/detection_engine/rule_management/find_rules/find_rules_route.gen'; +import type { + GetRuleExecutionEventsRequestQueryInput, + GetRuleExecutionEventsRequestParamsInput, +} from '@kbn/security-solution-plugin/common/api/detection_engine/rule_monitoring/rule_execution_logs/get_rule_execution_events/get_rule_execution_events_route.gen'; +import type { + GetRuleExecutionResultsRequestQueryInput, + GetRuleExecutionResultsRequestParamsInput, +} from '@kbn/security-solution-plugin/common/api/detection_engine/rule_monitoring/rule_execution_logs/get_rule_execution_results/get_rule_execution_results_route.gen'; +import type { ImportRulesRequestQueryInput } from '@kbn/security-solution-plugin/common/api/detection_engine/rule_management/import_rules/import_rules_route.gen'; +import type { PatchRuleRequestBodyInput } from '@kbn/security-solution-plugin/common/api/detection_engine/rule_management/crud/patch_rule/patch_rule_route.gen'; +import type { + PerformRulesBulkActionRequestQueryInput, + PerformRulesBulkActionRequestBodyInput, +} from '@kbn/security-solution-plugin/common/api/detection_engine/rule_management/bulk_actions/bulk_actions_route.gen'; +import type { ReadAlertsMigrationStatusRequestQueryInput } from '@kbn/security-solution-plugin/common/api/detection_engine/signals_migration/read_signals_migration_status/read_signals_migration_status.gen'; +import type { ReadRuleRequestQueryInput } from '@kbn/security-solution-plugin/common/api/detection_engine/rule_management/crud/read_rule/read_rule_route.gen'; +import type { + RulePreviewRequestQueryInput, + RulePreviewRequestBodyInput, +} from '@kbn/security-solution-plugin/common/api/detection_engine/rule_preview/rule_preview.gen'; +import type { SearchAlertsRequestBodyInput } from '@kbn/security-solution-plugin/common/api/detection_engine/signals/query_signals/query_signals_route.gen'; +import type { SetAlertAssigneesRequestBodyInput } from '@kbn/security-solution-plugin/common/api/detection_engine/alert_assignees/set_alert_assignees_route.gen'; +import type { SetAlertsStatusRequestBodyInput } from '@kbn/security-solution-plugin/common/api/detection_engine/signals/set_signal_status/set_signals_status_route.gen'; +import type { SetAlertTagsRequestBodyInput } from '@kbn/security-solution-plugin/common/api/detection_engine/alert_tags/set_alert_tags/set_alert_tags.gen'; +import type { SuggestUserProfilesRequestQueryInput } from '@kbn/security-solution-plugin/common/api/detection_engine/users/suggest_user_profiles_route.gen'; +import type { UpdateRuleRequestBodyInput } from '@kbn/security-solution-plugin/common/api/detection_engine/rule_management/crud/update_rule/update_rule_route.gen'; + +import type { FtrProviderContext } from '@kbn/ftr-common-functional-services'; +import { getRouteUrlForSpace } from '@kbn/spaces-plugin/common'; + +export function SecuritySolutionApiProvider({ getService }: FtrProviderContext) { + const supertest = getService('supertest'); + + return { + /** + * Migrations favor data integrity over shard size. Consequently, unused or orphaned indices are artifacts of +the migration process. A successful migration will result in both the old and new indices being present. +As such, the old, orphaned index can (and likely should) be deleted. + +While you can delete these indices manually, +the endpoint accomplishes this task by applying a deletion policy to the relevant index, causing it to be deleted +after 30 days. It also deletes other artifacts specific to the migration implementation. + + */ + alertsMigrationCleanup(props: AlertsMigrationCleanupProps, kibanaSpace: string = 'default') { + return supertest + .delete(getRouteUrlForSpace('/api/detection_engine/signals/migration', kibanaSpace)) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') + .send(props.body as object); + }, + /** + * Ensures that the packages needed for prebuilt detection rules to work are installed and up to date + */ + bootstrapPrebuiltRules(kibanaSpace: string = 'default') { + return supertest + .post( + getRouteUrlForSpace('/internal/detection_engine/prebuilt_rules/_bootstrap', kibanaSpace) + ) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '1') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); + }, + createAlertsIndex(kibanaSpace: string = 'default') { + return supertest + .post(getRouteUrlForSpace('/api/detection_engine/index', kibanaSpace)) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); + }, + /** + * Initiate a migration of detection alerts. +Migrations are initiated per index. While the process is neither destructive nor interferes with existing data, it may be resource-intensive. As such, it is recommended that you plan your migrations accordingly. + + */ + createAlertsMigration(props: CreateAlertsMigrationProps, kibanaSpace: string = 'default') { + return supertest + .post(getRouteUrlForSpace('/api/detection_engine/signals/migration', kibanaSpace)) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') + .send(props.body as object); + }, + /** + * Create a new detection rule. +> warn +> When used with [API key](https://www.elastic.co/docs/deploy-manage/api-keys) authentication, the user's key gets assigned to the affected rules. If the user's key gets deleted or the user becomes inactive, the rules will stop running. + +> If the API key that is used for authorization has different privileges than the key that created or most recently updated the rule, the rule behavior might change. + +You can create the following types of rules: + +* **Custom query**: Searches the defined indices and creates an alert when a document matches the rule's KQL query. +* **Event correlation**: Searches the defined indices and creates an alert when results match an [Event Query Language (EQL)](https://www.elastic.co/guide/en/elasticsearch/reference/current/eql.html) query. +* **Threshold**: Searches the defined indices and creates an alert when the number of times the specified field's value meets the threshold during a single execution. When there are multiple values that meet the threshold, an alert is generated for each value. + For example, if the threshold `field` is `source.ip` and its `value` is `10`, an alert is generated for every source IP address that appears in at least 10 of the rule's search results. If you're interested, see [Terms Aggregation](https://www.elastic.co/guide/en/elasticsearch/reference/current/search-aggregations-bucket-terms-aggregation.html) for more information. +* **Indicator match**: Creates an alert when fields match values defined in the specified [Elasticsearch index](https://www.elastic.co/guide/en/elasticsearch/reference/current/indices-create-index.html). For example, you can create an index for IP addresses and use this index to create an alert whenever an event's `destination.ip` equals a value in the index. The index's field mappings should be [ECS-compliant](https://www.elastic.co/guide/en/ecs/current/ecs-reference.html). +* **New terms**: Generates an alert for each new term detected in source documents within a specified time range. +* **ES|QL**: Uses [Elasticsearch Query Language (ES|QL)](https://www.elastic.co/guide/en/elasticsearch/reference/current/esql.html) to find events and aggregate search results. +* **Machine learning rules**: Creates an alert when a machine learning job discovers an anomaly above the defined threshold. +> info +> To create machine learning rules, you must have the [appropriate license](https://www.elastic.co/subscriptions) or use a [cloud deployment](https://cloud.elastic.co/registration). Additionally, for the machine learning rule to function correctly, the associated machine learning job must be running. + +To retrieve machine learning job IDs, which are required to create machine learning jobs, call the [Elasticsearch Get jobs API](https://www.elastic.co/guide/en/elasticsearch/reference/current/ml-get-job.html). Machine learning jobs that contain `siem` in the `groups` field can be used to create rules: + +```json +... +"job_id": "linux_anomalous_network_activity_ecs", +"job_type": "anomaly_detector", +"job_version": "7.7.0", +"groups": [ + "auditbeat", + "process", + "siem" +], +... +``` + +Additionally, you can set up notifications for when rules create alerts. The notifications use the [Alerting and Actions framework](https://www.elastic.co/guide/en/kibana/current/alerting-getting-started.html). Each action type requires a connector. Connectors store the information required to send notifications via external systems. The following connector types are supported for rule notifications: + +* Slack +* Email +* PagerDuty +* Webhook +* Microsoft Teams +* IBM Resilient +* Jira +* ServiceNow ITSM +> info +> For more information on PagerDuty fields, see [Send a v2 Event](https://developer.pagerduty.com/docs/events-api-v2/trigger-events/). + +To retrieve connector IDs, which are required to configure rule notifications, call the [Find objects API](https://www.elastic.co/guide/en/kibana/current/saved-objects-api-find.html) with `"type": "action"` in the request payload. + +For detailed information on Kibana actions and alerting, and additional API calls, see: + +* [Alerting API](https://www.elastic.co/docs/api/doc/kibana/group/endpoint-alerting) +* [Alerting and Actions framework](https://www.elastic.co/guide/en/kibana/current/alerting-getting-started.html) +* [Connectors API](https://www.elastic.co/docs/api/doc/kibana/group/endpoint-connectors) + + */ + createRule(props: CreateRuleProps, kibanaSpace: string = 'default') { + return supertest + .post(getRouteUrlForSpace('/api/detection_engine/rules', kibanaSpace)) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') + .send(props.body as object); + }, + deleteAlertsIndex(kibanaSpace: string = 'default') { + return supertest + .delete(getRouteUrlForSpace('/api/detection_engine/index', kibanaSpace)) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); + }, + /** + * Delete a detection rule using the `rule_id` or `id` field. + +The URL query must include one of the following: + +* `id` - `DELETE /api/detection_engine/rules?id=` +* `rule_id`- `DELETE /api/detection_engine/rules?rule_id=` + +The difference between the `id` and `rule_id` is that the `id` is a unique rule identifier that is randomly generated when a rule is created and cannot be set, whereas `rule_id` is a stable rule identifier that can be assigned during rule creation. + + */ + deleteRule(props: DeleteRuleProps, kibanaSpace: string = 'default') { + return supertest + .delete(getRouteUrlForSpace('/api/detection_engine/rules', kibanaSpace)) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') + .query(props.query); + }, + /** + * Export detection rules to an `.ndjson` file. The following configuration items are also included in the `.ndjson` file: +- Actions +- Exception lists +> info +> Rule actions and connectors are included in the exported file, but sensitive information about the connector (such as authentication credentials) is not included. You must re-add missing connector details after importing detection rules. + +> You can use Kibana’s [Saved Objects](https://www.elastic.co/guide/en/kibana/current/managing-saved-objects.html) UI (Stack Management → Kibana → Saved Objects) or the Saved Objects APIs (experimental) to [export](https://www.elastic.co/docs/api/doc/kibana/operation/operation-exportsavedobjectsdefault) and [import](https://www.elastic.co/docs/api/doc/kibana/operation/operation-importsavedobjectsdefault) any necessary connectors before importing detection rules. + +> Similarly, any value lists used for rule exceptions are not included in rule exports or imports. Use the [Manage value lists](https://www.elastic.co/guide/en/security/current/value-lists-exceptions.html#manage-value-lists) UI (Rules → Detection rules (SIEM) → Manage value lists) to export and import value lists separately. + + */ + exportRules(props: ExportRulesProps, kibanaSpace: string = 'default') { + return supertest + .post(getRouteUrlForSpace('/api/detection_engine/rules/_export', kibanaSpace)) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') + .send(props.body as object) + .query(props.query); + }, + /** + * Finalize successful migrations of detection alerts. This replaces the original index's alias with the successfully migrated index's alias. +The endpoint is idempotent; therefore, it can safely be used to poll a given migration and, upon completion, +finalize it. + + */ + finalizeAlertsMigration(props: FinalizeAlertsMigrationProps, kibanaSpace: string = 'default') { + return supertest + .post(getRouteUrlForSpace('/api/detection_engine/signals/finalize_migration', kibanaSpace)) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') + .send(props.body as object); + }, + /** + * Retrieve a paginated list of detection rules. By default, the first page is returned, with 20 results per page. + */ + findRules(props: FindRulesProps, kibanaSpace: string = 'default') { + return supertest + .get(getRouteUrlForSpace('/api/detection_engine/rules/_find', kibanaSpace)) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') + .query(props.query); + }, + getRuleExecutionEvents(props: GetRuleExecutionEventsProps, kibanaSpace: string = 'default') { + return supertest + .put( + getRouteUrlForSpace( + replaceParams( + '/internal/detection_engine/rules/{ruleId}/execution/events', + props.params + ), + kibanaSpace + ) + ) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '1') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') + .query(props.query); + }, + getRuleExecutionResults(props: GetRuleExecutionResultsProps, kibanaSpace: string = 'default') { + return supertest + .put( + getRouteUrlForSpace( + replaceParams( + '/internal/detection_engine/rules/{ruleId}/execution/results', + props.params + ), + kibanaSpace + ) + ) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '1') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') + .query(props.query); + }, + /** + * Import detection rules from an `.ndjson` file, including actions and exception lists. The request must include: +- The `Content-Type: multipart/form-data` HTTP header. +- A link to the `.ndjson` file containing the rules. +> warn +> When used with [API key](https://www.elastic.co/docs/deploy-manage/api-keys) authentication, the user's key gets assigned to the affected rules. If the user's key gets deleted or the user becomes inactive, the rules will stop running. + +> If the API key that is used for authorization has different privileges than the key that created or most recently updated the rule, the rule behavior might change. +> info +> To import rules with actions, you need at least Read privileges for the Action and Connectors feature. To overwrite or add new connectors, you need All privileges for the Actions and Connectors feature. To import rules without actions, you don’t need Actions and Connectors privileges. Refer to [Enable and access detections](https://www.elastic.co/guide/en/security/current/detections-permissions-section.html#enable-detections-ui) for more information. + +> info +> Rule actions and connectors are included in the exported file, but sensitive information about the connector (such as authentication credentials) is not included. You must re-add missing connector details after importing detection rules. + +> You can use Kibana’s [Saved Objects](https://www.elastic.co/guide/en/kibana/current/managing-saved-objects.html) UI (Stack Management → Kibana → Saved Objects) or the Saved Objects APIs (experimental) to [export](https://www.elastic.co/docs/api/doc/kibana/operation/operation-exportsavedobjectsdefault) and [import](https://www.elastic.co/docs/api/doc/kibana/operation/operation-importsavedobjectsdefault) any necessary connectors before importing detection rules. + +> Similarly, any value lists used for rule exceptions are not included in rule exports or imports. Use the [Manage value lists](https://www.elastic.co/guide/en/security/current/value-lists-exceptions.html#manage-value-lists) UI (Rules → Detection rules (SIEM) → Manage value lists) to export and import value lists separately. + + */ + importRules(props: ImportRulesProps, kibanaSpace: string = 'default') { + return supertest + .post(getRouteUrlForSpace('/api/detection_engine/rules/_import', kibanaSpace)) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') + .query(props.query); + }, + /** + * Install and update all Elastic prebuilt detection rules and Timelines. + +This endpoint allows you to install and update prebuilt detection rules and Timelines provided by Elastic. +When you call this endpoint, it will: +- Install any new prebuilt detection rules that are not currently installed in your system. +- Update any existing prebuilt detection rules that have been modified or improved by Elastic. +- Install any new prebuilt Timelines that are not currently installed in your system. +- Update any existing prebuilt Timelines that have been modified or improved by Elastic. + +This ensures that your detection engine is always up-to-date with the latest rules and Timelines, +providing you with the most current and effective threat detection capabilities. + + */ + installPrebuiltRulesAndTimelines(kibanaSpace: string = 'default') { + return supertest + .put(getRouteUrlForSpace('/api/detection_engine/rules/prepackaged', kibanaSpace)) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); + }, + /** + * Update specific fields of an existing detection rule using the `rule_id` or `id` field. + +The difference between the `id` and `rule_id` is that the `id` is a unique rule identifier that is randomly generated when a rule is created and cannot be set, whereas `rule_id` is a stable rule identifier that can be assigned during rule creation. +> warn +> When used with [API key](https://www.elastic.co/docs/deploy-manage/api-keys) authentication, the user's key gets assigned to the affected rules. If the user's key gets deleted or the user becomes inactive, the rules will stop running. + +> If the API key that is used for authorization has different privileges than the key that created or most recently updated the rule, the rule behavior might change. + + */ + patchRule(props: PatchRuleProps, kibanaSpace: string = 'default') { + return supertest + .patch(getRouteUrlForSpace('/api/detection_engine/rules', kibanaSpace)) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') + .send(props.body as object); + }, + /** + * Apply a bulk action, such as bulk edit, duplicate, or delete, to multiple detection rules. The bulk action is applied to all rules that match the query or to the rules listed by their IDs. + +The edit action allows you to add, delete, or set tags, index patterns, investigation fields, rule actions and schedules for multiple rules at once. +The edit action is idempotent, meaning that if you add a tag to a rule that already has that tag, no changes are made. The same is true for other edit actions, for example removing an index pattern that is not specified in a rule will not result in any changes. The only exception is the `add_rule_actions` and `set_rule_actions` action, which is non-idempotent. This means that if you add or set a rule action to a rule that already has that action, a new action is created with a new unique ID. +> warn +> When used with [API key](https://www.elastic.co/docs/deploy-manage/api-keys) authentication, the user's key gets assigned to the affected rules. If the user's key gets deleted or the user becomes inactive, the rules will stop running. + +> If the API key that is used for authorization has different privileges than the key that created or most recently updated the rule, the rule behavior might change. + + */ + performRulesBulkAction(props: PerformRulesBulkActionProps, kibanaSpace: string = 'default') { + return supertest + .post(getRouteUrlForSpace('/api/detection_engine/rules/_bulk_action', kibanaSpace)) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') + .send(props.body as object) + .query(props.query); + }, + readAlertsIndex(kibanaSpace: string = 'default') { + return supertest + .get(getRouteUrlForSpace('/api/detection_engine/index', kibanaSpace)) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); + }, + /** + * Retrieve indices that contain detection alerts of a particular age, along with migration information for each of those indices. + */ + readAlertsMigrationStatus( + props: ReadAlertsMigrationStatusProps, + kibanaSpace: string = 'default' + ) { + return supertest + .get(getRouteUrlForSpace('/api/detection_engine/signals/migration_status', kibanaSpace)) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') + .query(props.query); + }, + /** + * Retrieve the status of all Elastic prebuilt detection rules and Timelines. + +This endpoint provides detailed information about the number of custom rules, installed prebuilt rules, available prebuilt rules that are not installed, outdated prebuilt rules, installed prebuilt timelines, available prebuilt timelines that are not installed, and outdated prebuilt timelines. + + */ + readPrebuiltRulesAndTimelinesStatus(kibanaSpace: string = 'default') { + return supertest + .get(getRouteUrlForSpace('/api/detection_engine/rules/prepackaged/_status', kibanaSpace)) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); + }, + /** + * Retrieves whether or not the user is authenticated, and the user's Kibana +space and index privileges, which determine if the user can create an +index for the Elastic Security alerts generated by +detection engine rules. + + */ + readPrivileges(kibanaSpace: string = 'default') { + return supertest + .get(getRouteUrlForSpace('/api/detection_engine/privileges', kibanaSpace)) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); + }, + /** + * Retrieve a detection rule using the `rule_id` or `id` field. + +The URL query must include one of the following: + +* `id` - `GET /api/detection_engine/rules?id=` +* `rule_id` - `GET /api/detection_engine/rules?rule_id=` + +The difference between the `id` and `rule_id` is that the `id` is a unique rule identifier that is randomly generated when a rule is created and cannot be set, whereas `rule_id` is a stable rule identifier that can be assigned during rule creation. + + */ + readRule(props: ReadRuleProps, kibanaSpace: string = 'default') { + return supertest + .get(getRouteUrlForSpace('/api/detection_engine/rules', kibanaSpace)) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') + .query(props.query); + }, + /** + * List all unique tags from all detection rules. + */ + readTags(kibanaSpace: string = 'default') { + return supertest + .get(getRouteUrlForSpace('/api/detection_engine/tags', kibanaSpace)) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); + }, + rulePreview(props: RulePreviewProps, kibanaSpace: string = 'default') { + return supertest + .post(getRouteUrlForSpace('/api/detection_engine/rules/preview', kibanaSpace)) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') + .send(props.body as object) + .query(props.query); + }, + /** + * Find and/or aggregate detection alerts that match the given query. + */ + searchAlerts(props: SearchAlertsProps, kibanaSpace: string = 'default') { + return supertest + .post(getRouteUrlForSpace('/api/detection_engine/signals/search', kibanaSpace)) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') + .send(props.body as object); + }, + /** + * Assign users to detection alerts, and unassign them from alerts. +> info +> You cannot add and remove the same assignee in the same request. + + */ + setAlertAssignees(props: SetAlertAssigneesProps, kibanaSpace: string = 'default') { + return supertest + .post(getRouteUrlForSpace('/api/detection_engine/signals/assignees', kibanaSpace)) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') + .send(props.body as object); + }, + /** + * Set the status of one or more detection alerts. + */ + setAlertsStatus(props: SetAlertsStatusProps, kibanaSpace: string = 'default') { + return supertest + .post(getRouteUrlForSpace('/api/detection_engine/signals/status', kibanaSpace)) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') + .send(props.body as object); + }, + /** + * And tags to detection alerts, and remove them from alerts. +> info +> You cannot add and remove the same alert tag in the same request. + + */ + setAlertTags(props: SetAlertTagsProps, kibanaSpace: string = 'default') { + return supertest + .post(getRouteUrlForSpace('/api/detection_engine/signals/tags', kibanaSpace)) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') + .send(props.body as object); + }, + /** + * Suggests user profiles. + */ + suggestUserProfiles(props: SuggestUserProfilesProps, kibanaSpace: string = 'default') { + return supertest + .post(getRouteUrlForSpace('/internal/detection_engine/users/_find', kibanaSpace)) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '1') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') + .query(props.query); + }, + /** + * Update a detection rule using the `rule_id` or `id` field. The original rule is replaced, and all unspecified fields are deleted. + +The difference between the `id` and `rule_id` is that the `id` is a unique rule identifier that is randomly generated when a rule is created and cannot be set, whereas `rule_id` is a stable rule identifier that can be assigned during rule creation. +> warn +> When used with [API key](https://www.elastic.co/docs/deploy-manage/api-keys) authentication, the user's key gets assigned to the affected rules. If the user's key gets deleted or the user becomes inactive, the rules will stop running. + +> If the API key that is used for authorization has different privileges than the key that created or most recently updated the rule, the rule behavior might change. + + */ + updateRule(props: UpdateRuleProps, kibanaSpace: string = 'default') { + return supertest + .put(getRouteUrlForSpace('/api/detection_engine/rules', kibanaSpace)) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') + .send(props.body as object); + }, + }; +} + +export interface AlertsMigrationCleanupProps { + body: AlertsMigrationCleanupRequestBodyInput; +} +export interface CreateAlertsMigrationProps { + body: CreateAlertsMigrationRequestBodyInput; +} +export interface CreateRuleProps { + body: CreateRuleRequestBodyInput; +} +export interface DeleteRuleProps { + query: DeleteRuleRequestQueryInput; +} +export interface ExportRulesProps { + query: ExportRulesRequestQueryInput; + body: ExportRulesRequestBodyInput; +} +export interface FinalizeAlertsMigrationProps { + body: FinalizeAlertsMigrationRequestBodyInput; +} +export interface FindRulesProps { + query: FindRulesRequestQueryInput; +} +export interface GetRuleExecutionEventsProps { + query: GetRuleExecutionEventsRequestQueryInput; + params: GetRuleExecutionEventsRequestParamsInput; +} +export interface GetRuleExecutionResultsProps { + query: GetRuleExecutionResultsRequestQueryInput; + params: GetRuleExecutionResultsRequestParamsInput; +} +export interface ImportRulesProps { + query: ImportRulesRequestQueryInput; +} +export interface PatchRuleProps { + body: PatchRuleRequestBodyInput; +} +export interface PerformRulesBulkActionProps { + query: PerformRulesBulkActionRequestQueryInput; + body: PerformRulesBulkActionRequestBodyInput; +} +export interface ReadAlertsMigrationStatusProps { + query: ReadAlertsMigrationStatusRequestQueryInput; +} +export interface ReadRuleProps { + query: ReadRuleRequestQueryInput; +} +export interface RulePreviewProps { + query: RulePreviewRequestQueryInput; + body: RulePreviewRequestBodyInput; +} +export interface SearchAlertsProps { + body: SearchAlertsRequestBodyInput; +} +export interface SetAlertAssigneesProps { + body: SetAlertAssigneesRequestBodyInput; +} +export interface SetAlertsStatusProps { + body: SetAlertsStatusRequestBodyInput; +} +export interface SetAlertTagsProps { + body: SetAlertTagsRequestBodyInput; +} +export interface SuggestUserProfilesProps { + query: SuggestUserProfilesRequestQueryInput; +} +export interface UpdateRuleProps { + body: UpdateRuleRequestBodyInput; +} diff --git a/x-pack/solutions/security/test/api_integration/services/security_solution_endpoint_exceptions_api.gen.ts b/x-pack/solutions/security/packages/test-api-clients/supertest/endpoint_exceptions.gen.ts similarity index 82% rename from x-pack/solutions/security/test/api_integration/services/security_solution_endpoint_exceptions_api.gen.ts rename to x-pack/solutions/security/packages/test-api-clients/supertest/endpoint_exceptions.gen.ts index 1a248829dfe84..82320fc2df5d9 100644 --- a/x-pack/solutions/security/test/api_integration/services/security_solution_endpoint_exceptions_api.gen.ts +++ b/x-pack/solutions/security/packages/test-api-clients/supertest/endpoint_exceptions.gen.ts @@ -18,14 +18,15 @@ import { ELASTIC_HTTP_VERSION_HEADER, X_ELASTIC_INTERNAL_ORIGIN_REQUEST, } from '@kbn/core-http-common'; -import { getRouteUrlForSpace } from '@kbn/spaces-plugin/common'; -import { CreateEndpointListItemRequestBodyInput } from '@kbn/securitysolution-endpoint-exceptions-common/api/create_endpoint_list_item/create_endpoint_list_item.gen'; -import { DeleteEndpointListItemRequestQueryInput } from '@kbn/securitysolution-endpoint-exceptions-common/api/delete_endpoint_list_item/delete_endpoint_list_item.gen'; -import { FindEndpointListItemsRequestQueryInput } from '@kbn/securitysolution-endpoint-exceptions-common/api/find_endpoint_list_item/find_endpoint_list_item.gen'; -import { ReadEndpointListItemRequestQueryInput } from '@kbn/securitysolution-endpoint-exceptions-common/api/read_endpoint_list_item/read_endpoint_list_item.gen'; -import { UpdateEndpointListItemRequestBodyInput } from '@kbn/securitysolution-endpoint-exceptions-common/api/update_endpoint_list_item/update_endpoint_list_item.gen'; -import { FtrProviderContext } from '@kbn/test-suites-xpack-platform/api_integration/ftr_provider_context'; +import type { CreateEndpointListItemRequestBodyInput } from '@kbn/securitysolution-endpoint-exceptions-common/api/create_endpoint_list_item/create_endpoint_list_item.gen'; +import type { DeleteEndpointListItemRequestQueryInput } from '@kbn/securitysolution-endpoint-exceptions-common/api/delete_endpoint_list_item/delete_endpoint_list_item.gen'; +import type { FindEndpointListItemsRequestQueryInput } from '@kbn/securitysolution-endpoint-exceptions-common/api/find_endpoint_list_item/find_endpoint_list_item.gen'; +import type { ReadEndpointListItemRequestQueryInput } from '@kbn/securitysolution-endpoint-exceptions-common/api/read_endpoint_list_item/read_endpoint_list_item.gen'; +import type { UpdateEndpointListItemRequestBodyInput } from '@kbn/securitysolution-endpoint-exceptions-common/api/update_endpoint_list_item/update_endpoint_list_item.gen'; + +import type { FtrProviderContext } from '@kbn/ftr-common-functional-services'; +import { getRouteUrlForSpace } from '@kbn/spaces-plugin/common'; export function SecuritySolutionApiProvider({ getService }: FtrProviderContext) { const supertest = getService('supertest'); diff --git a/x-pack/solutions/security/packages/test-api-clients/supertest/endpoint_management.gen.ts b/x-pack/solutions/security/packages/test-api-clients/supertest/endpoint_management.gen.ts new file mode 100644 index 0000000000000..22b1f3d34e65d --- /dev/null +++ b/x-pack/solutions/security/packages/test-api-clients/supertest/endpoint_management.gen.ts @@ -0,0 +1,425 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +/* + * NOTICE: Do not edit this file manually. + * This file is automatically generated by the OpenAPI Generator, @kbn/openapi-generator. + * + * info: + * title: Endpoint Management API client for tests + * version: Bundle (no version) + */ + +import { + ELASTIC_HTTP_VERSION_HEADER, + X_ELASTIC_INTERNAL_ORIGIN_REQUEST, +} from '@kbn/core-http-common'; +import { replaceParams } from '@kbn/openapi-common/shared'; + +import type { + CreateUpdateProtectionUpdatesNoteRequestParamsInput, + CreateUpdateProtectionUpdatesNoteRequestBodyInput, + GetProtectionUpdatesNoteRequestParamsInput, +} from '@kbn/security-solution-plugin/common/api/endpoint/protection_updates_note/protection_updates_note.gen'; +import type { EndpointExecuteActionRequestBodyInput } from '@kbn/security-solution-plugin/common/api/endpoint/actions/response_actions/execute/execute.gen'; +import type { EndpointFileDownloadRequestParamsInput } from '@kbn/security-solution-plugin/common/api/endpoint/actions/file_download/file_download.gen'; +import type { EndpointFileInfoRequestParamsInput } from '@kbn/security-solution-plugin/common/api/endpoint/actions/file_info/file_info.gen'; +import type { EndpointGetActionsDetailsRequestParamsInput } from '@kbn/security-solution-plugin/common/api/endpoint/actions/details/details.gen'; +import type { EndpointGetActionsListRequestQueryInput } from '@kbn/security-solution-plugin/common/api/endpoint/actions/list/list.gen'; +import type { EndpointGetActionsStatusRequestQueryInput } from '@kbn/security-solution-plugin/common/api/endpoint/actions/status/status.gen'; +import type { EndpointGetFileActionRequestBodyInput } from '@kbn/security-solution-plugin/common/api/endpoint/actions/response_actions/get_file/get_file.gen'; +import type { EndpointGetProcessesActionRequestBodyInput } from '@kbn/security-solution-plugin/common/api/endpoint/actions/response_actions/running_procs/running_procs.gen'; +import type { EndpointIsolateActionRequestBodyInput } from '@kbn/security-solution-plugin/common/api/endpoint/actions/response_actions/isolate/isolate.gen'; +import type { EndpointKillProcessActionRequestBodyInput } from '@kbn/security-solution-plugin/common/api/endpoint/actions/response_actions/kill_process/kill_process.gen'; +import type { EndpointScanActionRequestBodyInput } from '@kbn/security-solution-plugin/common/api/endpoint/actions/response_actions/scan/scan.gen'; +import type { EndpointSuspendProcessActionRequestBodyInput } from '@kbn/security-solution-plugin/common/api/endpoint/actions/response_actions/suspend_process/suspend_process.gen'; +import type { EndpointUnisolateActionRequestBodyInput } from '@kbn/security-solution-plugin/common/api/endpoint/actions/response_actions/unisolate/unisolate.gen'; +import type { GetEndpointMetadataListRequestQueryInput } from '@kbn/security-solution-plugin/common/api/endpoint/metadata/get_metadata.gen'; +import type { + GetEndpointSuggestionsRequestParamsInput, + GetEndpointSuggestionsRequestBodyInput, +} from '@kbn/security-solution-plugin/common/api/endpoint/suggestions/get_suggestions.gen'; +import type { GetPolicyResponseRequestQueryInput } from '@kbn/security-solution-plugin/common/api/endpoint/policy/policy_response.gen'; +import type { + GetWorkflowInsightsRequestQueryInput, + UpdateWorkflowInsightRequestParamsInput, + UpdateWorkflowInsightRequestBodyInput, +} from '@kbn/security-solution-plugin/common/api/endpoint/workflow_insights/workflow_insights.gen'; +import type { RunScriptActionRequestBodyInput } from '@kbn/security-solution-plugin/common/api/endpoint/actions/response_actions/run_script/run_script.gen'; + +import type { FtrProviderContext } from '@kbn/ftr-common-functional-services'; +import { getRouteUrlForSpace } from '@kbn/spaces-plugin/common'; + +export function SecuritySolutionApiProvider({ getService }: FtrProviderContext) { + const supertest = getService('supertest'); + + return { + createUpdateProtectionUpdatesNote( + props: CreateUpdateProtectionUpdatesNoteProps, + kibanaSpace: string = 'default' + ) { + return supertest + .post( + getRouteUrlForSpace( + replaceParams( + '/api/endpoint/protection_updates_note/{package_policy_id}', + props.params + ), + kibanaSpace + ) + ) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') + .send(props.body as object); + }, + /** + * Run a shell command on an endpoint. + */ + endpointExecuteAction(props: EndpointExecuteActionProps, kibanaSpace: string = 'default') { + return supertest + .post(getRouteUrlForSpace('/api/endpoint/action/execute', kibanaSpace)) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') + .send(props.body as object); + }, + /** + * Download a file from an endpoint. +> info +> To construct a `file_id`, combine the `action_id` and `agent_id` values using a dot separator: +> {`file_id`} = {`action_id`}`.`{`agent_id`} + + */ + endpointFileDownload(props: EndpointFileDownloadProps, kibanaSpace: string = 'default') { + return supertest + .get( + getRouteUrlForSpace( + replaceParams('/api/endpoint/action/{action_id}/file/{file_id}/download', props.params), + kibanaSpace + ) + ) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); + }, + /** + * Get information for the specified file using the file ID. +> info +> To construct a `file_id`, combine the `action_id` and `agent_id` values using a dot separator: +> {`file_id`} = {`action_id`}`.`{`agent_id`} + + */ + endpointFileInfo(props: EndpointFileInfoProps, kibanaSpace: string = 'default') { + return supertest + .get( + getRouteUrlForSpace( + replaceParams('/api/endpoint/action/{action_id}/file/{file_id}', props.params), + kibanaSpace + ) + ) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); + }, + /** + * Get the details of a response action using the action ID. + */ + endpointGetActionsDetails( + props: EndpointGetActionsDetailsProps, + kibanaSpace: string = 'default' + ) { + return supertest + .get( + getRouteUrlForSpace( + replaceParams('/api/endpoint/action/{action_id}', props.params), + kibanaSpace + ) + ) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); + }, + /** + * Get a list of all response actions. + */ + endpointGetActionsList(props: EndpointGetActionsListProps, kibanaSpace: string = 'default') { + return supertest + .get(getRouteUrlForSpace('/api/endpoint/action', kibanaSpace)) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') + .query(props.query); + }, + /** + * Get a response actions state, which reports whether encryption is enabled. + */ + endpointGetActionsState(kibanaSpace: string = 'default') { + return supertest + .get(getRouteUrlForSpace('/api/endpoint/action/state', kibanaSpace)) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); + }, + /** + * Get the status of response actions for the specified agent IDs. + */ + endpointGetActionsStatus( + props: EndpointGetActionsStatusProps, + kibanaSpace: string = 'default' + ) { + return supertest + .get(getRouteUrlForSpace('/api/endpoint/action_status', kibanaSpace)) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') + .query(props.query); + }, + /** + * Get a file from an endpoint. + */ + endpointGetFileAction(props: EndpointGetFileActionProps, kibanaSpace: string = 'default') { + return supertest + .post(getRouteUrlForSpace('/api/endpoint/action/get_file', kibanaSpace)) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') + .send(props.body as object); + }, + /** + * Get a list of all processes running on an endpoint. + */ + endpointGetProcessesAction( + props: EndpointGetProcessesActionProps, + kibanaSpace: string = 'default' + ) { + return supertest + .post(getRouteUrlForSpace('/api/endpoint/action/running_procs', kibanaSpace)) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') + .send(props.body as object); + }, + /** + * Isolate an endpoint from the network. The endpoint remains isolated until it's released. + */ + endpointIsolateAction(props: EndpointIsolateActionProps, kibanaSpace: string = 'default') { + return supertest + .post(getRouteUrlForSpace('/api/endpoint/action/isolate', kibanaSpace)) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') + .send(props.body as object); + }, + /** + * Terminate a running process on an endpoint. + */ + endpointKillProcessAction( + props: EndpointKillProcessActionProps, + kibanaSpace: string = 'default' + ) { + return supertest + .post(getRouteUrlForSpace('/api/endpoint/action/kill_process', kibanaSpace)) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') + .send(props.body as object); + }, + /** + * Scan a specific file or directory on an endpoint for malware. + */ + endpointScanAction(props: EndpointScanActionProps, kibanaSpace: string = 'default') { + return supertest + .post(getRouteUrlForSpace('/api/endpoint/action/scan', kibanaSpace)) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') + .send(props.body as object); + }, + /** + * Suspend a running process on an endpoint. + */ + endpointSuspendProcessAction( + props: EndpointSuspendProcessActionProps, + kibanaSpace: string = 'default' + ) { + return supertest + .post(getRouteUrlForSpace('/api/endpoint/action/suspend_process', kibanaSpace)) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') + .send(props.body as object); + }, + /** + * Release an isolated endpoint, allowing it to rejoin a network. + */ + endpointUnisolateAction(props: EndpointUnisolateActionProps, kibanaSpace: string = 'default') { + return supertest + .post(getRouteUrlForSpace('/api/endpoint/action/unisolate', kibanaSpace)) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') + .send(props.body as object); + }, + /** + * Upload a file to an endpoint. + */ + endpointUploadAction(kibanaSpace: string = 'default') { + return supertest + .post(getRouteUrlForSpace('/api/endpoint/action/upload', kibanaSpace)) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); + }, + getEndpointMetadataList(props: GetEndpointMetadataListProps, kibanaSpace: string = 'default') { + return supertest + .get(getRouteUrlForSpace('/api/endpoint/metadata', kibanaSpace)) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') + .query(props.query); + }, + getEndpointSuggestions(props: GetEndpointSuggestionsProps, kibanaSpace: string = 'default') { + return supertest + .post( + getRouteUrlForSpace( + replaceParams('/internal/api/endpoint/suggestions/{suggestion_type}', props.params), + kibanaSpace + ) + ) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') + .send(props.body as object); + }, + getPolicyResponse(props: GetPolicyResponseProps, kibanaSpace: string = 'default') { + return supertest + .get(getRouteUrlForSpace('/api/endpoint/policy_response', kibanaSpace)) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') + .query(props.query); + }, + getProtectionUpdatesNote( + props: GetProtectionUpdatesNoteProps, + kibanaSpace: string = 'default' + ) { + return supertest + .get( + getRouteUrlForSpace( + replaceParams( + '/api/endpoint/protection_updates_note/{package_policy_id}', + props.params + ), + kibanaSpace + ) + ) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); + }, + getWorkflowInsights(props: GetWorkflowInsightsProps, kibanaSpace: string = 'default') { + return supertest + .get(getRouteUrlForSpace('/internal/api/endpoint/workflow_insights', kibanaSpace)) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '1') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') + .query(props.query); + }, + /** + * Run a shell command on an endpoint. + */ + runScriptAction(props: RunScriptActionProps, kibanaSpace: string = 'default') { + return supertest + .post(getRouteUrlForSpace('/api/endpoint/action/runscript', kibanaSpace)) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') + .send(props.body as object); + }, + updateWorkflowInsight(props: UpdateWorkflowInsightProps, kibanaSpace: string = 'default') { + return supertest + .put( + getRouteUrlForSpace( + replaceParams('/internal/api/endpoint/workflow_insights/{insightId}', props.params), + kibanaSpace + ) + ) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '1') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') + .send(props.body as object); + }, + }; +} + +export interface CreateUpdateProtectionUpdatesNoteProps { + params: CreateUpdateProtectionUpdatesNoteRequestParamsInput; + body: CreateUpdateProtectionUpdatesNoteRequestBodyInput; +} +export interface EndpointExecuteActionProps { + body: EndpointExecuteActionRequestBodyInput; +} +export interface EndpointFileDownloadProps { + params: EndpointFileDownloadRequestParamsInput; +} +export interface EndpointFileInfoProps { + params: EndpointFileInfoRequestParamsInput; +} +export interface EndpointGetActionsDetailsProps { + params: EndpointGetActionsDetailsRequestParamsInput; +} +export interface EndpointGetActionsListProps { + query: EndpointGetActionsListRequestQueryInput; +} +export interface EndpointGetActionsStatusProps { + query: EndpointGetActionsStatusRequestQueryInput; +} +export interface EndpointGetFileActionProps { + body: EndpointGetFileActionRequestBodyInput; +} +export interface EndpointGetProcessesActionProps { + body: EndpointGetProcessesActionRequestBodyInput; +} +export interface EndpointIsolateActionProps { + body: EndpointIsolateActionRequestBodyInput; +} +export interface EndpointKillProcessActionProps { + body: EndpointKillProcessActionRequestBodyInput; +} +export interface EndpointScanActionProps { + body: EndpointScanActionRequestBodyInput; +} +export interface EndpointSuspendProcessActionProps { + body: EndpointSuspendProcessActionRequestBodyInput; +} +export interface EndpointUnisolateActionProps { + body: EndpointUnisolateActionRequestBodyInput; +} +export interface GetEndpointMetadataListProps { + query: GetEndpointMetadataListRequestQueryInput; +} +export interface GetEndpointSuggestionsProps { + params: GetEndpointSuggestionsRequestParamsInput; + body: GetEndpointSuggestionsRequestBodyInput; +} +export interface GetPolicyResponseProps { + query: GetPolicyResponseRequestQueryInput; +} +export interface GetProtectionUpdatesNoteProps { + params: GetProtectionUpdatesNoteRequestParamsInput; +} +export interface GetWorkflowInsightsProps { + query: GetWorkflowInsightsRequestQueryInput; +} +export interface RunScriptActionProps { + body: RunScriptActionRequestBodyInput; +} +export interface UpdateWorkflowInsightProps { + params: UpdateWorkflowInsightRequestParamsInput; + body: UpdateWorkflowInsightRequestBodyInput; +} diff --git a/x-pack/solutions/security/packages/test-api-clients/supertest/entity_analytics.gen.ts b/x-pack/solutions/security/packages/test-api-clients/supertest/entity_analytics.gen.ts new file mode 100644 index 0000000000000..a24d6f8346292 --- /dev/null +++ b/x-pack/solutions/security/packages/test-api-clients/supertest/entity_analytics.gen.ts @@ -0,0 +1,700 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +/* + * NOTICE: Do not edit this file manually. + * This file is automatically generated by the OpenAPI Generator, @kbn/openapi-generator. + * + * info: + * title: Entity Analytics API client for tests + * version: Bundle (no version) + */ + +import { + ELASTIC_HTTP_VERSION_HEADER, + X_ELASTIC_INTERNAL_ORIGIN_REQUEST, +} from '@kbn/core-http-common'; +import { replaceParams } from '@kbn/openapi-common/shared'; + +import type { BulkUpsertAssetCriticalityRecordsRequestBodyInput } from '@kbn/security-solution-plugin/common/api/entity_analytics/asset_criticality/bulk_upload_asset_criticality.gen'; +import type { ConfigureRiskEngineSavedObjectRequestBodyInput } from '@kbn/security-solution-plugin/common/api/entity_analytics/risk_engine/engine_configure_saved_object_route.gen'; +import type { CreateAssetCriticalityRecordRequestBodyInput } from '@kbn/security-solution-plugin/common/api/entity_analytics/asset_criticality/create_asset_criticality.gen'; +import type { + CreateEntitySourceRequestBodyInput, + DeleteEntitySourceRequestParamsInput, + GetEntitySourceRequestParamsInput, + ListEntitySourcesRequestQueryInput, + UpdateEntitySourceRequestParamsInput, + UpdateEntitySourceRequestBodyInput, +} from '@kbn/security-solution-plugin/common/api/entity_analytics/privilege_monitoring/monitoring_entity_source/monitoring_entity_source.gen'; +import type { CreatePrivilegesImportIndexRequestBodyInput } from '@kbn/security-solution-plugin/common/api/entity_analytics/monitoring/create_index.gen'; +import type { CreatePrivMonUserRequestBodyInput } from '@kbn/security-solution-plugin/common/api/entity_analytics/privilege_monitoring/users/create.gen'; +import type { DeleteAssetCriticalityRecordRequestQueryInput } from '@kbn/security-solution-plugin/common/api/entity_analytics/asset_criticality/delete_asset_criticality.gen'; +import type { + DeleteEntityEngineRequestQueryInput, + DeleteEntityEngineRequestParamsInput, +} from '@kbn/security-solution-plugin/common/api/entity_analytics/entity_store/engine/delete.gen'; +import type { DeleteMonitoringEngineRequestQueryInput } from '@kbn/security-solution-plugin/common/api/entity_analytics/privilege_monitoring/engine/delete.gen'; +import type { DeletePrivMonUserRequestParamsInput } from '@kbn/security-solution-plugin/common/api/entity_analytics/privilege_monitoring/users/delete.gen'; +import type { + DeprecatedTriggerRiskScoreCalculationRequestBodyInput, + TriggerRiskScoreCalculationRequestBodyInput, +} from '@kbn/security-solution-plugin/common/api/entity_analytics/risk_engine/entity_calculation_route.gen'; +import type { FindAssetCriticalityRecordsRequestQueryInput } from '@kbn/security-solution-plugin/common/api/entity_analytics/asset_criticality/list_asset_criticality.gen'; +import type { GetAssetCriticalityRecordRequestQueryInput } from '@kbn/security-solution-plugin/common/api/entity_analytics/asset_criticality/get_asset_criticality.gen'; +import type { GetEntityEngineRequestParamsInput } from '@kbn/security-solution-plugin/common/api/entity_analytics/entity_store/engine/get.gen'; +import type { GetEntityStoreStatusRequestQueryInput } from '@kbn/security-solution-plugin/common/api/entity_analytics/entity_store/status.gen'; +import type { + InitEntityEngineRequestParamsInput, + InitEntityEngineRequestBodyInput, +} from '@kbn/security-solution-plugin/common/api/entity_analytics/entity_store/engine/init.gen'; +import type { InitEntityStoreRequestBodyInput } from '@kbn/security-solution-plugin/common/api/entity_analytics/entity_store/enable.gen'; +import type { ListEntitiesRequestQueryInput } from '@kbn/security-solution-plugin/common/api/entity_analytics/entity_store/entities/list_entities.gen'; +import type { ListPrivMonUsersRequestQueryInput } from '@kbn/security-solution-plugin/common/api/entity_analytics/privilege_monitoring/users/list.gen'; +import type { PreviewRiskScoreRequestBodyInput } from '@kbn/security-solution-plugin/common/api/entity_analytics/risk_engine/preview_route.gen'; +import type { SearchPrivilegesIndicesRequestQueryInput } from '@kbn/security-solution-plugin/common/api/entity_analytics/monitoring/search_indices.gen'; +import type { StartEntityEngineRequestParamsInput } from '@kbn/security-solution-plugin/common/api/entity_analytics/entity_store/engine/start.gen'; +import type { StopEntityEngineRequestParamsInput } from '@kbn/security-solution-plugin/common/api/entity_analytics/entity_store/engine/stop.gen'; +import type { + UpdatePrivMonUserRequestParamsInput, + UpdatePrivMonUserRequestBodyInput, +} from '@kbn/security-solution-plugin/common/api/entity_analytics/privilege_monitoring/users/update.gen'; + +import type { FtrProviderContext } from '@kbn/ftr-common-functional-services'; +import { getRouteUrlForSpace } from '@kbn/spaces-plugin/common'; + +export function SecuritySolutionApiProvider({ getService }: FtrProviderContext) { + const supertest = getService('supertest'); + + return { + applyEntityEngineDataviewIndices(kibanaSpace: string = 'default') { + return supertest + .post(getRouteUrlForSpace('/api/entity_store/engines/apply_dataview_indices', kibanaSpace)) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); + }, + assetCriticalityGetPrivileges(kibanaSpace: string = 'default') { + return supertest + .get(getRouteUrlForSpace('/internal/asset_criticality/privileges', kibanaSpace)) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '1') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); + }, + /** + * Bulk upsert up to 1000 asset criticality records. + +If asset criticality records already exist for the specified entities, those records are overwritten with the specified values. If asset criticality records don't exist for the specified entities, new records are created. + + */ + bulkUpsertAssetCriticalityRecords( + props: BulkUpsertAssetCriticalityRecordsProps, + kibanaSpace: string = 'default' + ) { + return supertest + .post(getRouteUrlForSpace('/api/asset_criticality/bulk', kibanaSpace)) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') + .send(props.body as object); + }, + /** + * Cleaning up the the Risk Engine by removing the indices, mapping and transforms + */ + cleanUpRiskEngine(kibanaSpace: string = 'default') { + return supertest + .delete(getRouteUrlForSpace('/api/risk_score/engine/dangerously_delete_data', kibanaSpace)) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); + }, + /** + * Configuring the Risk Engine Saved Object + */ + configureRiskEngineSavedObject( + props: ConfigureRiskEngineSavedObjectProps, + kibanaSpace: string = 'default' + ) { + return supertest + .patch(getRouteUrlForSpace('/api/risk_score/engine/saved_object/configure', kibanaSpace)) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') + .send(props.body as object); + }, + /** + * Create or update an asset criticality record for a specific entity. + +If a record already exists for the specified entity, that record is overwritten with the specified value. If a record doesn't exist for the specified entity, a new record is created. + + */ + createAssetCriticalityRecord( + props: CreateAssetCriticalityRecordProps, + kibanaSpace: string = 'default' + ) { + return supertest + .post(getRouteUrlForSpace('/api/asset_criticality', kibanaSpace)) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') + .send(props.body as object); + }, + createEntitySource(props: CreateEntitySourceProps, kibanaSpace: string = 'default') { + return supertest + .post(getRouteUrlForSpace('/api/entity_analytics/monitoring/entity_source', kibanaSpace)) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') + .send(props.body as object); + }, + createPrivilegesImportIndex( + props: CreatePrivilegesImportIndexProps, + kibanaSpace: string = 'default' + ) { + return supertest + .put( + getRouteUrlForSpace('/api/entity_analytics/monitoring/privileges/indices', kibanaSpace) + ) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') + .send(props.body as object); + }, + createPrivMonUser(props: CreatePrivMonUserProps, kibanaSpace: string = 'default') { + return supertest + .post(getRouteUrlForSpace('/api/entity_analytics/monitoring/users', kibanaSpace)) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') + .send(props.body as object); + }, + /** + * Delete the asset criticality record for a specific entity. + */ + deleteAssetCriticalityRecord( + props: DeleteAssetCriticalityRecordProps, + kibanaSpace: string = 'default' + ) { + return supertest + .delete(getRouteUrlForSpace('/api/asset_criticality', kibanaSpace)) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') + .query(props.query); + }, + deleteEntityEngine(props: DeleteEntityEngineProps, kibanaSpace: string = 'default') { + return supertest + .delete( + getRouteUrlForSpace( + replaceParams('/api/entity_store/engines/{entityType}', props.params), + kibanaSpace + ) + ) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') + .query(props.query); + }, + deleteEntitySource(props: DeleteEntitySourceProps, kibanaSpace: string = 'default') { + return supertest + .delete( + getRouteUrlForSpace( + replaceParams('/api/entity_analytics/monitoring/entity_source/{id}', props.params), + kibanaSpace + ) + ) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); + }, + deleteMonitoringEngine(props: DeleteMonitoringEngineProps, kibanaSpace: string = 'default') { + return supertest + .delete(getRouteUrlForSpace('/api/entity_analytics/monitoring/engine/delete', kibanaSpace)) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') + .query(props.query); + }, + deletePrivMonUser(props: DeletePrivMonUserProps, kibanaSpace: string = 'default') { + return supertest + .delete( + getRouteUrlForSpace( + replaceParams('/api/entity_analytics/monitoring/users/{id}', props.params), + kibanaSpace + ) + ) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); + }, + /** + * Calculates and persists Risk Scores for an entity, returning the calculated risk score. + */ + deprecatedTriggerRiskScoreCalculation( + props: DeprecatedTriggerRiskScoreCalculationProps, + kibanaSpace: string = 'default' + ) { + return supertest + .post(getRouteUrlForSpace('/api/risk_scores/calculation/entity', kibanaSpace)) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '1') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') + .send(props.body as object); + }, + disableMonitoringEngine(kibanaSpace: string = 'default') { + return supertest + .post(getRouteUrlForSpace('/api/entity_analytics/monitoring/engine/disable', kibanaSpace)) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); + }, + disableRiskEngine(kibanaSpace: string = 'default') { + return supertest + .post(getRouteUrlForSpace('/internal/risk_score/engine/disable', kibanaSpace)) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '1') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); + }, + enableRiskEngine(kibanaSpace: string = 'default') { + return supertest + .post(getRouteUrlForSpace('/internal/risk_score/engine/enable', kibanaSpace)) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '1') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); + }, + entityStoreGetPrivileges(kibanaSpace: string = 'default') { + return supertest + .get(getRouteUrlForSpace('/internal/entity_store/privileges', kibanaSpace)) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '1') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); + }, + /** + * List asset criticality records, paging, sorting and filtering as needed. + */ + findAssetCriticalityRecords( + props: FindAssetCriticalityRecordsProps, + kibanaSpace: string = 'default' + ) { + return supertest + .get(getRouteUrlForSpace('/api/asset_criticality/list', kibanaSpace)) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') + .query(props.query); + }, + /** + * Get the asset criticality record for a specific entity. + */ + getAssetCriticalityRecord( + props: GetAssetCriticalityRecordProps, + kibanaSpace: string = 'default' + ) { + return supertest + .get(getRouteUrlForSpace('/api/asset_criticality', kibanaSpace)) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') + .query(props.query); + }, + getAssetCriticalityStatus(kibanaSpace: string = 'default') { + return supertest + .get(getRouteUrlForSpace('/internal/asset_criticality/status', kibanaSpace)) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '1') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); + }, + getEntityEngine(props: GetEntityEngineProps, kibanaSpace: string = 'default') { + return supertest + .get( + getRouteUrlForSpace( + replaceParams('/api/entity_store/engines/{entityType}', props.params), + kibanaSpace + ) + ) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); + }, + getEntitySource(props: GetEntitySourceProps, kibanaSpace: string = 'default') { + return supertest + .get( + getRouteUrlForSpace( + replaceParams('/api/entity_analytics/monitoring/entity_source/{id}', props.params), + kibanaSpace + ) + ) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); + }, + getEntityStoreStatus(props: GetEntityStoreStatusProps, kibanaSpace: string = 'default') { + return supertest + .get(getRouteUrlForSpace('/api/entity_store/status', kibanaSpace)) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') + .query(props.query); + }, + getPrivilegedAccessDetectionPackageStatus(kibanaSpace: string = 'default') { + return supertest + .get( + getRouteUrlForSpace( + '/api/entity_analytics/privileged_user_monitoring/pad/status', + kibanaSpace + ) + ) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); + }, + /** + * Returns the status of both the legacy transform-based risk engine, as well as the new risk engine + */ + getRiskEngineStatus(kibanaSpace: string = 'default') { + return supertest + .get(getRouteUrlForSpace('/internal/risk_score/engine/status', kibanaSpace)) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '1') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); + }, + initEntityEngine(props: InitEntityEngineProps, kibanaSpace: string = 'default') { + return supertest + .post( + getRouteUrlForSpace( + replaceParams('/api/entity_store/engines/{entityType}/init', props.params), + kibanaSpace + ) + ) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') + .send(props.body as object); + }, + initEntityStore(props: InitEntityStoreProps, kibanaSpace: string = 'default') { + return supertest + .post(getRouteUrlForSpace('/api/entity_store/enable', kibanaSpace)) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') + .send(props.body as object); + }, + initMonitoringEngine(kibanaSpace: string = 'default') { + return supertest + .post(getRouteUrlForSpace('/api/entity_analytics/monitoring/engine/init', kibanaSpace)) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); + }, + /** + * Initializes the Risk Engine by creating the necessary indices and mappings, removing old transforms, and starting the new risk engine + */ + initRiskEngine(kibanaSpace: string = 'default') { + return supertest + .post(getRouteUrlForSpace('/internal/risk_score/engine/init', kibanaSpace)) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '1') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); + }, + installPrivilegedAccessDetectionPackage(kibanaSpace: string = 'default') { + return supertest + .post( + getRouteUrlForSpace( + '/api/entity_analytics/privileged_user_monitoring/pad/install', + kibanaSpace + ) + ) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); + }, + internalUploadAssetCriticalityRecords(kibanaSpace: string = 'default') { + return supertest + .post(getRouteUrlForSpace('/internal/asset_criticality/upload_csv', kibanaSpace)) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '1') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); + }, + /** + * List entities records, paging, sorting and filtering as needed. + */ + listEntities(props: ListEntitiesProps, kibanaSpace: string = 'default') { + return supertest + .get(getRouteUrlForSpace('/api/entity_store/entities/list', kibanaSpace)) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') + .query(props.query); + }, + listEntityEngines(kibanaSpace: string = 'default') { + return supertest + .get(getRouteUrlForSpace('/api/entity_store/engines', kibanaSpace)) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); + }, + listEntitySources(props: ListEntitySourcesProps, kibanaSpace: string = 'default') { + return supertest + .get( + getRouteUrlForSpace('/api/entity_analytics/monitoring/entity_source/list', kibanaSpace) + ) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') + .query(props.query); + }, + listPrivMonUsers(props: ListPrivMonUsersProps, kibanaSpace: string = 'default') { + return supertest + .get(getRouteUrlForSpace('/api/entity_analytics/monitoring/users/list', kibanaSpace)) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') + .query(props.query); + }, + /** + * Calculates and returns a list of Risk Scores, sorted by identifier_type and risk score. + */ + previewRiskScore(props: PreviewRiskScoreProps, kibanaSpace: string = 'default') { + return supertest + .post(getRouteUrlForSpace('/internal/risk_score/preview', kibanaSpace)) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '1') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') + .send(props.body as object); + }, + privmonBulkUploadUsersCsv(kibanaSpace: string = 'default') { + return supertest + .post(getRouteUrlForSpace('/api/entity_analytics/monitoring/users/_csv', kibanaSpace)) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); + }, + privMonHealth(kibanaSpace: string = 'default') { + return supertest + .get(getRouteUrlForSpace('/api/entity_analytics/monitoring/privileges/health', kibanaSpace)) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); + }, + /** + * Check if the current user has all required permissions for Privilege Monitoring + */ + privMonPrivileges(kibanaSpace: string = 'default') { + return supertest + .get( + getRouteUrlForSpace('/api/entity_analytics/monitoring/privileges/privileges', kibanaSpace) + ) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); + }, + readRiskEngineSettings(kibanaSpace: string = 'default') { + return supertest + .get(getRouteUrlForSpace('/internal/risk_score/engine/settings', kibanaSpace)) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '1') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); + }, + riskEngineGetPrivileges(kibanaSpace: string = 'default') { + return supertest + .get(getRouteUrlForSpace('/internal/risk_engine/privileges', kibanaSpace)) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '1') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); + }, + runEntityAnalyticsMigrations(kibanaSpace: string = 'default') { + return supertest + .post(getRouteUrlForSpace('/internal/entity_analytics/migrations/run', kibanaSpace)) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '1') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); + }, + /** + * Schedule the risk scoring engine to run as soon as possible. You can use this to recalculate entity risk scores after updating their asset criticality. + */ + scheduleRiskEngineNow(kibanaSpace: string = 'default') { + return supertest + .post(getRouteUrlForSpace('/api/risk_score/engine/schedule_now', kibanaSpace)) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); + }, + searchPrivilegesIndices(props: SearchPrivilegesIndicesProps, kibanaSpace: string = 'default') { + return supertest + .get( + getRouteUrlForSpace('/api/entity_analytics/monitoring/privileges/indices', kibanaSpace) + ) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') + .query(props.query); + }, + startEntityEngine(props: StartEntityEngineProps, kibanaSpace: string = 'default') { + return supertest + .post( + getRouteUrlForSpace( + replaceParams('/api/entity_store/engines/{entityType}/start', props.params), + kibanaSpace + ) + ) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); + }, + stopEntityEngine(props: StopEntityEngineProps, kibanaSpace: string = 'default') { + return supertest + .post( + getRouteUrlForSpace( + replaceParams('/api/entity_store/engines/{entityType}/stop', props.params), + kibanaSpace + ) + ) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); + }, + /** + * Calculates and persists Risk Scores for an entity, returning the calculated risk score. + */ + triggerRiskScoreCalculation( + props: TriggerRiskScoreCalculationProps, + kibanaSpace: string = 'default' + ) { + return supertest + .post(getRouteUrlForSpace('/internal/risk_score/calculation/entity', kibanaSpace)) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '1') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') + .send(props.body as object); + }, + updateEntitySource(props: UpdateEntitySourceProps, kibanaSpace: string = 'default') { + return supertest + .put( + getRouteUrlForSpace( + replaceParams('/api/entity_analytics/monitoring/entity_source/{id}', props.params), + kibanaSpace + ) + ) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') + .send(props.body as object); + }, + updatePrivMonUser(props: UpdatePrivMonUserProps, kibanaSpace: string = 'default') { + return supertest + .put( + getRouteUrlForSpace( + replaceParams('/api/entity_analytics/monitoring/users/{id}', props.params), + kibanaSpace + ) + ) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') + .send(props.body as object); + }, + uploadAssetCriticalityRecords(kibanaSpace: string = 'default') { + return supertest + .post(getRouteUrlForSpace('/api/asset_criticality/upload_csv', kibanaSpace)) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '1') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); + }, + }; +} + +export interface BulkUpsertAssetCriticalityRecordsProps { + body: BulkUpsertAssetCriticalityRecordsRequestBodyInput; +} +export interface ConfigureRiskEngineSavedObjectProps { + body: ConfigureRiskEngineSavedObjectRequestBodyInput; +} +export interface CreateAssetCriticalityRecordProps { + body: CreateAssetCriticalityRecordRequestBodyInput; +} +export interface CreateEntitySourceProps { + body: CreateEntitySourceRequestBodyInput; +} +export interface CreatePrivilegesImportIndexProps { + body: CreatePrivilegesImportIndexRequestBodyInput; +} +export interface CreatePrivMonUserProps { + body: CreatePrivMonUserRequestBodyInput; +} +export interface DeleteAssetCriticalityRecordProps { + query: DeleteAssetCriticalityRecordRequestQueryInput; +} +export interface DeleteEntityEngineProps { + query: DeleteEntityEngineRequestQueryInput; + params: DeleteEntityEngineRequestParamsInput; +} +export interface DeleteEntitySourceProps { + params: DeleteEntitySourceRequestParamsInput; +} +export interface DeleteMonitoringEngineProps { + query: DeleteMonitoringEngineRequestQueryInput; +} +export interface DeletePrivMonUserProps { + params: DeletePrivMonUserRequestParamsInput; +} +export interface DeprecatedTriggerRiskScoreCalculationProps { + body: DeprecatedTriggerRiskScoreCalculationRequestBodyInput; +} +export interface FindAssetCriticalityRecordsProps { + query: FindAssetCriticalityRecordsRequestQueryInput; +} +export interface GetAssetCriticalityRecordProps { + query: GetAssetCriticalityRecordRequestQueryInput; +} +export interface GetEntityEngineProps { + params: GetEntityEngineRequestParamsInput; +} +export interface GetEntitySourceProps { + params: GetEntitySourceRequestParamsInput; +} +export interface GetEntityStoreStatusProps { + query: GetEntityStoreStatusRequestQueryInput; +} +export interface InitEntityEngineProps { + params: InitEntityEngineRequestParamsInput; + body: InitEntityEngineRequestBodyInput; +} +export interface InitEntityStoreProps { + body: InitEntityStoreRequestBodyInput; +} +export interface ListEntitiesProps { + query: ListEntitiesRequestQueryInput; +} +export interface ListEntitySourcesProps { + query: ListEntitySourcesRequestQueryInput; +} +export interface ListPrivMonUsersProps { + query: ListPrivMonUsersRequestQueryInput; +} +export interface PreviewRiskScoreProps { + body: PreviewRiskScoreRequestBodyInput; +} +export interface SearchPrivilegesIndicesProps { + query: SearchPrivilegesIndicesRequestQueryInput; +} +export interface StartEntityEngineProps { + params: StartEntityEngineRequestParamsInput; +} +export interface StopEntityEngineProps { + params: StopEntityEngineRequestParamsInput; +} +export interface TriggerRiskScoreCalculationProps { + body: TriggerRiskScoreCalculationRequestBodyInput; +} +export interface UpdateEntitySourceProps { + params: UpdateEntitySourceRequestParamsInput; + body: UpdateEntitySourceRequestBodyInput; +} +export interface UpdatePrivMonUserProps { + params: UpdatePrivMonUserRequestParamsInput; + body: UpdatePrivMonUserRequestBodyInput; +} diff --git a/x-pack/solutions/security/test/security_solution_api_integration/config/services/security_solution_exceptions_api.gen.ts b/x-pack/solutions/security/packages/test-api-clients/supertest/exceptions.gen.ts similarity index 82% rename from x-pack/solutions/security/test/security_solution_api_integration/config/services/security_solution_exceptions_api.gen.ts rename to x-pack/solutions/security/packages/test-api-clients/supertest/exceptions.gen.ts index 7b4ba75b9e33d..30d4198be469b 100644 --- a/x-pack/solutions/security/test/security_solution_api_integration/config/services/security_solution_exceptions_api.gen.ts +++ b/x-pack/solutions/security/packages/test-api-clients/supertest/exceptions.gen.ts @@ -19,28 +19,29 @@ import { X_ELASTIC_INTERNAL_ORIGIN_REQUEST, } from '@kbn/core-http-common'; import { replaceParams } from '@kbn/openapi-common/shared'; -import { getRouteUrlForSpace } from '@kbn/spaces-plugin/common'; -import { CreateExceptionListRequestBodyInput } from '@kbn/securitysolution-exceptions-common/api/create_exception_list/create_exception_list.gen'; -import { CreateExceptionListItemRequestBodyInput } from '@kbn/securitysolution-exceptions-common/api/create_exception_list_item/create_exception_list_item.gen'; -import { +import type { CreateExceptionListRequestBodyInput } from '@kbn/securitysolution-exceptions-common/api/create_exception_list/create_exception_list.gen'; +import type { CreateExceptionListItemRequestBodyInput } from '@kbn/securitysolution-exceptions-common/api/create_exception_list_item/create_exception_list_item.gen'; +import type { CreateRuleExceptionListItemsRequestParamsInput, CreateRuleExceptionListItemsRequestBodyInput, } from '@kbn/securitysolution-exceptions-common/api/create_rule_exceptions/create_rule_exceptions.gen'; -import { CreateSharedExceptionListRequestBodyInput } from '@kbn/securitysolution-exceptions-common/api/create_shared_exceptions_list/create_shared_exceptions_list.gen'; -import { DeleteExceptionListRequestQueryInput } from '@kbn/securitysolution-exceptions-common/api/delete_exception_list/delete_exception_list.gen'; -import { DeleteExceptionListItemRequestQueryInput } from '@kbn/securitysolution-exceptions-common/api/delete_exception_list_item/delete_exception_list_item.gen'; -import { DuplicateExceptionListRequestQueryInput } from '@kbn/securitysolution-exceptions-common/api/duplicate_exception_list/duplicate_exception_list.gen'; -import { ExportExceptionListRequestQueryInput } from '@kbn/securitysolution-exceptions-common/api/export_exception_list/export_exception_list.gen'; -import { FindExceptionListItemsRequestQueryInput } from '@kbn/securitysolution-exceptions-common/api/find_exception_list_items/find_exception_list_items.gen'; -import { FindExceptionListsRequestQueryInput } from '@kbn/securitysolution-exceptions-common/api/find_exception_lists/find_exception_lists.gen'; -import { ImportExceptionListRequestQueryInput } from '@kbn/securitysolution-exceptions-common/api/import_exceptions/import_exceptions.gen'; -import { ReadExceptionListRequestQueryInput } from '@kbn/securitysolution-exceptions-common/api/read_exception_list/read_exception_list.gen'; -import { ReadExceptionListItemRequestQueryInput } from '@kbn/securitysolution-exceptions-common/api/read_exception_list_item/read_exception_list_item.gen'; -import { ReadExceptionListSummaryRequestQueryInput } from '@kbn/securitysolution-exceptions-common/api/read_exception_list_summary/read_exception_list_summary.gen'; -import { UpdateExceptionListRequestBodyInput } from '@kbn/securitysolution-exceptions-common/api/update_exception_list/update_exception_list.gen'; -import { UpdateExceptionListItemRequestBodyInput } from '@kbn/securitysolution-exceptions-common/api/update_exception_list_item/update_exception_list_item.gen'; -import { FtrProviderContext } from '../../ftr_provider_context'; +import type { CreateSharedExceptionListRequestBodyInput } from '@kbn/securitysolution-exceptions-common/api/create_shared_exceptions_list/create_shared_exceptions_list.gen'; +import type { DeleteExceptionListRequestQueryInput } from '@kbn/securitysolution-exceptions-common/api/delete_exception_list/delete_exception_list.gen'; +import type { DeleteExceptionListItemRequestQueryInput } from '@kbn/securitysolution-exceptions-common/api/delete_exception_list_item/delete_exception_list_item.gen'; +import type { DuplicateExceptionListRequestQueryInput } from '@kbn/securitysolution-exceptions-common/api/duplicate_exception_list/duplicate_exception_list.gen'; +import type { ExportExceptionListRequestQueryInput } from '@kbn/securitysolution-exceptions-common/api/export_exception_list/export_exception_list.gen'; +import type { FindExceptionListItemsRequestQueryInput } from '@kbn/securitysolution-exceptions-common/api/find_exception_list_items/find_exception_list_items.gen'; +import type { FindExceptionListsRequestQueryInput } from '@kbn/securitysolution-exceptions-common/api/find_exception_lists/find_exception_lists.gen'; +import type { ImportExceptionListRequestQueryInput } from '@kbn/securitysolution-exceptions-common/api/import_exceptions/import_exceptions.gen'; +import type { ReadExceptionListRequestQueryInput } from '@kbn/securitysolution-exceptions-common/api/read_exception_list/read_exception_list.gen'; +import type { ReadExceptionListItemRequestQueryInput } from '@kbn/securitysolution-exceptions-common/api/read_exception_list_item/read_exception_list_item.gen'; +import type { ReadExceptionListSummaryRequestQueryInput } from '@kbn/securitysolution-exceptions-common/api/read_exception_list_summary/read_exception_list_summary.gen'; +import type { UpdateExceptionListRequestBodyInput } from '@kbn/securitysolution-exceptions-common/api/update_exception_list/update_exception_list.gen'; +import type { UpdateExceptionListItemRequestBodyInput } from '@kbn/securitysolution-exceptions-common/api/update_exception_list_item/update_exception_list_item.gen'; + +import type { FtrProviderContext } from '@kbn/ftr-common-functional-services'; +import { getRouteUrlForSpace } from '@kbn/spaces-plugin/common'; export function SecuritySolutionApiProvider({ getService }: FtrProviderContext) { const supertest = getService('supertest'); diff --git a/x-pack/solutions/security/test/api_integration/services/security_solution_lists_api.gen.ts b/x-pack/solutions/security/packages/test-api-clients/supertest/lists.gen.ts similarity index 84% rename from x-pack/solutions/security/test/api_integration/services/security_solution_lists_api.gen.ts rename to x-pack/solutions/security/packages/test-api-clients/supertest/lists.gen.ts index 940476e6ebc87..6d02379a1d60a 100644 --- a/x-pack/solutions/security/test/api_integration/services/security_solution_lists_api.gen.ts +++ b/x-pack/solutions/security/packages/test-api-clients/supertest/lists.gen.ts @@ -18,23 +18,24 @@ import { ELASTIC_HTTP_VERSION_HEADER, X_ELASTIC_INTERNAL_ORIGIN_REQUEST, } from '@kbn/core-http-common'; -import { getRouteUrlForSpace } from '@kbn/spaces-plugin/common'; -import { CreateListRequestBodyInput } from '@kbn/securitysolution-lists-common/api/create_list/create_list.gen'; -import { CreateListItemRequestBodyInput } from '@kbn/securitysolution-lists-common/api/create_list_item/create_list_item.gen'; -import { DeleteListRequestQueryInput } from '@kbn/securitysolution-lists-common/api/delete_list/delete_list.gen'; -import { DeleteListItemRequestQueryInput } from '@kbn/securitysolution-lists-common/api/delete_list_item/delete_list_item.gen'; -import { ExportListItemsRequestQueryInput } from '@kbn/securitysolution-lists-common/api/export_list_items/export_list_items.gen'; -import { FindListItemsRequestQueryInput } from '@kbn/securitysolution-lists-common/api/find_list_items/find_list_items.gen'; -import { FindListsRequestQueryInput } from '@kbn/securitysolution-lists-common/api/find_lists/find_lists.gen'; -import { ImportListItemsRequestQueryInput } from '@kbn/securitysolution-lists-common/api/import_list_items/import_list_items.gen'; -import { PatchListRequestBodyInput } from '@kbn/securitysolution-lists-common/api/patch_list/patch_list.gen'; -import { PatchListItemRequestBodyInput } from '@kbn/securitysolution-lists-common/api/patch_list_item/patch_list_item.gen'; -import { ReadListRequestQueryInput } from '@kbn/securitysolution-lists-common/api/read_list/read_list.gen'; -import { ReadListItemRequestQueryInput } from '@kbn/securitysolution-lists-common/api/read_list_item/read_list_item.gen'; -import { UpdateListRequestBodyInput } from '@kbn/securitysolution-lists-common/api/update_list/update_list.gen'; -import { UpdateListItemRequestBodyInput } from '@kbn/securitysolution-lists-common/api/update_list_item/update_list_item.gen'; -import { FtrProviderContext } from '@kbn/test-suites-xpack-platform/api_integration/ftr_provider_context'; +import type { CreateListRequestBodyInput } from '@kbn/securitysolution-lists-common/api/create_list/create_list.gen'; +import type { CreateListItemRequestBodyInput } from '@kbn/securitysolution-lists-common/api/create_list_item/create_list_item.gen'; +import type { DeleteListRequestQueryInput } from '@kbn/securitysolution-lists-common/api/delete_list/delete_list.gen'; +import type { DeleteListItemRequestQueryInput } from '@kbn/securitysolution-lists-common/api/delete_list_item/delete_list_item.gen'; +import type { ExportListItemsRequestQueryInput } from '@kbn/securitysolution-lists-common/api/export_list_items/export_list_items.gen'; +import type { FindListItemsRequestQueryInput } from '@kbn/securitysolution-lists-common/api/find_list_items/find_list_items.gen'; +import type { FindListsRequestQueryInput } from '@kbn/securitysolution-lists-common/api/find_lists/find_lists.gen'; +import type { ImportListItemsRequestQueryInput } from '@kbn/securitysolution-lists-common/api/import_list_items/import_list_items.gen'; +import type { PatchListRequestBodyInput } from '@kbn/securitysolution-lists-common/api/patch_list/patch_list.gen'; +import type { PatchListItemRequestBodyInput } from '@kbn/securitysolution-lists-common/api/patch_list_item/patch_list_item.gen'; +import type { ReadListRequestQueryInput } from '@kbn/securitysolution-lists-common/api/read_list/read_list.gen'; +import type { ReadListItemRequestQueryInput } from '@kbn/securitysolution-lists-common/api/read_list_item/read_list_item.gen'; +import type { UpdateListRequestBodyInput } from '@kbn/securitysolution-lists-common/api/update_list/update_list.gen'; +import type { UpdateListItemRequestBodyInput } from '@kbn/securitysolution-lists-common/api/update_list_item/update_list_item.gen'; + +import type { FtrProviderContext } from '@kbn/ftr-common-functional-services'; +import { getRouteUrlForSpace } from '@kbn/spaces-plugin/common'; export function SecuritySolutionApiProvider({ getService }: FtrProviderContext) { const supertest = getService('supertest'); diff --git a/x-pack/solutions/security/test/api_integration/services/security_solution_osquery_api.gen.ts b/x-pack/solutions/security/packages/test-api-clients/supertest/osquery.gen.ts similarity index 87% rename from x-pack/solutions/security/test/api_integration/services/security_solution_osquery_api.gen.ts rename to x-pack/solutions/security/packages/test-api-clients/supertest/osquery.gen.ts index b971d335c0440..8ddc3fe220a13 100644 --- a/x-pack/solutions/security/test/api_integration/services/security_solution_osquery_api.gen.ts +++ b/x-pack/solutions/security/packages/test-api-clients/supertest/osquery.gen.ts @@ -19,37 +19,42 @@ import { X_ELASTIC_INTERNAL_ORIGIN_REQUEST, } from '@kbn/core-http-common'; import { replaceParams } from '@kbn/openapi-common/shared'; -import { getRouteUrlForSpace } from '@kbn/spaces-plugin/common'; -import { GetAgentDetailsRequestParamsInput } from '@kbn/osquery-plugin/common/api/fleet_wrapper/fleet_wrapper.gen'; -import { GetAgentPolicyRequestParamsInput } from '@kbn/osquery-plugin/common/api/fleet_wrapper/fleet_wrapper.gen'; -import { GetAgentsRequestQueryInput } from '@kbn/osquery-plugin/common/api/fleet_wrapper/fleet_wrapper.gen'; -import { OsqueryCreateLiveQueryRequestBodyInput } from '@kbn/osquery-plugin/common/api/live_query/live_queries.gen'; -import { OsqueryCreatePacksRequestBodyInput } from '@kbn/osquery-plugin/common/api/packs/packs.gen'; -import { OsqueryCreateSavedQueryRequestBodyInput } from '@kbn/osquery-plugin/common/api/saved_query/saved_query.gen'; -import { OsqueryDeletePacksRequestParamsInput } from '@kbn/osquery-plugin/common/api/packs/packs.gen'; -import { OsqueryDeleteSavedQueryRequestParamsInput } from '@kbn/osquery-plugin/common/api/saved_query/saved_query.gen'; -import { OsqueryFindLiveQueriesRequestQueryInput } from '@kbn/osquery-plugin/common/api/live_query/live_queries.gen'; -import { OsqueryFindPacksRequestQueryInput } from '@kbn/osquery-plugin/common/api/packs/packs.gen'; -import { OsqueryFindSavedQueriesRequestQueryInput } from '@kbn/osquery-plugin/common/api/saved_query/saved_query.gen'; -import { OsqueryGetLiveQueryDetailsRequestParamsInput } from '@kbn/osquery-plugin/common/api/live_query/live_queries.gen'; -import { +import type { + GetAgentDetailsRequestParamsInput, + GetAgentPolicyRequestParamsInput, + GetAgentsRequestQueryInput, +} from '@kbn/osquery-plugin/common/api/fleet_wrapper/fleet_wrapper.gen'; +import type { + OsqueryCreateLiveQueryRequestBodyInput, + OsqueryFindLiveQueriesRequestQueryInput, + OsqueryGetLiveQueryDetailsRequestParamsInput, OsqueryGetLiveQueryResultsRequestQueryInput, OsqueryGetLiveQueryResultsRequestParamsInput, } from '@kbn/osquery-plugin/common/api/live_query/live_queries.gen'; -import { OsqueryGetPacksDetailsRequestParamsInput } from '@kbn/osquery-plugin/common/api/packs/packs.gen'; -import { OsqueryGetSavedQueryDetailsRequestParamsInput } from '@kbn/osquery-plugin/common/api/saved_query/saved_query.gen'; -import { +import type { + OsqueryCreatePacksRequestBodyInput, + OsqueryDeletePacksRequestParamsInput, + OsqueryFindPacksRequestQueryInput, + OsqueryGetPacksDetailsRequestParamsInput, OsqueryUpdatePacksRequestParamsInput, OsqueryUpdatePacksRequestBodyInput, } from '@kbn/osquery-plugin/common/api/packs/packs.gen'; -import { +import type { + OsqueryCreateSavedQueryRequestBodyInput, + OsqueryDeleteSavedQueryRequestParamsInput, + OsqueryFindSavedQueriesRequestQueryInput, + OsqueryGetSavedQueryDetailsRequestParamsInput, OsqueryUpdateSavedQueryRequestParamsInput, OsqueryUpdateSavedQueryRequestBodyInput, } from '@kbn/osquery-plugin/common/api/saved_query/saved_query.gen'; -import { ReadAssetsStatusRequestQueryInput } from '@kbn/osquery-plugin/common/api/asset/assets.gen'; -import { UpdateAssetsStatusRequestQueryInput } from '@kbn/osquery-plugin/common/api/asset/assets.gen'; -import { FtrProviderContext } from '@kbn/test-suites-xpack-platform/api_integration/ftr_provider_context'; +import type { + ReadAssetsStatusRequestQueryInput, + UpdateAssetsStatusRequestQueryInput, +} from '@kbn/osquery-plugin/common/api/asset/assets.gen'; + +import type { FtrProviderContext } from '@kbn/ftr-common-functional-services'; +import { getRouteUrlForSpace } from '@kbn/spaces-plugin/common'; export function SecuritySolutionApiProvider({ getService }: FtrProviderContext) { const supertest = getService('supertest'); diff --git a/x-pack/solutions/security/packages/test-api-clients/supertest/timelines.gen.ts b/x-pack/solutions/security/packages/test-api-clients/supertest/timelines.gen.ts new file mode 100644 index 0000000000000..e6e505f7634a2 --- /dev/null +++ b/x-pack/solutions/security/packages/test-api-clients/supertest/timelines.gen.ts @@ -0,0 +1,296 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +/* + * NOTICE: Do not edit this file manually. + * This file is automatically generated by the OpenAPI Generator, @kbn/openapi-generator. + * + * info: + * title: Timelines API client for tests + * version: Bundle (no version) + */ + +import { + ELASTIC_HTTP_VERSION_HEADER, + X_ELASTIC_INTERNAL_ORIGIN_REQUEST, +} from '@kbn/core-http-common'; + +import type { CleanDraftTimelinesRequestBodyInput } from '@kbn/security-solution-plugin/common/api/timeline/clean_draft_timelines/clean_draft_timelines_route.gen'; +import type { CopyTimelineRequestBodyInput } from '@kbn/security-solution-plugin/common/api/timeline/copy_timeline/copy_timeline_route.gen'; +import type { CreateTimelinesRequestBodyInput } from '@kbn/security-solution-plugin/common/api/timeline/create_timelines/create_timelines_route.gen'; +import type { DeleteNoteRequestBodyInput } from '@kbn/security-solution-plugin/common/api/timeline/delete_note/delete_note_route.gen'; +import type { DeleteTimelinesRequestBodyInput } from '@kbn/security-solution-plugin/common/api/timeline/delete_timelines/delete_timelines_route.gen'; +import type { + ExportTimelinesRequestQueryInput, + ExportTimelinesRequestBodyInput, +} from '@kbn/security-solution-plugin/common/api/timeline/export_timelines/export_timelines_route.gen'; +import type { GetDraftTimelinesRequestQueryInput } from '@kbn/security-solution-plugin/common/api/timeline/get_draft_timelines/get_draft_timelines_route.gen'; +import type { GetNotesRequestQueryInput } from '@kbn/security-solution-plugin/common/api/timeline/get_notes/get_notes_route.gen'; +import type { GetTimelineRequestQueryInput } from '@kbn/security-solution-plugin/common/api/timeline/get_timeline/get_timeline_route.gen'; +import type { GetTimelinesRequestQueryInput } from '@kbn/security-solution-plugin/common/api/timeline/get_timelines/get_timelines_route.gen'; +import type { ImportTimelinesRequestBodyInput } from '@kbn/security-solution-plugin/common/api/timeline/import_timelines/import_timelines_route.gen'; +import type { InstallPrepackedTimelinesRequestBodyInput } from '@kbn/security-solution-plugin/common/api/timeline/install_prepackaged_timelines/install_prepackaged_timelines_route.gen'; +import type { PatchTimelineRequestBodyInput } from '@kbn/security-solution-plugin/common/api/timeline/patch_timelines/patch_timeline_route.gen'; +import type { PersistFavoriteRouteRequestBodyInput } from '@kbn/security-solution-plugin/common/api/timeline/persist_favorite/persist_favorite_route.gen'; +import type { PersistNoteRouteRequestBodyInput } from '@kbn/security-solution-plugin/common/api/timeline/persist_note/persist_note_route.gen'; +import type { PersistPinnedEventRouteRequestBodyInput } from '@kbn/security-solution-plugin/common/api/timeline/pinned_events/pinned_events_route.gen'; +import type { ResolveTimelineRequestQueryInput } from '@kbn/security-solution-plugin/common/api/timeline/resolve_timeline/resolve_timeline_route.gen'; + +import type { FtrProviderContext } from '@kbn/ftr-common-functional-services'; +import { getRouteUrlForSpace } from '@kbn/spaces-plugin/common'; + +export function SecuritySolutionApiProvider({ getService }: FtrProviderContext) { + const supertest = getService('supertest'); + + return { + /** + * Create a clean draft Timeline or Timeline template for the current user. +> info +> If the user already has a draft Timeline, the existing draft Timeline is cleared and returned. + + */ + cleanDraftTimelines(props: CleanDraftTimelinesProps, kibanaSpace: string = 'default') { + return supertest + .post(getRouteUrlForSpace('/api/timeline/_draft', kibanaSpace)) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') + .send(props.body as object); + }, + /** + * Copies and returns a timeline or timeline template. + + */ + copyTimeline(props: CopyTimelineProps, kibanaSpace: string = 'default') { + return supertest + .get(getRouteUrlForSpace('/api/timeline/_copy', kibanaSpace)) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') + .send(props.body as object); + }, + /** + * Create a new Timeline or Timeline template. + */ + createTimelines(props: CreateTimelinesProps, kibanaSpace: string = 'default') { + return supertest + .post(getRouteUrlForSpace('/api/timeline', kibanaSpace)) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') + .send(props.body as object); + }, + /** + * Delete a note from a Timeline using the note ID. + */ + deleteNote(props: DeleteNoteProps, kibanaSpace: string = 'default') { + return supertest + .delete(getRouteUrlForSpace('/api/note', kibanaSpace)) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') + .send(props.body as object); + }, + /** + * Delete one or more Timelines or Timeline templates. + */ + deleteTimelines(props: DeleteTimelinesProps, kibanaSpace: string = 'default') { + return supertest + .delete(getRouteUrlForSpace('/api/timeline', kibanaSpace)) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') + .send(props.body as object); + }, + /** + * Export Timelines as an NDJSON file. + */ + exportTimelines(props: ExportTimelinesProps, kibanaSpace: string = 'default') { + return supertest + .post(getRouteUrlForSpace('/api/timeline/_export', kibanaSpace)) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') + .send(props.body as object) + .query(props.query); + }, + /** + * Get the details of the draft Timeline or Timeline template for the current user. If the user doesn't have a draft Timeline, an empty Timeline is returned. + */ + getDraftTimelines(props: GetDraftTimelinesProps, kibanaSpace: string = 'default') { + return supertest + .get(getRouteUrlForSpace('/api/timeline/_draft', kibanaSpace)) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') + .query(props.query); + }, + /** + * Get all notes for a given document. + */ + getNotes(props: GetNotesProps, kibanaSpace: string = 'default') { + return supertest + .get(getRouteUrlForSpace('/api/note', kibanaSpace)) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') + .query(props.query); + }, + /** + * Get the details of an existing saved Timeline or Timeline template. + */ + getTimeline(props: GetTimelineProps, kibanaSpace: string = 'default') { + return supertest + .get(getRouteUrlForSpace('/api/timeline', kibanaSpace)) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') + .query(props.query); + }, + /** + * Get a list of all saved Timelines or Timeline templates. + */ + getTimelines(props: GetTimelinesProps, kibanaSpace: string = 'default') { + return supertest + .get(getRouteUrlForSpace('/api/timelines', kibanaSpace)) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') + .query(props.query); + }, + /** + * Import Timelines. + */ + importTimelines(props: ImportTimelinesProps, kibanaSpace: string = 'default') { + return supertest + .post(getRouteUrlForSpace('/api/timeline/_import', kibanaSpace)) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') + .send(props.body as object); + }, + /** + * Install or update prepackaged Timelines. + */ + installPrepackedTimelines( + props: InstallPrepackedTimelinesProps, + kibanaSpace: string = 'default' + ) { + return supertest + .post(getRouteUrlForSpace('/api/timeline/_prepackaged', kibanaSpace)) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') + .send(props.body as object); + }, + /** + * Update an existing Timeline. You can update the title, description, date range, pinned events, pinned queries, and/or pinned saved queries of an existing Timeline. + */ + patchTimeline(props: PatchTimelineProps, kibanaSpace: string = 'default') { + return supertest + .patch(getRouteUrlForSpace('/api/timeline', kibanaSpace)) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') + .send(props.body as object); + }, + /** + * Favorite a Timeline or Timeline template for the current user. + */ + persistFavoriteRoute(props: PersistFavoriteRouteProps, kibanaSpace: string = 'default') { + return supertest + .patch(getRouteUrlForSpace('/api/timeline/_favorite', kibanaSpace)) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') + .send(props.body as object); + }, + /** + * Add a note to a Timeline or update an existing note. + */ + persistNoteRoute(props: PersistNoteRouteProps, kibanaSpace: string = 'default') { + return supertest + .patch(getRouteUrlForSpace('/api/note', kibanaSpace)) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') + .send(props.body as object); + }, + /** + * Pin/unpin an event to/from an existing Timeline. + */ + persistPinnedEventRoute(props: PersistPinnedEventRouteProps, kibanaSpace: string = 'default') { + return supertest + .patch(getRouteUrlForSpace('/api/pinned_event', kibanaSpace)) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') + .send(props.body as object); + }, + resolveTimeline(props: ResolveTimelineProps, kibanaSpace: string = 'default') { + return supertest + .get(getRouteUrlForSpace('/api/timeline/resolve', kibanaSpace)) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') + .query(props.query); + }, + }; +} + +export interface CleanDraftTimelinesProps { + body: CleanDraftTimelinesRequestBodyInput; +} +export interface CopyTimelineProps { + body: CopyTimelineRequestBodyInput; +} +export interface CreateTimelinesProps { + body: CreateTimelinesRequestBodyInput; +} +export interface DeleteNoteProps { + body: DeleteNoteRequestBodyInput; +} +export interface DeleteTimelinesProps { + body: DeleteTimelinesRequestBodyInput; +} +export interface ExportTimelinesProps { + query: ExportTimelinesRequestQueryInput; + body: ExportTimelinesRequestBodyInput; +} +export interface GetDraftTimelinesProps { + query: GetDraftTimelinesRequestQueryInput; +} +export interface GetNotesProps { + query: GetNotesRequestQueryInput; +} +export interface GetTimelineProps { + query: GetTimelineRequestQueryInput; +} +export interface GetTimelinesProps { + query: GetTimelinesRequestQueryInput; +} +export interface ImportTimelinesProps { + body: ImportTimelinesRequestBodyInput; +} +export interface InstallPrepackedTimelinesProps { + body: InstallPrepackedTimelinesRequestBodyInput; +} +export interface PatchTimelineProps { + body: PatchTimelineRequestBodyInput; +} +export interface PersistFavoriteRouteProps { + body: PersistFavoriteRouteRequestBodyInput; +} +export interface PersistNoteRouteProps { + body: PersistNoteRouteRequestBodyInput; +} +export interface PersistPinnedEventRouteProps { + body: PersistPinnedEventRouteRequestBodyInput; +} +export interface ResolveTimelineProps { + query: ResolveTimelineRequestQueryInput; +} diff --git a/x-pack/solutions/security/packages/test-api-clients/tsconfig.json b/x-pack/solutions/security/packages/test-api-clients/tsconfig.json new file mode 100644 index 0000000000000..3f3ed0160528c --- /dev/null +++ b/x-pack/solutions/security/packages/test-api-clients/tsconfig.json @@ -0,0 +1,27 @@ +{ + "extends": "../../../../../tsconfig.base.json", + "compilerOptions": { + "outDir": "target/types", + "types": [ + "jest", + "node" + ] + }, + "include": [ + "**/*.ts", + ], + "exclude": [ + "target/**/*" + ], + "kbn_references": [ + "@kbn/core-http-common", + "@kbn/openapi-common", + "@kbn/security-solution-plugin", + "@kbn/spaces-plugin", + "@kbn/ftr-common-functional-services", + "@kbn/securitysolution-endpoint-exceptions-common", + "@kbn/securitysolution-exceptions-common", + "@kbn/securitysolution-lists-common", + "@kbn/osquery-plugin" + ] +} diff --git a/x-pack/solutions/security/plugins/security_solution/scripts/openapi/generate.js b/x-pack/solutions/security/plugins/security_solution/scripts/openapi/generate.js index 6859fe7d53598..98bc43693a646 100644 --- a/x-pack/solutions/security/plugins/security_solution/scripts/openapi/generate.js +++ b/x-pack/solutions/security/plugins/security_solution/scripts/openapi/generate.js @@ -23,15 +23,57 @@ const SECURITY_SOLUTION_ROOT = resolve(__dirname, '../..'); }); await generate({ - title: 'API client for tests', + title: 'Detections API client for tests', rootDir: SECURITY_SOLUTION_ROOT, - sourceGlob: './common/**/*.schema.yaml', + sourceGlob: join(SECURITY_SOLUTION_ROOT, 'common/api/detection_engine/**/*.schema.yaml'), + templateName: 'api_client_supertest', + skipLinting: true, + bundle: { + outFile: join( + REPO_ROOT, + 'x-pack/solutions/security/packages/test-api-clients/supertest/detections.gen.ts' + ), + }, + }); + + await generate({ + title: 'Endpoint Management API client for tests', + rootDir: SECURITY_SOLUTION_ROOT, + sourceGlob: join(SECURITY_SOLUTION_ROOT, 'common/api/endpoint/**/*.schema.yaml'), + templateName: 'api_client_supertest', + skipLinting: true, + bundle: { + outFile: join( + REPO_ROOT, + 'x-pack/solutions/security/packages/test-api-clients/supertest/endpoint_management.gen.ts' + ), + }, + }); + + await generate({ + title: 'Entity Analytics API client for tests', + rootDir: SECURITY_SOLUTION_ROOT, + sourceGlob: join(SECURITY_SOLUTION_ROOT, 'common/api/entity_analytics/**/*.schema.yaml'), + templateName: 'api_client_supertest', + skipLinting: true, + bundle: { + outFile: join( + REPO_ROOT, + 'x-pack/solutions/security/packages/test-api-clients/supertest/entity_analytics.gen.ts' + ), + }, + }); + + await generate({ + title: 'Timelines API client for tests', + rootDir: SECURITY_SOLUTION_ROOT, + sourceGlob: join(SECURITY_SOLUTION_ROOT, 'common/api/timeline/**/*.schema.yaml'), templateName: 'api_client_supertest', skipLinting: true, bundle: { outFile: join( REPO_ROOT, - 'x-pack/solutions/security/test/api_integration/services/security_solution_api.gen.ts' + 'x-pack/solutions/security/packages/test-api-clients/supertest/timelines.gen.ts' ), }, }); diff --git a/x-pack/solutions/security/test/api_integration/services/index.ts b/x-pack/solutions/security/test/api_integration/services/index.ts index 82ea8315c32f6..62188185ad796 100644 --- a/x-pack/solutions/security/test/api_integration/services/index.ts +++ b/x-pack/solutions/security/test/api_integration/services/index.ts @@ -5,15 +5,13 @@ * 2.0. */ +import { SecuritySolutionApiProvider as ExceptionsApiProvider } from '@kbn/security-solution-test-api-clients/supertest/exceptions.gen'; import { services as platformServices } from '@kbn/test-suites-xpack-platform/api_integration/services'; // @ts-ignore not ts yet import { EsSupertestWithoutAuthProvider } from './es_supertest_without_auth'; -import { SecuritySolutionApiProvider } from './security_solution_api.gen'; -import { SecuritySolutionApiProvider as SecuritySolutionExceptionsApiProvider } from './security_solution_exceptions_api.gen'; export const services = { ...platformServices, esSupertestWithoutAuth: EsSupertestWithoutAuthProvider, - securitySolutionApi: SecuritySolutionApiProvider, - securitySolutionExceptionsApi: SecuritySolutionExceptionsApiProvider, + exceptionsApi: ExceptionsApiProvider, }; diff --git a/x-pack/solutions/security/test/api_integration/services/security_solution_api.gen.ts b/x-pack/solutions/security/test/api_integration/services/security_solution_api.gen.ts deleted file mode 100644 index 6bd41f02d3af2..0000000000000 --- a/x-pack/solutions/security/test/api_integration/services/security_solution_api.gen.ts +++ /dev/null @@ -1,2337 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -/* - * NOTICE: Do not edit this file manually. - * This file is automatically generated by the OpenAPI Generator, @kbn/openapi-generator. - * - * info: - * title: API client for tests - * version: Bundle (no version) - */ - -import { - ELASTIC_HTTP_VERSION_HEADER, - X_ELASTIC_INTERNAL_ORIGIN_REQUEST, -} from '@kbn/core-http-common'; -import { replaceParams } from '@kbn/openapi-common/shared'; -import { getRouteUrlForSpace } from '@kbn/spaces-plugin/common'; - -import { AlertsMigrationCleanupRequestBodyInput } from '@kbn/security-solution-plugin/common/api/detection_engine/signals_migration/delete_signals_migration/delete_signals_migration.gen'; -import { BulkUpsertAssetCriticalityRecordsRequestBodyInput } from '@kbn/security-solution-plugin/common/api/entity_analytics/asset_criticality/bulk_upload_asset_criticality.gen'; -import { CleanDraftTimelinesRequestBodyInput } from '@kbn/security-solution-plugin/common/api/timeline/clean_draft_timelines/clean_draft_timelines_route.gen'; -import { ConfigureRiskEngineSavedObjectRequestBodyInput } from '@kbn/security-solution-plugin/common/api/entity_analytics/risk_engine/engine_configure_saved_object_route.gen'; -import { CopyTimelineRequestBodyInput } from '@kbn/security-solution-plugin/common/api/timeline/copy_timeline/copy_timeline_route.gen'; -import { CreateAlertsMigrationRequestBodyInput } from '@kbn/security-solution-plugin/common/api/detection_engine/signals_migration/create_signals_migration/create_signals_migration.gen'; -import { CreateAssetCriticalityRecordRequestBodyInput } from '@kbn/security-solution-plugin/common/api/entity_analytics/asset_criticality/create_asset_criticality.gen'; -import { CreateEntitySourceRequestBodyInput } from '@kbn/security-solution-plugin/common/api/entity_analytics/privilege_monitoring/monitoring_entity_source/monitoring_entity_source.gen'; -import { CreatePrivilegesImportIndexRequestBodyInput } from '@kbn/security-solution-plugin/common/api/entity_analytics/monitoring/create_index.gen'; -import { CreatePrivMonUserRequestBodyInput } from '@kbn/security-solution-plugin/common/api/entity_analytics/privilege_monitoring/users/create.gen'; -import { CreateRuleRequestBodyInput } from '@kbn/security-solution-plugin/common/api/detection_engine/rule_management/crud/create_rule/create_rule_route.gen'; -import { CreateRuleMigrationRequestBodyInput } from '@kbn/security-solution-plugin/common/siem_migrations/model/api/rules/rule_migration.gen'; -import { - CreateRuleMigrationRulesRequestParamsInput, - CreateRuleMigrationRulesRequestBodyInput, -} from '@kbn/security-solution-plugin/common/siem_migrations/model/api/rules/rule_migration.gen'; -import { CreateTimelinesRequestBodyInput } from '@kbn/security-solution-plugin/common/api/timeline/create_timelines/create_timelines_route.gen'; -import { - CreateUpdateProtectionUpdatesNoteRequestParamsInput, - CreateUpdateProtectionUpdatesNoteRequestBodyInput, -} from '@kbn/security-solution-plugin/common/api/endpoint/protection_updates_note/protection_updates_note.gen'; -import { DeleteAssetCriticalityRecordRequestQueryInput } from '@kbn/security-solution-plugin/common/api/entity_analytics/asset_criticality/delete_asset_criticality.gen'; -import { - DeleteEntityEngineRequestQueryInput, - DeleteEntityEngineRequestParamsInput, -} from '@kbn/security-solution-plugin/common/api/entity_analytics/entity_store/engine/delete.gen'; -import { DeleteEntitySourceRequestParamsInput } from '@kbn/security-solution-plugin/common/api/entity_analytics/privilege_monitoring/monitoring_entity_source/monitoring_entity_source.gen'; -import { DeleteMonitoringEngineRequestQueryInput } from '@kbn/security-solution-plugin/common/api/entity_analytics/privilege_monitoring/engine/delete.gen'; -import { DeleteNoteRequestBodyInput } from '@kbn/security-solution-plugin/common/api/timeline/delete_note/delete_note_route.gen'; -import { DeletePrivMonUserRequestParamsInput } from '@kbn/security-solution-plugin/common/api/entity_analytics/privilege_monitoring/users/delete.gen'; -import { DeleteRuleRequestQueryInput } from '@kbn/security-solution-plugin/common/api/detection_engine/rule_management/crud/delete_rule/delete_rule_route.gen'; -import { DeleteRuleMigrationRequestParamsInput } from '@kbn/security-solution-plugin/common/siem_migrations/model/api/rules/rule_migration.gen'; -import { DeleteTimelinesRequestBodyInput } from '@kbn/security-solution-plugin/common/api/timeline/delete_timelines/delete_timelines_route.gen'; -import { DeprecatedTriggerRiskScoreCalculationRequestBodyInput } from '@kbn/security-solution-plugin/common/api/entity_analytics/risk_engine/entity_calculation_route.gen'; -import { EndpointExecuteActionRequestBodyInput } from '@kbn/security-solution-plugin/common/api/endpoint/actions/response_actions/execute/execute.gen'; -import { EndpointFileDownloadRequestParamsInput } from '@kbn/security-solution-plugin/common/api/endpoint/actions/file_download/file_download.gen'; -import { EndpointFileInfoRequestParamsInput } from '@kbn/security-solution-plugin/common/api/endpoint/actions/file_info/file_info.gen'; -import { EndpointGetActionsDetailsRequestParamsInput } from '@kbn/security-solution-plugin/common/api/endpoint/actions/details/details.gen'; -import { EndpointGetActionsListRequestQueryInput } from '@kbn/security-solution-plugin/common/api/endpoint/actions/list/list.gen'; -import { EndpointGetActionsStatusRequestQueryInput } from '@kbn/security-solution-plugin/common/api/endpoint/actions/status/status.gen'; -import { EndpointGetFileActionRequestBodyInput } from '@kbn/security-solution-plugin/common/api/endpoint/actions/response_actions/get_file/get_file.gen'; -import { EndpointGetProcessesActionRequestBodyInput } from '@kbn/security-solution-plugin/common/api/endpoint/actions/response_actions/running_procs/running_procs.gen'; -import { EndpointIsolateActionRequestBodyInput } from '@kbn/security-solution-plugin/common/api/endpoint/actions/response_actions/isolate/isolate.gen'; -import { EndpointKillProcessActionRequestBodyInput } from '@kbn/security-solution-plugin/common/api/endpoint/actions/response_actions/kill_process/kill_process.gen'; -import { EndpointScanActionRequestBodyInput } from '@kbn/security-solution-plugin/common/api/endpoint/actions/response_actions/scan/scan.gen'; -import { EndpointSuspendProcessActionRequestBodyInput } from '@kbn/security-solution-plugin/common/api/endpoint/actions/response_actions/suspend_process/suspend_process.gen'; -import { EndpointUnisolateActionRequestBodyInput } from '@kbn/security-solution-plugin/common/api/endpoint/actions/response_actions/unisolate/unisolate.gen'; -import { - ExportRulesRequestQueryInput, - ExportRulesRequestBodyInput, -} from '@kbn/security-solution-plugin/common/api/detection_engine/rule_management/export_rules/export_rules_route.gen'; -import { - ExportTimelinesRequestQueryInput, - ExportTimelinesRequestBodyInput, -} from '@kbn/security-solution-plugin/common/api/timeline/export_timelines/export_timelines_route.gen'; -import { FinalizeAlertsMigrationRequestBodyInput } from '@kbn/security-solution-plugin/common/api/detection_engine/signals_migration/finalize_signals_migration/finalize_signals_migration.gen'; -import { FindAssetCriticalityRecordsRequestQueryInput } from '@kbn/security-solution-plugin/common/api/entity_analytics/asset_criticality/list_asset_criticality.gen'; -import { FindRulesRequestQueryInput } from '@kbn/security-solution-plugin/common/api/detection_engine/rule_management/find_rules/find_rules_route.gen'; -import { GetAssetCriticalityRecordRequestQueryInput } from '@kbn/security-solution-plugin/common/api/entity_analytics/asset_criticality/get_asset_criticality.gen'; -import { GetDraftTimelinesRequestQueryInput } from '@kbn/security-solution-plugin/common/api/timeline/get_draft_timelines/get_draft_timelines_route.gen'; -import { GetEndpointMetadataListRequestQueryInput } from '@kbn/security-solution-plugin/common/api/endpoint/metadata/get_metadata.gen'; -import { - GetEndpointSuggestionsRequestParamsInput, - GetEndpointSuggestionsRequestBodyInput, -} from '@kbn/security-solution-plugin/common/api/endpoint/suggestions/get_suggestions.gen'; -import { GetEntityEngineRequestParamsInput } from '@kbn/security-solution-plugin/common/api/entity_analytics/entity_store/engine/get.gen'; -import { GetEntitySourceRequestParamsInput } from '@kbn/security-solution-plugin/common/api/entity_analytics/privilege_monitoring/monitoring_entity_source/monitoring_entity_source.gen'; -import { GetEntityStoreStatusRequestQueryInput } from '@kbn/security-solution-plugin/common/api/entity_analytics/entity_store/status.gen'; -import { GetNotesRequestQueryInput } from '@kbn/security-solution-plugin/common/api/timeline/get_notes/get_notes_route.gen'; -import { GetPolicyResponseRequestQueryInput } from '@kbn/security-solution-plugin/common/api/endpoint/policy/policy_response.gen'; -import { GetProtectionUpdatesNoteRequestParamsInput } from '@kbn/security-solution-plugin/common/api/endpoint/protection_updates_note/protection_updates_note.gen'; -import { - GetRuleExecutionEventsRequestQueryInput, - GetRuleExecutionEventsRequestParamsInput, -} from '@kbn/security-solution-plugin/common/api/detection_engine/rule_monitoring/rule_execution_logs/get_rule_execution_events/get_rule_execution_events_route.gen'; -import { - GetRuleExecutionResultsRequestQueryInput, - GetRuleExecutionResultsRequestParamsInput, -} from '@kbn/security-solution-plugin/common/api/detection_engine/rule_monitoring/rule_execution_logs/get_rule_execution_results/get_rule_execution_results_route.gen'; -import { GetRuleMigrationRequestParamsInput } from '@kbn/security-solution-plugin/common/siem_migrations/model/api/rules/rule_migration.gen'; -import { GetRuleMigrationPrebuiltRulesRequestParamsInput } from '@kbn/security-solution-plugin/common/siem_migrations/model/api/rules/rule_migration.gen'; -import { - GetRuleMigrationResourcesRequestQueryInput, - GetRuleMigrationResourcesRequestParamsInput, -} from '@kbn/security-solution-plugin/common/siem_migrations/model/api/rules/rule_migration.gen'; -import { GetRuleMigrationResourcesMissingRequestParamsInput } from '@kbn/security-solution-plugin/common/siem_migrations/model/api/rules/rule_migration.gen'; -import { - GetRuleMigrationRulesRequestQueryInput, - GetRuleMigrationRulesRequestParamsInput, -} from '@kbn/security-solution-plugin/common/siem_migrations/model/api/rules/rule_migration.gen'; -import { GetRuleMigrationStatsRequestParamsInput } from '@kbn/security-solution-plugin/common/siem_migrations/model/api/rules/rule_migration.gen'; -import { GetRuleMigrationTranslationStatsRequestParamsInput } from '@kbn/security-solution-plugin/common/siem_migrations/model/api/rules/rule_migration.gen'; -import { GetTimelineRequestQueryInput } from '@kbn/security-solution-plugin/common/api/timeline/get_timeline/get_timeline_route.gen'; -import { GetTimelinesRequestQueryInput } from '@kbn/security-solution-plugin/common/api/timeline/get_timelines/get_timelines_route.gen'; -import { GetWorkflowInsightsRequestQueryInput } from '@kbn/security-solution-plugin/common/api/endpoint/workflow_insights/workflow_insights.gen'; -import { ImportRulesRequestQueryInput } from '@kbn/security-solution-plugin/common/api/detection_engine/rule_management/import_rules/import_rules_route.gen'; -import { ImportTimelinesRequestBodyInput } from '@kbn/security-solution-plugin/common/api/timeline/import_timelines/import_timelines_route.gen'; -import { - InitEntityEngineRequestParamsInput, - InitEntityEngineRequestBodyInput, -} from '@kbn/security-solution-plugin/common/api/entity_analytics/entity_store/engine/init.gen'; -import { InitEntityStoreRequestBodyInput } from '@kbn/security-solution-plugin/common/api/entity_analytics/entity_store/enable.gen'; -import { - InstallMigrationRulesRequestParamsInput, - InstallMigrationRulesRequestBodyInput, -} from '@kbn/security-solution-plugin/common/siem_migrations/model/api/rules/rule_migration.gen'; -import { InstallPrepackedTimelinesRequestBodyInput } from '@kbn/security-solution-plugin/common/api/timeline/install_prepackaged_timelines/install_prepackaged_timelines_route.gen'; -import { ListEntitiesRequestQueryInput } from '@kbn/security-solution-plugin/common/api/entity_analytics/entity_store/entities/list_entities.gen'; -import { ListEntitySourcesRequestQueryInput } from '@kbn/security-solution-plugin/common/api/entity_analytics/privilege_monitoring/monitoring_entity_source/monitoring_entity_source.gen'; -import { ListPrivMonUsersRequestQueryInput } from '@kbn/security-solution-plugin/common/api/entity_analytics/privilege_monitoring/users/list.gen'; -import { PatchRuleRequestBodyInput } from '@kbn/security-solution-plugin/common/api/detection_engine/rule_management/crud/patch_rule/patch_rule_route.gen'; -import { PatchTimelineRequestBodyInput } from '@kbn/security-solution-plugin/common/api/timeline/patch_timelines/patch_timeline_route.gen'; -import { - PerformRulesBulkActionRequestQueryInput, - PerformRulesBulkActionRequestBodyInput, -} from '@kbn/security-solution-plugin/common/api/detection_engine/rule_management/bulk_actions/bulk_actions_route.gen'; -import { PersistFavoriteRouteRequestBodyInput } from '@kbn/security-solution-plugin/common/api/timeline/persist_favorite/persist_favorite_route.gen'; -import { PersistNoteRouteRequestBodyInput } from '@kbn/security-solution-plugin/common/api/timeline/persist_note/persist_note_route.gen'; -import { PersistPinnedEventRouteRequestBodyInput } from '@kbn/security-solution-plugin/common/api/timeline/pinned_events/pinned_events_route.gen'; -import { PreviewRiskScoreRequestBodyInput } from '@kbn/security-solution-plugin/common/api/entity_analytics/risk_engine/preview_route.gen'; -import { ReadAlertsMigrationStatusRequestQueryInput } from '@kbn/security-solution-plugin/common/api/detection_engine/signals_migration/read_signals_migration_status/read_signals_migration_status.gen'; -import { ReadRuleRequestQueryInput } from '@kbn/security-solution-plugin/common/api/detection_engine/rule_management/crud/read_rule/read_rule_route.gen'; -import { ResolveTimelineRequestQueryInput } from '@kbn/security-solution-plugin/common/api/timeline/resolve_timeline/resolve_timeline_route.gen'; -import { - RulePreviewRequestQueryInput, - RulePreviewRequestBodyInput, -} from '@kbn/security-solution-plugin/common/api/detection_engine/rule_preview/rule_preview.gen'; -import { RunScriptActionRequestBodyInput } from '@kbn/security-solution-plugin/common/api/endpoint/actions/response_actions/run_script/run_script.gen'; -import { SearchAlertsRequestBodyInput } from '@kbn/security-solution-plugin/common/api/detection_engine/signals/query_signals/query_signals_route.gen'; -import { SearchPrivilegesIndicesRequestQueryInput } from '@kbn/security-solution-plugin/common/api/entity_analytics/monitoring/search_indices.gen'; -import { SetAlertAssigneesRequestBodyInput } from '@kbn/security-solution-plugin/common/api/detection_engine/alert_assignees/set_alert_assignees_route.gen'; -import { SetAlertsStatusRequestBodyInput } from '@kbn/security-solution-plugin/common/api/detection_engine/signals/set_signal_status/set_signals_status_route.gen'; -import { SetAlertTagsRequestBodyInput } from '@kbn/security-solution-plugin/common/api/detection_engine/alert_tags/set_alert_tags/set_alert_tags.gen'; -import { StartEntityEngineRequestParamsInput } from '@kbn/security-solution-plugin/common/api/entity_analytics/entity_store/engine/start.gen'; -import { - StartRuleMigrationRequestParamsInput, - StartRuleMigrationRequestBodyInput, -} from '@kbn/security-solution-plugin/common/siem_migrations/model/api/rules/rule_migration.gen'; -import { StopEntityEngineRequestParamsInput } from '@kbn/security-solution-plugin/common/api/entity_analytics/entity_store/engine/stop.gen'; -import { StopRuleMigrationRequestParamsInput } from '@kbn/security-solution-plugin/common/siem_migrations/model/api/rules/rule_migration.gen'; -import { SuggestUserProfilesRequestQueryInput } from '@kbn/security-solution-plugin/common/api/detection_engine/users/suggest_user_profiles_route.gen'; -import { TriggerRiskScoreCalculationRequestBodyInput } from '@kbn/security-solution-plugin/common/api/entity_analytics/risk_engine/entity_calculation_route.gen'; -import { - UpdateEntitySourceRequestParamsInput, - UpdateEntitySourceRequestBodyInput, -} from '@kbn/security-solution-plugin/common/api/entity_analytics/privilege_monitoring/monitoring_entity_source/monitoring_entity_source.gen'; -import { - UpdatePrivMonUserRequestParamsInput, - UpdatePrivMonUserRequestBodyInput, -} from '@kbn/security-solution-plugin/common/api/entity_analytics/privilege_monitoring/users/update.gen'; -import { UpdateRuleRequestBodyInput } from '@kbn/security-solution-plugin/common/api/detection_engine/rule_management/crud/update_rule/update_rule_route.gen'; -import { - UpdateRuleMigrationRequestParamsInput, - UpdateRuleMigrationRequestBodyInput, -} from '@kbn/security-solution-plugin/common/siem_migrations/model/api/rules/rule_migration.gen'; -import { - UpdateRuleMigrationRulesRequestParamsInput, - UpdateRuleMigrationRulesRequestBodyInput, -} from '@kbn/security-solution-plugin/common/siem_migrations/model/api/rules/rule_migration.gen'; -import { - UpdateWorkflowInsightRequestParamsInput, - UpdateWorkflowInsightRequestBodyInput, -} from '@kbn/security-solution-plugin/common/api/endpoint/workflow_insights/workflow_insights.gen'; -import { - UpsertRuleMigrationResourcesRequestParamsInput, - UpsertRuleMigrationResourcesRequestBodyInput, -} from '@kbn/security-solution-plugin/common/siem_migrations/model/api/rules/rule_migration.gen'; -import { FtrProviderContext } from '@kbn/test-suites-xpack-platform/api_integration/ftr_provider_context'; - -export function SecuritySolutionApiProvider({ getService }: FtrProviderContext) { - const supertest = getService('supertest'); - - return { - /** - * Migrations favor data integrity over shard size. Consequently, unused or orphaned indices are artifacts of -the migration process. A successful migration will result in both the old and new indices being present. -As such, the old, orphaned index can (and likely should) be deleted. - -While you can delete these indices manually, -the endpoint accomplishes this task by applying a deletion policy to the relevant index, causing it to be deleted -after 30 days. It also deletes other artifacts specific to the migration implementation. - - */ - alertsMigrationCleanup(props: AlertsMigrationCleanupProps, kibanaSpace: string = 'default') { - return supertest - .delete(getRouteUrlForSpace('/api/detection_engine/signals/migration', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object); - }, - applyEntityEngineDataviewIndices(kibanaSpace: string = 'default') { - return supertest - .post(getRouteUrlForSpace('/api/entity_store/engines/apply_dataview_indices', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); - }, - assetCriticalityGetPrivileges(kibanaSpace: string = 'default') { - return supertest - .get(getRouteUrlForSpace('/internal/asset_criticality/privileges', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '1') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); - }, - /** - * Ensures that the packages needed for prebuilt detection rules to work are installed and up to date - */ - bootstrapPrebuiltRules(kibanaSpace: string = 'default') { - return supertest - .post( - getRouteUrlForSpace('/internal/detection_engine/prebuilt_rules/_bootstrap', kibanaSpace) - ) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '1') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); - }, - /** - * Bulk upsert up to 1000 asset criticality records. - -If asset criticality records already exist for the specified entities, those records are overwritten with the specified values. If asset criticality records don't exist for the specified entities, new records are created. - - */ - bulkUpsertAssetCriticalityRecords( - props: BulkUpsertAssetCriticalityRecordsProps, - kibanaSpace: string = 'default' - ) { - return supertest - .post(getRouteUrlForSpace('/api/asset_criticality/bulk', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object); - }, - /** - * Create a clean draft Timeline or Timeline template for the current user. -> info -> If the user already has a draft Timeline, the existing draft Timeline is cleared and returned. - - */ - cleanDraftTimelines(props: CleanDraftTimelinesProps, kibanaSpace: string = 'default') { - return supertest - .post(getRouteUrlForSpace('/api/timeline/_draft', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object); - }, - /** - * Cleaning up the the Risk Engine by removing the indices, mapping and transforms - */ - cleanUpRiskEngine(kibanaSpace: string = 'default') { - return supertest - .delete(getRouteUrlForSpace('/api/risk_score/engine/dangerously_delete_data', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); - }, - /** - * Configuring the Risk Engine Saved Object - */ - configureRiskEngineSavedObject( - props: ConfigureRiskEngineSavedObjectProps, - kibanaSpace: string = 'default' - ) { - return supertest - .patch(getRouteUrlForSpace('/api/risk_score/engine/saved_object/configure', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object); - }, - /** - * Copies and returns a timeline or timeline template. - - */ - copyTimeline(props: CopyTimelineProps, kibanaSpace: string = 'default') { - return supertest - .get(getRouteUrlForSpace('/api/timeline/_copy', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object); - }, - createAlertsIndex(kibanaSpace: string = 'default') { - return supertest - .post(getRouteUrlForSpace('/api/detection_engine/index', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); - }, - /** - * Initiate a migration of detection alerts. -Migrations are initiated per index. While the process is neither destructive nor interferes with existing data, it may be resource-intensive. As such, it is recommended that you plan your migrations accordingly. - - */ - createAlertsMigration(props: CreateAlertsMigrationProps, kibanaSpace: string = 'default') { - return supertest - .post(getRouteUrlForSpace('/api/detection_engine/signals/migration', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object); - }, - /** - * Create or update an asset criticality record for a specific entity. - -If a record already exists for the specified entity, that record is overwritten with the specified value. If a record doesn't exist for the specified entity, a new record is created. - - */ - createAssetCriticalityRecord( - props: CreateAssetCriticalityRecordProps, - kibanaSpace: string = 'default' - ) { - return supertest - .post(getRouteUrlForSpace('/api/asset_criticality', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object); - }, - createEntitySource(props: CreateEntitySourceProps, kibanaSpace: string = 'default') { - return supertest - .post(getRouteUrlForSpace('/api/entity_analytics/monitoring/entity_source', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object); - }, - createPrivilegesImportIndex( - props: CreatePrivilegesImportIndexProps, - kibanaSpace: string = 'default' - ) { - return supertest - .put( - getRouteUrlForSpace('/api/entity_analytics/monitoring/privileges/indices', kibanaSpace) - ) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object); - }, - createPrivMonUser(props: CreatePrivMonUserProps, kibanaSpace: string = 'default') { - return supertest - .post(getRouteUrlForSpace('/api/entity_analytics/monitoring/users', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object); - }, - /** - * Create a new detection rule. -> warn -> When used with [API key](https://www.elastic.co/docs/deploy-manage/api-keys) authentication, the user's key gets assigned to the affected rules. If the user's key gets deleted or the user becomes inactive, the rules will stop running. - -> If the API key that is used for authorization has different privileges than the key that created or most recently updated the rule, the rule behavior might change. - -You can create the following types of rules: - -* **Custom query**: Searches the defined indices and creates an alert when a document matches the rule's KQL query. -* **Event correlation**: Searches the defined indices and creates an alert when results match an [Event Query Language (EQL)](https://www.elastic.co/guide/en/elasticsearch/reference/current/eql.html) query. -* **Threshold**: Searches the defined indices and creates an alert when the number of times the specified field's value meets the threshold during a single execution. When there are multiple values that meet the threshold, an alert is generated for each value. - For example, if the threshold `field` is `source.ip` and its `value` is `10`, an alert is generated for every source IP address that appears in at least 10 of the rule's search results. If you're interested, see [Terms Aggregation](https://www.elastic.co/guide/en/elasticsearch/reference/current/search-aggregations-bucket-terms-aggregation.html) for more information. -* **Indicator match**: Creates an alert when fields match values defined in the specified [Elasticsearch index](https://www.elastic.co/guide/en/elasticsearch/reference/current/indices-create-index.html). For example, you can create an index for IP addresses and use this index to create an alert whenever an event's `destination.ip` equals a value in the index. The index's field mappings should be [ECS-compliant](https://www.elastic.co/guide/en/ecs/current/ecs-reference.html). -* **New terms**: Generates an alert for each new term detected in source documents within a specified time range. -* **ES|QL**: Uses [Elasticsearch Query Language (ES|QL)](https://www.elastic.co/guide/en/elasticsearch/reference/current/esql.html) to find events and aggregate search results. -* **Machine learning rules**: Creates an alert when a machine learning job discovers an anomaly above the defined threshold. -> info -> To create machine learning rules, you must have the [appropriate license](https://www.elastic.co/subscriptions) or use a [cloud deployment](https://cloud.elastic.co/registration). Additionally, for the machine learning rule to function correctly, the associated machine learning job must be running. - -To retrieve machine learning job IDs, which are required to create machine learning jobs, call the [Elasticsearch Get jobs API](https://www.elastic.co/guide/en/elasticsearch/reference/current/ml-get-job.html). Machine learning jobs that contain `siem` in the `groups` field can be used to create rules: - -```json -... -"job_id": "linux_anomalous_network_activity_ecs", -"job_type": "anomaly_detector", -"job_version": "7.7.0", -"groups": [ - "auditbeat", - "process", - "siem" -], -... -``` - -Additionally, you can set up notifications for when rules create alerts. The notifications use the [Alerting and Actions framework](https://www.elastic.co/guide/en/kibana/current/alerting-getting-started.html). Each action type requires a connector. Connectors store the information required to send notifications via external systems. The following connector types are supported for rule notifications: - -* Slack -* Email -* PagerDuty -* Webhook -* Microsoft Teams -* IBM Resilient -* Jira -* ServiceNow ITSM -> info -> For more information on PagerDuty fields, see [Send a v2 Event](https://developer.pagerduty.com/docs/events-api-v2/trigger-events/). - -To retrieve connector IDs, which are required to configure rule notifications, call the [Find objects API](https://www.elastic.co/guide/en/kibana/current/saved-objects-api-find.html) with `"type": "action"` in the request payload. - -For detailed information on Kibana actions and alerting, and additional API calls, see: - -* [Alerting API](https://www.elastic.co/docs/api/doc/kibana/group/endpoint-alerting) -* [Alerting and Actions framework](https://www.elastic.co/guide/en/kibana/current/alerting-getting-started.html) -* [Connectors API](https://www.elastic.co/docs/api/doc/kibana/group/endpoint-connectors) - - */ - createRule(props: CreateRuleProps, kibanaSpace: string = 'default') { - return supertest - .post(getRouteUrlForSpace('/api/detection_engine/rules', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object); - }, - /** - * Creates a new rule migration and returns the corresponding migration_id - */ - createRuleMigration(props: CreateRuleMigrationProps, kibanaSpace: string = 'default') { - return supertest - .put(getRouteUrlForSpace('/internal/siem_migrations/rules', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '1') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object); - }, - /** - * Adds original vendor rules to an already existing migration. Can be called multiple times to add more rules - */ - createRuleMigrationRules( - props: CreateRuleMigrationRulesProps, - kibanaSpace: string = 'default' - ) { - return supertest - .post( - getRouteUrlForSpace( - replaceParams('/internal/siem_migrations/rules/{migration_id}/rules', props.params), - kibanaSpace - ) - ) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '1') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object); - }, - /** - * Create a new Timeline or Timeline template. - */ - createTimelines(props: CreateTimelinesProps, kibanaSpace: string = 'default') { - return supertest - .post(getRouteUrlForSpace('/api/timeline', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object); - }, - createUpdateProtectionUpdatesNote( - props: CreateUpdateProtectionUpdatesNoteProps, - kibanaSpace: string = 'default' - ) { - return supertest - .post( - getRouteUrlForSpace( - replaceParams( - '/api/endpoint/protection_updates_note/{package_policy_id}', - props.params - ), - kibanaSpace - ) - ) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object); - }, - deleteAlertsIndex(kibanaSpace: string = 'default') { - return supertest - .delete(getRouteUrlForSpace('/api/detection_engine/index', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); - }, - /** - * Delete the asset criticality record for a specific entity. - */ - deleteAssetCriticalityRecord( - props: DeleteAssetCriticalityRecordProps, - kibanaSpace: string = 'default' - ) { - return supertest - .delete(getRouteUrlForSpace('/api/asset_criticality', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .query(props.query); - }, - deleteEntityEngine(props: DeleteEntityEngineProps, kibanaSpace: string = 'default') { - return supertest - .delete( - getRouteUrlForSpace( - replaceParams('/api/entity_store/engines/{entityType}', props.params), - kibanaSpace - ) - ) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .query(props.query); - }, - deleteEntitySource(props: DeleteEntitySourceProps, kibanaSpace: string = 'default') { - return supertest - .delete( - getRouteUrlForSpace( - replaceParams('/api/entity_analytics/monitoring/entity_source/{id}', props.params), - kibanaSpace - ) - ) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); - }, - deleteMonitoringEngine(props: DeleteMonitoringEngineProps, kibanaSpace: string = 'default') { - return supertest - .delete(getRouteUrlForSpace('/api/entity_analytics/monitoring/engine/delete', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .query(props.query); - }, - /** - * Delete a note from a Timeline using the note ID. - */ - deleteNote(props: DeleteNoteProps, kibanaSpace: string = 'default') { - return supertest - .delete(getRouteUrlForSpace('/api/note', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object); - }, - deletePrivMonUser(props: DeletePrivMonUserProps, kibanaSpace: string = 'default') { - return supertest - .delete( - getRouteUrlForSpace( - replaceParams('/api/entity_analytics/monitoring/users/{id}', props.params), - kibanaSpace - ) - ) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); - }, - /** - * Delete a detection rule using the `rule_id` or `id` field. - -The URL query must include one of the following: - -* `id` - `DELETE /api/detection_engine/rules?id=` -* `rule_id`- `DELETE /api/detection_engine/rules?rule_id=` - -The difference between the `id` and `rule_id` is that the `id` is a unique rule identifier that is randomly generated when a rule is created and cannot be set, whereas `rule_id` is a stable rule identifier that can be assigned during rule creation. - - */ - deleteRule(props: DeleteRuleProps, kibanaSpace: string = 'default') { - return supertest - .delete(getRouteUrlForSpace('/api/detection_engine/rules', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .query(props.query); - }, - /** - * Deletes a rule migration document stored in the system given the rule migration id - */ - deleteRuleMigration(props: DeleteRuleMigrationProps, kibanaSpace: string = 'default') { - return supertest - .delete( - getRouteUrlForSpace( - replaceParams('/internal/siem_migrations/rules/{migration_id}', props.params), - kibanaSpace - ) - ) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '1') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); - }, - /** - * Delete one or more Timelines or Timeline templates. - */ - deleteTimelines(props: DeleteTimelinesProps, kibanaSpace: string = 'default') { - return supertest - .delete(getRouteUrlForSpace('/api/timeline', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object); - }, - /** - * Calculates and persists Risk Scores for an entity, returning the calculated risk score. - */ - deprecatedTriggerRiskScoreCalculation( - props: DeprecatedTriggerRiskScoreCalculationProps, - kibanaSpace: string = 'default' - ) { - return supertest - .post(getRouteUrlForSpace('/api/risk_scores/calculation/entity', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '1') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object); - }, - disableMonitoringEngine(kibanaSpace: string = 'default') { - return supertest - .post(getRouteUrlForSpace('/api/entity_analytics/monitoring/engine/disable', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); - }, - disableRiskEngine(kibanaSpace: string = 'default') { - return supertest - .post(getRouteUrlForSpace('/internal/risk_score/engine/disable', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '1') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); - }, - enableRiskEngine(kibanaSpace: string = 'default') { - return supertest - .post(getRouteUrlForSpace('/internal/risk_score/engine/enable', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '1') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); - }, - /** - * Run a shell command on an endpoint. - */ - endpointExecuteAction(props: EndpointExecuteActionProps, kibanaSpace: string = 'default') { - return supertest - .post(getRouteUrlForSpace('/api/endpoint/action/execute', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object); - }, - /** - * Download a file from an endpoint. -> info -> To construct a `file_id`, combine the `action_id` and `agent_id` values using a dot separator: -> {`file_id`} = {`action_id`}`.`{`agent_id`} - - */ - endpointFileDownload(props: EndpointFileDownloadProps, kibanaSpace: string = 'default') { - return supertest - .get( - getRouteUrlForSpace( - replaceParams('/api/endpoint/action/{action_id}/file/{file_id}/download', props.params), - kibanaSpace - ) - ) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); - }, - /** - * Get information for the specified file using the file ID. -> info -> To construct a `file_id`, combine the `action_id` and `agent_id` values using a dot separator: -> {`file_id`} = {`action_id`}`.`{`agent_id`} - - */ - endpointFileInfo(props: EndpointFileInfoProps, kibanaSpace: string = 'default') { - return supertest - .get( - getRouteUrlForSpace( - replaceParams('/api/endpoint/action/{action_id}/file/{file_id}', props.params), - kibanaSpace - ) - ) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); - }, - /** - * Get the details of a response action using the action ID. - */ - endpointGetActionsDetails( - props: EndpointGetActionsDetailsProps, - kibanaSpace: string = 'default' - ) { - return supertest - .get( - getRouteUrlForSpace( - replaceParams('/api/endpoint/action/{action_id}', props.params), - kibanaSpace - ) - ) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); - }, - /** - * Get a list of all response actions. - */ - endpointGetActionsList(props: EndpointGetActionsListProps, kibanaSpace: string = 'default') { - return supertest - .get(getRouteUrlForSpace('/api/endpoint/action', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .query(props.query); - }, - /** - * Get a response actions state, which reports whether encryption is enabled. - */ - endpointGetActionsState(kibanaSpace: string = 'default') { - return supertest - .get(getRouteUrlForSpace('/api/endpoint/action/state', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); - }, - /** - * Get the status of response actions for the specified agent IDs. - */ - endpointGetActionsStatus( - props: EndpointGetActionsStatusProps, - kibanaSpace: string = 'default' - ) { - return supertest - .get(getRouteUrlForSpace('/api/endpoint/action_status', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .query(props.query); - }, - /** - * Get a file from an endpoint. - */ - endpointGetFileAction(props: EndpointGetFileActionProps, kibanaSpace: string = 'default') { - return supertest - .post(getRouteUrlForSpace('/api/endpoint/action/get_file', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object); - }, - /** - * Get a list of all processes running on an endpoint. - */ - endpointGetProcessesAction( - props: EndpointGetProcessesActionProps, - kibanaSpace: string = 'default' - ) { - return supertest - .post(getRouteUrlForSpace('/api/endpoint/action/running_procs', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object); - }, - /** - * Isolate an endpoint from the network. The endpoint remains isolated until it's released. - */ - endpointIsolateAction(props: EndpointIsolateActionProps, kibanaSpace: string = 'default') { - return supertest - .post(getRouteUrlForSpace('/api/endpoint/action/isolate', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object); - }, - /** - * Terminate a running process on an endpoint. - */ - endpointKillProcessAction( - props: EndpointKillProcessActionProps, - kibanaSpace: string = 'default' - ) { - return supertest - .post(getRouteUrlForSpace('/api/endpoint/action/kill_process', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object); - }, - /** - * Scan a specific file or directory on an endpoint for malware. - */ - endpointScanAction(props: EndpointScanActionProps, kibanaSpace: string = 'default') { - return supertest - .post(getRouteUrlForSpace('/api/endpoint/action/scan', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object); - }, - /** - * Suspend a running process on an endpoint. - */ - endpointSuspendProcessAction( - props: EndpointSuspendProcessActionProps, - kibanaSpace: string = 'default' - ) { - return supertest - .post(getRouteUrlForSpace('/api/endpoint/action/suspend_process', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object); - }, - /** - * Release an isolated endpoint, allowing it to rejoin a network. - */ - endpointUnisolateAction(props: EndpointUnisolateActionProps, kibanaSpace: string = 'default') { - return supertest - .post(getRouteUrlForSpace('/api/endpoint/action/unisolate', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object); - }, - /** - * Upload a file to an endpoint. - */ - endpointUploadAction(kibanaSpace: string = 'default') { - return supertest - .post(getRouteUrlForSpace('/api/endpoint/action/upload', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); - }, - entityStoreGetPrivileges(kibanaSpace: string = 'default') { - return supertest - .get(getRouteUrlForSpace('/internal/entity_store/privileges', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '1') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); - }, - /** - * Export detection rules to an `.ndjson` file. The following configuration items are also included in the `.ndjson` file: -- Actions -- Exception lists -> info -> Rule actions and connectors are included in the exported file, but sensitive information about the connector (such as authentication credentials) is not included. You must re-add missing connector details after importing detection rules. - -> You can use Kibana’s [Saved Objects](https://www.elastic.co/guide/en/kibana/current/managing-saved-objects.html) UI (Stack Management → Kibana → Saved Objects) or the Saved Objects APIs (experimental) to [export](https://www.elastic.co/docs/api/doc/kibana/operation/operation-exportsavedobjectsdefault) and [import](https://www.elastic.co/docs/api/doc/kibana/operation/operation-importsavedobjectsdefault) any necessary connectors before importing detection rules. - -> Similarly, any value lists used for rule exceptions are not included in rule exports or imports. Use the [Manage value lists](https://www.elastic.co/guide/en/security/current/value-lists-exceptions.html#manage-value-lists) UI (Rules → Detection rules (SIEM) → Manage value lists) to export and import value lists separately. - - */ - exportRules(props: ExportRulesProps, kibanaSpace: string = 'default') { - return supertest - .post(getRouteUrlForSpace('/api/detection_engine/rules/_export', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object) - .query(props.query); - }, - /** - * Export Timelines as an NDJSON file. - */ - exportTimelines(props: ExportTimelinesProps, kibanaSpace: string = 'default') { - return supertest - .post(getRouteUrlForSpace('/api/timeline/_export', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object) - .query(props.query); - }, - /** - * Finalize successful migrations of detection alerts. This replaces the original index's alias with the successfully migrated index's alias. -The endpoint is idempotent; therefore, it can safely be used to poll a given migration and, upon completion, -finalize it. - - */ - finalizeAlertsMigration(props: FinalizeAlertsMigrationProps, kibanaSpace: string = 'default') { - return supertest - .post(getRouteUrlForSpace('/api/detection_engine/signals/finalize_migration', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object); - }, - /** - * List asset criticality records, paging, sorting and filtering as needed. - */ - findAssetCriticalityRecords( - props: FindAssetCriticalityRecordsProps, - kibanaSpace: string = 'default' - ) { - return supertest - .get(getRouteUrlForSpace('/api/asset_criticality/list', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .query(props.query); - }, - /** - * Retrieve a paginated list of detection rules. By default, the first page is returned, with 20 results per page. - */ - findRules(props: FindRulesProps, kibanaSpace: string = 'default') { - return supertest - .get(getRouteUrlForSpace('/api/detection_engine/rules/_find', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .query(props.query); - }, - /** - * Retrieves the rule migrations stats for all migrations stored in the system - */ - getAllStatsRuleMigration(kibanaSpace: string = 'default') { - return supertest - .get(getRouteUrlForSpace('/internal/siem_migrations/rules/stats', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '1') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); - }, - /** - * Get the asset criticality record for a specific entity. - */ - getAssetCriticalityRecord( - props: GetAssetCriticalityRecordProps, - kibanaSpace: string = 'default' - ) { - return supertest - .get(getRouteUrlForSpace('/api/asset_criticality', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .query(props.query); - }, - getAssetCriticalityStatus(kibanaSpace: string = 'default') { - return supertest - .get(getRouteUrlForSpace('/internal/asset_criticality/status', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '1') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); - }, - /** - * Get the details of the draft Timeline or Timeline template for the current user. If the user doesn't have a draft Timeline, an empty Timeline is returned. - */ - getDraftTimelines(props: GetDraftTimelinesProps, kibanaSpace: string = 'default') { - return supertest - .get(getRouteUrlForSpace('/api/timeline/_draft', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .query(props.query); - }, - getEndpointMetadataList(props: GetEndpointMetadataListProps, kibanaSpace: string = 'default') { - return supertest - .get(getRouteUrlForSpace('/api/endpoint/metadata', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .query(props.query); - }, - getEndpointSuggestions(props: GetEndpointSuggestionsProps, kibanaSpace: string = 'default') { - return supertest - .post( - getRouteUrlForSpace( - replaceParams('/internal/api/endpoint/suggestions/{suggestion_type}', props.params), - kibanaSpace - ) - ) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object); - }, - getEntityEngine(props: GetEntityEngineProps, kibanaSpace: string = 'default') { - return supertest - .get( - getRouteUrlForSpace( - replaceParams('/api/entity_store/engines/{entityType}', props.params), - kibanaSpace - ) - ) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); - }, - getEntitySource(props: GetEntitySourceProps, kibanaSpace: string = 'default') { - return supertest - .get( - getRouteUrlForSpace( - replaceParams('/api/entity_analytics/monitoring/entity_source/{id}', props.params), - kibanaSpace - ) - ) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); - }, - getEntityStoreStatus(props: GetEntityStoreStatusProps, kibanaSpace: string = 'default') { - return supertest - .get(getRouteUrlForSpace('/api/entity_store/status', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .query(props.query); - }, - /** - * Get all notes for a given document. - */ - getNotes(props: GetNotesProps, kibanaSpace: string = 'default') { - return supertest - .get(getRouteUrlForSpace('/api/note', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .query(props.query); - }, - getPolicyResponse(props: GetPolicyResponseProps, kibanaSpace: string = 'default') { - return supertest - .get(getRouteUrlForSpace('/api/endpoint/policy_response', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .query(props.query); - }, - getPrivilegedAccessDetectionPackageStatus(kibanaSpace: string = 'default') { - return supertest - .get( - getRouteUrlForSpace( - '/api/entity_analytics/privileged_user_monitoring/pad/status', - kibanaSpace - ) - ) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); - }, - getProtectionUpdatesNote( - props: GetProtectionUpdatesNoteProps, - kibanaSpace: string = 'default' - ) { - return supertest - .get( - getRouteUrlForSpace( - replaceParams( - '/api/endpoint/protection_updates_note/{package_policy_id}', - props.params - ), - kibanaSpace - ) - ) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); - }, - /** - * Returns the status of both the legacy transform-based risk engine, as well as the new risk engine - */ - getRiskEngineStatus(kibanaSpace: string = 'default') { - return supertest - .get(getRouteUrlForSpace('/internal/risk_score/engine/status', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '1') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); - }, - getRuleExecutionEvents(props: GetRuleExecutionEventsProps, kibanaSpace: string = 'default') { - return supertest - .put( - getRouteUrlForSpace( - replaceParams( - '/internal/detection_engine/rules/{ruleId}/execution/events', - props.params - ), - kibanaSpace - ) - ) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '1') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .query(props.query); - }, - getRuleExecutionResults(props: GetRuleExecutionResultsProps, kibanaSpace: string = 'default') { - return supertest - .put( - getRouteUrlForSpace( - replaceParams( - '/internal/detection_engine/rules/{ruleId}/execution/results', - props.params - ), - kibanaSpace - ) - ) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '1') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .query(props.query); - }, - /** - * Retrieves the rule migration document stored in the system given the rule migration id - */ - getRuleMigration(props: GetRuleMigrationProps, kibanaSpace: string = 'default') { - return supertest - .get( - getRouteUrlForSpace( - replaceParams('/internal/siem_migrations/rules/{migration_id}', props.params), - kibanaSpace - ) - ) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '1') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); - }, - /** - * Retrieves all related integrations - */ - getRuleMigrationIntegrations(kibanaSpace: string = 'default') { - return supertest - .get(getRouteUrlForSpace('/internal/siem_migrations/rules/integrations', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '1') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); - }, - /** - * Retrieves the stats of all the integrations for all the rule migrations, including the number of rules associated with the integration - */ - getRuleMigrationIntegrationsStats(kibanaSpace: string = 'default') { - return supertest - .get(getRouteUrlForSpace('/internal/siem_migrations/rules/integrations/stats', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '1') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); - }, - /** - * Retrieves all available prebuilt rules (installed and installable) - */ - getRuleMigrationPrebuiltRules( - props: GetRuleMigrationPrebuiltRulesProps, - kibanaSpace: string = 'default' - ) { - return supertest - .get( - getRouteUrlForSpace( - replaceParams( - '/internal/siem_migrations/rules/{migration_id}/prebuilt_rules', - props.params - ), - kibanaSpace - ) - ) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '1') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); - }, - /** - * Identifies the privileges required for a SIEM rules migration and returns the missing privileges - */ - getRuleMigrationPrivileges(kibanaSpace: string = 'default') { - return supertest - .get(getRouteUrlForSpace('/internal/siem_migrations/rules/missing_privileges', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '1') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); - }, - /** - * Retrieves resources for an existing SIEM rules migration - */ - getRuleMigrationResources( - props: GetRuleMigrationResourcesProps, - kibanaSpace: string = 'default' - ) { - return supertest - .get( - getRouteUrlForSpace( - replaceParams('/internal/siem_migrations/rules/{migration_id}/resources', props.params), - kibanaSpace - ) - ) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '1') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .query(props.query); - }, - /** - * Identifies missing resources from all the rules of an existing SIEM rules migration - */ - getRuleMigrationResourcesMissing( - props: GetRuleMigrationResourcesMissingProps, - kibanaSpace: string = 'default' - ) { - return supertest - .get( - getRouteUrlForSpace( - replaceParams( - '/internal/siem_migrations/rules/{migration_id}/resources/missing', - props.params - ), - kibanaSpace - ) - ) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '1') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); - }, - /** - * Retrieves the the list of rules included in a migration given the migration id - */ - getRuleMigrationRules(props: GetRuleMigrationRulesProps, kibanaSpace: string = 'default') { - return supertest - .get( - getRouteUrlForSpace( - replaceParams('/internal/siem_migrations/rules/{migration_id}/rules', props.params), - kibanaSpace - ) - ) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '1') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .query(props.query); - }, - /** - * Retrieves the stats of a SIEM rules migration using the migration id provided - */ - getRuleMigrationStats(props: GetRuleMigrationStatsProps, kibanaSpace: string = 'default') { - return supertest - .get( - getRouteUrlForSpace( - replaceParams('/internal/siem_migrations/rules/{migration_id}/stats', props.params), - kibanaSpace - ) - ) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '1') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); - }, - /** - * Retrieves the translation stats of a SIEM rules migration using the migration id provided - */ - getRuleMigrationTranslationStats( - props: GetRuleMigrationTranslationStatsProps, - kibanaSpace: string = 'default' - ) { - return supertest - .get( - getRouteUrlForSpace( - replaceParams( - '/internal/siem_migrations/rules/{migration_id}/translation_stats', - props.params - ), - kibanaSpace - ) - ) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '1') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); - }, - /** - * Get the details of an existing saved Timeline or Timeline template. - */ - getTimeline(props: GetTimelineProps, kibanaSpace: string = 'default') { - return supertest - .get(getRouteUrlForSpace('/api/timeline', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .query(props.query); - }, - /** - * Get a list of all saved Timelines or Timeline templates. - */ - getTimelines(props: GetTimelinesProps, kibanaSpace: string = 'default') { - return supertest - .get(getRouteUrlForSpace('/api/timelines', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .query(props.query); - }, - getWorkflowInsights(props: GetWorkflowInsightsProps, kibanaSpace: string = 'default') { - return supertest - .get(getRouteUrlForSpace('/internal/api/endpoint/workflow_insights', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '1') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .query(props.query); - }, - /** - * Import detection rules from an `.ndjson` file, including actions and exception lists. The request must include: -- The `Content-Type: multipart/form-data` HTTP header. -- A link to the `.ndjson` file containing the rules. -> warn -> When used with [API key](https://www.elastic.co/docs/deploy-manage/api-keys) authentication, the user's key gets assigned to the affected rules. If the user's key gets deleted or the user becomes inactive, the rules will stop running. - -> If the API key that is used for authorization has different privileges than the key that created or most recently updated the rule, the rule behavior might change. -> info -> To import rules with actions, you need at least Read privileges for the Action and Connectors feature. To overwrite or add new connectors, you need All privileges for the Actions and Connectors feature. To import rules without actions, you don’t need Actions and Connectors privileges. Refer to [Enable and access detections](https://www.elastic.co/guide/en/security/current/detections-permissions-section.html#enable-detections-ui) for more information. - -> info -> Rule actions and connectors are included in the exported file, but sensitive information about the connector (such as authentication credentials) is not included. You must re-add missing connector details after importing detection rules. - -> You can use Kibana’s [Saved Objects](https://www.elastic.co/guide/en/kibana/current/managing-saved-objects.html) UI (Stack Management → Kibana → Saved Objects) or the Saved Objects APIs (experimental) to [export](https://www.elastic.co/docs/api/doc/kibana/operation/operation-exportsavedobjectsdefault) and [import](https://www.elastic.co/docs/api/doc/kibana/operation/operation-importsavedobjectsdefault) any necessary connectors before importing detection rules. - -> Similarly, any value lists used for rule exceptions are not included in rule exports or imports. Use the [Manage value lists](https://www.elastic.co/guide/en/security/current/value-lists-exceptions.html#manage-value-lists) UI (Rules → Detection rules (SIEM) → Manage value lists) to export and import value lists separately. - - */ - importRules(props: ImportRulesProps, kibanaSpace: string = 'default') { - return supertest - .post(getRouteUrlForSpace('/api/detection_engine/rules/_import', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .query(props.query); - }, - /** - * Import Timelines. - */ - importTimelines(props: ImportTimelinesProps, kibanaSpace: string = 'default') { - return supertest - .post(getRouteUrlForSpace('/api/timeline/_import', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object); - }, - initEntityEngine(props: InitEntityEngineProps, kibanaSpace: string = 'default') { - return supertest - .post( - getRouteUrlForSpace( - replaceParams('/api/entity_store/engines/{entityType}/init', props.params), - kibanaSpace - ) - ) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object); - }, - initEntityStore(props: InitEntityStoreProps, kibanaSpace: string = 'default') { - return supertest - .post(getRouteUrlForSpace('/api/entity_store/enable', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object); - }, - initMonitoringEngine(kibanaSpace: string = 'default') { - return supertest - .post(getRouteUrlForSpace('/api/entity_analytics/monitoring/engine/init', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); - }, - /** - * Initializes the Risk Engine by creating the necessary indices and mappings, removing old transforms, and starting the new risk engine - */ - initRiskEngine(kibanaSpace: string = 'default') { - return supertest - .post(getRouteUrlForSpace('/internal/risk_score/engine/init', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '1') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); - }, - /** - * Installs migration rules - */ - installMigrationRules(props: InstallMigrationRulesProps, kibanaSpace: string = 'default') { - return supertest - .post( - getRouteUrlForSpace( - replaceParams('/internal/siem_migrations/rules/{migration_id}/install', props.params), - kibanaSpace - ) - ) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '1') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object); - }, - /** - * Install and update all Elastic prebuilt detection rules and Timelines. - -This endpoint allows you to install and update prebuilt detection rules and Timelines provided by Elastic. -When you call this endpoint, it will: -- Install any new prebuilt detection rules that are not currently installed in your system. -- Update any existing prebuilt detection rules that have been modified or improved by Elastic. -- Install any new prebuilt Timelines that are not currently installed in your system. -- Update any existing prebuilt Timelines that have been modified or improved by Elastic. - -This ensures that your detection engine is always up-to-date with the latest rules and Timelines, -providing you with the most current and effective threat detection capabilities. - - */ - installPrebuiltRulesAndTimelines(kibanaSpace: string = 'default') { - return supertest - .put(getRouteUrlForSpace('/api/detection_engine/rules/prepackaged', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); - }, - /** - * Install or update prepackaged Timelines. - */ - installPrepackedTimelines( - props: InstallPrepackedTimelinesProps, - kibanaSpace: string = 'default' - ) { - return supertest - .post(getRouteUrlForSpace('/api/timeline/_prepackaged', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object); - }, - installPrivilegedAccessDetectionPackage(kibanaSpace: string = 'default') { - return supertest - .post( - getRouteUrlForSpace( - '/api/entity_analytics/privileged_user_monitoring/pad/install', - kibanaSpace - ) - ) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); - }, - internalUploadAssetCriticalityRecords(kibanaSpace: string = 'default') { - return supertest - .post(getRouteUrlForSpace('/internal/asset_criticality/upload_csv', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '1') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); - }, - /** - * List entities records, paging, sorting and filtering as needed. - */ - listEntities(props: ListEntitiesProps, kibanaSpace: string = 'default') { - return supertest - .get(getRouteUrlForSpace('/api/entity_store/entities/list', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .query(props.query); - }, - listEntityEngines(kibanaSpace: string = 'default') { - return supertest - .get(getRouteUrlForSpace('/api/entity_store/engines', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); - }, - listEntitySources(props: ListEntitySourcesProps, kibanaSpace: string = 'default') { - return supertest - .get( - getRouteUrlForSpace('/api/entity_analytics/monitoring/entity_source/list', kibanaSpace) - ) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .query(props.query); - }, - listPrivMonUsers(props: ListPrivMonUsersProps, kibanaSpace: string = 'default') { - return supertest - .get(getRouteUrlForSpace('/api/entity_analytics/monitoring/users/list', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .query(props.query); - }, - /** - * Update specific fields of an existing detection rule using the `rule_id` or `id` field. - -The difference between the `id` and `rule_id` is that the `id` is a unique rule identifier that is randomly generated when a rule is created and cannot be set, whereas `rule_id` is a stable rule identifier that can be assigned during rule creation. -> warn -> When used with [API key](https://www.elastic.co/docs/deploy-manage/api-keys) authentication, the user's key gets assigned to the affected rules. If the user's key gets deleted or the user becomes inactive, the rules will stop running. - -> If the API key that is used for authorization has different privileges than the key that created or most recently updated the rule, the rule behavior might change. - - */ - patchRule(props: PatchRuleProps, kibanaSpace: string = 'default') { - return supertest - .patch(getRouteUrlForSpace('/api/detection_engine/rules', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object); - }, - /** - * Update an existing Timeline. You can update the title, description, date range, pinned events, pinned queries, and/or pinned saved queries of an existing Timeline. - */ - patchTimeline(props: PatchTimelineProps, kibanaSpace: string = 'default') { - return supertest - .patch(getRouteUrlForSpace('/api/timeline', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object); - }, - /** - * Apply a bulk action, such as bulk edit, duplicate, or delete, to multiple detection rules. The bulk action is applied to all rules that match the query or to the rules listed by their IDs. - -The edit action allows you to add, delete, or set tags, index patterns, investigation fields, rule actions and schedules for multiple rules at once. -The edit action is idempotent, meaning that if you add a tag to a rule that already has that tag, no changes are made. The same is true for other edit actions, for example removing an index pattern that is not specified in a rule will not result in any changes. The only exception is the `add_rule_actions` and `set_rule_actions` action, which is non-idempotent. This means that if you add or set a rule action to a rule that already has that action, a new action is created with a new unique ID. -> warn -> When used with [API key](https://www.elastic.co/docs/deploy-manage/api-keys) authentication, the user's key gets assigned to the affected rules. If the user's key gets deleted or the user becomes inactive, the rules will stop running. - -> If the API key that is used for authorization has different privileges than the key that created or most recently updated the rule, the rule behavior might change. - - */ - performRulesBulkAction(props: PerformRulesBulkActionProps, kibanaSpace: string = 'default') { - return supertest - .post(getRouteUrlForSpace('/api/detection_engine/rules/_bulk_action', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object) - .query(props.query); - }, - /** - * Favorite a Timeline or Timeline template for the current user. - */ - persistFavoriteRoute(props: PersistFavoriteRouteProps, kibanaSpace: string = 'default') { - return supertest - .patch(getRouteUrlForSpace('/api/timeline/_favorite', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object); - }, - /** - * Add a note to a Timeline or update an existing note. - */ - persistNoteRoute(props: PersistNoteRouteProps, kibanaSpace: string = 'default') { - return supertest - .patch(getRouteUrlForSpace('/api/note', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object); - }, - /** - * Pin/unpin an event to/from an existing Timeline. - */ - persistPinnedEventRoute(props: PersistPinnedEventRouteProps, kibanaSpace: string = 'default') { - return supertest - .patch(getRouteUrlForSpace('/api/pinned_event', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object); - }, - /** - * Calculates and returns a list of Risk Scores, sorted by identifier_type and risk score. - */ - previewRiskScore(props: PreviewRiskScoreProps, kibanaSpace: string = 'default') { - return supertest - .post(getRouteUrlForSpace('/internal/risk_score/preview', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '1') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object); - }, - privmonBulkUploadUsersCsv(kibanaSpace: string = 'default') { - return supertest - .post(getRouteUrlForSpace('/api/entity_analytics/monitoring/users/_csv', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); - }, - privMonHealth(kibanaSpace: string = 'default') { - return supertest - .get(getRouteUrlForSpace('/api/entity_analytics/monitoring/privileges/health', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); - }, - /** - * Check if the current user has all required permissions for Privilege Monitoring - */ - privMonPrivileges(kibanaSpace: string = 'default') { - return supertest - .get( - getRouteUrlForSpace('/api/entity_analytics/monitoring/privileges/privileges', kibanaSpace) - ) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); - }, - readAlertsIndex(kibanaSpace: string = 'default') { - return supertest - .get(getRouteUrlForSpace('/api/detection_engine/index', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); - }, - /** - * Retrieve indices that contain detection alerts of a particular age, along with migration information for each of those indices. - */ - readAlertsMigrationStatus( - props: ReadAlertsMigrationStatusProps, - kibanaSpace: string = 'default' - ) { - return supertest - .get(getRouteUrlForSpace('/api/detection_engine/signals/migration_status', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .query(props.query); - }, - /** - * Retrieve the status of all Elastic prebuilt detection rules and Timelines. - -This endpoint provides detailed information about the number of custom rules, installed prebuilt rules, available prebuilt rules that are not installed, outdated prebuilt rules, installed prebuilt timelines, available prebuilt timelines that are not installed, and outdated prebuilt timelines. - - */ - readPrebuiltRulesAndTimelinesStatus(kibanaSpace: string = 'default') { - return supertest - .get(getRouteUrlForSpace('/api/detection_engine/rules/prepackaged/_status', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); - }, - /** - * Retrieves whether or not the user is authenticated, and the user's Kibana -space and index privileges, which determine if the user can create an -index for the Elastic Security alerts generated by -detection engine rules. - - */ - readPrivileges(kibanaSpace: string = 'default') { - return supertest - .get(getRouteUrlForSpace('/api/detection_engine/privileges', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); - }, - readRiskEngineSettings(kibanaSpace: string = 'default') { - return supertest - .get(getRouteUrlForSpace('/internal/risk_score/engine/settings', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '1') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); - }, - /** - * Retrieve a detection rule using the `rule_id` or `id` field. - -The URL query must include one of the following: - -* `id` - `GET /api/detection_engine/rules?id=` -* `rule_id` - `GET /api/detection_engine/rules?rule_id=` - -The difference between the `id` and `rule_id` is that the `id` is a unique rule identifier that is randomly generated when a rule is created and cannot be set, whereas `rule_id` is a stable rule identifier that can be assigned during rule creation. - - */ - readRule(props: ReadRuleProps, kibanaSpace: string = 'default') { - return supertest - .get(getRouteUrlForSpace('/api/detection_engine/rules', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .query(props.query); - }, - /** - * List all unique tags from all detection rules. - */ - readTags(kibanaSpace: string = 'default') { - return supertest - .get(getRouteUrlForSpace('/api/detection_engine/tags', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); - }, - resolveTimeline(props: ResolveTimelineProps, kibanaSpace: string = 'default') { - return supertest - .get(getRouteUrlForSpace('/api/timeline/resolve', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .query(props.query); - }, - riskEngineGetPrivileges(kibanaSpace: string = 'default') { - return supertest - .get(getRouteUrlForSpace('/internal/risk_engine/privileges', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '1') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); - }, - rulePreview(props: RulePreviewProps, kibanaSpace: string = 'default') { - return supertest - .post(getRouteUrlForSpace('/api/detection_engine/rules/preview', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object) - .query(props.query); - }, - runEntityAnalyticsMigrations(kibanaSpace: string = 'default') { - return supertest - .post(getRouteUrlForSpace('/internal/entity_analytics/migrations/run', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '1') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); - }, - /** - * Run a shell command on an endpoint. - */ - runScriptAction(props: RunScriptActionProps, kibanaSpace: string = 'default') { - return supertest - .post(getRouteUrlForSpace('/api/endpoint/action/runscript', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object); - }, - /** - * Schedule the risk scoring engine to run as soon as possible. You can use this to recalculate entity risk scores after updating their asset criticality. - */ - scheduleRiskEngineNow(kibanaSpace: string = 'default') { - return supertest - .post(getRouteUrlForSpace('/api/risk_score/engine/schedule_now', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); - }, - /** - * Find and/or aggregate detection alerts that match the given query. - */ - searchAlerts(props: SearchAlertsProps, kibanaSpace: string = 'default') { - return supertest - .post(getRouteUrlForSpace('/api/detection_engine/signals/search', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object); - }, - searchPrivilegesIndices(props: SearchPrivilegesIndicesProps, kibanaSpace: string = 'default') { - return supertest - .get( - getRouteUrlForSpace('/api/entity_analytics/monitoring/privileges/indices', kibanaSpace) - ) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .query(props.query); - }, - /** - * Assign users to detection alerts, and unassign them from alerts. -> info -> You cannot add and remove the same assignee in the same request. - - */ - setAlertAssignees(props: SetAlertAssigneesProps, kibanaSpace: string = 'default') { - return supertest - .post(getRouteUrlForSpace('/api/detection_engine/signals/assignees', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object); - }, - /** - * Set the status of one or more detection alerts. - */ - setAlertsStatus(props: SetAlertsStatusProps, kibanaSpace: string = 'default') { - return supertest - .post(getRouteUrlForSpace('/api/detection_engine/signals/status', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object); - }, - /** - * And tags to detection alerts, and remove them from alerts. -> info -> You cannot add and remove the same alert tag in the same request. - - */ - setAlertTags(props: SetAlertTagsProps, kibanaSpace: string = 'default') { - return supertest - .post(getRouteUrlForSpace('/api/detection_engine/signals/tags', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object); - }, - startEntityEngine(props: StartEntityEngineProps, kibanaSpace: string = 'default') { - return supertest - .post( - getRouteUrlForSpace( - replaceParams('/api/entity_store/engines/{entityType}/start', props.params), - kibanaSpace - ) - ) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); - }, - /** - * Starts a SIEM rules migration using the migration id provided - */ - startRuleMigration(props: StartRuleMigrationProps, kibanaSpace: string = 'default') { - return supertest - .post( - getRouteUrlForSpace( - replaceParams('/internal/siem_migrations/rules/{migration_id}/start', props.params), - kibanaSpace - ) - ) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '1') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object); - }, - stopEntityEngine(props: StopEntityEngineProps, kibanaSpace: string = 'default') { - return supertest - .post( - getRouteUrlForSpace( - replaceParams('/api/entity_store/engines/{entityType}/stop', props.params), - kibanaSpace - ) - ) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); - }, - /** - * Stops a running SIEM rules migration using the migration id provided - */ - stopRuleMigration(props: StopRuleMigrationProps, kibanaSpace: string = 'default') { - return supertest - .post( - getRouteUrlForSpace( - replaceParams('/internal/siem_migrations/rules/{migration_id}/stop', props.params), - kibanaSpace - ) - ) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '1') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); - }, - /** - * Suggests user profiles. - */ - suggestUserProfiles(props: SuggestUserProfilesProps, kibanaSpace: string = 'default') { - return supertest - .post(getRouteUrlForSpace('/internal/detection_engine/users/_find', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '1') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .query(props.query); - }, - /** - * Calculates and persists Risk Scores for an entity, returning the calculated risk score. - */ - triggerRiskScoreCalculation( - props: TriggerRiskScoreCalculationProps, - kibanaSpace: string = 'default' - ) { - return supertest - .post(getRouteUrlForSpace('/internal/risk_score/calculation/entity', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '1') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object); - }, - updateEntitySource(props: UpdateEntitySourceProps, kibanaSpace: string = 'default') { - return supertest - .put( - getRouteUrlForSpace( - replaceParams('/api/entity_analytics/monitoring/entity_source/{id}', props.params), - kibanaSpace - ) - ) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object); - }, - updatePrivMonUser(props: UpdatePrivMonUserProps, kibanaSpace: string = 'default') { - return supertest - .put( - getRouteUrlForSpace( - replaceParams('/api/entity_analytics/monitoring/users/{id}', props.params), - kibanaSpace - ) - ) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object); - }, - /** - * Update a detection rule using the `rule_id` or `id` field. The original rule is replaced, and all unspecified fields are deleted. - -The difference between the `id` and `rule_id` is that the `id` is a unique rule identifier that is randomly generated when a rule is created and cannot be set, whereas `rule_id` is a stable rule identifier that can be assigned during rule creation. -> warn -> When used with [API key](https://www.elastic.co/docs/deploy-manage/api-keys) authentication, the user's key gets assigned to the affected rules. If the user's key gets deleted or the user becomes inactive, the rules will stop running. - -> If the API key that is used for authorization has different privileges than the key that created or most recently updated the rule, the rule behavior might change. - - */ - updateRule(props: UpdateRuleProps, kibanaSpace: string = 'default') { - return supertest - .put(getRouteUrlForSpace('/api/detection_engine/rules', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object); - }, - /** - * Updates rules migrations data - */ - updateRuleMigration(props: UpdateRuleMigrationProps, kibanaSpace: string = 'default') { - return supertest - .patch( - getRouteUrlForSpace( - replaceParams('/internal/siem_migrations/rules/{migration_id}', props.params), - kibanaSpace - ) - ) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '1') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object); - }, - /** - * Updates rules migrations attributes - */ - updateRuleMigrationRules( - props: UpdateRuleMigrationRulesProps, - kibanaSpace: string = 'default' - ) { - return supertest - .patch( - getRouteUrlForSpace( - replaceParams('/internal/siem_migrations/rules/{migration_id}/rules', props.params), - kibanaSpace - ) - ) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '1') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object); - }, - updateWorkflowInsight(props: UpdateWorkflowInsightProps, kibanaSpace: string = 'default') { - return supertest - .put( - getRouteUrlForSpace( - replaceParams('/internal/api/endpoint/workflow_insights/{insightId}', props.params), - kibanaSpace - ) - ) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '1') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object); - }, - uploadAssetCriticalityRecords(kibanaSpace: string = 'default') { - return supertest - .post(getRouteUrlForSpace('/api/asset_criticality/upload_csv', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '1') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); - }, - /** - * Creates or updates resources for an existing SIEM rules migration - */ - upsertRuleMigrationResources( - props: UpsertRuleMigrationResourcesProps, - kibanaSpace: string = 'default' - ) { - return supertest - .post( - getRouteUrlForSpace( - replaceParams('/internal/siem_migrations/rules/{migration_id}/resources', props.params), - kibanaSpace - ) - ) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '1') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object); - }, - }; -} - -export interface AlertsMigrationCleanupProps { - body: AlertsMigrationCleanupRequestBodyInput; -} -export interface BulkUpsertAssetCriticalityRecordsProps { - body: BulkUpsertAssetCriticalityRecordsRequestBodyInput; -} -export interface CleanDraftTimelinesProps { - body: CleanDraftTimelinesRequestBodyInput; -} -export interface ConfigureRiskEngineSavedObjectProps { - body: ConfigureRiskEngineSavedObjectRequestBodyInput; -} -export interface CopyTimelineProps { - body: CopyTimelineRequestBodyInput; -} -export interface CreateAlertsMigrationProps { - body: CreateAlertsMigrationRequestBodyInput; -} -export interface CreateAssetCriticalityRecordProps { - body: CreateAssetCriticalityRecordRequestBodyInput; -} -export interface CreateEntitySourceProps { - body: CreateEntitySourceRequestBodyInput; -} -export interface CreatePrivilegesImportIndexProps { - body: CreatePrivilegesImportIndexRequestBodyInput; -} -export interface CreatePrivMonUserProps { - body: CreatePrivMonUserRequestBodyInput; -} -export interface CreateRuleProps { - body: CreateRuleRequestBodyInput; -} -export interface CreateRuleMigrationProps { - body: CreateRuleMigrationRequestBodyInput; -} -export interface CreateRuleMigrationRulesProps { - params: CreateRuleMigrationRulesRequestParamsInput; - body: CreateRuleMigrationRulesRequestBodyInput; -} -export interface CreateTimelinesProps { - body: CreateTimelinesRequestBodyInput; -} -export interface CreateUpdateProtectionUpdatesNoteProps { - params: CreateUpdateProtectionUpdatesNoteRequestParamsInput; - body: CreateUpdateProtectionUpdatesNoteRequestBodyInput; -} -export interface DeleteAssetCriticalityRecordProps { - query: DeleteAssetCriticalityRecordRequestQueryInput; -} -export interface DeleteEntityEngineProps { - query: DeleteEntityEngineRequestQueryInput; - params: DeleteEntityEngineRequestParamsInput; -} -export interface DeleteEntitySourceProps { - params: DeleteEntitySourceRequestParamsInput; -} -export interface DeleteMonitoringEngineProps { - query: DeleteMonitoringEngineRequestQueryInput; -} -export interface DeleteNoteProps { - body: DeleteNoteRequestBodyInput; -} -export interface DeletePrivMonUserProps { - params: DeletePrivMonUserRequestParamsInput; -} -export interface DeleteRuleProps { - query: DeleteRuleRequestQueryInput; -} -export interface DeleteRuleMigrationProps { - params: DeleteRuleMigrationRequestParamsInput; -} -export interface DeleteTimelinesProps { - body: DeleteTimelinesRequestBodyInput; -} -export interface DeprecatedTriggerRiskScoreCalculationProps { - body: DeprecatedTriggerRiskScoreCalculationRequestBodyInput; -} -export interface EndpointExecuteActionProps { - body: EndpointExecuteActionRequestBodyInput; -} -export interface EndpointFileDownloadProps { - params: EndpointFileDownloadRequestParamsInput; -} -export interface EndpointFileInfoProps { - params: EndpointFileInfoRequestParamsInput; -} -export interface EndpointGetActionsDetailsProps { - params: EndpointGetActionsDetailsRequestParamsInput; -} -export interface EndpointGetActionsListProps { - query: EndpointGetActionsListRequestQueryInput; -} -export interface EndpointGetActionsStatusProps { - query: EndpointGetActionsStatusRequestQueryInput; -} -export interface EndpointGetFileActionProps { - body: EndpointGetFileActionRequestBodyInput; -} -export interface EndpointGetProcessesActionProps { - body: EndpointGetProcessesActionRequestBodyInput; -} -export interface EndpointIsolateActionProps { - body: EndpointIsolateActionRequestBodyInput; -} -export interface EndpointKillProcessActionProps { - body: EndpointKillProcessActionRequestBodyInput; -} -export interface EndpointScanActionProps { - body: EndpointScanActionRequestBodyInput; -} -export interface EndpointSuspendProcessActionProps { - body: EndpointSuspendProcessActionRequestBodyInput; -} -export interface EndpointUnisolateActionProps { - body: EndpointUnisolateActionRequestBodyInput; -} -export interface ExportRulesProps { - query: ExportRulesRequestQueryInput; - body: ExportRulesRequestBodyInput; -} -export interface ExportTimelinesProps { - query: ExportTimelinesRequestQueryInput; - body: ExportTimelinesRequestBodyInput; -} -export interface FinalizeAlertsMigrationProps { - body: FinalizeAlertsMigrationRequestBodyInput; -} -export interface FindAssetCriticalityRecordsProps { - query: FindAssetCriticalityRecordsRequestQueryInput; -} -export interface FindRulesProps { - query: FindRulesRequestQueryInput; -} -export interface GetAssetCriticalityRecordProps { - query: GetAssetCriticalityRecordRequestQueryInput; -} -export interface GetDraftTimelinesProps { - query: GetDraftTimelinesRequestQueryInput; -} -export interface GetEndpointMetadataListProps { - query: GetEndpointMetadataListRequestQueryInput; -} -export interface GetEndpointSuggestionsProps { - params: GetEndpointSuggestionsRequestParamsInput; - body: GetEndpointSuggestionsRequestBodyInput; -} -export interface GetEntityEngineProps { - params: GetEntityEngineRequestParamsInput; -} -export interface GetEntitySourceProps { - params: GetEntitySourceRequestParamsInput; -} -export interface GetEntityStoreStatusProps { - query: GetEntityStoreStatusRequestQueryInput; -} -export interface GetNotesProps { - query: GetNotesRequestQueryInput; -} -export interface GetPolicyResponseProps { - query: GetPolicyResponseRequestQueryInput; -} -export interface GetProtectionUpdatesNoteProps { - params: GetProtectionUpdatesNoteRequestParamsInput; -} -export interface GetRuleExecutionEventsProps { - query: GetRuleExecutionEventsRequestQueryInput; - params: GetRuleExecutionEventsRequestParamsInput; -} -export interface GetRuleExecutionResultsProps { - query: GetRuleExecutionResultsRequestQueryInput; - params: GetRuleExecutionResultsRequestParamsInput; -} -export interface GetRuleMigrationProps { - params: GetRuleMigrationRequestParamsInput; -} -export interface GetRuleMigrationPrebuiltRulesProps { - params: GetRuleMigrationPrebuiltRulesRequestParamsInput; -} -export interface GetRuleMigrationResourcesProps { - query: GetRuleMigrationResourcesRequestQueryInput; - params: GetRuleMigrationResourcesRequestParamsInput; -} -export interface GetRuleMigrationResourcesMissingProps { - params: GetRuleMigrationResourcesMissingRequestParamsInput; -} -export interface GetRuleMigrationRulesProps { - query: GetRuleMigrationRulesRequestQueryInput; - params: GetRuleMigrationRulesRequestParamsInput; -} -export interface GetRuleMigrationStatsProps { - params: GetRuleMigrationStatsRequestParamsInput; -} -export interface GetRuleMigrationTranslationStatsProps { - params: GetRuleMigrationTranslationStatsRequestParamsInput; -} -export interface GetTimelineProps { - query: GetTimelineRequestQueryInput; -} -export interface GetTimelinesProps { - query: GetTimelinesRequestQueryInput; -} -export interface GetWorkflowInsightsProps { - query: GetWorkflowInsightsRequestQueryInput; -} -export interface ImportRulesProps { - query: ImportRulesRequestQueryInput; -} -export interface ImportTimelinesProps { - body: ImportTimelinesRequestBodyInput; -} -export interface InitEntityEngineProps { - params: InitEntityEngineRequestParamsInput; - body: InitEntityEngineRequestBodyInput; -} -export interface InitEntityStoreProps { - body: InitEntityStoreRequestBodyInput; -} -export interface InstallMigrationRulesProps { - params: InstallMigrationRulesRequestParamsInput; - body: InstallMigrationRulesRequestBodyInput; -} -export interface InstallPrepackedTimelinesProps { - body: InstallPrepackedTimelinesRequestBodyInput; -} -export interface ListEntitiesProps { - query: ListEntitiesRequestQueryInput; -} -export interface ListEntitySourcesProps { - query: ListEntitySourcesRequestQueryInput; -} -export interface ListPrivMonUsersProps { - query: ListPrivMonUsersRequestQueryInput; -} -export interface PatchRuleProps { - body: PatchRuleRequestBodyInput; -} -export interface PatchTimelineProps { - body: PatchTimelineRequestBodyInput; -} -export interface PerformRulesBulkActionProps { - query: PerformRulesBulkActionRequestQueryInput; - body: PerformRulesBulkActionRequestBodyInput; -} -export interface PersistFavoriteRouteProps { - body: PersistFavoriteRouteRequestBodyInput; -} -export interface PersistNoteRouteProps { - body: PersistNoteRouteRequestBodyInput; -} -export interface PersistPinnedEventRouteProps { - body: PersistPinnedEventRouteRequestBodyInput; -} -export interface PreviewRiskScoreProps { - body: PreviewRiskScoreRequestBodyInput; -} -export interface ReadAlertsMigrationStatusProps { - query: ReadAlertsMigrationStatusRequestQueryInput; -} -export interface ReadRuleProps { - query: ReadRuleRequestQueryInput; -} -export interface ResolveTimelineProps { - query: ResolveTimelineRequestQueryInput; -} -export interface RulePreviewProps { - query: RulePreviewRequestQueryInput; - body: RulePreviewRequestBodyInput; -} -export interface RunScriptActionProps { - body: RunScriptActionRequestBodyInput; -} -export interface SearchAlertsProps { - body: SearchAlertsRequestBodyInput; -} -export interface SearchPrivilegesIndicesProps { - query: SearchPrivilegesIndicesRequestQueryInput; -} -export interface SetAlertAssigneesProps { - body: SetAlertAssigneesRequestBodyInput; -} -export interface SetAlertsStatusProps { - body: SetAlertsStatusRequestBodyInput; -} -export interface SetAlertTagsProps { - body: SetAlertTagsRequestBodyInput; -} -export interface StartEntityEngineProps { - params: StartEntityEngineRequestParamsInput; -} -export interface StartRuleMigrationProps { - params: StartRuleMigrationRequestParamsInput; - body: StartRuleMigrationRequestBodyInput; -} -export interface StopEntityEngineProps { - params: StopEntityEngineRequestParamsInput; -} -export interface StopRuleMigrationProps { - params: StopRuleMigrationRequestParamsInput; -} -export interface SuggestUserProfilesProps { - query: SuggestUserProfilesRequestQueryInput; -} -export interface TriggerRiskScoreCalculationProps { - body: TriggerRiskScoreCalculationRequestBodyInput; -} -export interface UpdateEntitySourceProps { - params: UpdateEntitySourceRequestParamsInput; - body: UpdateEntitySourceRequestBodyInput; -} -export interface UpdatePrivMonUserProps { - params: UpdatePrivMonUserRequestParamsInput; - body: UpdatePrivMonUserRequestBodyInput; -} -export interface UpdateRuleProps { - body: UpdateRuleRequestBodyInput; -} -export interface UpdateRuleMigrationProps { - params: UpdateRuleMigrationRequestParamsInput; - body: UpdateRuleMigrationRequestBodyInput; -} -export interface UpdateRuleMigrationRulesProps { - params: UpdateRuleMigrationRulesRequestParamsInput; - body: UpdateRuleMigrationRulesRequestBodyInput; -} -export interface UpdateWorkflowInsightProps { - params: UpdateWorkflowInsightRequestParamsInput; - body: UpdateWorkflowInsightRequestBodyInput; -} -export interface UpsertRuleMigrationResourcesProps { - params: UpsertRuleMigrationResourcesRequestParamsInput; - body: UpsertRuleMigrationResourcesRequestBodyInput; -} diff --git a/x-pack/solutions/security/test/api_integration/services/security_solution_exceptions_api.gen.ts b/x-pack/solutions/security/test/api_integration/services/security_solution_exceptions_api.gen.ts deleted file mode 100644 index f4ba45eda2027..0000000000000 --- a/x-pack/solutions/security/test/api_integration/services/security_solution_exceptions_api.gen.ts +++ /dev/null @@ -1,299 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -/* - * NOTICE: Do not edit this file manually. - * This file is automatically generated by the OpenAPI Generator, @kbn/openapi-generator. - * - * info: - * title: Exceptions API client for tests - * version: Bundle (no version) - */ - -import { - ELASTIC_HTTP_VERSION_HEADER, - X_ELASTIC_INTERNAL_ORIGIN_REQUEST, -} from '@kbn/core-http-common'; -import { replaceParams } from '@kbn/openapi-common/shared'; -import { getRouteUrlForSpace } from '@kbn/spaces-plugin/common'; - -import { CreateExceptionListRequestBodyInput } from '@kbn/securitysolution-exceptions-common/api/create_exception_list/create_exception_list.gen'; -import { CreateExceptionListItemRequestBodyInput } from '@kbn/securitysolution-exceptions-common/api/create_exception_list_item/create_exception_list_item.gen'; -import { - CreateRuleExceptionListItemsRequestParamsInput, - CreateRuleExceptionListItemsRequestBodyInput, -} from '@kbn/securitysolution-exceptions-common/api/create_rule_exceptions/create_rule_exceptions.gen'; -import { CreateSharedExceptionListRequestBodyInput } from '@kbn/securitysolution-exceptions-common/api/create_shared_exceptions_list/create_shared_exceptions_list.gen'; -import { DeleteExceptionListRequestQueryInput } from '@kbn/securitysolution-exceptions-common/api/delete_exception_list/delete_exception_list.gen'; -import { DeleteExceptionListItemRequestQueryInput } from '@kbn/securitysolution-exceptions-common/api/delete_exception_list_item/delete_exception_list_item.gen'; -import { DuplicateExceptionListRequestQueryInput } from '@kbn/securitysolution-exceptions-common/api/duplicate_exception_list/duplicate_exception_list.gen'; -import { ExportExceptionListRequestQueryInput } from '@kbn/securitysolution-exceptions-common/api/export_exception_list/export_exception_list.gen'; -import { FindExceptionListItemsRequestQueryInput } from '@kbn/securitysolution-exceptions-common/api/find_exception_list_items/find_exception_list_items.gen'; -import { FindExceptionListsRequestQueryInput } from '@kbn/securitysolution-exceptions-common/api/find_exception_lists/find_exception_lists.gen'; -import { ImportExceptionListRequestQueryInput } from '@kbn/securitysolution-exceptions-common/api/import_exceptions/import_exceptions.gen'; -import { ReadExceptionListRequestQueryInput } from '@kbn/securitysolution-exceptions-common/api/read_exception_list/read_exception_list.gen'; -import { ReadExceptionListItemRequestQueryInput } from '@kbn/securitysolution-exceptions-common/api/read_exception_list_item/read_exception_list_item.gen'; -import { ReadExceptionListSummaryRequestQueryInput } from '@kbn/securitysolution-exceptions-common/api/read_exception_list_summary/read_exception_list_summary.gen'; -import { UpdateExceptionListRequestBodyInput } from '@kbn/securitysolution-exceptions-common/api/update_exception_list/update_exception_list.gen'; -import { UpdateExceptionListItemRequestBodyInput } from '@kbn/securitysolution-exceptions-common/api/update_exception_list_item/update_exception_list_item.gen'; -import { FtrProviderContext } from '@kbn/test-suites-xpack-platform/api_integration/ftr_provider_context'; - -export function SecuritySolutionApiProvider({ getService }: FtrProviderContext) { - const supertest = getService('supertest'); - - return { - /** - * An exception list groups exception items and can be associated with detection rules. You can assign exception lists to multiple detection rules. -> info -> All exception items added to the same list are evaluated using `OR` logic. That is, if any of the items in a list evaluate to `true`, the exception prevents the rule from generating an alert. Likewise, `OR` logic is used for evaluating exceptions when more than one exception list is assigned to a rule. To use the `AND` operator, you can define multiple clauses (`entries`) in a single exception item. - - */ - createExceptionList(props: CreateExceptionListProps, kibanaSpace: string = 'default') { - return supertest - .post(getRouteUrlForSpace('/api/exception_lists', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object); - }, - /** - * Create an exception item and associate it with the specified exception list. -> info -> Before creating exception items, you must create an exception list. - - */ - createExceptionListItem(props: CreateExceptionListItemProps, kibanaSpace: string = 'default') { - return supertest - .post(getRouteUrlForSpace('/api/exception_lists/items', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object); - }, - /** - * Create exception items that apply to a single detection rule. - */ - createRuleExceptionListItems( - props: CreateRuleExceptionListItemsProps, - kibanaSpace: string = 'default' - ) { - return supertest - .post( - getRouteUrlForSpace( - replaceParams('/api/detection_engine/rules/{id}/exceptions', props.params), - kibanaSpace - ) - ) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object); - }, - /** - * An exception list groups exception items and can be associated with detection rules. A shared exception list can apply to multiple detection rules. -> info -> All exception items added to the same list are evaluated using `OR` logic. That is, if any of the items in a list evaluate to `true`, the exception prevents the rule from generating an alert. Likewise, `OR` logic is used for evaluating exceptions when more than one exception list is assigned to a rule. To use the `AND` operator, you can define multiple clauses (`entries`) in a single exception item. - - */ - createSharedExceptionList( - props: CreateSharedExceptionListProps, - kibanaSpace: string = 'default' - ) { - return supertest - .post(getRouteUrlForSpace('/api/exceptions/shared', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object); - }, - /** - * Delete an exception list using the `id` or `list_id` field. - */ - deleteExceptionList(props: DeleteExceptionListProps, kibanaSpace: string = 'default') { - return supertest - .delete(getRouteUrlForSpace('/api/exception_lists', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .query(props.query); - }, - /** - * Delete an exception list item using the `id` or `item_id` field. - */ - deleteExceptionListItem(props: DeleteExceptionListItemProps, kibanaSpace: string = 'default') { - return supertest - .delete(getRouteUrlForSpace('/api/exception_lists/items', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .query(props.query); - }, - /** - * Duplicate an existing exception list. - */ - duplicateExceptionList(props: DuplicateExceptionListProps, kibanaSpace: string = 'default') { - return supertest - .post(getRouteUrlForSpace('/api/exception_lists/_duplicate', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .query(props.query); - }, - /** - * Export an exception list and its associated items to an NDJSON file. - */ - exportExceptionList(props: ExportExceptionListProps, kibanaSpace: string = 'default') { - return supertest - .post(getRouteUrlForSpace('/api/exception_lists/_export', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .query(props.query); - }, - /** - * Get a list of all exception list items in the specified list. - */ - findExceptionListItems(props: FindExceptionListItemsProps, kibanaSpace: string = 'default') { - return supertest - .get(getRouteUrlForSpace('/api/exception_lists/items/_find', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .query(props.query); - }, - /** - * Get a list of all exception list containers. - */ - findExceptionLists(props: FindExceptionListsProps, kibanaSpace: string = 'default') { - return supertest - .get(getRouteUrlForSpace('/api/exception_lists/_find', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .query(props.query); - }, - /** - * Import an exception list and its associated items from an NDJSON file. - */ - importExceptionList(props: ImportExceptionListProps, kibanaSpace: string = 'default') { - return supertest - .post(getRouteUrlForSpace('/api/exception_lists/_import', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .query(props.query); - }, - /** - * Get the details of an exception list using the `id` or `list_id` field. - */ - readExceptionList(props: ReadExceptionListProps, kibanaSpace: string = 'default') { - return supertest - .get(getRouteUrlForSpace('/api/exception_lists', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .query(props.query); - }, - /** - * Get the details of an exception list item using the `id` or `item_id` field. - */ - readExceptionListItem(props: ReadExceptionListItemProps, kibanaSpace: string = 'default') { - return supertest - .get(getRouteUrlForSpace('/api/exception_lists/items', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .query(props.query); - }, - /** - * Get a summary of the specified exception list. - */ - readExceptionListSummary( - props: ReadExceptionListSummaryProps, - kibanaSpace: string = 'default' - ) { - return supertest - .get(getRouteUrlForSpace('/api/exception_lists/summary', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .query(props.query); - }, - /** - * Update an exception list using the `id` or `list_id` field. - */ - updateExceptionList(props: UpdateExceptionListProps, kibanaSpace: string = 'default') { - return supertest - .put(getRouteUrlForSpace('/api/exception_lists', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object); - }, - /** - * Update an exception list item using the `id` or `item_id` field. - */ - updateExceptionListItem(props: UpdateExceptionListItemProps, kibanaSpace: string = 'default') { - return supertest - .put(getRouteUrlForSpace('/api/exception_lists/items', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object); - }, - }; -} - -export interface CreateExceptionListProps { - body: CreateExceptionListRequestBodyInput; -} -export interface CreateExceptionListItemProps { - body: CreateExceptionListItemRequestBodyInput; -} -export interface CreateRuleExceptionListItemsProps { - params: CreateRuleExceptionListItemsRequestParamsInput; - body: CreateRuleExceptionListItemsRequestBodyInput; -} -export interface CreateSharedExceptionListProps { - body: CreateSharedExceptionListRequestBodyInput; -} -export interface DeleteExceptionListProps { - query: DeleteExceptionListRequestQueryInput; -} -export interface DeleteExceptionListItemProps { - query: DeleteExceptionListItemRequestQueryInput; -} -export interface DuplicateExceptionListProps { - query: DuplicateExceptionListRequestQueryInput; -} -export interface ExportExceptionListProps { - query: ExportExceptionListRequestQueryInput; -} -export interface FindExceptionListItemsProps { - query: FindExceptionListItemsRequestQueryInput; -} -export interface FindExceptionListsProps { - query: FindExceptionListsRequestQueryInput; -} -export interface ImportExceptionListProps { - query: ImportExceptionListRequestQueryInput; -} -export interface ReadExceptionListProps { - query: ReadExceptionListRequestQueryInput; -} -export interface ReadExceptionListItemProps { - query: ReadExceptionListItemRequestQueryInput; -} -export interface ReadExceptionListSummaryProps { - query: ReadExceptionListSummaryRequestQueryInput; -} -export interface UpdateExceptionListProps { - body: UpdateExceptionListRequestBodyInput; -} -export interface UpdateExceptionListItemProps { - body: UpdateExceptionListItemRequestBodyInput; -} diff --git a/x-pack/solutions/security/test/functional/services/index.ts b/x-pack/solutions/security/test/functional/services/index.ts index 5472705ed8146..25932a9af399d 100644 --- a/x-pack/solutions/security/test/functional/services/index.ts +++ b/x-pack/solutions/security/test/functional/services/index.ts @@ -6,9 +6,9 @@ */ import { services as platformServices } from '@kbn/test-suites-xpack-platform/functional/services'; -import { SecuritySolutionApiProvider } from './security_solution_api.gen'; +import { SecuritySolutionApiProvider } from '@kbn/security-solution-test-api-clients/supertest/detections.gen'; export const services = { ...platformServices, - securitySolutionApi: SecuritySolutionApiProvider, + detectionsApi: SecuritySolutionApiProvider, }; diff --git a/x-pack/solutions/security/test/functional/services/security_solution_api.gen.ts b/x-pack/solutions/security/test/functional/services/security_solution_api.gen.ts deleted file mode 100644 index a188bd83aeda3..0000000000000 --- a/x-pack/solutions/security/test/functional/services/security_solution_api.gen.ts +++ /dev/null @@ -1,2329 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -/* - * NOTICE: Do not edit this file manually. - * This file is automatically generated by the OpenAPI Generator, @kbn/openapi-generator. - * - * info: - * title: API client for tests - * version: Bundle (no version) - */ - -import { - ELASTIC_HTTP_VERSION_HEADER, - X_ELASTIC_INTERNAL_ORIGIN_REQUEST, -} from '@kbn/core-http-common'; -import { replaceParams } from '@kbn/openapi-common/shared'; -import { getRouteUrlForSpace } from '@kbn/spaces-plugin/common'; - -import { AlertsMigrationCleanupRequestBodyInput } from '@kbn/security-solution-plugin/common/api/detection_engine/signals_migration/delete_signals_migration/delete_signals_migration.gen'; -import { BulkUpsertAssetCriticalityRecordsRequestBodyInput } from '@kbn/security-solution-plugin/common/api/entity_analytics/asset_criticality/bulk_upload_asset_criticality.gen'; -import { CleanDraftTimelinesRequestBodyInput } from '@kbn/security-solution-plugin/common/api/timeline/clean_draft_timelines/clean_draft_timelines_route.gen'; -import { ConfigureRiskEngineSavedObjectRequestBodyInput } from '@kbn/security-solution-plugin/common/api/entity_analytics/risk_engine/engine_configure_saved_object_route.gen'; -import { CopyTimelineRequestBodyInput } from '@kbn/security-solution-plugin/common/api/timeline/copy_timeline/copy_timeline_route.gen'; -import { CreateAlertsMigrationRequestBodyInput } from '@kbn/security-solution-plugin/common/api/detection_engine/signals_migration/create_signals_migration/create_signals_migration.gen'; -import { CreateAssetCriticalityRecordRequestBodyInput } from '@kbn/security-solution-plugin/common/api/entity_analytics/asset_criticality/create_asset_criticality.gen'; -import { CreateEntitySourceRequestBodyInput } from '@kbn/security-solution-plugin/common/api/entity_analytics/privilege_monitoring/monitoring_entity_source/monitoring_entity_source.gen'; -import { CreatePrivilegesImportIndexRequestBodyInput } from '@kbn/security-solution-plugin/common/api/entity_analytics/monitoring/create_index.gen'; -import { CreatePrivMonUserRequestBodyInput } from '@kbn/security-solution-plugin/common/api/entity_analytics/privilege_monitoring/users/create.gen'; -import { CreateRuleRequestBodyInput } from '@kbn/security-solution-plugin/common/api/detection_engine/rule_management/crud/create_rule/create_rule_route.gen'; -import { CreateRuleMigrationRequestBodyInput } from '@kbn/security-solution-plugin/common/siem_migrations/model/api/rules/rule_migration.gen'; -import { - CreateRuleMigrationRulesRequestParamsInput, - CreateRuleMigrationRulesRequestBodyInput, -} from '@kbn/security-solution-plugin/common/siem_migrations/model/api/rules/rule_migration.gen'; -import { CreateTimelinesRequestBodyInput } from '@kbn/security-solution-plugin/common/api/timeline/create_timelines/create_timelines_route.gen'; -import { - CreateUpdateProtectionUpdatesNoteRequestParamsInput, - CreateUpdateProtectionUpdatesNoteRequestBodyInput, -} from '@kbn/security-solution-plugin/common/api/endpoint/protection_updates_note/protection_updates_note.gen'; -import { DeleteAssetCriticalityRecordRequestQueryInput } from '@kbn/security-solution-plugin/common/api/entity_analytics/asset_criticality/delete_asset_criticality.gen'; -import { - DeleteEntityEngineRequestQueryInput, - DeleteEntityEngineRequestParamsInput, -} from '@kbn/security-solution-plugin/common/api/entity_analytics/entity_store/engine/delete.gen'; -import { DeleteEntitySourceRequestParamsInput } from '@kbn/security-solution-plugin/common/api/entity_analytics/privilege_monitoring/monitoring_entity_source/monitoring_entity_source.gen'; -import { DeleteMonitoringEngineRequestQueryInput } from '@kbn/security-solution-plugin/common/api/entity_analytics/privilege_monitoring/engine/delete.gen'; -import { DeleteNoteRequestBodyInput } from '@kbn/security-solution-plugin/common/api/timeline/delete_note/delete_note_route.gen'; -import { DeletePrivMonUserRequestParamsInput } from '@kbn/security-solution-plugin/common/api/entity_analytics/privilege_monitoring/users/delete.gen'; -import { DeleteRuleRequestQueryInput } from '@kbn/security-solution-plugin/common/api/detection_engine/rule_management/crud/delete_rule/delete_rule_route.gen'; -import { DeleteRuleMigrationRequestParamsInput } from '@kbn/security-solution-plugin/common/siem_migrations/model/api/rules/rule_migration.gen'; -import { DeleteTimelinesRequestBodyInput } from '@kbn/security-solution-plugin/common/api/timeline/delete_timelines/delete_timelines_route.gen'; -import { DeprecatedTriggerRiskScoreCalculationRequestBodyInput } from '@kbn/security-solution-plugin/common/api/entity_analytics/risk_engine/entity_calculation_route.gen'; -import { EndpointExecuteActionRequestBodyInput } from '@kbn/security-solution-plugin/common/api/endpoint/actions/response_actions/execute/execute.gen'; -import { EndpointFileDownloadRequestParamsInput } from '@kbn/security-solution-plugin/common/api/endpoint/actions/file_download/file_download.gen'; -import { EndpointFileInfoRequestParamsInput } from '@kbn/security-solution-plugin/common/api/endpoint/actions/file_info/file_info.gen'; -import { EndpointGetActionsDetailsRequestParamsInput } from '@kbn/security-solution-plugin/common/api/endpoint/actions/details/details.gen'; -import { EndpointGetActionsListRequestQueryInput } from '@kbn/security-solution-plugin/common/api/endpoint/actions/list/list.gen'; -import { EndpointGetActionsStatusRequestQueryInput } from '@kbn/security-solution-plugin/common/api/endpoint/actions/status/status.gen'; -import { EndpointGetFileActionRequestBodyInput } from '@kbn/security-solution-plugin/common/api/endpoint/actions/response_actions/get_file/get_file.gen'; -import { EndpointGetProcessesActionRequestBodyInput } from '@kbn/security-solution-plugin/common/api/endpoint/actions/response_actions/running_procs/running_procs.gen'; -import { EndpointIsolateActionRequestBodyInput } from '@kbn/security-solution-plugin/common/api/endpoint/actions/response_actions/isolate/isolate.gen'; -import { EndpointKillProcessActionRequestBodyInput } from '@kbn/security-solution-plugin/common/api/endpoint/actions/response_actions/kill_process/kill_process.gen'; -import { EndpointScanActionRequestBodyInput } from '@kbn/security-solution-plugin/common/api/endpoint/actions/response_actions/scan/scan.gen'; -import { EndpointSuspendProcessActionRequestBodyInput } from '@kbn/security-solution-plugin/common/api/endpoint/actions/response_actions/suspend_process/suspend_process.gen'; -import { EndpointUnisolateActionRequestBodyInput } from '@kbn/security-solution-plugin/common/api/endpoint/actions/response_actions/unisolate/unisolate.gen'; -import { - ExportRulesRequestQueryInput, - ExportRulesRequestBodyInput, -} from '@kbn/security-solution-plugin/common/api/detection_engine/rule_management/export_rules/export_rules_route.gen'; -import { - ExportTimelinesRequestQueryInput, - ExportTimelinesRequestBodyInput, -} from '@kbn/security-solution-plugin/common/api/timeline/export_timelines/export_timelines_route.gen'; -import { FinalizeAlertsMigrationRequestBodyInput } from '@kbn/security-solution-plugin/common/api/detection_engine/signals_migration/finalize_signals_migration/finalize_signals_migration.gen'; -import { FindAssetCriticalityRecordsRequestQueryInput } from '@kbn/security-solution-plugin/common/api/entity_analytics/asset_criticality/list_asset_criticality.gen'; -import { FindRulesRequestQueryInput } from '@kbn/security-solution-plugin/common/api/detection_engine/rule_management/find_rules/find_rules_route.gen'; -import { GetAssetCriticalityRecordRequestQueryInput } from '@kbn/security-solution-plugin/common/api/entity_analytics/asset_criticality/get_asset_criticality.gen'; -import { GetDraftTimelinesRequestQueryInput } from '@kbn/security-solution-plugin/common/api/timeline/get_draft_timelines/get_draft_timelines_route.gen'; -import { GetEndpointMetadataListRequestQueryInput } from '@kbn/security-solution-plugin/common/api/endpoint/metadata/get_metadata.gen'; -import { - GetEndpointSuggestionsRequestParamsInput, - GetEndpointSuggestionsRequestBodyInput, -} from '@kbn/security-solution-plugin/common/api/endpoint/suggestions/get_suggestions.gen'; -import { GetEntityEngineRequestParamsInput } from '@kbn/security-solution-plugin/common/api/entity_analytics/entity_store/engine/get.gen'; -import { GetEntitySourceRequestParamsInput } from '@kbn/security-solution-plugin/common/api/entity_analytics/privilege_monitoring/monitoring_entity_source/monitoring_entity_source.gen'; -import { GetEntityStoreStatusRequestQueryInput } from '@kbn/security-solution-plugin/common/api/entity_analytics/entity_store/status.gen'; -import { GetNotesRequestQueryInput } from '@kbn/security-solution-plugin/common/api/timeline/get_notes/get_notes_route.gen'; -import { GetPolicyResponseRequestQueryInput } from '@kbn/security-solution-plugin/common/api/endpoint/policy/policy_response.gen'; -import { GetProtectionUpdatesNoteRequestParamsInput } from '@kbn/security-solution-plugin/common/api/endpoint/protection_updates_note/protection_updates_note.gen'; -import { - GetRuleExecutionEventsRequestQueryInput, - GetRuleExecutionEventsRequestParamsInput, -} from '@kbn/security-solution-plugin/common/api/detection_engine/rule_monitoring/rule_execution_logs/get_rule_execution_events/get_rule_execution_events_route.gen'; -import { - GetRuleExecutionResultsRequestQueryInput, - GetRuleExecutionResultsRequestParamsInput, -} from '@kbn/security-solution-plugin/common/api/detection_engine/rule_monitoring/rule_execution_logs/get_rule_execution_results/get_rule_execution_results_route.gen'; -import { GetRuleMigrationRequestParamsInput } from '@kbn/security-solution-plugin/common/siem_migrations/model/api/rules/rule_migration.gen'; -import { GetRuleMigrationPrebuiltRulesRequestParamsInput } from '@kbn/security-solution-plugin/common/siem_migrations/model/api/rules/rule_migration.gen'; -import { - GetRuleMigrationResourcesRequestQueryInput, - GetRuleMigrationResourcesRequestParamsInput, -} from '@kbn/security-solution-plugin/common/siem_migrations/model/api/rules/rule_migration.gen'; -import { GetRuleMigrationResourcesMissingRequestParamsInput } from '@kbn/security-solution-plugin/common/siem_migrations/model/api/rules/rule_migration.gen'; -import { - GetRuleMigrationRulesRequestQueryInput, - GetRuleMigrationRulesRequestParamsInput, -} from '@kbn/security-solution-plugin/common/siem_migrations/model/api/rules/rule_migration.gen'; -import { GetRuleMigrationStatsRequestParamsInput } from '@kbn/security-solution-plugin/common/siem_migrations/model/api/rules/rule_migration.gen'; -import { GetRuleMigrationTranslationStatsRequestParamsInput } from '@kbn/security-solution-plugin/common/siem_migrations/model/api/rules/rule_migration.gen'; -import { GetTimelineRequestQueryInput } from '@kbn/security-solution-plugin/common/api/timeline/get_timeline/get_timeline_route.gen'; -import { GetTimelinesRequestQueryInput } from '@kbn/security-solution-plugin/common/api/timeline/get_timelines/get_timelines_route.gen'; -import { GetWorkflowInsightsRequestQueryInput } from '@kbn/security-solution-plugin/common/api/endpoint/workflow_insights/workflow_insights.gen'; -import { ImportRulesRequestQueryInput } from '@kbn/security-solution-plugin/common/api/detection_engine/rule_management/import_rules/import_rules_route.gen'; -import { ImportTimelinesRequestBodyInput } from '@kbn/security-solution-plugin/common/api/timeline/import_timelines/import_timelines_route.gen'; -import { - InitEntityEngineRequestParamsInput, - InitEntityEngineRequestBodyInput, -} from '@kbn/security-solution-plugin/common/api/entity_analytics/entity_store/engine/init.gen'; -import { InitEntityStoreRequestBodyInput } from '@kbn/security-solution-plugin/common/api/entity_analytics/entity_store/enable.gen'; -import { - InstallMigrationRulesRequestParamsInput, - InstallMigrationRulesRequestBodyInput, -} from '@kbn/security-solution-plugin/common/siem_migrations/model/api/rules/rule_migration.gen'; -import { InstallPrepackedTimelinesRequestBodyInput } from '@kbn/security-solution-plugin/common/api/timeline/install_prepackaged_timelines/install_prepackaged_timelines_route.gen'; -import { ListEntitiesRequestQueryInput } from '@kbn/security-solution-plugin/common/api/entity_analytics/entity_store/entities/list_entities.gen'; -import { ListEntitySourcesRequestQueryInput } from '@kbn/security-solution-plugin/common/api/entity_analytics/privilege_monitoring/monitoring_entity_source/monitoring_entity_source.gen'; -import { ListPrivMonUsersRequestQueryInput } from '@kbn/security-solution-plugin/common/api/entity_analytics/privilege_monitoring/users/list.gen'; -import { PatchRuleRequestBodyInput } from '@kbn/security-solution-plugin/common/api/detection_engine/rule_management/crud/patch_rule/patch_rule_route.gen'; -import { PatchTimelineRequestBodyInput } from '@kbn/security-solution-plugin/common/api/timeline/patch_timelines/patch_timeline_route.gen'; -import { - PerformRulesBulkActionRequestQueryInput, - PerformRulesBulkActionRequestBodyInput, -} from '@kbn/security-solution-plugin/common/api/detection_engine/rule_management/bulk_actions/bulk_actions_route.gen'; -import { PersistFavoriteRouteRequestBodyInput } from '@kbn/security-solution-plugin/common/api/timeline/persist_favorite/persist_favorite_route.gen'; -import { PersistNoteRouteRequestBodyInput } from '@kbn/security-solution-plugin/common/api/timeline/persist_note/persist_note_route.gen'; -import { PersistPinnedEventRouteRequestBodyInput } from '@kbn/security-solution-plugin/common/api/timeline/pinned_events/pinned_events_route.gen'; -import { PreviewRiskScoreRequestBodyInput } from '@kbn/security-solution-plugin/common/api/entity_analytics/risk_engine/preview_route.gen'; -import { ReadAlertsMigrationStatusRequestQueryInput } from '@kbn/security-solution-plugin/common/api/detection_engine/signals_migration/read_signals_migration_status/read_signals_migration_status.gen'; -import { ReadRuleRequestQueryInput } from '@kbn/security-solution-plugin/common/api/detection_engine/rule_management/crud/read_rule/read_rule_route.gen'; -import { ResolveTimelineRequestQueryInput } from '@kbn/security-solution-plugin/common/api/timeline/resolve_timeline/resolve_timeline_route.gen'; -import { - RulePreviewRequestQueryInput, - RulePreviewRequestBodyInput, -} from '@kbn/security-solution-plugin/common/api/detection_engine/rule_preview/rule_preview.gen'; -import { RunScriptActionRequestBodyInput } from '@kbn/security-solution-plugin/common/api/endpoint/actions/response_actions/run_script/run_script.gen'; -import { SearchAlertsRequestBodyInput } from '@kbn/security-solution-plugin/common/api/detection_engine/signals/query_signals/query_signals_route.gen'; -import { SearchPrivilegesIndicesRequestQueryInput } from '@kbn/security-solution-plugin/common/api/entity_analytics/monitoring/search_indices.gen'; -import { SetAlertAssigneesRequestBodyInput } from '@kbn/security-solution-plugin/common/api/detection_engine/alert_assignees/set_alert_assignees_route.gen'; -import { SetAlertsStatusRequestBodyInput } from '@kbn/security-solution-plugin/common/api/detection_engine/signals/set_signal_status/set_signals_status_route.gen'; -import { SetAlertTagsRequestBodyInput } from '@kbn/security-solution-plugin/common/api/detection_engine/alert_tags/set_alert_tags/set_alert_tags.gen'; -import { StartEntityEngineRequestParamsInput } from '@kbn/security-solution-plugin/common/api/entity_analytics/entity_store/engine/start.gen'; -import { - StartRuleMigrationRequestParamsInput, - StartRuleMigrationRequestBodyInput, -} from '@kbn/security-solution-plugin/common/siem_migrations/model/api/rules/rule_migration.gen'; -import { StopEntityEngineRequestParamsInput } from '@kbn/security-solution-plugin/common/api/entity_analytics/entity_store/engine/stop.gen'; -import { StopRuleMigrationRequestParamsInput } from '@kbn/security-solution-plugin/common/siem_migrations/model/api/rules/rule_migration.gen'; -import { SuggestUserProfilesRequestQueryInput } from '@kbn/security-solution-plugin/common/api/detection_engine/users/suggest_user_profiles_route.gen'; -import { TriggerRiskScoreCalculationRequestBodyInput } from '@kbn/security-solution-plugin/common/api/entity_analytics/risk_engine/entity_calculation_route.gen'; -import { - UpdateEntitySourceRequestParamsInput, - UpdateEntitySourceRequestBodyInput, -} from '@kbn/security-solution-plugin/common/api/entity_analytics/privilege_monitoring/monitoring_entity_source/monitoring_entity_source.gen'; -import { - UpdatePrivMonUserRequestParamsInput, - UpdatePrivMonUserRequestBodyInput, -} from '@kbn/security-solution-plugin/common/api/entity_analytics/privilege_monitoring/users/update.gen'; -import { UpdateRuleRequestBodyInput } from '@kbn/security-solution-plugin/common/api/detection_engine/rule_management/crud/update_rule/update_rule_route.gen'; -import { - UpdateRuleMigrationRequestParamsInput, - UpdateRuleMigrationRequestBodyInput, -} from '@kbn/security-solution-plugin/common/siem_migrations/model/api/rules/rule_migration.gen'; -import { - UpdateRuleMigrationRulesRequestParamsInput, - UpdateRuleMigrationRulesRequestBodyInput, -} from '@kbn/security-solution-plugin/common/siem_migrations/model/api/rules/rule_migration.gen'; -import { - UpdateWorkflowInsightRequestParamsInput, - UpdateWorkflowInsightRequestBodyInput, -} from '@kbn/security-solution-plugin/common/api/endpoint/workflow_insights/workflow_insights.gen'; -import { - UpsertRuleMigrationResourcesRequestParamsInput, - UpsertRuleMigrationResourcesRequestBodyInput, -} from '@kbn/security-solution-plugin/common/siem_migrations/model/api/rules/rule_migration.gen'; -import { FtrProviderContext } from '../ftr_provider_context'; - -export function SecuritySolutionApiProvider({ getService }: FtrProviderContext) { - const supertest = getService('supertest'); - - return { - /** - * Migrations favor data integrity over shard size. Consequently, unused or orphaned indices are artifacts of -the migration process. A successful migration will result in both the old and new indices being present. -As such, the old, orphaned index can (and likely should) be deleted. - -While you can delete these indices manually, -the endpoint accomplishes this task by applying a deletion policy to the relevant index, causing it to be deleted -after 30 days. It also deletes other artifacts specific to the migration implementation. - - */ - alertsMigrationCleanup(props: AlertsMigrationCleanupProps, kibanaSpace: string = 'default') { - return supertest - .delete(getRouteUrlForSpace('/api/detection_engine/signals/migration', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object); - }, - applyEntityEngineDataviewIndices(kibanaSpace: string = 'default') { - return supertest - .post(getRouteUrlForSpace('/api/entity_store/engines/apply_dataview_indices', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); - }, - assetCriticalityGetPrivileges(kibanaSpace: string = 'default') { - return supertest - .get(getRouteUrlForSpace('/internal/asset_criticality/privileges', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '1') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); - }, - /** - * Ensures that the packages needed for prebuilt detection rules to work are installed and up to date - */ - bootstrapPrebuiltRules(kibanaSpace: string = 'default') { - return supertest - .post( - getRouteUrlForSpace('/internal/detection_engine/prebuilt_rules/_bootstrap', kibanaSpace) - ) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '1') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); - }, - /** - * Bulk upsert up to 1000 asset criticality records. - -If asset criticality records already exist for the specified entities, those records are overwritten with the specified values. If asset criticality records don't exist for the specified entities, new records are created. - - */ - bulkUpsertAssetCriticalityRecords( - props: BulkUpsertAssetCriticalityRecordsProps, - kibanaSpace: string = 'default' - ) { - return supertest - .post(getRouteUrlForSpace('/api/asset_criticality/bulk', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object); - }, - /** - * Create a clean draft Timeline or Timeline template for the current user. -> info -> If the user already has a draft Timeline, the existing draft Timeline is cleared and returned. - - */ - cleanDraftTimelines(props: CleanDraftTimelinesProps, kibanaSpace: string = 'default') { - return supertest - .post(getRouteUrlForSpace('/api/timeline/_draft', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object); - }, - /** - * Cleaning up the the Risk Engine by removing the indices, mapping and transforms - */ - cleanUpRiskEngine(kibanaSpace: string = 'default') { - return supertest - .delete(getRouteUrlForSpace('/api/risk_score/engine/dangerously_delete_data', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); - }, - /** - * Configuring the Risk Engine Saved Object - */ - configureRiskEngineSavedObject( - props: ConfigureRiskEngineSavedObjectProps, - kibanaSpace: string = 'default' - ) { - return supertest - .patch(getRouteUrlForSpace('/api/risk_score/engine/saved_object/configure', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object); - }, - /** - * Copies and returns a timeline or timeline template. - - */ - copyTimeline(props: CopyTimelineProps, kibanaSpace: string = 'default') { - return supertest - .get(getRouteUrlForSpace('/api/timeline/_copy', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object); - }, - createAlertsIndex(kibanaSpace: string = 'default') { - return supertest - .post(getRouteUrlForSpace('/api/detection_engine/index', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); - }, - /** - * Initiate a migration of detection alerts. -Migrations are initiated per index. While the process is neither destructive nor interferes with existing data, it may be resource-intensive. As such, it is recommended that you plan your migrations accordingly. - - */ - createAlertsMigration(props: CreateAlertsMigrationProps, kibanaSpace: string = 'default') { - return supertest - .post(getRouteUrlForSpace('/api/detection_engine/signals/migration', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object); - }, - /** - * Create or update an asset criticality record for a specific entity. - -If a record already exists for the specified entity, that record is overwritten with the specified value. If a record doesn't exist for the specified entity, a new record is created. - - */ - createAssetCriticalityRecord( - props: CreateAssetCriticalityRecordProps, - kibanaSpace: string = 'default' - ) { - return supertest - .post(getRouteUrlForSpace('/api/asset_criticality', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object); - }, - createEntitySource(props: CreateEntitySourceProps, kibanaSpace: string = 'default') { - return supertest - .post(getRouteUrlForSpace('/api/entity_analytics/monitoring/entity_source', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object); - }, - createPrivilegesImportIndex( - props: CreatePrivilegesImportIndexProps, - kibanaSpace: string = 'default' - ) { - return supertest - .put( - getRouteUrlForSpace('/api/entity_analytics/monitoring/privileges/indices', kibanaSpace) - ) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object); - }, - createPrivMonUser(props: CreatePrivMonUserProps, kibanaSpace: string = 'default') { - return supertest - .post(getRouteUrlForSpace('/api/entity_analytics/monitoring/users', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object); - }, - /** - * Create a new detection rule. -> warn -> When used with [API key](https://www.elastic.co/docs/deploy-manage/api-keys) authentication, the user's key gets assigned to the affected rules. If the user's key gets deleted or the user becomes inactive, the rules will stop running. - -> If the API key that is used for authorization has different privileges than the key that created or most recently updated the rule, the rule behavior might change. - -You can create the following types of rules: - -* **Custom query**: Searches the defined indices and creates an alert when a document matches the rule's KQL query. -* **Event correlation**: Searches the defined indices and creates an alert when results match an [Event Query Language (EQL)](https://www.elastic.co/guide/en/elasticsearch/reference/current/eql.html) query. -* **Threshold**: Searches the defined indices and creates an alert when the number of times the specified field's value meets the threshold during a single execution. When there are multiple values that meet the threshold, an alert is generated for each value. - For example, if the threshold `field` is `source.ip` and its `value` is `10`, an alert is generated for every source IP address that appears in at least 10 of the rule's search results. If you're interested, see [Terms Aggregation](https://www.elastic.co/guide/en/elasticsearch/reference/current/search-aggregations-bucket-terms-aggregation.html) for more information. -* **Indicator match**: Creates an alert when fields match values defined in the specified [Elasticsearch index](https://www.elastic.co/guide/en/elasticsearch/reference/current/indices-create-index.html). For example, you can create an index for IP addresses and use this index to create an alert whenever an event's `destination.ip` equals a value in the index. The index's field mappings should be [ECS-compliant](https://www.elastic.co/guide/en/ecs/current/ecs-reference.html). -* **New terms**: Generates an alert for each new term detected in source documents within a specified time range. -* **ES|QL**: Uses [Elasticsearch Query Language (ES|QL)](https://www.elastic.co/guide/en/elasticsearch/reference/current/esql.html) to find events and aggregate search results. -* **Machine learning rules**: Creates an alert when a machine learning job discovers an anomaly above the defined threshold. -> info -> To create machine learning rules, you must have the [appropriate license](https://www.elastic.co/subscriptions) or use a [cloud deployment](https://cloud.elastic.co/registration). Additionally, for the machine learning rule to function correctly, the associated machine learning job must be running. - -To retrieve machine learning job IDs, which are required to create machine learning jobs, call the [Elasticsearch Get jobs API](https://www.elastic.co/guide/en/elasticsearch/reference/current/ml-get-job.html). Machine learning jobs that contain `siem` in the `groups` field can be used to create rules: - -```json -... -"job_id": "linux_anomalous_network_activity_ecs", -"job_type": "anomaly_detector", -"job_version": "7.7.0", -"groups": [ - "auditbeat", - "process", - "siem" -], -... -``` - -Additionally, you can set up notifications for when rules create alerts. The notifications use the [Alerting and Actions framework](https://www.elastic.co/guide/en/kibana/current/alerting-getting-started.html). Each action type requires a connector. Connectors store the information required to send notifications via external systems. The following connector types are supported for rule notifications: - -* Slack -* Email -* PagerDuty -* Webhook -* Microsoft Teams -* IBM Resilient -* Jira -* ServiceNow ITSM -> info -> For more information on PagerDuty fields, see [Send a v2 Event](https://developer.pagerduty.com/docs/events-api-v2/trigger-events/). - -To retrieve connector IDs, which are required to configure rule notifications, call the [Find objects API](https://www.elastic.co/guide/en/kibana/current/saved-objects-api-find.html) with `"type": "action"` in the request payload. - -For detailed information on Kibana actions and alerting, and additional API calls, see: - -* [Alerting API](https://www.elastic.co/docs/api/doc/kibana/group/endpoint-alerting) -* [Alerting and Actions framework](https://www.elastic.co/guide/en/kibana/current/alerting-getting-started.html) -* [Connectors API](https://www.elastic.co/docs/api/doc/kibana/group/endpoint-connectors) - - */ - createRule(props: CreateRuleProps, kibanaSpace: string = 'default') { - return supertest - .post(getRouteUrlForSpace('/api/detection_engine/rules', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object); - }, - /** - * Creates a new rule migration and returns the corresponding migration_id - */ - createRuleMigration(props: CreateRuleMigrationProps, kibanaSpace: string = 'default') { - return supertest - .put(getRouteUrlForSpace('/internal/siem_migrations/rules', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '1') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object); - }, - /** - * Adds original vendor rules to an already existing migration. Can be called multiple times to add more rules - */ - createRuleMigrationRules( - props: CreateRuleMigrationRulesProps, - kibanaSpace: string = 'default' - ) { - return supertest - .post( - getRouteUrlForSpace( - replaceParams('/internal/siem_migrations/rules/{migration_id}/rules', props.params), - kibanaSpace - ) - ) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '1') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object); - }, - /** - * Create a new Timeline or Timeline template. - */ - createTimelines(props: CreateTimelinesProps, kibanaSpace: string = 'default') { - return supertest - .post(getRouteUrlForSpace('/api/timeline', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object); - }, - createUpdateProtectionUpdatesNote( - props: CreateUpdateProtectionUpdatesNoteProps, - kibanaSpace: string = 'default' - ) { - return supertest - .post( - getRouteUrlForSpace( - replaceParams( - '/api/endpoint/protection_updates_note/{package_policy_id}', - props.params - ), - kibanaSpace - ) - ) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object); - }, - deleteAlertsIndex(kibanaSpace: string = 'default') { - return supertest - .delete(getRouteUrlForSpace('/api/detection_engine/index', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); - }, - /** - * Delete the asset criticality record for a specific entity. - */ - deleteAssetCriticalityRecord( - props: DeleteAssetCriticalityRecordProps, - kibanaSpace: string = 'default' - ) { - return supertest - .delete(getRouteUrlForSpace('/api/asset_criticality', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .query(props.query); - }, - deleteEntityEngine(props: DeleteEntityEngineProps, kibanaSpace: string = 'default') { - return supertest - .delete( - getRouteUrlForSpace( - replaceParams('/api/entity_store/engines/{entityType}', props.params), - kibanaSpace - ) - ) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .query(props.query); - }, - deleteEntitySource(props: DeleteEntitySourceProps, kibanaSpace: string = 'default') { - return supertest - .delete( - getRouteUrlForSpace( - replaceParams('/api/entity_analytics/monitoring/entity_source/{id}', props.params), - kibanaSpace - ) - ) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); - }, - deleteMonitoringEngine(props: DeleteMonitoringEngineProps, kibanaSpace: string = 'default') { - return supertest - .delete(getRouteUrlForSpace('/api/entity_analytics/monitoring/engine/delete', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .query(props.query); - }, - /** - * Delete a note from a Timeline using the note ID. - */ - deleteNote(props: DeleteNoteProps, kibanaSpace: string = 'default') { - return supertest - .delete(getRouteUrlForSpace('/api/note', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object); - }, - deletePrivMonUser(props: DeletePrivMonUserProps, kibanaSpace: string = 'default') { - return supertest - .delete( - getRouteUrlForSpace( - replaceParams('/api/entity_analytics/monitoring/users/{id}', props.params), - kibanaSpace - ) - ) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); - }, - /** - * Delete a detection rule using the `rule_id` or `id` field. - -The URL query must include one of the following: - -* `id` - `DELETE /api/detection_engine/rules?id=` -* `rule_id`- `DELETE /api/detection_engine/rules?rule_id=` - -The difference between the `id` and `rule_id` is that the `id` is a unique rule identifier that is randomly generated when a rule is created and cannot be set, whereas `rule_id` is a stable rule identifier that can be assigned during rule creation. - - */ - deleteRule(props: DeleteRuleProps, kibanaSpace: string = 'default') { - return supertest - .delete(getRouteUrlForSpace('/api/detection_engine/rules', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .query(props.query); - }, - /** - * Deletes a rule migration document stored in the system given the rule migration id - */ - deleteRuleMigration(props: DeleteRuleMigrationProps, kibanaSpace: string = 'default') { - return supertest - .delete( - getRouteUrlForSpace( - replaceParams('/internal/siem_migrations/rules/{migration_id}', props.params), - kibanaSpace - ) - ) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '1') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); - }, - /** - * Delete one or more Timelines or Timeline templates. - */ - deleteTimelines(props: DeleteTimelinesProps, kibanaSpace: string = 'default') { - return supertest - .delete(getRouteUrlForSpace('/api/timeline', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object); - }, - /** - * Calculates and persists Risk Scores for an entity, returning the calculated risk score. - */ - deprecatedTriggerRiskScoreCalculation( - props: DeprecatedTriggerRiskScoreCalculationProps, - kibanaSpace: string = 'default' - ) { - return supertest - .post(getRouteUrlForSpace('/api/risk_scores/calculation/entity', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '1') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object); - }, - disableMonitoringEngine(kibanaSpace: string = 'default') { - return supertest - .post(getRouteUrlForSpace('/api/entity_analytics/monitoring/engine/disable', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); - }, - disableRiskEngine(kibanaSpace: string = 'default') { - return supertest - .post(getRouteUrlForSpace('/internal/risk_score/engine/disable', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '1') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); - }, - enableRiskEngine(kibanaSpace: string = 'default') { - return supertest - .post(getRouteUrlForSpace('/internal/risk_score/engine/enable', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '1') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); - }, - /** - * Run a shell command on an endpoint. - */ - endpointExecuteAction(props: EndpointExecuteActionProps, kibanaSpace: string = 'default') { - return supertest - .post(getRouteUrlForSpace('/api/endpoint/action/execute', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object); - }, - /** - * Download a file from an endpoint. - */ - endpointFileDownload(props: EndpointFileDownloadProps, kibanaSpace: string = 'default') { - return supertest - .get( - getRouteUrlForSpace( - replaceParams('/api/endpoint/action/{action_id}/file/{file_id}/download', props.params), - kibanaSpace - ) - ) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); - }, - /** - * Get information for the specified file using the file ID. - */ - endpointFileInfo(props: EndpointFileInfoProps, kibanaSpace: string = 'default') { - return supertest - .get( - getRouteUrlForSpace( - replaceParams('/api/endpoint/action/{action_id}/file/{file_id}', props.params), - kibanaSpace - ) - ) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); - }, - /** - * Get the details of a response action using the action ID. - */ - endpointGetActionsDetails( - props: EndpointGetActionsDetailsProps, - kibanaSpace: string = 'default' - ) { - return supertest - .get( - getRouteUrlForSpace( - replaceParams('/api/endpoint/action/{action_id}', props.params), - kibanaSpace - ) - ) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); - }, - /** - * Get a list of all response actions. - */ - endpointGetActionsList(props: EndpointGetActionsListProps, kibanaSpace: string = 'default') { - return supertest - .get(getRouteUrlForSpace('/api/endpoint/action', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .query(props.query); - }, - /** - * Get a response actions state, which reports whether encryption is enabled. - */ - endpointGetActionsState(kibanaSpace: string = 'default') { - return supertest - .get(getRouteUrlForSpace('/api/endpoint/action/state', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); - }, - /** - * Get the status of response actions for the specified agent IDs. - */ - endpointGetActionsStatus( - props: EndpointGetActionsStatusProps, - kibanaSpace: string = 'default' - ) { - return supertest - .get(getRouteUrlForSpace('/api/endpoint/action_status', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .query(props.query); - }, - /** - * Get a file from an endpoint. - */ - endpointGetFileAction(props: EndpointGetFileActionProps, kibanaSpace: string = 'default') { - return supertest - .post(getRouteUrlForSpace('/api/endpoint/action/get_file', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object); - }, - /** - * Get a list of all processes running on an endpoint. - */ - endpointGetProcessesAction( - props: EndpointGetProcessesActionProps, - kibanaSpace: string = 'default' - ) { - return supertest - .post(getRouteUrlForSpace('/api/endpoint/action/running_procs', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object); - }, - /** - * Isolate an endpoint from the network. The endpoint remains isolated until it's released. - */ - endpointIsolateAction(props: EndpointIsolateActionProps, kibanaSpace: string = 'default') { - return supertest - .post(getRouteUrlForSpace('/api/endpoint/action/isolate', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object); - }, - /** - * Terminate a running process on an endpoint. - */ - endpointKillProcessAction( - props: EndpointKillProcessActionProps, - kibanaSpace: string = 'default' - ) { - return supertest - .post(getRouteUrlForSpace('/api/endpoint/action/kill_process', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object); - }, - /** - * Scan a specific file or directory on an endpoint for malware. - */ - endpointScanAction(props: EndpointScanActionProps, kibanaSpace: string = 'default') { - return supertest - .post(getRouteUrlForSpace('/api/endpoint/action/scan', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object); - }, - /** - * Suspend a running process on an endpoint. - */ - endpointSuspendProcessAction( - props: EndpointSuspendProcessActionProps, - kibanaSpace: string = 'default' - ) { - return supertest - .post(getRouteUrlForSpace('/api/endpoint/action/suspend_process', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object); - }, - /** - * Release an isolated endpoint, allowing it to rejoin a network. - */ - endpointUnisolateAction(props: EndpointUnisolateActionProps, kibanaSpace: string = 'default') { - return supertest - .post(getRouteUrlForSpace('/api/endpoint/action/unisolate', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object); - }, - /** - * Upload a file to an endpoint. - */ - endpointUploadAction(kibanaSpace: string = 'default') { - return supertest - .post(getRouteUrlForSpace('/api/endpoint/action/upload', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); - }, - entityStoreGetPrivileges(kibanaSpace: string = 'default') { - return supertest - .get(getRouteUrlForSpace('/internal/entity_store/privileges', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '1') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); - }, - /** - * Export detection rules to an `.ndjson` file. The following configuration items are also included in the `.ndjson` file: -- Actions -- Exception lists -> info -> Rule actions and connectors are included in the exported file, but sensitive information about the connector (such as authentication credentials) is not included. You must re-add missing connector details after importing detection rules. - -> You can use Kibana’s [Saved Objects](https://www.elastic.co/guide/en/kibana/current/managing-saved-objects.html) UI (Stack Management → Kibana → Saved Objects) or the Saved Objects APIs (experimental) to [export](https://www.elastic.co/docs/api/doc/kibana/operation/operation-exportsavedobjectsdefault) and [import](https://www.elastic.co/docs/api/doc/kibana/operation/operation-importsavedobjectsdefault) any necessary connectors before importing detection rules. - -> Similarly, any value lists used for rule exceptions are not included in rule exports or imports. Use the [Manage value lists](https://www.elastic.co/guide/en/security/current/value-lists-exceptions.html#manage-value-lists) UI (Rules → Detection rules (SIEM) → Manage value lists) to export and import value lists separately. - - */ - exportRules(props: ExportRulesProps, kibanaSpace: string = 'default') { - return supertest - .post(getRouteUrlForSpace('/api/detection_engine/rules/_export', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object) - .query(props.query); - }, - /** - * Export Timelines as an NDJSON file. - */ - exportTimelines(props: ExportTimelinesProps, kibanaSpace: string = 'default') { - return supertest - .post(getRouteUrlForSpace('/api/timeline/_export', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object) - .query(props.query); - }, - /** - * Finalize successful migrations of detection alerts. This replaces the original index's alias with the successfully migrated index's alias. -The endpoint is idempotent; therefore, it can safely be used to poll a given migration and, upon completion, -finalize it. - - */ - finalizeAlertsMigration(props: FinalizeAlertsMigrationProps, kibanaSpace: string = 'default') { - return supertest - .post(getRouteUrlForSpace('/api/detection_engine/signals/finalize_migration', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object); - }, - /** - * List asset criticality records, paging, sorting and filtering as needed. - */ - findAssetCriticalityRecords( - props: FindAssetCriticalityRecordsProps, - kibanaSpace: string = 'default' - ) { - return supertest - .get(getRouteUrlForSpace('/api/asset_criticality/list', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .query(props.query); - }, - /** - * Retrieve a paginated list of detection rules. By default, the first page is returned, with 20 results per page. - */ - findRules(props: FindRulesProps, kibanaSpace: string = 'default') { - return supertest - .get(getRouteUrlForSpace('/api/detection_engine/rules/_find', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .query(props.query); - }, - /** - * Retrieves the rule migrations stats for all migrations stored in the system - */ - getAllStatsRuleMigration(kibanaSpace: string = 'default') { - return supertest - .get(getRouteUrlForSpace('/internal/siem_migrations/rules/stats', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '1') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); - }, - /** - * Get the asset criticality record for a specific entity. - */ - getAssetCriticalityRecord( - props: GetAssetCriticalityRecordProps, - kibanaSpace: string = 'default' - ) { - return supertest - .get(getRouteUrlForSpace('/api/asset_criticality', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .query(props.query); - }, - getAssetCriticalityStatus(kibanaSpace: string = 'default') { - return supertest - .get(getRouteUrlForSpace('/internal/asset_criticality/status', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '1') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); - }, - /** - * Get the details of the draft Timeline or Timeline template for the current user. If the user doesn't have a draft Timeline, an empty Timeline is returned. - */ - getDraftTimelines(props: GetDraftTimelinesProps, kibanaSpace: string = 'default') { - return supertest - .get(getRouteUrlForSpace('/api/timeline/_draft', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .query(props.query); - }, - getEndpointMetadataList(props: GetEndpointMetadataListProps, kibanaSpace: string = 'default') { - return supertest - .get(getRouteUrlForSpace('/api/endpoint/metadata', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .query(props.query); - }, - getEndpointSuggestions(props: GetEndpointSuggestionsProps, kibanaSpace: string = 'default') { - return supertest - .post( - getRouteUrlForSpace( - replaceParams('/internal/api/endpoint/suggestions/{suggestion_type}', props.params), - kibanaSpace - ) - ) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object); - }, - getEntityEngine(props: GetEntityEngineProps, kibanaSpace: string = 'default') { - return supertest - .get( - getRouteUrlForSpace( - replaceParams('/api/entity_store/engines/{entityType}', props.params), - kibanaSpace - ) - ) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); - }, - getEntitySource(props: GetEntitySourceProps, kibanaSpace: string = 'default') { - return supertest - .get( - getRouteUrlForSpace( - replaceParams('/api/entity_analytics/monitoring/entity_source/{id}', props.params), - kibanaSpace - ) - ) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); - }, - getEntityStoreStatus(props: GetEntityStoreStatusProps, kibanaSpace: string = 'default') { - return supertest - .get(getRouteUrlForSpace('/api/entity_store/status', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .query(props.query); - }, - /** - * Get all notes for a given document. - */ - getNotes(props: GetNotesProps, kibanaSpace: string = 'default') { - return supertest - .get(getRouteUrlForSpace('/api/note', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .query(props.query); - }, - getPolicyResponse(props: GetPolicyResponseProps, kibanaSpace: string = 'default') { - return supertest - .get(getRouteUrlForSpace('/api/endpoint/policy_response', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .query(props.query); - }, - getPrivilegedAccessDetectionPackageStatus(kibanaSpace: string = 'default') { - return supertest - .get( - getRouteUrlForSpace( - '/api/entity_analytics/privileged_user_monitoring/pad/status', - kibanaSpace - ) - ) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); - }, - getProtectionUpdatesNote( - props: GetProtectionUpdatesNoteProps, - kibanaSpace: string = 'default' - ) { - return supertest - .get( - getRouteUrlForSpace( - replaceParams( - '/api/endpoint/protection_updates_note/{package_policy_id}', - props.params - ), - kibanaSpace - ) - ) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); - }, - /** - * Returns the status of both the legacy transform-based risk engine, as well as the new risk engine - */ - getRiskEngineStatus(kibanaSpace: string = 'default') { - return supertest - .get(getRouteUrlForSpace('/internal/risk_score/engine/status', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '1') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); - }, - getRuleExecutionEvents(props: GetRuleExecutionEventsProps, kibanaSpace: string = 'default') { - return supertest - .put( - getRouteUrlForSpace( - replaceParams( - '/internal/detection_engine/rules/{ruleId}/execution/events', - props.params - ), - kibanaSpace - ) - ) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '1') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .query(props.query); - }, - getRuleExecutionResults(props: GetRuleExecutionResultsProps, kibanaSpace: string = 'default') { - return supertest - .put( - getRouteUrlForSpace( - replaceParams( - '/internal/detection_engine/rules/{ruleId}/execution/results', - props.params - ), - kibanaSpace - ) - ) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '1') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .query(props.query); - }, - /** - * Retrieves the rule migration document stored in the system given the rule migration id - */ - getRuleMigration(props: GetRuleMigrationProps, kibanaSpace: string = 'default') { - return supertest - .get( - getRouteUrlForSpace( - replaceParams('/internal/siem_migrations/rules/{migration_id}', props.params), - kibanaSpace - ) - ) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '1') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); - }, - /** - * Retrieves all related integrations - */ - getRuleMigrationIntegrations(kibanaSpace: string = 'default') { - return supertest - .get(getRouteUrlForSpace('/internal/siem_migrations/rules/integrations', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '1') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); - }, - /** - * Retrieves the stats of all the integrations for all the rule migrations, including the number of rules associated with the integration - */ - getRuleMigrationIntegrationsStats(kibanaSpace: string = 'default') { - return supertest - .get(getRouteUrlForSpace('/internal/siem_migrations/rules/integrations/stats', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '1') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); - }, - /** - * Retrieves all available prebuilt rules (installed and installable) - */ - getRuleMigrationPrebuiltRules( - props: GetRuleMigrationPrebuiltRulesProps, - kibanaSpace: string = 'default' - ) { - return supertest - .get( - getRouteUrlForSpace( - replaceParams( - '/internal/siem_migrations/rules/{migration_id}/prebuilt_rules', - props.params - ), - kibanaSpace - ) - ) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '1') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); - }, - /** - * Identifies the privileges required for a SIEM rules migration and returns the missing privileges - */ - getRuleMigrationPrivileges(kibanaSpace: string = 'default') { - return supertest - .get(getRouteUrlForSpace('/internal/siem_migrations/rules/missing_privileges', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '1') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); - }, - /** - * Retrieves resources for an existing SIEM rules migration - */ - getRuleMigrationResources( - props: GetRuleMigrationResourcesProps, - kibanaSpace: string = 'default' - ) { - return supertest - .get( - getRouteUrlForSpace( - replaceParams('/internal/siem_migrations/rules/{migration_id}/resources', props.params), - kibanaSpace - ) - ) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '1') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .query(props.query); - }, - /** - * Identifies missing resources from all the rules of an existing SIEM rules migration - */ - getRuleMigrationResourcesMissing( - props: GetRuleMigrationResourcesMissingProps, - kibanaSpace: string = 'default' - ) { - return supertest - .get( - getRouteUrlForSpace( - replaceParams( - '/internal/siem_migrations/rules/{migration_id}/resources/missing', - props.params - ), - kibanaSpace - ) - ) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '1') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); - }, - /** - * Retrieves the the list of rules included in a migration given the migration id - */ - getRuleMigrationRules(props: GetRuleMigrationRulesProps, kibanaSpace: string = 'default') { - return supertest - .get( - getRouteUrlForSpace( - replaceParams('/internal/siem_migrations/rules/{migration_id}/rules', props.params), - kibanaSpace - ) - ) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '1') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .query(props.query); - }, - /** - * Retrieves the stats of a SIEM rules migration using the migration id provided - */ - getRuleMigrationStats(props: GetRuleMigrationStatsProps, kibanaSpace: string = 'default') { - return supertest - .get( - getRouteUrlForSpace( - replaceParams('/internal/siem_migrations/rules/{migration_id}/stats', props.params), - kibanaSpace - ) - ) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '1') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); - }, - /** - * Retrieves the translation stats of a SIEM rules migration using the migration id provided - */ - getRuleMigrationTranslationStats( - props: GetRuleMigrationTranslationStatsProps, - kibanaSpace: string = 'default' - ) { - return supertest - .get( - getRouteUrlForSpace( - replaceParams( - '/internal/siem_migrations/rules/{migration_id}/translation_stats', - props.params - ), - kibanaSpace - ) - ) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '1') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); - }, - /** - * Get the details of an existing saved Timeline or Timeline template. - */ - getTimeline(props: GetTimelineProps, kibanaSpace: string = 'default') { - return supertest - .get(getRouteUrlForSpace('/api/timeline', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .query(props.query); - }, - /** - * Get a list of all saved Timelines or Timeline templates. - */ - getTimelines(props: GetTimelinesProps, kibanaSpace: string = 'default') { - return supertest - .get(getRouteUrlForSpace('/api/timelines', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .query(props.query); - }, - getWorkflowInsights(props: GetWorkflowInsightsProps, kibanaSpace: string = 'default') { - return supertest - .get(getRouteUrlForSpace('/internal/api/endpoint/workflow_insights', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '1') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .query(props.query); - }, - /** - * Import detection rules from an `.ndjson` file, including actions and exception lists. The request must include: -- The `Content-Type: multipart/form-data` HTTP header. -- A link to the `.ndjson` file containing the rules. -> warn -> When used with [API key](https://www.elastic.co/docs/deploy-manage/api-keys) authentication, the user's key gets assigned to the affected rules. If the user's key gets deleted or the user becomes inactive, the rules will stop running. - -> If the API key that is used for authorization has different privileges than the key that created or most recently updated the rule, the rule behavior might change. -> info -> To import rules with actions, you need at least Read privileges for the Action and Connectors feature. To overwrite or add new connectors, you need All privileges for the Actions and Connectors feature. To import rules without actions, you don’t need Actions and Connectors privileges. Refer to [Enable and access detections](https://www.elastic.co/guide/en/security/current/detections-permissions-section.html#enable-detections-ui) for more information. - -> info -> Rule actions and connectors are included in the exported file, but sensitive information about the connector (such as authentication credentials) is not included. You must re-add missing connector details after importing detection rules. - -> You can use Kibana’s [Saved Objects](https://www.elastic.co/guide/en/kibana/current/managing-saved-objects.html) UI (Stack Management → Kibana → Saved Objects) or the Saved Objects APIs (experimental) to [export](https://www.elastic.co/docs/api/doc/kibana/operation/operation-exportsavedobjectsdefault) and [import](https://www.elastic.co/docs/api/doc/kibana/operation/operation-importsavedobjectsdefault) any necessary connectors before importing detection rules. - -> Similarly, any value lists used for rule exceptions are not included in rule exports or imports. Use the [Manage value lists](https://www.elastic.co/guide/en/security/current/value-lists-exceptions.html#manage-value-lists) UI (Rules → Detection rules (SIEM) → Manage value lists) to export and import value lists separately. - - */ - importRules(props: ImportRulesProps, kibanaSpace: string = 'default') { - return supertest - .post(getRouteUrlForSpace('/api/detection_engine/rules/_import', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .query(props.query); - }, - /** - * Import Timelines. - */ - importTimelines(props: ImportTimelinesProps, kibanaSpace: string = 'default') { - return supertest - .post(getRouteUrlForSpace('/api/timeline/_import', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object); - }, - initEntityEngine(props: InitEntityEngineProps, kibanaSpace: string = 'default') { - return supertest - .post( - getRouteUrlForSpace( - replaceParams('/api/entity_store/engines/{entityType}/init', props.params), - kibanaSpace - ) - ) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object); - }, - initEntityStore(props: InitEntityStoreProps, kibanaSpace: string = 'default') { - return supertest - .post(getRouteUrlForSpace('/api/entity_store/enable', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object); - }, - initMonitoringEngine(kibanaSpace: string = 'default') { - return supertest - .post(getRouteUrlForSpace('/api/entity_analytics/monitoring/engine/init', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); - }, - /** - * Initializes the Risk Engine by creating the necessary indices and mappings, removing old transforms, and starting the new risk engine - */ - initRiskEngine(kibanaSpace: string = 'default') { - return supertest - .post(getRouteUrlForSpace('/internal/risk_score/engine/init', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '1') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); - }, - /** - * Installs migration rules - */ - installMigrationRules(props: InstallMigrationRulesProps, kibanaSpace: string = 'default') { - return supertest - .post( - getRouteUrlForSpace( - replaceParams('/internal/siem_migrations/rules/{migration_id}/install', props.params), - kibanaSpace - ) - ) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '1') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object); - }, - /** - * Install and update all Elastic prebuilt detection rules and Timelines. - -This endpoint allows you to install and update prebuilt detection rules and Timelines provided by Elastic. -When you call this endpoint, it will: -- Install any new prebuilt detection rules that are not currently installed in your system. -- Update any existing prebuilt detection rules that have been modified or improved by Elastic. -- Install any new prebuilt Timelines that are not currently installed in your system. -- Update any existing prebuilt Timelines that have been modified or improved by Elastic. - -This ensures that your detection engine is always up-to-date with the latest rules and Timelines, -providing you with the most current and effective threat detection capabilities. - - */ - installPrebuiltRulesAndTimelines(kibanaSpace: string = 'default') { - return supertest - .put(getRouteUrlForSpace('/api/detection_engine/rules/prepackaged', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); - }, - /** - * Install or update prepackaged Timelines. - */ - installPrepackedTimelines( - props: InstallPrepackedTimelinesProps, - kibanaSpace: string = 'default' - ) { - return supertest - .post(getRouteUrlForSpace('/api/timeline/_prepackaged', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object); - }, - installPrivilegedAccessDetectionPackage(kibanaSpace: string = 'default') { - return supertest - .post( - getRouteUrlForSpace( - '/api/entity_analytics/privileged_user_monitoring/pad/install', - kibanaSpace - ) - ) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); - }, - internalUploadAssetCriticalityRecords(kibanaSpace: string = 'default') { - return supertest - .post(getRouteUrlForSpace('/internal/asset_criticality/upload_csv', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '1') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); - }, - /** - * List entities records, paging, sorting and filtering as needed. - */ - listEntities(props: ListEntitiesProps, kibanaSpace: string = 'default') { - return supertest - .get(getRouteUrlForSpace('/api/entity_store/entities/list', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .query(props.query); - }, - listEntityEngines(kibanaSpace: string = 'default') { - return supertest - .get(getRouteUrlForSpace('/api/entity_store/engines', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); - }, - listEntitySources(props: ListEntitySourcesProps, kibanaSpace: string = 'default') { - return supertest - .get( - getRouteUrlForSpace('/api/entity_analytics/monitoring/entity_source/list', kibanaSpace) - ) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .query(props.query); - }, - listPrivMonUsers(props: ListPrivMonUsersProps, kibanaSpace: string = 'default') { - return supertest - .get(getRouteUrlForSpace('/api/entity_analytics/monitoring/users/list', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .query(props.query); - }, - /** - * Update specific fields of an existing detection rule using the `rule_id` or `id` field. - -The difference between the `id` and `rule_id` is that the `id` is a unique rule identifier that is randomly generated when a rule is created and cannot be set, whereas `rule_id` is a stable rule identifier that can be assigned during rule creation. -> warn -> When used with [API key](https://www.elastic.co/docs/deploy-manage/api-keys) authentication, the user's key gets assigned to the affected rules. If the user's key gets deleted or the user becomes inactive, the rules will stop running. - -> If the API key that is used for authorization has different privileges than the key that created or most recently updated the rule, the rule behavior might change. - - */ - patchRule(props: PatchRuleProps, kibanaSpace: string = 'default') { - return supertest - .patch(getRouteUrlForSpace('/api/detection_engine/rules', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object); - }, - /** - * Update an existing Timeline. You can update the title, description, date range, pinned events, pinned queries, and/or pinned saved queries of an existing Timeline. - */ - patchTimeline(props: PatchTimelineProps, kibanaSpace: string = 'default') { - return supertest - .patch(getRouteUrlForSpace('/api/timeline', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object); - }, - /** - * Apply a bulk action, such as bulk edit, duplicate, or delete, to multiple detection rules. The bulk action is applied to all rules that match the query or to the rules listed by their IDs. - -The edit action allows you to add, delete, or set tags, index patterns, investigation fields, rule actions and schedules for multiple rules at once. -The edit action is idempotent, meaning that if you add a tag to a rule that already has that tag, no changes are made. The same is true for other edit actions, for example removing an index pattern that is not specified in a rule will not result in any changes. The only exception is the `add_rule_actions` and `set_rule_actions` action, which is non-idempotent. This means that if you add or set a rule action to a rule that already has that action, a new action is created with a new unique ID. -> warn -> When used with [API key](https://www.elastic.co/docs/deploy-manage/api-keys) authentication, the user's key gets assigned to the affected rules. If the user's key gets deleted or the user becomes inactive, the rules will stop running. - -> If the API key that is used for authorization has different privileges than the key that created or most recently updated the rule, the rule behavior might change. - - */ - performRulesBulkAction(props: PerformRulesBulkActionProps, kibanaSpace: string = 'default') { - return supertest - .post(getRouteUrlForSpace('/api/detection_engine/rules/_bulk_action', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object) - .query(props.query); - }, - /** - * Favorite a Timeline or Timeline template for the current user. - */ - persistFavoriteRoute(props: PersistFavoriteRouteProps, kibanaSpace: string = 'default') { - return supertest - .patch(getRouteUrlForSpace('/api/timeline/_favorite', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object); - }, - /** - * Add a note to a Timeline or update an existing note. - */ - persistNoteRoute(props: PersistNoteRouteProps, kibanaSpace: string = 'default') { - return supertest - .patch(getRouteUrlForSpace('/api/note', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object); - }, - /** - * Pin/unpin an event to/from an existing Timeline. - */ - persistPinnedEventRoute(props: PersistPinnedEventRouteProps, kibanaSpace: string = 'default') { - return supertest - .patch(getRouteUrlForSpace('/api/pinned_event', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object); - }, - /** - * Calculates and returns a list of Risk Scores, sorted by identifier_type and risk score. - */ - previewRiskScore(props: PreviewRiskScoreProps, kibanaSpace: string = 'default') { - return supertest - .post(getRouteUrlForSpace('/internal/risk_score/preview', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '1') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object); - }, - privmonBulkUploadUsersCsv(kibanaSpace: string = 'default') { - return supertest - .post(getRouteUrlForSpace('/api/entity_analytics/monitoring/users/_csv', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); - }, - privMonHealth(kibanaSpace: string = 'default') { - return supertest - .get(getRouteUrlForSpace('/api/entity_analytics/monitoring/privileges/health', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); - }, - /** - * Check if the current user has all required permissions for Privilege Monitoring - */ - privMonPrivileges(kibanaSpace: string = 'default') { - return supertest - .get( - getRouteUrlForSpace('/api/entity_analytics/monitoring/privileges/privileges', kibanaSpace) - ) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); - }, - readAlertsIndex(kibanaSpace: string = 'default') { - return supertest - .get(getRouteUrlForSpace('/api/detection_engine/index', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); - }, - /** - * Retrieve indices that contain detection alerts of a particular age, along with migration information for each of those indices. - */ - readAlertsMigrationStatus( - props: ReadAlertsMigrationStatusProps, - kibanaSpace: string = 'default' - ) { - return supertest - .get(getRouteUrlForSpace('/api/detection_engine/signals/migration_status', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .query(props.query); - }, - /** - * Retrieve the status of all Elastic prebuilt detection rules and Timelines. - -This endpoint provides detailed information about the number of custom rules, installed prebuilt rules, available prebuilt rules that are not installed, outdated prebuilt rules, installed prebuilt timelines, available prebuilt timelines that are not installed, and outdated prebuilt timelines. - - */ - readPrebuiltRulesAndTimelinesStatus(kibanaSpace: string = 'default') { - return supertest - .get(getRouteUrlForSpace('/api/detection_engine/rules/prepackaged/_status', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); - }, - /** - * Retrieves whether or not the user is authenticated, and the user's Kibana -space and index privileges, which determine if the user can create an -index for the Elastic Security alerts generated by -detection engine rules. - - */ - readPrivileges(kibanaSpace: string = 'default') { - return supertest - .get(getRouteUrlForSpace('/api/detection_engine/privileges', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); - }, - readRiskEngineSettings(kibanaSpace: string = 'default') { - return supertest - .get(getRouteUrlForSpace('/internal/risk_score/engine/settings', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '1') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); - }, - /** - * Retrieve a detection rule using the `rule_id` or `id` field. - -The URL query must include one of the following: - -* `id` - `GET /api/detection_engine/rules?id=` -* `rule_id` - `GET /api/detection_engine/rules?rule_id=` - -The difference between the `id` and `rule_id` is that the `id` is a unique rule identifier that is randomly generated when a rule is created and cannot be set, whereas `rule_id` is a stable rule identifier that can be assigned during rule creation. - - */ - readRule(props: ReadRuleProps, kibanaSpace: string = 'default') { - return supertest - .get(getRouteUrlForSpace('/api/detection_engine/rules', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .query(props.query); - }, - /** - * List all unique tags from all detection rules. - */ - readTags(kibanaSpace: string = 'default') { - return supertest - .get(getRouteUrlForSpace('/api/detection_engine/tags', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); - }, - resolveTimeline(props: ResolveTimelineProps, kibanaSpace: string = 'default') { - return supertest - .get(getRouteUrlForSpace('/api/timeline/resolve', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .query(props.query); - }, - riskEngineGetPrivileges(kibanaSpace: string = 'default') { - return supertest - .get(getRouteUrlForSpace('/internal/risk_engine/privileges', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '1') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); - }, - rulePreview(props: RulePreviewProps, kibanaSpace: string = 'default') { - return supertest - .post(getRouteUrlForSpace('/api/detection_engine/rules/preview', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object) - .query(props.query); - }, - runEntityAnalyticsMigrations(kibanaSpace: string = 'default') { - return supertest - .post(getRouteUrlForSpace('/internal/entity_analytics/migrations/run', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '1') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); - }, - /** - * Run a shell command on an endpoint. - */ - runScriptAction(props: RunScriptActionProps, kibanaSpace: string = 'default') { - return supertest - .post(getRouteUrlForSpace('/api/endpoint/action/runscript', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object); - }, - /** - * Schedule the risk scoring engine to run as soon as possible. You can use this to recalculate entity risk scores after updating their asset criticality. - */ - scheduleRiskEngineNow(kibanaSpace: string = 'default') { - return supertest - .post(getRouteUrlForSpace('/api/risk_score/engine/schedule_now', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); - }, - /** - * Find and/or aggregate detection alerts that match the given query. - */ - searchAlerts(props: SearchAlertsProps, kibanaSpace: string = 'default') { - return supertest - .post(getRouteUrlForSpace('/api/detection_engine/signals/search', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object); - }, - searchPrivilegesIndices(props: SearchPrivilegesIndicesProps, kibanaSpace: string = 'default') { - return supertest - .get( - getRouteUrlForSpace('/api/entity_analytics/monitoring/privileges/indices', kibanaSpace) - ) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .query(props.query); - }, - /** - * Assign users to detection alerts, and unassign them from alerts. -> info -> You cannot add and remove the same assignee in the same request. - - */ - setAlertAssignees(props: SetAlertAssigneesProps, kibanaSpace: string = 'default') { - return supertest - .post(getRouteUrlForSpace('/api/detection_engine/signals/assignees', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object); - }, - /** - * Set the status of one or more detection alerts. - */ - setAlertsStatus(props: SetAlertsStatusProps, kibanaSpace: string = 'default') { - return supertest - .post(getRouteUrlForSpace('/api/detection_engine/signals/status', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object); - }, - /** - * And tags to detection alerts, and remove them from alerts. -> info -> You cannot add and remove the same alert tag in the same request. - - */ - setAlertTags(props: SetAlertTagsProps, kibanaSpace: string = 'default') { - return supertest - .post(getRouteUrlForSpace('/api/detection_engine/signals/tags', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object); - }, - startEntityEngine(props: StartEntityEngineProps, kibanaSpace: string = 'default') { - return supertest - .post( - getRouteUrlForSpace( - replaceParams('/api/entity_store/engines/{entityType}/start', props.params), - kibanaSpace - ) - ) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); - }, - /** - * Starts a SIEM rules migration using the migration id provided - */ - startRuleMigration(props: StartRuleMigrationProps, kibanaSpace: string = 'default') { - return supertest - .post( - getRouteUrlForSpace( - replaceParams('/internal/siem_migrations/rules/{migration_id}/start', props.params), - kibanaSpace - ) - ) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '1') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object); - }, - stopEntityEngine(props: StopEntityEngineProps, kibanaSpace: string = 'default') { - return supertest - .post( - getRouteUrlForSpace( - replaceParams('/api/entity_store/engines/{entityType}/stop', props.params), - kibanaSpace - ) - ) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); - }, - /** - * Stops a running SIEM rules migration using the migration id provided - */ - stopRuleMigration(props: StopRuleMigrationProps, kibanaSpace: string = 'default') { - return supertest - .post( - getRouteUrlForSpace( - replaceParams('/internal/siem_migrations/rules/{migration_id}/stop', props.params), - kibanaSpace - ) - ) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '1') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); - }, - /** - * Suggests user profiles. - */ - suggestUserProfiles(props: SuggestUserProfilesProps, kibanaSpace: string = 'default') { - return supertest - .post(getRouteUrlForSpace('/internal/detection_engine/users/_find', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '1') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .query(props.query); - }, - /** - * Calculates and persists Risk Scores for an entity, returning the calculated risk score. - */ - triggerRiskScoreCalculation( - props: TriggerRiskScoreCalculationProps, - kibanaSpace: string = 'default' - ) { - return supertest - .post(getRouteUrlForSpace('/internal/risk_score/calculation/entity', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '1') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object); - }, - updateEntitySource(props: UpdateEntitySourceProps, kibanaSpace: string = 'default') { - return supertest - .put( - getRouteUrlForSpace( - replaceParams('/api/entity_analytics/monitoring/entity_source/{id}', props.params), - kibanaSpace - ) - ) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object); - }, - updatePrivMonUser(props: UpdatePrivMonUserProps, kibanaSpace: string = 'default') { - return supertest - .put( - getRouteUrlForSpace( - replaceParams('/api/entity_analytics/monitoring/users/{id}', props.params), - kibanaSpace - ) - ) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object); - }, - /** - * Update a detection rule using the `rule_id` or `id` field. The original rule is replaced, and all unspecified fields are deleted. - -The difference between the `id` and `rule_id` is that the `id` is a unique rule identifier that is randomly generated when a rule is created and cannot be set, whereas `rule_id` is a stable rule identifier that can be assigned during rule creation. -> warn -> When used with [API key](https://www.elastic.co/docs/deploy-manage/api-keys) authentication, the user's key gets assigned to the affected rules. If the user's key gets deleted or the user becomes inactive, the rules will stop running. - -> If the API key that is used for authorization has different privileges than the key that created or most recently updated the rule, the rule behavior might change. - - */ - updateRule(props: UpdateRuleProps, kibanaSpace: string = 'default') { - return supertest - .put(getRouteUrlForSpace('/api/detection_engine/rules', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object); - }, - /** - * Updates rules migrations data - */ - updateRuleMigration(props: UpdateRuleMigrationProps, kibanaSpace: string = 'default') { - return supertest - .patch( - getRouteUrlForSpace( - replaceParams('/internal/siem_migrations/rules/{migration_id}', props.params), - kibanaSpace - ) - ) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '1') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object); - }, - /** - * Updates rules migrations attributes - */ - updateRuleMigrationRules( - props: UpdateRuleMigrationRulesProps, - kibanaSpace: string = 'default' - ) { - return supertest - .patch( - getRouteUrlForSpace( - replaceParams('/internal/siem_migrations/rules/{migration_id}/rules', props.params), - kibanaSpace - ) - ) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '1') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object); - }, - updateWorkflowInsight(props: UpdateWorkflowInsightProps, kibanaSpace: string = 'default') { - return supertest - .put( - getRouteUrlForSpace( - replaceParams('/internal/api/endpoint/workflow_insights/{insightId}', props.params), - kibanaSpace - ) - ) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '1') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object); - }, - uploadAssetCriticalityRecords(kibanaSpace: string = 'default') { - return supertest - .post(getRouteUrlForSpace('/api/asset_criticality/upload_csv', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '1') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); - }, - /** - * Creates or updates resources for an existing SIEM rules migration - */ - upsertRuleMigrationResources( - props: UpsertRuleMigrationResourcesProps, - kibanaSpace: string = 'default' - ) { - return supertest - .post( - getRouteUrlForSpace( - replaceParams('/internal/siem_migrations/rules/{migration_id}/resources', props.params), - kibanaSpace - ) - ) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '1') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object); - }, - }; -} - -export interface AlertsMigrationCleanupProps { - body: AlertsMigrationCleanupRequestBodyInput; -} -export interface BulkUpsertAssetCriticalityRecordsProps { - body: BulkUpsertAssetCriticalityRecordsRequestBodyInput; -} -export interface CleanDraftTimelinesProps { - body: CleanDraftTimelinesRequestBodyInput; -} -export interface ConfigureRiskEngineSavedObjectProps { - body: ConfigureRiskEngineSavedObjectRequestBodyInput; -} -export interface CopyTimelineProps { - body: CopyTimelineRequestBodyInput; -} -export interface CreateAlertsMigrationProps { - body: CreateAlertsMigrationRequestBodyInput; -} -export interface CreateAssetCriticalityRecordProps { - body: CreateAssetCriticalityRecordRequestBodyInput; -} -export interface CreateEntitySourceProps { - body: CreateEntitySourceRequestBodyInput; -} -export interface CreatePrivilegesImportIndexProps { - body: CreatePrivilegesImportIndexRequestBodyInput; -} -export interface CreatePrivMonUserProps { - body: CreatePrivMonUserRequestBodyInput; -} -export interface CreateRuleProps { - body: CreateRuleRequestBodyInput; -} -export interface CreateRuleMigrationProps { - body: CreateRuleMigrationRequestBodyInput; -} -export interface CreateRuleMigrationRulesProps { - params: CreateRuleMigrationRulesRequestParamsInput; - body: CreateRuleMigrationRulesRequestBodyInput; -} -export interface CreateTimelinesProps { - body: CreateTimelinesRequestBodyInput; -} -export interface CreateUpdateProtectionUpdatesNoteProps { - params: CreateUpdateProtectionUpdatesNoteRequestParamsInput; - body: CreateUpdateProtectionUpdatesNoteRequestBodyInput; -} -export interface DeleteAssetCriticalityRecordProps { - query: DeleteAssetCriticalityRecordRequestQueryInput; -} -export interface DeleteEntityEngineProps { - query: DeleteEntityEngineRequestQueryInput; - params: DeleteEntityEngineRequestParamsInput; -} -export interface DeleteEntitySourceProps { - params: DeleteEntitySourceRequestParamsInput; -} -export interface DeleteMonitoringEngineProps { - query: DeleteMonitoringEngineRequestQueryInput; -} -export interface DeleteNoteProps { - body: DeleteNoteRequestBodyInput; -} -export interface DeletePrivMonUserProps { - params: DeletePrivMonUserRequestParamsInput; -} -export interface DeleteRuleProps { - query: DeleteRuleRequestQueryInput; -} -export interface DeleteRuleMigrationProps { - params: DeleteRuleMigrationRequestParamsInput; -} -export interface DeleteTimelinesProps { - body: DeleteTimelinesRequestBodyInput; -} -export interface DeprecatedTriggerRiskScoreCalculationProps { - body: DeprecatedTriggerRiskScoreCalculationRequestBodyInput; -} -export interface EndpointExecuteActionProps { - body: EndpointExecuteActionRequestBodyInput; -} -export interface EndpointFileDownloadProps { - params: EndpointFileDownloadRequestParamsInput; -} -export interface EndpointFileInfoProps { - params: EndpointFileInfoRequestParamsInput; -} -export interface EndpointGetActionsDetailsProps { - params: EndpointGetActionsDetailsRequestParamsInput; -} -export interface EndpointGetActionsListProps { - query: EndpointGetActionsListRequestQueryInput; -} -export interface EndpointGetActionsStatusProps { - query: EndpointGetActionsStatusRequestQueryInput; -} -export interface EndpointGetFileActionProps { - body: EndpointGetFileActionRequestBodyInput; -} -export interface EndpointGetProcessesActionProps { - body: EndpointGetProcessesActionRequestBodyInput; -} -export interface EndpointIsolateActionProps { - body: EndpointIsolateActionRequestBodyInput; -} -export interface EndpointKillProcessActionProps { - body: EndpointKillProcessActionRequestBodyInput; -} -export interface EndpointScanActionProps { - body: EndpointScanActionRequestBodyInput; -} -export interface EndpointSuspendProcessActionProps { - body: EndpointSuspendProcessActionRequestBodyInput; -} -export interface EndpointUnisolateActionProps { - body: EndpointUnisolateActionRequestBodyInput; -} -export interface ExportRulesProps { - query: ExportRulesRequestQueryInput; - body: ExportRulesRequestBodyInput; -} -export interface ExportTimelinesProps { - query: ExportTimelinesRequestQueryInput; - body: ExportTimelinesRequestBodyInput; -} -export interface FinalizeAlertsMigrationProps { - body: FinalizeAlertsMigrationRequestBodyInput; -} -export interface FindAssetCriticalityRecordsProps { - query: FindAssetCriticalityRecordsRequestQueryInput; -} -export interface FindRulesProps { - query: FindRulesRequestQueryInput; -} -export interface GetAssetCriticalityRecordProps { - query: GetAssetCriticalityRecordRequestQueryInput; -} -export interface GetDraftTimelinesProps { - query: GetDraftTimelinesRequestQueryInput; -} -export interface GetEndpointMetadataListProps { - query: GetEndpointMetadataListRequestQueryInput; -} -export interface GetEndpointSuggestionsProps { - params: GetEndpointSuggestionsRequestParamsInput; - body: GetEndpointSuggestionsRequestBodyInput; -} -export interface GetEntityEngineProps { - params: GetEntityEngineRequestParamsInput; -} -export interface GetEntitySourceProps { - params: GetEntitySourceRequestParamsInput; -} -export interface GetEntityStoreStatusProps { - query: GetEntityStoreStatusRequestQueryInput; -} -export interface GetNotesProps { - query: GetNotesRequestQueryInput; -} -export interface GetPolicyResponseProps { - query: GetPolicyResponseRequestQueryInput; -} -export interface GetProtectionUpdatesNoteProps { - params: GetProtectionUpdatesNoteRequestParamsInput; -} -export interface GetRuleExecutionEventsProps { - query: GetRuleExecutionEventsRequestQueryInput; - params: GetRuleExecutionEventsRequestParamsInput; -} -export interface GetRuleExecutionResultsProps { - query: GetRuleExecutionResultsRequestQueryInput; - params: GetRuleExecutionResultsRequestParamsInput; -} -export interface GetRuleMigrationProps { - params: GetRuleMigrationRequestParamsInput; -} -export interface GetRuleMigrationPrebuiltRulesProps { - params: GetRuleMigrationPrebuiltRulesRequestParamsInput; -} -export interface GetRuleMigrationResourcesProps { - query: GetRuleMigrationResourcesRequestQueryInput; - params: GetRuleMigrationResourcesRequestParamsInput; -} -export interface GetRuleMigrationResourcesMissingProps { - params: GetRuleMigrationResourcesMissingRequestParamsInput; -} -export interface GetRuleMigrationRulesProps { - query: GetRuleMigrationRulesRequestQueryInput; - params: GetRuleMigrationRulesRequestParamsInput; -} -export interface GetRuleMigrationStatsProps { - params: GetRuleMigrationStatsRequestParamsInput; -} -export interface GetRuleMigrationTranslationStatsProps { - params: GetRuleMigrationTranslationStatsRequestParamsInput; -} -export interface GetTimelineProps { - query: GetTimelineRequestQueryInput; -} -export interface GetTimelinesProps { - query: GetTimelinesRequestQueryInput; -} -export interface GetWorkflowInsightsProps { - query: GetWorkflowInsightsRequestQueryInput; -} -export interface ImportRulesProps { - query: ImportRulesRequestQueryInput; -} -export interface ImportTimelinesProps { - body: ImportTimelinesRequestBodyInput; -} -export interface InitEntityEngineProps { - params: InitEntityEngineRequestParamsInput; - body: InitEntityEngineRequestBodyInput; -} -export interface InitEntityStoreProps { - body: InitEntityStoreRequestBodyInput; -} -export interface InstallMigrationRulesProps { - params: InstallMigrationRulesRequestParamsInput; - body: InstallMigrationRulesRequestBodyInput; -} -export interface InstallPrepackedTimelinesProps { - body: InstallPrepackedTimelinesRequestBodyInput; -} -export interface ListEntitiesProps { - query: ListEntitiesRequestQueryInput; -} -export interface ListEntitySourcesProps { - query: ListEntitySourcesRequestQueryInput; -} -export interface ListPrivMonUsersProps { - query: ListPrivMonUsersRequestQueryInput; -} -export interface PatchRuleProps { - body: PatchRuleRequestBodyInput; -} -export interface PatchTimelineProps { - body: PatchTimelineRequestBodyInput; -} -export interface PerformRulesBulkActionProps { - query: PerformRulesBulkActionRequestQueryInput; - body: PerformRulesBulkActionRequestBodyInput; -} -export interface PersistFavoriteRouteProps { - body: PersistFavoriteRouteRequestBodyInput; -} -export interface PersistNoteRouteProps { - body: PersistNoteRouteRequestBodyInput; -} -export interface PersistPinnedEventRouteProps { - body: PersistPinnedEventRouteRequestBodyInput; -} -export interface PreviewRiskScoreProps { - body: PreviewRiskScoreRequestBodyInput; -} -export interface ReadAlertsMigrationStatusProps { - query: ReadAlertsMigrationStatusRequestQueryInput; -} -export interface ReadRuleProps { - query: ReadRuleRequestQueryInput; -} -export interface ResolveTimelineProps { - query: ResolveTimelineRequestQueryInput; -} -export interface RulePreviewProps { - query: RulePreviewRequestQueryInput; - body: RulePreviewRequestBodyInput; -} -export interface RunScriptActionProps { - body: RunScriptActionRequestBodyInput; -} -export interface SearchAlertsProps { - body: SearchAlertsRequestBodyInput; -} -export interface SearchPrivilegesIndicesProps { - query: SearchPrivilegesIndicesRequestQueryInput; -} -export interface SetAlertAssigneesProps { - body: SetAlertAssigneesRequestBodyInput; -} -export interface SetAlertsStatusProps { - body: SetAlertsStatusRequestBodyInput; -} -export interface SetAlertTagsProps { - body: SetAlertTagsRequestBodyInput; -} -export interface StartEntityEngineProps { - params: StartEntityEngineRequestParamsInput; -} -export interface StartRuleMigrationProps { - params: StartRuleMigrationRequestParamsInput; - body: StartRuleMigrationRequestBodyInput; -} -export interface StopEntityEngineProps { - params: StopEntityEngineRequestParamsInput; -} -export interface StopRuleMigrationProps { - params: StopRuleMigrationRequestParamsInput; -} -export interface SuggestUserProfilesProps { - query: SuggestUserProfilesRequestQueryInput; -} -export interface TriggerRiskScoreCalculationProps { - body: TriggerRiskScoreCalculationRequestBodyInput; -} -export interface UpdateEntitySourceProps { - params: UpdateEntitySourceRequestParamsInput; - body: UpdateEntitySourceRequestBodyInput; -} -export interface UpdatePrivMonUserProps { - params: UpdatePrivMonUserRequestParamsInput; - body: UpdatePrivMonUserRequestBodyInput; -} -export interface UpdateRuleProps { - body: UpdateRuleRequestBodyInput; -} -export interface UpdateRuleMigrationProps { - params: UpdateRuleMigrationRequestParamsInput; - body: UpdateRuleMigrationRequestBodyInput; -} -export interface UpdateRuleMigrationRulesProps { - params: UpdateRuleMigrationRulesRequestParamsInput; - body: UpdateRuleMigrationRulesRequestBodyInput; -} -export interface UpdateWorkflowInsightProps { - params: UpdateWorkflowInsightRequestParamsInput; - body: UpdateWorkflowInsightRequestBodyInput; -} -export interface UpsertRuleMigrationResourcesProps { - params: UpsertRuleMigrationResourcesRequestParamsInput; - body: UpsertRuleMigrationResourcesRequestBodyInput; -} diff --git a/x-pack/solutions/security/test/security_solution_api_integration/config/ess/services.ts b/x-pack/solutions/security/test/security_solution_api_integration/config/ess/services.ts index 6856e85d22cf3..a146030191a9a 100644 --- a/x-pack/solutions/security/test/security_solution_api_integration/config/ess/services.ts +++ b/x-pack/solutions/security/test/security_solution_api_integration/config/ess/services.ts @@ -11,10 +11,11 @@ import { MachineLearningProvider } from '@kbn/test-suites-xpack-platform/api_int import { IngestManagerProvider } from '@kbn/test-suites-xpack-platform/api_integration/services/ingest_manager'; import { UsageAPIProvider } from '@kbn/test-suites-xpack-platform/api_integration/services/usage_api'; import { commonFunctionalServices } from '@kbn/ftr-common-functional-services'; +import { SecuritySolutionApiProvider as DetectionsApiProvider } from '@kbn/security-solution-test-api-clients/supertest/detections.gen'; +import { SecuritySolutionApiProvider as EntityAnalyticsApiProvider } from '@kbn/security-solution-test-api-clients/supertest/entity_analytics.gen'; +import { SecuritySolutionApiProvider as ExceptionsApiProvider } from '@kbn/security-solution-test-api-clients/supertest/exceptions.gen'; import { SpacesServiceProvider } from '../services/spaces_service'; import { SecuritySolutionESSUtils } from '../services/security_solution_ess_utils'; -import { SecuritySolutionApiProvider } from '../services/security_solution_api.gen'; -import { SecuritySolutionApiProvider as SecuritySolutionExceptionsApiProvider } from '../services/security_solution_exceptions_api.gen'; export const services = { ...commonFunctionalServices, @@ -24,8 +25,9 @@ export const services = { usageAPI: UsageAPIProvider, ml: MachineLearningProvider, ingestManager: IngestManagerProvider, - securitySolutionApi: SecuritySolutionApiProvider, - securitySolutionExceptionsApi: SecuritySolutionExceptionsApiProvider, + detectionsApi: DetectionsApiProvider, + entityAnalyticsApi: EntityAnalyticsApiProvider, + exceptionsApi: ExceptionsApiProvider, spaces: SpacesServiceProvider, securitySolutionUtils: SecuritySolutionESSUtils, diff --git a/x-pack/solutions/security/test/security_solution_api_integration/config/ess/services_edr_workflows.ts b/x-pack/solutions/security/test/security_solution_api_integration/config/ess/services_edr_workflows.ts index 7d141c3982c6b..b7fb617b1e452 100644 --- a/x-pack/solutions/security/test/security_solution_api_integration/config/ess/services_edr_workflows.ts +++ b/x-pack/solutions/security/test/security_solution_api_integration/config/ess/services_edr_workflows.ts @@ -10,8 +10,9 @@ import { MachineLearningProvider } from '@kbn/test-suites-xpack-platform/api_int import { IngestManagerProvider } from '@kbn/test-suites-xpack-platform/api_integration/services/ingest_manager'; import { UsageAPIProvider } from '@kbn/test-suites-xpack-platform/api_integration/services/usage_api'; import { commonFunctionalServices } from '@kbn/ftr-common-functional-services'; -import { SecuritySolutionApiProvider } from '../services/security_solution_api.gen'; -import { SecuritySolutionApiProvider as SecuritySolutionExceptionsApiProvider } from '../services/security_solution_exceptions_api.gen'; +import { SecuritySolutionApiProvider as DetectionsApiProvider } from '@kbn/security-solution-test-api-clients/supertest/detections.gen'; +import { SecuritySolutionApiProvider as EntityAnalyticsApiProvider } from '@kbn/security-solution-test-api-clients/supertest/entity_analytics.gen'; +import { SecuritySolutionApiProvider as ExceptionsApiProvider } from '@kbn/security-solution-test-api-clients/supertest/exceptions.gen'; import { EndpointTestResourcesProvider } from '../../../security_solution_endpoint/services/endpoint'; import { EndpointArtifactsTestResourcesProvider } from '../../../security_solution_endpoint/services/endpoint_artifacts'; @@ -33,8 +34,9 @@ export const services = { usageAPI: UsageAPIProvider, ml: MachineLearningProvider, ingestManager: IngestManagerProvider, - securitySolutionApi: SecuritySolutionApiProvider, - securitySolutionExceptionsApi: SecuritySolutionExceptionsApiProvider, + detectionsApi: DetectionsApiProvider, + entityAnalyticsApi: EntityAnalyticsApiProvider, + exceptionsApi: ExceptionsApiProvider, resolverGenerator: ResolverGeneratorProvider, endpointTestResources: EndpointTestResourcesProvider, diff --git a/x-pack/solutions/security/test/security_solution_api_integration/config/serverless/services.ts b/x-pack/solutions/security/test/security_solution_api_integration/config/serverless/services.ts index bf92ce445acfc..ff9754c44c584 100644 --- a/x-pack/solutions/security/test/security_solution_api_integration/config/serverless/services.ts +++ b/x-pack/solutions/security/test/security_solution_api_integration/config/serverless/services.ts @@ -7,12 +7,13 @@ import { services as serverlessServices } from '@kbn/test-suites-xpack-platform/serverless/api_integration/services'; import { KibanaEBTServerProvider } from '@kbn/test-suites-src/analytics/services/kibana_ebt'; +import { SecuritySolutionApiProvider as DetectionsApiProvider } from '@kbn/security-solution-test-api-clients/supertest/detections.gen'; +import { SecuritySolutionApiProvider as EntityAnalyticsApiProvider } from '@kbn/security-solution-test-api-clients/supertest/entity_analytics.gen'; +import { SecuritySolutionApiProvider as ExceptionsApiProvider } from '@kbn/security-solution-test-api-clients/supertest/exceptions.gen'; import { SearchSecureService } from '../services/search_secure'; import { SpacesServiceProvider } from '../services/spaces_service'; import { SecuritySolutionServerlessUtils } from '../services/security_solution_serverless_utils'; import { SecuritySolutionServerlessSuperTest } from '../services/security_solution_serverless_supertest'; -import { SecuritySolutionApiProvider } from '../services/security_solution_api.gen'; -import { SecuritySolutionApiProvider as SecuritySolutionExceptionsApiProvider } from '../services/security_solution_exceptions_api.gen'; export const services = { ...serverlessServices, @@ -21,6 +22,7 @@ export const services = { securitySolutionUtils: SecuritySolutionServerlessUtils, supertest: SecuritySolutionServerlessSuperTest, kibana_ebt_server: KibanaEBTServerProvider, - securitySolutionApi: SecuritySolutionApiProvider, - securitySolutionExceptionsApi: SecuritySolutionExceptionsApiProvider, + detectionsApi: DetectionsApiProvider, + entityAnalyticsApi: EntityAnalyticsApiProvider, + exceptionsApi: ExceptionsApiProvider, }; diff --git a/x-pack/solutions/security/test/security_solution_api_integration/config/services/security_solution_api.gen.ts b/x-pack/solutions/security/test/security_solution_api_integration/config/services/security_solution_api.gen.ts deleted file mode 100644 index aaf8ad956dfc4..0000000000000 --- a/x-pack/solutions/security/test/security_solution_api_integration/config/services/security_solution_api.gen.ts +++ /dev/null @@ -1,2329 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -/* - * NOTICE: Do not edit this file manually. - * This file is automatically generated by the OpenAPI Generator, @kbn/openapi-generator. - * - * info: - * title: API client for tests - * version: Bundle (no version) - */ - -import { - ELASTIC_HTTP_VERSION_HEADER, - X_ELASTIC_INTERNAL_ORIGIN_REQUEST, -} from '@kbn/core-http-common'; -import { replaceParams } from '@kbn/openapi-common/shared'; -import { getRouteUrlForSpace } from '@kbn/spaces-plugin/common'; - -import { AlertsMigrationCleanupRequestBodyInput } from '@kbn/security-solution-plugin/common/api/detection_engine/signals_migration/delete_signals_migration/delete_signals_migration.gen'; -import { BulkUpsertAssetCriticalityRecordsRequestBodyInput } from '@kbn/security-solution-plugin/common/api/entity_analytics/asset_criticality/bulk_upload_asset_criticality.gen'; -import { CleanDraftTimelinesRequestBodyInput } from '@kbn/security-solution-plugin/common/api/timeline/clean_draft_timelines/clean_draft_timelines_route.gen'; -import { ConfigureRiskEngineSavedObjectRequestBodyInput } from '@kbn/security-solution-plugin/common/api/entity_analytics/risk_engine/engine_configure_saved_object_route.gen'; -import { CopyTimelineRequestBodyInput } from '@kbn/security-solution-plugin/common/api/timeline/copy_timeline/copy_timeline_route.gen'; -import { CreateAlertsMigrationRequestBodyInput } from '@kbn/security-solution-plugin/common/api/detection_engine/signals_migration/create_signals_migration/create_signals_migration.gen'; -import { CreateAssetCriticalityRecordRequestBodyInput } from '@kbn/security-solution-plugin/common/api/entity_analytics/asset_criticality/create_asset_criticality.gen'; -import { CreateEntitySourceRequestBodyInput } from '@kbn/security-solution-plugin/common/api/entity_analytics/privilege_monitoring/monitoring_entity_source/monitoring_entity_source.gen'; -import { CreatePrivilegesImportIndexRequestBodyInput } from '@kbn/security-solution-plugin/common/api/entity_analytics/monitoring/create_index.gen'; -import { CreatePrivMonUserRequestBodyInput } from '@kbn/security-solution-plugin/common/api/entity_analytics/privilege_monitoring/users/create.gen'; -import { CreateRuleRequestBodyInput } from '@kbn/security-solution-plugin/common/api/detection_engine/rule_management/crud/create_rule/create_rule_route.gen'; -import { CreateRuleMigrationRequestBodyInput } from '@kbn/security-solution-plugin/common/siem_migrations/model/api/rules/rule_migration.gen'; -import { - CreateRuleMigrationRulesRequestParamsInput, - CreateRuleMigrationRulesRequestBodyInput, -} from '@kbn/security-solution-plugin/common/siem_migrations/model/api/rules/rule_migration.gen'; -import { CreateTimelinesRequestBodyInput } from '@kbn/security-solution-plugin/common/api/timeline/create_timelines/create_timelines_route.gen'; -import { - CreateUpdateProtectionUpdatesNoteRequestParamsInput, - CreateUpdateProtectionUpdatesNoteRequestBodyInput, -} from '@kbn/security-solution-plugin/common/api/endpoint/protection_updates_note/protection_updates_note.gen'; -import { DeleteAssetCriticalityRecordRequestQueryInput } from '@kbn/security-solution-plugin/common/api/entity_analytics/asset_criticality/delete_asset_criticality.gen'; -import { - DeleteEntityEngineRequestQueryInput, - DeleteEntityEngineRequestParamsInput, -} from '@kbn/security-solution-plugin/common/api/entity_analytics/entity_store/engine/delete.gen'; -import { DeleteEntitySourceRequestParamsInput } from '@kbn/security-solution-plugin/common/api/entity_analytics/privilege_monitoring/monitoring_entity_source/monitoring_entity_source.gen'; -import { DeleteMonitoringEngineRequestQueryInput } from '@kbn/security-solution-plugin/common/api/entity_analytics/privilege_monitoring/engine/delete.gen'; -import { DeleteNoteRequestBodyInput } from '@kbn/security-solution-plugin/common/api/timeline/delete_note/delete_note_route.gen'; -import { DeletePrivMonUserRequestParamsInput } from '@kbn/security-solution-plugin/common/api/entity_analytics/privilege_monitoring/users/delete.gen'; -import { DeleteRuleRequestQueryInput } from '@kbn/security-solution-plugin/common/api/detection_engine/rule_management/crud/delete_rule/delete_rule_route.gen'; -import { DeleteRuleMigrationRequestParamsInput } from '@kbn/security-solution-plugin/common/siem_migrations/model/api/rules/rule_migration.gen'; -import { DeleteTimelinesRequestBodyInput } from '@kbn/security-solution-plugin/common/api/timeline/delete_timelines/delete_timelines_route.gen'; -import { DeprecatedTriggerRiskScoreCalculationRequestBodyInput } from '@kbn/security-solution-plugin/common/api/entity_analytics/risk_engine/entity_calculation_route.gen'; -import { EndpointExecuteActionRequestBodyInput } from '@kbn/security-solution-plugin/common/api/endpoint/actions/response_actions/execute/execute.gen'; -import { EndpointFileDownloadRequestParamsInput } from '@kbn/security-solution-plugin/common/api/endpoint/actions/file_download/file_download.gen'; -import { EndpointFileInfoRequestParamsInput } from '@kbn/security-solution-plugin/common/api/endpoint/actions/file_info/file_info.gen'; -import { EndpointGetActionsDetailsRequestParamsInput } from '@kbn/security-solution-plugin/common/api/endpoint/actions/details/details.gen'; -import { EndpointGetActionsListRequestQueryInput } from '@kbn/security-solution-plugin/common/api/endpoint/actions/list/list.gen'; -import { EndpointGetActionsStatusRequestQueryInput } from '@kbn/security-solution-plugin/common/api/endpoint/actions/status/status.gen'; -import { EndpointGetFileActionRequestBodyInput } from '@kbn/security-solution-plugin/common/api/endpoint/actions/response_actions/get_file/get_file.gen'; -import { EndpointGetProcessesActionRequestBodyInput } from '@kbn/security-solution-plugin/common/api/endpoint/actions/response_actions/running_procs/running_procs.gen'; -import { EndpointIsolateActionRequestBodyInput } from '@kbn/security-solution-plugin/common/api/endpoint/actions/response_actions/isolate/isolate.gen'; -import { EndpointKillProcessActionRequestBodyInput } from '@kbn/security-solution-plugin/common/api/endpoint/actions/response_actions/kill_process/kill_process.gen'; -import { EndpointScanActionRequestBodyInput } from '@kbn/security-solution-plugin/common/api/endpoint/actions/response_actions/scan/scan.gen'; -import { EndpointSuspendProcessActionRequestBodyInput } from '@kbn/security-solution-plugin/common/api/endpoint/actions/response_actions/suspend_process/suspend_process.gen'; -import { EndpointUnisolateActionRequestBodyInput } from '@kbn/security-solution-plugin/common/api/endpoint/actions/response_actions/unisolate/unisolate.gen'; -import { - ExportRulesRequestQueryInput, - ExportRulesRequestBodyInput, -} from '@kbn/security-solution-plugin/common/api/detection_engine/rule_management/export_rules/export_rules_route.gen'; -import { - ExportTimelinesRequestQueryInput, - ExportTimelinesRequestBodyInput, -} from '@kbn/security-solution-plugin/common/api/timeline/export_timelines/export_timelines_route.gen'; -import { FinalizeAlertsMigrationRequestBodyInput } from '@kbn/security-solution-plugin/common/api/detection_engine/signals_migration/finalize_signals_migration/finalize_signals_migration.gen'; -import { FindAssetCriticalityRecordsRequestQueryInput } from '@kbn/security-solution-plugin/common/api/entity_analytics/asset_criticality/list_asset_criticality.gen'; -import { FindRulesRequestQueryInput } from '@kbn/security-solution-plugin/common/api/detection_engine/rule_management/find_rules/find_rules_route.gen'; -import { GetAssetCriticalityRecordRequestQueryInput } from '@kbn/security-solution-plugin/common/api/entity_analytics/asset_criticality/get_asset_criticality.gen'; -import { GetDraftTimelinesRequestQueryInput } from '@kbn/security-solution-plugin/common/api/timeline/get_draft_timelines/get_draft_timelines_route.gen'; -import { GetEndpointMetadataListRequestQueryInput } from '@kbn/security-solution-plugin/common/api/endpoint/metadata/get_metadata.gen'; -import { - GetEndpointSuggestionsRequestParamsInput, - GetEndpointSuggestionsRequestBodyInput, -} from '@kbn/security-solution-plugin/common/api/endpoint/suggestions/get_suggestions.gen'; -import { GetEntityEngineRequestParamsInput } from '@kbn/security-solution-plugin/common/api/entity_analytics/entity_store/engine/get.gen'; -import { GetEntitySourceRequestParamsInput } from '@kbn/security-solution-plugin/common/api/entity_analytics/privilege_monitoring/monitoring_entity_source/monitoring_entity_source.gen'; -import { GetEntityStoreStatusRequestQueryInput } from '@kbn/security-solution-plugin/common/api/entity_analytics/entity_store/status.gen'; -import { GetNotesRequestQueryInput } from '@kbn/security-solution-plugin/common/api/timeline/get_notes/get_notes_route.gen'; -import { GetPolicyResponseRequestQueryInput } from '@kbn/security-solution-plugin/common/api/endpoint/policy/policy_response.gen'; -import { GetProtectionUpdatesNoteRequestParamsInput } from '@kbn/security-solution-plugin/common/api/endpoint/protection_updates_note/protection_updates_note.gen'; -import { - GetRuleExecutionEventsRequestQueryInput, - GetRuleExecutionEventsRequestParamsInput, -} from '@kbn/security-solution-plugin/common/api/detection_engine/rule_monitoring/rule_execution_logs/get_rule_execution_events/get_rule_execution_events_route.gen'; -import { - GetRuleExecutionResultsRequestQueryInput, - GetRuleExecutionResultsRequestParamsInput, -} from '@kbn/security-solution-plugin/common/api/detection_engine/rule_monitoring/rule_execution_logs/get_rule_execution_results/get_rule_execution_results_route.gen'; -import { GetRuleMigrationRequestParamsInput } from '@kbn/security-solution-plugin/common/siem_migrations/model/api/rules/rule_migration.gen'; -import { GetRuleMigrationPrebuiltRulesRequestParamsInput } from '@kbn/security-solution-plugin/common/siem_migrations/model/api/rules/rule_migration.gen'; -import { - GetRuleMigrationResourcesRequestQueryInput, - GetRuleMigrationResourcesRequestParamsInput, -} from '@kbn/security-solution-plugin/common/siem_migrations/model/api/rules/rule_migration.gen'; -import { GetRuleMigrationResourcesMissingRequestParamsInput } from '@kbn/security-solution-plugin/common/siem_migrations/model/api/rules/rule_migration.gen'; -import { - GetRuleMigrationRulesRequestQueryInput, - GetRuleMigrationRulesRequestParamsInput, -} from '@kbn/security-solution-plugin/common/siem_migrations/model/api/rules/rule_migration.gen'; -import { GetRuleMigrationStatsRequestParamsInput } from '@kbn/security-solution-plugin/common/siem_migrations/model/api/rules/rule_migration.gen'; -import { GetRuleMigrationTranslationStatsRequestParamsInput } from '@kbn/security-solution-plugin/common/siem_migrations/model/api/rules/rule_migration.gen'; -import { GetTimelineRequestQueryInput } from '@kbn/security-solution-plugin/common/api/timeline/get_timeline/get_timeline_route.gen'; -import { GetTimelinesRequestQueryInput } from '@kbn/security-solution-plugin/common/api/timeline/get_timelines/get_timelines_route.gen'; -import { GetWorkflowInsightsRequestQueryInput } from '@kbn/security-solution-plugin/common/api/endpoint/workflow_insights/workflow_insights.gen'; -import { ImportRulesRequestQueryInput } from '@kbn/security-solution-plugin/common/api/detection_engine/rule_management/import_rules/import_rules_route.gen'; -import { ImportTimelinesRequestBodyInput } from '@kbn/security-solution-plugin/common/api/timeline/import_timelines/import_timelines_route.gen'; -import { - InitEntityEngineRequestParamsInput, - InitEntityEngineRequestBodyInput, -} from '@kbn/security-solution-plugin/common/api/entity_analytics/entity_store/engine/init.gen'; -import { InitEntityStoreRequestBodyInput } from '@kbn/security-solution-plugin/common/api/entity_analytics/entity_store/enable.gen'; -import { - InstallMigrationRulesRequestParamsInput, - InstallMigrationRulesRequestBodyInput, -} from '@kbn/security-solution-plugin/common/siem_migrations/model/api/rules/rule_migration.gen'; -import { InstallPrepackedTimelinesRequestBodyInput } from '@kbn/security-solution-plugin/common/api/timeline/install_prepackaged_timelines/install_prepackaged_timelines_route.gen'; -import { ListEntitiesRequestQueryInput } from '@kbn/security-solution-plugin/common/api/entity_analytics/entity_store/entities/list_entities.gen'; -import { ListEntitySourcesRequestQueryInput } from '@kbn/security-solution-plugin/common/api/entity_analytics/privilege_monitoring/monitoring_entity_source/monitoring_entity_source.gen'; -import { ListPrivMonUsersRequestQueryInput } from '@kbn/security-solution-plugin/common/api/entity_analytics/privilege_monitoring/users/list.gen'; -import { PatchRuleRequestBodyInput } from '@kbn/security-solution-plugin/common/api/detection_engine/rule_management/crud/patch_rule/patch_rule_route.gen'; -import { PatchTimelineRequestBodyInput } from '@kbn/security-solution-plugin/common/api/timeline/patch_timelines/patch_timeline_route.gen'; -import { - PerformRulesBulkActionRequestQueryInput, - PerformRulesBulkActionRequestBodyInput, -} from '@kbn/security-solution-plugin/common/api/detection_engine/rule_management/bulk_actions/bulk_actions_route.gen'; -import { PersistFavoriteRouteRequestBodyInput } from '@kbn/security-solution-plugin/common/api/timeline/persist_favorite/persist_favorite_route.gen'; -import { PersistNoteRouteRequestBodyInput } from '@kbn/security-solution-plugin/common/api/timeline/persist_note/persist_note_route.gen'; -import { PersistPinnedEventRouteRequestBodyInput } from '@kbn/security-solution-plugin/common/api/timeline/pinned_events/pinned_events_route.gen'; -import { PreviewRiskScoreRequestBodyInput } from '@kbn/security-solution-plugin/common/api/entity_analytics/risk_engine/preview_route.gen'; -import { ReadAlertsMigrationStatusRequestQueryInput } from '@kbn/security-solution-plugin/common/api/detection_engine/signals_migration/read_signals_migration_status/read_signals_migration_status.gen'; -import { ReadRuleRequestQueryInput } from '@kbn/security-solution-plugin/common/api/detection_engine/rule_management/crud/read_rule/read_rule_route.gen'; -import { ResolveTimelineRequestQueryInput } from '@kbn/security-solution-plugin/common/api/timeline/resolve_timeline/resolve_timeline_route.gen'; -import { - RulePreviewRequestQueryInput, - RulePreviewRequestBodyInput, -} from '@kbn/security-solution-plugin/common/api/detection_engine/rule_preview/rule_preview.gen'; -import { RunScriptActionRequestBodyInput } from '@kbn/security-solution-plugin/common/api/endpoint/actions/response_actions/run_script/run_script.gen'; -import { SearchAlertsRequestBodyInput } from '@kbn/security-solution-plugin/common/api/detection_engine/signals/query_signals/query_signals_route.gen'; -import { SearchPrivilegesIndicesRequestQueryInput } from '@kbn/security-solution-plugin/common/api/entity_analytics/monitoring/search_indices.gen'; -import { SetAlertAssigneesRequestBodyInput } from '@kbn/security-solution-plugin/common/api/detection_engine/alert_assignees/set_alert_assignees_route.gen'; -import { SetAlertsStatusRequestBodyInput } from '@kbn/security-solution-plugin/common/api/detection_engine/signals/set_signal_status/set_signals_status_route.gen'; -import { SetAlertTagsRequestBodyInput } from '@kbn/security-solution-plugin/common/api/detection_engine/alert_tags/set_alert_tags/set_alert_tags.gen'; -import { StartEntityEngineRequestParamsInput } from '@kbn/security-solution-plugin/common/api/entity_analytics/entity_store/engine/start.gen'; -import { - StartRuleMigrationRequestParamsInput, - StartRuleMigrationRequestBodyInput, -} from '@kbn/security-solution-plugin/common/siem_migrations/model/api/rules/rule_migration.gen'; -import { StopEntityEngineRequestParamsInput } from '@kbn/security-solution-plugin/common/api/entity_analytics/entity_store/engine/stop.gen'; -import { StopRuleMigrationRequestParamsInput } from '@kbn/security-solution-plugin/common/siem_migrations/model/api/rules/rule_migration.gen'; -import { SuggestUserProfilesRequestQueryInput } from '@kbn/security-solution-plugin/common/api/detection_engine/users/suggest_user_profiles_route.gen'; -import { TriggerRiskScoreCalculationRequestBodyInput } from '@kbn/security-solution-plugin/common/api/entity_analytics/risk_engine/entity_calculation_route.gen'; -import { - UpdateEntitySourceRequestParamsInput, - UpdateEntitySourceRequestBodyInput, -} from '@kbn/security-solution-plugin/common/api/entity_analytics/privilege_monitoring/monitoring_entity_source/monitoring_entity_source.gen'; -import { - UpdatePrivMonUserRequestParamsInput, - UpdatePrivMonUserRequestBodyInput, -} from '@kbn/security-solution-plugin/common/api/entity_analytics/privilege_monitoring/users/update.gen'; -import { UpdateRuleRequestBodyInput } from '@kbn/security-solution-plugin/common/api/detection_engine/rule_management/crud/update_rule/update_rule_route.gen'; -import { - UpdateRuleMigrationRequestParamsInput, - UpdateRuleMigrationRequestBodyInput, -} from '@kbn/security-solution-plugin/common/siem_migrations/model/api/rules/rule_migration.gen'; -import { - UpdateRuleMigrationRulesRequestParamsInput, - UpdateRuleMigrationRulesRequestBodyInput, -} from '@kbn/security-solution-plugin/common/siem_migrations/model/api/rules/rule_migration.gen'; -import { - UpdateWorkflowInsightRequestParamsInput, - UpdateWorkflowInsightRequestBodyInput, -} from '@kbn/security-solution-plugin/common/api/endpoint/workflow_insights/workflow_insights.gen'; -import { - UpsertRuleMigrationResourcesRequestParamsInput, - UpsertRuleMigrationResourcesRequestBodyInput, -} from '@kbn/security-solution-plugin/common/siem_migrations/model/api/rules/rule_migration.gen'; -import { FtrProviderContext } from '../../ftr_provider_context'; - -export function SecuritySolutionApiProvider({ getService }: FtrProviderContext) { - const supertest = getService('supertest'); - - return { - /** - * Migrations favor data integrity over shard size. Consequently, unused or orphaned indices are artifacts of -the migration process. A successful migration will result in both the old and new indices being present. -As such, the old, orphaned index can (and likely should) be deleted. - -While you can delete these indices manually, -the endpoint accomplishes this task by applying a deletion policy to the relevant index, causing it to be deleted -after 30 days. It also deletes other artifacts specific to the migration implementation. - - */ - alertsMigrationCleanup(props: AlertsMigrationCleanupProps, kibanaSpace: string = 'default') { - return supertest - .delete(getRouteUrlForSpace('/api/detection_engine/signals/migration', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object); - }, - applyEntityEngineDataviewIndices(kibanaSpace: string = 'default') { - return supertest - .post(getRouteUrlForSpace('/api/entity_store/engines/apply_dataview_indices', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); - }, - assetCriticalityGetPrivileges(kibanaSpace: string = 'default') { - return supertest - .get(getRouteUrlForSpace('/internal/asset_criticality/privileges', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '1') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); - }, - /** - * Ensures that the packages needed for prebuilt detection rules to work are installed and up to date - */ - bootstrapPrebuiltRules(kibanaSpace: string = 'default') { - return supertest - .post( - getRouteUrlForSpace('/internal/detection_engine/prebuilt_rules/_bootstrap', kibanaSpace) - ) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '1') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); - }, - /** - * Bulk upsert up to 1000 asset criticality records. - -If asset criticality records already exist for the specified entities, those records are overwritten with the specified values. If asset criticality records don't exist for the specified entities, new records are created. - - */ - bulkUpsertAssetCriticalityRecords( - props: BulkUpsertAssetCriticalityRecordsProps, - kibanaSpace: string = 'default' - ) { - return supertest - .post(getRouteUrlForSpace('/api/asset_criticality/bulk', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object); - }, - /** - * Create a clean draft Timeline or Timeline template for the current user. -> info -> If the user already has a draft Timeline, the existing draft Timeline is cleared and returned. - - */ - cleanDraftTimelines(props: CleanDraftTimelinesProps, kibanaSpace: string = 'default') { - return supertest - .post(getRouteUrlForSpace('/api/timeline/_draft', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object); - }, - /** - * Cleaning up the the Risk Engine by removing the indices, mapping and transforms - */ - cleanUpRiskEngine(kibanaSpace: string = 'default') { - return supertest - .delete(getRouteUrlForSpace('/api/risk_score/engine/dangerously_delete_data', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); - }, - /** - * Configuring the Risk Engine Saved Object - */ - configureRiskEngineSavedObject( - props: ConfigureRiskEngineSavedObjectProps, - kibanaSpace: string = 'default' - ) { - return supertest - .patch(getRouteUrlForSpace('/api/risk_score/engine/saved_object/configure', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object); - }, - /** - * Copies and returns a timeline or timeline template. - - */ - copyTimeline(props: CopyTimelineProps, kibanaSpace: string = 'default') { - return supertest - .get(getRouteUrlForSpace('/api/timeline/_copy', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object); - }, - createAlertsIndex(kibanaSpace: string = 'default') { - return supertest - .post(getRouteUrlForSpace('/api/detection_engine/index', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); - }, - /** - * Initiate a migration of detection alerts. -Migrations are initiated per index. While the process is neither destructive nor interferes with existing data, it may be resource-intensive. As such, it is recommended that you plan your migrations accordingly. - - */ - createAlertsMigration(props: CreateAlertsMigrationProps, kibanaSpace: string = 'default') { - return supertest - .post(getRouteUrlForSpace('/api/detection_engine/signals/migration', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object); - }, - /** - * Create or update an asset criticality record for a specific entity. - -If a record already exists for the specified entity, that record is overwritten with the specified value. If a record doesn't exist for the specified entity, a new record is created. - - */ - createAssetCriticalityRecord( - props: CreateAssetCriticalityRecordProps, - kibanaSpace: string = 'default' - ) { - return supertest - .post(getRouteUrlForSpace('/api/asset_criticality', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object); - }, - createEntitySource(props: CreateEntitySourceProps, kibanaSpace: string = 'default') { - return supertest - .post(getRouteUrlForSpace('/api/entity_analytics/monitoring/entity_source', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object); - }, - createPrivilegesImportIndex( - props: CreatePrivilegesImportIndexProps, - kibanaSpace: string = 'default' - ) { - return supertest - .put( - getRouteUrlForSpace('/api/entity_analytics/monitoring/privileges/indices', kibanaSpace) - ) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object); - }, - createPrivMonUser(props: CreatePrivMonUserProps, kibanaSpace: string = 'default') { - return supertest - .post(getRouteUrlForSpace('/api/entity_analytics/monitoring/users', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object); - }, - /** - * Create a new detection rule. -> warn -> When used with [API key](https://www.elastic.co/docs/deploy-manage/api-keys) authentication, the user's key gets assigned to the affected rules. If the user's key gets deleted or the user becomes inactive, the rules will stop running. - -> If the API key that is used for authorization has different privileges than the key that created or most recently updated the rule, the rule behavior might change. - -You can create the following types of rules: - -* **Custom query**: Searches the defined indices and creates an alert when a document matches the rule's KQL query. -* **Event correlation**: Searches the defined indices and creates an alert when results match an [Event Query Language (EQL)](https://www.elastic.co/guide/en/elasticsearch/reference/current/eql.html) query. -* **Threshold**: Searches the defined indices and creates an alert when the number of times the specified field's value meets the threshold during a single execution. When there are multiple values that meet the threshold, an alert is generated for each value. - For example, if the threshold `field` is `source.ip` and its `value` is `10`, an alert is generated for every source IP address that appears in at least 10 of the rule's search results. If you're interested, see [Terms Aggregation](https://www.elastic.co/guide/en/elasticsearch/reference/current/search-aggregations-bucket-terms-aggregation.html) for more information. -* **Indicator match**: Creates an alert when fields match values defined in the specified [Elasticsearch index](https://www.elastic.co/guide/en/elasticsearch/reference/current/indices-create-index.html). For example, you can create an index for IP addresses and use this index to create an alert whenever an event's `destination.ip` equals a value in the index. The index's field mappings should be [ECS-compliant](https://www.elastic.co/guide/en/ecs/current/ecs-reference.html). -* **New terms**: Generates an alert for each new term detected in source documents within a specified time range. -* **ES|QL**: Uses [Elasticsearch Query Language (ES|QL)](https://www.elastic.co/guide/en/elasticsearch/reference/current/esql.html) to find events and aggregate search results. -* **Machine learning rules**: Creates an alert when a machine learning job discovers an anomaly above the defined threshold. -> info -> To create machine learning rules, you must have the [appropriate license](https://www.elastic.co/subscriptions) or use a [cloud deployment](https://cloud.elastic.co/registration). Additionally, for the machine learning rule to function correctly, the associated machine learning job must be running. - -To retrieve machine learning job IDs, which are required to create machine learning jobs, call the [Elasticsearch Get jobs API](https://www.elastic.co/guide/en/elasticsearch/reference/current/ml-get-job.html). Machine learning jobs that contain `siem` in the `groups` field can be used to create rules: - -```json -... -"job_id": "linux_anomalous_network_activity_ecs", -"job_type": "anomaly_detector", -"job_version": "7.7.0", -"groups": [ - "auditbeat", - "process", - "siem" -], -... -``` - -Additionally, you can set up notifications for when rules create alerts. The notifications use the [Alerting and Actions framework](https://www.elastic.co/guide/en/kibana/current/alerting-getting-started.html). Each action type requires a connector. Connectors store the information required to send notifications via external systems. The following connector types are supported for rule notifications: - -* Slack -* Email -* PagerDuty -* Webhook -* Microsoft Teams -* IBM Resilient -* Jira -* ServiceNow ITSM -> info -> For more information on PagerDuty fields, see [Send a v2 Event](https://developer.pagerduty.com/docs/events-api-v2/trigger-events/). - -To retrieve connector IDs, which are required to configure rule notifications, call the [Find objects API](https://www.elastic.co/guide/en/kibana/current/saved-objects-api-find.html) with `"type": "action"` in the request payload. - -For detailed information on Kibana actions and alerting, and additional API calls, see: - -* [Alerting API](https://www.elastic.co/docs/api/doc/kibana/group/endpoint-alerting) -* [Alerting and Actions framework](https://www.elastic.co/guide/en/kibana/current/alerting-getting-started.html) -* [Connectors API](https://www.elastic.co/docs/api/doc/kibana/group/endpoint-connectors) - - */ - createRule(props: CreateRuleProps, kibanaSpace: string = 'default') { - return supertest - .post(getRouteUrlForSpace('/api/detection_engine/rules', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object); - }, - /** - * Creates a new rule migration and returns the corresponding migration_id - */ - createRuleMigration(props: CreateRuleMigrationProps, kibanaSpace: string = 'default') { - return supertest - .put(getRouteUrlForSpace('/internal/siem_migrations/rules', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '1') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object); - }, - /** - * Adds original vendor rules to an already existing migration. Can be called multiple times to add more rules - */ - createRuleMigrationRules( - props: CreateRuleMigrationRulesProps, - kibanaSpace: string = 'default' - ) { - return supertest - .post( - getRouteUrlForSpace( - replaceParams('/internal/siem_migrations/rules/{migration_id}/rules', props.params), - kibanaSpace - ) - ) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '1') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object); - }, - /** - * Create a new Timeline or Timeline template. - */ - createTimelines(props: CreateTimelinesProps, kibanaSpace: string = 'default') { - return supertest - .post(getRouteUrlForSpace('/api/timeline', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object); - }, - createUpdateProtectionUpdatesNote( - props: CreateUpdateProtectionUpdatesNoteProps, - kibanaSpace: string = 'default' - ) { - return supertest - .post( - getRouteUrlForSpace( - replaceParams( - '/api/endpoint/protection_updates_note/{package_policy_id}', - props.params - ), - kibanaSpace - ) - ) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object); - }, - deleteAlertsIndex(kibanaSpace: string = 'default') { - return supertest - .delete(getRouteUrlForSpace('/api/detection_engine/index', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); - }, - /** - * Delete the asset criticality record for a specific entity. - */ - deleteAssetCriticalityRecord( - props: DeleteAssetCriticalityRecordProps, - kibanaSpace: string = 'default' - ) { - return supertest - .delete(getRouteUrlForSpace('/api/asset_criticality', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .query(props.query); - }, - deleteEntityEngine(props: DeleteEntityEngineProps, kibanaSpace: string = 'default') { - return supertest - .delete( - getRouteUrlForSpace( - replaceParams('/api/entity_store/engines/{entityType}', props.params), - kibanaSpace - ) - ) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .query(props.query); - }, - deleteEntitySource(props: DeleteEntitySourceProps, kibanaSpace: string = 'default') { - return supertest - .delete( - getRouteUrlForSpace( - replaceParams('/api/entity_analytics/monitoring/entity_source/{id}', props.params), - kibanaSpace - ) - ) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); - }, - deleteMonitoringEngine(props: DeleteMonitoringEngineProps, kibanaSpace: string = 'default') { - return supertest - .delete(getRouteUrlForSpace('/api/entity_analytics/monitoring/engine/delete', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .query(props.query); - }, - /** - * Delete a note from a Timeline using the note ID. - */ - deleteNote(props: DeleteNoteProps, kibanaSpace: string = 'default') { - return supertest - .delete(getRouteUrlForSpace('/api/note', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object); - }, - deletePrivMonUser(props: DeletePrivMonUserProps, kibanaSpace: string = 'default') { - return supertest - .delete( - getRouteUrlForSpace( - replaceParams('/api/entity_analytics/monitoring/users/{id}', props.params), - kibanaSpace - ) - ) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); - }, - /** - * Delete a detection rule using the `rule_id` or `id` field. - -The URL query must include one of the following: - -* `id` - `DELETE /api/detection_engine/rules?id=` -* `rule_id`- `DELETE /api/detection_engine/rules?rule_id=` - -The difference between the `id` and `rule_id` is that the `id` is a unique rule identifier that is randomly generated when a rule is created and cannot be set, whereas `rule_id` is a stable rule identifier that can be assigned during rule creation. - - */ - deleteRule(props: DeleteRuleProps, kibanaSpace: string = 'default') { - return supertest - .delete(getRouteUrlForSpace('/api/detection_engine/rules', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .query(props.query); - }, - /** - * Deletes a rule migration document stored in the system given the rule migration id - */ - deleteRuleMigration(props: DeleteRuleMigrationProps, kibanaSpace: string = 'default') { - return supertest - .delete( - getRouteUrlForSpace( - replaceParams('/internal/siem_migrations/rules/{migration_id}', props.params), - kibanaSpace - ) - ) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '1') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); - }, - /** - * Delete one or more Timelines or Timeline templates. - */ - deleteTimelines(props: DeleteTimelinesProps, kibanaSpace: string = 'default') { - return supertest - .delete(getRouteUrlForSpace('/api/timeline', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object); - }, - /** - * Calculates and persists Risk Scores for an entity, returning the calculated risk score. - */ - deprecatedTriggerRiskScoreCalculation( - props: DeprecatedTriggerRiskScoreCalculationProps, - kibanaSpace: string = 'default' - ) { - return supertest - .post(getRouteUrlForSpace('/api/risk_scores/calculation/entity', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '1') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object); - }, - disableMonitoringEngine(kibanaSpace: string = 'default') { - return supertest - .post(getRouteUrlForSpace('/api/entity_analytics/monitoring/engine/disable', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); - }, - disableRiskEngine(kibanaSpace: string = 'default') { - return supertest - .post(getRouteUrlForSpace('/internal/risk_score/engine/disable', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '1') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); - }, - enableRiskEngine(kibanaSpace: string = 'default') { - return supertest - .post(getRouteUrlForSpace('/internal/risk_score/engine/enable', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '1') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); - }, - /** - * Run a shell command on an endpoint. - */ - endpointExecuteAction(props: EndpointExecuteActionProps, kibanaSpace: string = 'default') { - return supertest - .post(getRouteUrlForSpace('/api/endpoint/action/execute', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object); - }, - /** - * Download a file from an endpoint. - */ - endpointFileDownload(props: EndpointFileDownloadProps, kibanaSpace: string = 'default') { - return supertest - .get( - getRouteUrlForSpace( - replaceParams('/api/endpoint/action/{action_id}/file/{file_id}/download', props.params), - kibanaSpace - ) - ) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); - }, - /** - * Get information for the specified file using the file ID. - */ - endpointFileInfo(props: EndpointFileInfoProps, kibanaSpace: string = 'default') { - return supertest - .get( - getRouteUrlForSpace( - replaceParams('/api/endpoint/action/{action_id}/file/{file_id}', props.params), - kibanaSpace - ) - ) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); - }, - /** - * Get the details of a response action using the action ID. - */ - endpointGetActionsDetails( - props: EndpointGetActionsDetailsProps, - kibanaSpace: string = 'default' - ) { - return supertest - .get( - getRouteUrlForSpace( - replaceParams('/api/endpoint/action/{action_id}', props.params), - kibanaSpace - ) - ) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); - }, - /** - * Get a list of all response actions. - */ - endpointGetActionsList(props: EndpointGetActionsListProps, kibanaSpace: string = 'default') { - return supertest - .get(getRouteUrlForSpace('/api/endpoint/action', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .query(props.query); - }, - /** - * Get a response actions state, which reports whether encryption is enabled. - */ - endpointGetActionsState(kibanaSpace: string = 'default') { - return supertest - .get(getRouteUrlForSpace('/api/endpoint/action/state', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); - }, - /** - * Get the status of response actions for the specified agent IDs. - */ - endpointGetActionsStatus( - props: EndpointGetActionsStatusProps, - kibanaSpace: string = 'default' - ) { - return supertest - .get(getRouteUrlForSpace('/api/endpoint/action_status', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .query(props.query); - }, - /** - * Get a file from an endpoint. - */ - endpointGetFileAction(props: EndpointGetFileActionProps, kibanaSpace: string = 'default') { - return supertest - .post(getRouteUrlForSpace('/api/endpoint/action/get_file', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object); - }, - /** - * Get a list of all processes running on an endpoint. - */ - endpointGetProcessesAction( - props: EndpointGetProcessesActionProps, - kibanaSpace: string = 'default' - ) { - return supertest - .post(getRouteUrlForSpace('/api/endpoint/action/running_procs', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object); - }, - /** - * Isolate an endpoint from the network. The endpoint remains isolated until it's released. - */ - endpointIsolateAction(props: EndpointIsolateActionProps, kibanaSpace: string = 'default') { - return supertest - .post(getRouteUrlForSpace('/api/endpoint/action/isolate', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object); - }, - /** - * Terminate a running process on an endpoint. - */ - endpointKillProcessAction( - props: EndpointKillProcessActionProps, - kibanaSpace: string = 'default' - ) { - return supertest - .post(getRouteUrlForSpace('/api/endpoint/action/kill_process', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object); - }, - /** - * Scan a specific file or directory on an endpoint for malware. - */ - endpointScanAction(props: EndpointScanActionProps, kibanaSpace: string = 'default') { - return supertest - .post(getRouteUrlForSpace('/api/endpoint/action/scan', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object); - }, - /** - * Suspend a running process on an endpoint. - */ - endpointSuspendProcessAction( - props: EndpointSuspendProcessActionProps, - kibanaSpace: string = 'default' - ) { - return supertest - .post(getRouteUrlForSpace('/api/endpoint/action/suspend_process', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object); - }, - /** - * Release an isolated endpoint, allowing it to rejoin a network. - */ - endpointUnisolateAction(props: EndpointUnisolateActionProps, kibanaSpace: string = 'default') { - return supertest - .post(getRouteUrlForSpace('/api/endpoint/action/unisolate', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object); - }, - /** - * Upload a file to an endpoint. - */ - endpointUploadAction(kibanaSpace: string = 'default') { - return supertest - .post(getRouteUrlForSpace('/api/endpoint/action/upload', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); - }, - entityStoreGetPrivileges(kibanaSpace: string = 'default') { - return supertest - .get(getRouteUrlForSpace('/internal/entity_store/privileges', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '1') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); - }, - /** - * Export detection rules to an `.ndjson` file. The following configuration items are also included in the `.ndjson` file: -- Actions -- Exception lists -> info -> Rule actions and connectors are included in the exported file, but sensitive information about the connector (such as authentication credentials) is not included. You must re-add missing connector details after importing detection rules. - -> You can use Kibana’s [Saved Objects](https://www.elastic.co/guide/en/kibana/current/managing-saved-objects.html) UI (Stack Management → Kibana → Saved Objects) or the Saved Objects APIs (experimental) to [export](https://www.elastic.co/docs/api/doc/kibana/operation/operation-exportsavedobjectsdefault) and [import](https://www.elastic.co/docs/api/doc/kibana/operation/operation-importsavedobjectsdefault) any necessary connectors before importing detection rules. - -> Similarly, any value lists used for rule exceptions are not included in rule exports or imports. Use the [Manage value lists](https://www.elastic.co/guide/en/security/current/value-lists-exceptions.html#manage-value-lists) UI (Rules → Detection rules (SIEM) → Manage value lists) to export and import value lists separately. - - */ - exportRules(props: ExportRulesProps, kibanaSpace: string = 'default') { - return supertest - .post(getRouteUrlForSpace('/api/detection_engine/rules/_export', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object) - .query(props.query); - }, - /** - * Export Timelines as an NDJSON file. - */ - exportTimelines(props: ExportTimelinesProps, kibanaSpace: string = 'default') { - return supertest - .post(getRouteUrlForSpace('/api/timeline/_export', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object) - .query(props.query); - }, - /** - * Finalize successful migrations of detection alerts. This replaces the original index's alias with the successfully migrated index's alias. -The endpoint is idempotent; therefore, it can safely be used to poll a given migration and, upon completion, -finalize it. - - */ - finalizeAlertsMigration(props: FinalizeAlertsMigrationProps, kibanaSpace: string = 'default') { - return supertest - .post(getRouteUrlForSpace('/api/detection_engine/signals/finalize_migration', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object); - }, - /** - * List asset criticality records, paging, sorting and filtering as needed. - */ - findAssetCriticalityRecords( - props: FindAssetCriticalityRecordsProps, - kibanaSpace: string = 'default' - ) { - return supertest - .get(getRouteUrlForSpace('/api/asset_criticality/list', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .query(props.query); - }, - /** - * Retrieve a paginated list of detection rules. By default, the first page is returned, with 20 results per page. - */ - findRules(props: FindRulesProps, kibanaSpace: string = 'default') { - return supertest - .get(getRouteUrlForSpace('/api/detection_engine/rules/_find', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .query(props.query); - }, - /** - * Retrieves the rule migrations stats for all migrations stored in the system - */ - getAllStatsRuleMigration(kibanaSpace: string = 'default') { - return supertest - .get(getRouteUrlForSpace('/internal/siem_migrations/rules/stats', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '1') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); - }, - /** - * Get the asset criticality record for a specific entity. - */ - getAssetCriticalityRecord( - props: GetAssetCriticalityRecordProps, - kibanaSpace: string = 'default' - ) { - return supertest - .get(getRouteUrlForSpace('/api/asset_criticality', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .query(props.query); - }, - getAssetCriticalityStatus(kibanaSpace: string = 'default') { - return supertest - .get(getRouteUrlForSpace('/internal/asset_criticality/status', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '1') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); - }, - /** - * Get the details of the draft Timeline or Timeline template for the current user. If the user doesn't have a draft Timeline, an empty Timeline is returned. - */ - getDraftTimelines(props: GetDraftTimelinesProps, kibanaSpace: string = 'default') { - return supertest - .get(getRouteUrlForSpace('/api/timeline/_draft', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .query(props.query); - }, - getEndpointMetadataList(props: GetEndpointMetadataListProps, kibanaSpace: string = 'default') { - return supertest - .get(getRouteUrlForSpace('/api/endpoint/metadata', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .query(props.query); - }, - getEndpointSuggestions(props: GetEndpointSuggestionsProps, kibanaSpace: string = 'default') { - return supertest - .post( - getRouteUrlForSpace( - replaceParams('/internal/api/endpoint/suggestions/{suggestion_type}', props.params), - kibanaSpace - ) - ) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object); - }, - getEntityEngine(props: GetEntityEngineProps, kibanaSpace: string = 'default') { - return supertest - .get( - getRouteUrlForSpace( - replaceParams('/api/entity_store/engines/{entityType}', props.params), - kibanaSpace - ) - ) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); - }, - getEntitySource(props: GetEntitySourceProps, kibanaSpace: string = 'default') { - return supertest - .get( - getRouteUrlForSpace( - replaceParams('/api/entity_analytics/monitoring/entity_source/{id}', props.params), - kibanaSpace - ) - ) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); - }, - getEntityStoreStatus(props: GetEntityStoreStatusProps, kibanaSpace: string = 'default') { - return supertest - .get(getRouteUrlForSpace('/api/entity_store/status', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .query(props.query); - }, - /** - * Get all notes for a given document. - */ - getNotes(props: GetNotesProps, kibanaSpace: string = 'default') { - return supertest - .get(getRouteUrlForSpace('/api/note', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .query(props.query); - }, - getPolicyResponse(props: GetPolicyResponseProps, kibanaSpace: string = 'default') { - return supertest - .get(getRouteUrlForSpace('/api/endpoint/policy_response', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .query(props.query); - }, - getPrivilegedAccessDetectionPackageStatus(kibanaSpace: string = 'default') { - return supertest - .get( - getRouteUrlForSpace( - '/api/entity_analytics/privileged_user_monitoring/pad/status', - kibanaSpace - ) - ) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); - }, - getProtectionUpdatesNote( - props: GetProtectionUpdatesNoteProps, - kibanaSpace: string = 'default' - ) { - return supertest - .get( - getRouteUrlForSpace( - replaceParams( - '/api/endpoint/protection_updates_note/{package_policy_id}', - props.params - ), - kibanaSpace - ) - ) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); - }, - /** - * Returns the status of both the legacy transform-based risk engine, as well as the new risk engine - */ - getRiskEngineStatus(kibanaSpace: string = 'default') { - return supertest - .get(getRouteUrlForSpace('/internal/risk_score/engine/status', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '1') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); - }, - getRuleExecutionEvents(props: GetRuleExecutionEventsProps, kibanaSpace: string = 'default') { - return supertest - .put( - getRouteUrlForSpace( - replaceParams( - '/internal/detection_engine/rules/{ruleId}/execution/events', - props.params - ), - kibanaSpace - ) - ) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '1') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .query(props.query); - }, - getRuleExecutionResults(props: GetRuleExecutionResultsProps, kibanaSpace: string = 'default') { - return supertest - .put( - getRouteUrlForSpace( - replaceParams( - '/internal/detection_engine/rules/{ruleId}/execution/results', - props.params - ), - kibanaSpace - ) - ) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '1') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .query(props.query); - }, - /** - * Retrieves the rule migration document stored in the system given the rule migration id - */ - getRuleMigration(props: GetRuleMigrationProps, kibanaSpace: string = 'default') { - return supertest - .get( - getRouteUrlForSpace( - replaceParams('/internal/siem_migrations/rules/{migration_id}', props.params), - kibanaSpace - ) - ) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '1') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); - }, - /** - * Retrieves all related integrations - */ - getRuleMigrationIntegrations(kibanaSpace: string = 'default') { - return supertest - .get(getRouteUrlForSpace('/internal/siem_migrations/rules/integrations', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '1') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); - }, - /** - * Retrieves the stats of all the integrations for all the rule migrations, including the number of rules associated with the integration - */ - getRuleMigrationIntegrationsStats(kibanaSpace: string = 'default') { - return supertest - .get(getRouteUrlForSpace('/internal/siem_migrations/rules/integrations/stats', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '1') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); - }, - /** - * Retrieves all available prebuilt rules (installed and installable) - */ - getRuleMigrationPrebuiltRules( - props: GetRuleMigrationPrebuiltRulesProps, - kibanaSpace: string = 'default' - ) { - return supertest - .get( - getRouteUrlForSpace( - replaceParams( - '/internal/siem_migrations/rules/{migration_id}/prebuilt_rules', - props.params - ), - kibanaSpace - ) - ) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '1') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); - }, - /** - * Identifies the privileges required for a SIEM rules migration and returns the missing privileges - */ - getRuleMigrationPrivileges(kibanaSpace: string = 'default') { - return supertest - .get(getRouteUrlForSpace('/internal/siem_migrations/rules/missing_privileges', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '1') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); - }, - /** - * Retrieves resources for an existing SIEM rules migration - */ - getRuleMigrationResources( - props: GetRuleMigrationResourcesProps, - kibanaSpace: string = 'default' - ) { - return supertest - .get( - getRouteUrlForSpace( - replaceParams('/internal/siem_migrations/rules/{migration_id}/resources', props.params), - kibanaSpace - ) - ) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '1') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .query(props.query); - }, - /** - * Identifies missing resources from all the rules of an existing SIEM rules migration - */ - getRuleMigrationResourcesMissing( - props: GetRuleMigrationResourcesMissingProps, - kibanaSpace: string = 'default' - ) { - return supertest - .get( - getRouteUrlForSpace( - replaceParams( - '/internal/siem_migrations/rules/{migration_id}/resources/missing', - props.params - ), - kibanaSpace - ) - ) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '1') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); - }, - /** - * Retrieves the the list of rules included in a migration given the migration id - */ - getRuleMigrationRules(props: GetRuleMigrationRulesProps, kibanaSpace: string = 'default') { - return supertest - .get( - getRouteUrlForSpace( - replaceParams('/internal/siem_migrations/rules/{migration_id}/rules', props.params), - kibanaSpace - ) - ) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '1') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .query(props.query); - }, - /** - * Retrieves the stats of a SIEM rules migration using the migration id provided - */ - getRuleMigrationStats(props: GetRuleMigrationStatsProps, kibanaSpace: string = 'default') { - return supertest - .get( - getRouteUrlForSpace( - replaceParams('/internal/siem_migrations/rules/{migration_id}/stats', props.params), - kibanaSpace - ) - ) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '1') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); - }, - /** - * Retrieves the translation stats of a SIEM rules migration using the migration id provided - */ - getRuleMigrationTranslationStats( - props: GetRuleMigrationTranslationStatsProps, - kibanaSpace: string = 'default' - ) { - return supertest - .get( - getRouteUrlForSpace( - replaceParams( - '/internal/siem_migrations/rules/{migration_id}/translation_stats', - props.params - ), - kibanaSpace - ) - ) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '1') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); - }, - /** - * Get the details of an existing saved Timeline or Timeline template. - */ - getTimeline(props: GetTimelineProps, kibanaSpace: string = 'default') { - return supertest - .get(getRouteUrlForSpace('/api/timeline', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .query(props.query); - }, - /** - * Get a list of all saved Timelines or Timeline templates. - */ - getTimelines(props: GetTimelinesProps, kibanaSpace: string = 'default') { - return supertest - .get(getRouteUrlForSpace('/api/timelines', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .query(props.query); - }, - getWorkflowInsights(props: GetWorkflowInsightsProps, kibanaSpace: string = 'default') { - return supertest - .get(getRouteUrlForSpace('/internal/api/endpoint/workflow_insights', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '1') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .query(props.query); - }, - /** - * Import detection rules from an `.ndjson` file, including actions and exception lists. The request must include: -- The `Content-Type: multipart/form-data` HTTP header. -- A link to the `.ndjson` file containing the rules. -> warn -> When used with [API key](https://www.elastic.co/docs/deploy-manage/api-keys) authentication, the user's key gets assigned to the affected rules. If the user's key gets deleted or the user becomes inactive, the rules will stop running. - -> If the API key that is used for authorization has different privileges than the key that created or most recently updated the rule, the rule behavior might change. -> info -> To import rules with actions, you need at least Read privileges for the Action and Connectors feature. To overwrite or add new connectors, you need All privileges for the Actions and Connectors feature. To import rules without actions, you don’t need Actions and Connectors privileges. Refer to [Enable and access detections](https://www.elastic.co/guide/en/security/current/detections-permissions-section.html#enable-detections-ui) for more information. - -> info -> Rule actions and connectors are included in the exported file, but sensitive information about the connector (such as authentication credentials) is not included. You must re-add missing connector details after importing detection rules. - -> You can use Kibana’s [Saved Objects](https://www.elastic.co/guide/en/kibana/current/managing-saved-objects.html) UI (Stack Management → Kibana → Saved Objects) or the Saved Objects APIs (experimental) to [export](https://www.elastic.co/docs/api/doc/kibana/operation/operation-exportsavedobjectsdefault) and [import](https://www.elastic.co/docs/api/doc/kibana/operation/operation-importsavedobjectsdefault) any necessary connectors before importing detection rules. - -> Similarly, any value lists used for rule exceptions are not included in rule exports or imports. Use the [Manage value lists](https://www.elastic.co/guide/en/security/current/value-lists-exceptions.html#manage-value-lists) UI (Rules → Detection rules (SIEM) → Manage value lists) to export and import value lists separately. - - */ - importRules(props: ImportRulesProps, kibanaSpace: string = 'default') { - return supertest - .post(getRouteUrlForSpace('/api/detection_engine/rules/_import', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .query(props.query); - }, - /** - * Import Timelines. - */ - importTimelines(props: ImportTimelinesProps, kibanaSpace: string = 'default') { - return supertest - .post(getRouteUrlForSpace('/api/timeline/_import', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object); - }, - initEntityEngine(props: InitEntityEngineProps, kibanaSpace: string = 'default') { - return supertest - .post( - getRouteUrlForSpace( - replaceParams('/api/entity_store/engines/{entityType}/init', props.params), - kibanaSpace - ) - ) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object); - }, - initEntityStore(props: InitEntityStoreProps, kibanaSpace: string = 'default') { - return supertest - .post(getRouteUrlForSpace('/api/entity_store/enable', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object); - }, - initMonitoringEngine(kibanaSpace: string = 'default') { - return supertest - .post(getRouteUrlForSpace('/api/entity_analytics/monitoring/engine/init', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); - }, - /** - * Initializes the Risk Engine by creating the necessary indices and mappings, removing old transforms, and starting the new risk engine - */ - initRiskEngine(kibanaSpace: string = 'default') { - return supertest - .post(getRouteUrlForSpace('/internal/risk_score/engine/init', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '1') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); - }, - /** - * Installs migration rules - */ - installMigrationRules(props: InstallMigrationRulesProps, kibanaSpace: string = 'default') { - return supertest - .post( - getRouteUrlForSpace( - replaceParams('/internal/siem_migrations/rules/{migration_id}/install', props.params), - kibanaSpace - ) - ) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '1') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object); - }, - /** - * Install and update all Elastic prebuilt detection rules and Timelines. - -This endpoint allows you to install and update prebuilt detection rules and Timelines provided by Elastic. -When you call this endpoint, it will: -- Install any new prebuilt detection rules that are not currently installed in your system. -- Update any existing prebuilt detection rules that have been modified or improved by Elastic. -- Install any new prebuilt Timelines that are not currently installed in your system. -- Update any existing prebuilt Timelines that have been modified or improved by Elastic. - -This ensures that your detection engine is always up-to-date with the latest rules and Timelines, -providing you with the most current and effective threat detection capabilities. - - */ - installPrebuiltRulesAndTimelines(kibanaSpace: string = 'default') { - return supertest - .put(getRouteUrlForSpace('/api/detection_engine/rules/prepackaged', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); - }, - /** - * Install or update prepackaged Timelines. - */ - installPrepackedTimelines( - props: InstallPrepackedTimelinesProps, - kibanaSpace: string = 'default' - ) { - return supertest - .post(getRouteUrlForSpace('/api/timeline/_prepackaged', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object); - }, - installPrivilegedAccessDetectionPackage(kibanaSpace: string = 'default') { - return supertest - .post( - getRouteUrlForSpace( - '/api/entity_analytics/privileged_user_monitoring/pad/install', - kibanaSpace - ) - ) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); - }, - internalUploadAssetCriticalityRecords(kibanaSpace: string = 'default') { - return supertest - .post(getRouteUrlForSpace('/internal/asset_criticality/upload_csv', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '1') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); - }, - /** - * List entities records, paging, sorting and filtering as needed. - */ - listEntities(props: ListEntitiesProps, kibanaSpace: string = 'default') { - return supertest - .get(getRouteUrlForSpace('/api/entity_store/entities/list', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .query(props.query); - }, - listEntityEngines(kibanaSpace: string = 'default') { - return supertest - .get(getRouteUrlForSpace('/api/entity_store/engines', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); - }, - listEntitySources(props: ListEntitySourcesProps, kibanaSpace: string = 'default') { - return supertest - .get( - getRouteUrlForSpace('/api/entity_analytics/monitoring/entity_source/list', kibanaSpace) - ) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .query(props.query); - }, - listPrivMonUsers(props: ListPrivMonUsersProps, kibanaSpace: string = 'default') { - return supertest - .get(getRouteUrlForSpace('/api/entity_analytics/monitoring/users/list', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .query(props.query); - }, - /** - * Update specific fields of an existing detection rule using the `rule_id` or `id` field. - -The difference between the `id` and `rule_id` is that the `id` is a unique rule identifier that is randomly generated when a rule is created and cannot be set, whereas `rule_id` is a stable rule identifier that can be assigned during rule creation. -> warn -> When used with [API key](https://www.elastic.co/docs/deploy-manage/api-keys) authentication, the user's key gets assigned to the affected rules. If the user's key gets deleted or the user becomes inactive, the rules will stop running. - -> If the API key that is used for authorization has different privileges than the key that created or most recently updated the rule, the rule behavior might change. - - */ - patchRule(props: PatchRuleProps, kibanaSpace: string = 'default') { - return supertest - .patch(getRouteUrlForSpace('/api/detection_engine/rules', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object); - }, - /** - * Update an existing Timeline. You can update the title, description, date range, pinned events, pinned queries, and/or pinned saved queries of an existing Timeline. - */ - patchTimeline(props: PatchTimelineProps, kibanaSpace: string = 'default') { - return supertest - .patch(getRouteUrlForSpace('/api/timeline', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object); - }, - /** - * Apply a bulk action, such as bulk edit, duplicate, or delete, to multiple detection rules. The bulk action is applied to all rules that match the query or to the rules listed by their IDs. - -The edit action allows you to add, delete, or set tags, index patterns, investigation fields, rule actions and schedules for multiple rules at once. -The edit action is idempotent, meaning that if you add a tag to a rule that already has that tag, no changes are made. The same is true for other edit actions, for example removing an index pattern that is not specified in a rule will not result in any changes. The only exception is the `add_rule_actions` and `set_rule_actions` action, which is non-idempotent. This means that if you add or set a rule action to a rule that already has that action, a new action is created with a new unique ID. -> warn -> When used with [API key](https://www.elastic.co/docs/deploy-manage/api-keys) authentication, the user's key gets assigned to the affected rules. If the user's key gets deleted or the user becomes inactive, the rules will stop running. - -> If the API key that is used for authorization has different privileges than the key that created or most recently updated the rule, the rule behavior might change. - - */ - performRulesBulkAction(props: PerformRulesBulkActionProps, kibanaSpace: string = 'default') { - return supertest - .post(getRouteUrlForSpace('/api/detection_engine/rules/_bulk_action', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object) - .query(props.query); - }, - /** - * Favorite a Timeline or Timeline template for the current user. - */ - persistFavoriteRoute(props: PersistFavoriteRouteProps, kibanaSpace: string = 'default') { - return supertest - .patch(getRouteUrlForSpace('/api/timeline/_favorite', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object); - }, - /** - * Add a note to a Timeline or update an existing note. - */ - persistNoteRoute(props: PersistNoteRouteProps, kibanaSpace: string = 'default') { - return supertest - .patch(getRouteUrlForSpace('/api/note', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object); - }, - /** - * Pin/unpin an event to/from an existing Timeline. - */ - persistPinnedEventRoute(props: PersistPinnedEventRouteProps, kibanaSpace: string = 'default') { - return supertest - .patch(getRouteUrlForSpace('/api/pinned_event', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object); - }, - /** - * Calculates and returns a list of Risk Scores, sorted by identifier_type and risk score. - */ - previewRiskScore(props: PreviewRiskScoreProps, kibanaSpace: string = 'default') { - return supertest - .post(getRouteUrlForSpace('/internal/risk_score/preview', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '1') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object); - }, - privmonBulkUploadUsersCsv(kibanaSpace: string = 'default') { - return supertest - .post(getRouteUrlForSpace('/api/entity_analytics/monitoring/users/_csv', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); - }, - privMonHealth(kibanaSpace: string = 'default') { - return supertest - .get(getRouteUrlForSpace('/api/entity_analytics/monitoring/privileges/health', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); - }, - /** - * Check if the current user has all required permissions for Privilege Monitoring - */ - privMonPrivileges(kibanaSpace: string = 'default') { - return supertest - .get( - getRouteUrlForSpace('/api/entity_analytics/monitoring/privileges/privileges', kibanaSpace) - ) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); - }, - readAlertsIndex(kibanaSpace: string = 'default') { - return supertest - .get(getRouteUrlForSpace('/api/detection_engine/index', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); - }, - /** - * Retrieve indices that contain detection alerts of a particular age, along with migration information for each of those indices. - */ - readAlertsMigrationStatus( - props: ReadAlertsMigrationStatusProps, - kibanaSpace: string = 'default' - ) { - return supertest - .get(getRouteUrlForSpace('/api/detection_engine/signals/migration_status', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .query(props.query); - }, - /** - * Retrieve the status of all Elastic prebuilt detection rules and Timelines. - -This endpoint provides detailed information about the number of custom rules, installed prebuilt rules, available prebuilt rules that are not installed, outdated prebuilt rules, installed prebuilt timelines, available prebuilt timelines that are not installed, and outdated prebuilt timelines. - - */ - readPrebuiltRulesAndTimelinesStatus(kibanaSpace: string = 'default') { - return supertest - .get(getRouteUrlForSpace('/api/detection_engine/rules/prepackaged/_status', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); - }, - /** - * Retrieves whether or not the user is authenticated, and the user's Kibana -space and index privileges, which determine if the user can create an -index for the Elastic Security alerts generated by -detection engine rules. - - */ - readPrivileges(kibanaSpace: string = 'default') { - return supertest - .get(getRouteUrlForSpace('/api/detection_engine/privileges', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); - }, - readRiskEngineSettings(kibanaSpace: string = 'default') { - return supertest - .get(getRouteUrlForSpace('/internal/risk_score/engine/settings', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '1') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); - }, - /** - * Retrieve a detection rule using the `rule_id` or `id` field. - -The URL query must include one of the following: - -* `id` - `GET /api/detection_engine/rules?id=` -* `rule_id` - `GET /api/detection_engine/rules?rule_id=` - -The difference between the `id` and `rule_id` is that the `id` is a unique rule identifier that is randomly generated when a rule is created and cannot be set, whereas `rule_id` is a stable rule identifier that can be assigned during rule creation. - - */ - readRule(props: ReadRuleProps, kibanaSpace: string = 'default') { - return supertest - .get(getRouteUrlForSpace('/api/detection_engine/rules', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .query(props.query); - }, - /** - * List all unique tags from all detection rules. - */ - readTags(kibanaSpace: string = 'default') { - return supertest - .get(getRouteUrlForSpace('/api/detection_engine/tags', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); - }, - resolveTimeline(props: ResolveTimelineProps, kibanaSpace: string = 'default') { - return supertest - .get(getRouteUrlForSpace('/api/timeline/resolve', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .query(props.query); - }, - riskEngineGetPrivileges(kibanaSpace: string = 'default') { - return supertest - .get(getRouteUrlForSpace('/internal/risk_engine/privileges', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '1') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); - }, - rulePreview(props: RulePreviewProps, kibanaSpace: string = 'default') { - return supertest - .post(getRouteUrlForSpace('/api/detection_engine/rules/preview', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object) - .query(props.query); - }, - runEntityAnalyticsMigrations(kibanaSpace: string = 'default') { - return supertest - .post(getRouteUrlForSpace('/internal/entity_analytics/migrations/run', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '1') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); - }, - /** - * Run a shell command on an endpoint. - */ - runScriptAction(props: RunScriptActionProps, kibanaSpace: string = 'default') { - return supertest - .post(getRouteUrlForSpace('/api/endpoint/action/runscript', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object); - }, - /** - * Schedule the risk scoring engine to run as soon as possible. You can use this to recalculate entity risk scores after updating their asset criticality. - */ - scheduleRiskEngineNow(kibanaSpace: string = 'default') { - return supertest - .post(getRouteUrlForSpace('/api/risk_score/engine/schedule_now', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); - }, - /** - * Find and/or aggregate detection alerts that match the given query. - */ - searchAlerts(props: SearchAlertsProps, kibanaSpace: string = 'default') { - return supertest - .post(getRouteUrlForSpace('/api/detection_engine/signals/search', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object); - }, - searchPrivilegesIndices(props: SearchPrivilegesIndicesProps, kibanaSpace: string = 'default') { - return supertest - .get( - getRouteUrlForSpace('/api/entity_analytics/monitoring/privileges/indices', kibanaSpace) - ) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .query(props.query); - }, - /** - * Assign users to detection alerts, and unassign them from alerts. -> info -> You cannot add and remove the same assignee in the same request. - - */ - setAlertAssignees(props: SetAlertAssigneesProps, kibanaSpace: string = 'default') { - return supertest - .post(getRouteUrlForSpace('/api/detection_engine/signals/assignees', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object); - }, - /** - * Set the status of one or more detection alerts. - */ - setAlertsStatus(props: SetAlertsStatusProps, kibanaSpace: string = 'default') { - return supertest - .post(getRouteUrlForSpace('/api/detection_engine/signals/status', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object); - }, - /** - * And tags to detection alerts, and remove them from alerts. -> info -> You cannot add and remove the same alert tag in the same request. - - */ - setAlertTags(props: SetAlertTagsProps, kibanaSpace: string = 'default') { - return supertest - .post(getRouteUrlForSpace('/api/detection_engine/signals/tags', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object); - }, - startEntityEngine(props: StartEntityEngineProps, kibanaSpace: string = 'default') { - return supertest - .post( - getRouteUrlForSpace( - replaceParams('/api/entity_store/engines/{entityType}/start', props.params), - kibanaSpace - ) - ) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); - }, - /** - * Starts a SIEM rules migration using the migration id provided - */ - startRuleMigration(props: StartRuleMigrationProps, kibanaSpace: string = 'default') { - return supertest - .post( - getRouteUrlForSpace( - replaceParams('/internal/siem_migrations/rules/{migration_id}/start', props.params), - kibanaSpace - ) - ) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '1') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object); - }, - stopEntityEngine(props: StopEntityEngineProps, kibanaSpace: string = 'default') { - return supertest - .post( - getRouteUrlForSpace( - replaceParams('/api/entity_store/engines/{entityType}/stop', props.params), - kibanaSpace - ) - ) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); - }, - /** - * Stops a running SIEM rules migration using the migration id provided - */ - stopRuleMigration(props: StopRuleMigrationProps, kibanaSpace: string = 'default') { - return supertest - .post( - getRouteUrlForSpace( - replaceParams('/internal/siem_migrations/rules/{migration_id}/stop', props.params), - kibanaSpace - ) - ) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '1') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); - }, - /** - * Suggests user profiles. - */ - suggestUserProfiles(props: SuggestUserProfilesProps, kibanaSpace: string = 'default') { - return supertest - .post(getRouteUrlForSpace('/internal/detection_engine/users/_find', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '1') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .query(props.query); - }, - /** - * Calculates and persists Risk Scores for an entity, returning