From a6ec8a815cd66b97eb6ba3109ed68c9bfb8826ae Mon Sep 17 00:00:00 2001 From: Angela Chuang Date: Mon, 6 Jan 2020 01:32:33 +0000 Subject: [PATCH 01/25] generic histogram container --- .../public/components/alerts_viewer/index.tsx | 50 ++-- .../components/alerts_viewer/translations.ts | 21 ++ .../public/components/alerts_viewer/types.ts | 3 + .../components/anomalies_over_time/index.tsx | 30 --- .../anomalies_over_time/translation.ts | 24 -- .../public/components/charts/barchart.tsx | 5 +- .../siem/public/components/charts/common.tsx | 3 + .../components/matrix_histogram/index.tsx | 224 +++++++++++------ .../components/matrix_histogram/types.ts | 125 +++++++++- .../components/matrix_histogram/utils.ts | 159 +++++++++++- .../page/hosts/alerts_over_time/index.tsx | 30 --- .../hosts/alerts_over_time/translation.ts | 24 -- .../hosts/authentications_over_time/index.tsx | 30 --- .../authentications_over_time/translation.ts | 20 -- .../hosts/authentications_over_time/utils.ts | 31 --- .../page/hosts/events_over_time/index.tsx | 30 --- .../hosts/events_over_time/translation.ts | 24 -- .../page/network/dns_histogram/index.tsx | 32 --- .../page/network/dns_histogram/translation.ts | 11 - .../alerts_over_time.gql_query.ts | 37 --- .../alerts/alerts_over_time/index.tsx | 113 --------- .../anomalies_over_time.gql_query.ts | 37 --- .../anomalies/anomalies_over_time/index.tsx | 86 ------- .../anomalies/anomalies_over_time/types.ts | 32 --- .../anomalies_query_tab_body/index.tsx | 60 ++--- .../authentications_over_time.gql_query.ts | 37 --- .../authentications_over_time/index.tsx | 118 --------- .../events_over_time.gql_query.ts | 37 --- .../events/events_over_time/index.tsx | 113 --------- .../plugins/siem/public/containers/helpers.ts | 32 +++ .../containers/matrix_histogram/index.tsx | 62 +++++ .../containers/network_dns/index.gql_query.ts | 7 +- .../public/containers/network_dns/index.tsx | 16 +- .../siem/public/graphql/introspection.json | 14 +- .../plugins/siem/public/graphql/types.ts | 229 +----------------- .../authentications_query_tab_body.tsx | 159 +++++++----- .../navigation/events_query_tab_body.tsx | 47 ++-- .../network/navigation/dns_query_tab_body.tsx | 135 ++++++----- .../siem/server/graphql/alerts/schema.gql.ts | 2 +- .../server/graphql/anomalies/resolvers.ts | 6 +- .../server/graphql/anomalies/schema.gql.ts | 4 +- .../graphql/authentications/resolvers.ts | 6 +- .../graphql/authentications/schema.gql.ts | 4 +- .../siem/server/graphql/events/resolvers.ts | 6 +- .../siem/server/graphql/events/schema.gql.ts | 4 +- .../plugins/siem/server/graphql/types.ts | 62 ++--- .../lib/alerts/elasticsearch_adapter.ts | 6 +- .../lib/alerts/elasticseatch_adapter.test.ts | 2 +- .../lib/anomalies/elasticsearch_adapter.ts | 4 +- .../authentications/elasticsearch_adapter.ts | 4 +- .../lib/events/elasticsearch_adapter.ts | 38 +-- .../lib/network/elasticsearch_adapter.ts | 56 ++--- 52 files changed, 927 insertions(+), 1524 deletions(-) delete mode 100644 x-pack/legacy/plugins/siem/public/components/anomalies_over_time/index.tsx delete mode 100644 x-pack/legacy/plugins/siem/public/components/anomalies_over_time/translation.ts delete mode 100644 x-pack/legacy/plugins/siem/public/components/page/hosts/alerts_over_time/index.tsx delete mode 100644 x-pack/legacy/plugins/siem/public/components/page/hosts/alerts_over_time/translation.ts delete mode 100644 x-pack/legacy/plugins/siem/public/components/page/hosts/authentications_over_time/index.tsx delete mode 100644 x-pack/legacy/plugins/siem/public/components/page/hosts/authentications_over_time/translation.ts delete mode 100644 x-pack/legacy/plugins/siem/public/components/page/hosts/authentications_over_time/utils.ts delete mode 100644 x-pack/legacy/plugins/siem/public/components/page/hosts/events_over_time/index.tsx delete mode 100644 x-pack/legacy/plugins/siem/public/components/page/hosts/events_over_time/translation.ts delete mode 100644 x-pack/legacy/plugins/siem/public/components/page/network/dns_histogram/index.tsx delete mode 100644 x-pack/legacy/plugins/siem/public/components/page/network/dns_histogram/translation.ts delete mode 100644 x-pack/legacy/plugins/siem/public/containers/alerts/alerts_over_time/alerts_over_time.gql_query.ts delete mode 100644 x-pack/legacy/plugins/siem/public/containers/alerts/alerts_over_time/index.tsx delete mode 100644 x-pack/legacy/plugins/siem/public/containers/anomalies/anomalies_over_time/anomalies_over_time.gql_query.ts delete mode 100644 x-pack/legacy/plugins/siem/public/containers/anomalies/anomalies_over_time/index.tsx delete mode 100644 x-pack/legacy/plugins/siem/public/containers/anomalies/anomalies_over_time/types.ts delete mode 100644 x-pack/legacy/plugins/siem/public/containers/authentications/authentications_over_time/authentications_over_time.gql_query.ts delete mode 100644 x-pack/legacy/plugins/siem/public/containers/authentications/authentications_over_time/index.tsx delete mode 100644 x-pack/legacy/plugins/siem/public/containers/events/events_over_time/events_over_time.gql_query.ts delete mode 100644 x-pack/legacy/plugins/siem/public/containers/events/events_over_time/index.tsx create mode 100644 x-pack/legacy/plugins/siem/public/containers/matrix_histogram/index.tsx diff --git a/x-pack/legacy/plugins/siem/public/components/alerts_viewer/index.tsx b/x-pack/legacy/plugins/siem/public/components/alerts_viewer/index.tsx index c8f1bb2278917..d268a8d19e98d 100644 --- a/x-pack/legacy/plugins/siem/public/components/alerts_viewer/index.tsx +++ b/x-pack/legacy/plugins/siem/public/components/alerts_viewer/index.tsx @@ -8,14 +8,26 @@ import { noop } from 'lodash/fp'; import React from 'react'; import { EuiSpacer } from '@elastic/eui'; -import { manageQuery } from '../page/manage_query'; -import { AlertsOverTimeHistogram } from '../page/hosts/alerts_over_time'; +import gql from 'graphql-tag'; import { AlertsComponentsQueryProps } from './types'; -import { AlertsOverTimeQuery } from '../../containers/alerts/alerts_over_time'; import { hostsModel } from '../../store/model'; import { AlertsTable } from './alerts_table'; +import * as i18n from './translations'; +import { SignalsHistogramOption } from '../matrix_histogram/types'; +import { getMatrixHistogramQuery } from '../../containers/helpers'; +import { MatrixHistogramContainer } from '../../containers/matrix_histogram'; -const AlertsOverTimeManage = manageQuery(AlertsOverTimeHistogram); +const ID = 'alertsOverTimeQuery'; +const alertsStackByOptions: SignalsHistogramOption[] = [ + { + text: i18n.ALERTS_STACK_BY_ACTIONS, + value: 'event.actions', + }, +]; +const dataKey = 'Alerts'; +const AlertsOverTimeGqlQuery = gql` + ${getMatrixHistogramQuery('Alerts')} +`; export const AlertsView = ({ defaultFilters, deleteQuery, @@ -29,28 +41,22 @@ export const AlertsView = ({ updateDateRange = noop, }: AlertsComponentsQueryProps) => ( <> - - {({ alertsOverTime, loading, id, inspect, refetch, totalCount }) => ( - - )} - + /> diff --git a/x-pack/legacy/plugins/siem/public/components/alerts_viewer/translations.ts b/x-pack/legacy/plugins/siem/public/components/alerts_viewer/translations.ts index 987665c9413e3..1580f87c404e4 100644 --- a/x-pack/legacy/plugins/siem/public/components/alerts_viewer/translations.ts +++ b/x-pack/legacy/plugins/siem/public/components/alerts_viewer/translations.ts @@ -17,3 +17,24 @@ export const TOTAL_COUNT_OF_ALERTS = i18n.translate('xpack.siem.hosts.totalCount export const ALERTS_TABLE_TITLE = i18n.translate('xpack.siem.hosts.alertsDocumentType', { defaultMessage: 'Alerts', }); + +export const ALERTS_STACK_BY_ACTIONS = i18n.translate( + 'xpack.siem.histogram.alertsStackByOptions.eventActions', + { + defaultMessage: 'actions', + } +); + +export const ALERTS_BY = i18n.translate('xpack.siem.histogram.alertsCountFrequencyByModuleTitle', { + defaultMessage: 'by', +}); + +export const SHOWING = i18n.translate('xpack.siem.histogram.showing', { + defaultMessage: 'Showing', +}); + +export const UNIT = (totalCount: number) => + i18n.translate('xpack.siem.histogram.unit', { + values: { totalCount }, + defaultMessage: `{totalCount, plural, =1 {alert} other {alerts}}`, + }); diff --git a/x-pack/legacy/plugins/siem/public/components/alerts_viewer/types.ts b/x-pack/legacy/plugins/siem/public/components/alerts_viewer/types.ts index 8a17c1102e776..d11c52bff6681 100644 --- a/x-pack/legacy/plugins/siem/public/components/alerts_viewer/types.ts +++ b/x-pack/legacy/plugins/siem/public/components/alerts_viewer/types.ts @@ -7,6 +7,7 @@ import { esFilters } from '../../../../../../../src/plugins/data/common'; import { HostsComponentsQueryProps } from '../../pages/hosts/navigation/types'; import { NetworkComponentQueryProps } from '../../pages/network/navigation/types'; +import { SignalsHistogramOption } from '../matrix_histogram/types'; type CommonQueryProps = HostsComponentsQueryProps | NetworkComponentQueryProps; export interface AlertsComponentsQueryProps @@ -22,5 +23,7 @@ export interface AlertsComponentsQueryProps | 'updateDateRange' > { pageFilters: esFilters.Filter[]; + stackByOptions?: SignalsHistogramOption[]; defaultFilters?: esFilters.Filter[]; + defaultStackByOption?: SignalsHistogramOption; } diff --git a/x-pack/legacy/plugins/siem/public/components/anomalies_over_time/index.tsx b/x-pack/legacy/plugins/siem/public/components/anomalies_over_time/index.tsx deleted file mode 100644 index 2337f2cd7512a..0000000000000 --- a/x-pack/legacy/plugins/siem/public/components/anomalies_over_time/index.tsx +++ /dev/null @@ -1,30 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import React from 'react'; - -import { MatrixHistogramBasicProps } from '../matrix_histogram/types'; -import { MatrixOverTimeHistogramData } from '../../graphql/types'; -import { MatrixHistogram } from '../matrix_histogram'; -import * as i18n from './translation'; - -export const AnomaliesOverTimeHistogram = ( - props: MatrixHistogramBasicProps -) => { - const dataKey = 'anomaliesOverTime'; - const { totalCount } = props; - const subtitle = `${i18n.SHOWING}: ${totalCount.toLocaleString()} ${i18n.UNIT(totalCount)}`; - const { ...matrixOverTimeProps } = props; - - return ( - - ); -}; diff --git a/x-pack/legacy/plugins/siem/public/components/anomalies_over_time/translation.ts b/x-pack/legacy/plugins/siem/public/components/anomalies_over_time/translation.ts deleted file mode 100644 index f28a7176fd09d..0000000000000 --- a/x-pack/legacy/plugins/siem/public/components/anomalies_over_time/translation.ts +++ /dev/null @@ -1,24 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import { i18n } from '@kbn/i18n'; - -export const ANOMALIES_COUNT_FREQUENCY_BY_ACTION = i18n.translate( - 'xpack.siem.anomaliesOverTime.anomaliesCountFrequencyByJobTile', - { - defaultMessage: 'Anomalies count by job', - } -); - -export const SHOWING = i18n.translate('xpack.siem.anomaliesOverTime.showing', { - defaultMessage: 'Showing', -}); - -export const UNIT = (totalCount: number) => - i18n.translate('xpack.siem.anomaliesOverTime.unit', { - values: { totalCount }, - defaultMessage: `{totalCount, plural, =1 {anomaly} other {anomalies}}`, - }); diff --git a/x-pack/legacy/plugins/siem/public/components/charts/barchart.tsx b/x-pack/legacy/plugins/siem/public/components/charts/barchart.tsx index ee8b4eaf6b08c..b5d75fa372101 100644 --- a/x-pack/legacy/plugins/siem/public/components/charts/barchart.tsx +++ b/x-pack/legacy/plugins/siem/public/components/charts/barchart.tsx @@ -56,6 +56,7 @@ export const BarChartBaseComponent = ({ }) => { const theme = useTheme(); const timeZone = useBrowserTimeZone(); + const customSeriesColors = get('configs.customSeriesColors', chartConfigs); const xTickFormatter = get('configs.axis.xTickFormatter', chartConfigs); const yTickFormatter = get('configs.axis.yTickFormatter', chartConfigs); const tickSize = getOr(0, 'configs.axis.tickSize', chartConfigs); @@ -87,7 +88,9 @@ export const BarChartBaseComponent = ({ splitSeriesAccessors={['g']} data={series.value!} stackAccessors={get('configs.series.stackAccessors', chartConfigs)} - customSeriesColors={getSeriesStyle(barSeriesKey, series.color, seriesType)} + customSeriesColors={ + customSeriesColors ?? getSeriesStyle(barSeriesKey, series.color, seriesType) + } /> ) : null; })} diff --git a/x-pack/legacy/plugins/siem/public/components/charts/common.tsx b/x-pack/legacy/plugins/siem/public/components/charts/common.tsx index dfb201fc3d927..63184974559e3 100644 --- a/x-pack/legacy/plugins/siem/public/components/charts/common.tsx +++ b/x-pack/legacy/plugins/siem/public/components/charts/common.tsx @@ -17,6 +17,7 @@ import { ScaleType, SettingSpecProps, TickFormatter, + Position, } from '@elastic/charts'; import moment from 'moment-timezone'; import styled from 'styled-components'; @@ -39,6 +40,7 @@ export interface ChartData { export interface ChartSeriesConfigs { customHeight?: number; + customSeriesColors?: string[]; series?: { xScaleType?: ScaleType | undefined; yScaleType?: ScaleType | undefined; @@ -127,6 +129,7 @@ export const chartDefaultSettings = { showLegend: false, showLegendDisplayValue: false, debug: false, + legendPosition: Position.Bottom, }; export const useBrowserTimeZone = () => { diff --git a/x-pack/legacy/plugins/siem/public/components/matrix_histogram/index.tsx b/x-pack/legacy/plugins/siem/public/components/matrix_histogram/index.tsx index c29b5282e13af..bd623a0ba5275 100644 --- a/x-pack/legacy/plugins/siem/public/components/matrix_histogram/index.tsx +++ b/x-pack/legacy/plugins/siem/public/components/matrix_histogram/index.tsx @@ -4,12 +4,14 @@ * you may not use this file except in compliance with the Elastic License. */ -import React, { useState, useEffect, useCallback } from 'react'; +import React, { useState, useEffect, useCallback, useMemo } from 'react'; import { ScaleType } from '@elastic/charts'; import darkTheme from '@elastic/eui/dist/eui_theme_dark.json'; import lightTheme from '@elastic/eui/dist/eui_theme_light.json'; -import { EuiLoadingContent } from '@elastic/eui'; +import { EuiLoadingContent, EuiSelect } from '@elastic/eui'; +import { i18n } from '@kbn/i18n'; +import { ApolloConsumer } from 'react-apollo'; import { BarChart } from '../charts/barchart'; import { HeaderSection } from '../header_section'; import { ChartSeriesData } from '../charts/common'; @@ -17,79 +19,161 @@ import { DEFAULT_DARK_MODE } from '../../../common/constants'; import { useUiSetting$ } from '../../lib/kibana'; import { Loader } from '../loader'; import { Panel } from '../panel'; -import { getBarchartConfigs, getCustomChartData } from './utils'; -import { MatrixHistogramProps, MatrixHistogramDataTypes } from './types'; +import { getBarchartConfigs, getCustomChartData, useQuery } from './utils'; +import { + MatrixHistogramProps, + SignalsHistogramOption, + HistogramAggregation, + MatrixHistogramQueryProps, + MatrixHistogramDataTypes, +} from './types'; +import { generateTablePaginationOptions } from '../paginated_table/helpers'; -export const MatrixHistogram = ({ - data, - dataKey, - endDate, - id, - loading, - mapping, - scaleType = ScaleType.Time, - startDate, - subtitle, - title, - totalCount, - updateDateRange, - yTickFormatter, - showLegend, -}: MatrixHistogramProps) => { - const barchartConfigs = getBarchartConfigs({ - from: startDate, - to: endDate, - onBrushEnd: updateDateRange, - scaleType, - yTickFormatter, +export const MatrixHistogram = React.memo( + ({ + activePage, + dataKey, + defaultStackByOption, + endDate, + filterQuery, + hideHistogramIfEmpty = false, + id, + isPtrIncluded, + isInspected, + limit, + mapping, + query, + scaleType = ScaleType.Time, showLegend, - }); - const [showInspect, setShowInspect] = useState(false); - const [darkMode] = useUiSetting$(DEFAULT_DARK_MODE); - const [loadingInitial, setLoadingInitial] = useState(false); + stackByOptions, + startDate, + subtitle, + title, + updateDateRange, + yTickFormatter, + sort, + }: MatrixHistogramProps & MatrixHistogramQueryProps) => { + const barchartConfigs = getBarchartConfigs({ + from: startDate, + to: endDate, + onBrushEnd: updateDateRange, + scaleType, + yTickFormatter, + showLegend, + }); + const [showInspect, setShowInspect] = useState(false); + const [darkMode] = useUiSetting$(DEFAULT_DARK_MODE); + + const handleOnMouseEnter = useCallback(() => setShowInspect(true), []); + const handleOnMouseLeave = useCallback(() => setShowInspect(false), []); - const barChartData: ChartSeriesData[] = getCustomChartData(data, mapping); + const [selectedStackByOption, setSelectedStackByOption] = useState( + defaultStackByOption + ); + const [subtitleWithCounts, setSubtitle] = useState(subtitle); + const [loading, setLoading] = useState(false); + const [data, setData] = useState(null); + const [hideHistogram, setHideHistogram] = useState(hideHistogramIfEmpty); + const [totalCount, setTotalCount] = useState(-1); + const setSelectedChatOptionCallback = useCallback( + (event: React.ChangeEvent) => { + setSelectedStackByOption( + stackByOptions?.find(co => co.value === event.target.value) ?? defaultStackByOption + ); + }, + [] + ); - useEffect(() => { - if (totalCount >= 0 && loadingInitial) { - setLoadingInitial(false); - } - }, [loading, loadingInitial, totalCount]); + return ( + + {client => { + useQuery<{}, HistogramAggregation>({ + dataKey, + endDate, + query, + setLoading, + setData, + setTotalCount, + startDate, + sort, + isInspected, + isPtrIncluded, + isHistogram: true, + pagination: + activePage != null && limit != null + ? generateTablePaginationOptions(activePage, limit) + : undefined, + }); + useEffect(() => { + const formattedSubTitle = subtitle?.replace('{{totalCount}}', totalCount.toString()); + setSubtitle(formattedSubTitle); - const handleOnMouseEnter = useCallback(() => setShowInspect(true), []); - const handleOnMouseLeave = useCallback(() => setShowInspect(false), []); + if (totalCount <= 0) { + if (hideHistogramIfEmpty) setHideHistogram(true); + else setHideHistogram(false); + } else { + setHideHistogram(false); + } + }, [totalCount]); - return ( - - + const barChartData: ChartSeriesData[] = useMemo(() => getCustomChartData(data, mapping), [ + data, + ]); + return !hideHistogram ? ( + + = 0 ? subtitleWithCounts : null)} + > + {stackByOptions && ( + + )} + - {loadingInitial ? ( - - ) : ( - <> - + {loading ? ( + + ) : ( + <> + - {loading && ( - - )} - - )} - - ); -}; + {loading && ( + + )} + + )} + + ) : null; + }} + + ); + } +); diff --git a/x-pack/legacy/plugins/siem/public/components/matrix_histogram/types.ts b/x-pack/legacy/plugins/siem/public/components/matrix_histogram/types.ts index edcd8e3cb9d5c..4321d27063dab 100644 --- a/x-pack/legacy/plugins/siem/public/components/matrix_histogram/types.ts +++ b/x-pack/legacy/plugins/siem/public/components/matrix_histogram/types.ts @@ -5,28 +5,131 @@ */ import { ScaleType } from '@elastic/charts'; -import { MatrixOverTimeHistogramData, MatrixOverOrdinalHistogramData } from '../../graphql/types'; -import { AuthMatrixDataFields } from '../page/hosts/authentications_over_time/utils'; +import { SetStateAction } from 'react'; +import { Dispatch } from 'src/plugins/kibana_utils/public'; +import { DocumentNode } from 'graphql'; +import { + MatrixOverTimeHistogramData, + MatrixOverOrdinalHistogramData, + NetworkDnsSortField, + PaginationInputPaginated, + TimerangeInput, + Maybe, + Source, +} from '../../graphql/types'; import { UpdateDateRange } from '../charts/common'; +import { ESQuery } from '../../../common/typed_json'; export type MatrixHistogramDataTypes = MatrixOverTimeHistogramData | MatrixOverOrdinalHistogramData; -export type MatrixHistogramMappingTypes = AuthMatrixDataFields; -export interface MatrixHistogramBasicProps { - data: T[]; +export type MatrixHistogramMappingTypes = Record< + string, + { key: string; value: null; color: string } +>; +export interface SignalsHistogramOption { + text: string; + value: string; +} +export interface MatrixHistogramBasicProps { + defaultIndex: string[]; + defaultStackByOption: SignalsHistogramOption; endDate: number; + hideHistogramIfEmpty?: boolean; id: string; - loading: boolean; mapping?: MatrixHistogramMappingTypes; + sourceId: string; startDate: number; - totalCount: number; + stackByOptions: SignalsHistogramOption[]; + subtitle?: string; + title?: string; updateDateRange: UpdateDateRange; } -export interface MatrixHistogramProps extends MatrixHistogramBasicProps { - dataKey?: string; +export interface MatrixHistogramQueryProps { + activePage?: number; + dataKey: string; + endDate: number; + filterQuery?: ESQuery | string | undefined; + limit?: number; + query: DocumentNode; + sort: NetworkDnsSortField; + startDate: number; + isInspected: boolean; + isPtrIncluded: boolean; + isHistogram: boolean; + pagination?: PaginationInputPaginated; +} + +export interface MatrixHistogramQueryActionProps { + setLoading: Dispatch>; + setData: Dispatch>; + setTotalCount: Dispatch>; +} + +export interface MatrixHistogramProps extends MatrixHistogramBasicProps { scaleType?: ScaleType; - subtitle?: string; - title?: string; yTickFormatter?: (value: number) => string; showLegend?: boolean; } + +export interface MatrixHistogramQueryVariables { + sourceId: string; + timerange: TimerangeInput; + filterQuery?: Maybe; + defaultIndex: string[]; + inspect: boolean; + isHistogram: boolean; + sort?: SortField; + isPtrIncluded: boolean; + pagination?: PaginationInputPaginated; +} + +export interface MatrixHistogramQueryQuery { + source: Source; +} + +export interface HistogramBucket { + key_as_string: string; + key: number; + doc_count: number; +} +export interface GroupBucket { + key: string; + signals: { + buckets: HistogramBucket[]; + }; +} + +export interface HistogramAggregation { + histogramAgg: { + buckets: GroupBucket[]; + }; +} + +export interface SignalsResponse { + took: number; + timeout: boolean; +} + +export interface SignalSearchResponse + extends SignalsResponse { + _shards: { + total: number; + successful: number; + skipped: number; + failed: number; + }; + aggregations?: Aggregations; + hits: { + total: { + value: number; + relation: string; + }; + hits: Hit[]; + }; +} + +export type Return = [ + boolean, + SignalSearchResponse | null, + React.Dispatch> +]; diff --git a/x-pack/legacy/plugins/siem/public/components/matrix_histogram/utils.ts b/x-pack/legacy/plugins/siem/public/components/matrix_histogram/utils.ts index 1eb5e96b86857..bd24773b94b0c 100644 --- a/x-pack/legacy/plugins/siem/public/components/matrix_histogram/utils.ts +++ b/x-pack/legacy/plugins/siem/public/components/matrix_histogram/utils.ts @@ -3,12 +3,27 @@ * or more contributor license agreements. Licensed under the Elastic License; * you may not use this file except in compliance with the Elastic License. */ - import { ScaleType, niceTimeFormatter, Position } from '@elastic/charts'; -import { get, groupBy, map, toPairs } from 'lodash/fp'; +import { get, groupBy, map, toPairs, getOr } from 'lodash/fp'; import numeral from '@elastic/numeral'; +import { useEffect } from 'react'; +import { i18n } from '@kbn/i18n'; import { UpdateDateRange, ChartSeriesData } from '../charts/common'; -import { MatrixHistogramDataTypes, MatrixHistogramMappingTypes } from './types'; +import { + MatrixHistogramDataTypes, + MatrixHistogramMappingTypes, + MatrixHistogramQueryProps, + MatrixHistogramQueryActionProps, + MatrixHistogramQueryVariables, + MatrixHistogramQueryQuery, +} from './types'; +import { DEFAULT_INDEX_KEY } from '../../../common/constants'; +import { useStateToaster } from '../toasters'; +import { errorToToaster } from '../ml/api/error_to_toaster'; +import { useUiSetting$ } from '../../lib/kibana'; +import { createFilter } from '../../containers/helpers'; +import { useApolloClient } from '../../utils/apollo_context'; +import { NetworkDnsSortField } from '../../graphql/types'; export const getBarchartConfigs = ({ from, @@ -72,9 +87,10 @@ export const formatToChartDataItem = ([key, value]: [ }); export const getCustomChartData = ( - data: MatrixHistogramDataTypes[], + data: MatrixHistogramDataTypes[] | null, mapping?: MatrixHistogramMappingTypes ): ChartSeriesData[] => { + if (!data) return []; const dataGroupedByEvent = groupBy('g', data); const dataGroupedEntries = toPairs(dataGroupedByEvent); const formattedChartData = map(formatToChartDataItem, dataGroupedEntries); @@ -91,3 +107,138 @@ export const getCustomChartData = ( export const bytesFormatter = (value: number) => { return numeral(value).format('0,0.[0]b'); }; + +export const getSignalsHistogramQuery = (stackByField: string, from: number, to: number) => ({ + aggs: { + signalsByGrouping: { + terms: { + field: stackByField, + missing: i18n.translate( + 'xpack.siem.detectionEngine.signals.histogram.allOthersGroupingLabel', + { + defaultMessage: 'All others', + } + ), + order: { + _count: 'desc', + }, + size: 10, + }, + aggs: { + signals: { + date_histogram: { + field: '@timestamp', + fixed_interval: '30s', + }, + }, + }, + }, + }, + query: { + bool: { + filter: [ + { + range: { + '@timestamp': { + gte: from, + lte: to, + }, + }, + }, + ], + }, + }, +}); + +export const useQuery = ({ + dataKey, + endDate, + filterQuery, + query, + setLoading, + setData, + setTotalCount, + startDate, + sort, + isPtrIncluded, + isInspected, + isHistogram, + pagination, +}: MatrixHistogramQueryProps & MatrixHistogramQueryActionProps) => { + const [defaultIndex] = useUiSetting$(DEFAULT_INDEX_KEY); + const [, dispatchToaster] = useStateToaster(); + const apolloClient = useApolloClient(); + + useEffect(() => { + let isSubscribed = true; + const abortCtrl = new AbortController(); + const signal = abortCtrl.signal; + setLoading(true); + + async function fetchData(abortSignal: AbortSignal) { + if (!apolloClient) return null; + + return apolloClient + .query>({ + query, + fetchPolicy: 'cache-first', + variables: { + filterQuery: createFilter(filterQuery), + sourceId: 'default', + timerange: { + interval: '12h', + from: startDate!, + to: endDate!, + }, + defaultIndex, + inspect: isInspected, + isHistogram, + sort, + isPtrIncluded, + pagination, + }, + context: { + fetchOptions: { + abortSignal, + }, + }, + }) + .then( + result => { + if (isSubscribed) { + const isDataKeyAnArray = Array.isArray(dataKey); + const rootDataKey = isDataKeyAnArray ? dataKey[0] : `${dataKey}Histogram`; + const histogramDataKey = isDataKeyAnArray ? dataKey[1] : `${dataKey}OverTimeByModule`; + const source = getOr({}, `data.source.