[EDR Workflows] Export and import Endpoint artifacts

x-pack/solutions/security/packages/kbn-securitysolution-io-ts-list-types/src/response/import_exceptions_schema/index.ts

@@ -20,6 +20,8 @@ export const bulkErrorErrorSchema = t.exact(
   })
 );
 
+export type BulkErrorErrorSchema = t.TypeOf<typeof bulkErrorErrorSchema>;
+
 export const bulkErrorSchema = t.intersection([
   t.exact(
     t.type({

x-pack/solutions/security/plugins/lists/server/exception_item_import_error.ts

@@ -0,0 +1,19 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import type { BulkErrorErrorSchema } from '@kbn/securitysolution-io-ts-list-types';
+
+import { ListsErrorWithStatusCode } from '.';
+
+export class ExceptionItemImportError extends Error implements BulkErrorErrorSchema {
+  public readonly status_code: number;
+
+  constructor(error: Error, public readonly listId: string, public readonly itemId: string) {
+    super(error.message);
+    this.status_code = error instanceof ListsErrorWithStatusCode ? error.getStatusCode() : 400;
+  }
+}

x-pack/solutions/security/plugins/lists/server/services/exception_lists/exception_list_client.ts

@@ -1146,6 +1146,10 @@ export class ExceptionListClient {
     overwrite,
     generateNewListId,
   }: ImportExceptionListAndItemsOptions): Promise<ImportExceptionsResponseSchema> => {
+    console.log(
+      '🧀 exception_list_client.ts:1086 🥭 importExceptionListAndItems',
+      JSON.stringify({}, null, ' ')
+    );
     const { savedObjectsClient, user } = this;
 
     // validation of import and sorting of lists and items
@@ -1185,6 +1189,10 @@ export class ExceptionListClient {
     maxExceptionsImportSize,
     overwrite,
   }: ImportExceptionListAndItemsAsArrayOptions): Promise<ImportExceptionsResponseSchema> => {
+    console.log(
+      '🧀 exception_list_client.ts:1126 🥭 importExceptionListAndItemsAsArray',
+      JSON.stringify({}, null, ' ')
+    );
     const { savedObjectsClient, user } = this;
 
     // validation of import and sorting of lists and items

x-pack/solutions/security/plugins/lists/server/services/exception_lists/utils/import/dedupe_incoming_items.ts

@@ -6,11 +6,13 @@
  */
 
 import { v4 as uuidv4 } from 'uuid';
-import type {
-  BulkErrorSchema,
-  ImportExceptionListItemSchemaDecoded,
+import {
+  type BulkErrorSchema,
+  type ImportExceptionListItemSchemaDecoded,
 } from '@kbn/securitysolution-io-ts-list-types';
 
+import { ExceptionItemImportError } from '../../../../exception_item_import_error';
+
 /**
  * Reports on duplicates and returns unique array of items
  * @param items - exception items to be checked for duplicate list_ids
@@ -21,7 +23,14 @@ export const getTupleErrorsAndUniqueExceptionListItems = (
 ): [BulkErrorSchema[], ImportExceptionListItemSchemaDecoded[]] => {
   const { errors, itemsAcc } = items.reduce(
     (acc, parsedExceptionItem) => {
-      if (parsedExceptionItem instanceof Error) {
+      if (parsedExceptionItem instanceof ExceptionItemImportError) {
+        acc.errors.set(uuidv4(), {
+          error: parsedExceptionItem,
+
+          item_id: parsedExceptionItem.itemId,
+          list_id: parsedExceptionItem.listId,
+        });
+      } else if (parsedExceptionItem instanceof Error) {
         acc.errors.set(uuidv4(), {
           error: {
             message: `Error found importing exception list item: ${parsedExceptionItem.message}`,

x-pack/solutions/security/plugins/security_solution/common/endpoint/data_generators/exceptions_list_item_generator.ts