the calculated risk score. - */ - triggerRiskScoreCalculation( - props: TriggerRiskScoreCalculationProps, - kibanaSpace: string = 'default' - ) { - return supertest - .post(getRouteUrlForSpace('/internal/risk_score/calculation/entity', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '1') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object); - }, - updateEntitySource(props: UpdateEntitySourceProps, kibanaSpace: string = 'default') { - return supertest - .put( - getRouteUrlForSpace( - replaceParams('/api/entity_analytics/monitoring/entity_source/{id}', props.params), - kibanaSpace - ) - ) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object); - }, - updatePrivMonUser(props: UpdatePrivMonUserProps, kibanaSpace: string = 'default') { - return supertest - .put( - getRouteUrlForSpace( - replaceParams('/api/entity_analytics/monitoring/users/{id}', props.params), - kibanaSpace - ) - ) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object); - }, - /** - * Update a detection rule using the `rule_id` or `id` field. The original rule is replaced, and all unspecified fields are deleted. - -The difference between the `id` and `rule_id` is that the `id` is a unique rule identifier that is randomly generated when a rule is created and cannot be set, whereas `rule_id` is a stable rule identifier that can be assigned during rule creation. -> warn -> When used with [API key](https://www.elastic.co/docs/deploy-manage/api-keys) authentication, the user's key gets assigned to the affected rules. If the user's key gets deleted or the user becomes inactive, the rules will stop running. - -> If the API key that is used for authorization has different privileges than the key that created or most recently updated the rule, the rule behavior might change. - - */ - updateRule(props: UpdateRuleProps, kibanaSpace: string = 'default') { - return supertest - .put(getRouteUrlForSpace('/api/detection_engine/rules', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object); - }, - /** - * Updates rules migrations data - */ - updateRuleMigration(props: UpdateRuleMigrationProps, kibanaSpace: string = 'default') { - return supertest - .patch( - getRouteUrlForSpace( - replaceParams('/internal/siem_migrations/rules/{migration_id}', props.params), - kibanaSpace - ) - ) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '1') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object); - }, - /** - * Updates rules migrations attributes - */ - updateRuleMigrationRules( - props: UpdateRuleMigrationRulesProps, - kibanaSpace: string = 'default' - ) { - return supertest - .patch( - getRouteUrlForSpace( - replaceParams('/internal/siem_migrations/rules/{migration_id}/rules', props.params), - kibanaSpace - ) - ) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '1') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object); - }, - updateWorkflowInsight(props: UpdateWorkflowInsightProps, kibanaSpace: string = 'default') { - return supertest - .put( - getRouteUrlForSpace( - replaceParams('/internal/api/endpoint/workflow_insights/{insightId}', props.params), - kibanaSpace - ) - ) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '1') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object); - }, - uploadAssetCriticalityRecords(kibanaSpace: string = 'default') { - return supertest - .post(getRouteUrlForSpace('/api/asset_criticality/upload_csv', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '1') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); - }, - /** - * Creates or updates resources for an existing SIEM rules migration - */ - upsertRuleMigrationResources( - props: UpsertRuleMigrationResourcesProps, - kibanaSpace: string = 'default' - ) { - return supertest - .post( - getRouteUrlForSpace( - replaceParams('/internal/siem_migrations/rules/{migration_id}/resources', props.params), - kibanaSpace - ) - ) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '1') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object); - }, - }; -} - -export interface AlertsMigrationCleanupProps { - body: AlertsMigrationCleanupRequestBodyInput; -} -export interface BulkUpsertAssetCriticalityRecordsProps { - body: BulkUpsertAssetCriticalityRecordsRequestBodyInput; -} -export interface CleanDraftTimelinesProps { - body: CleanDraftTimelinesRequestBodyInput; -} -export interface ConfigureRiskEngineSavedObjectProps { - body: ConfigureRiskEngineSavedObjectRequestBodyInput; -} -export interface CopyTimelineProps { - body: CopyTimelineRequestBodyInput; -} -export interface CreateAlertsMigrationProps { - body: CreateAlertsMigrationRequestBodyInput; -} -export interface CreateAssetCriticalityRecordProps { - body: CreateAssetCriticalityRecordRequestBodyInput; -} -export interface CreateEntitySourceProps { - body: CreateEntitySourceRequestBodyInput; -} -export interface CreatePrivilegesImportIndexProps { - body: CreatePrivilegesImportIndexRequestBodyInput; -} -export interface CreatePrivMonUserProps { - body: CreatePrivMonUserRequestBodyInput; -} -export interface CreateRuleProps { - body: CreateRuleRequestBodyInput; -} -export interface CreateRuleMigrationProps { - body: CreateRuleMigrationRequestBodyInput; -} -export interface CreateRuleMigrationRulesProps { - params: CreateRuleMigrationRulesRequestParamsInput; - body: CreateRuleMigrationRulesRequestBodyInput; -} -export interface CreateTimelinesProps { - body: CreateTimelinesRequestBodyInput; -} -export interface CreateUpdateProtectionUpdatesNoteProps { - params: CreateUpdateProtectionUpdatesNoteRequestParamsInput; - body: CreateUpdateProtectionUpdatesNoteRequestBodyInput; -} -export interface DeleteAssetCriticalityRecordProps { - query: DeleteAssetCriticalityRecordRequestQueryInput; -} -export interface DeleteEntityEngineProps { - query: DeleteEntityEngineRequestQueryInput; - params: DeleteEntityEngineRequestParamsInput; -} -export interface DeleteEntitySourceProps { - params: DeleteEntitySourceRequestParamsInput; -} -export interface DeleteMonitoringEngineProps { - query: DeleteMonitoringEngineRequestQueryInput; -} -export interface DeleteNoteProps { - body: DeleteNoteRequestBodyInput; -} -export interface DeletePrivMonUserProps { - params: DeletePrivMonUserRequestParamsInput; -} -export interface DeleteRuleProps { - query: DeleteRuleRequestQueryInput; -} -export interface DeleteRuleMigrationProps { - params: DeleteRuleMigrationRequestParamsInput; -} -export interface DeleteTimelinesProps { - body: DeleteTimelinesRequestBodyInput; -} -export interface DeprecatedTriggerRiskScoreCalculationProps { - body: DeprecatedTriggerRiskScoreCalculationRequestBodyInput; -} -export interface EndpointExecuteActionProps { - body: EndpointExecuteActionRequestBodyInput; -} -export interface EndpointFileDownloadProps { - params: EndpointFileDownloadRequestParamsInput; -} -export interface EndpointFileInfoProps { - params: EndpointFileInfoRequestParamsInput; -} -export interface EndpointGetActionsDetailsProps { - params: EndpointGetActionsDetailsRequestParamsInput; -} -export interface EndpointGetActionsListProps { - query: EndpointGetActionsListRequestQueryInput; -} -export interface EndpointGetActionsStatusProps { - query: EndpointGetActionsStatusRequestQueryInput; -} -export interface EndpointGetFileActionProps { - body: EndpointGetFileActionRequestBodyInput; -} -export interface EndpointGetProcessesActionProps { - body: EndpointGetProcessesActionRequestBodyInput; -} -export interface EndpointIsolateActionProps { - body: EndpointIsolateActionRequestBodyInput; -} -export interface EndpointKillProcessActionProps { - body: EndpointKillProcessActionRequestBodyInput; -} -export interface EndpointScanActionProps { - body: EndpointScanActionRequestBodyInput; -} -export interface EndpointSuspendProcessActionProps { - body: EndpointSuspendProcessActionRequestBodyInput; -} -export interface EndpointUnisolateActionProps { - body: EndpointUnisolateActionRequestBodyInput; -} -export interface ExportRulesProps { - query: ExportRulesRequestQueryInput; - body: ExportRulesRequestBodyInput; -} -export interface ExportTimelinesProps { - query: ExportTimelinesRequestQueryInput; - body: ExportTimelinesRequestBodyInput; -} -export interface FinalizeAlertsMigrationProps { - body: FinalizeAlertsMigrationRequestBodyInput; -} -export interface FindAssetCriticalityRecordsProps { - query: FindAssetCriticalityRecordsRequestQueryInput; -} -export interface FindRulesProps { - query: FindRulesRequestQueryInput; -} -export interface GetAssetCriticalityRecordProps { - query: GetAssetCriticalityRecordRequestQueryInput; -} -export interface GetDraftTimelinesProps { - query: GetDraftTimelinesRequestQueryInput; -} -export interface GetEndpointMetadataListProps { - query: GetEndpointMetadataListRequestQueryInput; -} -export interface GetEndpointSuggestionsProps { - params: GetEndpointSuggestionsRequestParamsInput; - body: GetEndpointSuggestionsRequestBodyInput; -} -export interface GetEntityEngineProps { - params: GetEntityEngineRequestParamsInput; -} -export interface GetEntitySourceProps { - params: GetEntitySourceRequestParamsInput; -} -export interface GetEntityStoreStatusProps { - query: GetEntityStoreStatusRequestQueryInput; -} -export interface GetNotesProps { - query: GetNotesRequestQueryInput; -} -export interface GetPolicyResponseProps { - query: GetPolicyResponseRequestQueryInput; -} -export interface GetProtectionUpdatesNoteProps { - params: GetProtectionUpdatesNoteRequestParamsInput; -} -export interface GetRuleExecutionEventsProps { - query: GetRuleExecutionEventsRequestQueryInput; - params: GetRuleExecutionEventsRequestParamsInput; -} -export interface GetRuleExecutionResultsProps { - query: GetRuleExecutionResultsRequestQueryInput; - params: GetRuleExecutionResultsRequestParamsInput; -} -export interface GetRuleMigrationProps { - params: GetRuleMigrationRequestParamsInput; -} -export interface GetRuleMigrationPrebuiltRulesProps { - params: GetRuleMigrationPrebuiltRulesRequestParamsInput; -} -export interface GetRuleMigrationResourcesProps { - query: GetRuleMigrationResourcesRequestQueryInput; - params: GetRuleMigrationResourcesRequestParamsInput; -} -export interface GetRuleMigrationResourcesMissingProps { - params: GetRuleMigrationResourcesMissingRequestParamsInput; -} -export interface GetRuleMigrationRulesProps { - query: GetRuleMigrationRulesRequestQueryInput; - params: GetRuleMigrationRulesRequestParamsInput; -} -export interface GetRuleMigrationStatsProps { - params: GetRuleMigrationStatsRequestParamsInput; -} -export interface GetRuleMigrationTranslationStatsProps { - params: GetRuleMigrationTranslationStatsRequestParamsInput; -} -export interface GetTimelineProps { - query: GetTimelineRequestQueryInput; -} -export interface GetTimelinesProps { - query: GetTimelinesRequestQueryInput; -} -export interface GetWorkflowInsightsProps { - query: GetWorkflowInsightsRequestQueryInput; -} -export interface ImportRulesProps { - query: ImportRulesRequestQueryInput; -} -export interface ImportTimelinesProps { - body: ImportTimelinesRequestBodyInput; -} -export interface InitEntityEngineProps { - params: InitEntityEngineRequestParamsInput; - body: InitEntityEngineRequestBodyInput; -} -export interface InitEntityStoreProps { - body: InitEntityStoreRequestBodyInput; -} -export interface InstallMigrationRulesProps { - params: InstallMigrationRulesRequestParamsInput; - body: InstallMigrationRulesRequestBodyInput; -} -export interface InstallPrepackedTimelinesProps { - body: InstallPrepackedTimelinesRequestBodyInput; -} -export interface ListEntitiesProps { - query: ListEntitiesRequestQueryInput; -} -export interface ListEntitySourcesProps { - query: ListEntitySourcesRequestQueryInput; -} -export interface ListPrivMonUsersProps { - query: ListPrivMonUsersRequestQueryInput; -} -export interface PatchRuleProps { - body: PatchRuleRequestBodyInput; -} -export interface PatchTimelineProps { - body: PatchTimelineRequestBodyInput; -} -export interface PerformRulesBulkActionProps { - query: PerformRulesBulkActionRequestQueryInput; - body: PerformRulesBulkActionRequestBodyInput; -} -export interface PersistFavoriteRouteProps { - body: PersistFavoriteRouteRequestBodyInput; -} -export interface PersistNoteRouteProps { - body: PersistNoteRouteRequestBodyInput; -} -export interface PersistPinnedEventRouteProps { - body: PersistPinnedEventRouteRequestBodyInput; -} -export interface PreviewRiskScoreProps { - body: PreviewRiskScoreRequestBodyInput; -} -export interface ReadAlertsMigrationStatusProps { - query: ReadAlertsMigrationStatusRequestQueryInput; -} -export interface ReadRuleProps { - query: ReadRuleRequestQueryInput; -} -export interface ResolveTimelineProps { - query: ResolveTimelineRequestQueryInput; -} -export interface RulePreviewProps { - query: RulePreviewRequestQueryInput; - body: RulePreviewRequestBodyInput; -} -export interface RunScriptActionProps { - body: RunScriptActionRequestBodyInput; -} -export interface SearchAlertsProps { - body: SearchAlertsRequestBodyInput; -} -export interface SearchPrivilegesIndicesProps { - query: SearchPrivilegesIndicesRequestQueryInput; -} -export interface SetAlertAssigneesProps { - body: SetAlertAssigneesRequestBodyInput; -} -export interface SetAlertsStatusProps { - body: SetAlertsStatusRequestBodyInput; -} -export interface SetAlertTagsProps { - body: SetAlertTagsRequestBodyInput; -} -export interface StartEntityEngineProps { - params: StartEntityEngineRequestParamsInput; -} -export interface StartRuleMigrationProps { - params: StartRuleMigrationRequestParamsInput; - body: StartRuleMigrationRequestBodyInput; -} -export interface StopEntityEngineProps { - params: StopEntityEngineRequestParamsInput; -} -export interface StopRuleMigrationProps { - params: StopRuleMigrationRequestParamsInput; -} -export interface SuggestUserProfilesProps { - query: SuggestUserProfilesRequestQueryInput; -} -export interface TriggerRiskScoreCalculationProps { - body: TriggerRiskScoreCalculationRequestBodyInput; -} -export interface UpdateEntitySourceProps { - params: UpdateEntitySourceRequestParamsInput; - body: UpdateEntitySourceRequestBodyInput; -} -export interface UpdatePrivMonUserProps { - params: UpdatePrivMonUserRequestParamsInput; - body: UpdatePrivMonUserRequestBodyInput; -} -export interface UpdateRuleProps { - body: UpdateRuleRequestBodyInput; -} -export interface UpdateRuleMigrationProps { - params: UpdateRuleMigrationRequestParamsInput; - body: UpdateRuleMigrationRequestBodyInput; -} -export interface UpdateRuleMigrationRulesProps { - params: UpdateRuleMigrationRulesRequestParamsInput; - body: UpdateRuleMigrationRulesRequestBodyInput; -} -export interface UpdateWorkflowInsightProps { - params: UpdateWorkflowInsightRequestParamsInput; - body: UpdateWorkflowInsightRequestBodyInput; -} -export interface UpsertRuleMigrationResourcesProps { - params: UpsertRuleMigrationResourcesRequestParamsInput; - body: UpsertRuleMigrationResourcesRequestBodyInput; -} diff --git a/x-pack/solutions/security/test/security_solution_api_integration/test_suites/detections_response/detection_engine/rule_execution_logic/frozen_indices_handling/trial_license_complete_tier/frozen_indices_handling.ts b/x-pack/solutions/security/test/security_solution_api_integration/test_suites/detections_response/detection_engine/rule_execution_logic/frozen_indices_handling/trial_license_complete_tier/frozen_indices_handling.ts index d3b3965753f14..cd2dd87960762 100644 --- a/x-pack/solutions/security/test/security_solution_api_integration/test_suites/detections_response/detection_engine/rule_execution_logic/frozen_indices_handling/trial_license_complete_tier/frozen_indices_handling.ts +++ b/x-pack/solutions/security/test/security_solution_api_integration/test_suites/detections_response/detection_engine/rule_execution_logic/frozen_indices_handling/trial_license_complete_tier/frozen_indices_handling.ts @@ -7,7 +7,7 @@ import { v4 as uuidv4 } from 'uuid'; import expect from '@kbn/expect'; -import { CreateRuleProps } from '../../../../../../config/services/security_solution_api.gen'; +import type { CreateRuleProps } from '@kbn/security-solution-test-api-clients/supertest/detections.gen'; import { dataGeneratorFactory } from '../../../../utils'; import { @@ -40,7 +40,7 @@ export default ({ getService }: FtrProviderContext) => { const supertest = getService('supertest'); const es = getService('es'); const log = getService('log'); - const securitySolutionApi = getService('securitySolutionApi'); + const detectionsApi = getService('detectionsApi'); const retry = getService('retry'); const indexSampleData = async (index: string) => { @@ -72,7 +72,7 @@ export default ({ getService }: FtrProviderContext) => { }, }; - const { body: createdRuleResponse } = await securitySolutionApi + const { body: createdRuleResponse } = await detectionsApi .createRule(createRuleProps) .expect(200); diff --git a/x-pack/solutions/security/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/common/import_export/export_prebuilt_rules.ts b/x-pack/solutions/security/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/common/import_export/export_prebuilt_rules.ts index 403a691022656..de0367533d7c5 100644 --- a/x-pack/solutions/security/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/common/import_export/export_prebuilt_rules.ts +++ b/x-pack/solutions/security/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/common/import_export/export_prebuilt_rules.ts @@ -25,7 +25,7 @@ import { export default ({ getService }: FtrProviderContext): void => { const es = getService('es'); const supertest = getService('supertest'); - const securitySolutionApi = getService('securitySolutionApi'); + const detectionsApi = getService('detectionsApi'); const log = getService('log'); const PREBUILT_RULE_ID_A = 'test-prebuilt-rule-a'; @@ -51,7 +51,7 @@ export default ({ getService }: FtrProviderContext): void => { { name: '_export API', exportRules: async () => { - const { body: exportResult } = await securitySolutionApi + const { body: exportResult } = await detectionsApi .exportRules({ query: {}, body: null, @@ -65,7 +65,7 @@ export default ({ getService }: FtrProviderContext): void => { { name: 'bulk actions API', exportRules: async () => { - const { body } = await securitySolutionApi + const { body } = await detectionsApi .performRulesBulkAction({ query: {}, body: { action: BulkActionTypeEnum.export }, @@ -135,7 +135,7 @@ export default ({ getService }: FtrProviderContext): void => { await createPrebuiltRuleAssetSavedObjects(es, [PREBUILT_RULE_A, PREBUILT_RULE_B]); await installPrebuiltRules(es, supertest); - await securitySolutionApi + await detectionsApi .patchRule({ body: { rule_id: PREBUILT_RULE_ID_A, @@ -144,7 +144,7 @@ export default ({ getService }: FtrProviderContext): void => { }, }) .expect(200); - await securitySolutionApi + await detectionsApi .patchRule({ body: { rule_id: PREBUILT_RULE_ID_B, @@ -213,13 +213,13 @@ export default ({ getService }: FtrProviderContext): void => { const CUSTOM_RULE_ID_2 = 'custom-rule-id-2'; await Promise.all([ - securitySolutionApi + detectionsApi .createRule({ body: getCustomQueryRuleParams({ rule_id: CUSTOM_RULE_ID_1 }) }) .expect(200), - securitySolutionApi + detectionsApi .createRule({ body: getCustomQueryRuleParams({ rule_id: CUSTOM_RULE_ID_2 }) }) .expect(200), - await securitySolutionApi + await detectionsApi .patchRule({ body: { rule_id: PREBUILT_RULE_ID_B, @@ -230,7 +230,7 @@ export default ({ getService }: FtrProviderContext): void => { .expect(200), ]); - const { body: exportResult } = await securitySolutionApi + const { body: exportResult } = await detectionsApi .exportRules({ query: {}, body: null }) .expect(200) .parse(binaryToString); @@ -281,9 +281,9 @@ export default ({ getService }: FtrProviderContext): void => { const CUSTOM_RULE_ID = 'rule-id-1'; const CUSTOM_RULE = getCustomQueryRuleParams({ rule_id: CUSTOM_RULE_ID }); - await securitySolutionApi.createRule({ body: CUSTOM_RULE }).expect(200); + await detectionsApi.createRule({ body: CUSTOM_RULE }).expect(200); - await securitySolutionApi + await detectionsApi .patchRule({ body: { rule_id: PREBUILT_RULE_ID_B, @@ -292,7 +292,7 @@ export default ({ getService }: FtrProviderContext): void => { }) .expect(200); - const { body: exportResult } = await securitySolutionApi + const { body: exportResult } = await detectionsApi .performRulesBulkAction({ body: { query: '', action: BulkActionTypeEnum.export }, query: {}, @@ -304,7 +304,7 @@ export default ({ getService }: FtrProviderContext): void => { await deleteAllRules(supertest, log); - await securitySolutionApi + await detectionsApi .importRules({ query: { overwrite: false } }) .attach('file', exportResult, 'rules.ndjson') .expect('Content-Type', 'application/json; charset=utf-8') @@ -312,7 +312,7 @@ export default ({ getService }: FtrProviderContext): void => { const { body: { data: importedRules }, - } = await securitySolutionApi + } = await detectionsApi .findRules({ query: {}, }) @@ -371,7 +371,7 @@ export default ({ getService }: FtrProviderContext): void => { ]); await installPrebuiltRules(es, supertest); - const { body: exportResult } = await securitySolutionApi + const { body: exportResult } = await detectionsApi .exportRules({ query: {}, body: { objects: [{ rule_id: PREBUILT_RULE_ID_A }, { rule_id: PREBUILT_RULE_ID_B }] }, @@ -409,7 +409,7 @@ export default ({ getService }: FtrProviderContext): void => { const { body: { data: prebuiltRules }, - } = await securitySolutionApi + } = await detectionsApi .findRules({ query: { page: 1, per_page: 2, filter: 'alert.attributes.params.immutable: true' }, }) @@ -417,7 +417,7 @@ export default ({ getService }: FtrProviderContext): void => { const prebuiltRuleObjectIds = prebuiltRules.map((rule: RuleResponse) => rule.id); - const { body: exportResult } = await securitySolutionApi + const { body: exportResult } = await detectionsApi .performRulesBulkAction({ query: {}, body: { action: BulkActionTypeEnum.export, ids: prebuiltRuleObjectIds }, diff --git a/x-pack/solutions/security/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/common/import_export/import_multiple_prebuilt_rules.ts b/x-pack/solutions/security/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/common/import_export/import_multiple_prebuilt_rules.ts index 6da380548fe8c..9ab866deb635e 100644 --- a/x-pack/solutions/security/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/common/import_export/import_multiple_prebuilt_rules.ts +++ b/x-pack/solutions/security/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/common/import_export/import_multiple_prebuilt_rules.ts @@ -21,7 +21,7 @@ export default ({ getService }: FtrProviderContext): void => { const supertest = getService('supertest'); const es = getService('es'); const log = getService('log'); - const securitySolutionApi = getService('securitySolutionApi'); + const detectionsApi = getService('detectionsApi'); const [PREBUILT_RULE_ID_A, PREBUILT_RULE_ID_B] = ['prebuilt-rule-a', 'prebuilt-rule-b']; const [PREBUILT_RULE_ASSET_A, PREBUILT_RULE_ASSET_B] = [ @@ -81,7 +81,7 @@ export default ({ getService }: FtrProviderContext): void => { const { body: { data: importedRules }, - } = await securitySolutionApi + } = await detectionsApi .findRules({ query: {}, }) @@ -134,7 +134,7 @@ export default ({ getService }: FtrProviderContext): void => { const { body: { data: importedRules }, - } = await securitySolutionApi + } = await detectionsApi .findRules({ query: {}, }) @@ -171,7 +171,7 @@ export default ({ getService }: FtrProviderContext): void => { const { body: { data: importedRules }, - } = await securitySolutionApi + } = await detectionsApi .findRules({ query: {}, }) @@ -226,7 +226,7 @@ export default ({ getService }: FtrProviderContext): void => { const { body: { data: importedRules }, - } = await securitySolutionApi + } = await detectionsApi .findRules({ query: {}, }) diff --git a/x-pack/solutions/security/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/common/import_export/import_outdated_prebuilt_rules.ts b/x-pack/solutions/security/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/common/import_export/import_outdated_prebuilt_rules.ts index ed3e9bc604962..0f5a07ee6454b 100644 --- a/x-pack/solutions/security/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/common/import_export/import_outdated_prebuilt_rules.ts +++ b/x-pack/solutions/security/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/common/import_export/import_outdated_prebuilt_rules.ts @@ -19,7 +19,7 @@ export default ({ getService }: FtrProviderContext): void => { const supertest = getService('supertest'); const es = getService('es'); const log = getService('log'); - const securitySolutionApi = getService('securitySolutionApi'); + const detectionsApi = getService('detectionsApi'); const [PREBUILT_RULE_ID_A, PREBUILT_RULE_ID_B, PREBUILT_RULE_ID_C, PREBUILT_RULE_ID_D] = [ 'prebuilt-rule-a', @@ -117,7 +117,7 @@ export default ({ getService }: FtrProviderContext): void => { const { body: { data: importedRules }, - } = await securitySolutionApi + } = await detectionsApi .findRules({ query: {}, }) @@ -180,13 +180,13 @@ export default ({ getService }: FtrProviderContext): void => { await installPrebuiltRules(es, supertest); // Customize some of the installed prebuilt rules - await securitySolutionApi.patchRule({ + await detectionsApi.patchRule({ body: { rule_id: PREBUILT_RULE_ID_B, tags: ['custom-tag-b'], }, }); - await securitySolutionApi.patchRule({ + await detectionsApi.patchRule({ body: { rule_id: PREBUILT_RULE_ID_D, tags: ['custom-tag-d'], @@ -268,7 +268,7 @@ export default ({ getService }: FtrProviderContext): void => { const { body: { data: importedRules }, - } = await securitySolutionApi + } = await detectionsApi .findRules({ query: {}, }) @@ -391,13 +391,13 @@ export default ({ getService }: FtrProviderContext): void => { await installPrebuiltRules(es, supertest); // Customize some of the installed prebuilt rules - await securitySolutionApi.patchRule({ + await detectionsApi.patchRule({ body: { rule_id: PREBUILT_RULE_ID_B, tags: ['custom-tag-b'], }, }); - await securitySolutionApi.patchRule({ + await detectionsApi.patchRule({ body: { rule_id: PREBUILT_RULE_ID_D, tags: ['custom-tag-d'], @@ -450,7 +450,7 @@ export default ({ getService }: FtrProviderContext): void => { const { body: { data: importedRules }, - } = await securitySolutionApi + } = await detectionsApi .findRules({ query: {}, }) @@ -545,13 +545,13 @@ export default ({ getService }: FtrProviderContext): void => { await installPrebuiltRules(es, supertest); // Customize some of the installed prebuilt rules - await securitySolutionApi.patchRule({ + await detectionsApi.patchRule({ body: { rule_id: PREBUILT_RULE_ID_B, tags: ['custom-tag-b'], }, }); - await securitySolutionApi.patchRule({ + await detectionsApi.patchRule({ body: { rule_id: PREBUILT_RULE_ID_D, tags: ['custom-tag-d'], @@ -632,7 +632,7 @@ export default ({ getService }: FtrProviderContext): void => { const { body: { data: importedRules }, - } = await securitySolutionApi + } = await detectionsApi .findRules({ query: {}, }) diff --git a/x-pack/solutions/security/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/common/import_export/import_single_prebuilt_rule.ts b/x-pack/solutions/security/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/common/import_export/import_single_prebuilt_rule.ts index e102bdfab87c7..65bddda2b57e3 100644 --- a/x-pack/solutions/security/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/common/import_export/import_single_prebuilt_rule.ts +++ b/x-pack/solutions/security/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/common/import_export/import_single_prebuilt_rule.ts @@ -24,7 +24,7 @@ export default ({ getService }: FtrProviderContext): void => { const supertest = getService('supertest'); const es = getService('es'); const log = getService('log'); - const securitySolutionApi = getService('securitySolutionApi'); + const detectionsApi = getService('detectionsApi'); const PREBUILT_RULE_ID = 'prebuilt-rule'; const PREBUILT_RULE_ASSET = createRuleAssetSavedObject({ @@ -99,7 +99,7 @@ export default ({ getService }: FtrProviderContext): void => { it('imports a non-customized prebuilt rule on top of an installed customized prebuilt rule', async () => { await installPrebuiltRules(es, supertest); - await securitySolutionApi.patchRule({ + await detectionsApi.patchRule({ body: { rule_id: PREBUILT_RULE_ID, name: 'Customized Rule', @@ -186,7 +186,7 @@ export default ({ getService }: FtrProviderContext): void => { it('imports a customized prebuilt rule on top of an installed customized prebuilt rule', async () => { await installPrebuiltRules(es, supertest); - await securitySolutionApi.patchRule({ + await detectionsApi.patchRule({ body: { rule_id: PREBUILT_RULE_ID, description: 'Customized Rule', @@ -215,7 +215,7 @@ export default ({ getService }: FtrProviderContext): void => { it('imports customized prebuilt rule fields on top of an installed customized prebuilt rule', async () => { await installPrebuiltRules(es, supertest); - await securitySolutionApi + await detectionsApi .patchRule({ body: { rule_id: PREBUILT_RULE_ID, @@ -271,7 +271,7 @@ export default ({ getService }: FtrProviderContext): void => { }); it('importing a custom rule on top of an existing custom rule', async () => { - await securitySolutionApi + await detectionsApi .createRule({ body: CUSTOM_RULE_TO_IMPORT, }) @@ -607,7 +607,7 @@ export default ({ getService }: FtrProviderContext): void => { it('imports an old non-customized prebuilt rule', async () => { await installPrebuiltRules(es, supertest); - await securitySolutionApi.patchRule({ + await detectionsApi.patchRule({ body: { rule_id: PREBUILT_RULE_ID, description: 'Customized Rule', @@ -653,7 +653,7 @@ export default ({ getService }: FtrProviderContext): void => { it('imports an old customized prebuilt rule', async () => { await installPrebuiltRules(es, supertest); - await securitySolutionApi.patchRule({ + await detectionsApi.patchRule({ body: { rule_id: PREBUILT_RULE_ID, name: 'Customized Rule', diff --git a/x-pack/solutions/security/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/common/import_export/import_with_installing_package.ts b/x-pack/solutions/security/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/common/import_export/import_with_installing_package.ts index b9c6b3bfef2c9..622a13d657f8f 100644 --- a/x-pack/solutions/security/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/common/import_export/import_with_installing_package.ts +++ b/x-pack/solutions/security/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/common/import_export/import_with_installing_package.ts @@ -35,7 +35,7 @@ export default ({ getService }: FtrProviderContext): void => { const supertest = getService('supertest'); const es = getService('es'); const log = getService('log'); - const securitySolutionApi = getService('securitySolutionApi'); + const detectionsApi = getService('detectionsApi'); const retryService = getService('retry'); describe('@ess @serverless @skipInServerlessMKI Import prebuilt rules when the package is not installed', () => { @@ -73,7 +73,7 @@ export default ({ getService }: FtrProviderContext): void => { const { body: { data: importedRules }, - } = await securitySolutionApi + } = await detectionsApi .findRules({ query: {}, }) @@ -164,7 +164,7 @@ export default ({ getService }: FtrProviderContext): void => { const { body: { data: importedRules }, - } = await securitySolutionApi + } = await detectionsApi .findRules({ query: {}, }) diff --git a/x-pack/solutions/security/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/common/import_export/import_with_missing_base_version.ts b/x-pack/solutions/security/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/common/import_export/import_with_missing_base_version.ts index 1f5fdd1c7c1f7..97d458b332f50 100644 --- a/x-pack/solutions/security/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/common/import_export/import_with_missing_base_version.ts +++ b/x-pack/solutions/security/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/common/import_export/import_with_missing_base_version.ts @@ -20,7 +20,7 @@ export default ({ getService }: FtrProviderContext): void => { const supertest = getService('supertest'); const es = getService('es'); const log = getService('log'); - const securitySolutionApi = getService('securitySolutionApi'); + const detectionsApi = getService('detectionsApi'); const PREBUILT_RULE_ID = 'prebuilt-rule'; const CURRENT_PREBUILT_RULE_VERSION = 5; @@ -150,7 +150,7 @@ export default ({ getService }: FtrProviderContext): void => { it('imports a prebuilt rule with a missing base version when import payload IS NOT EQUAL to the installed and customized prebuilt rule', async () => { await installPrebuiltRules(es, supertest); - await securitySolutionApi + await detectionsApi .patchRule({ body: { rule_id: PREBUILT_RULE_ID, @@ -231,7 +231,7 @@ export default ({ getService }: FtrProviderContext): void => { it('imports a prebuilt rule with a missing base version when import payload IS EQUAL to the installed customized prebuilt rule', async () => { await installPrebuiltRules(es, supertest); - await securitySolutionApi + await detectionsApi .patchRule({ body: { rule_id: PREBUILT_RULE_ID, diff --git a/x-pack/solutions/security/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/common/import_export/import_with_missing_fields.ts b/x-pack/solutions/security/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/common/import_export/import_with_missing_fields.ts index 93bc954f27b7d..4422d78257430 100644 --- a/x-pack/solutions/security/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/common/import_export/import_with_missing_fields.ts +++ b/x-pack/solutions/security/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/common/import_export/import_with_missing_fields.ts @@ -22,7 +22,7 @@ export default ({ getService }: FtrProviderContext): void => { const supertest = getService('supertest'); const es = getService('es'); const log = getService('log'); - const securitySolutionApi = getService('securitySolutionApi'); + const detectionsApi = getService('detectionsApi'); const PREBUILT_RULE_ID = 'prebuilt-rule'; const PREBUILT_RULE_ASSET = createRuleAssetSavedObject({ @@ -201,7 +201,7 @@ export default ({ getService }: FtrProviderContext): void => { version: 3, }); - await securitySolutionApi + await detectionsApi .createRule({ body: CUSTOM_RULE, }) diff --git a/x-pack/solutions/security/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/common/install_prebuilt_rules/install_mocked_prebuilt_rule_assets.ts b/x-pack/solutions/security/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/common/install_prebuilt_rules/install_mocked_prebuilt_rule_assets.ts index 26319bb831c30..9a280477addc9 100644 --- a/x-pack/solutions/security/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/common/install_prebuilt_rules/install_mocked_prebuilt_rule_assets.ts +++ b/x-pack/solutions/security/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/common/install_prebuilt_rules/install_mocked_prebuilt_rule_assets.ts @@ -25,7 +25,7 @@ export default ({ getService }: FtrProviderContext): void => { const es = getService('es'); const supertest = getService('supertest'); const log = getService('log'); - const securitySolutionApi = getService('securitySolutionApi'); + const detectionsApi = getService('detectionsApi'); describe('@ess @serverless @skipInServerlessMKI Install from mocked prebuilt rule assets', () => { beforeEach(async () => { @@ -203,7 +203,7 @@ export default ({ getService }: FtrProviderContext): void => { ]); await installPrebuiltRulesAndTimelines(es, supertest); - await securitySolutionApi + await detectionsApi .patchRule({ body: { rule_id: 'rule-1', @@ -230,7 +230,7 @@ export default ({ getService }: FtrProviderContext): void => { expect(response.rules_installed).toBe(0); expect(response.rules_updated).toBe(1); - const { body: prebuiltRule } = await securitySolutionApi.readRule({ + const { body: prebuiltRule } = await detectionsApi.readRule({ query: { rule_id: 'rule-1' }, }); @@ -253,7 +253,7 @@ export default ({ getService }: FtrProviderContext): void => { ]); await installPrebuiltRulesAndTimelines(es, supertest); - await securitySolutionApi + await detectionsApi .patchRule({ body: { rule_id: 'rule-1', @@ -279,7 +279,7 @@ export default ({ getService }: FtrProviderContext): void => { expect(response.rules_installed).toBe(0); expect(response.rules_updated).toBe(1); - const { body: prebuiltRule } = await securitySolutionApi.readRule({ + const { body: prebuiltRule } = await detectionsApi.readRule({ query: { rule_id: 'rule-1' }, }); diff --git a/x-pack/solutions/security/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/common/non_customizable_fields/non_customizable_fields.ts b/x-pack/solutions/security/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/common/non_customizable_fields/non_customizable_fields.ts index dc0e946904627..0481c4d507874 100644 --- a/x-pack/solutions/security/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/common/non_customizable_fields/non_customizable_fields.ts +++ b/x-pack/solutions/security/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/common/non_customizable_fields/non_customizable_fields.ts @@ -26,7 +26,7 @@ import { export default ({ getService }: FtrProviderContext) => { const supertest = getService('supertest'); - const securitySolutionApi = getService('securitySolutionApi'); + const detectionsApi = getService('detectionsApi'); const log = getService('log'); const es = getService('es'); const retryService = getService('retry'); @@ -54,7 +54,7 @@ export default ({ getService }: FtrProviderContext) => { await installPrebuiltRulesFromUploadedPackage(); await installPrebuiltRules(es, supertest); - const { body } = await securitySolutionApi + const { body } = await detectionsApi .patchRule({ body: { rule_id: PREBUILT_RULE_ID_A, @@ -72,13 +72,13 @@ export default ({ getService }: FtrProviderContext) => { await installPrebuiltRulesFromUploadedPackage(); await installPrebuiltRules(es, supertest); - const { body: existingRule } = await securitySolutionApi + const { body: existingRule } = await detectionsApi .readRule({ query: { rule_id: PREBUILT_RULE_ID_A }, }) .expect(200); - const { body } = await securitySolutionApi + const { body } = await detectionsApi .updateRule({ body: getCustomQueryRuleParams({ ...existingRule, diff --git a/x-pack/solutions/security/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/common/prebuilt_rules_package/air_gapped/bootstrap_prebuilt_rules.ts b/x-pack/solutions/security/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/common/prebuilt_rules_package/air_gapped/bootstrap_prebuilt_rules.ts index 32015fd865220..4616f7bb8189d 100644 --- a/x-pack/solutions/security/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/common/prebuilt_rules_package/air_gapped/bootstrap_prebuilt_rules.ts +++ b/x-pack/solutions/security/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/common/prebuilt_rules_package/air_gapped/bootstrap_prebuilt_rules.ts @@ -18,7 +18,7 @@ export default ({ getService }: FtrProviderContext): void => { const log = getService('log'); const supertest = getService('supertest'); const retryService = getService('retry'); - const securitySolutionApi = getService('securitySolutionApi'); + const detectionsApi = getService('detectionsApi'); describe('@ess @serverless @skipInServerlessMKI Bootstrap Prebuilt Rules', () => { beforeEach(async () => { @@ -27,7 +27,7 @@ export default ({ getService }: FtrProviderContext): void => { }); it('installs required Fleet packages required for detection engine to function', async () => { - const { body } = await securitySolutionApi.bootstrapPrebuiltRules().expect(200); + const { body } = await detectionsApi.bootstrapPrebuiltRules().expect(200); expect(body).toMatchObject({ packages: expect.arrayContaining([ @@ -45,9 +45,9 @@ export default ({ getService }: FtrProviderContext): void => { it('skips packages installation when the package has been already installed', async () => { // Install the packages - await securitySolutionApi.bootstrapPrebuiltRules().expect(200); + await detectionsApi.bootstrapPrebuiltRules().expect(200); // Try to install the packages again - const { body } = await securitySolutionApi.bootstrapPrebuiltRules().expect(200); + const { body } = await detectionsApi.bootstrapPrebuiltRules().expect(200); expect(body).toMatchObject({ packages: expect.arrayContaining([ diff --git a/x-pack/solutions/security/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/common/prebuilt_rules_package/install_package_from_epr.ts b/x-pack/solutions/security/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/common/prebuilt_rules_package/install_package_from_epr.ts index a33fdd64a3d75..be8a175ccb69c 100644 --- a/x-pack/solutions/security/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/common/prebuilt_rules_package/install_package_from_epr.ts +++ b/x-pack/solutions/security/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/common/prebuilt_rules_package/install_package_from_epr.ts @@ -28,7 +28,7 @@ export default ({ getService }: FtrProviderContext): void => { const supertest = getService('supertest'); const log = getService('log'); const retryService = getService('retry'); - const securitySolutionApi = getService('securitySolutionApi'); + const detectionsApi = getService('detectionsApi'); describe('@ess @serverless @skipInServerlessMKI Install prebuilt rules from EPR', () => { beforeEach(async () => { @@ -44,7 +44,7 @@ export default ({ getService }: FtrProviderContext): void => { await deletePrebuiltRulesFleetPackage({ supertest, es, log, retryService }); await deleteEndpointFleetPackage({ supertest, es, log, retryService }); - const { body } = await securitySolutionApi.bootstrapPrebuiltRules().expect(200); + const { body } = await detectionsApi.bootstrapPrebuiltRules().expect(200); expect(body).toMatchObject({ packages: expect.arrayContaining([ diff --git a/x-pack/solutions/security/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/common/revert_prebuilt_rules/get_prebuilt_rule_base_version.ts b/x-pack/solutions/security/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/common/revert_prebuilt_rules/get_prebuilt_rule_base_version.ts index 9cbb0caa549f1..5d355659abe40 100644 --- a/x-pack/solutions/security/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/common/revert_prebuilt_rules/get_prebuilt_rule_base_version.ts +++ b/x-pack/solutions/security/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/common/revert_prebuilt_rules/get_prebuilt_rule_base_version.ts @@ -25,7 +25,7 @@ import { getPrebuiltRuleBaseVersion } from '../../../../utils/rules/prebuilt_rul export default ({ getService }: FtrProviderContext): void => { const es = getService('es'); const supertest = getService('supertest'); - const securitySolutionApi = getService('securitySolutionApi'); + const detectionsApi = getService('detectionsApi'); const log = getService('log'); const ruleAsset = createRuleAssetSavedObject({ @@ -51,14 +51,14 @@ export default ({ getService }: FtrProviderContext): void => { body: { data: [baseVersion], }, - } = await securitySolutionApi.findRules({ + } = await detectionsApi.findRules({ query: { filter: 'alert.attributes.params.immutable: true', per_page: 1, }, }); - const { body: modifiedCurrentVersion } = await securitySolutionApi.patchRule({ + const { body: modifiedCurrentVersion } = await detectionsApi.patchRule({ body: { rule_id: 'rule_1', description: 'new description' }, }); @@ -100,7 +100,7 @@ export default ({ getService }: FtrProviderContext): void => { body: { data: [baseVersion], }, - } = await securitySolutionApi.findRules({ + } = await detectionsApi.findRules({ query: { filter: 'alert.attributes.params.immutable: true', per_page: 1, @@ -127,7 +127,7 @@ export default ({ getService }: FtrProviderContext): void => { body: { data: [prebuiltRule], }, - } = await securitySolutionApi.findRules({ + } = await detectionsApi.findRules({ query: { filter: 'alert.attributes.params.immutable: true', per_page: 1, @@ -149,7 +149,7 @@ export default ({ getService }: FtrProviderContext): void => { }); it('returns a 404 error if rule is custom', async () => { - const { body: customRule } = await securitySolutionApi.createRule({ + const { body: customRule } = await detectionsApi.createRule({ body: getCustomQueryRuleParams({ rule_id: 'rule-1' }), }); diff --git a/x-pack/solutions/security/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/common/revert_prebuilt_rules/revert_prebuilt_rules.ts b/x-pack/solutions/security/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/common/revert_prebuilt_rules/revert_prebuilt_rules.ts index 4ba129199a7a7..36c39dfd7932d 100644 --- a/x-pack/solutions/security/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/common/revert_prebuilt_rules/revert_prebuilt_rules.ts +++ b/x-pack/solutions/security/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/common/revert_prebuilt_rules/revert_prebuilt_rules.ts @@ -24,7 +24,7 @@ import { revertPrebuiltRule } from '../../../../utils/rules/prebuilt_rules/rever export default ({ getService }: FtrProviderContext): void => { const es = getService('es'); const supertest = getService('supertest'); - const securitySolutionApi = getService('securitySolutionApi'); + const detectionsApi = getService('detectionsApi'); const log = getService('log'); const ruleAsset = createRuleAssetSavedObject({ @@ -49,13 +49,13 @@ export default ({ getService }: FtrProviderContext): void => { }); it('reverts a customized prebuilt rule to original Elastic version', async () => { - const { body: nonCustomizedPrebuiltRule } = await securitySolutionApi + const { body: nonCustomizedPrebuiltRule } = await detectionsApi .readRule({ query: { rule_id: 'rule_1' }, }) .expect(200); - const { body: customizedPrebuiltRule } = await securitySolutionApi.patchRule({ + const { body: customizedPrebuiltRule } = await detectionsApi.patchRule({ body: { rule_id: 'rule_1', description: 'new description' }, }); @@ -96,7 +96,7 @@ export default ({ getService }: FtrProviderContext): void => { describe('customization adjacent fields', () => { it('does not modify `exception_list` field', async () => { - const { body: customizedPrebuiltRule } = await securitySolutionApi.patchRule({ + const { body: customizedPrebuiltRule } = await detectionsApi.patchRule({ body: { rule_id: 'rule_1', description: 'new description', @@ -136,7 +136,7 @@ export default ({ getService }: FtrProviderContext): void => { }); it('does not modify `actions` field', async () => { - const { body: customizedPrebuiltRule } = await securitySolutionApi.patchRule({ + const { body: customizedPrebuiltRule } = await detectionsApi.patchRule({ body: { rule_id: 'rule_1', description: 'new description', @@ -178,7 +178,7 @@ export default ({ getService }: FtrProviderContext): void => { }); it('does not modify `execution_summary` field', async () => { - const { body: customizedPrebuiltRule } = await securitySolutionApi.patchRule({ + const { body: customizedPrebuiltRule } = await detectionsApi.patchRule({ body: { rule_id: 'rule_1', description: 'new description', @@ -223,7 +223,7 @@ export default ({ getService }: FtrProviderContext): void => { }); it('does not modify `enabled` field', async () => { - const { body: customizedPrebuiltRule } = await securitySolutionApi.patchRule({ + const { body: customizedPrebuiltRule } = await detectionsApi.patchRule({ body: { rule_id: 'rule_1', description: 'new description', @@ -250,7 +250,7 @@ export default ({ getService }: FtrProviderContext): void => { }); it("skips a prebuilt rule if it's not customized", async () => { - const { body: nonCustomizedPrebuiltRule } = await securitySolutionApi + const { body: nonCustomizedPrebuiltRule } = await detectionsApi .readRule({ query: { rule_id: 'rule_1' }, }) @@ -288,7 +288,7 @@ export default ({ getService }: FtrProviderContext): void => { }); it("skips a rule if it's not prebuilt", async () => { - const { body: customRule } = await securitySolutionApi.createRule({ + const { body: customRule } = await detectionsApi.createRule({ body: getCustomQueryRuleParams({ rule_id: 'rule-1' }), }); @@ -324,7 +324,7 @@ export default ({ getService }: FtrProviderContext): void => { }); it('throws an error if rule base version cannot be found', async () => { - const { body: customizedPrebuiltRule } = await securitySolutionApi.patchRule({ + const { body: customizedPrebuiltRule } = await detectionsApi.patchRule({ body: { rule_id: 'rule_1', description: 'new description' }, }); @@ -352,7 +352,7 @@ export default ({ getService }: FtrProviderContext): void => { }); it("throws an error if version param doesn't equal the fetched rule version", async () => { - const { body: customizedPrebuiltRule } = await securitySolutionApi.patchRule({ + const { body: customizedPrebuiltRule } = await detectionsApi.patchRule({ body: { rule_id: 'rule_1', description: 'new description' }, }); @@ -380,7 +380,7 @@ export default ({ getService }: FtrProviderContext): void => { }); it("throws an error if revision param doesn't equal the fetched rule revision", async () => { - const { body: customizedPrebuiltRule } = await securitySolutionApi.patchRule({ + const { body: customizedPrebuiltRule } = await detectionsApi.patchRule({ body: { rule_id: 'rule_1', description: 'new description' }, }); diff --git a/x-pack/solutions/security/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_disabled/customization/unable_to_customize_via_bulk_editing.ts b/x-pack/solutions/security/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_disabled/customization/unable_to_customize_via_bulk_editing.ts index f7280716b2280..aca350c8f3513 100644 --- a/x-pack/solutions/security/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_disabled/customization/unable_to_customize_via_bulk_editing.ts +++ b/x-pack/solutions/security/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_disabled/customization/unable_to_customize_via_bulk_editing.ts @@ -17,14 +17,14 @@ import { FtrProviderContext } from '../../../../../../ftr_provider_context'; export default ({ getService }: FtrProviderContext): void => { const supertest = getService('supertest'); const es = getService('es'); - const securitySolutionApi = getService('securitySolutionApi'); + const detectionsApi = getService('detectionsApi'); const fetchPrebuiltRule = async () => { const { body: { data: [prebuiltRule], }, - } = await securitySolutionApi.findRules({ + } = await detectionsApi.findRules({ query: { filter: 'alert.attributes.params.immutable: true', per_page: 1, @@ -78,7 +78,7 @@ export default ({ getService }: FtrProviderContext): void => { const prebuiltRule = await fetchPrebuiltRule(); - await securitySolutionApi + await detectionsApi .performRulesBulkAction({ query: {}, body: { @@ -112,7 +112,7 @@ export default ({ getService }: FtrProviderContext): void => { await installMockPrebuiltRules(supertest, es); const prebuiltRule = await fetchPrebuiltRule(); - const { body } = await securitySolutionApi + const { body } = await detectionsApi .performRulesBulkAction({ query: {}, body: { @@ -153,7 +153,7 @@ export default ({ getService }: FtrProviderContext): void => { }); // Check that the updates were not made - const { body: readRule } = await securitySolutionApi + const { body: readRule } = await detectionsApi .readRule({ query: { rule_id: prebuiltRule.rule_id } }) .expect(200); diff --git a/x-pack/solutions/security/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/customization/customize_via_bulk_editing.ts b/x-pack/solutions/security/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/customization/customize_via_bulk_editing.ts index 14152146c1fd1..86ace9a31dd75 100644 --- a/x-pack/solutions/security/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/customization/customize_via_bulk_editing.ts +++ b/x-pack/solutions/security/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/customization/customize_via_bulk_editing.ts @@ -25,7 +25,7 @@ import { FtrProviderContext } from '../../../../../../ftr_provider_context'; export default ({ getService }: FtrProviderContext): void => { const supertest = getService('supertest'); const es = getService('es'); - const securitySolutionApi = getService('securitySolutionApi'); + const detectionsApi = getService('detectionsApi'); const log = getService('log'); describe('@ess @serverless @skipInServerless Customize via bulk editing', () => { @@ -92,7 +92,7 @@ export default ({ getService }: FtrProviderContext): void => { ): Promise => { const { body: { data: prebuiltRules }, - } = await securitySolutionApi + } = await detectionsApi .findRules({ query: { filter: 'alert.attributes.params.immutable: true', @@ -101,7 +101,7 @@ export default ({ getService }: FtrProviderContext): void => { }) .expect(200); - const { body: bulkEditResponse } = await securitySolutionApi + const { body: bulkEditResponse } = await detectionsApi .performRulesBulkAction({ query: {}, body: { diff --git a/x-pack/solutions/security/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/customization/detect_customization_with_base_version.ts b/x-pack/solutions/security/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/customization/detect_customization_with_base_version.ts index dbbd6a8a40ed0..8314e27283580 100644 --- a/x-pack/solutions/security/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/customization/detect_customization_with_base_version.ts +++ b/x-pack/solutions/security/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/customization/detect_customization_with_base_version.ts @@ -19,7 +19,7 @@ import { export default ({ getService }: FtrProviderContext): void => { const es = getService('es'); const supertest = getService('supertest'); - const securitySolutionApi = getService('securitySolutionApi'); + const detectionsApi = getService('detectionsApi'); const log = getService('log'); describe('@ess @serverless @skipInServerlessMKI Detect prebuilt rule customization (base version exists)', () => { @@ -40,14 +40,14 @@ export default ({ getService }: FtrProviderContext): void => { // isn't provided for non custom query rule types. ruleType?: RuleResponse['type']; }) => { - const { body: nonCustomizedRule } = await securitySolutionApi + const { body: nonCustomizedRule } = await detectionsApi .readRule({ query: { rule_id: PREBUILT_RULE_ID }, }) .expect(200); // Assert the customization for "fieldName" works - const { body: customizedResponse } = await securitySolutionApi + const { body: customizedResponse } = await detectionsApi .patchRule({ body: { rule_id: PREBUILT_RULE_ID, type: ruleType, [fieldName]: customizedValue }, }) @@ -59,7 +59,7 @@ export default ({ getService }: FtrProviderContext): void => { }); // Assert that patching the "fieldName" to its original value reverts the customization - const { body: customizationRevertedResponse } = await securitySolutionApi + const { body: customizationRevertedResponse } = await detectionsApi .updateRule({ body: { ...nonCustomizedRule, id: undefined }, }) @@ -202,13 +202,13 @@ export default ({ getService }: FtrProviderContext): void => { })); it('"timeline_template" fields', async () => { - const { body: nonCustomizedRule } = await securitySolutionApi + const { body: nonCustomizedRule } = await detectionsApi .readRule({ query: { rule_id: PREBUILT_RULE_ID }, }) .expect(200); - const { body: customizedResponse } = await securitySolutionApi + const { body: customizedResponse } = await detectionsApi .patchRule({ body: { rule_id: PREBUILT_RULE_ID, @@ -223,7 +223,7 @@ export default ({ getService }: FtrProviderContext): void => { is_customized: true, }); - const { body: customizationRevertedResponse } = await securitySolutionApi + const { body: customizationRevertedResponse } = await detectionsApi .updateRule({ body: { ...nonCustomizedRule, @@ -313,13 +313,13 @@ export default ({ getService }: FtrProviderContext): void => { })); it('"data_view_id" field', async () => { - const { body: nonCustomizedRule } = await securitySolutionApi + const { body: nonCustomizedRule } = await detectionsApi .readRule({ query: { rule_id: PREBUILT_RULE_ID }, }) .expect(200); - const { body: customizedResponse } = await securitySolutionApi + const { body: customizedResponse } = await detectionsApi .patchRule({ body: { rule_id: PREBUILT_RULE_ID, data_view_id: 'new-data-view', index: [] }, }) @@ -330,7 +330,7 @@ export default ({ getService }: FtrProviderContext): void => { is_customized: true, }); - const { body: customizationRevertedResponse } = await securitySolutionApi + const { body: customizationRevertedResponse } = await detectionsApi .updateRule({ body: { ...nonCustomizedRule, diff --git a/x-pack/solutions/security/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/customization/detect_customization_without_base_version.ts b/x-pack/solutions/security/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/customization/detect_customization_without_base_version.ts index 68d48e037b816..ee211f66bdc9f 100644 --- a/x-pack/solutions/security/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/customization/detect_customization_without_base_version.ts +++ b/x-pack/solutions/security/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/customization/detect_customization_without_base_version.ts @@ -19,7 +19,7 @@ import { export default ({ getService }: FtrProviderContext): void => { const es = getService('es'); const supertest = getService('supertest'); - const securitySolutionApi = getService('securitySolutionApi'); + const detectionsApi = getService('detectionsApi'); const log = getService('log'); describe('@ess @serverless @skipInServerlessMKI Detect prebuilt rule customization (base version is missing)', () => { @@ -41,7 +41,7 @@ export default ({ getService }: FtrProviderContext): void => { ruleType?: RuleResponse['type']; }) => { // Assert the customization for "fieldName" works - const { body: customizedResponse } = await securitySolutionApi + const { body: customizedResponse } = await detectionsApi .patchRule({ body: { rule_id: PREBUILT_RULE_ID, type: ruleType, [fieldName]: customizedValue }, }) @@ -185,7 +185,7 @@ export default ({ getService }: FtrProviderContext): void => { })); it('"timeline_template" fields', async () => { - const { body: customizedResponse } = await securitySolutionApi + const { body: customizedResponse } = await detectionsApi .patchRule({ body: { rule_id: PREBUILT_RULE_ID, @@ -277,7 +277,7 @@ export default ({ getService }: FtrProviderContext): void => { })); it('"data_view_id" field', async () => { - const { body: customizedResponse } = await securitySolutionApi + const { body: customizedResponse } = await detectionsApi .patchRule({ body: { rule_id: PREBUILT_RULE_ID, data_view_id: 'new-data-view', index: [] }, }) diff --git a/x-pack/solutions/security/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/customization/unaffected_fields.ts b/x-pack/solutions/security/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/customization/unaffected_fields.ts index eb8e20cf11f1c..075fcee93a4ba 100644 --- a/x-pack/solutions/security/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/customization/unaffected_fields.ts +++ b/x-pack/solutions/security/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/customization/unaffected_fields.ts @@ -23,7 +23,7 @@ import { export default ({ getService }: FtrProviderContext): void => { const es = getService('es'); const supertest = getService('supertest'); - const securitySolutionApi = getService('securitySolutionApi'); + const detectionsApi = getService('detectionsApi'); const log = getService('log'); describe('@ess @serverless @skipInServerlessMKI Skip customization detection for unaffected prebuilt rule fields', () => { @@ -51,7 +51,7 @@ export default ({ getService }: FtrProviderContext): void => { fieldName: string; value: unknown; }) => { - const { body } = await securitySolutionApi + const { body } = await detectionsApi .patchRule({ body: { rule_id: PREBUILT_RULE_ID, [fieldName]: value }, }) @@ -112,7 +112,7 @@ export default ({ getService }: FtrProviderContext): void => { })); it('leaves "is_customized" intact when bulk edit does not change the field value', async () => { - const { body: prebuiltRule } = await securitySolutionApi + const { body: prebuiltRule } = await detectionsApi .readRule({ query: { rule_id: PREBUILT_RULE_ID }, }) @@ -120,7 +120,7 @@ export default ({ getService }: FtrProviderContext): void => { expect(prebuiltRule.rule_source.is_customized).toEqual(false); - const { body: bulkResult } = await securitySolutionApi + const { body: bulkResult } = await detectionsApi .performRulesBulkAction({ query: {}, body: { @@ -145,7 +145,7 @@ export default ({ getService }: FtrProviderContext): void => { }); // Check that the rule has not been customized - const { body: unchangedPrebuiltRule } = await securitySolutionApi + const { body: unchangedPrebuiltRule } = await detectionsApi .readRule({ query: { rule_id: PREBUILT_RULE_ID }, }) @@ -157,7 +157,7 @@ export default ({ getService }: FtrProviderContext): void => { describe('cannot change non-customizable rule fields', () => { it('"id" field', async () => { - await securitySolutionApi + await detectionsApi .patchRule({ body: { rule_id: PREBUILT_RULE_ID, @@ -168,7 +168,7 @@ export default ({ getService }: FtrProviderContext): void => { }); it('"author" field', async () => { - await securitySolutionApi + await detectionsApi .patchRule({ body: { rule_id: PREBUILT_RULE_ID, @@ -179,7 +179,7 @@ export default ({ getService }: FtrProviderContext): void => { }); it('"license" field', async () => { - await securitySolutionApi + await detectionsApi .patchRule({ body: { rule_id: PREBUILT_RULE_ID, diff --git a/x-pack/solutions/security/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/test_helpers.ts b/x-pack/solutions/security/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/test_helpers.ts index 265ae4fa7b91d..0d4c81def15e0 100644 --- a/x-pack/solutions/security/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/test_helpers.ts +++ b/x-pack/solutions/security/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/test_helpers.ts @@ -199,13 +199,13 @@ export function testFieldUpgradesToMergedValue( const es = getService('es'); const supertest = getService('supertest'); const log = getService('log'); - const securitySolutionApi = getService('securitySolutionApi'); + const detectionsApi = getService('detectionsApi'); const deps = { es, supertest, log, - securitySolutionApi, + detectionsApi, }; it('upgrades to MERGED value', async () => { @@ -234,7 +234,7 @@ export function testFieldUpgradesToMergedValue( ], }); - const upgradedRule = await securitySolutionApi.readRule({ + const upgradedRule = await detectionsApi.readRule({ query: { rule_id: DEFAULT_TEST_RULE_ID }, }); @@ -273,13 +273,13 @@ export function testFieldUpgradesToResolvedValue( const es = getService('es'); const supertest = getService('supertest'); const log = getService('log'); - const securitySolutionApi = getService('securitySolutionApi'); + const detectionsApi = getService('detectionsApi'); const deps = { es, supertest, log, - securitySolutionApi, + detectionsApi, }; it('upgrades to RESOLVED value', async () => { @@ -308,7 +308,7 @@ export function testFieldUpgradesToResolvedValue( ], }); - const upgradedRule = await deps.securitySolutionApi.readRule({ + const upgradedRule = await deps.detectionsApi.readRule({ query: { rule_id: DEFAULT_TEST_RULE_ID }, }); diff --git a/x-pack/solutions/security/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/upgrade_single_prebuilt_rule.ts b/x-pack/solutions/security/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/upgrade_single_prebuilt_rule.ts index a7cc9a67447e1..c3bdc980b4b27 100644 --- a/x-pack/solutions/security/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/upgrade_single_prebuilt_rule.ts +++ b/x-pack/solutions/security/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/upgrade_single_prebuilt_rule.ts @@ -24,7 +24,7 @@ export default ({ getService }: FtrProviderContext): void => { const es = getService('es'); const supertest = getService('supertest'); const log = getService('log'); - const securitySolutionApi = getService('securitySolutionApi'); + const detectionsApi = getService('detectionsApi'); const deps = { es, supertest, @@ -83,7 +83,7 @@ export default ({ getService }: FtrProviderContext): void => { }, ], }); - const upgradedRule = await securitySolutionApi.readRule({ + const upgradedRule = await detectionsApi.readRule({ query: { rule_id: DEFAULT_TEST_RULE_ID }, }); @@ -129,7 +129,7 @@ export default ({ getService }: FtrProviderContext): void => { }, ], }); - const upgradedRule = await securitySolutionApi.readRule({ + const upgradedRule = await detectionsApi.readRule({ query: { rule_id: DEFAULT_TEST_RULE_ID }, }); @@ -179,7 +179,7 @@ export default ({ getService }: FtrProviderContext): void => { }, ], }); - const upgradedRule = await securitySolutionApi.readRule({ + const upgradedRule = await detectionsApi.readRule({ query: { rule_id: DEFAULT_TEST_RULE_ID }, }); @@ -226,7 +226,7 @@ export default ({ getService }: FtrProviderContext): void => { }, ], }); - const upgradedRule = await securitySolutionApi.readRule({ + const upgradedRule = await detectionsApi.readRule({ query: { rule_id: DEFAULT_TEST_RULE_ID }, }); @@ -343,7 +343,7 @@ export default ({ getService }: FtrProviderContext): void => { mode: ModeEnum.ALL_RULES, pick_version: 'TARGET', }); - const upgradedRule = await securitySolutionApi.readRule({ + const upgradedRule = await detectionsApi.readRule({ query: { rule_id: DEFAULT_TEST_RULE_ID }, }); diff --git a/x-pack/solutions/security/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/trial_license_complete_tier/perform_bulk_action.ts b/x-pack/solutions/security/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/trial_license_complete_tier/perform_bulk_action.ts index 51d2a45b15aec..9bf1d817fab42 100644 --- a/x-pack/solutions/security/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/trial_license_complete_tier/perform_bulk_action.ts +++ b/x-pack/solutions/security/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/trial_license_complete_tier/perform_bulk_action.ts @@ -44,7 +44,7 @@ import { getGapsByRuleId } from '../../../../../config/services/detections_respo export default ({ getService }: FtrProviderContext): void => { const supertest = getService('supertest'); - const securitySolutionApi = getService('securitySolutionApi'); + const detectionsApi = getService('detectionsApi'); const es = getService('es'); const log = getService('log'); const esArchiver = getService('esArchiver'); @@ -104,7 +104,7 @@ export default ({ getService }: FtrProviderContext): void => { it('should export rules', async () => { const mockRule = getCustomQueryRuleParams(); - await securitySolutionApi.createRule({ body: mockRule }); + await detectionsApi.createRule({ body: mockRule }); const { body } = await postBulkAction() .send({ query: '', action: BulkActionTypeEnum.export }) @@ -150,9 +150,9 @@ export default ({ getService }: FtrProviderContext): void => { }; const mockRule = getCustomQueryRuleParams(defaultableFields); - await securitySolutionApi.createRule({ body: mockRule }); + await detectionsApi.createRule({ body: mockRule }); - const { body } = await securitySolutionApi + const { body } = await detectionsApi .performRulesBulkAction({ query: {}, body: { @@ -293,7 +293,7 @@ export default ({ getService }: FtrProviderContext): void => { ], }); - await securitySolutionApi.createRule({ body: ruleToDuplicate }); + await detectionsApi.createRule({ body: ruleToDuplicate }); const { body } = await postBulkAction() .send({ @@ -311,12 +311,12 @@ export default ({ getService }: FtrProviderContext): void => { ); // Check that the updates have been persisted - const { body: rulesResponse } = await securitySolutionApi.findRules({ query: {} }); + const { body: rulesResponse } = await detectionsApi.findRules({ query: {} }); expect(rulesResponse.total).toEqual(2); const duplicatedRuleId = body.attributes.results.created[0].id; - const { body: duplicatedRule } = await securitySolutionApi + const { body: duplicatedRule } = await detectionsApi .readRule({ query: { id: duplicatedRuleId }, }) @@ -1129,7 +1129,7 @@ export default ({ getService }: FtrProviderContext): void => { const ruleId = 'ruleId'; await createRule(supertest, log, getSimpleRule(ruleId)); - const { body: bulkEditResponse } = await securitySolutionApi + const { body: bulkEditResponse } = await detectionsApi .performRulesBulkAction({ query: {}, body: { @@ -1172,7 +1172,7 @@ export default ({ getService }: FtrProviderContext): void => { investigation_fields: investigationFields, }); - const { body: bulkEditResponse } = await securitySolutionApi + const { body: bulkEditResponse } = await detectionsApi .performRulesBulkAction({ query: {}, body: { @@ -1215,7 +1215,7 @@ export default ({ getService }: FtrProviderContext): void => { investigation_fields: investigationFields, }); - const { body: bulkEditResponse } = await securitySolutionApi + const { body: bulkEditResponse } = await detectionsApi .performRulesBulkAction({ query: {}, body: { @@ -1291,7 +1291,7 @@ export default ({ getService }: FtrProviderContext): void => { investigation_fields: existingInvestigationFields, }); - const { body: bulkEditResponse } = await securitySolutionApi + const { body: bulkEditResponse } = await detectionsApi .performRulesBulkAction({ query: {}, body: { @@ -2265,7 +2265,7 @@ export default ({ getService }: FtrProviderContext): void => { const endDate = moment(); const startDate = endDate.clone().subtract(1, 'h'); - const { body } = await securitySolutionApi + const { body } = await detectionsApi .performRulesBulkAction({ query: {}, body: { @@ -2313,7 +2313,7 @@ export default ({ getService }: FtrProviderContext): void => { const endDate = moment(); const startDate = endDate.clone().subtract(1, 'h'); - const { body } = await securitySolutionApi + const { body } = await detectionsApi .performRulesBulkAction({ query: {}, body: { @@ -2355,7 +2355,7 @@ export default ({ getService }: FtrProviderContext): void => { const endDate = moment().subtract(1, 'h'); const startDate = endDate.clone(); - const { body } = await securitySolutionApi + const { body } = await detectionsApi .performRulesBulkAction({ query: {}, body: { @@ -2397,7 +2397,7 @@ export default ({ getService }: FtrProviderContext): void => { const startDate = moment().add(1, 'd'); const endDate = moment().add(2, 'd'); - const { body } = await securitySolutionApi + const { body } = await detectionsApi .performRulesBulkAction({ query: {}, body: { @@ -2439,7 +2439,7 @@ export default ({ getService }: FtrProviderContext): void => { const endDate = moment().add(1, 'd'); const startDate = moment().subtract(1, 'd'); - const { body } = await securitySolutionApi + const { body } = await detectionsApi .performRulesBulkAction({ query: {}, body: { @@ -2481,7 +2481,7 @@ export default ({ getService }: FtrProviderContext): void => { const endDate = moment(); const startDate = moment().subtract(MAX_MANUAL_RULE_RUN_LOOKBACK_WINDOW_DAYS + 1, 'd'); - const { body } = await securitySolutionApi + const { body } = await detectionsApi .performRulesBulkAction({ query: {}, body: { @@ -2516,7 +2516,7 @@ export default ({ getService }: FtrProviderContext): void => { const endDate = moment(); const startDate = endDate.clone().subtract(1, 'h'); - const { body } = await securitySolutionApi + const { body } = await detectionsApi .performRulesBulkAction({ query: {}, body: { @@ -2574,7 +2574,7 @@ export default ({ getService }: FtrProviderContext): void => { const endDate = moment(); const startDate = endDate.clone().subtract(1, 'h'); - const { body } = await securitySolutionApi + const { body } = await detectionsApi .performRulesBulkAction({ query: {}, body: { @@ -2698,7 +2698,7 @@ export default ({ getService }: FtrProviderContext): void => { const ruleIdsToBackfill = Object.keys(generatedGapEvents).slice(0, 2); // Trigger the backfill for the selected rules - const { body } = await securitySolutionApi + const { body } = await detectionsApi .performRulesBulkAction({ query: {}, body: { @@ -2773,7 +2773,7 @@ export default ({ getService }: FtrProviderContext): void => { it('should return 500 error if some rules do not exist', async () => { const existentRules = createdRuleIds; const nonExistentRule = 'non-existent-rule'; - const { body } = await securitySolutionApi + const { body } = await detectionsApi .performRulesBulkAction({ query: {}, body: { @@ -2820,7 +2820,7 @@ export default ({ getService }: FtrProviderContext): void => { await generateGapsForRule(es, disabledRule, 100); - const { body } = await securitySolutionApi + const { body } = await detectionsApi .performRulesBulkAction({ query: {}, body: { @@ -2866,7 +2866,7 @@ export default ({ getService }: FtrProviderContext): void => { }); it('should return 400 error when the end date is not strictly greater than the start date', async () => { - const { body } = await securitySolutionApi + const { body } = await detectionsApi .performRulesBulkAction({ query: {}, body: { @@ -2884,7 +2884,7 @@ export default ({ getService }: FtrProviderContext): void => { }); it('should return 400 error when start date is in the future', async () => { - const { body } = await securitySolutionApi + const { body } = await detectionsApi .performRulesBulkAction({ query: {}, body: { @@ -2902,7 +2902,7 @@ export default ({ getService }: FtrProviderContext): void => { }); it('should return 400 error when end date is in the future', async () => { - const { body } = await securitySolutionApi + const { body } = await detectionsApi .performRulesBulkAction({ query: {}, body: { @@ -2920,7 +2920,7 @@ export default ({ getService }: FtrProviderContext): void => { }); it('should return 400 error when range between start and end are greater than 90 days', async () => { - const { body } = await securitySolutionApi + const { body } = await detectionsApi .performRulesBulkAction({ query: {}, body: { diff --git a/x-pack/solutions/security/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/trial_license_complete_tier/perform_bulk_action_dry_run.ts