${rootDataKey}`, result); + setData(getOr([], histogramDataKey, source)); + setTotalCount(getOr(-1, 'totalCount', source)); + setLoading(false); + } + }, + (error: Error) => { + if (isSubscribed) { + setData(null); + setTotalCount(-1); + errorToToaster({ + title: i18n.translate( + 'xpack.siem.containers.detectionEngine.signals.errorFetchingSignalsDescription', + { + defaultMessage: 'Failed to query signals', + } + ), + error, + dispatchToaster, + }); + setLoading(false); + } + } + ); + } + + fetchData(signal); + return () => { + isSubscribed = false; + abortCtrl.abort(); + }; + }, [query]); +}; diff --git a/x-pack/legacy/plugins/siem/public/components/page/hosts/alerts_over_time/index.tsx b/x-pack/legacy/plugins/siem/public/components/page/hosts/alerts_over_time/index.tsx deleted file mode 100644 index 031e1cd767be8..0000000000000 --- a/x-pack/legacy/plugins/siem/public/components/page/hosts/alerts_over_time/index.tsx +++ /dev/null @@ -1,30 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import React from 'react'; - -import * as i18n from './translation'; -import { MatrixHistogram } from '../../../matrix_histogram'; -import { MatrixHistogramBasicProps } from '../../../matrix_histogram/types'; -import { MatrixOverTimeHistogramData } from '../../../../graphql/types'; - -export const AlertsOverTimeHistogram = ( - props: MatrixHistogramBasicProps -) => { - const dataKey = 'alertsOverTime'; - const { totalCount } = props; - const subtitle = `${i18n.SHOWING}: ${totalCount.toLocaleString()} ${i18n.UNIT(totalCount)}`; - const { ...matrixOverTimeProps } = props; - - return ( - - ); -}; diff --git a/x-pack/legacy/plugins/siem/public/components/page/hosts/alerts_over_time/translation.ts b/x-pack/legacy/plugins/siem/public/components/page/hosts/alerts_over_time/translation.ts deleted file mode 100644 index 380ca0cd3baaf..0000000000000 --- a/x-pack/legacy/plugins/siem/public/components/page/hosts/alerts_over_time/translation.ts +++ /dev/null @@ -1,24 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import { i18n } from '@kbn/i18n'; - -export const ALERTS_COUNT_FREQUENCY_BY_MODULE = i18n.translate( - 'xpack.siem.alertsOverTime.alertsCountFrequencyByModuleTitle', - { - defaultMessage: 'Alerts count by module', - } -); - -export const SHOWING = i18n.translate('xpack.siem.alertsOverTime.showing', { - defaultMessage: 'Showing', -}); - -export const UNIT = (totalCount: number) => - i18n.translate('xpack.siem.alertsOverTime.unit', { - values: { totalCount }, - defaultMessage: `{totalCount, plural, =1 {alert} other {alerts}}`, - }); diff --git a/x-pack/legacy/plugins/siem/public/components/page/hosts/authentications_over_time/index.tsx b/x-pack/legacy/plugins/siem/public/components/page/hosts/authentications_over_time/index.tsx deleted file mode 100644 index f9e63ee60da5b..0000000000000 --- a/x-pack/legacy/plugins/siem/public/components/page/hosts/authentications_over_time/index.tsx +++ /dev/null @@ -1,30 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import React from 'react'; - -import * as i18n from './translation'; -import { MatrixHistogram } from '../../../matrix_histogram'; -import { MatrixHistogramBasicProps } from '../../../matrix_histogram/types'; -import { MatrixOverTimeHistogramData } from '../../../../graphql/types'; -import { authMatrixDataMappingFields } from './utils'; - -export const AuthenticationsOverTimeHistogram = ( - props: MatrixHistogramBasicProps -) => { - const dataKey = 'authenticationsOverTime'; - const { data, ...matrixOverTimeProps } = props; - - return ( - - ); -}; diff --git a/x-pack/legacy/plugins/siem/public/components/page/hosts/authentications_over_time/translation.ts b/x-pack/legacy/plugins/siem/public/components/page/hosts/authentications_over_time/translation.ts deleted file mode 100644 index c9a21bd348caa..0000000000000 --- a/x-pack/legacy/plugins/siem/public/components/page/hosts/authentications_over_time/translation.ts +++ /dev/null @@ -1,20 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import { i18n } from '@kbn/i18n'; - -export const AUTHENTICATIONS_COUNT = i18n.translate( - 'xpack.siem.authenticationsOverTime.authenticationCountTitle', - { - defaultMessage: 'Authentications count', - } -); - -export const UNIT = (totalCount: number) => - i18n.translate('xpack.siem.authenticationsOverTime.unit', { - values: { totalCount }, - defaultMessage: `{totalCount, plural, =1 {authentication} other {authentications}}`, - }); diff --git a/x-pack/legacy/plugins/siem/public/components/page/hosts/authentications_over_time/utils.ts b/x-pack/legacy/plugins/siem/public/components/page/hosts/authentications_over_time/utils.ts deleted file mode 100644 index e0e2d21b40446..0000000000000 --- a/x-pack/legacy/plugins/siem/public/components/page/hosts/authentications_over_time/utils.ts +++ /dev/null @@ -1,31 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import { ChartSeriesData } from '../../../charts/common'; -import { KpiHostsChartColors } from '../kpi_hosts/types'; - -enum AuthMatrixDataGroup { - authSuccess = 'authentication_success', - authFailure = 'authentication_failure', -} - -export interface AuthMatrixDataFields { - [AuthMatrixDataGroup.authSuccess]: ChartSeriesData; - [AuthMatrixDataGroup.authFailure]: ChartSeriesData; -} - -export const authMatrixDataMappingFields: AuthMatrixDataFields = { - [AuthMatrixDataGroup.authSuccess]: { - key: AuthMatrixDataGroup.authSuccess, - value: null, - color: KpiHostsChartColors.authSuccess, - }, - [AuthMatrixDataGroup.authFailure]: { - key: AuthMatrixDataGroup.authFailure, - value: null, - color: KpiHostsChartColors.authFailure, - }, -}; diff --git a/x-pack/legacy/plugins/siem/public/components/page/hosts/events_over_time/index.tsx b/x-pack/legacy/plugins/siem/public/components/page/hosts/events_over_time/index.tsx deleted file mode 100644 index 8273ecffdf9b3..0000000000000 --- a/x-pack/legacy/plugins/siem/public/components/page/hosts/events_over_time/index.tsx +++ /dev/null @@ -1,30 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import React from 'react'; - -import * as i18n from './translation'; -import { MatrixHistogram } from '../../../matrix_histogram'; -import { MatrixHistogramBasicProps } from '../../../matrix_histogram/types'; -import { MatrixOverTimeHistogramData } from '../../../../graphql/types'; - -export const EventsOverTimeHistogram = ( - props: MatrixHistogramBasicProps -) => { - const dataKey = 'eventsOverTime'; - const { totalCount } = props; - const subtitle = `${i18n.SHOWING}: ${totalCount.toLocaleString()} ${i18n.UNIT(totalCount)}`; - const { ...matrixOverTimeProps } = props; - - return ( - - ); -}; diff --git a/x-pack/legacy/plugins/siem/public/components/page/hosts/events_over_time/translation.ts b/x-pack/legacy/plugins/siem/public/components/page/hosts/events_over_time/translation.ts deleted file mode 100644 index edc9f97193840..0000000000000 --- a/x-pack/legacy/plugins/siem/public/components/page/hosts/events_over_time/translation.ts +++ /dev/null @@ -1,24 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import { i18n } from '@kbn/i18n'; - -export const EVENT_COUNT_FREQUENCY_BY_ACTION = i18n.translate( - 'xpack.siem.eventsOverTime.eventCountFrequencyByActionTitle', - { - defaultMessage: 'Event count by action', - } -); - -export const SHOWING = i18n.translate('xpack.siem.eventsOverTime.showing', { - defaultMessage: 'Showing', -}); - -export const UNIT = (totalCount: number) => - i18n.translate('xpack.siem.eventsOverTime.unit', { - values: { totalCount }, - defaultMessage: `{totalCount, plural, =1 {event} other {events}}`, - }); diff --git a/x-pack/legacy/plugins/siem/public/components/page/network/dns_histogram/index.tsx b/x-pack/legacy/plugins/siem/public/components/page/network/dns_histogram/index.tsx deleted file mode 100644 index 490efd08f0aa7..0000000000000 --- a/x-pack/legacy/plugins/siem/public/components/page/network/dns_histogram/index.tsx +++ /dev/null @@ -1,32 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import React from 'react'; - -import { ScaleType } from '@elastic/charts'; -import * as i18n from './translation'; -import { MatrixHistogram } from '../../../matrix_histogram'; -import { bytesFormatter } from '../../../matrix_histogram/utils'; -import { MatrixOverOrdinalHistogramData } from '../../../../graphql/types'; -import { MatrixHistogramBasicProps } from '../../../matrix_histogram/types'; - -export const NetworkDnsHistogram = ( - props: MatrixHistogramBasicProps -) => { - const dataKey = 'histogram'; - const { ...matrixOverTimeProps } = props; - - return ( - - ); -}; diff --git a/x-pack/legacy/plugins/siem/public/components/page/network/dns_histogram/translation.ts b/x-pack/legacy/plugins/siem/public/components/page/network/dns_histogram/translation.ts deleted file mode 100644 index bb822651f10ce..0000000000000 --- a/x-pack/legacy/plugins/siem/public/components/page/network/dns_histogram/translation.ts +++ /dev/null @@ -1,11 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import { i18n } from '@kbn/i18n'; - -export const NETWORK_DNS_HISTOGRAM = i18n.translate('xpack.siem.DNS.histogramTitle', { - defaultMessage: 'Top DNS domains bytes count', -}); diff --git a/x-pack/legacy/plugins/siem/public/containers/alerts/alerts_over_time/alerts_over_time.gql_query.ts b/x-pack/legacy/plugins/siem/public/containers/alerts/alerts_over_time/alerts_over_time.gql_query.ts deleted file mode 100644 index 428cf25ea1b8e..0000000000000 --- a/x-pack/legacy/plugins/siem/public/containers/alerts/alerts_over_time/alerts_over_time.gql_query.ts +++ /dev/null @@ -1,37 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import gql from 'graphql-tag'; - -export const AlertsOverTimeGqlQuery = gql` - query GetAlertsOverTimeQuery( - $sourceId: ID! - $timerange: TimerangeInput! - $defaultIndex: [String!]! - $filterQuery: String - $inspect: Boolean! - ) { - source(id: $sourceId) { - id - AlertsHistogram( - timerange: $timerange - filterQuery: $filterQuery - defaultIndex: $defaultIndex - ) { - alertsOverTimeByModule { - x - y - g - } - totalCount - inspect @include(if: $inspect) { - dsl - response - } - } - } - } -`; diff --git a/x-pack/legacy/plugins/siem/public/containers/alerts/alerts_over_time/index.tsx b/x-pack/legacy/plugins/siem/public/containers/alerts/alerts_over_time/index.tsx deleted file mode 100644 index 9541e6d39d669..0000000000000 --- a/x-pack/legacy/plugins/siem/public/containers/alerts/alerts_over_time/index.tsx +++ /dev/null @@ -1,113 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import { getOr } from 'lodash/fp'; -import React from 'react'; -import { Query } from 'react-apollo'; -import { connect } from 'react-redux'; -import { compose } from 'redux'; - -import { DEFAULT_INDEX_KEY } from '../../../../common/constants'; -import { inputsModel, State, inputsSelectors, hostsModel } from '../../../store'; -import { withKibana, WithKibanaProps } from '../../../lib/kibana'; -import { createFilter, getDefaultFetchPolicy } from '../../helpers'; -import { QueryTemplate, QueryTemplateProps } from '../../query_template'; - -import { AlertsOverTimeGqlQuery } from './alerts_over_time.gql_query'; -import { MatrixOverTimeHistogramData, GetAlertsOverTimeQuery } from '../../../graphql/types'; - -const ID = 'alertsOverTimeQuery'; - -export interface AlertsArgs { - endDate: number; - alertsOverTime: MatrixOverTimeHistogramData[]; - id: string; - inspect: inputsModel.InspectQuery; - loading: boolean; - refetch: inputsModel.Refetch; - startDate: number; - totalCount: number; -} - -export interface OwnProps extends QueryTemplateProps { - children?: (args: AlertsArgs) => React.ReactNode; - type: hostsModel.HostsType; -} - -export interface AlertsOverTimeComponentReduxProps { - isInspected: boolean; -} - -type AlertsOverTimeProps = OwnProps & AlertsOverTimeComponentReduxProps & WithKibanaProps; - -class AlertsOverTimeComponentQuery extends QueryTemplate< - AlertsOverTimeProps, - GetAlertsOverTimeQuery.Query, - GetAlertsOverTimeQuery.Variables -> { - public render() { - const { - children, - endDate, - filterQuery, - id = ID, - isInspected, - kibana, - sourceId, - startDate, - } = this.props; - return ( - - query={AlertsOverTimeGqlQuery} - fetchPolicy={getDefaultFetchPolicy()} - notifyOnNetworkStatusChange - variables={{ - filterQuery: createFilter(filterQuery), - sourceId, - timerange: { - interval: '12h', - from: startDate!, - to: endDate!, - }, - defaultIndex: kibana.services.uiSettings.get(DEFAULT_INDEX_KEY), - inspect: isInspected, - }} - > - {({ data, loading, refetch }) => { - const source = getOr({}, `source.AlertsHistogram`, data); - const alertsOverTime = getOr([], `alertsOverTimeByModule`, source); - const totalCount = getOr(-1, 'totalCount', source); - return children!({ - endDate: endDate!, - alertsOverTime, - id, - inspect: getOr(null, 'inspect', source), - loading, - refetch, - startDate: startDate!, - totalCount, - }); - }} - - ); - } -} - -const makeMapStateToProps = () => { - const getQuery = inputsSelectors.globalQueryByIdSelector(); - const mapStateToProps = (state: State, { type, id = ID }: OwnProps) => { - const { isInspected } = getQuery(state, id); - return { - isInspected, - }; - }; - return mapStateToProps; -}; - -export const AlertsOverTimeQuery = compose>( - connect(makeMapStateToProps), - withKibana -)(AlertsOverTimeComponentQuery); diff --git a/x-pack/legacy/plugins/siem/public/containers/anomalies/anomalies_over_time/anomalies_over_time.gql_query.ts b/x-pack/legacy/plugins/siem/public/containers/anomalies/anomalies_over_time/anomalies_over_time.gql_query.ts deleted file mode 100644 index 498cdaec131e8..0000000000000 --- a/x-pack/legacy/plugins/siem/public/containers/anomalies/anomalies_over_time/anomalies_over_time.gql_query.ts +++ /dev/null @@ -1,37 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import gql from 'graphql-tag'; - -export const AnomaliesOverTimeGqlQuery = gql` - query GetAnomaliesOverTimeQuery( - $sourceId: ID! - $timerange: TimerangeInput! - $defaultIndex: [String!]! - $filterQuery: String - $inspect: Boolean! - ) { - source(id: $sourceId) { - id - AnomaliesOverTime( - timerange: $timerange - filterQuery: $filterQuery - defaultIndex: $defaultIndex - ) { - anomaliesOverTime { - x - y - g - } - totalCount - inspect @include(if: $inspect) { - dsl - response - } - } - } - } -`; diff --git a/x-pack/legacy/plugins/siem/public/containers/anomalies/anomalies_over_time/index.tsx b/x-pack/legacy/plugins/siem/public/containers/anomalies/anomalies_over_time/index.tsx deleted file mode 100644 index 0d1ffba1ecd82..0000000000000 --- a/x-pack/legacy/plugins/siem/public/containers/anomalies/anomalies_over_time/index.tsx +++ /dev/null @@ -1,86 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import { getOr } from 'lodash/fp'; -import React from 'react'; -import { Query } from 'react-apollo'; -import { connect } from 'react-redux'; - -import { State, inputsSelectors } from '../../../store'; -import { getDefaultFetchPolicy } from '../../helpers'; -import { QueryTemplate } from '../../query_template'; - -import { AnomaliesOverTimeGqlQuery } from './anomalies_over_time.gql_query'; -import { GetAnomaliesOverTimeQuery } from '../../../graphql/types'; -import { AnomaliesOverTimeProps, OwnProps } from './types'; - -const ID = 'anomaliesOverTimeQuery'; - -class AnomaliesOverTimeComponentQuery extends QueryTemplate< - AnomaliesOverTimeProps, - GetAnomaliesOverTimeQuery.Query, - GetAnomaliesOverTimeQuery.Variables -> { - public render() { - const { - children, - endDate, - filterQuery, - id = ID, - isInspected, - sourceId, - startDate, - } = this.props; - - return ( - - query={AnomaliesOverTimeGqlQuery} - fetchPolicy={getDefaultFetchPolicy()} - notifyOnNetworkStatusChange - variables={{ - filterQuery, - sourceId, - timerange: { - interval: 'day', - from: startDate!, - to: endDate!, - }, - defaultIndex: ['.ml-anomalies-*'], - inspect: isInspected, - }} - > - {({ data, loading, refetch }) => { - const source = getOr({}, `source.AnomaliesOverTime`, data); - const anomaliesOverTime = getOr([], `anomaliesOverTime`, source); - const totalCount = getOr(-1, 'totalCount', source); - return children!({ - endDate: endDate!, - anomaliesOverTime, - id, - inspect: getOr(null, 'inspect', source), - loading, - refetch, - startDate: startDate!, - totalCount, - }); - }} - - ); - } -} - -const makeMapStateToProps = () => { - const getQuery = inputsSelectors.globalQueryByIdSelector(); - const mapStateToProps = (state: State, { id = ID }: OwnProps) => { - const { isInspected } = getQuery(state, id); - return { - isInspected, - }; - }; - return mapStateToProps; -}; - -export const AnomaliesOverTimeQuery = connect(makeMapStateToProps)(AnomaliesOverTimeComponentQuery); diff --git a/x-pack/legacy/plugins/siem/public/containers/anomalies/anomalies_over_time/types.ts b/x-pack/legacy/plugins/siem/public/containers/anomalies/anomalies_over_time/types.ts deleted file mode 100644 index e6ece4a46e44f..0000000000000 --- a/x-pack/legacy/plugins/siem/public/containers/anomalies/anomalies_over_time/types.ts +++ /dev/null @@ -1,32 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import { QueryTemplateProps } from '../../query_template'; -import { inputsModel, hostsModel, networkModel } from '../../../store'; -import { MatrixOverTimeHistogramData } from '../../../graphql/types'; - -export interface AnomaliesArgs { - endDate: number; - anomaliesOverTime: MatrixOverTimeHistogramData[]; - id: string; - inspect: inputsModel.InspectQuery; - loading: boolean; - refetch: inputsModel.Refetch; - startDate: number; - totalCount: number; -} - -export interface OwnProps extends Omit { - filterQuery?: string; - children?: (args: AnomaliesArgs) => React.ReactNode; - type: hostsModel.HostsType | networkModel.NetworkType; -} - -export interface AnomaliesOverTimeComponentReduxProps { - isInspected: boolean; -} - -export type AnomaliesOverTimeProps = OwnProps & AnomaliesOverTimeComponentReduxProps; diff --git a/x-pack/legacy/plugins/siem/public/containers/anomalies/anomalies_query_tab_body/index.tsx b/x-pack/legacy/plugins/siem/public/containers/anomalies/anomalies_query_tab_body/index.tsx index f2c00cbae1a74..9627263870479 100644 --- a/x-pack/legacy/plugins/siem/public/containers/anomalies/anomalies_query_tab_body/index.tsx +++ b/x-pack/legacy/plugins/siem/public/containers/anomalies/anomalies_query_tab_body/index.tsx @@ -6,17 +6,26 @@ import React from 'react'; import { EuiSpacer } from '@elastic/eui'; +import gql from 'graphql-tag'; import { AnomaliesQueryTabBodyProps } from './types'; -import { manageQuery } from '../../../components/page/manage_query'; -import { AnomaliesOverTimeHistogram } from '../../../components/anomalies_over_time'; -import { AnomaliesOverTimeQuery } from '../anomalies_over_time'; import { getAnomaliesFilterQuery } from './utils'; import { useSiemJobs } from '../../../components/ml_popover/hooks/use_siem_jobs'; import { useUiSetting$ } from '../../../lib/kibana'; import { DEFAULT_ANOMALY_SCORE } from '../../../../common/constants'; +import { MatrixHistogramContainer } from '../../matrix_histogram'; +import { SignalsHistogramOption } from '../../../components/matrix_histogram/types'; +import { getMatrixHistogramQuery } from '../../helpers'; -const AnomaliesOverTimeManage = manageQuery(AnomaliesOverTimeHistogram); - +const ID = 'anomaliesOverTimeQuery'; +const anomaliesStackByOptions: SignalsHistogramOption[] = [ + { + text: 'job', + value: 'job_id', + }, +]; +const AnomaliesOverTimeGqlQuery = gql` + ${getMatrixHistogramQuery('Anomalies')} +`; export const AnomaliesQueryTabBody = ({ endDate, skip, @@ -26,8 +35,7 @@ export const AnomaliesQueryTabBody = ({ filterQuery, anomaliesFilterQuery, setQuery, - hideHistogramIfEmpty, - updateDateRange = () => {}, + updateDateRange = () => { }, AnomaliesTableComponent, flowTarget, ip, @@ -46,37 +54,21 @@ export const AnomaliesQueryTabBody = ({ return ( <> - - {({ anomaliesOverTime, loading, id, inspect, refetch, totalCount }) => { - if (hideHistogramIfEmpty && !anomaliesOverTime.length) { - return
; - } - - return ( - <> - - - - ); - }} - + title="Anomalies" + updateDateRange={updateDateRange} + /> + React.ReactNode; - type: hostsModel.HostsType; -} - -export interface AuthenticationsOverTimeComponentReduxProps { - isInspected: boolean; -} - -type AuthenticationsOverTimeProps = OwnProps & - AuthenticationsOverTimeComponentReduxProps & - WithKibanaProps; - -class AuthenticationsOverTimeComponentQuery extends QueryTemplate< - AuthenticationsOverTimeProps, - GetAuthenticationsOverTimeQuery.Query, - GetAuthenticationsOverTimeQuery.Variables -> { - public render() { - const { - children, - filterQuery, - id = ID, - isInspected, - kibana, - sourceId, - startDate, - endDate, - } = this.props; - return ( - - query={AuthenticationsOverTimeGqlQuery} - fetchPolicy={getDefaultFetchPolicy()} - notifyOnNetworkStatusChange - variables={{ - filterQuery: createFilter(filterQuery), - sourceId, - timerange: { - interval: '12h', - from: startDate!, - to: endDate!, - }, - defaultIndex: kibana.services.uiSettings.get(DEFAULT_INDEX_KEY), - inspect: isInspected, - }} - > - {({ data, loading, refetch }) => { - const source = getOr({}, `source.AuthenticationsOverTime`, data); - const authenticationsOverTime = getOr([], `authenticationsOverTime`, source); - const totalCount = getOr(-1, 'totalCount', source); - return children!({ - endDate: endDate!, - authenticationsOverTime, - id, - inspect: getOr(null, 'inspect', source), - loading, - refetch, - startDate: startDate!, - totalCount, - }); - }} - - ); - } -} - -const makeMapStateToProps = () => { - const getQuery = inputsSelectors.globalQueryByIdSelector(); - const mapStateToProps = (state: State, { type, id = ID }: OwnProps) => { - const { isInspected } = getQuery(state, id); - return { - isInspected, - }; - }; - return mapStateToProps; -}; - -export const AuthenticationsOverTimeQuery = compose>( - connect(makeMapStateToProps), - withKibana -)(AuthenticationsOverTimeComponentQuery); diff --git a/x-pack/legacy/plugins/siem/public/containers/events/events_over_time/events_over_time.gql_query.ts b/x-pack/legacy/plugins/siem/public/containers/events/events_over_time/events_over_time.gql_query.ts deleted file mode 100644 index aec0a32043040..0000000000000 --- a/x-pack/legacy/plugins/siem/public/containers/events/events_over_time/events_over_time.gql_query.ts +++ /dev/null @@ -1,37 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import gql from 'graphql-tag'; - -export const EventsOverTimeGqlQuery = gql` - query GetEventsOverTimeQuery( - $sourceId: ID! - $timerange: TimerangeInput! - $defaultIndex: [String!]! - $filterQuery: String - $inspect: Boolean! - ) { - source(id: $sourceId) { - id - EventsOverTime( - timerange: $timerange - filterQuery: $filterQuery - defaultIndex: $defaultIndex - ) { - eventsOverTime { - x - y - g - } - totalCount - inspect @include(if: $inspect) { - dsl - response - } - } - } - } -`; diff --git a/x-pack/legacy/plugins/siem/public/containers/events/events_over_time/index.tsx b/x-pack/legacy/plugins/siem/public/containers/events/events_over_time/index.tsx deleted file mode 100644 index e102cd11f108e..0000000000000 --- a/x-pack/legacy/plugins/siem/public/containers/events/events_over_time/index.tsx +++ /dev/null @@ -1,113 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import { getOr } from 'lodash/fp'; -import React from 'react'; -import { Query } from 'react-apollo'; -import { connect } from 'react-redux'; -import { compose } from 'redux'; - -import { DEFAULT_INDEX_KEY } from '../../../../common/constants'; -import { inputsModel, State, inputsSelectors, hostsModel } from '../../../store'; -import { createFilter, getDefaultFetchPolicy } from '../../helpers'; -import { QueryTemplate, QueryTemplateProps } from '../../query_template'; -import { withKibana, WithKibanaProps } from '../../../lib/kibana'; - -import { EventsOverTimeGqlQuery } from './events_over_time.gql_query'; -import { GetEventsOverTimeQuery, MatrixOverTimeHistogramData } from '../../../graphql/types'; - -const ID = 'eventsOverTimeQuery'; - -export interface EventsArgs { - endDate: number; - eventsOverTime: MatrixOverTimeHistogramData[]; - id: string; - inspect: inputsModel.InspectQuery; - loading: boolean; - refetch: inputsModel.Refetch; - startDate: number; - totalCount: number; -} - -export interface OwnProps extends QueryTemplateProps { - children?: (args: EventsArgs) => React.ReactNode; - type: hostsModel.HostsType; -} - -export interface EventsOverTimeComponentReduxProps { - isInspected: boolean; -} - -type EventsOverTimeProps = OwnProps & EventsOverTimeComponentReduxProps & WithKibanaProps; - -class EventsOverTimeComponentQuery extends QueryTemplate< - EventsOverTimeProps, - GetEventsOverTimeQuery.Query, - GetEventsOverTimeQuery.Variables -> { - public render() { - const { - children, - endDate, - filterQuery, - id = ID, - isInspected, - kibana, - sourceId, - startDate, - } = this.props; - return ( - - query={EventsOverTimeGqlQuery} - fetchPolicy={getDefaultFetchPolicy()} - notifyOnNetworkStatusChange - variables={{ - filterQuery: createFilter(filterQuery), - sourceId, - timerange: { - interval: '12h', - from: startDate!, - to: endDate!, - }, - defaultIndex: kibana.services.uiSettings.get(DEFAULT_INDEX_KEY), - inspect: isInspected, - }} - > - {({ data, loading, refetch }) => { - const source = getOr({}, `source.EventsOverTime`, data); - const eventsOverTime = getOr([], `eventsOverTime`, source); - const totalCount = getOr(-1, 'totalCount', source); - return children!({ - endDate: endDate!, - eventsOverTime, - id, - inspect: getOr(null, 'inspect', source), - loading, - refetch, - startDate: startDate!, - totalCount, - }); - }} - - ); - } -} - -const makeMapStateToProps = () => { - const getQuery = inputsSelectors.globalQueryByIdSelector(); - const mapStateToProps = (state: State, { type, id = ID }: OwnProps) => { - const { isInspected } = getQuery(state, id); - return { - isInspected, - }; - }; - return mapStateToProps; -}; - -export const EventsOverTimeQuery = compose>( - connect(makeMapStateToProps), - withKibana -)(EventsOverTimeComponentQuery); diff --git a/x-pack/legacy/plugins/siem/public/containers/helpers.ts b/x-pack/legacy/plugins/siem/public/containers/helpers.ts index 5f66e3f4b88d4..4930fa7b63184 100644 --- a/x-pack/legacy/plugins/siem/public/containers/helpers.ts +++ b/x-pack/legacy/plugins/siem/public/containers/helpers.ts @@ -13,3 +13,35 @@ export const createFilter = (filterQuery: ESQuery | string | undefined) => isString(filterQuery) ? filterQuery : JSON.stringify(filterQuery); export const getDefaultFetchPolicy = (): FetchPolicy => 'cache-and-network'; + +export const getMatrixHistogramQuery = (dataKey: string): string => { + return ` + query Get${dataKey}OverTimeQuery( + $sourceId: ID! + $timerange: TimerangeInput! + $defaultIndex: [String!]! + $filterQuery: String + $inspect: Boolean! + ) { + source(id: $sourceId) { + id + ${dataKey}Histogram( + timerange: $timerange + filterQuery: $filterQuery + defaultIndex: $defaultIndex + ) { + ${dataKey}OverTimeByModule { + x + y + g + } + totalCount + inspect @include(if: $inspect) { + dsl + response + } + } + } + } +`; +}; diff --git a/x-pack/legacy/plugins/siem/public/containers/matrix_histogram/index.tsx b/x-pack/legacy/plugins/siem/public/containers/matrix_histogram/index.tsx new file mode 100644 index 0000000000000..7a2a7310627f2 --- /dev/null +++ b/x-pack/legacy/plugins/siem/public/containers/matrix_histogram/index.tsx @@ -0,0 +1,62 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License; + * you may not use this file except in compliance with the Elastic License. + */ + +import React from 'react'; +import { compose } from 'redux'; + +import { connect } from 'react-redux'; +import { inputsModel, State, inputsSelectors, hostsModel } from '../../store'; +import { QueryTemplateProps } from '../query_template'; +import { withKibana } from '../../lib/kibana'; + +import { MatrixOverTimeHistogramData, Maybe } from '../../graphql/types'; +import { MatrixHistogram } from '../../components/matrix_histogram'; +import { SignalsHistogramOption } from '../../components/matrix_histogram/types'; +import { UpdateDateRange } from '../../components/charts/common'; + +export interface EventsArgs { + endDate: number; + eventsOverTime: MatrixOverTimeHistogramData[]; + id: string; + inspect: inputsModel.InspectQuery; + loading: boolean; + refetch: inputsModel.Refetch; + startDate: number; + totalCount: number; +} + +export interface OwnProps extends QueryTemplateProps { + id: string; + dataKey: string; + defaultStackByOption: SignalsHistogramOption; + hideHistogramIfEmpty: boolean; + query: Maybe; + sourceId: string; + stackByOptions: SignalsHistogramOption[]; + type: hostsModel.HostsType; + title: string; + updateDateRange: UpdateDateRange; +} + +export interface EventsOverTimeComponentReduxProps { + isInspected: boolean; +} + +const makeMapStateToProps = () => { + const getQuery = inputsSelectors.globalQueryByIdSelector(); + const mapStateToProps = (state: State, { type, id }: OwnProps) => { + const { isInspected } = getQuery(state, id); + return { + isInspected, + }; + }; + return mapStateToProps; +}; + +export const MatrixHistogramContainer = compose>( + connect(makeMapStateToProps), + withKibana +)(MatrixHistogram); diff --git a/x-pack/legacy/plugins/siem/public/containers/network_dns/index.gql_query.ts b/x-pack/legacy/plugins/siem/public/containers/network_dns/index.gql_query.ts index da83e09e4629a..daa14eca80c9d 100644 --- a/x-pack/legacy/plugins/siem/public/containers/network_dns/index.gql_query.ts +++ b/x-pack/legacy/plugins/siem/public/containers/network_dns/index.gql_query.ts @@ -16,6 +16,7 @@ export const networkDnsQuery = gql` $filterQuery: String $defaultIndex: [String!]