@@ -13,6 +13,7 @@ import {
   ListOperatorTypeEnum,
   type ListOperatorType,
 } from '@kbn/securitysolution-io-ts-list-types';
+import type { ENDPOINT_ARTIFACT_LIST_IDS } from '@kbn/securitysolution-list-constants';
 import { ENDPOINT_ARTIFACT_LISTS, ENDPOINT_LIST_ID } from '@kbn/securitysolution-list-constants';
 import { ConditionEntryField } from '@kbn/securitysolution-utils';
 import { LIST_ITEM_ENTRY_OPERATOR_TYPES } from './common/artifact_list_item_entry_values';
@@ -453,4 +454,32 @@ export class ExceptionsListItemGenerator extends BaseDataGenerator<ExceptionList
       ...overrides,
     };
   }
+
+  generateEndpointArtifact = (
+    listId: (typeof ENDPOINT_ARTIFACT_LIST_IDS)[number],
+    overrides: Partial<ExceptionListItemSchema> = {}
+  ) => {
+    switch (listId) {
+      case ENDPOINT_ARTIFACT_LISTS.endpointExceptions.id:
+        return this.generateEndpointException(overrides);
+
+      case ENDPOINT_ARTIFACT_LISTS.blocklists.id:
+        return this.generateBlocklist(overrides);
+
+      case ENDPOINT_ARTIFACT_LISTS.eventFilters.id:
+        return this.generateEventFilter(overrides);
+
+      case ENDPOINT_ARTIFACT_LISTS.hostIsolationExceptions.id:
+        return this.generateHostIsolationException(overrides);
+
+      case ENDPOINT_ARTIFACT_LISTS.trustedApps.id:
+        return this.generateTrustedApp(overrides);
+
+      case ENDPOINT_ARTIFACT_LISTS.trustedDevices.id:
+        return this.generateTrustedDevice(overrides);
+
+      default:
+        throw new Error(`Unknown listId: ${listId}. Unable to generate exception list item.`);
+    }
+  };
 }

x-pack/solutions/security/plugins/security_solution/public/management/components/artifact_list_page/artifact_list_page.tsx

@@ -8,10 +8,13 @@
 import React, { memo, useCallback, useMemo, useState, useEffect } from 'react';
 
 import type { ExceptionListItemSchema } from '@kbn/securitysolution-io-ts-list-types';
-import { EuiButton, EuiSpacer, EuiText } from '@elastic/eui';
+import { EuiButton, EuiFlexGroup, EuiSpacer, EuiText } from '@elastic/eui';
 import type { EuiFlyoutSize } from '@elastic/eui/src/components/flyout/flyout';
 import { useLocation } from 'react-router-dom';
 import { useIsMounted } from '@kbn/securitysolution-hook-utils';
+import { HeaderMenu } from '@kbn/securitysolution-exception-list-components';
+import { useApi } from '@kbn/securitysolution-list-hooks';
+import { AutoDownload } from '../../../common/components/auto_download/auto_download';
 import type { ServerApiError } from '../../../common/types';
 import { AdministrationListPage } from '../administration_list_page';
 
@@ -41,10 +44,13 @@ import { useUrlParams } from '../../hooks/use_url_params';
 import type { ListPageRouteState, MaybeImmutable } from '../../../../common/endpoint/types';
 import { DEFAULT_EXCEPTION_LIST_ITEM_SEARCHABLE_FIELDS } from '../../../../common/endpoint/service/artifacts/constants';
 import { ArtifactDeleteModal } from './components/artifact_delete_modal';
-import { useToasts } from '../../../common/lib/kibana';
+import { useKibana, useToasts } from '../../../common/lib/kibana';
 import { useMemoizedRouteState } from '../../common/hooks';
 import { BackToExternalAppSecondaryButton } from '../back_to_external_app_secondary_button';
 import { BackToExternalAppButton } from '../back_to_external_app_button';
+import { useIsExperimentalFeatureEnabled } from '../../../common/hooks/use_experimental_features';
+import { ArtifactImportFlyout } from './components/artifact_import_flyout';
+import { useIsImportFlyoutOpened } from './hooks/use_is_import_flyout_opened';
 
 type ArtifactEntryCardType = typeof ArtifactEntryCard;
 
@@ -92,15 +98,24 @@ export const ArtifactListPage = memo<ArtifactListPageProps>(
     allowCardDeleteAction = true,
     CardDecorator,
   }) => {
+    const isEndpointExceptionsMovedUnderManagementFFEnabled = useIsExperimentalFeatureEnabled(
+      'endpointExceptionsMovedUnderManagement'
+    );
+    const { services } = useKibana();
+    const { http } = services;
     const { state: routeState } = useLocation<ListPageRouteState | undefined>();
     const getTestId = useTestIdGenerator(dataTestSubj);
     const toasts = useToasts();
     const isMounted = useIsMounted();
     const isFlyoutOpened = useIsFlyoutOpened(allowCardEditAction, allowCardCreateAction);
+    const isImportFlyoutOpened =
+      useIsImportFlyoutOpened(allowCardCreateAction) &&
+      isEndpointExceptionsMovedUnderManagementFFEnabled;
     const setUrlParams = useSetUrlParams();
     const {
       urlParams: { filter, includedPolicies },
     } = useUrlParams<ArtifactListPageUrlParams>();
+    const { exportExceptionList } = useApi(http);
 
     const {
       isPageInitializing,
@@ -130,6 +145,8 @@ export const ArtifactListPage = memo<ArtifactListPageProps>(
       undefined | ExceptionListItemSchema
     >(undefined);
 
+    const [exportedData, setExportedData] = useState<Blob>();
+
     const labels = useMemo<typeof artifactListPageLabels>(() => {
       return {
         ...artifactListPageLabels,
@@ -237,6 +254,42 @@ export const ArtifactListPage = memo<ArtifactListPageProps>(
       setSelectedItemForEdit(undefined);
     }, []);
 