b/x-pack/solutions/security/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/trial_license_complete_tier/perform_bulk_action_dry_run.ts index 0c45f42fffe55..37ca008c603b2 100644 --- a/x-pack/solutions/security/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/trial_license_complete_tier/perform_bulk_action_dry_run.ts +++ b/x-pack/solutions/security/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/trial_license_complete_tier/perform_bulk_action_dry_run.ts @@ -26,7 +26,7 @@ import { FtrProviderContext } from '../../../../../ftr_provider_context'; export default ({ getService }: FtrProviderContext): void => { const supertest = getService('supertest'); - const securitySolutionApi = getService('securitySolutionApi'); + const detectionsApi = getService('detectionsApi'); const log = getService('log'); const es = getService('es'); @@ -43,7 +43,7 @@ export default ({ getService }: FtrProviderContext): void => { it('should not support export action', async () => { await createRule(supertest, log, getSimpleRule()); - const { body } = await securitySolutionApi + const { body } = await detectionsApi .performRulesBulkAction({ query: { dry_run: true }, body: { action: BulkActionTypeEnum.export }, @@ -61,7 +61,7 @@ export default ({ getService }: FtrProviderContext): void => { const testRule = getSimpleRule(ruleId); await createRule(supertest, log, testRule); - const { body } = await securitySolutionApi + const { body } = await detectionsApi .performRulesBulkAction({ query: { dry_run: true }, body: { action: BulkActionTypeEnum.delete }, @@ -78,14 +78,14 @@ export default ({ getService }: FtrProviderContext): void => { }); // Check that rule wasn't deleted - await securitySolutionApi.readRule({ query: { rule_id: ruleId } }).expect(200); + await detectionsApi.readRule({ query: { rule_id: ruleId } }).expect(200); }); it('should handle enable action', async () => { const ruleId = 'ruleId'; await createRule(supertest, log, getSimpleRule(ruleId)); - const { body } = await securitySolutionApi + const { body } = await detectionsApi .performRulesBulkAction({ query: { dry_run: true }, body: { action: BulkActionTypeEnum.enable }, @@ -102,7 +102,7 @@ export default ({ getService }: FtrProviderContext): void => { }); // Check that the updates have not been persisted - const { body: ruleBody } = await securitySolutionApi + const { body: ruleBody } = await detectionsApi .readRule({ query: { rule_id: ruleId } }) .expect(200); expect(ruleBody.enabled).toBe(false); @@ -112,7 +112,7 @@ export default ({ getService }: FtrProviderContext): void => { const ruleId = 'ruleId'; await createRule(supertest, log, getSimpleRule(ruleId, true)); - const { body } = await securitySolutionApi + const { body } = await detectionsApi .performRulesBulkAction({ query: { dry_run: true }, body: { action: BulkActionTypeEnum.disable }, @@ -129,7 +129,7 @@ export default ({ getService }: FtrProviderContext): void => { }); // Check that the updates have not been persisted - const { body: ruleBody } = await securitySolutionApi + const { body: ruleBody } = await detectionsApi .readRule({ query: { rule_id: ruleId } }) .expect(200); expect(ruleBody.enabled).toBe(true); @@ -140,7 +140,7 @@ export default ({ getService }: FtrProviderContext): void => { const ruleToDuplicate = getSimpleRule(ruleId); await createRule(supertest, log, ruleToDuplicate); - const { body } = await securitySolutionApi + const { body } = await detectionsApi .performRulesBulkAction({ query: { dry_run: true }, body: { action: BulkActionTypeEnum.disable }, @@ -157,9 +157,7 @@ export default ({ getService }: FtrProviderContext): void => { }); // Check that the rule wasn't duplicated - const { body: rulesResponse } = await securitySolutionApi - .findRules({ query: {} }) - .expect(200); + const { body: rulesResponse } = await detectionsApi.findRules({ query: {} }).expect(200); expect(rulesResponse.total).toBe(1); }); @@ -170,7 +168,7 @@ export default ({ getService }: FtrProviderContext): void => { const tags = ['tag1', 'tag2']; await createRule(supertest, log, { ...getSimpleRule(ruleId), tags }); - const { body } = await securitySolutionApi + const { body } = await detectionsApi .performRulesBulkAction({ query: { dry_run: true }, body: { @@ -195,7 +193,7 @@ export default ({ getService }: FtrProviderContext): void => { }); // Check that the updates have not been persisted - const { body: ruleBody } = await securitySolutionApi + const { body: ruleBody } = await detectionsApi .readRule({ query: { rule_id: ruleId } }) .expect(200); expect(ruleBody.tags).toEqual(tags); @@ -212,7 +210,7 @@ export default ({ getService }: FtrProviderContext): void => { it(`should return error if ${editAction} action is applied to machine learning rule`, async () => { const mlRule = await createRule(supertest, log, getSimpleMlRule()); - const { body } = await securitySolutionApi + const { body } = await detectionsApi .performRulesBulkAction({ query: { dry_run: true }, body: { @@ -279,7 +277,7 @@ export default ({ getService }: FtrProviderContext): void => { const endDate = moment(); const startDate = endDate.clone().subtract(1, 'h'); - const { body } = await securitySolutionApi + const { body } = await detectionsApi .performRulesBulkAction({ query: { dry_run: true }, body: { @@ -318,7 +316,7 @@ export default ({ getService }: FtrProviderContext): void => { const endDate = moment(); const startDate = endDate.clone().subtract(1, 'h'); - const { body } = await securitySolutionApi + const { body } = await detectionsApi .performRulesBulkAction({ query: { dry_run: true }, body: { @@ -376,7 +374,7 @@ export default ({ getService }: FtrProviderContext): void => { const endDate = moment(); const startDate = endDate.clone().subtract(1, 'h'); - const { body } = await securitySolutionApi + const { body } = await detectionsApi .performRulesBulkAction({ query: { dry_run: true }, body: { @@ -438,7 +436,7 @@ export default ({ getService }: FtrProviderContext): void => { const endDate = moment(); const startDate = endDate.clone().subtract(1, 'h'); - const { body } = await securitySolutionApi + const { body } = await detectionsApi .performRulesBulkAction({ query: { dry_run: true }, body: { @@ -477,7 +475,7 @@ export default ({ getService }: FtrProviderContext): void => { const endDate = moment(); const startDate = endDate.clone().subtract(1, 'h'); - const { body } = await securitySolutionApi + const { body } = await detectionsApi .performRulesBulkAction({ query: { dry_run: true }, body: { @@ -535,7 +533,7 @@ export default ({ getService }: FtrProviderContext): void => { const endDate = moment(); const startDate = endDate.clone().subtract(1, 'h'); - const { body } = await securitySolutionApi + const { body } = await detectionsApi .performRulesBulkAction({ query: { dry_run: true }, body: { @@ -580,7 +578,7 @@ export default ({ getService }: FtrProviderContext): void => { getThresholdRuleForAlertTesting(['*'], 'ruleId') ); - const { body } = await securitySolutionApi + const { body } = await detectionsApi .performRulesBulkAction({ query: { dry_run: true }, body: { @@ -627,7 +625,7 @@ export default ({ getService }: FtrProviderContext): void => { }) ); - const { body } = await securitySolutionApi + const { body } = await detectionsApi .performRulesBulkAction({ query: { dry_run: true }, body: { diff --git a/x-pack/solutions/security/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/trial_license_complete_tier/perform_bulk_action_ess.ts b/x-pack/solutions/security/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/trial_license_complete_tier/perform_bulk_action_ess.ts index 6ba0ca6f83255..c5daeec7e2195 100644 --- a/x-pack/solutions/security/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/trial_license_complete_tier/perform_bulk_action_ess.ts +++ b/x-pack/solutions/security/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/trial_license_complete_tier/perform_bulk_action_ess.ts @@ -36,7 +36,7 @@ const MINIMUM_RULE_INTERVAL_FOR_LEGACY_ACTION = '1h'; export default ({ getService }: FtrProviderContext): void => { const supertest = getService('supertest'); - const securitySolutionApi = getService('securitySolutionApi'); + const detectionsApi = getService('detectionsApi'); const es = getService('es'); const log = getService('log'); @@ -88,7 +88,7 @@ export default ({ getService }: FtrProviderContext): void => { expect(sidecarActionsResults.hits.hits.length).toBe(1); expect(sidecarActionsResults.hits.hits[0]?._source?.references[0].id).toBe(rule.id); - const { body } = await securitySolutionApi + const { body } = await detectionsApi .performRulesBulkAction({ body: { query: '', @@ -102,7 +102,7 @@ export default ({ getService }: FtrProviderContext): void => { expect(body.attributes.summary).toEqual({ failed: 0, skipped: 0, succeeded: 1, total: 1 }); // Check that the updates have been persisted - const { body: ruleBody } = await securitySolutionApi + const { body: ruleBody } = await detectionsApi .readRule({ query: { rule_id: ruleId } }) .expect(200); @@ -155,7 +155,7 @@ export default ({ getService }: FtrProviderContext): void => { expect(sidecarActionsResults.hits.hits.length).toBe(1); expect(sidecarActionsResults.hits.hits[0]?._source?.references[0].id).toBe(rule.id); - const { body } = await securitySolutionApi + const { body } = await detectionsApi .performRulesBulkAction({ body: { query: '', action: BulkActionTypeEnum.delete }, query: {}, @@ -172,7 +172,7 @@ export default ({ getService }: FtrProviderContext): void => { expect(sidecarActionsPostResults.hits.hits.length).toBe(0); // Check that the updates have been persisted - await securitySolutionApi.readRule({ query: { rule_id: ruleId } }).expect(404); + await detectionsApi.readRule({ query: { rule_id: ruleId } }).expect(404); }); it('should enable rules and migrate actions', async () => { @@ -206,7 +206,7 @@ export default ({ getService }: FtrProviderContext): void => { expect(sidecarActionsResults.hits.hits.length).toBe(1); expect(sidecarActionsResults.hits.hits[0]?._source?.references[0].id).toBe(rule.id); - const { body } = await securitySolutionApi + const { body } = await detectionsApi .performRulesBulkAction({ body: { query: '', action: BulkActionTypeEnum.enable }, query: {}, @@ -219,7 +219,7 @@ export default ({ getService }: FtrProviderContext): void => { expect(body.attributes.results.updated[0].enabled).toBeTruthy(); // Check that the updates have been persisted - const { body: ruleBody } = await securitySolutionApi + const { body: ruleBody } = await detectionsApi .readRule({ query: { rule_id: ruleId } }) .expect(200); @@ -274,7 +274,7 @@ export default ({ getService }: FtrProviderContext): void => { expect(sidecarActionsResults.hits.hits.length).toBe(1); expect(sidecarActionsResults.hits.hits[0]?._source?.references[0].id).toBe(rule.id); - const { body } = await securitySolutionApi + const { body } = await detectionsApi .performRulesBulkAction({ body: { query: '', action: BulkActionTypeEnum.disable }, query: {}, @@ -287,7 +287,7 @@ export default ({ getService }: FtrProviderContext): void => { expect(body.attributes.results.updated[0].enabled).toBeFalsy(); // Check that the updates have been persisted - const { body: ruleBody } = await securitySolutionApi + const { body: ruleBody } = await detectionsApi .readRule({ query: { rule_id: ruleId } }) .expect(200); @@ -341,7 +341,7 @@ export default ({ getService }: FtrProviderContext): void => { ruleToDuplicate.id ); - const { body } = await securitySolutionApi + const { body } = await detectionsApi .performRulesBulkAction({ body: { query: '', @@ -358,9 +358,7 @@ export default ({ getService }: FtrProviderContext): void => { expect(body.attributes.results.created[0].name).toBe(`${ruleToDuplicate.name} [Duplicate]`); // Check that the updates have been persisted - const { body: rulesResponse } = await securitySolutionApi - .findRules({ query: {} }) - .expect(200); + const { body: rulesResponse } = await detectionsApi.findRules({ query: {} }).expect(200); expect(rulesResponse.total).toBe(2); @@ -383,7 +381,7 @@ export default ({ getService }: FtrProviderContext): void => { it('should set rule_source to "internal" when duplicating a rule', async () => { await createRule(supertest, log, getCustomQueryRuleParams()); - const { body } = await securitySolutionApi + const { body } = await detectionsApi .performRulesBulkAction({ body: { query: '', @@ -405,7 +403,7 @@ export default ({ getService }: FtrProviderContext): void => { it('should return error if index patterns action is applied to ES|QL rule', async () => { const esqlRule = await createRule(supertest, log, getCreateEsqlRulesSchemaMock()); - const { body } = await securitySolutionApi + const { body } = await detectionsApi .performRulesBulkAction({ body: { ids: [esqlRule.id], @@ -472,7 +470,7 @@ export default ({ getService }: FtrProviderContext): void => { ruleToDuplicate.id ); - const { body: setTagsBody } = await securitySolutionApi + const { body: setTagsBody } = await detectionsApi .performRulesBulkAction({ body: { query: '', @@ -496,7 +494,7 @@ export default ({ getService }: FtrProviderContext): void => { }); // Check that the updates have been persisted - const { body: setTagsRule } = await securitySolutionApi + const { body: setTagsRule } = await detectionsApi .readRule({ query: { rule_id: ruleId } }) .expect(200); @@ -563,7 +561,7 @@ export default ({ getService }: FtrProviderContext): void => { createdRule.id ); - const { body } = await securitySolutionApi + const { body } = await detectionsApi .performRulesBulkAction({ body: { ids: [createdRule.id], @@ -601,7 +599,7 @@ export default ({ getService }: FtrProviderContext): void => { expect(body.attributes.results.updated[0].actions).toEqual(expectedRuleActions); // Check that the updates have been persisted - const { body: readRule } = await securitySolutionApi + const { body: readRule } = await detectionsApi .readRule({ query: { rule_id: ruleId } }) .expect(200); @@ -637,7 +635,7 @@ export default ({ getService }: FtrProviderContext): void => { }), ]); - const { body } = await securitySolutionApi + const { body } = await detectionsApi .performRulesBulkAction({ body: { query: '', action: BulkActionTypeEnum.export }, query: {}, @@ -723,7 +721,7 @@ export default ({ getService }: FtrProviderContext): void => { }), ]); - const { body } = await securitySolutionApi + const { body } = await detectionsApi .performRulesBulkAction({ body: { query: '', action: BulkActionTypeEnum.delete }, query: {}, @@ -750,15 +748,15 @@ export default ({ getService }: FtrProviderContext): void => { }); // Check that the updates have been persisted - await securitySolutionApi + await detectionsApi .readRule({ query: { rule_id: ruleWithLegacyInvestigationField.params.ruleId } }) .expect(404); - await securitySolutionApi + await detectionsApi .readRule({ query: { rule_id: ruleWithLegacyInvestigationFieldEmptyArray.params.ruleId }, }) .expect(404); - await securitySolutionApi + await detectionsApi .readRule({ query: { rule_id: 'rule-with-investigation-field' } }) .expect(404); }); @@ -781,7 +779,7 @@ export default ({ getService }: FtrProviderContext): void => { }), ]); - const { body } = await securitySolutionApi + const { body } = await detectionsApi .performRulesBulkAction({ body: { query: '', action: BulkActionTypeEnum.enable }, query: {}, @@ -869,7 +867,7 @@ export default ({ getService }: FtrProviderContext): void => { }), ]); - const { body } = await securitySolutionApi + const { body } = await detectionsApi .performRulesBulkAction({ body: { query: '', action: BulkActionTypeEnum.disable }, query: {}, @@ -963,7 +961,7 @@ export default ({ getService }: FtrProviderContext): void => { }), ]); - const { body } = await securitySolutionApi + const { body } = await detectionsApi .performRulesBulkAction({ body: { query: '', @@ -985,7 +983,7 @@ export default ({ getService }: FtrProviderContext): void => { expect(names.includes('Test investigation fields object [Duplicate]')).toBeTruthy(); // Check that the updates have been persisted - const { body: rulesResponse } = await await securitySolutionApi + const { body: rulesResponse } = await await detectionsApi .findRules({ query: {} }) .expect(200); @@ -1100,7 +1098,7 @@ export default ({ getService }: FtrProviderContext): void => { }), ]); - const { body } = await securitySolutionApi.performRulesBulkAction({ + const { body } = await detectionsApi.performRulesBulkAction({ body: { query: '', action: BulkActionTypeEnum.edit, diff --git a/x-pack/solutions/security/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/trial_license_complete_tier/perform_bulk_action_suppression.ts b/x-pack/solutions/security/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/trial_license_complete_tier/perform_bulk_action_suppression.ts index cfdbe243e02af..2ecedcc13b4a0 100644 --- a/x-pack/solutions/security/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/trial_license_complete_tier/perform_bulk_action_suppression.ts +++ b/x-pack/solutions/security/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/trial_license_complete_tier/perform_bulk_action_suppression.ts @@ -19,7 +19,7 @@ import { FtrProviderContext } from '../../../../../ftr_provider_context'; export default ({ getService }: FtrProviderContext): void => { const supertest = getService('supertest'); const log = getService('log'); - const securitySolutionApi = getService('securitySolutionApi'); + const detectionsApi = getService('detectionsApi'); // skips serverless MKI due to feature flag describe('@ess @serverless @skipInServerlessMKI perform_bulk_action suppression', () => { @@ -52,7 +52,7 @@ export default ({ getService }: FtrProviderContext): void => { getCustomQueryRuleParams({ rule_id: ruleId, alert_suppression: existingSuppression }) ); - const { body: bulkEditResponse } = await securitySolutionApi + const { body: bulkEditResponse } = await detectionsApi .performRulesBulkAction({ query: { dry_run: false }, body: { @@ -80,7 +80,7 @@ export default ({ getService }: FtrProviderContext): void => { ); // Check that the updates have been persisted - const { body: updatedRule } = await securitySolutionApi + const { body: updatedRule } = await detectionsApi .readRule({ query: { rule_id: ruleId }, }) @@ -103,7 +103,7 @@ export default ({ getService }: FtrProviderContext): void => { createRule(supertest, log, getCustomQueryRuleParams({ rule_id: 'id_2' })), ]); - const { body: bulkEditResponse } = await securitySolutionApi + const { body: bulkEditResponse } = await detectionsApi .performRulesBulkAction({ query: { dry_run: false }, body: { @@ -131,7 +131,7 @@ export default ({ getService }: FtrProviderContext): void => { ); // Check that the updates have been persisted - const { body: updatedRule } = await securitySolutionApi + const { body: updatedRule } = await detectionsApi .readRule({ query: { rule_id: 'id_1' }, }) @@ -152,7 +152,7 @@ export default ({ getService }: FtrProviderContext): void => { alert_suppression: existingSuppression, }); - const { body: bulkEditResponse } = await securitySolutionApi + const { body: bulkEditResponse } = await detectionsApi .performRulesBulkAction({ query: { dry_run: false }, body: { @@ -179,7 +179,7 @@ export default ({ getService }: FtrProviderContext): void => { "Threshold rule doesn't support this action. Use 'set_alert_suppression_for_threshold' action instead" ); // Check that the updates did not apply to the rule - const { body: updatedRule } = await securitySolutionApi + const { body: updatedRule } = await detectionsApi .readRule({ query: { rule_id: ruleId }, }) @@ -198,7 +198,7 @@ export default ({ getService }: FtrProviderContext): void => { createRule(supertest, log, getThresholdRuleForAlertTesting(['*'], 'id_2')), ]); - const { body: bulkEditResponse } = await securitySolutionApi + const { body: bulkEditResponse } = await detectionsApi .performRulesBulkAction({ query: { dry_run: false }, body: { @@ -245,7 +245,7 @@ export default ({ getService }: FtrProviderContext): void => { }), ]); - const { body: bulkEditResponse } = await securitySolutionApi + const { body: bulkEditResponse } = await detectionsApi .performRulesBulkAction({ query: { dry_run: false }, body: { @@ -272,10 +272,10 @@ export default ({ getService }: FtrProviderContext): void => { // Check that the updates have been persisted const updatedRules = await Promise.all([ - securitySolutionApi.readRule({ + detectionsApi.readRule({ query: { rule_id: 'id_1' }, }), - await securitySolutionApi.readRule({ + await detectionsApi.readRule({ query: { rule_id: 'id_2' }, }), ]); @@ -302,7 +302,7 @@ export default ({ getService }: FtrProviderContext): void => { alert_suppression: existingSuppression, }); - const { body: bulkEditResponse } = await securitySolutionApi + const { body: bulkEditResponse } = await detectionsApi .performRulesBulkAction({ query: { dry_run: false }, body: { @@ -330,7 +330,7 @@ export default ({ getService }: FtrProviderContext): void => { ); // Check that the updates have been persisted - const { body: updatedRule } = await securitySolutionApi + const { body: updatedRule } = await detectionsApi .readRule({ query: { rule_id: ruleId }, }) @@ -350,7 +350,7 @@ export default ({ getService }: FtrProviderContext): void => { await createRule(supertest, log, getThresholdRuleForAlertTesting(['*'], ruleId)); - const { body: bulkEditResponse } = await securitySolutionApi + const { body: bulkEditResponse } = await detectionsApi .performRulesBulkAction({ query: { dry_run: false }, body: { @@ -378,7 +378,7 @@ export default ({ getService }: FtrProviderContext): void => { ); // Check that the updates have been persisted - const { body: updatedRule } = await securitySolutionApi + const { body: updatedRule } = await detectionsApi .readRule({ query: { rule_id: ruleId }, }) @@ -392,7 +392,7 @@ export default ({ getService }: FtrProviderContext): void => { await createRule(supertest, log, getCustomQueryRuleParams({ rule_id: ruleId })); - const { body: bulkEditResponse } = await securitySolutionApi + const { body: bulkEditResponse } = await detectionsApi .performRulesBulkAction({ query: { dry_run: false }, body: { @@ -419,7 +419,7 @@ export default ({ getService }: FtrProviderContext): void => { "query rule type doesn't support this action. Use 'set_alert_suppression' action instead." ); // Check that the updates did not apply to the rule - const { body: updatedRule } = await securitySolutionApi + const { body: updatedRule } = await detectionsApi .readRule({ query: { rule_id: ruleId }, }) diff --git a/x-pack/solutions/security/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/trial_license_complete_tier/perform_bulk_enable_disable.ts b/x-pack/solutions/security/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/trial_license_complete_tier/perform_bulk_enable_disable.ts index ed188205a45db..2b3ee36471c21 100644 --- a/x-pack/solutions/security/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/trial_license_complete_tier/perform_bulk_enable_disable.ts +++ b/x-pack/solutions/security/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/trial_license_complete_tier/perform_bulk_enable_disable.ts @@ -13,7 +13,7 @@ import { FtrProviderContext } from '../../../../../ftr_provider_context'; export default ({ getService }: FtrProviderContext): void => { const supertest = getService('supertest'); - const securitySolutionApi = getService('securitySolutionApi'); + const detectionsApi = getService('detectionsApi'); const log = getService('log'); describe('@ess @serverless @serverlessQA Bulk enable/disable', () => { @@ -29,7 +29,7 @@ export default ({ getService }: FtrProviderContext): void => { getCustomQueryRuleParams({ rule_id: ruleId, enabled: false }) ); - const { body } = await securitySolutionApi.performRulesBulkAction({ + const { body } = await detectionsApi.performRulesBulkAction({ query: {}, body: { action: BulkActionTypeEnum.enable }, }); @@ -52,7 +52,7 @@ export default ({ getService }: FtrProviderContext): void => { getCustomQueryRuleParams({ rule_id: ruleId, enabled: true }) ); - const { body } = await securitySolutionApi.performRulesBulkAction({ + const { body } = await detectionsApi.performRulesBulkAction({ query: {}, body: { action: BulkActionTypeEnum.disable }, }); diff --git a/x-pack/solutions/security/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_creation/basic_license_essentials_tier/create_rules.ts b/x-pack/solutions/security/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_creation/basic_license_essentials_tier/create_rules.ts index ae96742c61378..6725d1c0ddfc0 100644 --- a/x-pack/solutions/security/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_creation/basic_license_essentials_tier/create_rules.ts +++ b/x-pack/solutions/security/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_creation/basic_license_essentials_tier/create_rules.ts @@ -29,7 +29,7 @@ import { EsArchivePathBuilder } from '../../../../../es_archive_path_builder'; export default ({ getService }: FtrProviderContext) => { const esArchiver = getService('esArchiver'); const supertest = getService('supertest'); - const securitySolutionApi = getService('securitySolutionApi'); + const detectionsApi = getService('detectionsApi'); const log = getService('log'); const es = getService('es'); const utils = getService('securitySolutionUtils'); @@ -59,9 +59,7 @@ export default ({ getService }: FtrProviderContext) => { }); it('should create a single rule with a rule_id', async () => { - const { body } = await securitySolutionApi - .createRule({ body: getSimpleRule() }) - .expect(200); + const { body } = await detectionsApi.createRule({ body: getSimpleRule() }).expect(200); const bodyToCompare = removeServerGeneratedProperties(body); const expectedRule = updateUsername(getSimpleRuleOutput(), await utils.getUsername()); @@ -92,13 +90,13 @@ export default ({ getService }: FtrProviderContext) => { ], }; - const { body: createdRuleResponse } = await securitySolutionApi + const { body: createdRuleResponse } = await detectionsApi .createRule({ body: ruleCreateProperties }) .expect(200); expect(createdRuleResponse).toMatchObject(expectedRule); - const { body: createdRule } = await securitySolutionApi + const { body: createdRule } = await detectionsApi .readRule({ query: { rule_id: 'rule-1' }, }) @@ -119,7 +117,7 @@ export default ({ getService }: FtrProviderContext) => { query: 'user.name: root or user.name: admin', }; - const { body } = await securitySolutionApi.createRule({ body: rule }).expect(200); + const { body } = await detectionsApi.createRule({ body: rule }).expect(200); const bodyToCompare = removeServerGeneratedProperties(body); const expectedRule = updateUsername( @@ -166,7 +164,7 @@ export default ({ getService }: FtrProviderContext) => { }); it('should create a single rule without a rule_id', async () => { - const { body } = await securitySolutionApi + const { body } = await detectionsApi .createRule({ body: getSimpleRuleWithoutRuleId() }) .expect(200); @@ -180,11 +178,9 @@ export default ({ getService }: FtrProviderContext) => { }); it('should cause a 409 conflict if we attempt to create the same rule_id twice', async () => { - await securitySolutionApi.createRule({ body: getSimpleRule() }).expect(200); + await detectionsApi.createRule({ body: getSimpleRule() }).expect(200); - const { body } = await securitySolutionApi - .createRule({ body: getSimpleRule() }) - .expect(409); + const { body } = await detectionsApi.createRule({ body: getSimpleRule() }).expect(409); expect(body).toEqual({ message: 'rule_id: "rule-1" already exists', @@ -198,7 +194,7 @@ export default ({ getService }: FtrProviderContext) => { }); it('creates a rule with max_signals defaulted to 100 when not present', async () => { - const { body } = await securitySolutionApi + const { body } = await detectionsApi .createRule({ body: getCustomQueryRuleParams(), }) @@ -208,7 +204,7 @@ export default ({ getService }: FtrProviderContext) => { }); it('does NOT create a rule when max_signals is less than 1', async () => { - const { body } = await securitySolutionApi + const { body } = await detectionsApi .createRule({ body: { ...getCustomQueryRuleParams(), @@ -231,7 +227,7 @@ export default ({ getService }: FtrProviderContext) => { expect(customQueryRuleParams.required_fields).toBeUndefined(); - const { body } = await securitySolutionApi + const { body } = await detectionsApi .createRule({ body: customQueryRuleParams, }) @@ -239,7 +235,7 @@ export default ({ getService }: FtrProviderContext) => { expect(body.required_fields).toEqual([]); - const { body: createdRule } = await securitySolutionApi + const { body: createdRule } = await detectionsApi .readRule({ query: { rule_id: 'rule-without-required-fields' }, }) diff --git a/x-pack/solutions/security/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_creation/trial_license_complete_tier/create_rules.ts b/x-pack/solutions/security/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_creation/trial_license_complete_tier/create_rules.ts index ca36f28bb0abd..3e138cab1873d 100644 --- a/x-pack/solutions/security/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_creation/trial_license_complete_tier/create_rules.ts +++ b/x-pack/solutions/security/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_creation/trial_license_complete_tier/create_rules.ts @@ -41,7 +41,7 @@ import { createUserAndRole, deleteUserAndRole } from '../../../../../config/serv export default ({ getService }: FtrProviderContext) => { const supertest = getService('supertest'); - const securitySolutionApi = getService('securitySolutionApi'); + const detectionsApi = getService('detectionsApi'); const supertestWithoutAuth = getService('supertestWithoutAuth'); const log = getService('log'); const es = getService('es'); @@ -71,7 +71,7 @@ export default ({ getService }: FtrProviderContext) => { describe('elastic admin', () => { it('creates a custom query rule', async () => { const username = await utils.getUsername(); - const { body } = await securitySolutionApi + const { body } = await detectionsApi .createRule({ body: getCustomQueryRuleParams() }) .expect(200); @@ -92,7 +92,7 @@ export default ({ getService }: FtrProviderContext) => { saved_id: 'my-saved-query-id', }); - const { body } = await securitySolutionApi + const { body } = await detectionsApi .createRule({ body: savedQueryRuleParams }) .expect(200); @@ -127,7 +127,7 @@ export default ({ getService }: FtrProviderContext) => { it('expects rule runs successfully', async () => { const { body: { id }, - } = await securitySolutionApi + } = await detectionsApi .createRule({ body: getCustomQueryRuleParams({ enabled: true }) }) .expect(200); @@ -141,7 +141,7 @@ export default ({ getService }: FtrProviderContext) => { it('expects rule partial failure due to index pattern matching nothing', async () => { const { body: { id }, - } = await securitySolutionApi + } = await detectionsApi .createRule({ body: getCustomQueryRuleParams({ index: ['does-not-exist-*'], @@ -167,7 +167,7 @@ export default ({ getService }: FtrProviderContext) => { it('expects rule runs successfully with only one index pattern matching existing index', async () => { const { body: { id }, - } = await securitySolutionApi + } = await detectionsApi .createRule({ body: getCustomQueryRuleParams({ index: ['does-not-exist-*', 'logs-test'], @@ -188,7 +188,7 @@ export default ({ getService }: FtrProviderContext) => { index: undefined, }); - const { body } = await securitySolutionApi.createRule({ body: ruleParams }).expect(200); + const { body } = await detectionsApi.createRule({ body: ruleParams }).expect(200); expect(body.index).toBeUndefined(); expect(body).toEqual(expect.objectContaining(omit(ruleParams, 'index'))); @@ -199,7 +199,7 @@ export default ({ getService }: FtrProviderContext) => { rule_id: undefined, }); - const { body } = await securitySolutionApi.createRule({ body: ruleParams }).expect(200); + const { body } = await detectionsApi.createRule({ body: ruleParams }).expect(200); expect(body).toEqual( expect.objectContaining({ ...ruleParams, rule_id: expect.any(String) }) @@ -207,7 +207,7 @@ export default ({ getService }: FtrProviderContext) => { }); it('creates a ML rule with legacy machine_learning_job_id', async () => { - const { body } = await securitySolutionApi + const { body } = await detectionsApi .createRule({ body: getMLRuleParams({ machine_learning_job_id: 'some_job_id' }) }) .expect(200); @@ -219,17 +219,17 @@ export default ({ getService }: FtrProviderContext) => { it('creates a ML rule', async () => { const ruleParams = getMLRuleParams({ machine_learning_job_id: ['some_job_id'] }); - const { body } = await securitySolutionApi.createRule({ body: ruleParams }).expect(200); + const { body } = await detectionsApi.createRule({ body: ruleParams }).expect(200); expect(body).toEqual(expect.objectContaining(ruleParams)); }); it('causes a 409 conflict if the same rule_id is used twice', async () => { - await securitySolutionApi + await detectionsApi .createRule({ body: getCustomQueryRuleParams({ rule_id: 'rule-1' }) }) .expect(200); - const { body } = await securitySolutionApi + const { body } = await detectionsApi .createRule({ body: getCustomQueryRuleParams({ rule_id: 'rule-1' }) }) .expect(409); @@ -242,7 +242,7 @@ export default ({ getService }: FtrProviderContext) => { describe('exception', () => { it('does NOT create a rule if trying to add more than one default rule exception list', async () => { - const { body } = await securitySolutionApi + const { body } = await detectionsApi .createRule({ body: getCustomQueryRuleParams({ exceptions_list: [ @@ -270,7 +270,7 @@ export default ({ getService }: FtrProviderContext) => { }); it('does NOT create a rule when there is an attempt to share non sharable exception ("rule_default" type)', async () => { - const { body: ruleWithException } = await securitySolutionApi + const { body: ruleWithException } = await detectionsApi .createRule({ body: getCustomQueryRuleParams({ rule_id: 'rule-1', @@ -286,7 +286,7 @@ export default ({ getService }: FtrProviderContext) => { }) .expect(200); - const { body } = await securitySolutionApi + const { body } = await detectionsApi .createRule({ body: getCustomQueryRuleParams({ rule_id: 'rule-2', @@ -309,7 +309,7 @@ export default ({ getService }: FtrProviderContext) => { }); it('creates a rule when shared exception type is used ("detection" type)', async () => { - await securitySolutionApi + await detectionsApi .createRule({ body: getCustomQueryRuleParams({ rule_id: 'rule-1', @@ -325,7 +325,7 @@ export default ({ getService }: FtrProviderContext) => { }) .expect(200); - await securitySolutionApi + await detectionsApi .createRule({ body: getCustomQueryRuleParams({ rule_id: 'rule-2', @@ -368,7 +368,7 @@ export default ({ getService }: FtrProviderContext) => { describe('threshold validation', () => { it('returns HTTP 400 error when NO threshold field is provided', async () => { const ruleParams = getThresholdRuleParams(); - const { body } = await securitySolutionApi + const { body } = await detectionsApi .createRule({ // @ts-expect-error we are testing the invalid payload body: omit(ruleParams, 'threshold'), @@ -382,8 +382,8 @@ export default ({ getService }: FtrProviderContext) => { }); }); - it('returns HTTP 400 error when there are more than 3 threshold fields provided', async () => { - const { body } = await securitySolutionApi + it('returns HTTP 400 error when there are more than 5 threshold fields provided', async () => { + const { body } = await detectionsApi .createRule({ body: getThresholdRuleParams({ threshold: { @@ -401,7 +401,7 @@ export default ({ getService }: FtrProviderContext) => { }); it('returns HTTP 400 error when threshold value is less than 1', async () => { - const { body } = await securitySolutionApi + const { body } = await detectionsApi .createRule({ body: getThresholdRuleParams({ threshold: { @@ -420,7 +420,7 @@ export default ({ getService }: FtrProviderContext) => { }); it('returns HTTP 400 error when cardinality is also an agg field', async () => { - const { body } = await securitySolutionApi + const { body } = await detectionsApi .createRule({ body: getThresholdRuleParams({ threshold: { @@ -446,7 +446,7 @@ export default ({ getService }: FtrProviderContext) => { describe('investigation_fields', () => { it('creates a rule with investigation_fields', async () => { - const { body } = await securitySolutionApi + const { body } = await detectionsApi .createRule({ body: getCustomQueryRuleParams({ investigation_fields: { @@ -462,7 +462,7 @@ export default ({ getService }: FtrProviderContext) => { }); it('does NOT create a rule with legacy investigation_fields', async () => { - const { body } = await securitySolutionApi + const { body } = await detectionsApi .createRule({ body: { ...getCustomQueryRuleParams(), @@ -507,7 +507,7 @@ export default ({ getService }: FtrProviderContext) => { it('expects partial failure for a rule with timestamp override and index pattern matching no indices', async () => { const { body: { id }, - } = await securitySolutionApi + } = await detectionsApi .createRule({ body: getCustomQueryRuleParams({ index: ['myfakeindex-1'], @@ -535,7 +535,7 @@ export default ({ getService }: FtrProviderContext) => { it('generates two signals with a "partial failure" status', async () => { const { body: { id }, - } = await securitySolutionApi + } = await detectionsApi .createRule({ body: getCustomQueryRuleParams({ index: ['myfa*'], @@ -568,7 +568,7 @@ export default ({ getService }: FtrProviderContext) => { [undefined, NOTIFICATION_THROTTLE_NO_ACTIONS, NOTIFICATION_THROTTLE_RULE].forEach( (throttle) => { it(`sets each action's frequency attribute to default value when 'throttle' is ${throttle}`, async () => { - const { body } = await securitySolutionApi + const { body } = await detectionsApi .createRule({ body: getCustomQueryRuleParams({ throttle, @@ -586,7 +586,7 @@ export default ({ getService }: FtrProviderContext) => { ['300s', '5m', '3h', '4d'].forEach((throttle) => { it(`transforms correctly 'throttle = ${throttle}' and sets it as a frequency of each action`, async () => { - const { body } = await securitySolutionApi + const { body } = await detectionsApi .createRule({ body: getCustomQueryRuleParams({ // Action throttle cannot be shorter than the schedule interval @@ -620,7 +620,7 @@ export default ({ getService }: FtrProviderContext) => { ].forEach((throttle) => { it(`does NOT change action frequency when 'throttle' is '${throttle}'`, async () => { const actionsWithFrequencies = await getActionsWithFrequencies(supertest); - const { body } = await securitySolutionApi + const { body } = await detectionsApi .createRule({ body: getCustomQueryRuleParams({ throttle, @@ -641,7 +641,7 @@ export default ({ getService }: FtrProviderContext) => { (throttle) => { it(`overrides each action's frequency attribute to default value when 'throttle' is ${throttle}`, async () => { const someActionsWithFrequencies = await getSomeActionsWithFrequencies(supertest); - const { body } = await securitySolutionApi + const { body } = await detectionsApi .createRule({ body: getCustomQueryRuleParams({ throttle, @@ -662,7 +662,7 @@ export default ({ getService }: FtrProviderContext) => { ['430s', '7m', '1h', '8d'].forEach((throttle) => { it(`transforms correctly 'throttle = ${throttle}' and overrides frequency attribute of each action`, async () => { const someActionsWithFrequencies = await getSomeActionsWithFrequencies(supertest); - const { body } = await securitySolutionApi + const { body } = await detectionsApi .createRule({ body: getCustomQueryRuleParams({ // Action throttle cannot be shorter than the schedule interval diff --git a/x-pack/solutions/security/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_delete/basic_license_essentials_tier/delete_rules.ts b/x-pack/solutions/security/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_delete/basic_license_essentials_tier/delete_rules.ts index 86f20297c4ca1..5024d7830e2fc 100644 --- a/x-pack/solutions/security/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_delete/basic_license_essentials_tier/delete_rules.ts +++ b/x-pack/solutions/security/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_delete/basic_license_essentials_tier/delete_rules.ts @@ -26,7 +26,7 @@ import { export default ({ getService }: FtrProviderContext): void => { const supertest = getService('supertest'); - const securitySolutionApi = getService('securitySolutionApi'); + const detectionsApi = getService('detectionsApi'); const log = getService('log'); const es = getService('es'); const utils = getService('securitySolutionUtils'); @@ -46,7 +46,7 @@ export default ({ getService }: FtrProviderContext): void => { await createRule(supertest, log, getSimpleRule('rule-1')); // delete the rule by its rule_id - const { body } = await securitySolutionApi + const { body } = await detectionsApi .deleteRule({ query: { rule_id: 'rule-1' } }) .expect(200); @@ -60,7 +60,7 @@ export default ({ getService }: FtrProviderContext): void => { const bodyWithCreatedRule = await createRule(supertest, log, getSimpleRuleWithoutRuleId()); // delete that rule by its auto-generated rule_id - const { body } = await securitySolutionApi + const { body } = await detectionsApi .deleteRule({ query: { rule_id: bodyWithCreatedRule.rule_id } }) .expect(200); @@ -77,7 +77,7 @@ export default ({ getService }: FtrProviderContext): void => { const bodyWithCreatedRule = await createRule(supertest, log, getSimpleRule()); // delete that rule by its auto-generated id - const { body } = await securitySolutionApi + const { body } = await detectionsApi .deleteRule({ query: { id: bodyWithCreatedRule.id } }) .expect(200); @@ -91,7 +91,7 @@ export default ({ getService }: FtrProviderContext): void => { }); it('should return an error if the id does not exist when trying to delete it', async () => { - const { body } = await securitySolutionApi + const { body } = await detectionsApi .deleteRule({ query: { id: 'c1e1b359-7ac1-4e96-bc81-c683c092436f' } }) .expect(404); @@ -102,7 +102,7 @@ export default ({ getService }: FtrProviderContext): void => { }); it('should return an error if the rule_id does not exist when trying to delete it', async () => { - const { body } = await securitySolutionApi + const { body } = await detectionsApi .deleteRule({ query: { rule_id: 'fake_id' } }) .expect(404); diff --git a/x-pack/solutions/security/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_delete/basic_license_essentials_tier/delete_rules_bulk.ts b/x-pack/solutions/security/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_delete/basic_license_essentials_tier/delete_rules_bulk.ts index 71a26609e7991..e1eaed0459b03 100644 --- a/x-pack/solutions/security/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_delete/basic_license_essentials_tier/delete_rules_bulk.ts +++ b/x-pack/solutions/security/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_delete/basic_license_essentials_tier/delete_rules_bulk.ts @@ -23,7 +23,7 @@ import { export default ({ getService }: FtrProviderContext): void => { const supertest = getService('supertest'); - const securitySolutionApi = getService('securitySolutionApi'); + const detectionsApi = getService('detectionsApi'); const log = getService('log'); const es = getService('es'); const utils = getService('securitySolutionUtils'); @@ -43,7 +43,7 @@ export default ({ getService }: FtrProviderContext): void => { const bodyWithCreatedRule = await createRule(supertest, log, getSimpleRule()); // delete the rule in bulk using the bulk_actions endpoint - const { body } = await securitySolutionApi + const { body } = await detectionsApi .performRulesBulkAction({ query: { dry_run: false }, body: { ids: [bodyWithCreatedRule.id], action: 'delete' }, @@ -62,7 +62,7 @@ export default ({ getService }: FtrProviderContext): void => { }); it('should return an error if the id does not exist when trying to delete an id', async () => { - const { body } = await securitySolutionApi + const { body } = await detectionsApi .performRulesBulkAction({ query: { dry_run: false }, body: { ids: ['c4e80a0d-e20f-4efc-84c1-08112da5a612'], action: 'delete' }, diff --git a/x-pack/solutions/security/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_delete/trial_license_complete_tier/delete_rules.ts b/x-pack/solutions/security/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_delete/trial_license_complete_tier/delete_rules.ts index 0eeb5f6202e5b..95520cc5058e0 100644 --- a/x-pack/solutions/security/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_delete/trial_license_complete_tier/delete_rules.ts +++ b/x-pack/solutions/security/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_delete/trial_license_complete_tier/delete_rules.ts @@ -26,7 +26,7 @@ import { FtrProviderContext } from '../../../../../ftr_provider_context'; export default ({ getService }: FtrProviderContext): void => { const supertest = getService('supertest'); - const securitySolutionApi = getService('securitySolutionApi'); + const detectionsApi = getService('detectionsApi'); const log = getService('log'); const es = getService('es'); const utils = getService('securitySolutionUtils'); @@ -46,7 +46,7 @@ export default ({ getService }: FtrProviderContext): void => { await createRule(supertest, log, getSimpleRule('rule-1')); // delete the rule by its rule_id - const { body } = await securitySolutionApi + const { body } = await detectionsApi .deleteRule({ query: { rule_id: 'rule-1' } }) .expect(200); @@ -60,7 +60,7 @@ export default ({ getService }: FtrProviderContext): void => { const bodyWithCreatedRule = await createRule(supertest, log, getSimpleRuleWithoutRuleId()); // delete that rule by its auto-generated rule_id - const { body } = await securitySolutionApi + const { body } = await detectionsApi .deleteRule({ query: { rule_id: bodyWithCreatedRule.rule_id } }) .expect(200); @@ -77,7 +77,7 @@ export default ({ getService }: FtrProviderContext): void => { const bodyWithCreatedRule = await createRule(supertest, log, getSimpleRule()); // delete that rule by its auto-generated id - const { body } = await securitySolutionApi + const { body } = await detectionsApi .deleteRule({ query: { id: bodyWithCreatedRule.id } }) .expect(200); @@ -91,7 +91,7 @@ export default ({ getService }: FtrProviderContext): void => { }); it('should return an error if the id does not exist when trying to delete it', async () => { - const { body } = await securitySolutionApi + const { body } = await detectionsApi .deleteRule({ query: { id: 'c1e1b359-7ac1-4e96-bc81-c683c092436f' } }) .expect(404); @@ -102,7 +102,7 @@ export default ({ getService }: FtrProviderContext): void => { }); it('should return an error if the rule_id does not exist when trying to delete it', async () => { - const { body } = await securitySolutionApi + const { body } = await detectionsApi .deleteRule({ query: { rule_id: 'fake_id' } }) .expect(404); diff --git a/x-pack/solutions/security/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_delete/trial_license_complete_tier/delete_rules_bulk.ts b/x-pack/solutions/security/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_delete/trial_license_complete_tier/delete_rules_bulk.ts index 1f383d77f23ca..a5dd9aaa6e156 100644 --- a/x-pack/solutions/security/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_delete/trial_license_complete_tier/delete_rules_bulk.ts +++ b/x-pack/solutions/security/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_delete/trial_license_complete_tier/delete_rules_bulk.ts @@ -28,7 +28,7 @@ import { FtrProviderContext } from '../../../../../ftr_provider_context'; export default ({ getService }: FtrProviderContext): void => { const supertest = getService('supertest'); - const securitySolutionApi = getService('securitySolutionApi'); + const detectionsApi = getService('detectionsApi'); const log = getService('log'); const es = getService('es'); const utils = getService('securitySolutionUtils'); @@ -48,7 +48,7 @@ export default ({ getService }: FtrProviderContext): void => { const bodyWithCreatedRule = await createRule(supertest, log, getSimpleRule()); // delete that rule by its id - const { body } = await securitySolutionApi + const { body } = await detectionsApi .performRulesBulkAction({ query: { dry_run: false }, body: { ids: [bodyWithCreatedRule.id], action: 'delete' }, @@ -67,7 +67,7 @@ export default ({ getService }: FtrProviderContext): void => { }); it('should return an error if the id does not exist when trying to delete an id', async () => { - const { body } = await securitySolutionApi + const { body } = await detectionsApi .performRulesBulkAction({ query: { dry_run: false }, body: { ids: ['c4e80a0d-e20f-4efc-84c1-08112da5a612'], action: 'delete' }, @@ -131,7 +131,7 @@ export default ({ getService }: FtrProviderContext): void => { it('Should delete a single rule with investigation field', async () => { // delete the rule in bulk using the bulk_actions endpoint - const { body } = await securitySolutionApi + const { body } = await detectionsApi .performRulesBulkAction({ query: { dry_run: false }, body: { diff --git a/x-pack/solutions/security/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_delete/trial_license_complete_tier/delete_rules_bulk_legacy.ts b/x-pack/solutions/security/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_delete/trial_license_complete_tier/delete_rules_bulk_legacy.ts index c55534c3f4275..26b9ffc0c5868 100644 --- a/x-pack/solutions/security/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_delete/trial_license_complete_tier/delete_rules_bulk_legacy.ts +++ b/x-pack/solutions/security/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_delete/trial_license_complete_tier/delete_rules_bulk_legacy.ts @@ -25,7 +25,7 @@ import { FtrProviderContext } from '../../../../../ftr_provider_context'; export default ({ getService }: FtrProviderContext): void => { const supertest = getService('supertest'); - const securitySolutionApi = getService('securitySolutionApi'); + const detectionsApi = getService('detectionsApi'); const log = getService('log'); const es = getService('es'); @@ -58,7 +58,7 @@ export default ({ getService }: FtrProviderContext): void => { await createLegacyRuleAction(supertest, createRuleBody.id, hookAction.id); // delete the rule in bulk using the bulk_actions endpoint - const { body } = await securitySolutionApi + const { body } = await detectionsApi .performRulesBulkAction({ query: { dry_run: false }, body: { @@ -109,7 +109,7 @@ export default ({ getService }: FtrProviderContext): void => { await createLegacyRuleAction(supertest, createRuleBody2.id, hookAction2.id); // delete the rule in bulk using the bulk_actions endpoint - const { body } = await securitySolutionApi + const { body } = await detectionsApi .performRulesBulkAction({ query: { dry_run: false }, body: { @@ -172,7 +172,7 @@ export default ({ getService }: FtrProviderContext): void => { ); // delete the rule in bulk using the bulk_actions endpoint - await securitySolutionApi + await detectionsApi .performRulesBulkAction({ query: { dry_run: false }, body: { @@ -183,7 +183,7 @@ export default ({ getService }: FtrProviderContext): void => { .expect(200); // Test to ensure that we have exactly 0 legacy actions by querying the Alerting client REST API directly - // See: https://www.elastic.co/guide/en/kibana/current/find-rules-api.html + // See: https://www.elastic.co/guide/en/kibana/current/find-rules-detectionsApi.html // Note: We specifically filter for both the type "siem.notifications" and the "has_reference" field to ensure we only retrieve legacy actions const { body: bodyAfterDelete } = await supertest .get(`${BASE_ALERTING_API_PATH}/rules/_find`) diff --git a/x-pack/solutions/security/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_delete/trial_license_complete_tier/delete_rules_ess.ts b/x-pack/solutions/security/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_delete/trial_license_complete_tier/delete_rules_ess.ts index 9c188cc6ad0b7..014336885f015 100644 --- a/x-pack/solutions/security/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_delete/trial_license_complete_tier/delete_rules_ess.ts +++ b/x-pack/solutions/security/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_delete/trial_license_complete_tier/delete_rules_ess.ts @@ -26,7 +26,7 @@ import { FtrProviderContext } from '../../../../../ftr_provider_context'; export default ({ getService }: FtrProviderContext): void => { const supertest = getService('supertest'); - const securitySolutionApi = getService('securitySolutionApi'); + const detectionsApi = getService('detectionsApi'); const log = getService('log'); const es = getService('es'); @@ -60,7 +60,7 @@ export default ({ getService }: FtrProviderContext): void => { }); it('deletes rule with investigation fields as array', async () => { - const { body } = await securitySolutionApi + const { body } = await detectionsApi .deleteRule({ query: { rule_id: ruleWithLegacyInvestigationField.params.ruleId } }) .expect(200); @@ -71,7 +71,7 @@ export default ({ getService }: FtrProviderContext): void => { }); it('deletes rule with investigation fields as empty array', async () => { - const { body } = await securitySolutionApi + const { body } = await detectionsApi .deleteRule({ query: { rule_id: ruleWithLegacyInvestigationFieldEmptyArray.params.ruleId }, }) @@ -82,7 +82,7 @@ export default ({ getService }: FtrProviderContext): void => { }); it('deletes rule with investigation fields as intended object type', async () => { - const { body } = await securitySolutionApi + const { body } = await detectionsApi .deleteRule({ query: { rule_id: 'rule-with-investigation-field' } }) .expect(200); diff --git a/x-pack/solutions/security/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/basic_license_essentials_tier/export_rules.ts b/x-pack/solutions/security/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/basic_license_essentials_tier/export_rules.ts index de7a7e826ed83..5c7e5e43b4c42 100644 --- a/x-pack/solutions/security/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/basic_license_essentials_tier/export_rules.ts +++ b/x-pack/solutions/security/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/basic_license_essentials_tier/export_rules.ts @@ -15,7 +15,7 @@ import { deleteAllRules } from '../../../../../config/services/detections_respon export default ({ getService }: FtrProviderContext): void => { const supertest = getService('supertest'); const log = getService('log'); - const securitySolutionApi = getService('securitySolutionApi'); + const detectionsApi = getService('detectionsApi'); describe('@ess @serverless @serverlessQA export_rules', () => { describe('exporting rules', () => { @@ -26,9 +26,9 @@ export default ({ getService }: FtrProviderContext): void => { it('should set the response content types to be expected', async () => { const ruleToExport = getCustomQueryRuleParams(); - await securitySolutionApi.createRule({ body: ruleToExport }); + await detectionsApi.createRule({ body: ruleToExport }); - await securitySolutionApi + await detectionsApi .exportRules({ query: {}, body: null }) .expect(200) .expect('Content-Type', 'application/ndjson') @@ -38,9 +38,9 @@ export default ({ getService }: FtrProviderContext): void => { it('should export a single rule with a rule_id', async () => { const ruleToExport = getCustomQueryRuleParams(); - await securitySolutionApi.createRule({ body: ruleToExport }); + await detectionsApi.createRule({ body: ruleToExport }); - const { body } = await securitySolutionApi + const { body } = await detectionsApi .exportRules({ query: {}, body: null }) .expect(200) .parse(binaryToString); @@ -52,15 +52,15 @@ export default ({ getService }: FtrProviderContext): void => { it('exports a set of custom rules via the _export API', async () => { await Promise.all([ - securitySolutionApi + detectionsApi .createRule({ body: getCustomQueryRuleParams({ rule_id: 'rule-id-1' }) }) .expect(200), - securitySolutionApi + detectionsApi .createRule({ body: getCustomQueryRuleParams({ rule_id: 'rule-id-2' }) }) .expect(200), ]); - const { body: exportResult } = await securitySolutionApi + const { body: exportResult } = await detectionsApi .exportRules({ query: {}, body: null }) .expect(200) .parse(binaryToString); @@ -109,9 +109,9 @@ export default ({ getService }: FtrProviderContext): void => { ], }; - await securitySolutionApi.createRule({ body: ruleToExport }); + await detectionsApi.createRule({ body: ruleToExport }); - const { body } = await securitySolutionApi + const { body } = await detectionsApi .exportRules({ query: {}, body: null }) .expect(200) .parse(binaryToString); @@ -124,9 +124,9 @@ export default ({ getService }: FtrProviderContext): void => { it('should have export summary reflecting a number of rules', async () => { const ruleToExport = getCustomQueryRuleParams(); - await securitySolutionApi.createRule({ body: ruleToExport }); + await detectionsApi.createRule({ body: ruleToExport }); - const { body } = await securitySolutionApi + const { body } = await detectionsApi .exportRules({ query: {}, body: null }) .expect(200) .parse(binaryToString); @@ -145,10 +145,10 @@ export default ({ getService }: FtrProviderContext): void => { const ruleToExport1 = getCustomQueryRuleParams({ rule_id: 'rule-1' }); const ruleToExport2 = getCustomQueryRuleParams({ rule_id: 'rule-2' }); - await securitySolutionApi.createRule({ body: ruleToExport1 }); - await securitySolutionApi.createRule({ body: ruleToExport2 }); + await detectionsApi.createRule({ body: ruleToExport1 }); + await detectionsApi.createRule({ body: ruleToExport2 }); - const { body } = await securitySolutionApi + const { body } = await detectionsApi .exportRules({ query: {}, body: null }) .expect(200) .parse(binaryToString); diff --git a/x-pack/solutions/security/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/basic_license_essentials_tier/import_rules.ts b/x-pack/solutions/security/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/basic_license_essentials_tier/import_rules.ts index 8feb6fc482e48..2ac4f2fb9e01d 100644 --- a/x-pack/solutions/security/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/basic_license_essentials_tier/import_rules.ts +++ b/x-pack/solutions/security/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/basic_license_essentials_tier/import_rules.ts @@ -14,7 +14,7 @@ import { deleteAllRules } from '../../../../../config/services/detections_respon export default ({ getService }: FtrProviderContext): void => { const supertest = getService('supertest'); - const securitySolutionApi = getService('securitySolutionApi'); + const detectionsApi = getService('detectionsApi'); const log = getService('log'); describe('@ess @serverless @serverlessQA import_rules', () => { @@ -26,7 +26,7 @@ export default ({ getService }: FtrProviderContext): void => { it('should set the response content types to be expected', async () => { const ndjson = combineToNdJson(getCustomQueryRuleParams()); - await securitySolutionApi + await detectionsApi .importRules({ query: {} }) .attach('file', Buffer.from(ndjson), 'rules.ndjson') .expect('Content-Type', 'application/json; charset=utf-8') @@ -34,7 +34,7 @@ export default ({ getService }: FtrProviderContext): void => { }); it('should reject with an error if the file type is not that of a ndjson', async () => { - const { body } = await securitySolutionApi + const { body } = await detectionsApi .importRules({ query: {} }) .attach('file', Buffer.from(''), 'rules.txt') .expect(400); @@ -48,7 +48,7 @@ export default ({ getService }: FtrProviderContext): void => { it('should report that it imported a simple rule successfully', async () => { const ndjson = combineToNdJson(getCustomQueryRuleParams()); - const { body } = await securitySolutionApi + const { body } = await detectionsApi .importRules({ query: {} }) .attach('file', Buffer.from(ndjson), 'rules.ndjson') .expect(200); @@ -65,12 +65,12 @@ export default ({ getService }: FtrProviderContext): void => { const ruleToImport = getCustomQueryRuleParams({ rule_id: 'rule-to-import' }); const ndjson = combineToNdJson(ruleToImport); - await securitySolutionApi + await detectionsApi .importRules({ query: {} }) .attach('file', Buffer.from(ndjson), 'rules.ndjson') .expect(200); - const { body: importedRule } = await securitySolutionApi + const { body: importedRule } = await detectionsApi .readRule({ query: { rule_id: 'rule-to-import' }, }) @@ -87,7 +87,7 @@ export default ({ getService }: FtrProviderContext): void => { }) ); - const { body } = await securitySolutionApi + const { body } = await detectionsApi .importRules({ query: {} }) .attach('file', Buffer.from(ndjson), 'rules.ndjson') .expect(200); @@ -107,7 +107,7 @@ export default ({ getService }: FtrProviderContext): void => { }) ); - const { body } = await securitySolutionApi + const { body } = await detectionsApi .importRules({ query: {} }) .attach('file', Buffer.from(ndjson), 'rules.ndjson') .expect(200); @@ -146,12 +146,12 @@ export default ({ getService }: FtrProviderContext): void => { const ndjson = combineToNdJson(ruleToImport); - await securitySolutionApi + await detectionsApi .importRules({ query: {} }) .attach('file', Buffer.from(ndjson), 'rules.ndjson') .expect(200); - const { body: importedRule } = await securitySolutionApi + const { body: importedRule } = await detectionsApi .readRule({ query: { rule_id: 'rule-1' }, }) @@ -170,7 +170,7 @@ export default ({ getService }: FtrProviderContext): void => { }) ); - const { body } = await securitySolutionApi + const { body } = await detectionsApi .importRules({ query: {} }) .attach('file', Buffer.from(ndjson), 'rules.ndjson') .expect(200); @@ -195,7 +195,7 @@ export default ({ getService }: FtrProviderContext): void => { }) ) ); - const { body } = await securitySolutionApi + const { body } = await detectionsApi .importRules({ query: {} }) .attach('file', Buffer.from(ndjson), 'rules.ndjson') .expect(200); @@ -234,7 +234,7 @@ export default ({ getService }: FtrProviderContext): void => { ) ); - const { body } = await securitySolutionApi + const { body } = await detectionsApi .importRules({ query: {} }) .attach('file', Buffer.from(ndjson), 'rules.ndjson') .expect(500); @@ -255,7 +255,7 @@ export default ({ getService }: FtrProviderContext): void => { }) ); - const { body } = await securitySolutionApi + const { body } = await detectionsApi .importRules({ query: {} }) .attach('file', Buffer.from(ndjson), 'rules.ndjson') .expect(200); @@ -286,7 +286,7 @@ export default ({ getService }: FtrProviderContext): void => { }) ); - const { body } = await securitySolutionApi + const { body } = await detectionsApi .importRules({ query: { overwrite: true } }) .attach('file', Buffer.from(ndjson), 'rules.ndjson') .expect(200); @@ -304,11 +304,11 @@ export default ({ getService }: FtrProviderContext): void => { rule_id: 'rule-1', }); - await securitySolutionApi.createRule({ body: ruleToImport }); + await detectionsApi.createRule({ body: ruleToImport }); const ndjson = combineToNdJson(ruleToImport); - const { body } = await securitySolutionApi + const { body } = await detectionsApi .importRules({ query: {} }) .attach('file', Buffer.from(ndjson), 'rules.ndjson') .expect(200); @@ -334,11 +334,11 @@ export default ({ getService }: FtrProviderContext): void => { rule_id: 'rule-1', }); - await securitySolutionApi.createRule({ body: ruleToImport }); + await detectionsApi.createRule({ body: ruleToImport }); const ndjson = combineToNdJson(ruleToImport); - const { body } = await securitySolutionApi + const { body } = await detectionsApi .importRules({ query: { overwrite: true } }) .attach('file', Buffer.from(ndjson), 'rules.ndjson') .expect(200); @@ -356,7 +356,7 @@ export default ({ getService }: FtrProviderContext): void => { rule_id: 'rule-to-overwrite', }); - await securitySolutionApi.createRule({ body: ruleToImport }); + await detectionsApi.createRule({ body: ruleToImport }); const ndjson = combineToNdJson( getCustomQueryRuleParams({ @@ -365,12 +365,12 @@ export default ({ getService }: FtrProviderContext): void => { }) ); - await securitySolutionApi + await detectionsApi .importRules({ query: { overwrite: true } }) .attach('file', Buffer.from(ndjson), 'rules.ndjson') .expect(200); - const { body: importedRule } = await securitySolutionApi + const { body: importedRule } = await detectionsApi .readRule({ query: { rule_id: 'rule-to-overwrite' }, }) @@ -386,9 +386,9 @@ export default ({ getService }: FtrProviderContext): void => { rule_id: 'rule-to-overwrite', }); - await securitySolutionApi.createRule({ body: ruleToImport }); + await detectionsApi.createRule({ body: ruleToImport }); - const { body: ruleBeforeOverwriting } = await securitySolutionApi + const { body: ruleBeforeOverwriting } = await detectionsApi .readRule({ query: { rule_id: 'rule-to-overwrite' }, }) @@ -401,12 +401,12 @@ export default ({ getService }: FtrProviderContext): void => { }) ); - await securitySolutionApi + await detectionsApi .importRules({ query: { overwrite: true } }) .attach('file', Buffer.from(ndjson), 'rules.ndjson') .expect(200); - const { body: ruleAfterOverwriting } = await securitySolutionApi + const { body: ruleAfterOverwriting } = await detectionsApi .readRule({ query: { rule_id: 'rule-to-overwrite' }, }) @@ -425,7 +425,7 @@ export default ({ getService }: FtrProviderContext): void => { rule_id: 'existing-rule', }); - await securitySolutionApi.createRule({ body: ruleToImport }); + await detectionsApi.createRule({ body: ruleToImport }); const ndjson = combineToNdJson( getCustomQueryRuleParams({ @@ -439,7 +439,7 @@ export default ({ getService }: FtrProviderContext): void => { }) ); - const { body } = await securitySolutionApi + const { body } = await detectionsApi .importRules({ query: {} }) .attach('file', Buffer.from(ndjson), 'rules.ndjson') .expect(200); @@ -461,12 +461,12 @@ export default ({ getService }: FtrProviderContext): void => { }); it('should report a mix of conflicts and a mix of successes', async () => { - await securitySolutionApi.createRule({ + await detectionsApi.createRule({ body: getCustomQueryRuleParams({ rule_id: 'existing-rule-1', }), }); - await securitySolutionApi.createRule({ + await detectionsApi.createRule({ body: getCustomQueryRuleParams({ rule_id: 'existing-rule-2', }), @@ -484,7 +484,7 @@ export default ({ getService }: FtrProviderContext): void => { }) ); - const { body } = await securitySolutionApi + const { body } = await detectionsApi .importRules({ query: {} }) .attach('file', Buffer.from(ndjson), 'rules.ndjson') .expect(200); @@ -523,29 +523,29 @@ export default ({ getService }: FtrProviderContext): void => { rule_id: 'non-existing-rule', }); - await securitySolutionApi.createRule({ body: existingRule1 }); - await securitySolutionApi.createRule({ body: existingRule2 }); + await detectionsApi.createRule({ body: existingRule1 }); + await detectionsApi.createRule({ body: existingRule2 }); const ndjson = combineToNdJson(existingRule1, existingRule2, ruleToImportSuccessfully); - await securitySolutionApi + await detectionsApi .importRules({ query: {} }) .attach('file', Buffer.from(ndjson), 'rules.ndjson') .expect(200); - const { body: rule1 } = await securitySolutionApi + const { body: rule1 } = await detectionsApi .readRule({ query: { rule_id: 'existing-rule-1' }, }) .expect(200); - const { body: rule2 } = await securitySolutionApi + const { body: rule2 } = await detectionsApi .readRule({ query: { rule_id: 'existing-rule-2' }, }) .expect(200); - const { body: rule3 } = await securitySolutionApi + const { body: rule3 } = await detectionsApi .readRule({ query: { rule_id: 'non-existing-rule' }, }) diff --git a/x-pack/solutions/security/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/trial_license_complete_tier/import_rules.ts b/x-pack/solutions/security/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/trial_license_complete_tier/import_rules.ts index fca62b97a55fb..c1825af86fc87 100644 --- a/x-pack/solutions/security/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/trial_license_complete_tier/import_rules.ts +++ b/x-pack/solutions/security/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/trial_license_complete_tier/import_rules.ts @@ -39,8 +39,8 @@ const RULE_TO_IMPORT_RULE_ID_2 = 'another-imported-rule'; export default ({ getService }: FtrProviderContext): void => { const supertest = getService('supertest'); - const securitySolutionApi = getService('securitySolutionApi'); - const securitySolutionExceptionsApi = getService('securitySolutionExceptionsApi'); + const detectionsApi = getService('detectionsApi'); + const exceptionsApi = getService('exceptionsApi'); const log = getService('log'); const spacesServices = getService('spaces'); @@ -187,7 +187,7 @@ export default ({ getService }: FtrProviderContext): void => { spaceId: kibanaSpaceId, }); - const { body: importedRule } = await securitySolutionApi.readRule( + const { body: importedRule } = await detectionsApi.readRule( { query: { rule_id: RULE_TO_IMPORT_RULE_ID }, }, @@ -224,7 +224,7 @@ export default ({ getService }: FtrProviderContext): void => { spaceId: kibanaSpaceId, }); - const { body: importedRule } = await securitySolutionApi.readRule( + const { body: importedRule } = await detectionsApi.readRule( { query: { rule_id: RULE_TO_IMPORT_RULE_ID }, }, @@ -261,7 +261,7 @@ export default ({ getService }: FtrProviderContext): void => { spaceId: kibanaSpaceId, }); - const { body: importedRule1 } = await securitySolutionApi.readRule( + const { body: importedRule1 } = await detectionsApi.readRule( { query: { rule_id: RULE_TO_IMPORT_RULE_ID }, }, @@ -270,7 +270,7 @@ export default ({ getService }: FtrProviderContext): void => { expect(importedRule1).toMatchObject(IMPORT_PAYLOAD[0]); - const { body: importedRule2 } = await securitySolutionApi.readRule( + const { body: importedRule2 } = await detectionsApi.readRule( { query: { rule_id: RULE_TO_IMPORT_RULE_ID_2 }, }, @@ -310,7 +310,7 @@ export default ({ getService }: FtrProviderContext): void => { spaceId: kibanaSpaceId, }); - const { body: importedRule } = await securitySolutionApi.readRule( + const { body: importedRule } = await detectionsApi.readRule( { query: { rule_id: RULE_TO_IMPORT_RULE_ID }, }, @@ -414,7 +414,7 @@ export default ({ getService }: FtrProviderContext): void => { query: ReadExceptionListRequestQueryInput; expected: Record; }) => { - const { body: exceptionList } = await securitySolutionExceptionsApi + const { body: exceptionList } = await exceptionsApi .readExceptionList( { query, @@ -432,7 +432,7 @@ export default ({ getService }: FtrProviderContext): void => { query: ReadExceptionListItemRequestQueryInput; expected: Record; }) => { - const { body: exceptionListItem } = await securitySolutionExceptionsApi + const { body: exceptionListItem } = await exceptionsApi .readExceptionListItem( { query, @@ -488,7 +488,7 @@ export default ({ getService }: FtrProviderContext): void => { exceptions_success_count: 1, }); - const { body: importedRule } = await securitySolutionApi.readRule( + const { body: importedRule } = await detectionsApi.readRule( { query: { rule_id: RULE_TO_IMPORT_RULE_ID }, }, @@ -564,7 +564,7 @@ export default ({ getService }: FtrProviderContext): void => { exceptions_success_count: 1, }); - const { body: importedRule } = await securitySolutionApi.readRule( + const { body: importedRule } = await detectionsApi.readRule( { query: { rule_id: RULE_TO_IMPORT_RULE_ID }, }, @@ -674,7 +674,7 @@ export default ({ getService }: FtrProviderContext): void => { exceptions_success_count: 1, }); - const { body: importedRule } = await securitySolutionApi.readRule( + const { body: importedRule } = await detectionsApi.readRule( { query: { rule_id: RULE_TO_IMPORT_RULE_ID }, }, @@ -772,7 +772,7 @@ export default ({ getService }: FtrProviderContext): void => { }); it('removes non-existent exception list from the imported rule', async () => { - const { body: exceptionBody } = await securitySolutionExceptionsApi + const { body: exceptionBody } = await exceptionsApi .createExceptionList( { body: { @@ -831,7 +831,7 @@ export default ({ getService }: FtrProviderContext): void => { exceptions_success_count: 0, }); - const { body: importedRule } = await securitySolutionApi.readRule( + const { body: importedRule } = await detectionsApi.readRule( { query: { rule_id: RULE_TO_IMPORT_RULE_ID }, }, @@ -1527,7 +1527,7 @@ export default ({ getService }: FtrProviderContext): void => { overwrite: false, }); - const { body: importedRule } = await securitySolutionApi.readRule({ + const { body: importedRule } = await detectionsApi.readRule({ query: { rule_id: RULE_TO_IMPORT_RULE_ID }, }); @@ -1564,7 +1564,7 @@ export default ({ getService }: FtrProviderContext): void => { spaceId, }); - const { body: importedRule } = await securitySolutionApi.readRule( + const { body: importedRule } = await detectionsApi.readRule( { query: { rule_id: RULE_TO_IMPORT_RULE_ID }, }, diff --git a/x-pack/solutions/security/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_patch/basic_license_essentials_tier/patch_rules.ts b/x-pack/solutions/security/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_patch/basic_license_essentials_tier/patch_rules.ts index be094ecb91f38..f80143f762f72 100644 --- a/x-pack/solutions/security/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_patch/basic_license_essentials_tier/patch_rules.ts +++ b/x-pack/solutions/security/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_patch/basic_license_essentials_tier/patch_rules.ts @@ -21,7 +21,7 @@ import { export default ({ getService }: FtrProviderContext) => { const supertest = getService('supertest'); - const securitySolutionApi = getService('securitySolutionApi'); + const detectionsApi = getService('detectionsApi'); const log = getService('log'); const utils = getService('securitySolutionUtils'); @@ -35,7 +35,7 @@ export default ({ getService }: FtrProviderContext) => { await createRule(supertest, log, getSimpleRule('rule-1')); // patch a simple rule's name - const { body } = await securitySolutionApi + const { body } = await detectionsApi .patchRule({ body: { rule_id: 'rule-1', name: 'some other name' } }) .expect(200); @@ -65,11 +65,11 @@ export default ({ getService }: FtrProviderContext) => { required_fields: [{ name: '@timestamp', type: 'date', ecs: true }], }; - await securitySolutionApi.createRule({ + await detectionsApi.createRule({ body: getCustomQueryRuleParams({ rule_id: 'rule-1' }), }); - const { body: patchedRuleResponse } = await securitySolutionApi + const { body: patchedRuleResponse } = await detectionsApi .patchRule({ body: { ...rulePatchProperties, @@ -79,7 +79,7 @@ export default ({ getService }: FtrProviderContext) => { expect(patchedRuleResponse).toMatchObject(expectedRule); - const { body: patchedRule } = await securitySolutionApi + const { body: patchedRule } = await detectionsApi .readRule({ query: { rule_id: 'rule-1' }, }) @@ -95,7 +95,7 @@ export default ({ getService }: FtrProviderContext) => { await createRule(supertest, log, getSimpleRule('rule-1')); // patch a simple rule's type to machine learning - const { body } = await securitySolutionApi + const { body } = await detectionsApi .patchRule({ body: { rule_id: 'rule-1', type: 'machine_learning' } }) .expect(403); @@ -113,7 +113,7 @@ export default ({ getService }: FtrProviderContext) => { const createRuleBody = await createRule(supertest, log, rule); // patch a simple rule's name - const { body } = await securitySolutionApi + const { body } = await detectionsApi .patchRule({ body: { rule_id: createRuleBody.rule_id, name: 'some other name' } }) .expect(200); @@ -130,7 +130,7 @@ export default ({ getService }: FtrProviderContext) => { const createdBody = await createRule(supertest, log, getSimpleRule('rule-1')); // patch a simple rule's name - const { body } = await securitySolutionApi + const { body } = await detectionsApi .patchRule({ body: { id: createdBody.id, name: 'some other name' } }) .expect(200); @@ -147,7 +147,7 @@ export default ({ getService }: FtrProviderContext) => { await createRule(supertest, log, getSimpleRule('rule-1')); // patch a simple rule's enabled to false - const { body } = await securitySolutionApi + const { body } = await detectionsApi .patchRule({ body: { rule_id: 'rule-1', enabled: false } }) .expect(200); @@ -163,7 +163,7 @@ export default ({ getService }: FtrProviderContext) => { await createRule(supertest, log, getSimpleRule('rule-1')); // patch a simple rule's enabled to false and another property - const { body } = await securitySolutionApi + const { body } = await detectionsApi .patchRule({ body: { rule_id: 'rule-1', severity: 'low', enabled: false } }) .expect(200); @@ -181,14 +181,14 @@ export default ({ getService }: FtrProviderContext) => { await createRule(supertest, log, getSimpleRule('rule-1')); // patch a simple rule's timeline_title - await securitySolutionApi + await detectionsApi .patchRule({ body: { rule_id: 'rule-1', timeline_title: 'some title', timeline_id: 'some id' }, }) .expect(200); // patch a simple rule's name - const { body } = await securitySolutionApi + const { body } = await detectionsApi .patchRule({ body: { rule_id: 'rule-1', name: 'some other name' } }) .expect(200); @@ -204,7 +204,7 @@ export default ({ getService }: FtrProviderContext) => { }); it('should give a 404 if it is given a fake id', async () => { - const { body } = await securitySolutionApi + const { body } = await detectionsApi .patchRule({ body: { id: '5096dec6-b6b9-4d8d-8f93-6c2602079d9d', name: 'some other name' }, }) @@ -217,7 +217,7 @@ export default ({ getService }: FtrProviderContext) => { }); it('should give a 404 if it is given a fake rule_id', async () => { - const { body } = await securitySolutionApi + const { body } = await detectionsApi .patchRule({ body: { rule_id: 'fake_id', name: 'some other name' } }) .expect(404); @@ -229,11 +229,11 @@ export default ({ getService }: FtrProviderContext) => { describe('max signals', () => { it('does NOT patch a rule when max_signals is less than 1', async () => { - await securitySolutionApi.createRule({ + await detectionsApi.createRule({ body: getCustomQueryRuleParams({ rule_id: 'rule-1', max_signals: 100 }), }); - const { body } = await securitySolutionApi + const { body } = await detectionsApi .patchRule({ body: { rule_id: 'rule-1', @@ -249,7 +249,7 @@ export default ({ getService }: FtrProviderContext) => { }); it('should not change required_fields when not present in patch body', async () => { - await securitySolutionApi.createRule({ + await detectionsApi.createRule({ body: getCustomQueryRuleParams({ rule_id: 'rule-1', required_fields: [ @@ -262,7 +262,7 @@ export default ({ getService }: FtrProviderContext) => { }); // patch a simple rule's name - const { body: patchedRule } = await securitySolutionApi + const { body: patchedRule } = await detectionsApi .patchRule({ body: { rule_id: 'rule-1', name: 'some other name' } }) .expect(200); diff --git a/x-pack/solutions/security/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_read/basic_license_essentials_tier/find_rules.ts b/x-pack/solutions/security/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_read/basic_license_essentials_tier/find_rules.ts index 5003ef7c775fb..5cb2d7e2cc297 100644 --- a/x-pack/solutions/security/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_read/basic_license_essentials_tier/find_rules.ts +++ b/x-pack/solutions/security/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_read/basic_license_essentials_tier/find_rules.ts @@ -20,7 +20,7 @@ import { createRule, deleteAllRules } from '../../../../../config/services/detec export default ({ getService }: FtrProviderContext): void => { const supertest = getService('supertest'); - const securitySolutionApi = getService('securitySolutionApi'); + const detectionsApi = getService('detectionsApi'); const log = getService('log'); const utils = getService('securitySolutionUtils'); @@ -30,7 +30,7 @@ export default ({ getService }: FtrProviderContext): void => { }); it('should return an empty find body correctly if no rules are loaded', async () => { - const { body } = await securitySolutionApi.findRules({ query: {} }).expect(200); + const { body } = await detectionsApi.findRules({ query: {} }).expect(200); expect(body).to.eql({ data: [], @@ -44,7 +44,7 @@ export default ({ getService }: FtrProviderContext): void => { await createRule(supertest, log, getSimpleRule()); // query the single rule from _find - const { body } = await securitySolutionApi.findRules({ query: {} }).expect(200); + const { body } = await detectionsApi.findRules({ query: {} }).expect(200); body.data = [removeServerGeneratedProperties(body.data[0])]; const expectedRule = updateUsername(getSimpleRuleOutput(), await utils.getUsername()); @@ -59,10 +59,10 @@ export default ({ getService }: FtrProviderContext): void => { it('should return a single rule when a single rule is loaded from a find with everything for the rule added', async () => { // add a single rule - await securitySolutionApi.createRule({ body: getComplexRule() }).expect(200); + await detectionsApi.createRule({ body: getComplexRule() }).expect(200); // query and expect that we get back one record in the find - const { body } = await securitySolutionApi.findRules({ query: {} }).expect(200); + const { body } = await detectionsApi.findRules({ query: {} }).expect(200); body.data = [removeServerGeneratedProperties(body.data[0])]; const expectedRule = updateUsername(getComplexRuleOutput(), await utils.getUsername()); diff --git a/x-pack/solutions/security/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_read/basic_license_essentials_tier/read_rules.ts b/x-pack/solutions/security/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_read/basic_license_essentials_tier/read_rules.ts index a328643125ac1..5c653139829f0 100644 --- a/x-pack/solutions/security/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_read/basic_license_essentials_tier/read_rules.ts +++ b/x-pack/solutions/security/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_read/basic_license_essentials_tier/read_rules.ts @@ -26,7 +26,7 @@ import { export default ({ getService }: FtrProviderContext) => { const supertest = getService('supertest'); - const securitySolutionApi = getService('securitySolutionApi'); + const detectionsApi = getService('detectionsApi'); const log = getService('log'); const es = getService('es'); const utils = getService('securitySolutionUtils'); @@ -45,9 +45,7 @@ export default ({ getService }: FtrProviderContext) => { it('should be able to read a single rule using rule_id', async () => { await createRule(supertest, log, getSimpleRule()); - const { body } = await securitySolutionApi - .readRule({ query: { rule_id: 'rule-1' } }) - .expect(200); + const { body } = await detectionsApi.readRule({ query: { rule_id: 'rule-1' } }).expect(200); const bodyToCompare = removeServerGeneratedProperties(body); const expectedRule = updateUsername(getSimpleRuleOutput(), await utils.getUsername()); @@ -58,7 +56,7 @@ export default ({ getService }: FtrProviderContext) => { it('should be able to read a single rule using id', async () => { const createRuleBody = await createRule(supertest, log, getSimpleRule()); - const { body } = await securitySolutionApi + const { body } = await detectionsApi .readRule({ query: { id: createRuleBody.id } }) .expect(200); @@ -71,7 +69,7 @@ export default ({ getService }: FtrProviderContext) => { it('should be able to read a single rule with an auto-generated rule_id', async () => { const createRuleBody = await createRule(supertest, log, getSimpleRuleWithoutRuleId()); - const { body } = await securitySolutionApi + const { body } = await detectionsApi .readRule({ query: { rule_id: createRuleBody.rule_id } }) .expect(200); @@ -85,7 +83,7 @@ export default ({ getService }: FtrProviderContext) => { }); it('should return 404 if given a fake id', async () => { - const { body } = await securitySolutionApi + const { body } = await detectionsApi .readRule({ query: { id: 'c1e1b359-7ac1-4e96-bc81-c683c092436f' } }) .expect(404); @@ -96,7 +94,7 @@ export default ({ getService }: FtrProviderContext) => { }); it('should return 404 if given a fake rule_id', async () => { - const { body } = await securitySolutionApi + const { body } = await detectionsApi .readRule({ query: { rule_id: 'fake_id' } }) .expect(404); diff --git a/x-pack/solutions/security/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_read/trial_license_complete_tier/find_rules.ts b/x-pack/solutions/security/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_read/trial_license_complete_tier/find_rules.ts index 07755d1006c20..cf5e98d28ac12 100644 --- a/x-pack/solutions/security/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_read/trial_license_complete_tier/find_rules.ts +++ b/x-pack/solutions/security/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_read/trial_license_complete_tier/find_rules.ts @@ -21,7 +21,7 @@ import { FtrProviderContext } from '../../../../../ftr_provider_context'; export default ({ getService }: FtrProviderContext): void => { const supertest = getService('supertest'); - const securitySolutionApi = getService('securitySolutionApi'); + const detectionsApi = getService('detectionsApi'); const log = getService('log'); const utils = getService('securitySolutionUtils'); @@ -31,7 +31,7 @@ export default ({ getService }: FtrProviderContext): void => { }); it('should return an empty find body correctly if no rules are loaded', async () => { - const { body } = await securitySolutionApi.findRules({ query: {} }).expect(200); + const { body } = await detectionsApi.findRules({ query: {} }).expect(200); expect(body).to.eql({ data: [], @@ -45,7 +45,7 @@ export default ({ getService }: FtrProviderContext): void => { await createRule(supertest, log, getSimpleRule()); // query the single rule from _find - const { body } = await securitySolutionApi.findRules({ query: {} }).expect(200); + const { body } = await detectionsApi.findRules({ query: {} }).expect(200); body.data = [removeServerGeneratedProperties(body.data[0])]; const expectedRule = updateUsername(getSimpleRuleOutput(), await utils.getUsername()); @@ -60,10 +60,10 @@ export default ({ getService }: FtrProviderContext): void => { it('should return a single rule when a single rule is loaded from a find with everything for the rule added', async () => { // add a single rule - await securitySolutionApi.createRule({ body: getComplexRule() }).expect(200); + await detectionsApi.createRule({ body: getComplexRule() }).expect(200); // query and expect that we get back one record in the find - const { body } = await securitySolutionApi.findRules({ query: {} }).expect(200); + const { body } = await detectionsApi.findRules({ query: {} }).expect(200); body.data = [removeServerGeneratedProperties(body.data[0])]; const expectedRule = updateUsername(getComplexRuleOutput(), await utils.getUsername()); @@ -100,7 +100,7 @@ export default ({ getService }: FtrProviderContext): void => { await createRule(supertest, log, rule); // query the single rule from _find - const { body } = await securitySolutionApi.findRules({ query: {} }).expect(200); + const { body } = await detectionsApi.findRules({ query: {} }).expect(200); const expectedRule = updateUsername(getSimpleRuleOutput(), await utils.getUsername()); const ruleWithActions: ReturnType = { @@ -148,7 +148,7 @@ export default ({ getService }: FtrProviderContext): void => { await createRule(supertest, log, rule); // query the single rule from _find - const { body } = await securitySolutionApi.findRules({ query: {} }).expect(200); + const { body } = await detectionsApi.findRules({ query: {} }).expect(200); const expectedRule = updateUsername(getSimpleRuleOutput(), await utils.getUsername()); const ruleWithActions: ReturnType = { diff --git a/x-pack/solutions/security/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_read/trial_license_complete_tier/read_rules.ts b/x-pack/solutions/security/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_read/trial_license_complete_tier/read_rules.ts index 5e65463b096f6..1f39b27c66164 100644 --- a/x-pack/solutions/security/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_read/trial_license_complete_tier/read_rules.ts +++ b/x-pack/solutions/security/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_read/trial_license_complete_tier/read_rules.ts @@ -26,7 +26,7 @@ import { FtrProviderContext } from '../../../../../ftr_provider_context'; export default ({ getService }: FtrProviderContext) => { const supertest = getService('supertest'); - const securitySolutionApi = getService('securitySolutionApi'); + const detectionsApi = getService('detectionsApi'); const log = getService('log'); const es = getService('es'); const utils = getService('securitySolutionUtils'); @@ -45,9 +45,7 @@ export default ({ getService }: FtrProviderContext) => { it('should be able to read a single rule using rule_id', async () => { await createRule(supertest, log, getSimpleRule()); - const { body } = await securitySolutionApi - .readRule({ query: { rule_id: 'rule-1' } }) - .expect(200); + const { body } = await detectionsApi.readRule({ query: { rule_id: 'rule-1' } }).expect(200); const bodyToCompare = removeServerGeneratedProperties(body); const expectedRule = updateUsername(getSimpleRuleOutput(), await utils.getUsername()); @@ -58,7 +56,7 @@ export default ({ getService }: FtrProviderContext) => { it('should be able to read a single rule using id', async () => { const createRuleBody = await createRule(supertest, log, getSimpleRule()); - const { body } = await securitySolutionApi + const { body } = await detectionsApi .readRule({ query: { id: createRuleBody.id } }) .expect(200); @@ -71,7 +69,7 @@ export default ({ getService }: FtrProviderContext) => { it('should be able to read a single rule with an auto-generated rule_id', async () => { const createRuleBody = await createRule(supertest, log, getSimpleRuleWithoutRuleId()); - const { body } = await securitySolutionApi + const { body } = await detectionsApi .readRule({ query: { rule_id: createRuleBody.rule_id } }) .expect(200); @@ -85,7 +83,7 @@ export default ({ getService }: FtrProviderContext) => { }); it('should return 404 if given a fake id', async () => { - const { body } = await securitySolutionApi + const { body } = await detectionsApi .readRule({ query: { id: 'c1e1b359-7ac1-4e96-bc81-c683c092436f' } }) .expect(404); @@ -96,7 +94,7 @@ export default ({ getService }: FtrProviderContext) => { }); it('should return 404 if given a fake rule_id', async () => { - const { body } = await securitySolutionApi + const { body } = await detectionsApi .readRule({ query: { rule_id: 'fake_id' } }) .expect(404); @@ -128,7 +126,7 @@ export default ({ getService }: FtrProviderContext) => { }; const createRuleBody = await createRule(supertest, log, rule); - const { body } = await securitySolutionApi + const { body } = await detectionsApi .readRule({ query: { id: createRuleBody.id } }) .expect(200); @@ -173,7 +171,7 @@ export default ({ getService }: FtrProviderContext) => { const createRuleBody = await createRule(supertest, log, rule); - const { body } = await securitySolutionApi + const { body } = await detectionsApi .readRule({ query: { id: createRuleBody.id } }) .expect(200); diff --git a/x-pack/solutions/security/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_update/basic_license_essentials_tier/update_rules.ts b/x-pack/solutions/security/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_update/basic_license_essentials_tier/update_rules.ts index 0a599e6cf78ab..1365a2fcd78fe 100644 --- a/x-pack/solutions/security/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_update/basic_license_essentials_tier/update_rules.ts +++ b/x-pack/solutions/security/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_update/basic_license_essentials_tier/update_rules.ts @@ -28,7 +28,7 @@ import { export default ({ getService }: FtrProviderContext) => { const supertest = getService('supertest'); - const securitySolutionApi = getService('securitySolutionApi'); + const detectionsApi = getService('detectionsApi'); const log = getService('log'); const es = getService('es'); const utils = getService('securitySolutionUtils'); @@ -53,7 +53,7 @@ export default ({ getService }: FtrProviderContext) => { updatedRule.name = 'some other name'; delete updatedRule.id; - const { body } = await securitySolutionApi.updateRule({ body: updatedRule }).expect(200); + const { body } = await detectionsApi.updateRule({ body: updatedRule }).expect(200); const outputRule = getSimpleRuleOutput(); outputRule.name = 'some other name'; @@ -81,11 +81,11 @@ export default ({ getService }: FtrProviderContext) => { required_fields: [{ name: '@timestamp', type: 'date', ecs: true }], }; - await securitySolutionApi.createRule({ + await detectionsApi.createRule({ body: getCustomQueryRuleParams({ rule_id: 'rule-1' }), }); - const { body: updatedRuleResponse } = await securitySolutionApi + const { body: updatedRuleResponse } = await detectionsApi .updateRule({ body: ruleUpdateProperties, }) @@ -93,7 +93,7 @@ export default ({ getService }: FtrProviderContext) => { expect(updatedRuleResponse).toMatchObject(expectedRule); - const { body: updatedRule } = await securitySolutionApi + const { body: updatedRule } = await detectionsApi .readRule({ query: { rule_id: 'rule-1' }, }) @@ -114,7 +114,7 @@ export default ({ getService }: FtrProviderContext) => { updatedRule.name = 'some other name'; delete updatedRule.id; - const { body } = await securitySolutionApi.updateRule({ body: updatedRule }).expect(403); + const { body } = await detectionsApi.updateRule({ body: updatedRule }).expect(403); expect(body).toEqual({ message: 'Your license does not support machine learning. Please upgrade your license.', @@ -134,7 +134,7 @@ export default ({ getService }: FtrProviderContext) => { updatedRule.name = 'some other name'; delete updatedRule.id; - const { body } = await securitySolutionApi.updateRule({ body: updatedRule }).expect(200); + const { body } = await detectionsApi.updateRule({ body: updatedRule }).expect(200); const outputRule = getSimpleRuleOutputWithoutRuleId(); outputRule.name = 'some other name'; @@ -154,7 +154,7 @@ export default ({ getService }: FtrProviderContext) => { updatedRule.id = createdBody.id; delete updatedRule.rule_id; - const { body } = await securitySolutionApi.updateRule({ body: updatedRule }).expect(200); + const { body } = await detectionsApi.updateRule({ body: updatedRule }).expect(200); const outputRule = getSimpleRuleOutput(); outputRule.name = 'some other name'; @@ -173,7 +173,7 @@ export default ({ getService }: FtrProviderContext) => { updatedRule.severity = 'low'; updatedRule.enabled = false; - const { body } = await securitySolutionApi.updateRule({ body: updatedRule }).expect(200); + const { body } = await detectionsApi.updateRule({ body: updatedRule }).expect(200); const outputRule = getSimpleRuleOutput(); outputRule.enabled = false; @@ -193,13 +193,13 @@ export default ({ getService }: FtrProviderContext) => { ruleUpdate.timeline_id = 'some id'; // update a simple rule's timeline_title - await securitySolutionApi.updateRule({ body: ruleUpdate }).expect(200); + await detectionsApi.updateRule({ body: ruleUpdate }).expect(200); const ruleUpdate2 = getSimpleRuleUpdate('rule-1'); ruleUpdate2.name = 'some other name'; // update a simple rule's name - const { body } = await securitySolutionApi.updateRule({ body: ruleUpdate2 }).expect(200); + const { body } = await detectionsApi.updateRule({ body: ruleUpdate2 }).expect(200); const outputRule = getSimpleRuleOutput(); outputRule.name = 'some other name'; @@ -215,7 +215,7 @@ export default ({ getService }: FtrProviderContext) => { simpleRule.id = '5096dec6-b6b9-4d8d-8f93-6c2602079d9d'; delete simpleRule.rule_id; - const { body } = await securitySolutionApi.updateRule({ body: simpleRule }).expect(404); + const { body } = await detectionsApi.updateRule({ body: simpleRule }).expect(404); expect(body).toEqual({ status_code: 404, @@ -228,7 +228,7 @@ export default ({ getService }: FtrProviderContext) => { simpleRule.rule_id = 'fake_id'; delete simpleRule.id; - const { body } = await securitySolutionApi.updateRule({ body: simpleRule }).expect(404); + const { body } = await detectionsApi.updateRule({ body: simpleRule }).expect(404); expect(body).toEqual({ status_code: 404, @@ -247,11 +247,11 @@ export default ({ getService }: FtrProviderContext) => { max_signals: 100, }); - await securitySolutionApi.createRule({ + await detectionsApi.createRule({ body: getCustomQueryRuleParams({ rule_id: 'rule-1', max_signals: 200 }), }); - const { body: updatedRuleResponse } = await securitySolutionApi + const { body: updatedRuleResponse } = await detectionsApi .updateRule({ body: getCustomQueryRuleParams({ rule_id: 'rule-1', @@ -264,11 +264,11 @@ export default ({ getService }: FtrProviderContext) => { }); it('does NOT update a rule when max_signals is less than 1', async () => { - await securitySolutionApi.createRule({ + await detectionsApi.createRule({ body: getCustomQueryRuleParams({ rule_id: 'rule-1', max_signals: 100 }), }); - const { body } = await securitySolutionApi + const { body } = await detectionsApi .updateRule({ body: getCustomQueryRuleParams({ rule_id: 'rule-1', @@ -290,14 +290,14 @@ export default ({ getService }: FtrProviderContext) => { required_fields: [], }); - await securitySolutionApi.createRule({ + await detectionsApi.createRule({ body: getCustomQueryRuleParams({ rule_id: 'required-fields-default-value-test', required_fields: [{ name: 'host.name', type: 'keyword' }], }), }); - const { body: updatedRuleResponse } = await securitySolutionApi + const { body: updatedRuleResponse } = await detectionsApi .updateRule({ body: getCustomQueryRuleParams({ rule_id: 'required-fields-default-value-test', diff --git a/x-pack/solutions/security/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_update/trial_license_complete_tier/update_rules.ts b/x-pack/solutions/security/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_update/trial_license_complete_tier/update_rules.ts index 36256c6c7b5b3..8dc05c872233a 100644 --- a/x-pack/solutions/security/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_update/trial_license_complete_tier/update_rules.ts +++ b/x-pack/solutions/security/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_update/trial_license_complete_tier/update_rules.ts @@ -43,7 +43,7 @@ import { FtrProviderContext } from '../../../../../ftr_provider_context'; export default ({ getService }: FtrProviderContext) => { const supertest = getService('supertest'); - const securitySolutionApi = getService('securitySolutionApi'); + const detectionsApi = getService('detectionsApi'); const log = getService('log'); const es = getService('es'); const utils = getService('securitySolutionUtils'); @@ -68,7 +68,7 @@ export default ({ getService }: FtrProviderContext) => { updatedRule.name = 'some other name'; delete updatedRule.id; - const { body } = await securitySolutionApi.updateRule({ body: updatedRule }).expect(200); + const { body } = await detectionsApi.updateRule({ body: updatedRule }).expect(200); const outputRule = updateUsername(getSimpleRuleOutput(), await utils.getUsername()); @@ -87,7 +87,7 @@ export default ({ getService }: FtrProviderContext) => { updatedRule.machine_learning_job_id = 'legacy_job_id'; delete updatedRule.id; - const { body } = await securitySolutionApi.updateRule({ body: updatedRule }).expect(200); + const { body } = await detectionsApi.updateRule({ body: updatedRule }).expect(200); const outputRule = updateUsername(getSimpleMlRuleOutput(), await utils.getUsername()); @@ -107,7 +107,7 @@ export default ({ getService }: FtrProviderContext) => { updatedRule.name = 'some other name'; delete updatedRule.id; - const { body } = await securitySolutionApi.updateRule({ body: updatedRule }).expect(200); + const { body } = await detectionsApi.updateRule({ body: updatedRule }).expect(200); const outputRule = updateUsername(getSimpleMlRuleOutput(), await utils.getUsername()); outputRule.name = 'some other name'; @@ -127,7 +127,7 @@ export default ({ getService }: FtrProviderContext) => { updatedRule.name = 'some other name'; delete updatedRule.id; - const { body } = await securitySolutionApi.updateRule({ body: updatedRule }).expect(200); + const { body } = await detectionsApi.updateRule({ body: updatedRule }).expect(200); const outputRule = updateUsername( getSimpleRuleOutputWithoutRuleId(), @@ -176,7 +176,7 @@ export default ({ getService }: FtrProviderContext) => { updatedRule.name = 'some other name'; delete updatedRule.id; - const { body } = await securitySolutionApi.updateRule({ body: updatedRule }).expect(200); + const { body } = await detectionsApi.updateRule({ body: updatedRule }).expect(200); const outputRule = updateUsername( getSimpleRuleOutputWithoutRuleId(), @@ -199,7 +199,7 @@ export default ({ getService }: FtrProviderContext) => { updatedRule.id = createdBody.id; delete updatedRule.rule_id; - const { body } = await securitySolutionApi.updateRule({ body: updatedRule }).expect(200); + const { body } = await detectionsApi.updateRule({ body: updatedRule }).expect(200); const outputRule = updateUsername(getSimpleRuleOutput(), await utils.getUsername()); @@ -217,7 +217,7 @@ export default ({ getService }: FtrProviderContext) => { updatedRule.severity = 'low'; updatedRule.enabled = false; - const { body } = await securitySolutionApi.updateRule({ body: updatedRule }).expect(200); + const { body } = await detectionsApi.updateRule({ body: updatedRule }).expect(200); const outputRule = updateUsername(getSimpleRuleOutput(), await utils.getUsername()); @@ -237,13 +237,13 @@ export default ({ getService }: FtrProviderContext) => { ruleUpdate.timeline_id = 'some id'; // update a simple rule's timeline_title - await securitySolutionApi.updateRule({ body: ruleUpdate }).expect(200); + await detectionsApi.updateRule({ body: ruleUpdate }).expect(200); const ruleUpdate2 = getSimpleRuleUpdate('rule-1'); ruleUpdate2.name = 'some other name'; // update a simple rule's name - const { body } = await securitySolutionApi.updateRule({ body: ruleUpdate2 }).expect(200); + const { body } = await detectionsApi.updateRule({ body: ruleUpdate2 }).expect(200); const outputRule = updateUsername(getSimpleRuleOutput(), await utils.getUsername()); @@ -259,7 +259,7 @@ export default ({ getService }: FtrProviderContext) => { simpleRule.id = '5096dec6-b6b9-4d8d-8f93-6c2602079d9d'; delete simpleRule.rule_id; - const { body } = await securitySolutionApi.updateRule({ body: simpleRule }).expect(404); + const { body } = await detectionsApi.updateRule({ body: simpleRule }).expect(404); expect(body).to.eql({ status_code: 404, @@ -272,7 +272,7 @@ export default ({ getService }: FtrProviderContext) => { simpleRule.rule_id = 'fake_id'; delete simpleRule.id; - const { body } = await securitySolutionApi.updateRule({ body: simpleRule }).expect(404); + const { body } = await detectionsApi.updateRule({ body: simpleRule }).expect(404); expect(body).to.eql({ status_code: 404, @@ -305,7 +305,7 @@ export default ({ getService }: FtrProviderContext) => { ], }; - const { body } = await securitySolutionApi.updateRule({ body: ruleUpdate }).expect(200); + const { body } = await detectionsApi.updateRule({ body: ruleUpdate }).expect(200); expect(body.exceptions_list).to.eql([ { id: '2', list_id: '456', namespace_type: 'single', type: 'rule_default' }, @@ -333,7 +333,7 @@ export default ({ getService }: FtrProviderContext) => { ], }; - const { body } = await securitySolutionApi.updateRule({ body: ruleUpdate }).expect(500); + const { body } = await detectionsApi.updateRule({ body: ruleUpdate }).expect(500); expect(body).to.eql({ message: 'More than one default exception list found on rule', @@ -355,7 +355,7 @@ export default ({ getService }: FtrProviderContext) => { }); await createRule(supertest, log, getSimpleRule('rule-2')); - const { body } = await securitySolutionApi + const { body } = await detectionsApi .updateRule({ body: { ...getSimpleRule('rule-2'), @@ -396,7 +396,7 @@ export default ({ getService }: FtrProviderContext) => { updatedRule.id = createdBody.id; delete updatedRule.rule_id; - const { body } = await securitySolutionApi + const { body } = await detectionsApi .updateRule({ body: { ...updatedRule, @@ -425,7 +425,7 @@ export default ({ getService }: FtrProviderContext) => { const { threshold, ...rule } = existingRule; // @ts-expect-error we're testing the invalid payload here - const { body } = await securitySolutionApi.updateRule({ body: rule }).expect(400); + const { body } = await detectionsApi.updateRule({ body: rule }).expect(400); expect(body).to.eql({ error: 'Bad Request', @@ -445,7 +445,7 @@ export default ({ getService }: FtrProviderContext) => { field: ['field-1', 'field-2', 'field-3', 'field-4'], }, }; - const { body } = await securitySolutionApi.updateRule({ body: rule }).expect(400); + const { body } = await detectionsApi.updateRule({ body: rule }).expect(400); expect(body).to.eql({ message: ['Number of fields must be 3 or less'], @@ -464,7 +464,7 @@ export default ({ getService }: FtrProviderContext) => { value: 0, }, }; - const { body } = await securitySolutionApi.updateRule({ body: rule }).expect(400); + const { body } = await detectionsApi.updateRule({ body: rule }).expect(400); expect(body).to.eql({ error: 'Bad Request', @@ -489,7 +489,7 @@ export default ({ getService }: FtrProviderContext) => { ], }, }; - const { body } = await securitySolutionApi.updateRule({ body: rule }).expect(400); + const { body } = await detectionsApi.updateRule({ body: rule }).expect(400); expect(body).to.eql({ message: ['Cardinality of a field that is being aggregated on is always 1'], @@ -504,7 +504,7 @@ export default ({ getService }: FtrProviderContext) => { const savedQueryRule = getSimpleSavedQueryRule(ruleId); await createRule(supertest, log, getSimpleRule(ruleId)); - const { body: outputRule } = await securitySolutionApi + const { body: outputRule } = await detectionsApi .updateRule({ body: savedQueryRule }) .expect(200); @@ -517,7 +517,7 @@ export default ({ getService }: FtrProviderContext) => { const savedQueryRule = { ...getSimpleSavedQueryRule(ruleId), query: undefined }; await createRule(supertest, log, getSimpleRule(ruleId)); - const { body: outputRule } = await securitySolutionApi + const { body: outputRule } = await detectionsApi .updateRule({ body: savedQueryRule }) .expect(200); @@ -530,7 +530,7 @@ export default ({ getService }: FtrProviderContext) => { const queryRule = getSimpleRule(ruleId); await createRule(supertest, log, getSimpleSavedQueryRule(ruleId)); - const { body: outputRule } = await securitySolutionApi + const { body: outputRule } = await detectionsApi .updateRule({ body: queryRule }) .expect(200); @@ -552,7 +552,7 @@ export default ({ getService }: FtrProviderContext) => { ruleToUpdate.id = ruleId; delete ruleToUpdate.rule_id; - const { body: updatedRule } = await securitySolutionApi + const { body: updatedRule } = await detectionsApi .updateRule({ body: ruleToUpdate }) .expect(200); @@ -734,7 +734,7 @@ export default ({ getService }: FtrProviderContext) => { investigation_fields: { field_names: ['foo', 'bar'] }, }; - const { body } = await securitySolutionApi.updateRule({ body: ruleUpdate }).expect(200); + const { body } = await detectionsApi.updateRule({ body: ruleUpdate }).expect(200); expect(body.investigation_fields.field_names).to.eql(['foo', 'bar']); }); @@ -750,7 +750,7 @@ export default ({ getService }: FtrProviderContext) => { investigation_fields: undefined, }; - const { body } = await securitySolutionApi.updateRule({ body: ruleUpdate }).expect(200); + const { body } = await detectionsApi.updateRule({ body: ruleUpdate }).expect(200); expect(body.investigation_fields).to.eql(undefined); }); diff --git a/x-pack/solutions/security/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_update/trial_license_complete_tier/update_rules_ess.ts b/x-pack/solutions/security/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_update/trial_license_complete_tier/update_rules_ess.ts index 04ea8af6ef61a..c15f982751f2e 100644 --- a/x-pack/solutions/security/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_update/trial_license_complete_tier/update_rules_ess.ts +++ b/x-pack/solutions/security/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_update/trial_license_complete_tier/update_rules_ess.ts @@ -33,7 +33,7 @@ import { FtrProviderContext } from '../../../../../ftr_provider_context'; export default ({ getService }: FtrProviderContext) => { const supertest = getService('supertest'); - const securitySolutionApi = getService('securitySolutionApi'); + const detectionsApi = getService('detectionsApi'); const log = getService('log'); const es = getService('es'); // TODO: add a new service for pulling kibana username, similar to getService('es') @@ -90,7 +90,7 @@ export default ({ getService }: FtrProviderContext) => { updatedRule.actions = [action1]; delete updatedRule.id; - const { body } = await securitySolutionApi.updateRule({ body: updatedRule }).expect(200); + const { body } = await detectionsApi.updateRule({ body: updatedRule }).expect(200); const bodyToCompare = removeServerGeneratedPropertiesIncludingRuleId(body); @@ -155,7 +155,7 @@ export default ({ getService }: FtrProviderContext) => { }; // @ts-expect-error we are testing the invalid payload - const { body } = await securitySolutionApi.updateRule({ body: updatedRule }).expect(400); + const { body } = await detectionsApi.updateRule({ body: updatedRule }).expect(400); expect(body.message).to.eql( '[request body]: investigation_fields: Expected object, received array' @@ -166,7 +166,7 @@ export default ({ getService }: FtrProviderContext) => { // rule_id of a rule with legacy investigation fields set const updatedRule = getSimpleRuleUpdate(ruleWithLegacyInvestigationField.params.ruleId); - const { body } = await securitySolutionApi.updateRule({ body: updatedRule }).expect(200); + const { body } = await detectionsApi.updateRule({ body: updatedRule }).expect(200); const bodyToCompare = removeServerGeneratedProperties(body); expect(bodyToCompare.investigation_fields).to.eql(undefined); @@ -187,7 +187,7 @@ export default ({ getService }: FtrProviderContext) => { }, }; - const { body } = await securitySolutionApi.updateRule({ body: updatedRule }).expect(200); + const { body } = await detectionsApi.updateRule({ body: updatedRule }).expect(200); const bodyToCompare = removeServerGeneratedProperties(body); expect(bodyToCompare.investigation_fields).to.eql({ diff --git a/x-pack/solutions/security/test/security_solution_api_integration/test_suites/detections_response/utils/rules/import_rules.ts b/x-pack/solutions/security/test/security_solution_api_integration/test_suites/detections_response/utils/rules/import_rules.ts index 2faea9f7a3160..0b37cb6631f15 100644 --- a/x-pack/solutions/security/test/security_solution_api_integration/test_suites/detections_response/utils/rules/import_rules.ts +++ b/x-pack/solutions/security/test/security_solution_api_integration/test_suites/detections_response/utils/rules/import_rules.ts @@ -24,10 +24,10 @@ export async function importRules({ overwrite, spaceId, }: ImportRulesParams): Promise { - const securitySolutionApi = getService('securitySolutionApi'); + const detectionsApi = getService('detectionsApi'); const buffer = Buffer.from(combineArrayToNdJson(rules)); - const { body: importResponse } = await securitySolutionApi + const { body: importResponse } = await detectionsApi .importRules({ query: { overwrite, overwrite_action_connectors: overwrite } }, spaceId) .attach('file', buffer, 'rules.ndjson') .expect('Content-Type', 'application/json; charset=utf-8') @@ -60,13 +60,13 @@ export async function assertImportedRule({ getService, expectedRule, }: AssertImportedRuleParams): Promise { - const securitySolutionApi = getService('securitySolutionApi'); + const detectionsApi = getService('detectionsApi'); const ruleId = expectedRule.rule_id; const expectedRuleSource = pick(expectedRule, ['immutable', 'rule_source']); const expectedRuleFields = omit(expectedRule, ['immutable', 'rule_source']); - const { body: rule } = await securitySolutionApi + const { body: rule } = await detectionsApi .readRule({ query: { rule_id: ruleId }, }) diff --git a/x-pack/solutions/security/test/security_solution_api_integration/test_suites/entity_analytics/entity_store/trial_license_complete_tier/entities_list.ts b/x-pack/solutions/security/test/security_solution_api_integration/test_suites/entity_analytics/entity_store/trial_license_complete_tier/entities_list.ts index 0c6e1d2352980..ec0cc9eff2d17 100644 --- a/x-pack/solutions/security/test/security_solution_api_integration/test_suites/entity_analytics/entity_store/trial_license_complete_tier/entities_list.ts +++ b/x-pack/solutions/security/test/security_solution_api_integration/test_suites/entity_analytics/entity_store/trial_license_complete_tier/entities_list.ts @@ -9,12 +9,12 @@ import expect from 'expect'; import { FtrProviderContext } from '../../../../ftr_provider_context'; export default ({ getService }: FtrProviderContext) => { - const securitySolutionApi = getService('securitySolutionApi'); + const entityAnalyticsApi = getService('entityAnalyticsApi'); describe('@ess @skipInServerlessMKI Entity store - Entities list API', () => { describe('when the entity store is disable', () => { it("should return response with success status when the index doesn't exist", async () => { - const { body } = await securitySolutionApi.listEntities({ + const { body } = await entityAnalyticsApi.listEntities({ query: { entity_types: ['host'] }, }); @@ -43,7 +43,7 @@ export default ({ getService }: FtrProviderContext) => { }); it('should return hosts from the entity store index', async () => { - const { body } = await securitySolutionApi.listEntities({ + const { body } = await entityAnalyticsApi.listEntities({ query: { entity_types: ['host'] }, }); @@ -52,7 +52,7 @@ export default ({ getService }: FtrProviderContext) => { }); it('should return users from the entity store index', async () => { - const { body } = await securitySolutionApi.listEntities({ + const { body } = await entityAnalyticsApi.listEntities({ query: { entity_types: ['user'] }, }); @@ -61,7 +61,7 @@ export default ({ getService }: FtrProviderContext) => { }); it('should return services from the entity store index', async () => { - const { body } = await securitySolutionApi.listEntities({ + const { body } = await entityAnalyticsApi.listEntities({ query: { entity_types: ['service'] }, }); @@ -70,7 +70,7 @@ export default ({ getService }: FtrProviderContext) => { }); it('should return two entity types from the entity store index', async () => { - const { body } = await securitySolutionApi.listEntities({ + const { body } = await entityAnalyticsApi.listEntities({ query: { entity_types: ['user', 'host'] }, }); diff --git a/x-pack/solutions/security/test/security_solution_api_integration/test_suites/entity_analytics/entity_store/trial_license_complete_tier/entity_store.ts b/x-pack/solutions/security/test/security_solution_api_integration/test_suites/entity_analytics/entity_store/trial_license_complete_tier/entity_store.ts index 148e8a342eb34..ba7cfeb724152 100644 --- a/x-pack/solutions/security/test/security_solution_api_integration/test_suites/entity_analytics/entity_store/trial_license_complete_tier/entity_store.ts +++ b/x-pack/solutions/security/test/security_solution_api_integration/test_suites/entity_analytics/entity_store/trial_license_complete_tier/entity_store.ts @@ -12,7 +12,7 @@ import { FtrProviderContext } from '../../../../ftr_provider_context'; import { EntityStoreUtils } from '../../utils'; import { dataViewRouteHelpersFactory } from '../../utils/data_view'; export default ({ getService }: FtrProviderContext) => { - const api = getService('securitySolutionApi'); + const entityAnalyticsApi = getService('entityAnalyticsApi'); const supertest = getService('supertest'); const kibanaServer = getService('kibanaServer'); @@ -61,7 +61,7 @@ export default ({ getService }: FtrProviderContext) => { it('should return "error" when the security data view does not exist', async () => { await dataView.delete('security-solution'); - const { body, status } = await api.initEntityEngine( + const { body, status } = await entityAnalyticsApi.initEntityEngine( { params: { entityType: 'host' }, body: {}, @@ -99,7 +99,7 @@ export default ({ getService }: FtrProviderContext) => { describe('get', () => { it('should return the host entity engine', async () => { - const getResponse = await api + const getResponse = await entityAnalyticsApi .getEntityEngine({ params: { entityType: 'host' }, }) @@ -113,7 +113,7 @@ export default ({ getService }: FtrProviderContext) => { }); it('should return the user entity engine', async () => { - const getResponse = await api + const getResponse = await entityAnalyticsApi .getEntityEngine({ params: { entityType: 'user' }, }) @@ -129,7 +129,7 @@ export default ({ getService }: FtrProviderContext) => { describe('list', () => { it('should return the list of entity engines', async () => { - const { body } = await api.listEntityEngines().expect(200); + const { body } = await entityAnalyticsApi.listEntityEngines().expect(200); // @ts-expect-error body is any const sortedEngines = body.engines.sort((a, b) => a.type.localeCompare(b.type)); @@ -160,13 +160,13 @@ export default ({ getService }: FtrProviderContext) => { }); it('should stop the entity engine', async () => { - await api + await entityAnalyticsApi .stopEntityEngine({ params: { entityType: 'host' }, }) .expect(200); - const { body } = await api + const { body } = await entityAnalyticsApi .getEntityEngine({ params: { entityType: 'host' }, }) @@ -176,13 +176,13 @@ export default ({ getService }: FtrProviderContext) => { }); it('should start the entity engine', async () => { - await api + await entityAnalyticsApi .startEntityEngine({ params: { entityType: 'host' }, }) .expect(200); - const { body } = await api + const { body } = await entityAnalyticsApi .getEntityEngine({ params: { entityType: 'host' }, }) @@ -196,7 +196,7 @@ export default ({ getService }: FtrProviderContext) => { it('should delete the host entity engine', async () => { await utils.initEntityEngineForEntityTypesAndWait(['host']); - await api + await entityAnalyticsApi .deleteEntityEngine({ params: { entityType: 'host' }, query: { data: true }, @@ -209,7 +209,7 @@ export default ({ getService }: FtrProviderContext) => { it('should delete the user entity engine', async () => { await utils.initEntityEngineForEntityTypesAndWait(['user']); - await api + await entityAnalyticsApi .deleteEntityEngine({ params: { entityType: 'user' }, query: { data: true }, @@ -226,7 +226,7 @@ export default ({ getService }: FtrProviderContext) => { }); it('should return "not_installed" when no engines have been initialized', async () => { - const { body } = await api.getEntityStoreStatus({ query: {} }).expect(200); + const { body } = await entityAnalyticsApi.getEntityStoreStatus({ query: {} }).expect(200); expect(body).toEqual({ engines: [], @@ -239,7 +239,7 @@ export default ({ getService }: FtrProviderContext) => { entityTypes: ['host', 'user'], }); - const { body } = await api.getEntityStoreStatus({ query: {} }).expect(200); + const { body } = await entityAnalyticsApi.getEntityStoreStatus({ query: {} }).expect(200); expect(body.status).toEqual('installing'); expect(body.engines.length).toEqual(2); @@ -256,7 +256,7 @@ export default ({ getService }: FtrProviderContext) => { it('should return "started" when all engines are started', async () => { await utils.initEntityEngineForEntityTypesAndWait(['host', 'user']); - const { body } = await api.getEntityStoreStatus({ query: {} }).expect(200); + const { body } = await entityAnalyticsApi.getEntityStoreStatus({ query: {} }).expect(200); expect(body.status).toEqual('running'); expect(body.engines.length).toEqual(2); @@ -266,7 +266,7 @@ export default ({ getService }: FtrProviderContext) => { describe('status with components', () => { it('should return empty list when when no engines have been initialized', async () => { - const { body } = await api + const { body } = await entityAnalyticsApi .getEntityStoreStatus({ query: { include_components: true } }) .expect(200); @@ -279,7 +279,7 @@ export default ({ getService }: FtrProviderContext) => { it('should return components status when engines are installed', async () => { await utils.initEntityEngineForEntityTypesAndWait(['host']); - const { body } = await api + const { body } = await entityAnalyticsApi .getEntityStoreStatus({ query: { include_components: true } }) .expect(200); @@ -320,14 +320,14 @@ export default ({ getService }: FtrProviderContext) => { }); it("should not update the index patten when it didn't change", async () => { - const response = await api.applyEntityEngineDataviewIndices(); + const response = await entityAnalyticsApi.applyEntityEngineDataviewIndices(); expect(response.body).toEqual({ success: true, result: [{ type: 'host', changes: {} }] }); }); it('should update the index pattern when the data view changes', async () => { await dataView.updateIndexPattern('security-solution', 'test-*'); - const response = await api.applyEntityEngineDataviewIndices(); + const response = await entityAnalyticsApi.applyEntityEngineDataviewIndices(); expect(response.body).toEqual({ success: true, diff --git a/x-pack/solutions/security/test/security_solution_api_integration/test_suites/entity_analytics/entity_store/trial_license_complete_tier/entity_store_nondefault_spaces.ts b/x-pack/solutions/security/test/security_solution_api_integration/test_suites/entity_analytics/entity_store/trial_license_complete_tier/entity_store_nondefault_spaces.ts index d9e2001286359..17b9000ac7517 100644 --- a/x-pack/solutions/security/test/security_solution_api_integration/test_suites/entity_analytics/entity_store/trial_license_complete_tier/entity_store_nondefault_spaces.ts +++ b/x-pack/solutions/security/test/security_solution_api_integration/test_suites/entity_analytics/entity_store/trial_license_complete_tier/entity_store_nondefault_spaces.ts @@ -14,7 +14,7 @@ import { EntityStoreUtils } from '../../utils'; import { dataViewRouteHelpersFactory } from '../../utils/data_view'; export default ({ getService }: FtrProviderContextWithSpaces) => { - const api = getService('securitySolutionApi'); + const entityAnalyticsApi = getService('entityAnalyticsApi'); const spaces = getService('spaces'); const namespace = uuidv4().substring(0, 8); const supertest = getService('supertest'); @@ -66,7 +66,7 @@ export default ({ getService }: FtrProviderContextWithSpaces) => { describe('get', () => { it('should return the host entity engine', async () => { - const getResponse = await api + const getResponse = await entityAnalyticsApi .getEntityEngine( { params: { entityType: 'host' }, @@ -83,7 +83,7 @@ export default ({ getService }: FtrProviderContextWithSpaces) => { }); it('should return the user entity engine', async () => { - const getResponse = await api + const getResponse = await entityAnalyticsApi .getEntityEngine( { params: { entityType: 'user' }, @@ -102,7 +102,7 @@ export default ({ getService }: FtrProviderContextWithSpaces) => { describe('list', () => { it('should return the list of entity engines', async () => { - const { body } = await api.listEntityEngines(namespace).expect(200); + const { body } = await entityAnalyticsApi.listEntityEngines(namespace).expect(200); // @ts-expect-error body is any const sortedEngines = body.engines.sort((a, b) => a.type.localeCompare(b.type)); @@ -133,7 +133,7 @@ export default ({ getService }: FtrProviderContextWithSpaces) => { }); it('should stop the entity engine', async () => { - await api + await entityAnalyticsApi .stopEntityEngine( { params: { entityType: 'host' }, @@ -142,7 +142,7 @@ export default ({ getService }: FtrProviderContextWithSpaces) => { ) .expect(200); - const { body } = await api + const { body } = await entityAnalyticsApi .getEntityEngine( { params: { entityType: 'host' }, @@ -155,7 +155,7 @@ export default ({ getService }: FtrProviderContextWithSpaces) => { }); it('should start the entity engine', async () => { - await api + await entityAnalyticsApi .startEntityEngine( { params: { entityType: 'host' }, @@ -164,7 +164,7 @@ export default ({ getService }: FtrProviderContextWithSpaces) => { ) .expect(200); - const { body } = await api + const { body } = await entityAnalyticsApi .getEntityEngine( { params: { entityType: 'host' }, @@ -181,7 +181,7 @@ export default ({ getService }: FtrProviderContextWithSpaces) => { it('should delete the host entity engine', async () => { await utils.initEntityEngineForEntityTypesAndWait(['host']); - await api + await entityAnalyticsApi .deleteEntityEngine( { params: { entityType: 'host' }, @@ -197,7 +197,7 @@ export default ({ getService }: FtrProviderContextWithSpaces) => { it('should delete the user entity engine', async () => { await utils.initEntityEngineForEntityTypesAndWait(['user']); - await api + await entityAnalyticsApi .deleteEntityEngine( { params: { entityType: 'user' }, diff --git a/x-pack/solutions/security/test/security_solution_api_integration/test_suites/entity_analytics/monitoring/trial_license_complete_tier/engine.ts b/x-pack/solutions/security/test/security_solution_api_integration/test_suites/entity_analytics/monitoring/trial_license_complete_tier/engine.ts index e05f5147d2d3a..a5a66f5d15a41 100644 --- a/x-pack/solutions/security/test/security_solution_api_integration/test_suites/entity_analytics/monitoring/trial_license_complete_tier/engine.ts +++ b/x-pack/solutions/security/test/security_solution_api_integration/test_suites/entity_analytics/monitoring/trial_license_complete_tier/engine.ts @@ -12,7 +12,7 @@ import { disablePrivmonSetting, enablePrivmonSetting } from '../../utils'; import { PrivMonUtils } from './privileged_users/utils'; export default ({ getService }: FtrProviderContext) => { - const api = getService('securitySolutionApi'); + const api = getService('entityAnalyticsApi'); const kibanaServer = getService('kibanaServer'); const privMonUtils = PrivMonUtils(getService); const log = getService('log'); diff --git a/x-pack/solutions/security/test/security_solution_api_integration/test_suites/entity_analytics/monitoring/trial_license_complete_tier/privileged_access_detection/pad_installation.ts b/x-pack/solutions/security/test/security_solution_api_integration/test_suites/entity_analytics/monitoring/trial_license_complete_tier/privileged_access_detection/pad_installation.ts index bc8794c850b99..d6d88f35c0bf0 100644 --- a/x-pack/solutions/security/test/security_solution_api_integration/test_suites/entity_analytics/monitoring/trial_license_complete_tier/privileged_access_detection/pad_installation.ts +++ b/x-pack/solutions/security/test/security_solution_api_integration/test_suites/entity_analytics/monitoring/trial_license_complete_tier/privileged_access_detection/pad_installation.ts @@ -11,7 +11,7 @@ import { dataViewRouteHelpersFactory } from '../../../utils/data_view'; import { enablePrivmonSetting } from '../../../utils'; export default ({ getService }: FtrProviderContext) => { - const api = getService('securitySolutionApi'); + const entityAnalyticsApi = getService('entityAnalyticsApi'); const supertest = getService('supertest'); const log = getService('log'); const kibanaServer = getService('kibanaServer'); @@ -108,7 +108,7 @@ export default ({ getService }: FtrProviderContext) => { describe('privileged access detection status and installation APIs', () => { it('should be able to successfully install the package', async () => { const statusResponseBeforeInstallation = - await api.getPrivilegedAccessDetectionPackageStatus(); + await entityAnalyticsApi.getPrivilegedAccessDetectionPackageStatus(); if (statusResponseBeforeInstallation.status !== 200) { log.error(`Retrieving status failed`); @@ -125,7 +125,8 @@ export default ({ getService }: FtrProviderContext) => { expect(packageInstallationStatusBeforeInstallation).eql('incomplete'); expect(mlModuleSetupStatusBeforeInstallation).eql('incomplete'); - const installationResponse = await api.installPrivilegedAccessDetectionPackage('default'); + const installationResponse = + await entityAnalyticsApi.installPrivilegedAccessDetectionPackage('default'); expect(installationResponse.status).eql(200); expect(installationResponse.body.message).eql( @@ -138,7 +139,7 @@ export default ({ getService }: FtrProviderContext) => { log.info('Privileged access detection installation was successful'); const statusResponseAfterInstallation = - await api.getPrivilegedAccessDetectionPackageStatus(); + await entityAnalyticsApi.getPrivilegedAccessDetectionPackageStatus(); if (statusResponseAfterInstallation.status !== 200) { log.error(`Retrieving status failed`); diff --git a/x-pack/solutions/security/test/security_solution_api_integration/test_suites/entity_analytics/monitoring/trial_license_complete_tier/privileged_users/api.ts b/x-pack/solutions/security/test/security_solution_api_integration/test_suites/entity_analytics/monitoring/trial_license_complete_tier/privileged_users/api.ts index 48a2289d35e61..a670496464b75 100644 --- a/x-pack/solutions/security/test/security_solution_api_integration/test_suites/entity_analytics/monitoring/trial_license_complete_tier/privileged_users/api.ts +++ b/x-pack/solutions/security/test/security_solution_api_integration/test_suites/entity_analytics/monitoring/trial_license_complete_tier/privileged_users/api.ts @@ -13,7 +13,7 @@ import { PrivMonUtils } from './utils'; import { enablePrivmonSetting, disablePrivmonSetting } from '../../../utils'; export default ({ getService }: FtrProviderContext) => { - const api = getService('securitySolutionApi'); + const entityAnalyticsApi = getService('entityAnalyticsApi'); const supertest = getService('supertest'); const es = getService('es'); const log = getService('log'); @@ -39,7 +39,7 @@ export default ({ getService }: FtrProviderContext) => { describe('CRUD API', () => { it('should create a user', async () => { log.info(`creating a user`); - const res = await api.createPrivMonUser({ + const res = await entityAnalyticsApi.createPrivMonUser({ body: { user: { name: 'test_user1' } }, }); @@ -55,7 +55,7 @@ export default ({ getService }: FtrProviderContext) => { it('should not create a user if the advanced setting is disabled', async () => { await disablePrivmonSetting(kibanaServer); log.info(`creating a user with advanced setting disabled`); - const res = await api.createPrivMonUser({ + const res = await entityAnalyticsApi.createPrivMonUser({ body: { user: { name: 'test_user2' } }, }); @@ -69,10 +69,10 @@ export default ({ getService }: FtrProviderContext) => { it('should update a user', async () => { log.info(`updating a user`); - const { body } = await api.createPrivMonUser({ + const { body } = await entityAnalyticsApi.createPrivMonUser({ body: { user: { name: 'test_user3' } }, }); - const res = await api.updatePrivMonUser({ + const res = await entityAnalyticsApi.updatePrivMonUser({ body: { user: { name: 'updated' } }, params: { id: body.id }, }); @@ -89,14 +89,16 @@ export default ({ getService }: FtrProviderContext) => { it('should list users', async () => { log.info(`listing users`); - const { body } = await api.createPrivMonUser({ + const { body } = await entityAnalyticsApi.createPrivMonUser({ body: { user: { name: 'test_user4' } }, }); // Ensure the data is indexed and available for searching, in case we ever remove `refresh: wait_for` when indexing await es.indices.refresh({ index: body._index }); - const res = await api.listPrivMonUsers({ query: { kql: `user.name: test*` } }); + const res = await entityAnalyticsApi.listPrivMonUsers({ + query: { kql: `user.name: test*` }, + }); if (res.status !== 200) { log.error(`Listing privmon users failed`); @@ -108,10 +110,10 @@ export default ({ getService }: FtrProviderContext) => { }); it('should delete a user', async () => { log.info(`deleting a user`); - const { body } = await api.createPrivMonUser({ + const { body } = await entityAnalyticsApi.createPrivMonUser({ body: { user: { name: 'test_user5' } }, }); - const res = await api.deletePrivMonUser({ params: { id: body.id } }); + const res = await entityAnalyticsApi.deletePrivMonUser({ params: { id: body.id } }); if (res.status !== 200) { log.error(`Deleting privmon user failed`); @@ -152,7 +154,7 @@ export default ({ getService }: FtrProviderContext) => { log.info('Verifying uploaded users'); - const listRes = await api.listPrivMonUsers({ + const listRes = await entityAnalyticsApi.listPrivMonUsers({ query: { kql: `user.name: csv_user_*` }, }); if (listRes.status !== 200) { @@ -169,7 +171,7 @@ export default ({ getService }: FtrProviderContext) => { it('should add "csv" source even if the user already has other sources', async () => { log.info(`Creating a user via CRUD API`); - await api.createPrivMonUser({ + await entityAnalyticsApi.createPrivMonUser({ body: { user: { name: 'api_user_1' } }, }); @@ -182,7 +184,7 @@ export default ({ getService }: FtrProviderContext) => { } log.info('Verifying uploaded users'); - const listRes = await api.listPrivMonUsers({ + const listRes = await entityAnalyticsApi.listPrivMonUsers({ query: { kql: `user.name: api_user_* or user.name: csv_user_*` }, }); if (listRes.status !== 200) { @@ -216,7 +218,7 @@ export default ({ getService }: FtrProviderContext) => { } log.info('Verifying soft deleted users'); - const listRes = await api.listPrivMonUsers({ + const listRes = await entityAnalyticsApi.listPrivMonUsers({ query: { kql: `user.name: csv_user_*` }, }); @@ -241,7 +243,7 @@ export default ({ getService }: FtrProviderContext) => { it('should not soft delete users which have other sources', async () => { log.info(`Creating a user via CRUD API`); - await api.createPrivMonUser({ + await entityAnalyticsApi.createPrivMonUser({ body: { user: { name: 'test_user_3' } }, }); @@ -262,7 +264,7 @@ export default ({ getService }: FtrProviderContext) => { } log.info('Verifying soft deleted users'); - const listRes = await api.listPrivMonUsers({ + const listRes = await entityAnalyticsApi.listPrivMonUsers({ query: { kql: `user.name: test_user_*` }, }); @@ -294,7 +296,7 @@ export default ({ getService }: FtrProviderContext) => { expect(res.status).eql(200); - const listRes = await api.listPrivMonUsers({ + const listRes = await entityAnalyticsApi.listPrivMonUsers({ query: { kql: `user.name: non_unique_user` }, }); if (listRes.status !== 200) { diff --git a/x-pack/solutions/security/test/security_solution_api_integration/test_suites/entity_analytics/monitoring/trial_license_complete_tier/privileged_users/utils.ts b/x-pack/solutions/security/test/security_solution_api_integration/test_suites/entity_analytics/monitoring/trial_license_complete_tier/privileged_users/utils.ts index 1c436eb81b411..a8b1ad89568f4 100644 --- a/x-pack/solutions/security/test/security_solution_api_integration/test_suites/entity_analytics/monitoring/trial_license_complete_tier/privileged_users/utils.ts +++ b/x-pack/solutions/security/test/security_solution_api_integration/test_suites/entity_analytics/monitoring/trial_license_complete_tier/privileged_users/utils.ts @@ -17,7 +17,7 @@ export const PrivMonUtils = ( getService: FtrProviderContext['getService'], namespace: string = 'default' ) => { - const api = getService('securitySolutionApi'); + const api = getService('entityAnalyticsApi'); const log = getService('log'); const supertest = getService('supertest'); const supertestWithoutAuth = getService('supertestWithoutAuth'); diff --git a/x-pack/solutions/security/test/security_solution_api_integration/test_suites/entity_analytics/monitoring/trial_license_complete_tier/search_indices.ts b/x-pack/solutions/security/test/security_solution_api_integration/test_suites/entity_analytics/monitoring/trial_license_complete_tier/search_indices.ts index e1f7a2e5011e9..d9d12b46c662a 100644 --- a/x-pack/solutions/security/test/security_solution_api_integration/test_suites/entity_analytics/monitoring/trial_license_complete_tier/search_indices.ts +++ b/x-pack/solutions/security/test/security_solution_api_integration/test_suites/entity_analytics/monitoring/trial_license_complete_tier/search_indices.ts @@ -12,7 +12,7 @@ import { FtrProviderContext } from '../../../../ftr_provider_context'; import { enablePrivmonSetting } from '../../utils'; export default ({ getService }: FtrProviderContext) => { - const api = getService('securitySolutionApi'); + const entityAnalyticsApi = getService('entityAnalyticsApi'); const es = getService('es'); const log = getService('log'); const kibanaServer = getService('kibanaServer'); @@ -42,7 +42,9 @@ export default ({ getService }: FtrProviderContext) => { describe('search_indices API', () => { it('should return an empty array if no indices match the search query', async () => { - const res = await api.searchPrivilegesIndices({ query: { searchQuery: 'test_1235678' } }); + const res = await entityAnalyticsApi.searchPrivilegesIndices({ + query: { searchQuery: 'test_1235678' }, + }); logWhenNot200(res); @@ -51,7 +53,9 @@ export default ({ getService }: FtrProviderContext) => { }); it('should return all indices when no searchQuery is given', async () => { - const res = await api.searchPrivilegesIndices({ query: { searchQuery: undefined } }); + const res = await entityAnalyticsApi.searchPrivilegesIndices({ + query: { searchQuery: undefined }, + }); logWhenNot200(res); @@ -60,7 +64,9 @@ export default ({ getService }: FtrProviderContext) => { }); it('should return index when searchQuery matches', async () => { - const res = await api.searchPrivilegesIndices({ query: { searchQuery: indexName } }); + const res = await entityAnalyticsApi.searchPrivilegesIndices({ + query: { searchQuery: indexName }, + }); logWhenNot200(res); diff --git a/x-pack/solutions/security/test/security_solution_api_integration/test_suites/entity_analytics/utils/entity_store.ts b/x-pack/solutions/security/test/security_solution_api_integration/test_suites/entity_analytics/utils/entity_store.ts index e133d9f20f3bd..7187010cf7d3c 100644 --- a/x-pack/solutions/security/test/security_solution_api_integration/test_suites/entity_analytics/utils/entity_store.ts +++ b/x-pack/solutions/security/test/security_solution_api_integration/test_suites/entity_analytics/utils/entity_store.ts @@ -15,7 +15,7 @@ export const EntityStoreUtils = ( getService: FtrProviderContext['getService'], namespace: string = 'default' ) => { - const api = getService('securitySolutionApi'); + const entityAnalyticsApi = getService('entityAnalyticsApi'); const es = getService('es'); const log = getService('log'); const retry = getService('retry'); @@ -35,7 +35,7 @@ export const EntityStoreUtils = ( log.debug(`EntityStoreUtils namespace: ${namespace}`); const cleanEngines = async () => { - const { body } = await api.listEntityEngines(namespace).expect(200); + const { body } = await entityAnalyticsApi.listEntityEngines(namespace).expect(200); // @ts-expect-error body is any const engineTypes = body.engines.map((engine) => engine.type); @@ -44,7 +44,10 @@ export const EntityStoreUtils = ( try { await Promise.all( engineTypes.map((entityType: 'user' | 'host') => - api.deleteEntityEngine({ params: { entityType }, query: { data: true } }, namespace) + entityAnalyticsApi.deleteEntityEngine( + { params: { entityType }, query: { data: true } }, + namespace + ) ) ); } catch (e) { @@ -56,7 +59,7 @@ export const EntityStoreUtils = ( log.info( `Initializing engine for entity type ${entityType} in namespace ${namespace || 'default'}` ); - const res = await api.initEntityEngine( + const res = await entityAnalyticsApi.initEntityEngine( { params: { entityType }, body: {}, @@ -79,7 +82,7 @@ export const EntityStoreUtils = ( `Engines to start for entity types: ${entityTypes.join(', ')}`, 60_000, async () => { - const { body } = await api.listEntityEngines(namespace).expect(200); + const { body } = await entityAnalyticsApi.listEntityEngines(namespace).expect(200); if (body.engines.every((engine: any) => engine.status === 'started')) { return true; } @@ -96,7 +99,7 @@ export const EntityStoreUtils = ( `Engine for entity type ${entityType} to be in status ${status}`, 60_000, async () => { - const { body } = await api + const { body } = await entityAnalyticsApi .getEntityEngine({ params: { entityType } }, namespace) .expect(200); log.debug(`Engine status for ${entityType}: ${body.status}`); @@ -112,7 +115,7 @@ export const EntityStoreUtils = ( }; const enableEntityStore = async (body: InitEntityStoreRequestBodyInput = {}) => { - const res = await api.initEntityStore({ body }, namespace); + const res = await entityAnalyticsApi.initEntityStore({ body }, namespace); if (res.status !== 200) { log.error(`Failed to enable entity store`); log.error(JSON.stringify(res.body)); diff --git a/x-pack/solutions/security/test/security_solution_api_integration/test_suites/siem_migrations/rules/trial_license_complete_tier/install.ts b/x-pack/solutions/security/test/security_solution_api_integration/test_suites/siem_migrations/rules/trial_license_complete_tier/install.ts index 12f81c1f6fb8f..027d85406a813 100644 --- a/x-pack/solutions/security/test/security_solution_api_integration/test_suites/siem_migrations/rules/trial_license_complete_tier/install.ts +++ b/x-pack/solutions/security/test/security_solution_api_integration/test_suites/siem_migrations/rules/trial_license_complete_tier/install.ts @@ -34,7 +34,7 @@ export default ({ getService }: FtrProviderContext) => { const es = getService('es'); const log = getService('log'); const supertest = getService('supertest'); - const securitySolutionApi = getService('securitySolutionApi'); + const detectionsApi = getService('detectionsApi'); const migrationRulesRoutes = ruleMigrationRouteHelpersFactory(supertest); describe('@ess @serverless @serverlessQA Install API', () => { @@ -75,9 +75,7 @@ export default ({ getService }: FtrProviderContext) => { expect(installedMigrationRules.length).toEqual(2); // fetch installed rules - const { body: rulesResponse } = await securitySolutionApi - .findRules({ query: {} }) - .expect(200); + const { body: rulesResponse } = await detectionsApi.findRules({ query: {} }).expect(200); const expectedRulesData = expect.arrayContaining( installedMigrationRules.map((migrationRule) => @@ -117,9 +115,7 @@ export default ({ getService }: FtrProviderContext) => { expect(installResponse.body).toEqual({ installed: 2 }); // fetch installed rules - const { body: rulesResponse } = await securitySolutionApi - .findRules({ query: {} }) - .expect(200); + const { body: rulesResponse } = await detectionsApi.findRules({ query: {} }).expect(200); const expectedInstalledRules = expect.arrayContaining([ expect.objectContaining(ruleAssetSavedObject['security-rule']), @@ -151,9 +147,7 @@ export default ({ getService }: FtrProviderContext) => { expect(installResponse.body).toEqual({ installed: 2 }); // fetch installed rules - const { body: rulesResponse } = await securitySolutionApi - .findRules({ query: {} }) - .expect(200); + const { body: rulesResponse } = await detectionsApi.findRules({ query: {} }).expect(200); expect(rulesResponse.data.length).toEqual(2); @@ -184,9 +178,7 @@ export default ({ getService }: FtrProviderContext) => { expect(installResponse.body).toEqual({ installed: 3 }); // fetch installed rules - const { body: rulesResponse } = await securitySolutionApi - .findRules({ query: {} }) - .expect(200); + const { body: rulesResponse } = await detectionsApi.findRules({ query: {} }).expect(200); expect(rulesResponse.data.length).toEqual(3); diff --git a/x-pack/solutions/security/test/security_solution_api_integration/tsconfig.json b/x-pack/solutions/security/test/security_solution_api_integration/tsconfig.json index b7a4dac28f54c..be33dc4258c89 100644 --- a/x-pack/solutions/security/test/security_solution_api_integration/tsconfig.json +++ b/x-pack/solutions/security/test/security_solution_api_integration/tsconfig.json @@ -2,16 +2,24 @@ "extends": "../../../../../tsconfig.base.json", "compilerOptions": { "outDir": "target/types", - "types": ["node", "jest", "@kbn/ambient-ftr-types"], + "types": [ + "node", + "jest", + "@kbn/ambient-ftr-types" + ], }, "include": [ "**/*", "../../../../../typings/**/*", "../../../../../src/platform/packages/shared/kbn-test/types/ftr_globals/**/*" ], - "exclude": ["target/**/*"], + "exclude": [ + "target/**/*" + ], "kbn_references": [ - { "path": "../security_solution_endpoint/tsconfig.json" }, + { + "path": "../security_solution_endpoint/tsconfig.json" + }, "@kbn/dev-utils", "@kbn/test", "@kbn/expect", @@ -54,5 +62,6 @@ "@kbn/test-suites-xpack-platform", "@kbn/response-ops-rule-params", "@kbn/securitysolution-exceptions-common", + "@kbn/security-solution-test-api-clients" ] } diff --git a/x-pack/solutions/security/test/serverless/functional/services/index.ts b/x-pack/solutions/security/test/serverless/functional/services/index.ts index cbaf5c13fd29e..c132928793947 100644 --- a/x-pack/solutions/security/test/serverless/functional/services/index.ts +++ b/x-pack/solutions/security/test/serverless/functional/services/index.ts @@ -7,14 +7,14 @@ import { services as svlPlatformServices } from '@kbn/test-suites-xpack-platform/serverless/functional/services'; import { services as platformServices } from '@kbn/test-suites-xpack-platform/functional/services'; +import { SecuritySolutionApiProvider as DetectionsApiProvider } from '@kbn/security-solution-test-api-clients/supertest/detections.gen'; import { SvlSecNavigationServiceProvider } from './svl_sec_navigation'; -import { SecuritySolutionApiProvider } from '../../../functional/services/security_solution_api.gen'; export const services = { ...svlPlatformServices, // Security Solution serverless FTR services svlSecNavigation: SvlSecNavigationServiceProvider, - securitySolutionApi: SecuritySolutionApiProvider, + detectionsApi: DetectionsApiProvider, ml: platformServices.ml, }; diff --git a/x-pack/solutions/security/test/serverless/functional/test_suites/ftr/discover/context_awareness/index.ts b/x-pack/solutions/security/test/serverless/functional/test_suites/ftr/discover/context_awareness/index.ts index 0e72f94a1eed1..0940b5ddc4277 100644 --- a/x-pack/solutions/security/test/serverless/functional/test_suites/ftr/discover/context_awareness/index.ts +++ b/x-pack/solutions/security/test/serverless/functional/test_suites/ftr/discover/context_awareness/index.ts @@ -15,7 +15,7 @@ export default function ({ getService, getPageObjects, loadTestFile }: FtrProvid const esArchiver = getService('esArchiver'); const kibanaServer = getService('kibanaServer'); const PageObjects = getPageObjects(['timePicker', 'svlCommonPage']); - const securitySolutionApi = getService('securitySolutionApi'); + const detectionsApi = getService('detectionsApi'); const from = '2017-06-10T14:00:00.000Z'; // next day to include alerts generated in the tests @@ -30,7 +30,7 @@ export default function ({ getService, getPageObjects, loadTestFile }: FtrProvid const testRunUuid = uuidv4(); const ruleName = `Test Rule - ${testRunUuid}`; - await securitySolutionApi.createRule({ + await detectionsApi.createRule({ body: { name: ruleName, description: 'test rule', diff --git a/x-pack/solutions/security/test/tsconfig.json b/x-pack/solutions/security/test/tsconfig.json index 812c184736f52..518bfbde60fff 100644 --- a/x-pack/solutions/security/test/tsconfig.json +++ b/x-pack/solutions/security/test/tsconfig.json @@ -27,6 +27,7 @@ "*/*/packages/**/*", ], "kbn_references": [ + "@kbn/security-solution-test-api-clients", "@kbn/test", "@kbn/expect", "@kbn/core-http-common", @@ -58,16 +59,8 @@ "@kbn/repo-info", "@kbn/es-archiver", "@kbn/task-manager-plugin", - "@kbn/openapi-common", - "@kbn/spaces-plugin", - "@kbn/securitysolution-exceptions-common", - "@kbn/securitysolution-endpoint-exceptions-common", - "@kbn/securitysolution-lists-common", - "@kbn/osquery-plugin", "@kbn/serverless-security-settings", "@kbn/rison", "@kbn/core-chrome-browser", - "@kbn/openapi-common", - "@kbn/spaces-plugin" ] } diff --git a/yarn.lock b/yarn.lock index 93319d804ea68..7dbcffc87072a 100644 --- a/yarn.lock +++ b/yarn.lock @@ -7361,6 +7361,10 @@ version "0.0.0" uid "" +"@kbn/security-solution-test-api-clients@link:x-pack/solutions/security/packages/test-api-clients": + version "0.0.0" + uid "" + "@kbn/security-solution-upselling@link:x-pack/solutions/security/packages/upselling": version "0.0.0" uid ""