! $inspect: Boolean! + $isHistogram: Boolean! ) { source(id: $sourceId) { id @@ -28,7 +29,7 @@ export const networkDnsQuery = gql` defaultIndex: $defaultIndex ) { totalCount - edges { + edges @skip(if: $isHistogram) { node { _id dnsBytesIn @@ -41,7 +42,7 @@ export const networkDnsQuery = gql` value } } - pageInfo { + pageInfo @skip(if: $isHistogram) { activePage fakeTotalCount showMorePagesIndicator @@ -50,7 +51,7 @@ export const networkDnsQuery = gql` dsl response } - histogram { + histogram @include(if: $isHistogram) { x y g diff --git a/x-pack/legacy/plugins/siem/public/containers/network_dns/index.tsx b/x-pack/legacy/plugins/siem/public/containers/network_dns/index.tsx index b5ebf3deacd0a..1461b9d2da0a8 100644 --- a/x-pack/legacy/plugins/siem/public/containers/network_dns/index.tsx +++ b/x-pack/legacy/plugins/siem/public/containers/network_dns/index.tsx @@ -25,6 +25,8 @@ import { createFilter, getDefaultFetchPolicy } from '../helpers'; import { QueryTemplatePaginated, QueryTemplatePaginatedProps } from '../query_template_paginated'; import { networkDnsQuery } from './index.gql_query'; import { DEFAULT_TABLE_ACTIVE_PAGE, DEFAULT_TABLE_LIMIT } from '../../store/constants'; +import { MatrixHistogram } from '../../components/matrix_histogram'; +import { SignalsHistogramOption } from '../../components/matrix_histogram/types'; const ID = 'networkDnsQuery'; const HISTOGRAM_ID = 'networkDnsHistogramQuery'; @@ -46,6 +48,13 @@ export interface OwnProps extends QueryTemplatePaginatedProps { type: networkModel.NetworkType; } +interface DnsHistogramOwnProps extends QueryTemplatePaginatedProps { + dataKey: string; + defaultStackByOption: SignalsHistogramOption; + stackByOptions: SignalsHistogramOption[]; + type: networkModel.NetworkType; +} + export interface NetworkDnsComponentReduxProps { activePage: number; sort: NetworkDnsSortField; @@ -60,7 +69,7 @@ export class NetworkDnsComponentQuery extends QueryTemplatePaginated< NetworkDnsProps, GetNetworkDnsQuery.Query, GetNetworkDnsQuery.Variables -> { + > { public render() { const { activePage, @@ -80,6 +89,7 @@ export class NetworkDnsComponentQuery extends QueryTemplatePaginated< const variables: GetNetworkDnsQuery.Variables = { defaultIndex: kibana.services.uiSettings.get(DEFAULT_INDEX_KEY), filterQuery: createFilter(filterQuery), + isHistogram: false, inspect: isInspected, isPtrIncluded, pagination: generateTablePaginationOptions(activePage, limit), @@ -179,7 +189,7 @@ export const NetworkDnsQuery = compose>( withKibana )(NetworkDnsComponentQuery); -export const NetworkDnsHistogramQuery = compose>( +export const NetworkDnsHistogramQuery = compose>( connect(makeMapHistogramStateToProps), withKibana -)(NetworkDnsComponentQuery); +)(MatrixHistogram); diff --git a/x-pack/legacy/plugins/siem/public/graphql/introspection.json b/x-pack/legacy/plugins/siem/public/graphql/introspection.json index 8ebc66b7f38a7..9a30cf4304062 100644 --- a/x-pack/legacy/plugins/siem/public/graphql/introspection.json +++ b/x-pack/legacy/plugins/siem/public/graphql/introspection.json @@ -714,7 +714,7 @@ "deprecationReason": null }, { - "name": "AnomaliesOverTime", + "name": "AnomaliesHistogram", "description": "", "args": [ { @@ -822,7 +822,7 @@ "deprecationReason": null }, { - "name": "AuthenticationsOverTime", + "name": "AuthenticationsHistogram", "description": "", "args": [ { @@ -1058,7 +1058,7 @@ "deprecationReason": null }, { - "name": "EventsOverTime", + "name": "EventsHistogram", "description": "", "args": [ { @@ -2599,7 +2599,7 @@ "deprecationReason": null }, { - "name": "alertsOverTimeByModule", + "name": "AlertsOverTimeByModule", "description": "", "args": [], "type": { @@ -2752,7 +2752,7 @@ "deprecationReason": null }, { - "name": "anomaliesOverTime", + "name": "AnomaliesOverTimeByModule", "description": "", "args": [], "type": { @@ -3516,7 +3516,7 @@ "deprecationReason": null }, { - "name": "authenticationsOverTime", + "name": "AuthenticationsOverTimeByModule", "description": "", "args": [], "type": { @@ -6235,7 +6235,7 @@ "deprecationReason": null }, { - "name": "eventsOverTime", + "name": "EventsOverTimeByModule", "description": "", "args": [], "type": { diff --git a/x-pack/legacy/plugins/siem/public/graphql/types.ts b/x-pack/legacy/plugins/siem/public/graphql/types.ts index 6dfde08058f7c..b78908f70ed81 100644 --- a/x-pack/legacy/plugins/siem/public/graphql/types.ts +++ b/x-pack/legacy/plugins/siem/public/graphql/types.ts @@ -459,11 +459,11 @@ export interface Source { AlertsHistogram: AlertsOverTimeData; - AnomaliesOverTime: AnomaliesOverTimeData; + AnomaliesHistogram: AnomaliesOverTimeData; /** Gets Authentication success and failures based on a timerange */ Authentications: AuthenticationsData; - AuthenticationsOverTime: AuthenticationsOverTimeData; + AuthenticationsHistogram: AuthenticationsOverTimeData; Timeline: TimelineData; @@ -471,7 +471,7 @@ export interface Source { LastEventTime: LastEventTimeData; - EventsOverTime: EventsOverTimeData; + EventsHistogram: EventsOverTimeData; /** Gets Hosts based on timerange and specified criteria, or all events in the timerange if no criteria is specified */ Hosts: HostsData; @@ -563,7 +563,7 @@ export interface IndexField { export interface AlertsOverTimeData { inspect?: Maybe; - alertsOverTimeByModule: MatrixOverTimeHistogramData[]; + AlertsOverTimeByModule: MatrixOverTimeHistogramData[]; totalCount: number; } @@ -585,7 +585,7 @@ export interface MatrixOverTimeHistogramData { export interface AnomaliesOverTimeData { inspect?: Maybe; - anomaliesOverTime: MatrixOverTimeHistogramData[]; + AnomaliesOverTimeByModule: MatrixOverTimeHistogramData[]; totalCount: number; } @@ -727,7 +727,7 @@ export interface PageInfoPaginated { export interface AuthenticationsOverTimeData { inspect?: Maybe; - authenticationsOverTime: MatrixOverTimeHistogramData[]; + AuthenticationsOverTimeByModule: MatrixOverTimeHistogramData[]; totalCount: number; } @@ -1311,7 +1311,7 @@ export interface LastEventTimeData { export interface EventsOverTimeData { inspect?: Maybe; - eventsOverTime: MatrixOverTimeHistogramData[]; + EventsOverTimeByModule: MatrixOverTimeHistogramData[]; totalCount: number; } @@ -2154,7 +2154,7 @@ export interface AlertsHistogramSourceArgs { timerange: TimerangeInput; } -export interface AnomaliesOverTimeSourceArgs { +export interface AnomaliesHistogramSourceArgs { timerange: TimerangeInput; filterQuery?: Maybe; @@ -2170,7 +2170,7 @@ export interface AuthenticationsSourceArgs { defaultIndex: string[]; } -export interface AuthenticationsOverTimeSourceArgs { +export interface AuthenticationsHistogramSourceArgs { timerange: TimerangeInput; filterQuery?: Maybe; @@ -2206,7 +2206,7 @@ export interface LastEventTimeSourceArgs { defaultIndex: string[]; } -export interface EventsOverTimeSourceArgs { +export interface EventsHistogramSourceArgs { timerange: TimerangeInput; filterQuery?: Maybe; @@ -2455,162 +2455,6 @@ export interface DeleteTimelineMutationArgs { // Documents // ==================================================== -export namespace GetAlertsOverTimeQuery { - export type Variables = { - sourceId: string; - timerange: TimerangeInput; - defaultIndex: string[]; - filterQuery?: Maybe; - inspect: boolean; - }; - - export type Query = { - __typename?: 'Query'; - - source: Source; - }; - - export type Source = { - __typename?: 'Source'; - - id: string; - - AlertsHistogram: AlertsHistogram; - }; - - export type AlertsHistogram = { - __typename?: 'AlertsOverTimeData'; - - alertsOverTimeByModule: AlertsOverTimeByModule[]; - - totalCount: number; - - inspect: Maybe; - }; - - export type AlertsOverTimeByModule = { - __typename?: 'MatrixOverTimeHistogramData'; - - x: number; - - y: number; - - g: string; - }; - - export type Inspect = { - __typename?: 'Inspect'; - - dsl: string[]; - - response: string[]; - }; -} - -export namespace GetAnomaliesOverTimeQuery { - export type Variables = { - sourceId: string; - timerange: TimerangeInput; - defaultIndex: string[]; - filterQuery?: Maybe; - inspect: boolean; - }; - - export type Query = { - __typename?: 'Query'; - - source: Source; - }; - - export type Source = { - __typename?: 'Source'; - - id: string; - - AnomaliesOverTime: AnomaliesOverTime; - }; - - export type AnomaliesOverTime = { - __typename?: 'AnomaliesOverTimeData'; - - anomaliesOverTime: _AnomaliesOverTime[]; - - totalCount: number; - - inspect: Maybe; - }; - - export type _AnomaliesOverTime = { - __typename?: 'MatrixOverTimeHistogramData'; - - x: number; - - y: number; - - g: string; - }; - - export type Inspect = { - __typename?: 'Inspect'; - - dsl: string[]; - - response: string[]; - }; -} - -export namespace GetAuthenticationsOverTimeQuery { - export type Variables = { - sourceId: string; - timerange: TimerangeInput; - defaultIndex: string[]; - filterQuery?: Maybe; - inspect: boolean; - }; - - export type Query = { - __typename?: 'Query'; - - source: Source; - }; - - export type Source = { - __typename?: 'Source'; - - id: string; - - AuthenticationsOverTime: AuthenticationsOverTime; - }; - - export type AuthenticationsOverTime = { - __typename?: 'AuthenticationsOverTimeData'; - - authenticationsOverTime: _AuthenticationsOverTime[]; - - totalCount: number; - - inspect: Maybe; - }; - - export type _AuthenticationsOverTime = { - __typename?: 'MatrixOverTimeHistogramData'; - - x: number; - - y: number; - - g: string; - }; - - export type Inspect = { - __typename?: 'Inspect'; - - dsl: string[]; - - response: string[]; - }; -} - export namespace GetAuthenticationsQuery { export type Variables = { sourceId: string; @@ -2750,58 +2594,6 @@ export namespace GetAuthenticationsQuery { }; } -export namespace GetEventsOverTimeQuery { - export type Variables = { - sourceId: string; - timerange: TimerangeInput; - defaultIndex: string[]; - filterQuery?: Maybe; - inspect: boolean; - }; - - export type Query = { - __typename?: 'Query'; - - source: Source; - }; - - export type Source = { - __typename?: 'Source'; - - id: string; - - EventsOverTime: EventsOverTime; - }; - - export type EventsOverTime = { - __typename?: 'EventsOverTimeData'; - - eventsOverTime: _EventsOverTime[]; - - totalCount: number; - - inspect: Maybe; - }; - - export type _EventsOverTime = { - __typename?: 'MatrixOverTimeHistogramData'; - - x: number; - - y: number; - - g: string; - }; - - export type Inspect = { - __typename?: 'Inspect'; - - dsl: string[]; - - response: string[]; - }; -} - export namespace GetLastEventTimeQuery { export type Variables = { sourceId: string; @@ -3433,6 +3225,7 @@ export namespace GetNetworkDnsQuery { filterQuery?: Maybe; defaultIndex: string[]; inspect: boolean; + isHistogram: boolean; }; export type Query = { diff --git a/x-pack/legacy/plugins/siem/public/pages/hosts/navigation/authentications_query_tab_body.tsx b/x-pack/legacy/plugins/siem/public/pages/hosts/navigation/authentications_query_tab_body.tsx index 7a0a25ef18842..064a5df776bb6 100644 --- a/x-pack/legacy/plugins/siem/public/pages/hosts/navigation/authentications_query_tab_body.tsx +++ b/x-pack/legacy/plugins/siem/public/pages/hosts/navigation/authentications_query_tab_body.tsx @@ -7,16 +7,50 @@ import { getOr } from 'lodash/fp'; import React from 'react'; import { EuiSpacer } from '@elastic/eui'; +import gql from 'graphql-tag'; import { AuthenticationTable } from '../../../components/page/hosts/authentications_table'; import { manageQuery } from '../../../components/page/manage_query'; -import { AuthenticationsOverTimeHistogram } from '../../../components/page/hosts/authentications_over_time'; -import { AuthenticationsOverTimeQuery } from '../../../containers/authentications/authentications_over_time'; import { AuthenticationsQuery } from '../../../containers/authentications'; import { HostsComponentsQueryProps } from './types'; import { hostsModel } from '../../../store/hosts'; +import { + SignalsHistogramOption, + MatrixHistogramMappingTypes, +} from '../../../components/matrix_histogram/types'; +import { MatrixHistogramContainer } from '../../../containers/matrix_histogram'; +import { getMatrixHistogramQuery } from '../../../containers/helpers'; +import { KpiHostsChartColors } from '../../../components/page/hosts/kpi_hosts/types'; const AuthenticationTableManage = manageQuery(AuthenticationTable); -const AuthenticationsOverTimeManage = manageQuery(AuthenticationsOverTimeHistogram); +const ID = 'authenticationsOverTimeQuery'; +const authStackByOptions: SignalsHistogramOption[] = [ + { + text: 'event type', + value: 'event.type', + }, +]; + +const AuthenticationsOverTimeGqlQuery = gql` + ${getMatrixHistogramQuery('Authentications')} +`; + +enum AuthMatrixDataGroup { + authSuccess = 'authentication_success', + authFailure = 'authentication_failure', +} + +export const authMatrixDataMappingFields: MatrixHistogramMappingTypes = { + [AuthMatrixDataGroup.authSuccess]: { + key: AuthMatrixDataGroup.authSuccess, + value: null, + color: KpiHostsChartColors.authSuccess, + }, + [AuthMatrixDataGroup.authFailure]: { + key: AuthMatrixDataGroup.authFailure, + value: null, + color: KpiHostsChartColors.authFailure, + }, +}; export const AuthenticationsQueryTabBody = ({ deleteQuery, @@ -26,69 +60,62 @@ export const AuthenticationsQueryTabBody = ({ setQuery, startDate, type, - updateDateRange = () => {}, + updateDateRange = () => { }, }: HostsComponentsQueryProps) => ( - <> - - {({ authenticationsOverTime, loading, id, inspect, refetch, totalCount }) => ( - - )} - - - - {({ - authentications, - totalCount, - loading, - pageInfo, - loadPage, - id, - inspect, - isInspected, - refetch, - }) => ( - - )} - - -); + <> + + + + {({ + authentications, + totalCount, + loading, + pageInfo, + loadPage, + id, + inspect, + isInspected, + refetch, + }) => ( + + )} + + + ); AuthenticationsQueryTabBody.displayName = 'AuthenticationsQueryTabBody'; diff --git a/x-pack/legacy/plugins/siem/public/pages/hosts/navigation/events_query_tab_body.tsx b/x-pack/legacy/plugins/siem/public/pages/hosts/navigation/events_query_tab_body.tsx index 223538c07d5df..88812d6b843e3 100644 --- a/x-pack/legacy/plugins/siem/public/pages/hosts/navigation/events_query_tab_body.tsx +++ b/x-pack/legacy/plugins/siem/public/pages/hosts/navigation/events_query_tab_body.tsx @@ -6,48 +6,49 @@ import React from 'react'; import { EuiSpacer } from '@elastic/eui'; +import gql from 'graphql-tag'; import { StatefulEventsViewer } from '../../../components/events_viewer'; import { HostsComponentsQueryProps } from './types'; -import { manageQuery } from '../../../components/page/manage_query'; -import { EventsOverTimeHistogram } from '../../../components/page/hosts/events_over_time'; -import { EventsOverTimeQuery } from '../../../containers/events/events_over_time'; import { hostsModel } from '../../../store/hosts'; import { eventsDefaultModel } from '../../../components/events_viewer/default_model'; +import { SignalsHistogramOption } from '../../../components/matrix_histogram/types'; +import { MatrixHistogramContainer } from '../../../containers/matrix_histogram'; +import { getMatrixHistogramQuery } from '../../../containers/helpers'; const HOSTS_PAGE_TIMELINE_ID = 'hosts-page'; -const EventsOverTimeManage = manageQuery(EventsOverTimeHistogram); +const EVENTS_HISTOGRAM_ID = 'eventsOverTimeQuery'; +export const EventsOverTimeGqlQuery = gql` + ${getMatrixHistogramQuery('Events')} +`; +const eventsStackByOptions: SignalsHistogramOption[] = [ + { + text: 'action', + value: 'event.action', + }, +]; export const EventsQueryTabBody = ({ endDate, filterQuery, - setQuery, startDate, - updateDateRange = () => {}, + updateDateRange = () => { }, }: HostsComponentsQueryProps) => { return ( <> - - {({ eventsOverTime, loading, id, inspect, refetch, totalCount }) => ( - - )} - + title="Events" + updateDateRange={updateDateRange} + id={EVENTS_HISTOGRAM_ID} + /> {}, + updateDateRange = () => { }, }: NetworkComponentQueryProps) => ( - <> - - {({ totalCount, loading, id, inspect, refetch, histogram }) => ( - - )} - - - - {({ - totalCount, - loading, - networkDns, - pageInfo, - loadPage, - id, - inspect, - isInspected, - refetch, - histogram, - }) => ( - - )} - - -); + <> + + + + {({ + totalCount, + loading, + networkDns, + pageInfo, + loadPage, + id, + inspect, + isInspected, + refetch, + histogram, + }) => ( + + )} + + + ); DnsQueryTabBody.displayName = 'DNSQueryTabBody'; diff --git a/x-pack/legacy/plugins/siem/server/graphql/alerts/schema.gql.ts b/x-pack/legacy/plugins/siem/server/graphql/alerts/schema.gql.ts index f29b64772b8f6..c911166d0ae48 100644 --- a/x-pack/legacy/plugins/siem/server/graphql/alerts/schema.gql.ts +++ b/x-pack/legacy/plugins/siem/server/graphql/alerts/schema.gql.ts @@ -9,7 +9,7 @@ import gql from 'graphql-tag'; export const alertsSchema = gql` type AlertsOverTimeData { inspect: Inspect - alertsOverTimeByModule: [MatrixOverTimeHistogramData!]! + AlertsOverTimeByModule: [MatrixOverTimeHistogramData!]! totalCount: Float! } diff --git a/x-pack/legacy/plugins/siem/server/graphql/anomalies/resolvers.ts b/x-pack/legacy/plugins/siem/server/graphql/anomalies/resolvers.ts index 47e227a8c0f84..e9668a688f972 100644 --- a/x-pack/legacy/plugins/siem/server/graphql/anomalies/resolvers.ts +++ b/x-pack/legacy/plugins/siem/server/graphql/anomalies/resolvers.ts @@ -15,7 +15,7 @@ export interface AnomaliesResolversDeps { } type QueryAnomaliesOverTimeResolver = ChildResolverOf< - AppResolverOf, + AppResolverOf, QuerySourceResolver >; @@ -23,11 +23,11 @@ export const createAnomaliesResolvers = ( libs: AnomaliesResolversDeps ): { Source: { - AnomaliesOverTime: QueryAnomaliesOverTimeResolver; + AnomaliesHistogram: QueryAnomaliesOverTimeResolver; }; } => ({ Source: { - async AnomaliesOverTime(source, args, { req }, info) { + async AnomaliesHistogram(source, args, { req }, info) { const options = { ...createOptions(source, args, info), defaultIndex: args.defaultIndex, diff --git a/x-pack/legacy/plugins/siem/server/graphql/anomalies/schema.gql.ts b/x-pack/legacy/plugins/siem/server/graphql/anomalies/schema.gql.ts index 1dad0aafd55b0..b63a49f926529 100644 --- a/x-pack/legacy/plugins/siem/server/graphql/anomalies/schema.gql.ts +++ b/x-pack/legacy/plugins/siem/server/graphql/anomalies/schema.gql.ts @@ -9,12 +9,12 @@ import gql from 'graphql-tag'; export const anomaliesSchema = gql` type AnomaliesOverTimeData { inspect: Inspect - anomaliesOverTime: [MatrixOverTimeHistogramData!]! + AnomaliesOverTimeByModule: [MatrixOverTimeHistogramData!]! totalCount: Float! } extend type Source { - AnomaliesOverTime( + AnomaliesHistogram( timerange: TimerangeInput! filterQuery: String defaultIndex: [String!]! diff --git a/x-pack/legacy/plugins/siem/server/graphql/authentications/resolvers.ts b/x-pack/legacy/plugins/siem/server/graphql/authentications/resolvers.ts index aaa66215e98f4..dc2a5a8348be1 100644 --- a/x-pack/legacy/plugins/siem/server/graphql/authentications/resolvers.ts +++ b/x-pack/legacy/plugins/siem/server/graphql/authentications/resolvers.ts @@ -16,7 +16,7 @@ type QueryAuthenticationsResolver = ChildResolverOf< >; type QueryAuthenticationsOverTimeResolver = ChildResolverOf< - AppResolverOf, + AppResolverOf, QuerySourceResolver >; @@ -29,7 +29,7 @@ export const createAuthenticationsResolvers = ( ): { Source: { Authentications: QueryAuthenticationsResolver; - AuthenticationsOverTime: QueryAuthenticationsOverTimeResolver; + AuthenticationsHistogram: QueryAuthenticationsOverTimeResolver; }; } => ({ Source: { @@ -37,7 +37,7 @@ export const createAuthenticationsResolvers = ( const options = createOptionsPaginated(source, args, info); return libs.authentications.getAuthentications(req, options); }, - async AuthenticationsOverTime(source, args, { req }, info) { + async AuthenticationsHistogram(source, args, { req }, info) { const options = { ...createOptions(source, args, info), defaultIndex: args.defaultIndex, diff --git a/x-pack/legacy/plugins/siem/server/graphql/authentications/schema.gql.ts b/x-pack/legacy/plugins/siem/server/graphql/authentications/schema.gql.ts index 5a65ef5d678ce..d14ffb7fa5b31 100644 --- a/x-pack/legacy/plugins/siem/server/graphql/authentications/schema.gql.ts +++ b/x-pack/legacy/plugins/siem/server/graphql/authentications/schema.gql.ts @@ -36,7 +36,7 @@ export const authenticationsSchema = gql` type AuthenticationsOverTimeData { inspect: Inspect - authenticationsOverTime: [MatrixOverTimeHistogramData!]! + AuthenticationsOverTimeByModule: [MatrixOverTimeHistogramData!]! totalCount: Float! } @@ -48,7 +48,7 @@ export const authenticationsSchema = gql` filterQuery: String defaultIndex: [String!]! ): AuthenticationsData! - AuthenticationsOverTime( + AuthenticationsHistogram( timerange: TimerangeInput! filterQuery: String defaultIndex: [String!]! diff --git a/x-pack/legacy/plugins/siem/server/graphql/events/resolvers.ts b/x-pack/legacy/plugins/siem/server/graphql/events/resolvers.ts index 09494594c7286..35b4f8f4fc768 100644 --- a/x-pack/legacy/plugins/siem/server/graphql/events/resolvers.ts +++ b/x-pack/legacy/plugins/siem/server/graphql/events/resolvers.ts @@ -33,7 +33,7 @@ export interface EventsResolversDeps { } type QueryEventsOverTimeResolver = ChildResolverOf< - AppResolverOf, + AppResolverOf, QuerySourceResolver >; @@ -44,7 +44,7 @@ export const createEventsResolvers = ( Timeline: QueryTimelineResolver; TimelineDetails: QueryTimelineDetailsResolver; LastEventTime: QueryLastEventTimeResolver; - EventsOverTime: QueryEventsOverTimeResolver; + EventsHistogram: QueryEventsOverTimeResolver; }; } => ({ Source: { @@ -71,7 +71,7 @@ export const createEventsResolvers = ( }; return libs.events.getLastEventTimeData(req, options); }, - async EventsOverTime(source, args, { req }, info) { + async EventsHistogram(source, args, { req }, info) { const options = { ...createOptions(source, args, info), defaultIndex: args.defaultIndex, diff --git a/x-pack/legacy/plugins/siem/server/graphql/events/schema.gql.ts b/x-pack/legacy/plugins/siem/server/graphql/events/schema.gql.ts index 073fd60dbf1ed..b436e53cb1b7d 100644 --- a/x-pack/legacy/plugins/siem/server/graphql/events/schema.gql.ts +++ b/x-pack/legacy/plugins/siem/server/graphql/events/schema.gql.ts @@ -76,7 +76,7 @@ export const eventsSchema = gql` type EventsOverTimeData { inspect: Inspect - eventsOverTime: [MatrixOverTimeHistogramData!]! + EventsOverTimeByModule: [MatrixOverTimeHistogramData!]! totalCount: Float! } @@ -100,7 +100,7 @@ export const eventsSchema = gql` details: LastTimeDetails! defaultIndex: [String!]! ): LastEventTimeData! - EventsOverTime( + EventsHistogram( timerange: TimerangeInput! filterQuery: String defaultIndex: [String!]! diff --git a/x-pack/legacy/plugins/siem/server/graphql/types.ts b/x-pack/legacy/plugins/siem/server/graphql/types.ts index 776444b1502b1..aa9709878a422 100644 --- a/x-pack/legacy/plugins/siem/server/graphql/types.ts +++ b/x-pack/legacy/plugins/siem/server/graphql/types.ts @@ -461,11 +461,11 @@ export interface Source { AlertsHistogram: AlertsOverTimeData; - AnomaliesOverTime: AnomaliesOverTimeData; + AnomaliesHistogram: AnomaliesOverTimeData; /** Gets Authentication success and failures based on a timerange */ Authentications: AuthenticationsData; - AuthenticationsOverTime: AuthenticationsOverTimeData; + AuthenticationsHistogram: AuthenticationsOverTimeData; Timeline: TimelineData; @@ -473,7 +473,7 @@ export interface Source { LastEventTime: LastEventTimeData; - EventsOverTime: EventsOverTimeData; + EventsHistogram: EventsOverTimeData; /** Gets Hosts based on timerange and specified criteria, or all events in the timerange if no criteria is specified */ Hosts: HostsData; @@ -565,7 +565,7 @@ export interface IndexField { export interface AlertsOverTimeData { inspect?: Maybe; - alertsOverTimeByModule: MatrixOverTimeHistogramData[]; + AlertsOverTimeByModule: MatrixOverTimeHistogramData[]; totalCount: number; } @@ -587,7 +587,7 @@ export interface MatrixOverTimeHistogramData { export interface AnomaliesOverTimeData { inspect?: Maybe; - anomaliesOverTime: MatrixOverTimeHistogramData[]; + AnomaliesOverTimeByModule: MatrixOverTimeHistogramData[]; totalCount: number; } @@ -729,7 +729,7 @@ export interface PageInfoPaginated { export interface AuthenticationsOverTimeData { inspect?: Maybe; - authenticationsOverTime: MatrixOverTimeHistogramData[]; + AuthenticationsOverTimeByModule: MatrixOverTimeHistogramData[]; totalCount: number; } @@ -1313,7 +1313,7 @@ export interface LastEventTimeData { export interface EventsOverTimeData { inspect?: Maybe; - eventsOverTime: MatrixOverTimeHistogramData[]; + EventsOverTimeByModule: MatrixOverTimeHistogramData[]; totalCount: number; } @@ -2156,7 +2156,7 @@ export interface AlertsHistogramSourceArgs { timerange: TimerangeInput; } -export interface AnomaliesOverTimeSourceArgs { +export interface AnomaliesHistogramSourceArgs { timerange: TimerangeInput; filterQuery?: Maybe; @@ -2172,7 +2172,7 @@ export interface AuthenticationsSourceArgs { defaultIndex: string[]; } -export interface AuthenticationsOverTimeSourceArgs { +export interface AuthenticationsHistogramSourceArgs { timerange: TimerangeInput; filterQuery?: Maybe; @@ -2208,7 +2208,7 @@ export interface LastEventTimeSourceArgs { defaultIndex: string[]; } -export interface EventsOverTimeSourceArgs { +export interface EventsHistogramSourceArgs { timerange: TimerangeInput; filterQuery?: Maybe; @@ -2800,11 +2800,11 @@ export namespace SourceResolvers { AlertsHistogram?: AlertsHistogramResolver; - AnomaliesOverTime?: AnomaliesOverTimeResolver; + AnomaliesHistogram?: AnomaliesHistogramResolver; /** Gets Authentication success and failures based on a timerange */ Authentications?: AuthenticationsResolver; - AuthenticationsOverTime?: AuthenticationsOverTimeResolver< + AuthenticationsHistogram?: AuthenticationsHistogramResolver< AuthenticationsOverTimeData, TypeParent, TContext @@ -2816,7 +2816,7 @@ export namespace SourceResolvers { LastEventTime?: LastEventTimeResolver; - EventsOverTime?: EventsOverTimeResolver; + EventsHistogram?: EventsHistogramResolver; /** Gets Hosts based on timerange and specified criteria, or all events in the timerange if no criteria is specified */ Hosts?: HostsResolver; @@ -2885,12 +2885,12 @@ export namespace SourceResolvers { timerange: TimerangeInput; } - export type AnomaliesOverTimeResolver< + export type AnomaliesHistogramResolver< R = AnomaliesOverTimeData, Parent = Source, TContext = SiemContext - > = Resolver; - export interface AnomaliesOverTimeArgs { + > = Resolver; + export interface AnomaliesHistogramArgs { timerange: TimerangeInput; filterQuery?: Maybe; @@ -2913,12 +2913,12 @@ export namespace SourceResolvers { defaultIndex: string[]; } - export type AuthenticationsOverTimeResolver< + export type AuthenticationsHistogramResolver< R = AuthenticationsOverTimeData, Parent = Source, TContext = SiemContext - > = Resolver; - export interface AuthenticationsOverTimeArgs { + > = Resolver; + export interface AuthenticationsHistogramArgs { timerange: TimerangeInput; filterQuery?: Maybe; @@ -2973,12 +2973,12 @@ export namespace SourceResolvers { defaultIndex: string[]; } - export type EventsOverTimeResolver< + export type EventsHistogramResolver< R = EventsOverTimeData, Parent = Source, TContext = SiemContext - > = Resolver; - export interface EventsOverTimeArgs { + > = Resolver; + export interface EventsHistogramArgs { timerange: TimerangeInput; filterQuery?: Maybe; @@ -3443,7 +3443,7 @@ export namespace AlertsOverTimeDataResolvers { export interface Resolvers { inspect?: InspectResolver, TypeParent, TContext>; - alertsOverTimeByModule?: AlertsOverTimeByModuleResolver< + AlertsOverTimeByModule?: AlertsOverTimeByModuleResolver< MatrixOverTimeHistogramData[], TypeParent, TContext @@ -3518,7 +3518,7 @@ export namespace AnomaliesOverTimeDataResolvers { export interface Resolvers { inspect?: InspectResolver, TypeParent, TContext>; - anomaliesOverTime?: AnomaliesOverTimeResolver< + AnomaliesOverTimeByModule?: AnomaliesOverTimeByModuleResolver< MatrixOverTimeHistogramData[], TypeParent, TContext @@ -3532,7 +3532,7 @@ export namespace AnomaliesOverTimeDataResolvers { Parent = AnomaliesOverTimeData, TContext = SiemContext > = Resolver; - export type AnomaliesOverTimeResolver< + export type AnomaliesOverTimeByModuleResolver< R = MatrixOverTimeHistogramData[], Parent = AnomaliesOverTimeData, TContext = SiemContext @@ -3993,7 +3993,7 @@ export namespace AuthenticationsOverTimeDataResolvers { export interface Resolvers { inspect?: InspectResolver, TypeParent, TContext>; - authenticationsOverTime?: AuthenticationsOverTimeResolver< + AuthenticationsOverTimeByModule?: AuthenticationsOverTimeByModuleResolver< MatrixOverTimeHistogramData[], TypeParent, TContext @@ -4007,7 +4007,7 @@ export namespace AuthenticationsOverTimeDataResolvers { Parent = AuthenticationsOverTimeData, TContext = SiemContext > = Resolver; - export type AuthenticationsOverTimeResolver< + export type AuthenticationsOverTimeByModuleResolver< R = MatrixOverTimeHistogramData[], Parent = AuthenticationsOverTimeData, TContext = SiemContext @@ -5947,7 +5947,11 @@ export namespace EventsOverTimeDataResolvers { export interface Resolvers { inspect?: InspectResolver, TypeParent, TContext>; - eventsOverTime?: EventsOverTimeResolver; + EventsOverTimeByModule?: EventsOverTimeByModuleResolver< + MatrixOverTimeHistogramData[], + TypeParent, + TContext + >; totalCount?: TotalCountResolver; } @@ -5957,7 +5961,7 @@ export namespace EventsOverTimeDataResolvers { Parent = EventsOverTimeData, TContext = SiemContext > = Resolver; - export type EventsOverTimeResolver< + export type EventsOverTimeByModuleResolver< R = MatrixOverTimeHistogramData[], Parent = EventsOverTimeData, TContext = SiemContext diff --git a/x-pack/legacy/plugins/siem/server/lib/alerts/elasticsearch_adapter.ts b/x-pack/legacy/plugins/siem/server/lib/alerts/elasticsearch_adapter.ts index 6667f34b1b738..2999de80fd9a9 100644 --- a/x-pack/legacy/plugins/siem/server/lib/alerts/elasticsearch_adapter.ts +++ b/x-pack/legacy/plugins/siem/server/lib/alerts/elasticsearch_adapter.ts @@ -18,7 +18,7 @@ import { TermAggregation } from '../types'; import { EventHit } from '../events/types'; export class ElasticsearchAlertsAdapter implements AlertsAdapter { - constructor(private readonly framework: FrameworkAdapter) {} + constructor(private readonly framework: FrameworkAdapter) { } public async getAlertsHistogramData( request: FrameworkRequest, @@ -31,14 +31,14 @@ export class ElasticsearchAlertsAdapter implements AlertsAdapter { dsl ); const totalCount = getOr(0, 'hits.total.value', response); - const alertsOverTimeByModule = getOr([], 'aggregations.alertsByModuleGroup.buckets', response); + const AlertsOverTimeByModule = getOr([], 'aggregations.alertsByModuleGroup.buckets', response); const inspect = { dsl: [inspectStringifyObject(dsl)], response: [inspectStringifyObject(response)], }; return { inspect, - alertsOverTimeByModule: getAlertsOverTimeByModule(alertsOverTimeByModule), + AlertsOverTimeByModule: getAlertsOverTimeByModule(AlertsOverTimeByModule), totalCount, }; } diff --git a/x-pack/legacy/plugins/siem/server/lib/alerts/elasticseatch_adapter.test.ts b/x-pack/legacy/plugins/siem/server/lib/alerts/elasticseatch_adapter.test.ts index a24fb5f511d24..e24d0544ef502 100644 --- a/x-pack/legacy/plugins/siem/server/lib/alerts/elasticseatch_adapter.test.ts +++ b/x-pack/legacy/plugins/siem/server/lib/alerts/elasticseatch_adapter.test.ts @@ -45,7 +45,7 @@ describe('alerts elasticsearch_adapter', () => { ); expect(data).to.eql({ - alertsOverTimeByModule: mockAlertsHistogramDataFormattedResponse, + AlertsOverTimeByModule: mockAlertsHistogramDataFormattedResponse, inspect: { dsl: ['"mockAlertsHistogramQueryDsl"'], response: [JSON.stringify(mockAlertsHistogramDataResponse, null, 2)], diff --git a/x-pack/legacy/plugins/siem/server/lib/anomalies/elasticsearch_adapter.ts b/x-pack/legacy/plugins/siem/server/lib/anomalies/elasticsearch_adapter.ts index f4b7aff4854e5..633fc014626bc 100644 --- a/x-pack/legacy/plugins/siem/server/lib/anomalies/elasticsearch_adapter.ts +++ b/x-pack/legacy/plugins/siem/server/lib/anomalies/elasticsearch_adapter.ts @@ -16,7 +16,7 @@ import { buildAnomaliesOverTimeQuery } from './query.anomalies_over_time.dsl'; import { MatrixOverTimeHistogramData } from '../../../public/graphql/types'; export class ElasticsearchAnomaliesAdapter implements AnomaliesAdapter { - constructor(private readonly framework: FrameworkAdapter) {} + constructor(private readonly framework: FrameworkAdapter) { } public async getAnomaliesOverTime( request: FrameworkRequest, @@ -39,7 +39,7 @@ export class ElasticsearchAnomaliesAdapter implements AnomaliesAdapter { }; return { inspect, - anomaliesOverTime: getAnomaliesOverTimeByJobId(anomaliesOverTimeBucket), + AnomaliesOverTimeByModule: getAnomaliesOverTimeByJobId(anomaliesOverTimeBucket), totalCount, }; } diff --git a/x-pack/legacy/plugins/siem/server/lib/authentications/elasticsearch_adapter.ts b/x-pack/legacy/plugins/siem/server/lib/authentications/elasticsearch_adapter.ts index 9a9e30bf01c04..2e6fb3444976f 100644 --- a/x-pack/legacy/plugins/siem/server/lib/authentications/elasticsearch_adapter.ts +++ b/x-pack/legacy/plugins/siem/server/lib/authentications/elasticsearch_adapter.ts @@ -51,7 +51,7 @@ const getAuthenticationsOverTimeByAuthenticationResult = ( }; export class ElasticsearchAuthenticationAdapter implements AuthenticationsAdapter { - constructor(private readonly framework: FrameworkAdapter) {} + constructor(private readonly framework: FrameworkAdapter) { } public async getAuthentications( request: FrameworkRequest, @@ -132,7 +132,7 @@ export class ElasticsearchAuthenticationAdapter implements AuthenticationsAdapte }; return { inspect, - authenticationsOverTime: getAuthenticationsOverTimeByAuthenticationResult( + AuthenticationsOverTimeByModule: getAuthenticationsOverTimeByAuthenticationResult( authenticationsOverTimeBucket ), totalCount, diff --git a/x-pack/legacy/plugins/siem/server/lib/events/elasticsearch_adapter.ts b/x-pack/legacy/plugins/siem/server/lib/events/elasticsearch_adapter.ts index dfa81122f9c23..ea77b646f0a37 100644 --- a/x-pack/legacy/plugins/siem/server/lib/events/elasticsearch_adapter.ts +++ b/x-pack/legacy/plugins/siem/server/lib/events/elasticsearch_adapter.ts @@ -49,7 +49,7 @@ import { buildEventsOverTimeQuery } from './query.events_over_time.dsl'; import { MatrixOverTimeHistogramData } from '../../../public/graphql/types'; export class ElasticsearchEventsAdapter implements EventsAdapter { - constructor(private readonly framework: FrameworkAdapter) {} + constructor(private readonly framework: FrameworkAdapter) { } public async getTimelineData( request: FrameworkRequest, @@ -147,7 +147,7 @@ export class ElasticsearchEventsAdapter implements EventsAdapter { }; return { inspect, - eventsOverTime: getEventsOverTimeByActionName(eventsOverTimeBucket), + EventsOverTimeByModule: getEventsOverTimeByActionName(eventsOverTimeBucket), totalCount, }; } @@ -162,10 +162,10 @@ export const getTotalEventsOverTime = ( ): MatrixOverTimeHistogramData[] => { return data && data.length > 0 ? data.map(({ key, doc_count }) => ({ - x: key, - y: doc_count, - g: 'total events', - })) + x: key, + y: doc_count, + g: 'total events', + })) : []; }; @@ -263,22 +263,22 @@ const mergeTimelineFieldsWithHit = ( ...get('node', flattenedFields), data: dataFields.includes(fieldName) ? [ - ...get('node.data', flattenedFields), - { - field: fieldName, - value: specialFields.includes(esField) - ? get(esField, hit) - : get(esField, hit._source), - }, - ] + ...get('node.data', flattenedFields), + { + field: fieldName, + value: specialFields.includes(esField) + ? get(esField, hit) + : get(esField, hit._source), + }, + ] : get('node.data', flattenedFields), ecs: ecsFields.includes(fieldName) ? { - ...get('node.ecs', flattenedFields), - ...fieldName - .split('.') - .reduceRight((obj, next) => ({ [next]: obj }), get(esField, hit._source)), - } + ...get('node.ecs', flattenedFields), + ...fieldName + .split('.') + .reduceRight((obj, next) => ({ [next]: obj }), get(esField, hit._source)), + } : get('node.ecs', flattenedFields), }, }; diff --git a/x-pack/legacy/plugins/siem/server/lib/network/elasticsearch_adapter.ts b/x-pack/legacy/plugins/siem/server/lib/network/elasticsearch_adapter.ts index 07b748024743c..5d89adfccf1ce 100644 --- a/x-pack/legacy/plugins/siem/server/lib/network/elasticsearch_adapter.ts +++ b/x-pack/legacy/plugins/siem/server/lib/network/elasticsearch_adapter.ts @@ -44,7 +44,7 @@ import { } from './types'; export class ElasticsearchNetworkAdapter implements NetworkAdapter { - constructor(private readonly framework: FrameworkAdapter) {} + constructor(private readonly framework: FrameworkAdapter) { } public async getNetworkTopCountries( request: FrameworkRequest, @@ -255,38 +255,38 @@ const getFlowTargetFromString = (flowAsString: string) => const getGeoItem = (result: NetworkTopNFlowBuckets): GeoItem | null => result.location.top_geo.hits.hits.length > 0 && result.location.top_geo.hits.hits[0]._source ? { - geo: getOr( - '', - `location.top_geo.hits.hits[0]._source.${ - Object.keys(result.location.top_geo.hits.hits[0]._source)[0] - }.geo`, - result - ), - flowTarget: getFlowTargetFromString( - Object.keys(result.location.top_geo.hits.hits[0]._source)[0] - ), - } + geo: getOr( + '', + `location.top_geo.hits.hits[0]._source.${ + Object.keys(result.location.top_geo.hits.hits[0]._source)[0] + }.geo`, + result + ), + flowTarget: getFlowTargetFromString( + Object.keys(result.location.top_geo.hits.hits[0]._source)[0] + ), + } : null; const getAsItem = (result: NetworkTopNFlowBuckets): AutonomousSystemItem | null => result.autonomous_system.top_as.hits.hits.length > 0 && - result.autonomous_system.top_as.hits.hits[0]._source + result.autonomous_system.top_as.hits.hits[0]._source ? { - number: getOr( - null, - `autonomous_system.top_as.hits.hits[0]._source.${ - Object.keys(result.autonomous_system.top_as.hits.hits[0]._source)[0] - }.as.number`, - result - ), - name: getOr( - '', - `autonomous_system.top_as.hits.hits[0]._source.${ - Object.keys(result.autonomous_system.top_as.hits.hits[0]._source)[0] - }.as.organization.name`, - result - ), - } + number: getOr( + null, + `autonomous_system.top_as.hits.hits[0]._source.${ + Object.keys(result.autonomous_system.top_as.hits.hits[0]._source)[0] + }.as.number`, + result + ), + name: getOr( + '', + `autonomous_system.top_as.hits.hits[0]._source.${ + Object.keys(result.autonomous_system.top_as.hits.hits[0]._source)[0] + }.as.organization.name`, + result + ), + } : null; const formatTopNFlowEdges = ( From 4ea7fbffaff2915c8d6a0d8cb87d65cddeb86993 Mon Sep 17 00:00:00 2001 From: Angela Chuang Date: Mon, 6 Jan 2020 01:33:03 +0000 Subject: [PATCH 02/25] generic histogram container --- .../anomalies_query_tab_body/index.tsx | 2 +- .../public/containers/network_dns/index.tsx | 2 +- .../authentications_query_tab_body.tsx | 112 ++++++++--------- .../navigation/events_query_tab_body.tsx | 2 +- .../network/navigation/dns_query_tab_body.tsx | 114 +++++++++--------- .../lib/alerts/elasticsearch_adapter.ts | 2 +- .../lib/anomalies/elasticsearch_adapter.ts | 2 +- .../authentications/elasticsearch_adapter.ts | 2 +- .../lib/events/elasticsearch_adapter.ts | 36 +++--- .../lib/network/elasticsearch_adapter.ts | 56 ++++----- 10 files changed, 165 insertions(+), 165 deletions(-) diff --git a/x-pack/legacy/plugins/siem/public/containers/anomalies/anomalies_query_tab_body/index.tsx b/x-pack/legacy/plugins/siem/public/containers/anomalies/anomalies_query_tab_body/index.tsx index 9627263870479..5d14bf53de817 100644 --- a/x-pack/legacy/plugins/siem/public/containers/anomalies/anomalies_query_tab_body/index.tsx +++ b/x-pack/legacy/plugins/siem/public/containers/anomalies/anomalies_query_tab_body/index.tsx @@ -35,7 +35,7 @@ export const AnomaliesQueryTabBody = ({ filterQuery, anomaliesFilterQuery, setQuery, - updateDateRange = () => { }, + updateDateRange = () => {}, AnomaliesTableComponent, flowTarget, ip, diff --git a/x-pack/legacy/plugins/siem/public/containers/network_dns/index.tsx b/x-pack/legacy/plugins/siem/public/containers/network_dns/index.tsx index 1461b9d2da0a8..7e8d90e48fcfa 100644 --- a/x-pack/legacy/plugins/siem/public/containers/network_dns/index.tsx +++ b/x-pack/legacy/plugins/siem/public/containers/network_dns/index.tsx @@ -69,7 +69,7 @@ export class NetworkDnsComponentQuery extends QueryTemplatePaginated< NetworkDnsProps, GetNetworkDnsQuery.Query, GetNetworkDnsQuery.Variables - > { +> { public render() { const { activePage, diff --git a/x-pack/legacy/plugins/siem/public/pages/hosts/navigation/authentications_query_tab_body.tsx b/x-pack/legacy/plugins/siem/public/pages/hosts/navigation/authentications_query_tab_body.tsx index 064a5df776bb6..896282d3b8b8d 100644 --- a/x-pack/legacy/plugins/siem/public/pages/hosts/navigation/authentications_query_tab_body.tsx +++ b/x-pack/legacy/plugins/siem/public/pages/hosts/navigation/authentications_query_tab_body.tsx @@ -60,62 +60,62 @@ export const AuthenticationsQueryTabBody = ({ setQuery, startDate, type, - updateDateRange = () => { }, + updateDateRange = () => {}, }: HostsComponentsQueryProps) => ( - <> - - - - {({ - authentications, - totalCount, - loading, - pageInfo, - loadPage, - id, - inspect, - isInspected, - refetch, - }) => ( - - )} - - - ); + <> + + + + {({ + authentications, + totalCount, + loading, + pageInfo, + loadPage, + id, + inspect, + isInspected, + refetch, + }) => ( + + )} + + +); AuthenticationsQueryTabBody.displayName = 'AuthenticationsQueryTabBody'; diff --git a/x-pack/legacy/plugins/siem/public/pages/hosts/navigation/events_query_tab_body.tsx b/x-pack/legacy/plugins/siem/public/pages/hosts/navigation/events_query_tab_body.tsx index 88812d6b843e3..988369c5449eb 100644 --- a/x-pack/legacy/plugins/siem/public/pages/hosts/navigation/events_query_tab_body.tsx +++ b/x-pack/legacy/plugins/siem/public/pages/hosts/navigation/events_query_tab_body.tsx @@ -31,7 +31,7 @@ export const EventsQueryTabBody = ({ endDate, filterQuery, startDate, - updateDateRange = () => { }, + updateDateRange = () => {}, }: HostsComponentsQueryProps) => { return ( <> diff --git a/x-pack/legacy/plugins/siem/public/pages/network/navigation/dns_query_tab_body.tsx b/x-pack/legacy/plugins/siem/public/pages/network/navigation/dns_query_tab_body.tsx index dc35ebe6256ed..ae301886dabd8 100644 --- a/x-pack/legacy/plugins/siem/public/pages/network/navigation/dns_query_tab_body.tsx +++ b/x-pack/legacy/plugins/siem/public/pages/network/navigation/dns_query_tab_body.tsx @@ -35,63 +35,63 @@ export const DnsQueryTabBody = ({ startDate, setQuery, type, - updateDateRange = () => { }, + updateDateRange = () => {}, }: NetworkComponentQueryProps) => ( - <> - - - - {({ - totalCount, - loading, - networkDns, - pageInfo, - loadPage, - id, - inspect, - isInspected, - refetch, - histogram, - }) => ( - - )} - - - ); + <> + + + + {({ + totalCount, + loading, + networkDns, + pageInfo, + loadPage, + id, + inspect, + isInspected, + refetch, + histogram, + }) => ( + + )} + + +); DnsQueryTabBody.displayName = 'DNSQueryTabBody'; diff --git a/x-pack/legacy/plugins/siem/server/lib/alerts/elasticsearch_adapter.ts b/x-pack/legacy/plugins/siem/server/lib/alerts/elasticsearch_adapter.ts index 2999de80fd9a9..2feea022bba7e 100644 --- a/x-pack/legacy/plugins/siem/server/lib/alerts/elasticsearch_adapter.ts +++ b/x-pack/legacy/plugins/siem/server/lib/alerts/elasticsearch_adapter.ts @@ -18,7 +18,7 @@ import { TermAggregation } from '../types'; import { EventHit } from '../events/types'; export class ElasticsearchAlertsAdapter implements AlertsAdapter { - constructor(private readonly framework: FrameworkAdapter) { } + constructor(private readonly framework: FrameworkAdapter) {} public async getAlertsHistogramData( request: FrameworkRequest, diff --git a/x-pack/legacy/plugins/siem/server/lib/anomalies/elasticsearch_adapter.ts b/x-pack/legacy/plugins/siem/server/lib/anomalies/elasticsearch_adapter.ts index 633fc014626bc..c13d8b0ec2c76 100644 --- a/x-pack/legacy/plugins/siem/server/lib/anomalies/elasticsearch_adapter.ts +++ b/x-pack/legacy/plugins/siem/server/lib/anomalies/elasticsearch_adapter.ts @@ -16,7 +16,7 @@ import { buildAnomaliesOverTimeQuery } from './query.anomalies_over_time.dsl'; import { MatrixOverTimeHistogramData } from '../../../public/graphql/types'; export class ElasticsearchAnomaliesAdapter implements AnomaliesAdapter { - constructor(private readonly framework: FrameworkAdapter) { } + constructor(private readonly framework: FrameworkAdapter) {} public async getAnomaliesOverTime( request: FrameworkRequest, diff --git a/x-pack/legacy/plugins/siem/server/lib/authentications/elasticsearch_adapter.ts b/x-pack/legacy/plugins/siem/server/lib/authentications/elasticsearch_adapter.ts index 2e6fb3444976f..946518e4de602 100644 --- a/x-pack/legacy/plugins/siem/server/lib/authentications/elasticsearch_adapter.ts +++ b/x-pack/legacy/plugins/siem/server/lib/authentications/elasticsearch_adapter.ts @@ -51,7 +51,7 @@ const getAuthenticationsOverTimeByAuthenticationResult = ( }; export class ElasticsearchAuthenticationAdapter implements AuthenticationsAdapter { - constructor(private readonly framework: FrameworkAdapter) { } + constructor(private readonly framework: FrameworkAdapter) {} public async getAuthentications( request: FrameworkRequest, diff --git a/x-pack/legacy/plugins/siem/server/lib/events/elasticsearch_adapter.ts b/x-pack/legacy/plugins/siem/server/lib/events/elasticsearch_adapter.ts index ea77b646f0a37..385a366d0773f 100644 --- a/x-pack/legacy/plugins/siem/server/lib/events/elasticsearch_adapter.ts +++ b/x-pack/legacy/plugins/siem/server/lib/events/elasticsearch_adapter.ts @@ -49,7 +49,7 @@ import { buildEventsOverTimeQuery } from './query.events_over_time.dsl'; import { MatrixOverTimeHistogramData } from '../../../public/graphql/types'; export class ElasticsearchEventsAdapter implements EventsAdapter { - constructor(private readonly framework: FrameworkAdapter) { } + constructor(private readonly framework: FrameworkAdapter) {} public async getTimelineData( request: FrameworkRequest, @@ -162,10 +162,10 @@ export const getTotalEventsOverTime = ( ): MatrixOverTimeHistogramData[] => { return data && data.length > 0 ? data.map(({ key, doc_count }) => ({ - x: key, - y: doc_count, - g: 'total events', - })) + x: key, + y: doc_count, + g: 'total events', + })) : []; }; @@ -263,22 +263,22 @@ const mergeTimelineFieldsWithHit = ( ...get('node', flattenedFields), data: dataFields.includes(fieldName) ? [ - ...get('node.data', flattenedFields), - { - field: fieldName, - value: specialFields.includes(esField) - ? get(esField, hit) - : get(esField, hit._source), - }, - ] + ...get('node.data', flattenedFields), + { + field: fieldName, + value: specialFields.includes(esField) + ? get(esField, hit) + : get(esField, hit._source), + }, + ] : get('node.data', flattenedFields), ecs: ecsFields.includes(fieldName) ? { - ...get('node.ecs', flattenedFields), - ...fieldName - .split('.') - .reduceRight((obj, next) => ({ [next]: obj }), get(esField, hit._source)), - } + ...get('node.ecs', flattenedFields), + ...fieldName + .split('.') + .reduceRight((obj, next) => ({ [next]: obj }), get(esField, hit._source)), + } : get('node.ecs', flattenedFields), }, }; diff --git a/x-pack/legacy/plugins/siem/server/lib/network/elasticsearch_adapter.ts b/x-pack/legacy/plugins/siem/server/lib/network/elasticsearch_adapter.ts index 5d89adfccf1ce..07b748024743c 100644 --- a/x-pack/legacy/plugins/siem/server/lib/network/elasticsearch_adapter.ts +++ b/x-pack/legacy/plugins/siem/server/lib/network/elasticsearch_adapter.ts @@ -44,7 +44,7 @@ import { } from './types'; export class ElasticsearchNetworkAdapter implements NetworkAdapter { - constructor(private readonly framework: FrameworkAdapter) { } + constructor(private readonly framework: FrameworkAdapter) {} public async getNetworkTopCountries( request: FrameworkRequest, @@ -255,38 +255,38 @@ const getFlowTargetFromString = (flowAsString: string) => const getGeoItem = (result: NetworkTopNFlowBuckets): GeoItem | null => result.location.top_geo.hits.hits.length > 0 && result.location.top_geo.hits.hits[0]._source ? { - geo: getOr( - '', - `location.top_geo.hits.hits[0]._source.${ - Object.keys(result.location.top_geo.hits.hits[0]._source)[0] - }.geo`, - result - ), - flowTarget: getFlowTargetFromString( - Object.keys(result.location.top_geo.hits.hits[0]._source)[0] - ), - } + geo: getOr( + '', + `location.top_geo.hits.hits[0]._source.${ + Object.keys(result.location.top_geo.hits.hits[0]._source)[0] + }.geo`, + result + ), + flowTarget: getFlowTargetFromString( + Object.keys(result.location.top_geo.hits.hits[0]._source)[0] + ), + } : null; const getAsItem = (result: NetworkTopNFlowBuckets): AutonomousSystemItem | null => result.autonomous_system.top_as.hits.hits.length > 0 && - result.autonomous_system.top_as.hits.hits[0]._source + result.autonomous_system.top_as.hits.hits[0]._source ? { - number: getOr( - null, - `autonomous_system.top_as.hits.hits[0]._source.${ - Object.keys(result.autonomous_system.top_as.hits.hits[0]._source)[0] - }.as.number`, - result - ), - name: getOr( - '', - `autonomous_system.top_as.hits.hits[0]._source.${ - Object.keys(result.autonomous_system.top_as.hits.hits[0]._source)[0] - }.as.organization.name`, - result - ), - } + number: getOr( + null, + `autonomous_system.top_as.hits.hits[0]._source.${ + Object.keys(result.autonomous_system.top_as.hits.hits[0]._source)[0] + }.as.number`, + result + ), + name: getOr( + '', + `autonomous_system.top_as.hits.hits[0]._source.${ + Object.keys(result.autonomous_system.top_as.hits.hits[0]._source)[0] + }.as.organization.name`, + result + ), + } : null; const formatTopNFlowEdges = ( From 078534d8313540ddf52371d60c070c71636f0ee9 Mon Sep 17 00:00:00 2001 From: Angela Chuang Date: Mon, 6 Jan 2020 11:01:23 +0000 Subject: [PATCH 03/25] rename params --- .../public/components/alerts_viewer/index.tsx | 16 +-- .../public/components/alerts_viewer/types.ts | 6 +- .../matrix_histogram/index.test.tsx | 14 ++- .../components/matrix_histogram/index.tsx | 4 +- .../components/matrix_histogram/types.ts | 14 +-- .../components/matrix_histogram/utils.ts | 48 +-------- .../anomalies_query_tab_body/index.tsx | 8 +- .../containers/matrix_histogram/index.tsx | 18 ++-- .../public/containers/network_dns/index.tsx | 17 +++- .../authentications_query_tab_body.tsx | 4 +- .../navigation/events_query_tab_body.tsx | 4 +- .../network/navigation/dns_query_tab_body.tsx | 4 +- .../apis/siem/events_over_time.ts | 98 ------------------- 13 files changed, 64 insertions(+), 191 deletions(-) delete mode 100644 x-pack/test/api_integration/apis/siem/events_over_time.ts diff --git a/x-pack/legacy/plugins/siem/public/components/alerts_viewer/index.tsx b/x-pack/legacy/plugins/siem/public/components/alerts_viewer/index.tsx index d268a8d19e98d..517b94bc6770c 100644 --- a/x-pack/legacy/plugins/siem/public/components/alerts_viewer/index.tsx +++ b/x-pack/legacy/plugins/siem/public/components/alerts_viewer/index.tsx @@ -10,15 +10,14 @@ import React from 'react'; import { EuiSpacer } from '@elastic/eui'; import gql from 'graphql-tag'; import { AlertsComponentsQueryProps } from './types'; -import { hostsModel } from '../../store/model'; import { AlertsTable } from './alerts_table'; import * as i18n from './translations'; -import { SignalsHistogramOption } from '../matrix_histogram/types'; +import { MatrixHistogramOption } from '../matrix_histogram/types'; import { getMatrixHistogramQuery } from '../../containers/helpers'; import { MatrixHistogramContainer } from '../../containers/matrix_histogram'; const ID = 'alertsOverTimeQuery'; -const alertsStackByOptions: SignalsHistogramOption[] = [ +const alertsStackByOptions: MatrixHistogramOption[] = [ { text: i18n.ALERTS_STACK_BY_ACTIONS, value: 'event.actions', @@ -29,13 +28,9 @@ const AlertsOverTimeGqlQuery = gql` ${getMatrixHistogramQuery('Alerts')} `; export const AlertsView = ({ - defaultFilters, - deleteQuery, endDate, filterQuery, pageFilters, - skip, - setQuery, startDate, type, updateDateRange = noop, @@ -45,17 +40,16 @@ export const AlertsView = ({ dataKey={dataKey} defaultStackByOption={alertsStackByOptions[0]} endDate={endDate} + filterQuery={filterQuery} id={ID} query={AlertsOverTimeGqlQuery} - setQuery={setQuery} + sourceId="default" stackByOptions={alertsStackByOptions} startDate={startDate} subtitle={`${i18n.SHOWING}: {{totalCount}} ${i18n.UNIT(-1)}`} title={`${i18n.ALERTS_DOCUMENT_TYPE} ${i18n.ALERTS_BY}`} + type={type} updateDateRange={updateDateRange} - filterQuery={filterQuery} - sourceId="default" - type={hostsModel.HostsType.page} /> diff --git a/x-pack/legacy/plugins/siem/public/components/alerts_viewer/types.ts b/x-pack/legacy/plugins/siem/public/components/alerts_viewer/types.ts index d11c52bff6681..004e01f3f6659 100644 --- a/x-pack/legacy/plugins/siem/public/components/alerts_viewer/types.ts +++ b/x-pack/legacy/plugins/siem/public/components/alerts_viewer/types.ts @@ -7,7 +7,7 @@ import { esFilters } from '../../../../../../../src/plugins/data/common'; import { HostsComponentsQueryProps } from '../../pages/hosts/navigation/types'; import { NetworkComponentQueryProps } from '../../pages/network/navigation/types'; -import { SignalsHistogramOption } from '../matrix_histogram/types'; +import { MatrixHistogramOption } from '../matrix_histogram/types'; type CommonQueryProps = HostsComponentsQueryProps | NetworkComponentQueryProps; export interface AlertsComponentsQueryProps @@ -23,7 +23,7 @@ export interface AlertsComponentsQueryProps | 'updateDateRange' > { pageFilters: esFilters.Filter[]; - stackByOptions?: SignalsHistogramOption[]; + stackByOptions?: MatrixHistogramOption[]; defaultFilters?: esFilters.Filter[]; - defaultStackByOption?: SignalsHistogramOption; + defaultStackByOption?: MatrixHistogramOption; } diff --git a/x-pack/legacy/plugins/siem/public/components/matrix_histogram/index.test.tsx b/x-pack/legacy/plugins/siem/public/components/matrix_histogram/index.test.tsx index 87d4e072e4299..110143b09d4b9 100644 --- a/x-pack/legacy/plugins/siem/public/components/matrix_histogram/index.test.tsx +++ b/x-pack/legacy/plugins/siem/public/components/matrix_histogram/index.test.tsx @@ -8,6 +8,7 @@ import { shallow } from 'enzyme'; import * as React from 'react'; import { MatrixHistogram } from '.'; +import { EventsOverTimeGqlQuery as mockQuery } from '../../pages/hosts/navigation'; jest.mock('../../lib/kibana'); @@ -29,18 +30,23 @@ jest.mock('../charts/barchart', () => { }; }); -describe('Load More Events Table Component', () => { +describe('Matrix Histogram Component', () => { const mockMatrixOverTimeHistogramProps = { - data: [], dataKey: 'mockDataKey', + defaultIndex: ['defaultIndex'], + defaultStackByOption: { text: 'text', value: 'value' }, endDate: new Date('2019-07-18T20:00:00.000Z').valueOf(), id: 'mockId', - loading: true, - updateDateRange: () => {}, + isInspected: false, + isPtrIncluded: false, + query: mockQuery, + sourceId: 'default', + stackByOptions: [{ text: 'text', value: 'value' }], startDate: new Date('2019-07-18T19:00: 00.000Z').valueOf(), subtitle: 'mockSubtitle', totalCount: -1, title: 'mockTitle', + updateDateRange: () => {}, }; describe('rendering', () => { test('it renders EuiLoadingContent on initialLoad', () => { diff --git a/x-pack/legacy/plugins/siem/public/components/matrix_histogram/index.tsx b/x-pack/legacy/plugins/siem/public/components/matrix_histogram/index.tsx index bd623a0ba5275..06581de8ce88d 100644 --- a/x-pack/legacy/plugins/siem/public/components/matrix_histogram/index.tsx +++ b/x-pack/legacy/plugins/siem/public/components/matrix_histogram/index.tsx @@ -22,7 +22,7 @@ import { Panel } from '../panel'; import { getBarchartConfigs, getCustomChartData, useQuery } from './utils'; import { MatrixHistogramProps, - SignalsHistogramOption, + MatrixHistogramOption, HistogramAggregation, MatrixHistogramQueryProps, MatrixHistogramDataTypes, @@ -67,7 +67,7 @@ export const MatrixHistogram = React.memo( const handleOnMouseEnter = useCallback(() => setShowInspect(true), []); const handleOnMouseLeave = useCallback(() => setShowInspect(false), []); - const [selectedStackByOption, setSelectedStackByOption] = useState( + const [selectedStackByOption, setSelectedStackByOption] = useState( defaultStackByOption ); const [subtitleWithCounts, setSubtitle] = useState(subtitle); diff --git a/x-pack/legacy/plugins/siem/public/components/matrix_histogram/types.ts b/x-pack/legacy/plugins/siem/public/components/matrix_histogram/types.ts index 4321d27063dab..90a8c6f6bf774 100644 --- a/x-pack/legacy/plugins/siem/public/components/matrix_histogram/types.ts +++ b/x-pack/legacy/plugins/siem/public/components/matrix_histogram/types.ts @@ -25,20 +25,20 @@ export type MatrixHistogramMappingTypes = Record< string, { key: string; value: null; color: string } >; -export interface SignalsHistogramOption { +export interface MatrixHistogramOption { text: string; value: string; } export interface MatrixHistogramBasicProps { defaultIndex: string[]; - defaultStackByOption: SignalsHistogramOption; + defaultStackByOption: MatrixHistogramOption; endDate: number; hideHistogramIfEmpty?: boolean; id: string; mapping?: MatrixHistogramMappingTypes; sourceId: string; startDate: number; - stackByOptions: SignalsHistogramOption[]; + stackByOptions: MatrixHistogramOption[]; subtitle?: string; title?: string; updateDateRange: UpdateDateRange; @@ -51,11 +51,11 @@ export interface MatrixHistogramQueryProps { filterQuery?: ESQuery | string | undefined; limit?: number; query: DocumentNode; - sort: NetworkDnsSortField; + sort?: NetworkDnsSortField; startDate: number; isInspected: boolean; isPtrIncluded: boolean; - isHistogram: boolean; + isHistogram?: boolean; pagination?: PaginationInputPaginated; } @@ -77,13 +77,13 @@ export interface MatrixHistogramQueryVariables { filterQuery?: Maybe; defaultIndex: string[]; inspect: boolean; - isHistogram: boolean; + isHistogram?: boolean; sort?: SortField; isPtrIncluded: boolean; pagination?: PaginationInputPaginated; } -export interface MatrixHistogramQueryQuery { +export interface MatrixHistogramQuery { source: Source; } diff --git a/x-pack/legacy/plugins/siem/public/components/matrix_histogram/utils.ts b/x-pack/legacy/plugins/siem/public/components/matrix_histogram/utils.ts index bd24773b94b0c..0b707e5bda849 100644 --- a/x-pack/legacy/plugins/siem/public/components/matrix_histogram/utils.ts +++ b/x-pack/legacy/plugins/siem/public/components/matrix_histogram/utils.ts @@ -15,7 +15,7 @@ import { MatrixHistogramQueryProps, MatrixHistogramQueryActionProps, MatrixHistogramQueryVariables, - MatrixHistogramQueryQuery, + MatrixHistogramQuery, } from './types'; import { DEFAULT_INDEX_KEY } from '../../../common/constants'; import { useStateToaster } from '../toasters'; @@ -108,48 +108,6 @@ export const bytesFormatter = (value: number) => { return numeral(value).format('0,0.