+    const handleExport = useCallback(
+      () =>
+        exportExceptionList({
+          id: apiClient.listId,
+          listId: apiClient.listId,
+          includeExpiredExceptions: true,
+          namespaceType: 'agnostic',
+
+          onError: (exportError: Error) =>
+            toasts?.addError(exportError, { title: labels.pageExportErrorToastTitle }),
+
+          onSuccess: (blob) => {
+            setExportedData(blob);
+            toasts?.addSuccess(labels.pageExportSuccessToastTitle);
+          },
+        }),
+      [
+        exportExceptionList,
+        apiClient.listId,
+        toasts,
+        labels.pageExportErrorToastTitle,
+        labels.pageExportSuccessToastTitle,
+      ]
+    );
+
+    const handleOnDownload = useCallback(() => setExportedData(undefined), []);
+
+    const handleImport = useCallback(() => setUrlParams({ show: 'import' }), [setUrlParams]);
+
+    const closeImportFlyout = useCallback(() => setUrlParams({ show: undefined }), [setUrlParams]);
+
+    const handleImportFlyoutOnSuccess = useCallback(() => {
+      closeImportFlyout();
+      refetchListData();
+    }, [closeImportFlyout, refetchListData]);
+
     const description = useMemo(() => {
       const subtitleText = labels.pageAboutInfo ? (
         <span data-test-subj="header-panel-subtitle">{labels.pageAboutInfo}</span>
@@ -266,20 +319,51 @@ export const ArtifactListPage = memo<ArtifactListPageProps>(
         title={labels.pageTitle}
         subtitle={description}
         actions={
-          allowCardCreateAction && (
-            <EuiButton
-              fill
-              iconType="plusInCircle"
-              isDisabled={isFlyoutOpened}
-              onClick={handleOpenCreateFlyoutClick}
-              data-test-subj={getTestId('pageAddButton')}
-            >
-              {labels.pageAddButtonTitle}
-            </EuiButton>
-          )
+          <EuiFlexGroup alignItems="center">
+            {allowCardCreateAction && (
+              <EuiButton
+                fill
+                iconType="plusInCircle"
+                isDisabled={isFlyoutOpened}
+                onClick={handleOpenCreateFlyoutClick}
+                data-test-subj={getTestId('pageAddButton')}
+              >
+                {labels.pageAddButtonTitle}
+              </EuiButton>
+            )}
+
+            {isEndpointExceptionsMovedUnderManagementFFEnabled && (
+              <HeaderMenu
+                iconType="boxesHorizontal"
+                dataTestSubj={getTestId('exportImportMenu')}
+                actions={[
+                  {
+                    key: 'ImportButton',
+                    icon: 'importAction',
+                    label: labels.pageImportButtonTitle,
+                    onClick: handleImport,
+                    disabled: !allowCardCreateAction,
+                  },
+                  {
+                    key: 'ExportButton',
+                    icon: 'exportAction',
+                    label: labels.pageExportButtonTitle,
+                    onClick: handleExport,
+                  },
+                ]}
+                disableActions={isLoading}
+              />
+            )}
+          </EuiFlexGroup>
         }
         data-test-subj={getTestId('container')}
       >
+        <AutoDownload
+          blob={exportedData}
+          name={`${apiClient.listId}.ndjson`}
+          onDownload={handleOnDownload}
+        />
+
         {isFlyoutOpened && (
           <ArtifactFlyout
             apiClient={apiClient}
@@ -294,6 +378,15 @@ export const ArtifactListPage = memo<ArtifactListPageProps>(
           />
         )}
 
+        {isImportFlyoutOpened && (
+          <ArtifactImportFlyout
+            onCancel={closeImportFlyout}
+            onSuccess={handleImportFlyoutOnSuccess}
+            apiClient={apiClient}
+            labels={labels}
+          />
+        )}
+
         {selectedItemForDelete && (
           <ArtifactDeleteModal
             apiClient={apiClient}
@@ -308,10 +401,12 @@ export const ArtifactListPage = memo<ArtifactListPageProps>(
         {!doesDataExist ? (
           <NoDataEmptyState
             onAdd={handleOpenCreateFlyoutClick}
+            onImport={handleImport}
             titleNoEntriesLabel={labels.emptyStateTitleNoEntries}
             titleLabel={labels.emptyStateTitle}
             aboutInfo={labels.emptyStateInfo}
             primaryButtonLabel={labels.emptyStatePrimaryButtonLabel}
+            importButtonLabel={labels.emptyStateImportButtonLabel}
             backComponent={backButtonEmptyComponent}
             data-test-subj={getTestId('emptyState')}
             secondaryAboutInfo={secondaryPageInfo}