[0]b'); }; -export const getSignalsHistogramQuery = (stackByField: string, from: number, to: number) => ({ - aggs: { - signalsByGrouping: { - terms: { - field: stackByField, - missing: i18n.translate( - 'xpack.siem.detectionEngine.signals.histogram.allOthersGroupingLabel', - { - defaultMessage: 'All others', - } - ), - order: { - _count: 'desc', - }, - size: 10, - }, - aggs: { - signals: { - date_histogram: { - field: '@timestamp', - fixed_interval: '30s', - }, - }, - }, - }, - }, - query: { - bool: { - filter: [ - { - range: { - '@timestamp': { - gte: from, - lte: to, - }, - }, - }, - ], - }, - }, -}); - export const useQuery = ({ dataKey, endDate, @@ -179,7 +137,7 @@ export const useQuery = ({ if (!apolloClient) return null; return apolloClient - .query>({ + .query>({ query, fetchPolicy: 'cache-first', variables: { @@ -215,7 +173,7 @@ export const useQuery = ({ setLoading(false); } }, - (error: Error) => { + error => { if (isSubscribed) { setData(null); setTotalCount(-1); diff --git a/x-pack/legacy/plugins/siem/public/containers/anomalies/anomalies_query_tab_body/index.tsx b/x-pack/legacy/plugins/siem/public/containers/anomalies/anomalies_query_tab_body/index.tsx index 5d14bf53de817..df52ced2e86f8 100644 --- a/x-pack/legacy/plugins/siem/public/containers/anomalies/anomalies_query_tab_body/index.tsx +++ b/x-pack/legacy/plugins/siem/public/containers/anomalies/anomalies_query_tab_body/index.tsx @@ -13,11 +13,11 @@ import { useSiemJobs } from '../../../components/ml_popover/hooks/use_siem_jobs' import { useUiSetting$ } from '../../../lib/kibana'; import { DEFAULT_ANOMALY_SCORE } from '../../../../common/constants'; import { MatrixHistogramContainer } from '../../matrix_histogram'; -import { SignalsHistogramOption } from '../../../components/matrix_histogram/types'; +import { MatrixHistogramOption } from '../../../components/matrix_histogram/types'; import { getMatrixHistogramQuery } from '../../helpers'; const ID = 'anomaliesOverTimeQuery'; -const anomaliesStackByOptions: SignalsHistogramOption[] = [ +const anomaliesStackByOptions: MatrixHistogramOption[] = [ { text: 'job', value: 'job_id', @@ -34,13 +34,12 @@ export const AnomaliesQueryTabBody = ({ narrowDateRange, filterQuery, anomaliesFilterQuery, - setQuery, updateDateRange = () => {}, AnomaliesTableComponent, flowTarget, ip, }: AnomaliesQueryTabBodyProps) => { - const [siemJobsLoading, siemJobs] = useSiemJobs(true); + const [, siemJobs] = useSiemJobs(true); const [anomalyScore] = useUiSetting$(DEFAULT_ANOMALY_SCORE); const mergedFilterQuery = getAnomaliesFilterQuery( @@ -66,6 +65,7 @@ export const AnomaliesQueryTabBody = ({ stackByOptions={anomaliesStackByOptions} startDate={startDate} title="Anomalies" + type={type} updateDateRange={updateDateRange} /> diff --git a/x-pack/legacy/plugins/siem/public/containers/matrix_histogram/index.tsx b/x-pack/legacy/plugins/siem/public/containers/matrix_histogram/index.tsx index 7a2a7310627f2..4b633a31b54a3 100644 --- a/x-pack/legacy/plugins/siem/public/containers/matrix_histogram/index.tsx +++ b/x-pack/legacy/plugins/siem/public/containers/matrix_histogram/index.tsx @@ -8,13 +8,16 @@ import React from 'react'; import { compose } from 'redux'; import { connect } from 'react-redux'; -import { inputsModel, State, inputsSelectors, hostsModel } from '../../store'; +import { inputsModel, State, inputsSelectors, hostsModel, networkModel } from '../../store'; import { QueryTemplateProps } from '../query_template'; import { withKibana } from '../../lib/kibana'; import { MatrixOverTimeHistogramData, Maybe } from '../../graphql/types'; import { MatrixHistogram } from '../../components/matrix_histogram'; -import { SignalsHistogramOption } from '../../components/matrix_histogram/types'; +import { + MatrixHistogramOption, + MatrixHistogramMappingTypes, +} from '../../components/matrix_histogram/types'; import { UpdateDateRange } from '../../components/charts/common'; export interface EventsArgs { @@ -29,14 +32,15 @@ export interface EventsArgs { } export interface OwnProps extends QueryTemplateProps { + dataKey: string | string[]; + defaultStackByOption: MatrixHistogramOption; + hideHistogramIfEmpty?: boolean; id: string; - dataKey: string; - defaultStackByOption: SignalsHistogramOption; - hideHistogramIfEmpty: boolean; + mapping?: MatrixHistogramMappingTypes; query: Maybe; sourceId: string; - stackByOptions: SignalsHistogramOption[]; - type: hostsModel.HostsType; + stackByOptions: MatrixHistogramOption[]; + type: hostsModel.HostsType | networkModel.NetworkType; title: string; updateDateRange: UpdateDateRange; } diff --git a/x-pack/legacy/plugins/siem/public/containers/network_dns/index.tsx b/x-pack/legacy/plugins/siem/public/containers/network_dns/index.tsx index 7e8d90e48fcfa..076f73352358f 100644 --- a/x-pack/legacy/plugins/siem/public/containers/network_dns/index.tsx +++ b/x-pack/legacy/plugins/siem/public/containers/network_dns/index.tsx @@ -10,6 +10,8 @@ import { Query } from 'react-apollo'; import { connect } from 'react-redux'; import { compose } from 'redux'; +import { DocumentNode } from 'graphql'; +import { ScaleType } from '@elastic/charts'; import { DEFAULT_INDEX_KEY } from '../../../common/constants'; import { GetNetworkDnsQuery, @@ -26,7 +28,8 @@ import { QueryTemplatePaginated, QueryTemplatePaginatedProps } from '../query_te import { networkDnsQuery } from './index.gql_query'; import { DEFAULT_TABLE_ACTIVE_PAGE, DEFAULT_TABLE_LIMIT } from '../../store/constants'; import { MatrixHistogram } from '../../components/matrix_histogram'; -import { SignalsHistogramOption } from '../../components/matrix_histogram/types'; +import { MatrixHistogramOption } from '../../components/matrix_histogram/types'; +import { UpdateDateRange } from '../../components/charts/common'; const ID = 'networkDnsQuery'; const HISTOGRAM_ID = 'networkDnsHistogramQuery'; @@ -49,10 +52,16 @@ export interface OwnProps extends QueryTemplatePaginatedProps { } interface DnsHistogramOwnProps extends QueryTemplatePaginatedProps { - dataKey: string; - defaultStackByOption: SignalsHistogramOption; - stackByOptions: SignalsHistogramOption[]; + dataKey: string | string[]; + defaultStackByOption: MatrixHistogramOption; + query: DocumentNode; + scaleType: ScaleType; + stackByOptions: MatrixHistogramOption[]; + title: string; type: networkModel.NetworkType; + updateDateRange: UpdateDateRange; + yTickFormatter?: (value: number) => string; + showLegend?: boolean; } export interface NetworkDnsComponentReduxProps { diff --git a/x-pack/legacy/plugins/siem/public/pages/hosts/navigation/authentications_query_tab_body.tsx b/x-pack/legacy/plugins/siem/public/pages/hosts/navigation/authentications_query_tab_body.tsx index 896282d3b8b8d..1daec6c316c75 100644 --- a/x-pack/legacy/plugins/siem/public/pages/hosts/navigation/authentications_query_tab_body.tsx +++ b/x-pack/legacy/plugins/siem/public/pages/hosts/navigation/authentications_query_tab_body.tsx @@ -14,7 +14,7 @@ import { AuthenticationsQuery } from '../../../containers/authentications'; import { HostsComponentsQueryProps } from './types'; import { hostsModel } from '../../../store/hosts'; import { - SignalsHistogramOption, + MatrixHistogramOption, MatrixHistogramMappingTypes, } from '../../../components/matrix_histogram/types'; import { MatrixHistogramContainer } from '../../../containers/matrix_histogram'; @@ -23,7 +23,7 @@ import { KpiHostsChartColors } from '../../../components/page/hosts/kpi_hosts/ty const AuthenticationTableManage = manageQuery(AuthenticationTable); const ID = 'authenticationsOverTimeQuery'; -const authStackByOptions: SignalsHistogramOption[] = [ +const authStackByOptions: MatrixHistogramOption[] = [ { text: 'event type', value: 'event.type', diff --git a/x-pack/legacy/plugins/siem/public/pages/hosts/navigation/events_query_tab_body.tsx b/x-pack/legacy/plugins/siem/public/pages/hosts/navigation/events_query_tab_body.tsx index 988369c5449eb..21da61e597756 100644 --- a/x-pack/legacy/plugins/siem/public/pages/hosts/navigation/events_query_tab_body.tsx +++ b/x-pack/legacy/plugins/siem/public/pages/hosts/navigation/events_query_tab_body.tsx @@ -11,7 +11,7 @@ import { StatefulEventsViewer } from '../../../components/events_viewer'; import { HostsComponentsQueryProps } from './types'; import { hostsModel } from '../../../store/hosts'; import { eventsDefaultModel } from '../../../components/events_viewer/default_model'; -import { SignalsHistogramOption } from '../../../components/matrix_histogram/types'; +import { MatrixHistogramOption } from '../../../components/matrix_histogram/types'; import { MatrixHistogramContainer } from '../../../containers/matrix_histogram'; import { getMatrixHistogramQuery } from '../../../containers/helpers'; @@ -20,7 +20,7 @@ const EVENTS_HISTOGRAM_ID = 'eventsOverTimeQuery'; export const EventsOverTimeGqlQuery = gql` ${getMatrixHistogramQuery('Events')} `; -const eventsStackByOptions: SignalsHistogramOption[] = [ +const eventsStackByOptions: MatrixHistogramOption[] = [ { text: 'action', value: 'event.action', diff --git a/x-pack/legacy/plugins/siem/public/pages/network/navigation/dns_query_tab_body.tsx b/x-pack/legacy/plugins/siem/public/pages/network/navigation/dns_query_tab_body.tsx index ae301886dabd8..33cff05e1a21c 100644 --- a/x-pack/legacy/plugins/siem/public/pages/network/navigation/dns_query_tab_body.tsx +++ b/x-pack/legacy/plugins/siem/public/pages/network/navigation/dns_query_tab_body.tsx @@ -15,13 +15,13 @@ import { manageQuery } from '../../../components/page/manage_query'; import { NetworkComponentQueryProps } from './types'; import { networkModel } from '../../../store'; -import { SignalsHistogramOption } from '../../../components/matrix_histogram/types'; +import { MatrixHistogramOption } from '../../../components/matrix_histogram/types'; import { networkDnsQuery } from '../../../containers/network_dns/index.gql_query'; import { bytesFormatter } from '../../../components/matrix_histogram/utils'; const NetworkDnsTableManage = manageQuery(NetworkDnsTable); -const dnsStackByOptions: SignalsHistogramOption[] = [ +const dnsStackByOptions: MatrixHistogramOption[] = [ { text: 'domain', value: 'dns.question.registered_domain', diff --git a/x-pack/test/api_integration/apis/siem/events_over_time.ts b/x-pack/test/api_integration/apis/siem/events_over_time.ts deleted file mode 100644 index 10b81734b7b79..0000000000000 --- a/x-pack/test/api_integration/apis/siem/events_over_time.ts +++ /dev/null @@ -1,98 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import expect from '@kbn/expect'; -import { EventsOverTimeGqlQuery } from '../../../../legacy/plugins/siem/public/containers/events/events_over_time/events_over_time.gql_query'; -import { GetEventsOverTimeQuery } from '../../../../legacy/plugins/siem/public/graphql/types'; -import { FtrProviderContext } from '../../ftr_provider_context'; - -export default function({ getService }: FtrProviderContext) { - const esArchiver = getService('esArchiver'); - const client = getService('siemGraphQLClient'); - const FROM = new Date('2000-01-01T00:00:00.000Z').valueOf(); - const TO = new Date('3000-01-01T00:00:00.000Z').valueOf(); - describe('Events over time', () => { - describe('With filebeat', () => { - before(() => esArchiver.load('filebeat/default')); - after(() => esArchiver.unload('filebeat/default')); - - it('Make sure that we get events over time data', () => { - return client - .query({ - query: EventsOverTimeGqlQuery, - variables: { - sourceId: 'default', - timerange: { - interval: '12h', - to: TO, - from: FROM, - }, - defaultIndex: ['auditbeat-*', 'filebeat-*', 'packetbeat-*', 'winlogbeat-*'], - inspect: false, - }, - }) - .then(resp => { - const expectedData = [ - { - x: new Date('2018-12-20T00:00:00.000Z').valueOf(), - y: 4884, - g: 'All others', - __typename: 'MatrixOverTimeHistogramData', - }, - { - x: new Date('2018-12-20T00:00:00.000Z').valueOf(), - y: 1273, - g: 'netflow_flow', - __typename: 'MatrixOverTimeHistogramData', - }, - ]; - const eventsOverTime = resp.data.source.EventsOverTime; - expect(eventsOverTime.eventsOverTime).to.eql(expectedData); - }); - }); - }); - - describe('With packetbeat', () => { - before(() => esArchiver.load('packetbeat/default')); - after(() => esArchiver.unload('packetbeat/default')); - - it('Make sure that we get events over time data', () => { - return client - .query({ - query: EventsOverTimeGqlQuery, - variables: { - sourceId: 'default', - timerange: { - interval: '12h', - to: TO, - from: FROM, - }, - defaultIndex: ['auditbeat-*', 'filebeat-*', 'packetbeat-*', 'winlogbeat-*'], - inspect: false, - }, - }) - .then(resp => { - const expectedData = [ - { - x: new Date('2018-12-20T00:00:00.000Z').valueOf(), - y: 4884, - g: 'All others', - __typename: 'MatrixOverTimeHistogramData', - }, - { - x: new Date('2018-12-20T00:00:00.000Z').valueOf(), - y: 1273, - g: 'netflow_flow', - __typename: 'MatrixOverTimeHistogramData', - }, - ]; - const eventsOverTime = resp.data.source.EventsOverTime; - expect(eventsOverTime.eventsOverTime).to.eql(expectedData); - }); - }); - }); - }); -} From 4288679158bfe559f31d8a50af9e5a9cdaf5ae4e Mon Sep 17 00:00:00 2001 From: Angela Chuang Date: Mon, 6 Jan 2020 15:27:06 +0000 Subject: [PATCH 04/25] fix inspect --- .../public/components/alerts_viewer/index.tsx | 6 ++++++ .../public/components/matrix_histogram/index.tsx | 11 ++++++++++- .../public/components/matrix_histogram/types.ts | 10 ++++++++-- .../public/components/matrix_histogram/utils.ts | 5 ++++- .../siem/public/components/page/manage_query.tsx | 8 ++------ .../anomalies/anomalies_query_tab_body/index.tsx | 6 ++++++ .../anomalies/anomalies_query_tab_body/types.ts | 15 +++++++++------ .../public/containers/matrix_histogram/index.tsx | 5 +++++ .../authentications_query_tab_body.tsx | 16 +++++----------- .../hosts/navigation/events_query_tab_body.tsx | 6 ++++++ .../siem/public/pages/hosts/navigation/types.ts | 2 ++ 11 files changed, 63 insertions(+), 27 deletions(-) diff --git a/x-pack/legacy/plugins/siem/public/components/alerts_viewer/index.tsx b/x-pack/legacy/plugins/siem/public/components/alerts_viewer/index.tsx index 517b94bc6770c..09332f5f599f0 100644 --- a/x-pack/legacy/plugins/siem/public/components/alerts_viewer/index.tsx +++ b/x-pack/legacy/plugins/siem/public/components/alerts_viewer/index.tsx @@ -28,9 +28,12 @@ const AlertsOverTimeGqlQuery = gql` ${getMatrixHistogramQuery('Alerts')} `; export const AlertsView = ({ + deleteQuery, endDate, filterQuery, pageFilters, + refetch, + setQuery, startDate, type, updateDateRange = noop, @@ -38,11 +41,14 @@ export const AlertsView = ({ <> (false); const [data, setData] = useState(null); + const [inspect, setInspect] = useState(null); const [hideHistogram, setHideHistogram] = useState(hideHistogramIfEmpty); const [totalCount, setTotalCount] = useState(-1); const setSelectedChatOptionCallback = useCallback( @@ -90,9 +95,11 @@ export const MatrixHistogram = React.memo( useQuery<{}, HistogramAggregation>({ dataKey, endDate, + filterQuery, query, setLoading, setData, + setInspect, setTotalCount, startDate, sort, @@ -114,7 +121,9 @@ export const MatrixHistogram = React.memo( } else { setHideHistogram(false); } - }, [totalCount]); + + setQuery({ id, inspect, loading, refetch }); + }, [totalCount, isInspected, loading]); const barChartData: ChartSeriesData[] = useMemo(() => getCustomChartData(data, mapping), [ data, diff --git a/x-pack/legacy/plugins/siem/public/components/matrix_histogram/types.ts b/x-pack/legacy/plugins/siem/public/components/matrix_histogram/types.ts index 90a8c6f6bf774..a96118a9b1dc4 100644 --- a/x-pack/legacy/plugins/siem/public/components/matrix_histogram/types.ts +++ b/x-pack/legacy/plugins/siem/public/components/matrix_histogram/types.ts @@ -19,23 +19,28 @@ import { } from '../../graphql/types'; import { UpdateDateRange } from '../charts/common'; import { ESQuery } from '../../../common/typed_json'; +import { inputsModel } from '../../store'; +import { SetQuery } from '../../pages/hosts/navigation/types'; export type MatrixHistogramDataTypes = MatrixOverTimeHistogramData | MatrixOverOrdinalHistogramData; export type MatrixHistogramMappingTypes = Record< string, - { key: string; value: null; color: string } + { key: string; value: null; color?: string | undefined } >; export interface MatrixHistogramOption { text: string; value: string; } export interface MatrixHistogramBasicProps { + deleteQuery?: ({ id }: { id: string }) => void; defaultIndex: string[]; defaultStackByOption: MatrixHistogramOption; endDate: number; hideHistogramIfEmpty?: boolean; id: string; mapping?: MatrixHistogramMappingTypes; + refetch: inputsModel.Refetch; + setQuery: SetQuery; sourceId: string; startDate: number; stackByOptions: MatrixHistogramOption[]; @@ -60,8 +65,9 @@ export interface MatrixHistogramQueryProps { } export interface MatrixHistogramQueryActionProps { - setLoading: Dispatch>; setData: Dispatch>; + setInspect: Dispatch>; + setLoading: Dispatch>; setTotalCount: Dispatch>; } diff --git a/x-pack/legacy/plugins/siem/public/components/matrix_histogram/utils.ts b/x-pack/legacy/plugins/siem/public/components/matrix_histogram/utils.ts index 0b707e5bda849..957e934ad8921 100644 --- a/x-pack/legacy/plugins/siem/public/components/matrix_histogram/utils.ts +++ b/x-pack/legacy/plugins/siem/public/components/matrix_histogram/utils.ts @@ -115,6 +115,7 @@ export const useQuery = ({ query, setLoading, setData, + setInspect, setTotalCount, startDate, sort, @@ -170,6 +171,7 @@ export const useQuery = ({ const source = getOr({}, `data.source.${rootDataKey}`, result); setData(getOr([], histogramDataKey, source)); setTotalCount(getOr(-1, 'totalCount', source)); + setInspect(getOr(null, 'inspect', source)); setLoading(false); } }, @@ -177,6 +179,7 @@ export const useQuery = ({ if (isSubscribed) { setData(null); setTotalCount(-1); + setInspect(null); errorToToaster({ title: i18n.translate( 'xpack.siem.containers.detectionEngine.signals.errorFetchingSignalsDescription', @@ -198,5 +201,5 @@ export const useQuery = ({ isSubscribed = false; abortCtrl.abort(); }; - }, [query]); + }, [query, isInspected]); }; diff --git a/x-pack/legacy/plugins/siem/public/components/page/manage_query.tsx b/x-pack/legacy/plugins/siem/public/components/page/manage_query.tsx index fd38850bad5da..3274bc485d6cd 100644 --- a/x-pack/legacy/plugins/siem/public/components/page/manage_query.tsx +++ b/x-pack/legacy/plugins/siem/public/components/page/manage_query.tsx @@ -8,18 +8,14 @@ import { omit } from 'lodash/fp'; import React from 'react'; import { inputsModel } from '../../store'; +import { SetQuery } from '../../pages/hosts/navigation/types'; interface OwnProps { deleteQuery?: ({ id }: { id: string }) => void; id: string; loading: boolean; refetch: inputsModel.Refetch; - setQuery: (params: { - id: string; - inspect: inputsModel.InspectQuery | null; - loading: boolean; - refetch: inputsModel.Refetch; - }) => void; + setQuery: SetQuery; inspect?: inputsModel.InspectQuery; } diff --git a/x-pack/legacy/plugins/siem/public/containers/anomalies/anomalies_query_tab_body/index.tsx b/x-pack/legacy/plugins/siem/public/containers/anomalies/anomalies_query_tab_body/index.tsx index df52ced2e86f8..bbb0ae33f77c9 100644 --- a/x-pack/legacy/plugins/siem/public/containers/anomalies/anomalies_query_tab_body/index.tsx +++ b/x-pack/legacy/plugins/siem/public/containers/anomalies/anomalies_query_tab_body/index.tsx @@ -27,7 +27,10 @@ const AnomaliesOverTimeGqlQuery = gql` ${getMatrixHistogramQuery('Anomalies')} `; export const AnomaliesQueryTabBody = ({ + deleteQuery, endDate, + refetch, + setQuery, skip, startDate, type, @@ -56,11 +59,14 @@ export const AnomaliesQueryTabBody = ({ void; endDate: number; - skip: boolean; - setQuery: SetQuery; + flowTarget?: FlowTarget; narrowDateRange: NarrowDateRange; + refetch: inputsModel.Refetch; + setQuery: SetQuery; + startDate: number; + skip: boolean; updateDateRange?: UpdateDateRange; - anomaliesFilterQuery?: object; hideHistogramIfEmpty?: boolean; ip?: string; - flowTarget?: FlowTarget; - AnomaliesTableComponent: typeof AnomaliesHostTable | typeof AnomaliesNetworkTable; }; diff --git a/x-pack/legacy/plugins/siem/public/containers/matrix_histogram/index.tsx b/x-pack/legacy/plugins/siem/public/containers/matrix_histogram/index.tsx index 4b633a31b54a3..d73728657588a 100644 --- a/x-pack/legacy/plugins/siem/public/containers/matrix_histogram/index.tsx +++ b/x-pack/legacy/plugins/siem/public/containers/matrix_histogram/index.tsx @@ -19,6 +19,7 @@ import { MatrixHistogramMappingTypes, } from '../../components/matrix_histogram/types'; import { UpdateDateRange } from '../../components/charts/common'; +import { SetQuery } from '../../pages/hosts/navigation/types'; export interface EventsArgs { endDate: number; @@ -34,12 +35,16 @@ export interface EventsArgs { export interface OwnProps extends QueryTemplateProps { dataKey: string | string[]; defaultStackByOption: MatrixHistogramOption; + deleteQuery?: ({ id }: { id: string }) => void; hideHistogramIfEmpty?: boolean; id: string; mapping?: MatrixHistogramMappingTypes; query: Maybe; + refetch: inputsModel.Refetch; + setQuery: SetQuery; sourceId: string; stackByOptions: MatrixHistogramOption[]; + subtitle?: string; type: hostsModel.HostsType | networkModel.NetworkType; title: string; updateDateRange: UpdateDateRange; diff --git a/x-pack/legacy/plugins/siem/public/pages/hosts/navigation/authentications_query_tab_body.tsx b/x-pack/legacy/plugins/siem/public/pages/hosts/navigation/authentications_query_tab_body.tsx index 1daec6c316c75..96d99cc392f4d 100644 --- a/x-pack/legacy/plugins/siem/public/pages/hosts/navigation/authentications_query_tab_body.tsx +++ b/x-pack/legacy/plugins/siem/public/pages/hosts/navigation/authentications_query_tab_body.tsx @@ -56,6 +56,7 @@ export const AuthenticationsQueryTabBody = ({ deleteQuery, endDate, filterQuery, + refetch, skip, setQuery, startDate, @@ -66,11 +67,14 @@ export const AuthenticationsQueryTabBody = ({ - {({ - authentications, - totalCount, - loading, - pageInfo, - loadPage, - id, - inspect, - isInspected, - refetch, - }) => ( + {({ authentications, totalCount, loading, pageInfo, loadPage, id, inspect, isInspected }) => ( {}, }: HostsComponentsQueryProps) => { @@ -38,9 +41,12 @@ export const EventsQueryTabBody = ({ void; indexPattern: IIndexPattern; + refetch: inputsModel.Refetch; skip: boolean; setQuery: SetQuery; updateDateRange?: UpdateDateRange; From 0ba67ef58d1eb69abebe2db72dd5adccc0c870aa Mon Sep 17 00:00:00 2001 From: Angela Chuang Date: Tue, 7 Jan 2020 08:59:10 +0000 Subject: [PATCH 05/25] fix update with timerange --- .../siem/public/components/matrix_histogram/index.tsx | 5 +++++ .../plugins/siem/public/components/matrix_histogram/utils.ts | 2 +- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/x-pack/legacy/plugins/siem/public/components/matrix_histogram/index.tsx b/x-pack/legacy/plugins/siem/public/components/matrix_histogram/index.tsx index b99bffb866904..4371c8b83c0bb 100644 --- a/x-pack/legacy/plugins/siem/public/components/matrix_histogram/index.tsx +++ b/x-pack/legacy/plugins/siem/public/components/matrix_histogram/index.tsx @@ -123,6 +123,11 @@ export const MatrixHistogram = React.memo( } setQuery({ id, inspect, loading, refetch }); + return () => { + if (deleteQuery) { + deleteQuery({ id }); + } + }; }, [totalCount, isInspected, loading]); const barChartData: ChartSeriesData[] = useMemo(() => getCustomChartData(data, mapping), [ diff --git a/x-pack/legacy/plugins/siem/public/components/matrix_histogram/utils.ts b/x-pack/legacy/plugins/siem/public/components/matrix_histogram/utils.ts index 957e934ad8921..13d9667a76374 100644 --- a/x-pack/legacy/plugins/siem/public/components/matrix_histogram/utils.ts +++ b/x-pack/legacy/plugins/siem/public/components/matrix_histogram/utils.ts @@ -201,5 +201,5 @@ export const useQuery = ({ isSubscribed = false; abortCtrl.abort(); }; - }, [query, isInspected]); + }, [query, isInspected, startDate, endDate]); }; From 57f0259228002090df67325f18ed5bd803ed8bd0 Mon Sep 17 00:00:00 2001 From: Angela Chuang Date: Tue, 7 Jan 2020 14:08:07 +0000 Subject: [PATCH 06/25] clean up props --- .../public/components/alerts_viewer/index.tsx | 4 +- .../matrix_histogram/index.test.tsx | 4 +- .../components/matrix_histogram/index.tsx | 189 ++++++++---------- .../components/matrix_histogram/types.ts | 12 +- .../components/matrix_histogram/utils.ts | 21 +- .../anomalies_query_tab_body/index.tsx | 3 +- .../anomalies_query_tab_body/types.ts | 2 - .../containers/matrix_histogram/index.tsx | 1 - .../public/containers/network_dns/index.tsx | 2 + .../authentications_query_tab_body.tsx | 15 +- .../navigation/events_query_tab_body.tsx | 4 +- .../public/pages/hosts/navigation/types.ts | 2 - .../network/navigation/dns_query_tab_body.tsx | 2 +- .../siem/public/pages/network/network.tsx | 6 +- 14 files changed, 125 insertions(+), 142 deletions(-) diff --git a/x-pack/legacy/plugins/siem/public/components/alerts_viewer/index.tsx b/x-pack/legacy/plugins/siem/public/components/alerts_viewer/index.tsx index 09332f5f599f0..08301d1eb4a2b 100644 --- a/x-pack/legacy/plugins/siem/public/components/alerts_viewer/index.tsx +++ b/x-pack/legacy/plugins/siem/public/components/alerts_viewer/index.tsx @@ -32,8 +32,8 @@ export const AlertsView = ({ endDate, filterQuery, pageFilters, - refetch, setQuery, + skip, startDate, type, updateDateRange = noop, @@ -47,8 +47,8 @@ export const AlertsView = ({ filterQuery={filterQuery} id={ID} query={AlertsOverTimeGqlQuery} - refetch={refetch} setQuery={setQuery} + skip={skip} sourceId="default" stackByOptions={alertsStackByOptions} startDate={startDate} diff --git a/x-pack/legacy/plugins/siem/public/components/matrix_histogram/index.test.tsx b/x-pack/legacy/plugins/siem/public/components/matrix_histogram/index.test.tsx index 110143b09d4b9..95893dab9c59b 100644 --- a/x-pack/legacy/plugins/siem/public/components/matrix_histogram/index.test.tsx +++ b/x-pack/legacy/plugins/siem/public/components/matrix_histogram/index.test.tsx @@ -40,13 +40,15 @@ describe('Matrix Histogram Component', () => { isInspected: false, isPtrIncluded: false, query: mockQuery, + setQuery: jest.fn(), + skip: false, sourceId: 'default', stackByOptions: [{ text: 'text', value: 'value' }], startDate: new Date('2019-07-18T19:00: 00.000Z').valueOf(), subtitle: 'mockSubtitle', totalCount: -1, title: 'mockTitle', - updateDateRange: () => {}, + updateDateRange: jest.fn(), }; describe('rendering', () => { test('it renders EuiLoadingContent on initialLoad', () => { diff --git a/x-pack/legacy/plugins/siem/public/components/matrix_histogram/index.tsx b/x-pack/legacy/plugins/siem/public/components/matrix_histogram/index.tsx index 4371c8b83c0bb..2be039dd03bbe 100644 --- a/x-pack/legacy/plugins/siem/public/components/matrix_histogram/index.tsx +++ b/x-pack/legacy/plugins/siem/public/components/matrix_histogram/index.tsx @@ -4,17 +4,15 @@ * you may not use this file except in compliance with the Elastic License. */ -import React, { useState, useEffect, useCallback, useMemo } from 'react'; +import React, { useState, useEffect, useCallback } from 'react'; import { ScaleType } from '@elastic/charts'; import darkTheme from '@elastic/eui/dist/eui_theme_dark.json'; import lightTheme from '@elastic/eui/dist/eui_theme_light.json'; import { EuiLoadingContent, EuiSelect } from '@elastic/eui'; import { i18n } from '@kbn/i18n'; -import { ApolloConsumer } from 'react-apollo'; import { BarChart } from '../charts/barchart'; import { HeaderSection } from '../header_section'; -import { ChartSeriesData } from '../charts/common'; import { DEFAULT_DARK_MODE } from '../../../common/constants'; import { useUiSetting$ } from '../../lib/kibana'; import { Loader } from '../loader'; @@ -25,10 +23,9 @@ import { MatrixHistogramOption, HistogramAggregation, MatrixHistogramQueryProps, - MatrixHistogramDataTypes, } from './types'; import { generateTablePaginationOptions } from '../paginated_table/helpers'; -import { inputsModel } from '../../store'; +import { ChartSeriesData } from '../charts/common'; export const MatrixHistogram = React.memo( ({ @@ -45,10 +42,10 @@ export const MatrixHistogram = React.memo( limit, mapping, query, - refetch, scaleType = ScaleType.Time, setQuery, showLegend, + skip, stackByOptions, startDate, subtitle, @@ -75,11 +72,8 @@ export const MatrixHistogram = React.memo( defaultStackByOption ); const [subtitleWithCounts, setSubtitle] = useState(subtitle); - const [loading, setLoading] = useState(false); - const [data, setData] = useState(null); - const [inspect, setInspect] = useState(null); const [hideHistogram, setHideHistogram] = useState(hideHistogramIfEmpty); - const [totalCount, setTotalCount] = useState(-1); + const [barChartData, setBarChartData] = useState(null); const setSelectedChatOptionCallback = useCallback( (event: React.ChangeEvent) => { setSelectedStackByOption( @@ -89,105 +83,92 @@ export const MatrixHistogram = React.memo( [] ); - return ( - - {client => { - useQuery<{}, HistogramAggregation>({ - dataKey, - endDate, - filterQuery, - query, - setLoading, - setData, - setInspect, - setTotalCount, - startDate, - sort, - isInspected, - isPtrIncluded, - isHistogram: true, - pagination: - activePage != null && limit != null - ? generateTablePaginationOptions(activePage, limit) - : undefined, - }); - useEffect(() => { - const formattedSubTitle = subtitle?.replace('{{totalCount}}', totalCount.toString()); - setSubtitle(formattedSubTitle); + const { data, loading, inspect, totalCount } = useQuery<{}, HistogramAggregation>({ + dataKey, + endDate, + filterQuery, + query, + skip, + startDate, + sort, + title, + isInspected, + isPtrIncluded, + isHistogram: true, + pagination: + activePage != null && limit != null + ? generateTablePaginationOptions(activePage, limit) + : undefined, + }); + useEffect(() => { + const formattedSubTitle = subtitle?.replace('{{totalCount}}', totalCount.toString()); + setSubtitle(formattedSubTitle); + + if (totalCount <= 0) { + if (hideHistogramIfEmpty) setHideHistogram(true); + else setHideHistogram(false); + } else { + setHideHistogram(false); + } - if (totalCount <= 0) { - if (hideHistogramIfEmpty) setHideHistogram(true); - else setHideHistogram(false); - } else { - setHideHistogram(false); - } + setBarChartData(getCustomChartData(data, mapping)); - setQuery({ id, inspect, loading, refetch }); - return () => { - if (deleteQuery) { - deleteQuery({ id }); - } - }; - }, [totalCount, isInspected, loading]); + setQuery({ id, inspect, loading, refetch: undefined }); + return () => { + if (deleteQuery) { + deleteQuery({ id }); + } + }; + }, [totalCount, isInspected, loading, data]); - const barChartData: ChartSeriesData[] = useMemo(() => getCustomChartData(data, mapping), [ - data, - ]); - return !hideHistogram ? ( - - + = 0 ? subtitleWithCounts : null)} + > + {stackByOptions && ( + = 0 ? subtitleWithCounts : null)} - > - {stackByOptions && ( - - )} - + )} + value={selectedStackByOption?.value} + /> + )} + - {loading ? ( - - ) : ( - <> - + {loading ? ( + + ) : ( + <> + - {loading && ( - - )} - - )} - - ) : null; - }} - - ); + {loading && ( + + )} + + )} + + ) : null; } ); diff --git a/x-pack/legacy/plugins/siem/public/components/matrix_histogram/types.ts b/x-pack/legacy/plugins/siem/public/components/matrix_histogram/types.ts index a96118a9b1dc4..07aee351d0360 100644 --- a/x-pack/legacy/plugins/siem/public/components/matrix_histogram/types.ts +++ b/x-pack/legacy/plugins/siem/public/components/matrix_histogram/types.ts @@ -6,7 +6,6 @@ import { ScaleType } from '@elastic/charts'; import { SetStateAction } from 'react'; -import { Dispatch } from 'src/plugins/kibana_utils/public'; import { DocumentNode } from 'graphql'; import { MatrixOverTimeHistogramData, @@ -19,7 +18,6 @@ import { } from '../../graphql/types'; import { UpdateDateRange } from '../charts/common'; import { ESQuery } from '../../../common/typed_json'; -import { inputsModel } from '../../store'; import { SetQuery } from '../../pages/hosts/navigation/types'; export type MatrixHistogramDataTypes = MatrixOverTimeHistogramData | MatrixOverOrdinalHistogramData; @@ -39,7 +37,6 @@ export interface MatrixHistogramBasicProps { hideHistogramIfEmpty?: boolean; id: string; mapping?: MatrixHistogramMappingTypes; - refetch: inputsModel.Refetch; setQuery: SetQuery; sourceId: string; startDate: number; @@ -57,20 +54,15 @@ export interface MatrixHistogramQueryProps { limit?: number; query: DocumentNode; sort?: NetworkDnsSortField; + skip: boolean; startDate: number; + title: string; isInspected: boolean; isPtrIncluded: boolean; isHistogram?: boolean; pagination?: PaginationInputPaginated; } -export interface MatrixHistogramQueryActionProps { - setData: Dispatch>; - setInspect: Dispatch>; - setLoading: Dispatch>; - setTotalCount: Dispatch>; -} - export interface MatrixHistogramProps extends MatrixHistogramBasicProps { scaleType?: ScaleType; yTickFormatter?: (value: number) => string; diff --git a/x-pack/legacy/plugins/siem/public/components/matrix_histogram/utils.ts b/x-pack/legacy/plugins/siem/public/components/matrix_histogram/utils.ts index 13d9667a76374..ee6fcf2eb3e14 100644 --- a/x-pack/legacy/plugins/siem/public/components/matrix_histogram/utils.ts +++ b/x-pack/legacy/plugins/siem/public/components/matrix_histogram/utils.ts @@ -6,14 +6,13 @@ import { ScaleType, niceTimeFormatter, Position } from '@elastic/charts'; import { get, groupBy, map, toPairs, getOr } from 'lodash/fp'; import numeral from '@elastic/numeral'; -import { useEffect } from 'react'; +import { useEffect, useState } from 'react'; import { i18n } from '@kbn/i18n'; import { UpdateDateRange, ChartSeriesData } from '../charts/common'; import { MatrixHistogramDataTypes, MatrixHistogramMappingTypes, MatrixHistogramQueryProps, - MatrixHistogramQueryActionProps, MatrixHistogramQueryVariables, MatrixHistogramQuery, } from './types'; @@ -24,6 +23,7 @@ import { useUiSetting$ } from '../../lib/kibana'; import { createFilter } from '../../containers/helpers'; import { useApolloClient } from '../../utils/apollo_context'; import { NetworkDnsSortField } from '../../graphql/types'; +import { inputsModel } from '../../store'; export const getBarchartConfigs = ({ from, @@ -113,19 +113,20 @@ export const useQuery = ({ endDate, filterQuery, query, - setLoading, - setData, - setInspect, - setTotalCount, startDate, sort, + title, isPtrIncluded, isInspected, isHistogram, pagination, -}: MatrixHistogramQueryProps & MatrixHistogramQueryActionProps) => { +}: MatrixHistogramQueryProps) => { const [defaultIndex] = useUiSetting$(DEFAULT_INDEX_KEY); const [, dispatchToaster] = useStateToaster(); + const [loading, setLoading] = useState(false); + const [data, setData] = useState(null); + const [inspect, setInspect] = useState(null); + const [totalCount, setTotalCount] = useState(-1); const apolloClient = useApolloClient(); useEffect(() => { @@ -182,9 +183,9 @@ export const useQuery = ({ setInspect(null); errorToToaster({ title: i18n.translate( - 'xpack.siem.containers.detectionEngine.signals.errorFetchingSignalsDescription', + `xpack.siem.component.matrixHistogram.${title}.errorFetchingSignalsDescription`, { - defaultMessage: 'Failed to query signals', + defaultMessage: `Failed to query ${title}`, } ), error, @@ -202,4 +203,6 @@ export const useQuery = ({ abortCtrl.abort(); }; }, [query, isInspected, startDate, endDate]); + + return { data, loading, inspect, totalCount }; }; diff --git a/x-pack/legacy/plugins/siem/public/containers/anomalies/anomalies_query_tab_body/index.tsx b/x-pack/legacy/plugins/siem/public/containers/anomalies/anomalies_query_tab_body/index.tsx index bbb0ae33f77c9..9d829622733ef 100644 --- a/x-pack/legacy/plugins/siem/public/containers/anomalies/anomalies_query_tab_body/index.tsx +++ b/x-pack/legacy/plugins/siem/public/containers/anomalies/anomalies_query_tab_body/index.tsx @@ -29,7 +29,6 @@ const AnomaliesOverTimeGqlQuery = gql` export const AnomaliesQueryTabBody = ({ deleteQuery, endDate, - refetch, setQuery, skip, startDate, @@ -65,8 +64,8 @@ export const AnomaliesQueryTabBody = ({ hideHistogramIfEmpty={true} id={ID} query={AnomaliesOverTimeGqlQuery} - refetch={refetch} setQuery={setQuery} + skip={skip} sourceId="default" stackByOptions={anomaliesStackByOptions} startDate={startDate} diff --git a/x-pack/legacy/plugins/siem/public/containers/anomalies/anomalies_query_tab_body/types.ts b/x-pack/legacy/plugins/siem/public/containers/anomalies/anomalies_query_tab_body/types.ts index 101eeebcf6ac2..f6cae81e3c6c4 100644 --- a/x-pack/legacy/plugins/siem/public/containers/anomalies/anomalies_query_tab_body/types.ts +++ b/x-pack/legacy/plugins/siem/public/containers/anomalies/anomalies_query_tab_body/types.ts @@ -13,7 +13,6 @@ import { HostsType } from '../../../store/hosts/model'; import { NetworkType } from '../../../store/network/model'; import { AnomaliesHostTable } from '../../../components/ml/tables/anomalies_host_table'; import { AnomaliesNetworkTable } from '../../../components/ml/tables/anomalies_network_table'; -import { inputsModel } from '../../../store'; interface QueryTabBodyProps { type: HostsType | NetworkType; @@ -27,7 +26,6 @@ export type AnomaliesQueryTabBodyProps = QueryTabBodyProps & { endDate: number; flowTarget?: FlowTarget; narrowDateRange: NarrowDateRange; - refetch: inputsModel.Refetch; setQuery: SetQuery; startDate: number; skip: boolean; diff --git a/x-pack/legacy/plugins/siem/public/containers/matrix_histogram/index.tsx b/x-pack/legacy/plugins/siem/public/containers/matrix_histogram/index.tsx index d73728657588a..bbac919860840 100644 --- a/x-pack/legacy/plugins/siem/public/containers/matrix_histogram/index.tsx +++ b/x-pack/legacy/plugins/siem/public/containers/matrix_histogram/index.tsx @@ -40,7 +40,6 @@ export interface OwnProps extends QueryTemplateProps { id: string; mapping?: MatrixHistogramMappingTypes; query: Maybe; - refetch: inputsModel.Refetch; setQuery: SetQuery; sourceId: string; stackByOptions: MatrixHistogramOption[]; diff --git a/x-pack/legacy/plugins/siem/public/containers/network_dns/index.tsx b/x-pack/legacy/plugins/siem/public/containers/network_dns/index.tsx index 076f73352358f..7d9076d652b00 100644 --- a/x-pack/legacy/plugins/siem/public/containers/network_dns/index.tsx +++ b/x-pack/legacy/plugins/siem/public/containers/network_dns/index.tsx @@ -30,6 +30,7 @@ import { DEFAULT_TABLE_ACTIVE_PAGE, DEFAULT_TABLE_LIMIT } from '../../store/cons import { MatrixHistogram } from '../../components/matrix_histogram'; import { MatrixHistogramOption } from '../../components/matrix_histogram/types'; import { UpdateDateRange } from '../../components/charts/common'; +import { SetQuery } from '../../pages/hosts/navigation/types'; const ID = 'networkDnsQuery'; const HISTOGRAM_ID = 'networkDnsHistogramQuery'; @@ -56,6 +57,7 @@ interface DnsHistogramOwnProps extends QueryTemplatePaginatedProps { defaultStackByOption: MatrixHistogramOption; query: DocumentNode; scaleType: ScaleType; + setQuery: SetQuery; stackByOptions: MatrixHistogramOption[]; title: string; type: networkModel.NetworkType; diff --git a/x-pack/legacy/plugins/siem/public/pages/hosts/navigation/authentications_query_tab_body.tsx b/x-pack/legacy/plugins/siem/public/pages/hosts/navigation/authentications_query_tab_body.tsx index 96d99cc392f4d..3bd1a01e20dba 100644 --- a/x-pack/legacy/plugins/siem/public/pages/hosts/navigation/authentications_query_tab_body.tsx +++ b/x-pack/legacy/plugins/siem/public/pages/hosts/navigation/authentications_query_tab_body.tsx @@ -56,7 +56,6 @@ export const AuthenticationsQueryTabBody = ({ deleteQuery, endDate, filterQuery, - refetch, skip, setQuery, startDate, @@ -73,8 +72,8 @@ export const AuthenticationsQueryTabBody = ({ id={ID} mapping={authMatrixDataMappingFields} query={AuthenticationsOverTimeGqlQuery} - refetch={refetch} setQuery={setQuery} + skip={skip} sourceId="default" startDate={startDate} stackByOptions={authStackByOptions} @@ -91,7 +90,17 @@ export const AuthenticationsQueryTabBody = ({ startDate={startDate} type={type} > - {({ authentications, totalCount, loading, pageInfo, loadPage, id, inspect, isInspected }) => ( + {({ + authentications, + totalCount, + loading, + pageInfo, + loadPage, + id, + inspect, + isInspected, + refetch, + }) => ( {}, }: HostsComponentsQueryProps) => { @@ -45,8 +45,8 @@ export const EventsQueryTabBody = ({ endDate={endDate} filterQuery={filterQuery} query={EventsOverTimeGqlQuery} - refetch={refetch} setQuery={setQuery} + skip={skip} sourceId="default" stackByOptions={eventsStackByOptions} startDate={startDate} diff --git a/x-pack/legacy/plugins/siem/public/pages/hosts/navigation/types.ts b/x-pack/legacy/plugins/siem/public/pages/hosts/navigation/types.ts index d73eaf91566f3..107b35edc7f7a 100644 --- a/x-pack/legacy/plugins/siem/public/pages/hosts/navigation/types.ts +++ b/x-pack/legacy/plugins/siem/public/pages/hosts/navigation/types.ts @@ -13,7 +13,6 @@ import { HostsTableType, HostsType } from '../../../store/hosts/model'; import { NavTab } from '../../../components/navigation/types'; import { UpdateDateRange } from '../../../components/charts/common'; import { esFilters } from '../../../../../../../../src/plugins/data/common/es_query'; -import { inputsModel } from '../../../store'; export type KeyHostsNavTabWithoutMlPermission = HostsTableType.hosts & HostsTableType.authentications & @@ -48,7 +47,6 @@ export interface QueryTabBodyProps { export type HostsComponentsQueryProps = QueryTabBodyProps & { deleteQuery?: ({ id }: { id: string }) => void; indexPattern: IIndexPattern; - refetch: inputsModel.Refetch; skip: boolean; setQuery: SetQuery; updateDateRange?: UpdateDateRange; diff --git a/x-pack/legacy/plugins/siem/public/pages/network/navigation/dns_query_tab_body.tsx b/x-pack/legacy/plugins/siem/public/pages/network/navigation/dns_query_tab_body.tsx index 33cff05e1a21c..d81669b729c87 100644 --- a/x-pack/legacy/plugins/siem/public/pages/network/navigation/dns_query_tab_body.tsx +++ b/x-pack/legacy/plugins/siem/public/pages/network/navigation/dns_query_tab_body.tsx @@ -45,6 +45,7 @@ export const DnsQueryTabBody = ({ filterQuery={filterQuery} query={networkDnsQuery} scaleType={ScaleType.Ordinal} + setQuery={setQuery} sourceId="default" startDate={startDate} stackByOptions={dnsStackByOptions} @@ -73,7 +74,6 @@ export const DnsQueryTabBody = ({ inspect, isInspected, refetch, - histogram, }) => ( ( From dbbeda99e906610f70736c988105f3985616ec80 Mon Sep 17 00:00:00 2001 From: Angela Chuang Date: Tue, 7 Jan 2020 15:16:24 +0000 Subject: [PATCH 07/25] send stackByField to server side --- .../public/components/alerts_viewer/index.tsx | 6 ++--- .../components/alerts_viewer/translations.ts | 8 ++----- .../components/matrix_histogram/index.tsx | 1 + .../components/matrix_histogram/types.ts | 4 +++- .../components/matrix_histogram/utils.ts | 5 ++-- .../plugins/siem/public/containers/helpers.ts | 2 ++ .../siem/public/graphql/introspection.json | 24 +++++++++++++++++++ .../plugins/siem/public/graphql/types.ts | 8 +++++++ .../siem/server/graphql/alerts/resolvers.ts | 1 + .../siem/server/graphql/alerts/schema.gql.ts | 1 + .../server/graphql/anomalies/resolvers.ts | 1 + .../server/graphql/anomalies/schema.gql.ts | 1 + .../graphql/authentications/resolvers.ts | 1 + .../graphql/authentications/schema.gql.ts | 1 + .../siem/server/graphql/events/resolvers.ts | 1 + .../siem/server/graphql/events/schema.gql.ts | 1 + .../plugins/siem/server/graphql/types.ts | 16 +++++++++++++ .../lib/alerts/elasticsearch_adapter.ts | 4 ++-- .../lib/alerts/elasticseatch_adapter.test.ts | 4 ++-- .../siem/server/lib/alerts/query.dsl.ts | 7 +++--- .../lib/anomalies/elasticsearch_adapter.ts | 4 ++-- .../query.anomalies_over_time.dsl.ts | 7 +++--- .../authentications/elasticsearch_adapter.ts | 4 ++-- .../query.authentications_over_time.dsl.ts | 7 +++--- .../lib/events/elasticsearch_adapter.ts | 4 ++-- .../lib/events/query.events_over_time.dsl.ts | 7 +++--- .../siem/server/lib/framework/types.ts | 4 ++++ 27 files changed, 100 insertions(+), 34 deletions(-) diff --git a/x-pack/legacy/plugins/siem/public/components/alerts_viewer/index.tsx b/x-pack/legacy/plugins/siem/public/components/alerts_viewer/index.tsx index 08301d1eb4a2b..369af029b2a73 100644 --- a/x-pack/legacy/plugins/siem/public/components/alerts_viewer/index.tsx +++ b/x-pack/legacy/plugins/siem/public/components/alerts_viewer/index.tsx @@ -19,8 +19,8 @@ import { MatrixHistogramContainer } from '../../containers/matrix_histogram'; const ID = 'alertsOverTimeQuery'; const alertsStackByOptions: MatrixHistogramOption[] = [ { - text: i18n.ALERTS_STACK_BY_ACTIONS, - value: 'event.actions', + text: i18n.ALERTS_STACK_BY_MODULE, + value: 'event.module', }, ]; const dataKey = 'Alerts'; @@ -53,7 +53,7 @@ export const AlertsView = ({ stackByOptions={alertsStackByOptions} startDate={startDate} subtitle={`${i18n.SHOWING}: {{totalCount}} ${i18n.UNIT(-1)}`} - title={`${i18n.ALERTS_DOCUMENT_TYPE} ${i18n.ALERTS_BY}`} + title={`${i18n.ALERTS_DOCUMENT_TYPE}`} type={type} updateDateRange={updateDateRange} /> diff --git a/x-pack/legacy/plugins/siem/public/components/alerts_viewer/translations.ts b/x-pack/legacy/plugins/siem/public/components/alerts_viewer/translations.ts index 1580f87c404e4..b899939b0f42b 100644 --- a/x-pack/legacy/plugins/siem/public/components/alerts_viewer/translations.ts +++ b/x-pack/legacy/plugins/siem/public/components/alerts_viewer/translations.ts @@ -18,17 +18,13 @@ export const ALERTS_TABLE_TITLE = i18n.translate('xpack.siem.hosts.alertsDocumen defaultMessage: 'Alerts', }); -export const ALERTS_STACK_BY_ACTIONS = i18n.translate( +export const ALERTS_STACK_BY_MODULE = i18n.translate( 'xpack.siem.histogram.alertsStackByOptions.eventActions', { - defaultMessage: 'actions', + defaultMessage: 'modules', } ); -export const ALERTS_BY = i18n.translate('xpack.siem.histogram.alertsCountFrequencyByModuleTitle', { - defaultMessage: 'by', -}); - export const SHOWING = i18n.translate('xpack.siem.histogram.showing', { defaultMessage: 'Showing', }); diff --git a/x-pack/legacy/plugins/siem/public/components/matrix_histogram/index.tsx b/x-pack/legacy/plugins/siem/public/components/matrix_histogram/index.tsx index 2be039dd03bbe..352631bbca595 100644 --- a/x-pack/legacy/plugins/siem/public/components/matrix_histogram/index.tsx +++ b/x-pack/legacy/plugins/siem/public/components/matrix_histogram/index.tsx @@ -99,6 +99,7 @@ export const MatrixHistogram = React.memo( activePage != null && limit != null ? generateTablePaginationOptions(activePage, limit) : undefined, + stackByField: selectedStackByOption.value, }); useEffect(() => { const formattedSubTitle = subtitle?.replace('{{totalCount}}', totalCount.toString()); diff --git a/x-pack/legacy/plugins/siem/public/components/matrix_histogram/types.ts b/x-pack/legacy/plugins/siem/public/components/matrix_histogram/types.ts index 07aee351d0360..1a17b75cda2c5 100644 --- a/x-pack/legacy/plugins/siem/public/components/matrix_histogram/types.ts +++ b/x-pack/legacy/plugins/siem/public/components/matrix_histogram/types.ts @@ -54,6 +54,7 @@ export interface MatrixHistogramQueryProps { limit?: number; query: DocumentNode; sort?: NetworkDnsSortField; + stackByField: string; skip: boolean; startDate: number; title: string; @@ -69,7 +70,7 @@ export interface MatrixHistogramProps extends MatrixHistogramBasicProps { showLegend?: boolean; } -export interface MatrixHistogramQueryVariables { +export interface MatrixHistogramQueryVariables { sourceId: string; timerange: TimerangeInput; filterQuery?: Maybe; @@ -77,6 +78,7 @@ export interface MatrixHistogramQueryVariables { inspect: boolean; isHistogram?: boolean; sort?: SortField; + stackByField: string; isPtrIncluded: boolean; pagination?: PaginationInputPaginated; } diff --git a/x-pack/legacy/plugins/siem/public/components/matrix_histogram/utils.ts b/x-pack/legacy/plugins/siem/public/components/matrix_histogram/utils.ts index ee6fcf2eb3e14..1007e912bbf56 100644 --- a/x-pack/legacy/plugins/siem/public/components/matrix_histogram/utils.ts +++ b/x-pack/legacy/plugins/siem/public/components/matrix_histogram/utils.ts @@ -22,7 +22,6 @@ import { errorToToaster } from '../ml/api/error_to_toaster'; import { useUiSetting$ } from '../../lib/kibana'; import { createFilter } from '../../containers/helpers'; import { useApolloClient } from '../../utils/apollo_context'; -import { NetworkDnsSortField } from '../../graphql/types'; import { inputsModel } from '../../store'; export const getBarchartConfigs = ({ @@ -113,6 +112,7 @@ export const useQuery = ({ endDate, filterQuery, query, + stackByField, startDate, sort, title, @@ -139,7 +139,7 @@ export const useQuery = ({ if (!apolloClient) return null; return apolloClient - .query>({ + .query({ query, fetchPolicy: 'cache-first', variables: { @@ -153,6 +153,7 @@ export const useQuery = ({ defaultIndex, inspect: isInspected, isHistogram, + stackByField, sort, isPtrIncluded, pagination, diff --git a/x-pack/legacy/plugins/siem/public/containers/helpers.ts b/x-pack/legacy/plugins/siem/public/containers/helpers.ts index 4930fa7b63184..f88fa5611a65b 100644 --- a/x-pack/legacy/plugins/siem/public/containers/helpers.ts +++ b/x-pack/legacy/plugins/siem/public/containers/helpers.ts @@ -22,6 +22,7 @@ export const getMatrixHistogramQuery = (dataKey: string): string => { $defaultIndex: [String!]! $filterQuery: String $inspect: Boolean! + $stackByField: String! ) { source(id: $sourceId) { id @@ -29,6 +30,7 @@ export const getMatrixHistogramQuery = (dataKey: string): string => { timerange: $timerange filterQuery: $filterQuery defaultIndex: $defaultIndex + stackByField: $stackByField ) { ${dataKey}OverTimeByModule { x diff --git a/x-pack/legacy/plugins/siem/public/graphql/introspection.json b/x-pack/legacy/plugins/siem/public/graphql/introspection.json index 9a30cf4304062..8f3edb823122b 100644 --- a/x-pack/legacy/plugins/siem/public/graphql/introspection.json +++ b/x-pack/legacy/plugins/siem/public/graphql/introspection.json @@ -703,6 +703,12 @@ "ofType": { "kind": "INPUT_OBJECT", "name": "TimerangeInput", "ofType": null } }, "defaultValue": null + }, + { + "name": "stackByField", + "description": "", + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "defaultValue": null } ], "type": { @@ -750,6 +756,12 @@ } }, "defaultValue": null + }, + { + "name": "stackByField", + "description": "", + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "defaultValue": null } ], "type": { @@ -858,6 +870,12 @@ } }, "defaultValue": null + }, + { + "name": "stackByField", + "description": "", + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "defaultValue": null } ], "type": { @@ -1094,6 +1112,12 @@ } }, "defaultValue": null + }, + { + "name": "stackByField", + "description": "", + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "defaultValue": null } ], "type": { diff --git a/x-pack/legacy/plugins/siem/public/graphql/types.ts b/x-pack/legacy/plugins/siem/public/graphql/types.ts index b78908f70ed81..d72ae3bc380c7 100644 --- a/x-pack/legacy/plugins/siem/public/graphql/types.ts +++ b/x-pack/legacy/plugins/siem/public/graphql/types.ts @@ -2153,6 +2153,8 @@ export interface AlertsHistogramSourceArgs { defaultIndex: string[]; timerange: TimerangeInput; + + stackByField?: Maybe; } export interface AnomaliesHistogramSourceArgs { timerange: TimerangeInput; @@ -2160,6 +2162,8 @@ export interface AnomaliesHistogramSourceArgs { filterQuery?: Maybe; defaultIndex: string[]; + + stackByField?: Maybe; } export interface AuthenticationsSourceArgs { timerange: TimerangeInput; @@ -2176,6 +2180,8 @@ export interface AuthenticationsHistogramSourceArgs { filterQuery?: Maybe; defaultIndex: string[]; + + stackByField?: Maybe; } export interface TimelineSourceArgs { pagination: PaginationInput; @@ -2212,6 +2218,8 @@ export interface EventsHistogramSourceArgs { filterQuery?: Maybe; defaultIndex: string[]; + + stackByField?: Maybe; } export interface HostsSourceArgs { id?: Maybe; diff --git a/x-pack/legacy/plugins/siem/server/graphql/alerts/resolvers.ts b/x-pack/legacy/plugins/siem/server/graphql/alerts/resolvers.ts index 3becaa4d169d9..5a3a50d5c6ec6 100644 --- a/x-pack/legacy/plugins/siem/server/graphql/alerts/resolvers.ts +++ b/x-pack/legacy/plugins/siem/server/graphql/alerts/resolvers.ts @@ -31,6 +31,7 @@ export const createAlertsResolvers = ( const options = { ...createOptions(source, args, info), defaultIndex: args.defaultIndex, + stackByField: args.stackByField, }; return libs.alerts.getAlertsHistogramData(req, options); }, diff --git a/x-pack/legacy/plugins/siem/server/graphql/alerts/schema.gql.ts b/x-pack/legacy/plugins/siem/server/graphql/alerts/schema.gql.ts index c911166d0ae48..f2a173ef8fdb1 100644 --- a/x-pack/legacy/plugins/siem/server/graphql/alerts/schema.gql.ts +++ b/x-pack/legacy/plugins/siem/server/graphql/alerts/schema.gql.ts @@ -18,6 +18,7 @@ export const alertsSchema = gql` filterQuery: String defaultIndex: [String!]! timerange: TimerangeInput! + stackByField: String ): AlertsOverTimeData! } `; diff --git a/x-pack/legacy/plugins/siem/server/graphql/anomalies/resolvers.ts b/x-pack/legacy/plugins/siem/server/graphql/anomalies/resolvers.ts index e9668a688f972..e7b7a640c58d2 100644 --- a/x-pack/legacy/plugins/siem/server/graphql/anomalies/resolvers.ts +++ b/x-pack/legacy/plugins/siem/server/graphql/anomalies/resolvers.ts @@ -31,6 +31,7 @@ export const createAnomaliesResolvers = ( const options = { ...createOptions(source, args, info), defaultIndex: args.defaultIndex, + stackByField: args.stackByField, }; return libs.anomalies.getAnomaliesOverTime(req, options); }, diff --git a/x-pack/legacy/plugins/siem/server/graphql/anomalies/schema.gql.ts b/x-pack/legacy/plugins/siem/server/graphql/anomalies/schema.gql.ts index b63a49f926529..aa854a445ab46 100644 --- a/x-pack/legacy/plugins/siem/server/graphql/anomalies/schema.gql.ts +++ b/x-pack/legacy/plugins/siem/server/graphql/anomalies/schema.gql.ts @@ -18,6 +18,7 @@ export const anomaliesSchema = gql` timerange: TimerangeInput! filterQuery: String defaultIndex: [String!]! + stackByField: String ): AnomaliesOverTimeData! } `; diff --git a/x-pack/legacy/plugins/siem/server/graphql/authentications/resolvers.ts b/x-pack/legacy/plugins/siem/server/graphql/authentications/resolvers.ts index dc2a5a8348be1..ce1c86ac8926c 100644 --- a/x-pack/legacy/plugins/siem/server/graphql/authentications/resolvers.ts +++ b/x-pack/legacy/plugins/siem/server/graphql/authentications/resolvers.ts @@ -41,6 +41,7 @@ export const createAuthenticationsResolvers = ( const options = { ...createOptions(source, args, info), defaultIndex: args.defaultIndex, + stackByField: args.stackByField, }; return libs.authentications.getAuthenticationsOverTime(req, options); }, diff --git a/x-pack/legacy/plugins/siem/server/graphql/authentications/schema.gql.ts b/x-pack/legacy/plugins/siem/server/graphql/authentications/schema.gql.ts index d14ffb7fa5b31..b37afb2b015a5 100644 --- a/x-pack/legacy/plugins/siem/server/graphql/authentications/schema.gql.ts +++ b/x-pack/legacy/plugins/siem/server/graphql/authentications/schema.gql.ts @@ -52,6 +52,7 @@ export const authenticationsSchema = gql` timerange: TimerangeInput! filterQuery: String defaultIndex: [String!]! + stackByField: String ): AuthenticationsOverTimeData! } `; diff --git a/x-pack/legacy/plugins/siem/server/graphql/events/resolvers.ts b/x-pack/legacy/plugins/siem/server/graphql/events/resolvers.ts index 35b4f8f4fc768..335f4c3bf4da3 100644 --- a/x-pack/legacy/plugins/siem/server/graphql/events/resolvers.ts +++ b/x-pack/legacy/plugins/siem/server/graphql/events/resolvers.ts @@ -75,6 +75,7 @@ export const createEventsResolvers = ( const options = { ...createOptions(source, args, info), defaultIndex: args.defaultIndex, + stackByField: args.stackByField, }; return libs.events.getEventsOverTime(req, options); }, diff --git a/x-pack/legacy/plugins/siem/server/graphql/events/schema.gql.ts b/x-pack/legacy/plugins/siem/server/graphql/events/schema.gql.ts index b436e53cb1b7d..d904b4a0257b0 100644 --- a/x-pack/legacy/plugins/siem/server/graphql/events/schema.gql.ts +++ b/x-pack/legacy/plugins/siem/server/graphql/events/schema.gql.ts @@ -104,6 +104,7 @@ export const eventsSchema = gql` timerange: TimerangeInput! filterQuery: String defaultIndex: [String!]! + stackByField: String ): EventsOverTimeData! } `; diff --git a/x-pack/legacy/plugins/siem/server/graphql/types.ts b/x-pack/legacy/plugins/siem/server/graphql/types.ts index aa9709878a422..9a65ed796d241 100644 --- a/x-pack/legacy/plugins/siem/server/graphql/types.ts +++ b/x-pack/legacy/plugins/siem/server/graphql/types.ts @@ -2155,6 +2155,8 @@ export interface AlertsHistogramSourceArgs { defaultIndex: string[]; timerange: TimerangeInput; + + stackByField?: Maybe; } export interface AnomaliesHistogramSourceArgs { timerange: TimerangeInput; @@ -2162,6 +2164,8 @@ export interface AnomaliesHistogramSourceArgs { filterQuery?: Maybe; defaultIndex: string[]; + + stackByField?: Maybe; } export interface AuthenticationsSourceArgs { timerange: TimerangeInput; @@ -2178,6 +2182,8 @@ export interface AuthenticationsHistogramSourceArgs { filterQuery?: Maybe; defaultIndex: string[]; + + stackByField?: Maybe; } export interface TimelineSourceArgs { pagination: PaginationInput; @@ -2214,6 +2220,8 @@ export interface EventsHistogramSourceArgs { filterQuery?: Maybe; defaultIndex: string[]; + + stackByField?: Maybe; } export interface HostsSourceArgs { id?: Maybe; @@ -2883,6 +2891,8 @@ export namespace SourceResolvers { defaultIndex: string[]; timerange: TimerangeInput; + + stackByField?: Maybe; } export type AnomaliesHistogramResolver< @@ -2896,6 +2906,8 @@ export namespace SourceResolvers { filterQuery?: Maybe; defaultIndex: string[]; + + stackByField?: Maybe; } export type AuthenticationsResolver< @@ -2924,6 +2936,8 @@ export namespace SourceResolvers { filterQuery?: Maybe; defaultIndex: string[]; + + stackByField?: Maybe; } export type TimelineResolver< @@ -2984,6 +2998,8 @@ export namespace SourceResolvers { filterQuery?: Maybe; defaultIndex: string[]; + + stackByField?: Maybe; } export type HostsResolver = Resolver< diff --git a/x-pack/legacy/plugins/siem/server/lib/alerts/elasticsearch_adapter.ts b/x-pack/legacy/plugins/siem/server/lib/alerts/elasticsearch_adapter.ts index 2feea022bba7e..61e090c6377c7 100644 --- a/x-pack/legacy/plugins/siem/server/lib/alerts/elasticsearch_adapter.ts +++ b/x-pack/legacy/plugins/siem/server/lib/alerts/elasticsearch_adapter.ts @@ -10,7 +10,7 @@ import { AlertsOverTimeData, MatrixOverTimeHistogramData } from '../../graphql/t import { inspectStringifyObject } from '../../utils/build_query'; -import { FrameworkAdapter, FrameworkRequest, RequestBasicOptions } from '../framework'; +import { FrameworkAdapter, FrameworkRequest, MatrixHistogramRequestOptions } from '../framework'; import { buildAlertsHistogramQuery } from './query.dsl'; import { AlertsAdapter, AlertsGroupData, AlertsBucket } from './types'; @@ -22,7 +22,7 @@ export class ElasticsearchAlertsAdapter implements AlertsAdapter { public async getAlertsHistogramData( request: FrameworkRequest, - options: RequestBasicOptions + options: MatrixHistogramRequestOptions ): Promise { const dsl = buildAlertsHistogramQuery(options); const response = await this.framework.callWithRequest( diff --git a/x-pack/legacy/plugins/siem/server/lib/alerts/elasticseatch_adapter.test.ts b/x-pack/legacy/plugins/siem/server/lib/alerts/elasticseatch_adapter.test.ts index e24d0544ef502..9e05d3a628022 100644 --- a/x-pack/legacy/plugins/siem/server/lib/alerts/elasticseatch_adapter.test.ts +++ b/x-pack/legacy/plugins/siem/server/lib/alerts/elasticseatch_adapter.test.ts @@ -3,7 +3,7 @@ * or more contributor license agreements. Licensed under the Elastic License; * you may not use this file except in compliance with the Elastic License. */ -import { FrameworkAdapter, FrameworkRequest, RequestBasicOptions } from '../framework'; +import { FrameworkAdapter, FrameworkRequest, MatrixHistogramRequestOptions } from '../framework'; import expect from '@kbn/expect'; import { ElasticsearchAlertsAdapter } from './elasticsearch_adapter'; @@ -41,7 +41,7 @@ describe('alerts elasticsearch_adapter', () => { const EsNetworkTimelineAlerts = new ElasticsearchAlertsAdapter(mockFramework); const data = await EsNetworkTimelineAlerts.getAlertsHistogramData( (mockRequest as unknown) as FrameworkRequest, - (mockOptions as unknown) as RequestBasicOptions + (mockOptions as unknown) as MatrixHistogramRequestOptions ); expect(data).to.eql({ diff --git a/x-pack/legacy/plugins/siem/server/lib/alerts/query.dsl.ts b/x-pack/legacy/plugins/siem/server/lib/alerts/query.dsl.ts index efa6ee01f2124..08015c3508b86 100644 --- a/x-pack/legacy/plugins/siem/server/lib/alerts/query.dsl.ts +++ b/x-pack/legacy/plugins/siem/server/lib/alerts/query.dsl.ts @@ -6,7 +6,7 @@ import { createQueryFilterClauses, calculateTimeseriesInterval } from '../../utils/build_query'; import { buildTimelineQuery } from '../events/query.dsl'; -import { RequestOptions, RequestBasicOptions } from '../framework'; +import { RequestOptions, MatrixHistogramRequestOptions } from '../framework'; export const buildAlertsQuery = (options: RequestOptions) => { const eventsQuery = buildTimelineQuery(options); @@ -35,7 +35,8 @@ export const buildAlertsHistogramQuery = ({ sourceConfiguration: { fields: { timestamp }, }, -}: RequestBasicOptions) => { + stackByField, +}: MatrixHistogramRequestOptions) => { const filter = [ ...createQueryFilterClauses(filterQuery), { @@ -84,7 +85,7 @@ export const buildAlertsHistogramQuery = ({ return { alertsByModuleGroup: { terms: { - field: 'event.module', + field: stackByField, missing: 'All others', order: { _count: 'desc', diff --git a/x-pack/legacy/plugins/siem/server/lib/anomalies/elasticsearch_adapter.ts b/x-pack/legacy/plugins/siem/server/lib/anomalies/elasticsearch_adapter.ts index c13d8b0ec2c76..ddce2129ceecf 100644 --- a/x-pack/legacy/plugins/siem/server/lib/anomalies/elasticsearch_adapter.ts +++ b/x-pack/legacy/plugins/siem/server/lib/anomalies/elasticsearch_adapter.ts @@ -8,7 +8,7 @@ import { getOr } from 'lodash/fp'; import { AnomaliesOverTimeData } from '../../graphql/types'; import { inspectStringifyObject } from '../../utils/build_query'; -import { FrameworkAdapter, FrameworkRequest, RequestBasicOptions } from '../framework'; +import { FrameworkAdapter, FrameworkRequest, MatrixHistogramRequestOptions } from '../framework'; import { TermAggregation } from '../types'; import { AnomalyHit, AnomaliesAdapter, AnomaliesActionGroupData } from './types'; @@ -20,7 +20,7 @@ export class ElasticsearchAnomaliesAdapter implements AnomaliesAdapter { public async getAnomaliesOverTime( request: FrameworkRequest, - options: RequestBasicOptions + options: MatrixHistogramRequestOptions ): Promise { const dsl = buildAnomaliesOverTimeQuery(options); diff --git a/x-pack/legacy/plugins/siem/server/lib/anomalies/query.anomalies_over_time.dsl.ts b/x-pack/legacy/plugins/siem/server/lib/anomalies/query.anomalies_over_time.dsl.ts index 34a6a6a8f601f..b0892a68f0a2e 100644 --- a/x-pack/legacy/plugins/siem/server/lib/anomalies/query.anomalies_over_time.dsl.ts +++ b/x-pack/legacy/plugins/siem/server/lib/anomalies/query.anomalies_over_time.dsl.ts @@ -5,13 +5,14 @@ */ import { createQueryFilterClauses, calculateTimeseriesInterval } from '../../utils/build_query'; -import { RequestBasicOptions } from '../framework'; +import { MatrixHistogramRequestOptions } from '../framework'; export const buildAnomaliesOverTimeQuery = ({ filterQuery, timerange: { from, to }, defaultIndex, -}: RequestBasicOptions) => { + stackByField = 'job_id', +}: MatrixHistogramRequestOptions) => { const filter = [ ...createQueryFilterClauses(filterQuery), { @@ -42,7 +43,7 @@ export const buildAnomaliesOverTimeQuery = ({ return { anomalyActionGroup: { terms: { - field: 'job_id', + field: stackByField, order: { _count: 'desc', }, diff --git a/x-pack/legacy/plugins/siem/server/lib/authentications/elasticsearch_adapter.ts b/x-pack/legacy/plugins/siem/server/lib/authentications/elasticsearch_adapter.ts index 946518e4de602..c06e63927c7ba 100644 --- a/x-pack/legacy/plugins/siem/server/lib/authentications/elasticsearch_adapter.ts +++ b/x-pack/legacy/plugins/siem/server/lib/authentications/elasticsearch_adapter.ts @@ -17,7 +17,7 @@ import { FrameworkAdapter, FrameworkRequest, RequestOptionsPaginated, - RequestBasicOptions, + MatrixHistogramRequestOptions, } from '../framework'; import { TermAggregation } from '../types'; import { DEFAULT_MAX_TABLE_QUERY_SIZE } from '../../../common/constants'; @@ -112,7 +112,7 @@ export class ElasticsearchAuthenticationAdapter implements AuthenticationsAdapte public async getAuthenticationsOverTime( request: FrameworkRequest, - options: RequestBasicOptions + options: MatrixHistogramRequestOptions ): Promise { const dsl = buildAuthenticationsOverTimeQuery(options); const response = await this.framework.callWithRequest( diff --git a/x-pack/legacy/plugins/siem/server/lib/authentications/query.authentications_over_time.dsl.ts b/x-pack/legacy/plugins/siem/server/lib/authentications/query.authentications_over_time.dsl.ts index a6b788cb70657..77b35fef77dca 100644 --- a/x-pack/legacy/plugins/siem/server/lib/authentications/query.authentications_over_time.dsl.ts +++ b/x-pack/legacy/plugins/siem/server/lib/authentications/query.authentications_over_time.dsl.ts @@ -4,7 +4,7 @@ * you may not use this file except in compliance with the Elastic License. */ import { createQueryFilterClauses, calculateTimeseriesInterval } from '../../utils/build_query'; -import { RequestBasicOptions } from '../framework'; +import { MatrixHistogramRequestOptions } from '../framework'; export const buildAuthenticationsOverTimeQuery = ({ filterQuery, @@ -13,7 +13,8 @@ export const buildAuthenticationsOverTimeQuery = ({ sourceConfiguration: { fields: { timestamp }, }, -}: RequestBasicOptions) => { + stackByField = 'event.type', +}: MatrixHistogramRequestOptions) => { const filter = [ ...createQueryFilterClauses(filterQuery), { @@ -44,7 +45,7 @@ export const buildAuthenticationsOverTimeQuery = ({ return { eventActionGroup: { terms: { - field: 'event.type', + field: stackByField, include: ['authentication_success', 'authentication_failure'], order: { _count: 'desc', diff --git a/x-pack/legacy/plugins/siem/server/lib/events/elasticsearch_adapter.ts b/x-pack/legacy/plugins/siem/server/lib/events/elasticsearch_adapter.ts index 385a366d0773f..6fcac95ee7b74 100644 --- a/x-pack/legacy/plugins/siem/server/lib/events/elasticsearch_adapter.ts +++ b/x-pack/legacy/plugins/siem/server/lib/events/elasticsearch_adapter.ts @@ -31,7 +31,7 @@ import { baseCategoryFields } from '../../utils/beat_schema/8.0.0'; import { reduceFields } from '../../utils/build_query/reduce_fields'; import { mergeFieldsWithHit, inspectStringifyObject } from '../../utils/build_query'; import { eventFieldsMap } from '../ecs_fields'; -import { FrameworkAdapter, FrameworkRequest, RequestBasicOptions } from '../framework'; +import { FrameworkAdapter, FrameworkRequest, MatrixHistogramRequestOptions } from '../framework'; import { TermAggregation } from '../types'; import { buildDetailsQuery, buildTimelineQuery } from './query.dsl'; @@ -131,7 +131,7 @@ export class ElasticsearchEventsAdapter implements EventsAdapter { public async getEventsOverTime( request: FrameworkRequest, - options: RequestBasicOptions + options: MatrixHistogramRequestOptions ): Promise { const dsl = buildEventsOverTimeQuery(options); const response = await this.framework.callWithRequest( diff --git a/x-pack/legacy/plugins/siem/server/lib/events/query.events_over_time.dsl.ts b/x-pack/legacy/plugins/siem/server/lib/events/query.events_over_time.dsl.ts index 98bd6944c1b51..4b1837497669f 100644 --- a/x-pack/legacy/plugins/siem/server/lib/events/query.events_over_time.dsl.ts +++ b/x-pack/legacy/plugins/siem/server/lib/events/query.events_over_time.dsl.ts @@ -4,7 +4,7 @@ * you may not use this file except in compliance with the Elastic License. */ import { createQueryFilterClauses, calculateTimeseriesInterval } from '../../utils/build_query'; -import { RequestBasicOptions } from '../framework'; +import { MatrixHistogramRequestOptions } from '../framework'; export const buildEventsOverTimeQuery = ({ filterQuery, @@ -13,7 +13,8 @@ export const buildEventsOverTimeQuery = ({ sourceConfiguration: { fields: { timestamp }, }, -}: RequestBasicOptions) => { + stackByField = 'event.action', +}: MatrixHistogramRequestOptions) => { const filter = [ ...createQueryFilterClauses(filterQuery), { @@ -44,7 +45,7 @@ export const buildEventsOverTimeQuery = ({ return { eventActionGroup: { terms: { - field: 'event.action', + field: stackByField, missing: 'All others', order: { _count: 'desc', diff --git a/x-pack/legacy/plugins/siem/server/lib/framework/types.ts b/x-pack/legacy/plugins/siem/server/lib/framework/types.ts index 27254284b577d..d497d8c58a29e 100644 --- a/x-pack/legacy/plugins/siem/server/lib/framework/types.ts +++ b/x-pack/legacy/plugins/siem/server/lib/framework/types.ts @@ -130,6 +130,10 @@ export interface RequestBasicOptions { defaultIndex: string[]; } +export interface MatrixHistogramRequestOptions extends RequestBasicOptions { + stackByField: string; +} + export interface RequestOptions extends RequestBasicOptions { pagination: PaginationInput; fields: readonly string[]; From 369b88185f7e8daee06b15daa967eac8d80c0c42 Mon Sep 17 00:00:00 2001 From: Angela Chuang Date: Tue, 7 Jan 2020 16:07:39 +0000 Subject: [PATCH 08/25] fix inspect button --- .../public/components/alerts_viewer/index.tsx | 63 ++++++++++--------- .../components/matrix_histogram/index.tsx | 6 +- 2 files changed, 35 insertions(+), 34 deletions(-) diff --git a/x-pack/legacy/plugins/siem/public/components/alerts_viewer/index.tsx b/x-pack/legacy/plugins/siem/public/components/alerts_viewer/index.tsx index 369af029b2a73..de26df8e88f12 100644 --- a/x-pack/legacy/plugins/siem/public/components/alerts_viewer/index.tsx +++ b/x-pack/legacy/plugins/siem/public/components/alerts_viewer/index.tsx @@ -3,10 +3,8 @@ * or more contributor license agreements. Licensed under the Elastic License; * you may not use this file except in compliance with the Elastic License. */ - import { noop } from 'lodash/fp'; -import React from 'react'; - +import React, { useEffect } from 'react'; import { EuiSpacer } from '@elastic/eui'; import gql from 'graphql-tag'; import { AlertsComponentsQueryProps } from './types'; @@ -15,7 +13,6 @@ import * as i18n from './translations'; import { MatrixHistogramOption } from '../matrix_histogram/types'; import { getMatrixHistogramQuery } from '../../containers/helpers'; import { MatrixHistogramContainer } from '../../containers/matrix_histogram'; - const ID = 'alertsOverTimeQuery'; const alertsStackByOptions: MatrixHistogramOption[] = [ { @@ -37,29 +34,37 @@ export const AlertsView = ({ startDate, type, updateDateRange = noop, -}: AlertsComponentsQueryProps) => ( - <> - - - - -); - +}: AlertsComponentsQueryProps) => { + useEffect(() => { + return () => { + if (deleteQuery) { + deleteQuery({ id: ID }); + } + }; + }, []); + return ( + <> + + + + + ); +}; AlertsView.displayName = 'AlertsView'; diff --git a/x-pack/legacy/plugins/siem/public/components/matrix_histogram/index.tsx b/x-pack/legacy/plugins/siem/public/components/matrix_histogram/index.tsx index 352631bbca595..ecb43a6d480e3 100644 --- a/x-pack/legacy/plugins/siem/public/components/matrix_histogram/index.tsx +++ b/x-pack/legacy/plugins/siem/public/components/matrix_histogram/index.tsx @@ -101,6 +101,7 @@ export const MatrixHistogram = React.memo( : undefined, stackByField: selectedStackByOption.value, }); + useEffect(() => { const formattedSubTitle = subtitle?.replace('{{totalCount}}', totalCount.toString()); setSubtitle(formattedSubTitle); @@ -115,11 +116,6 @@ export const MatrixHistogram = React.memo( setBarChartData(getCustomChartData(data, mapping)); setQuery({ id, inspect, loading, refetch: undefined }); - return () => { - if (deleteQuery) { - deleteQuery({ id }); - } - }; }, [totalCount, isInspected, loading, data]); return !hideHistogram ? ( From 81b2145decf04f4106834db58ba02c2eed11294e Mon Sep 17 00:00:00 2001 From: Xavier Mouligneau <189600+XavierM@users.noreply.github.com> Date: Tue, 7 Jan 2020 16:28:13 -0500 Subject: [PATCH 09/25] helper node xavier --- .../public/components/alerts_viewer/index.tsx | 63 +++++++++++-------- .../siem/public/components/inspect/index.tsx | 2 +- .../components/matrix_histogram/index.tsx | 29 +++++---- .../components/matrix_histogram/utils.ts | 35 +++++++---- 4 files changed, 81 insertions(+), 48 deletions(-) diff --git a/x-pack/legacy/plugins/siem/public/components/alerts_viewer/index.tsx b/x-pack/legacy/plugins/siem/public/components/alerts_viewer/index.tsx index 369af029b2a73..b48bcb703b107 100644 --- a/x-pack/legacy/plugins/siem/public/components/alerts_viewer/index.tsx +++ b/x-pack/legacy/plugins/siem/public/components/alerts_viewer/index.tsx @@ -5,7 +5,7 @@ */ import { noop } from 'lodash/fp'; -import React from 'react'; +import React, { useEffect } from 'react'; import { EuiSpacer } from '@elastic/eui'; import gql from 'graphql-tag'; @@ -22,6 +22,10 @@ const alertsStackByOptions: MatrixHistogramOption[] = [ text: i18n.ALERTS_STACK_BY_MODULE, value: 'event.module', }, + { + text: i18n.ALERTS_DOCUMENT_TYPE, + value: 'event.type', + }, ]; const dataKey = 'Alerts'; const AlertsOverTimeGqlQuery = gql` @@ -37,29 +41,38 @@ export const AlertsView = ({ startDate, type, updateDateRange = noop, -}: AlertsComponentsQueryProps) => ( - <> - - - - -); +}: AlertsComponentsQueryProps) => { + useEffect(() => { + return () => { + if (deleteQuery) { + deleteQuery({ id: ID }); + } + }; + }, []); + return ( + <> + + + + + ); +}; AlertsView.displayName = 'AlertsView'; diff --git a/x-pack/legacy/plugins/siem/public/components/inspect/index.tsx b/x-pack/legacy/plugins/siem/public/components/inspect/index.tsx index 04d6d94d6624d..a2a0ffdde34a5 100644 --- a/x-pack/legacy/plugins/siem/public/components/inspect/index.tsx +++ b/x-pack/legacy/plugins/siem/public/components/inspect/index.tsx @@ -20,7 +20,7 @@ import * as i18n from './translations'; const InspectContainer = styled.div<{ showInspect: boolean }>` .euiButtonIcon { - ${props => (props.showInspect ? 'opacity: 1;' : 'opacity: 0')} + ${props => (props.showInspect ? 'opacity: 1;' : 'opacity: 0;')} transition: opacity ${props => getOr(250, 'theme.eui.euiAnimSpeedNormal', props)} ease; } `; diff --git a/x-pack/legacy/plugins/siem/public/components/matrix_histogram/index.tsx b/x-pack/legacy/plugins/siem/public/components/matrix_histogram/index.tsx index 352631bbca595..8381b21dc2df0 100644 --- a/x-pack/legacy/plugins/siem/public/components/matrix_histogram/index.tsx +++ b/x-pack/legacy/plugins/siem/public/components/matrix_histogram/index.tsx @@ -11,6 +11,7 @@ import darkTheme from '@elastic/eui/dist/eui_theme_dark.json'; import lightTheme from '@elastic/eui/dist/eui_theme_light.json'; import { EuiLoadingContent, EuiSelect } from '@elastic/eui'; import { i18n } from '@kbn/i18n'; +import { noop } from 'lodash/fp'; import { BarChart } from '../charts/barchart'; import { HeaderSection } from '../header_section'; import { DEFAULT_DARK_MODE } from '../../../common/constants'; @@ -65,8 +66,16 @@ export const MatrixHistogram = React.memo( const [showInspect, setShowInspect] = useState(false); const [darkMode] = useUiSetting$(DEFAULT_DARK_MODE); - const handleOnMouseEnter = useCallback(() => setShowInspect(true), []); - const handleOnMouseLeave = useCallback(() => setShowInspect(false), []); + const handleOnMouseEnter = useCallback(() => { + if (!showInspect) { + setShowInspect(true); + } + }, [showInspect]); + const handleOnMouseLeave = useCallback(() => { + if (showInspect) { + setShowInspect(false); + } + }, [showInspect]); const [selectedStackByOption, setSelectedStackByOption] = useState( defaultStackByOption @@ -83,7 +92,10 @@ export const MatrixHistogram = React.memo( [] ); - const { data, loading, inspect, totalCount } = useQuery<{}, HistogramAggregation>({ + const { data, loading, inspect, totalCount, refetch = noop } = useQuery< + {}, + HistogramAggregation + >({ dataKey, endDate, filterQuery, @@ -101,6 +113,7 @@ export const MatrixHistogram = React.memo( : undefined, stackByField: selectedStackByOption.value, }); + useEffect(() => { const formattedSubTitle = subtitle?.replace('{{totalCount}}', totalCount.toString()); setSubtitle(formattedSubTitle); @@ -114,12 +127,7 @@ export const MatrixHistogram = React.memo( setBarChartData(getCustomChartData(data, mapping)); - setQuery({ id, inspect, loading, refetch: undefined }); - return () => { - if (deleteQuery) { - deleteQuery({ id }); - } - }; + setQuery({ id, inspect, loading, refetch }); }, [totalCount, isInspected, loading, data]); return !hideHistogram ? ( @@ -134,7 +142,7 @@ export const MatrixHistogram = React.memo( title={ title && selectedStackByOption ? `${title} by ${selectedStackByOption.text}` : null } - showInspect={!loading && showInspect} + showInspect={showInspect} subtitle={!loading && (totalCount >= 0 ? subtitleWithCounts : null)} > {stackByOptions && ( @@ -151,7 +159,6 @@ export const MatrixHistogram = React.memo( /> )} - {loading ? ( ) : ( diff --git a/x-pack/legacy/plugins/siem/public/components/matrix_histogram/utils.ts b/x-pack/legacy/plugins/siem/public/components/matrix_histogram/utils.ts index 1007e912bbf56..367fcfe45cd95 100644 --- a/x-pack/legacy/plugins/siem/public/components/matrix_histogram/utils.ts +++ b/x-pack/legacy/plugins/siem/public/components/matrix_histogram/utils.ts @@ -96,9 +96,8 @@ export const getCustomChartData = ( if (mapping) return map((item: ChartSeriesData) => { - const customColor = get(`${item.key}.color`, mapping); - item.color = customColor; - return item; + const mapItem = get(item.key, mapping); + return { ...item, color: mapItem.color }; }, formattedChartData); else return formattedChartData; }; @@ -123,6 +122,7 @@ export const useQuery = ({ }: MatrixHistogramQueryProps) => { const [defaultIndex] = useUiSetting$(DEFAULT_INDEX_KEY); const [, dispatchToaster] = useStateToaster(); + const [refetch, setRefetch] = useState(); const [loading, setLoading] = useState(false); const [data, setData] = useState(null); const [inspect, setInspect] = useState(null); @@ -132,12 +132,11 @@ export const useQuery = ({ useEffect(() => { let isSubscribed = true; const abortCtrl = new AbortController(); - const signal = abortCtrl.signal; - setLoading(true); + const abortSignal = abortCtrl.signal; - async function fetchData(abortSignal: AbortSignal) { + async function fetchData() { if (!apolloClient) return null; - + setLoading(true); return apolloClient .query({ query, @@ -197,13 +196,27 @@ export const useQuery = ({ } ); } - - fetchData(signal); + setRefetch(() => { + fetchData(); + }); + fetchData(); return () => { isSubscribed = false; abortCtrl.abort(); }; - }, [query, isInspected, startDate, endDate]); + }, [ + defaultIndex, + query, + filterQuery, + isInspected, + isHistogram, + stackByField, + sort, + isPtrIncluded, + pagination, + startDate, + endDate, + ]); - return { data, loading, inspect, totalCount }; + return { data, loading, inspect, totalCount, refetch }; }; From 23d498045cc55070d9d61d82598095e9ba2b987d Mon Sep 17 00:00:00 2001 From: Angela Chuang Date: Sun, 12 Jan 2020 18:20:30 +0800 Subject: [PATCH 10/25] fix DNS histogram --- .../matrix_histogram/index.test.tsx | 1 + .../components/matrix_histogram/index.tsx | 11 +- .../public/containers/network_dns/index.tsx | 4 +- .../network/navigation/dns_query_tab_body.tsx | 134 ++++++++++-------- 4 files changed, 84 insertions(+), 66 deletions(-) diff --git a/x-pack/legacy/plugins/siem/public/components/matrix_histogram/index.test.tsx b/x-pack/legacy/plugins/siem/public/components/matrix_histogram/index.test.tsx index 95893dab9c59b..c61b93547ea47 100644 --- a/x-pack/legacy/plugins/siem/public/components/matrix_histogram/index.test.tsx +++ b/x-pack/legacy/plugins/siem/public/components/matrix_histogram/index.test.tsx @@ -43,6 +43,7 @@ describe('Matrix Histogram Component', () => { setQuery: jest.fn(), skip: false, sourceId: 'default', + stackByField: 'mockStackByField', stackByOptions: [{ text: 'text', value: 'value' }], startDate: new Date('2019-07-18T19:00: 00.000Z').valueOf(), subtitle: 'mockSubtitle', diff --git a/x-pack/legacy/plugins/siem/public/components/matrix_histogram/index.tsx b/x-pack/legacy/plugins/siem/public/components/matrix_histogram/index.tsx index 8381b21dc2df0..8b3f2c6335f57 100644 --- a/x-pack/legacy/plugins/siem/public/components/matrix_histogram/index.tsx +++ b/x-pack/legacy/plugins/siem/public/components/matrix_histogram/index.tsx @@ -4,7 +4,7 @@ * you may not use this file except in compliance with the Elastic License. */ -import React, { useState, useEffect, useCallback } from 'react'; +import React, { useState, useEffect, useCallback, useMemo } from 'react'; import { ScaleType } from '@elastic/charts'; import darkTheme from '@elastic/eui/dist/eui_theme_dark.json'; @@ -91,6 +91,10 @@ export const MatrixHistogram = React.memo( }, [] ); + const getPagination = () => + activePage != null && limit != null + ? generateTablePaginationOptions(activePage, limit) + : undefined; const { data, loading, inspect, totalCount, refetch = noop } = useQuery< {}, @@ -107,10 +111,7 @@ export const MatrixHistogram = React.memo( isInspected, isPtrIncluded, isHistogram: true, - pagination: - activePage != null && limit != null - ? generateTablePaginationOptions(activePage, limit) - : undefined, + pagination: useMemo(() => getPagination(), [activePage, limit]), stackByField: selectedStackByOption.value, }); diff --git a/x-pack/legacy/plugins/siem/public/containers/network_dns/index.tsx b/x-pack/legacy/plugins/siem/public/containers/network_dns/index.tsx index 7d9076d652b00..e747f052a73a4 100644 --- a/x-pack/legacy/plugins/siem/public/containers/network_dns/index.tsx +++ b/x-pack/legacy/plugins/siem/public/containers/network_dns/index.tsx @@ -32,8 +32,8 @@ import { MatrixHistogramOption } from '../../components/matrix_histogram/types'; import { UpdateDateRange } from '../../components/charts/common'; import { SetQuery } from '../../pages/hosts/navigation/types'; -const ID = 'networkDnsQuery'; -const HISTOGRAM_ID = 'networkDnsHistogramQuery'; +export const ID = 'networkDnsQuery'; +export const HISTOGRAM_ID = 'networkDnsHistogramQuery'; export interface NetworkDnsArgs { id: string; inspect: inputsModel.InspectQuery; diff --git a/x-pack/legacy/plugins/siem/public/pages/network/navigation/dns_query_tab_body.tsx b/x-pack/legacy/plugins/siem/public/pages/network/navigation/dns_query_tab_body.tsx index d81669b729c87..ad6a577931096 100644 --- a/x-pack/legacy/plugins/siem/public/pages/network/navigation/dns_query_tab_body.tsx +++ b/x-pack/legacy/plugins/siem/public/pages/network/navigation/dns_query_tab_body.tsx @@ -4,13 +4,18 @@ * you may not use this file except in compliance with the Elastic License. */ -import React from 'react'; +import React, { useEffect, useMemo } from 'react'; import { getOr } from 'lodash/fp'; import { EuiSpacer } from '@elastic/eui'; import { ScaleType } from '@elastic/charts'; import { NetworkDnsTable } from '../../../components/page/network/network_dns_table'; -import { NetworkDnsQuery, NetworkDnsHistogramQuery } from '../../../containers/network_dns'; +import { + NetworkDnsQuery, + NetworkDnsHistogramQuery, + ID, + HISTOGRAM_ID, +} from '../../../containers/network_dns'; import { manageQuery } from '../../../components/page/manage_query'; import { NetworkComponentQueryProps } from './types'; @@ -29,6 +34,7 @@ const dnsStackByOptions: MatrixHistogramOption[] = [ ]; export const DnsQueryTabBody = ({ + deleteQuery, endDate, filterQuery, skip, @@ -36,62 +42,72 @@ export const DnsQueryTabBody = ({ setQuery, type, updateDateRange = () => {}, -}: NetworkComponentQueryProps) => ( - <> - - - - {({ - totalCount, - loading, - networkDns, - pageInfo, - loadPage, - id, - inspect, - isInspected, - refetch, - }) => ( - - )} - - -); +}: NetworkComponentQueryProps) => { + useEffect(() => { + return () => { + if (deleteQuery) { + deleteQuery({ id: ID }); + deleteQuery({ id: HISTOGRAM_ID }); + } + }; + }, []); + return ( + <> + ['NetworkDns', 'histogram'], [])} + defaultStackByOption={dnsStackByOptions[0]} + endDate={endDate} + filterQuery={filterQuery} + query={networkDnsQuery} + scaleType={ScaleType.Ordinal} + setQuery={setQuery} + sourceId="default" + startDate={startDate} + stackByOptions={dnsStackByOptions} + title="DNS" + type={networkModel.NetworkType.page} + updateDateRange={updateDateRange} + yTickFormatter={bytesFormatter} + showLegend={false} + /> + + + {({ + totalCount, + loading, + networkDns, + pageInfo, + loadPage, + id, + inspect, + isInspected, + refetch, + }) => ( + + )} + + + ); +}; DnsQueryTabBody.displayName = 'DNSQueryTabBody'; From 421a408f7467828305ae644926f06709852bc0cb Mon Sep 17 00:00:00 2001 From: Angela Chuang Date: Sun, 12 Jan 2020 20:00:17 +0800 Subject: [PATCH 11/25] fix DNS query params --- .../components/matrix_histogram/utils.ts | 2 +- .../public/containers/network_dns/index.tsx | 9 +- .../network/navigation/dns_query_tab_body.tsx | 87 +++++++++---------- 3 files changed, 49 insertions(+), 49 deletions(-) diff --git a/x-pack/legacy/plugins/siem/public/components/matrix_histogram/utils.ts b/x-pack/legacy/plugins/siem/public/components/matrix_histogram/utils.ts index 367fcfe45cd95..2a69fbcb9ec7a 100644 --- a/x-pack/legacy/plugins/siem/public/components/matrix_histogram/utils.ts +++ b/x-pack/legacy/plugins/siem/public/components/matrix_histogram/utils.ts @@ -135,7 +135,7 @@ export const useQuery = ({ const abortSignal = abortCtrl.signal; async function fetchData() { - if (!apolloClient) return null; + if (!apolloClient || (pagination != null && pagination.querySize < 0)) return null; setLoading(true); return apolloClient .query({ diff --git a/x-pack/legacy/plugins/siem/public/containers/network_dns/index.tsx b/x-pack/legacy/plugins/siem/public/containers/network_dns/index.tsx index e747f052a73a4..fc7976f3ce30d 100644 --- a/x-pack/legacy/plugins/siem/public/containers/network_dns/index.tsx +++ b/x-pack/legacy/plugins/siem/public/containers/network_dns/index.tsx @@ -26,13 +26,13 @@ import { generateTablePaginationOptions } from '../../components/paginated_table import { createFilter, getDefaultFetchPolicy } from '../helpers'; import { QueryTemplatePaginated, QueryTemplatePaginatedProps } from '../query_template_paginated'; import { networkDnsQuery } from './index.gql_query'; -import { DEFAULT_TABLE_ACTIVE_PAGE, DEFAULT_TABLE_LIMIT } from '../../store/constants'; +import { DEFAULT_TABLE_ACTIVE_PAGE } from '../../store/constants'; import { MatrixHistogram } from '../../components/matrix_histogram'; import { MatrixHistogramOption } from '../../components/matrix_histogram/types'; import { UpdateDateRange } from '../../components/charts/common'; import { SetQuery } from '../../pages/hosts/navigation/types'; -export const ID = 'networkDnsQuery'; +const ID = 'networkDnsQuery'; export const HISTOGRAM_ID = 'networkDnsHistogramQuery'; export interface NetworkDnsArgs { id: string; @@ -55,6 +55,7 @@ export interface OwnProps extends QueryTemplatePaginatedProps { interface DnsHistogramOwnProps extends QueryTemplatePaginatedProps { dataKey: string | string[]; defaultStackByOption: MatrixHistogramOption; + limit: number; query: DocumentNode; scaleType: ScaleType; setQuery: SetQuery; @@ -181,12 +182,12 @@ const makeMapStateToProps = () => { const makeMapHistogramStateToProps = () => { const getNetworkDnsSelector = networkSelectors.dnsSelector(); const getQuery = inputsSelectors.globalQueryByIdSelector(); - const mapStateToProps = (state: State, { id = HISTOGRAM_ID }: OwnProps) => { + const mapStateToProps = (state: State, { id = HISTOGRAM_ID, limit }: DnsHistogramOwnProps) => { const { isInspected } = getQuery(state, id); return { ...getNetworkDnsSelector(state), activePage: DEFAULT_TABLE_ACTIVE_PAGE, - limit: DEFAULT_TABLE_LIMIT, + limit, isInspected, id, }; diff --git a/x-pack/legacy/plugins/siem/public/pages/network/navigation/dns_query_tab_body.tsx b/x-pack/legacy/plugins/siem/public/pages/network/navigation/dns_query_tab_body.tsx index ad6a577931096..8364af37afde5 100644 --- a/x-pack/legacy/plugins/siem/public/pages/network/navigation/dns_query_tab_body.tsx +++ b/x-pack/legacy/plugins/siem/public/pages/network/navigation/dns_query_tab_body.tsx @@ -4,7 +4,7 @@ * you may not use this file except in compliance with the Elastic License. */ -import React, { useEffect, useMemo } from 'react'; +import React, { useEffect } from 'react'; import { getOr } from 'lodash/fp'; import { EuiSpacer } from '@elastic/eui'; @@ -13,7 +13,6 @@ import { NetworkDnsTable } from '../../../components/page/network/network_dns_ta import { NetworkDnsQuery, NetworkDnsHistogramQuery, - ID, HISTOGRAM_ID, } from '../../../containers/network_dns'; import { manageQuery } from '../../../components/page/manage_query'; @@ -46,50 +45,50 @@ export const DnsQueryTabBody = ({ useEffect(() => { return () => { if (deleteQuery) { - deleteQuery({ id: ID }); deleteQuery({ id: HISTOGRAM_ID }); } }; }, []); return ( - <> - ['NetworkDns', 'histogram'], [])} - defaultStackByOption={dnsStackByOptions[0]} - endDate={endDate} - filterQuery={filterQuery} - query={networkDnsQuery} - scaleType={ScaleType.Ordinal} - setQuery={setQuery} - sourceId="default" - startDate={startDate} - stackByOptions={dnsStackByOptions} - title="DNS" - type={networkModel.NetworkType.page} - updateDateRange={updateDateRange} - yTickFormatter={bytesFormatter} - showLegend={false} - /> - - - {({ - totalCount, - loading, - networkDns, - pageInfo, - loadPage, - id, - inspect, - isInspected, - refetch, - }) => ( + + {({ + totalCount, + loading, + networkDns, + pageInfo, + loadPage, + id, + inspect, + isInspected, + refetch, + }) => ( + <> + + - )} - - + + )} + ); }; From 71aa58a51b04a110423b50da25f8016183cfd484 Mon Sep 17 00:00:00 2001 From: Angela Chuang Date: Sun, 12 Jan 2020 20:30:27 +0800 Subject: [PATCH 12/25] move utils for fetch data into containers --- .../public/components/alerts_viewer/index.tsx | 4 - .../components/matrix_histogram/index.tsx | 3 +- .../components/matrix_histogram/utils.ts | 134 +---------------- .../containers/matrix_histogram/index.tsx | 19 +-- .../containers/matrix_histogram/utils.ts | 136 ++++++++++++++++++ 5 files changed, 144 insertions(+), 152 deletions(-) create mode 100644 x-pack/legacy/plugins/siem/public/containers/matrix_histogram/utils.ts diff --git a/x-pack/legacy/plugins/siem/public/components/alerts_viewer/index.tsx b/x-pack/legacy/plugins/siem/public/components/alerts_viewer/index.tsx index 6b35abd8fcb51..f59ab43a2a9d9 100644 --- a/x-pack/legacy/plugins/siem/public/components/alerts_viewer/index.tsx +++ b/x-pack/legacy/plugins/siem/public/components/alerts_viewer/index.tsx @@ -20,10 +20,6 @@ const alertsStackByOptions: MatrixHistogramOption[] = [ text: i18n.ALERTS_STACK_BY_MODULE, value: 'event.module', }, - { - text: i18n.ALERTS_DOCUMENT_TYPE, - value: 'event.type', - }, ]; const dataKey = 'Alerts'; const AlertsOverTimeGqlQuery = gql` diff --git a/x-pack/legacy/plugins/siem/public/components/matrix_histogram/index.tsx b/x-pack/legacy/plugins/siem/public/components/matrix_histogram/index.tsx index 8b3f2c6335f57..45053f327659b 100644 --- a/x-pack/legacy/plugins/siem/public/components/matrix_histogram/index.tsx +++ b/x-pack/legacy/plugins/siem/public/components/matrix_histogram/index.tsx @@ -18,7 +18,8 @@ import { DEFAULT_DARK_MODE } from '../../../common/constants'; import { useUiSetting$ } from '../../lib/kibana'; import { Loader } from '../loader'; import { Panel } from '../panel'; -import { getBarchartConfigs, getCustomChartData, useQuery } from './utils'; +import { getBarchartConfigs, getCustomChartData } from '../../components/matrix_histogram/utils'; +import { useQuery } from '../../containers/matrix_histogram/utils'; import { MatrixHistogramProps, MatrixHistogramOption, diff --git a/x-pack/legacy/plugins/siem/public/components/matrix_histogram/utils.ts b/x-pack/legacy/plugins/siem/public/components/matrix_histogram/utils.ts index 2a69fbcb9ec7a..600cafa4aea0c 100644 --- a/x-pack/legacy/plugins/siem/public/components/matrix_histogram/utils.ts +++ b/x-pack/legacy/plugins/siem/public/components/matrix_histogram/utils.ts @@ -4,25 +4,14 @@ * you may not use this file except in compliance with the Elastic License. */ import { ScaleType, niceTimeFormatter, Position } from '@elastic/charts'; -import { get, groupBy, map, toPairs, getOr } from 'lodash/fp'; +import { get, groupBy, map, toPairs } from 'lodash/fp'; import numeral from '@elastic/numeral'; -import { useEffect, useState } from 'react'; -import { i18n } from '@kbn/i18n'; -import { UpdateDateRange, ChartSeriesData } from '../charts/common'; + +import { UpdateDateRange, ChartSeriesData } from '../../components/charts/common'; import { MatrixHistogramDataTypes, MatrixHistogramMappingTypes, - MatrixHistogramQueryProps, - MatrixHistogramQueryVariables, - MatrixHistogramQuery, -} from './types'; -import { DEFAULT_INDEX_KEY } from '../../../common/constants'; -import { useStateToaster } from '../toasters'; -import { errorToToaster } from '../ml/api/error_to_toaster'; -import { useUiSetting$ } from '../../lib/kibana'; -import { createFilter } from '../../containers/helpers'; -import { useApolloClient } from '../../utils/apollo_context'; -import { inputsModel } from '../../store'; +} from '../../components/matrix_histogram/types'; export const getBarchartConfigs = ({ from, @@ -105,118 +94,3 @@ export const getCustomChartData = ( export const bytesFormatter = (value: number) => { return numeral(value).format('0,0.[0]b'); }; - -export const useQuery = ({ - dataKey, - endDate, - filterQuery, - query, - stackByField, - startDate, - sort, - title, - isPtrIncluded, - isInspected, - isHistogram, - pagination, -}: MatrixHistogramQueryProps) => { - const [defaultIndex] = useUiSetting$(DEFAULT_INDEX_KEY); - const [, dispatchToaster] = useStateToaster(); - const [refetch, setRefetch] = useState(); - const [loading, setLoading] = useState(false); - const [data, setData] = useState(null); - const [inspect, setInspect] = useState(null); - const [totalCount, setTotalCount] = useState(-1); - const apolloClient = useApolloClient(); - - useEffect(() => { - let isSubscribed = true; - const abortCtrl = new AbortController(); - const abortSignal = abortCtrl.signal; - - async function fetchData() { - if (!apolloClient || (pagination != null && pagination.querySize < 0)) return null; - setLoading(true); - return apolloClient - .query({ - query, - fetchPolicy: 'cache-first', - variables: { - filterQuery: createFilter(filterQuery), - sourceId: 'default', - timerange: { - interval: '12h', - from: startDate!, - to: endDate!, - }, - defaultIndex, - inspect: isInspected, - isHistogram, - stackByField, - sort, - isPtrIncluded, - pagination, - }, - context: { - fetchOptions: { - abortSignal, - }, - }, - }) - .then( - result => { - if (isSubscribed) { - const isDataKeyAnArray = Array.isArray(dataKey); - const rootDataKey = isDataKeyAnArray ? dataKey[0] : `${dataKey}Histogram`; - const histogramDataKey = isDataKeyAnArray ? dataKey[1] : `${dataKey}OverTimeByModule`; - const source = getOr({}, `data.source.${rootDataKey}`, result); - setData(getOr([], histogramDataKey, source)); - setTotalCount(getOr(-1, 'totalCount', source)); - setInspect(getOr(null, 'inspect', source)); - setLoading(false); - } - }, - error => { - if (isSubscribed) { - setData(null); - setTotalCount(-1); - setInspect(null); - errorToToaster({ - title: i18n.translate( - `xpack.siem.component.matrixHistogram.${title}.errorFetchingSignalsDescription`, - { - defaultMessage: `Failed to query ${title}`, - } - ), - error, - dispatchToaster, - }); - setLoading(false); - } - } - ); - } - setRefetch(() => { - fetchData(); - }); - fetchData(); - return () => { - isSubscribed = false; - abortCtrl.abort(); - }; - }, [ - defaultIndex, - query, - filterQuery, - isInspected, - isHistogram, - stackByField, - sort, - isPtrIncluded, - pagination, - startDate, - endDate, - ]); - - return { data, loading, inspect, totalCount, refetch }; -}; diff --git a/x-pack/legacy/plugins/siem/public/containers/matrix_histogram/index.tsx b/x-pack/legacy/plugins/siem/public/containers/matrix_histogram/index.tsx index bbac919860840..9d3347f6fb733 100644 --- a/x-pack/legacy/plugins/siem/public/containers/matrix_histogram/index.tsx +++ b/x-pack/legacy/plugins/siem/public/containers/matrix_histogram/index.tsx @@ -8,11 +8,11 @@ import React from 'react'; import { compose } from 'redux'; import { connect } from 'react-redux'; -import { inputsModel, State, inputsSelectors, hostsModel, networkModel } from '../../store'; +import { State, inputsSelectors, hostsModel, networkModel } from '../../store'; import { QueryTemplateProps } from '../query_template'; import { withKibana } from '../../lib/kibana'; -import { MatrixOverTimeHistogramData, Maybe } from '../../graphql/types'; +import { Maybe } from '../../graphql/types'; import { MatrixHistogram } from '../../components/matrix_histogram'; import { MatrixHistogramOption, @@ -21,17 +21,6 @@ import { import { UpdateDateRange } from '../../components/charts/common'; import { SetQuery } from '../../pages/hosts/navigation/types'; -export interface EventsArgs { - endDate: number; - eventsOverTime: MatrixOverTimeHistogramData[]; - id: string; - inspect: inputsModel.InspectQuery; - loading: boolean; - refetch: inputsModel.Refetch; - startDate: number; - totalCount: number; -} - export interface OwnProps extends QueryTemplateProps { dataKey: string | string[]; defaultStackByOption: MatrixHistogramOption; @@ -49,10 +38,6 @@ export interface OwnProps extends QueryTemplateProps { updateDateRange: UpdateDateRange; } -export interface EventsOverTimeComponentReduxProps { - isInspected: boolean; -} - const makeMapStateToProps = () => { const getQuery = inputsSelectors.globalQueryByIdSelector(); const mapStateToProps = (state: State, { type, id }: OwnProps) => { diff --git a/x-pack/legacy/plugins/siem/public/containers/matrix_histogram/utils.ts b/x-pack/legacy/plugins/siem/public/containers/matrix_histogram/utils.ts new file mode 100644 index 0000000000000..7c5fb007eb350 --- /dev/null +++ b/x-pack/legacy/plugins/siem/public/containers/matrix_histogram/utils.ts @@ -0,0 +1,136 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License; + * you may not use this file except in compliance with the Elastic License. + */ +import { getOr } from 'lodash/fp'; +import { useEffect, useState } from 'react'; +import { i18n } from '@kbn/i18n'; +import { + MatrixHistogramDataTypes, + MatrixHistogramQueryProps, + MatrixHistogramQueryVariables, + MatrixHistogramQuery, +} from '../../components/matrix_histogram/types'; +import { DEFAULT_INDEX_KEY } from '../../../common/constants'; +import { useStateToaster } from '../../components/toasters'; +import { errorToToaster } from '../../components/ml/api/error_to_toaster'; +import { useUiSetting$ } from '../../lib/kibana'; +import { createFilter } from '../helpers'; +import { useApolloClient } from '../../utils/apollo_context'; +import { inputsModel } from '../../store'; + +export const useQuery = ({ + dataKey, + endDate, + filterQuery, + query, + stackByField, + startDate, + sort, + title, + isPtrIncluded, + isInspected, + isHistogram, + pagination, +}: MatrixHistogramQueryProps) => { + const [defaultIndex] = useUiSetting$(DEFAULT_INDEX_KEY); + const [, dispatchToaster] = useStateToaster(); + const [refetch, setRefetch] = useState(); + const [loading, setLoading] = useState(false); + const [data, setData] = useState(null); + const [inspect, setInspect] = useState(null); + const [totalCount, setTotalCount] = useState(-1); + const apolloClient = useApolloClient(); + + useEffect(() => { + let isSubscribed = true; + const abortCtrl = new AbortController(); + const abortSignal = abortCtrl.signal; + + async function fetchData() { + if (!apolloClient || (pagination != null && pagination.querySize < 0)) return null; + setLoading(true); + return apolloClient + .query({ + query, + fetchPolicy: 'cache-first', + variables: { + filterQuery: createFilter(filterQuery), + sourceId: 'default', + timerange: { + interval: '12h', + from: startDate!, + to: endDate!, + }, + defaultIndex, + inspect: isInspected, + isHistogram, + stackByField, + sort, + isPtrIncluded, + pagination, + }, + context: { + fetchOptions: { + abortSignal, + }, + }, + }) + .then( + result => { + if (isSubscribed) { + const isDataKeyAnArray = Array.isArray(dataKey); + const rootDataKey = isDataKeyAnArray ? dataKey[0] : `${dataKey}Histogram`; + const histogramDataKey = isDataKeyAnArray ? dataKey[1] : `${dataKey}OverTimeByModule`; + const source = getOr({}, `data.source.${rootDataKey}`, result); + setData(getOr([], histogramDataKey, source)); + setTotalCount(getOr(-1, 'totalCount', source)); + setInspect(getOr(null, 'inspect', source)); + setLoading(false); + } + }, + error => { + if (isSubscribed) { + setData(null); + setTotalCount(-1); + setInspect(null); + errorToToaster({ + title: i18n.translate( + `xpack.siem.component.matrixHistogram.${title}.errorFetchingSignalsDescription`, + { + defaultMessage: `Failed to query ${title}`, + } + ), + error, + dispatchToaster, + }); + setLoading(false); + } + } + ); + } + setRefetch(() => { + fetchData(); + }); + fetchData(); + return () => { + isSubscribed = false; + abortCtrl.abort(); + }; + }, [ + defaultIndex, + query, + filterQuery, + isInspected, + isHistogram, + stackByField, + sort, + isPtrIncluded, + pagination, + startDate, + endDate, + ]); + + return { data, loading, inspect, totalCount, refetch }; +}; From c24e20ca947ef8f08f79c077df3f0c0362b9c603 Mon Sep 17 00:00:00 2001 From: Angela Chuang Date: Sun, 12 Jan 2020 23:49:18 +0800 Subject: [PATCH 13/25] cleanup graphql template on client side --- .../public/components/alerts_viewer/index.tsx | 9 +- .../matrix_histogram/index.test.tsx | 2 +- .../components/matrix_histogram/index.tsx | 9 +- .../components/matrix_histogram/types.ts | 22 +-- .../anomalies_query_tab_body/index.tsx | 10 +- .../plugins/siem/public/containers/helpers.ts | 34 ---- .../matrix_histogram/index.gql_query.ts | 94 ++++++++++ .../containers/matrix_histogram/index.tsx | 4 + .../containers/matrix_histogram/utils.ts | 68 +++++--- .../containers/network_dns/index.gql_query.ts | 13 +- .../public/containers/network_dns/index.tsx | 1 + .../siem/public/graphql/introspection.json | 6 + .../plugins/siem/public/graphql/types.ts | 160 +++++++++++++++++- .../authentications_query_tab_body.tsx | 10 +- .../navigation/events_query_tab_body.tsx | 10 +- .../siem/server/graphql/network/resolvers.ts | 1 + .../siem/server/graphql/network/schema.gql.ts | 1 + .../plugins/siem/server/graphql/types.ts | 4 + .../plugins/siem/server/lib/alerts/index.ts | 4 +- .../plugins/siem/server/lib/alerts/types.ts | 4 +- .../plugins/siem/server/lib/network/index.ts | 1 + .../siem/server/lib/network/query_dns.dsl.ts | 3 +- .../plugins/siem/server/lib/network/types.ts | 3 +- 23 files changed, 358 insertions(+), 115 deletions(-) create mode 100644 x-pack/legacy/plugins/siem/public/containers/matrix_histogram/index.gql_query.ts diff --git a/x-pack/legacy/plugins/siem/public/components/alerts_viewer/index.tsx b/x-pack/legacy/plugins/siem/public/components/alerts_viewer/index.tsx index f59ab43a2a9d9..64feca34a493e 100644 --- a/x-pack/legacy/plugins/siem/public/components/alerts_viewer/index.tsx +++ b/x-pack/legacy/plugins/siem/public/components/alerts_viewer/index.tsx @@ -6,14 +6,13 @@ import { noop } from 'lodash/fp'; import React, { useEffect } from 'react'; import { EuiSpacer } from '@elastic/eui'; -import gql from 'graphql-tag'; import { AlertsComponentsQueryProps } from './types'; import { AlertsTable } from './alerts_table'; import * as i18n from './translations'; import { MatrixHistogramOption } from '../matrix_histogram/types'; -import { getMatrixHistogramQuery } from '../../containers/helpers'; import { MatrixHistogramContainer } from '../../containers/matrix_histogram'; +import { MatrixHistogramGqlQuery } from '../../containers/matrix_histogram/index.gql_query'; const ID = 'alertsOverTimeQuery'; const alertsStackByOptions: MatrixHistogramOption[] = [ { @@ -22,9 +21,6 @@ const alertsStackByOptions: MatrixHistogramOption[] = [ }, ]; const dataKey = 'Alerts'; -const AlertsOverTimeGqlQuery = gql` - ${getMatrixHistogramQuery('Alerts')} -`; export const AlertsView = ({ deleteQuery, endDate, @@ -46,13 +42,14 @@ export const AlertsView = ({ return ( <> ({ + alertsType, + anomaliesType, + authenticationsType, dataKey, endDate, + eventsType, filterQuery, query, skip, diff --git a/x-pack/legacy/plugins/siem/public/components/matrix_histogram/types.ts b/x-pack/legacy/plugins/siem/public/components/matrix_histogram/types.ts index 1a17b75cda2c5..328d43f0ca0e2 100644 --- a/x-pack/legacy/plugins/siem/public/components/matrix_histogram/types.ts +++ b/x-pack/legacy/plugins/siem/public/components/matrix_histogram/types.ts @@ -30,7 +30,6 @@ export interface MatrixHistogramOption { value: string; } export interface MatrixHistogramBasicProps { - deleteQuery?: ({ id }: { id: string }) => void; defaultIndex: string[]; defaultStackByOption: MatrixHistogramOption; endDate: number; @@ -48,7 +47,11 @@ export interface MatrixHistogramBasicProps { export interface MatrixHistogramQueryProps { activePage?: number; + alertsType?: boolean; + anomaliesType?: boolean; + authenticationsType?: boolean; dataKey: string; + eventsType?: boolean; endDate: number; filterQuery?: ESQuery | string | undefined; limit?: number; @@ -70,23 +73,6 @@ export interface MatrixHistogramProps extends MatrixHistogramBasicProps { showLegend?: boolean; } -export interface MatrixHistogramQueryVariables { - sourceId: string; - timerange: TimerangeInput; - filterQuery?: Maybe; - defaultIndex: string[]; - inspect: boolean; - isHistogram?: boolean; - sort?: SortField; - stackByField: string; - isPtrIncluded: boolean; - pagination?: PaginationInputPaginated; -} - -export interface MatrixHistogramQuery { - source: Source; -} - export interface HistogramBucket { key_as_string: string; key: number; diff --git a/x-pack/legacy/plugins/siem/public/containers/anomalies/anomalies_query_tab_body/index.tsx b/x-pack/legacy/plugins/siem/public/containers/anomalies/anomalies_query_tab_body/index.tsx index 9d829622733ef..928101579b71e 100644 --- a/x-pack/legacy/plugins/siem/public/containers/anomalies/anomalies_query_tab_body/index.tsx +++ b/x-pack/legacy/plugins/siem/public/containers/anomalies/anomalies_query_tab_body/index.tsx @@ -6,7 +6,6 @@ import React from 'react'; import { EuiSpacer } from '@elastic/eui'; -import gql from 'graphql-tag'; import { AnomaliesQueryTabBodyProps } from './types'; import { getAnomaliesFilterQuery } from './utils'; import { useSiemJobs } from '../../../components/ml_popover/hooks/use_siem_jobs'; @@ -14,7 +13,7 @@ import { useUiSetting$ } from '../../../lib/kibana'; import { DEFAULT_ANOMALY_SCORE } from '../../../../common/constants'; import { MatrixHistogramContainer } from '../../matrix_histogram'; import { MatrixHistogramOption } from '../../../components/matrix_histogram/types'; -import { getMatrixHistogramQuery } from '../../helpers'; +import { MatrixHistogramGqlQuery } from '../../matrix_histogram/index.gql_query'; const ID = 'anomaliesOverTimeQuery'; const anomaliesStackByOptions: MatrixHistogramOption[] = [ @@ -23,9 +22,7 @@ const anomaliesStackByOptions: MatrixHistogramOption[] = [ value: 'job_id', }, ]; -const AnomaliesOverTimeGqlQuery = gql` - ${getMatrixHistogramQuery('Anomalies')} -`; + export const AnomaliesQueryTabBody = ({ deleteQuery, endDate, @@ -56,6 +53,7 @@ export const AnomaliesQueryTabBody = ({ return ( <> isString(filterQuery) ? filterQuery : JSON.stringify(filterQuery); export const getDefaultFetchPolicy = (): FetchPolicy => 'cache-and-network'; - -export const getMatrixHistogramQuery = (dataKey: string): string => { - return ` - query Get${dataKey}OverTimeQuery( - $sourceId: ID! - $timerange: TimerangeInput! - $defaultIndex: [String!]! - $filterQuery: String - $inspect: Boolean! - $stackByField: String! - ) { - source(id: $sourceId) { - id - ${dataKey}Histogram( - timerange: $timerange - filterQuery: $filterQuery - defaultIndex: $defaultIndex - stackByField: $stackByField - ) { - ${dataKey}OverTimeByModule { - x - y - g - } - totalCount - inspect @include(if: $inspect) { - dsl - response - } - } - } - } -`; -}; diff --git a/x-pack/legacy/plugins/siem/public/containers/matrix_histogram/index.gql_query.ts b/x-pack/legacy/plugins/siem/public/containers/matrix_histogram/index.gql_query.ts new file mode 100644 index 0000000000000..7266f94195dea --- /dev/null +++ b/x-pack/legacy/plugins/siem/public/containers/matrix_histogram/index.gql_query.ts @@ -0,0 +1,94 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License; + * you may not use this file except in compliance with the Elastic License. + */ + +import gql from 'graphql-tag'; + +export const MatrixHistogramGqlQuery = gql` + query GetMatrixHistogramQuery( + $alertsType: Boolean! + $anomaliesType: Boolean! + $authenticationsType: Boolean! + $defaultIndex: [String!]! + $eventsType: Boolean! + $filterQuery: String + $inspect: Boolean! + $sourceId: ID! + $stackByField: String + $timerange: TimerangeInput! + ) { + source(id: $sourceId) { + id + AlertsHistogram( + timerange: $timerange + filterQuery: $filterQuery + defaultIndex: $defaultIndex + stackByField: $stackByField + ) @include(if: $alertsType) { + AlertsOverTimeByModule { + x + y + g + } + totalCount + inspect @include(if: $inspect) { + dsl + response + } + } + AnomaliesHistogram( + timerange: $timerange + filterQuery: $filterQuery + defaultIndex: $defaultIndex + stackByField: $stackByField + ) @include(if: $anomaliesType) { + AnomaliesOverTimeByModule { + x + y + g + } + totalCount + inspect @include(if: $inspect) { + dsl + response + } + } + AuthenticationsHistogram( + timerange: $timerange + filterQuery: $filterQuery + defaultIndex: $defaultIndex + stackByField: $stackByField + ) @include(if: $authenticationsType) { + AuthenticationsOverTimeByModule { + x + y + g + } + totalCount + inspect @include(if: $inspect) { + dsl + response + } + } + EventsHistogram( + timerange: $timerange + filterQuery: $filterQuery + defaultIndex: $defaultIndex + stackByField: $stackByField + ) @include(if: $eventsType) { + EventsOverTimeByModule { + x + y + g + } + totalCount + inspect @include(if: $inspect) { + dsl + response + } + } + } + } +`; diff --git a/x-pack/legacy/plugins/siem/public/containers/matrix_histogram/index.tsx b/x-pack/legacy/plugins/siem/public/containers/matrix_histogram/index.tsx index 9d3347f6fb733..cd07e2cf9034b 100644 --- a/x-pack/legacy/plugins/siem/public/containers/matrix_histogram/index.tsx +++ b/x-pack/legacy/plugins/siem/public/containers/matrix_histogram/index.tsx @@ -22,9 +22,13 @@ import { UpdateDateRange } from '../../components/charts/common'; import { SetQuery } from '../../pages/hosts/navigation/types'; export interface OwnProps extends QueryTemplateProps { + alertsType?: boolean; + anomaliesType?: boolean; + authenticationsType?: boolean; dataKey: string | string[]; defaultStackByOption: MatrixHistogramOption; deleteQuery?: ({ id }: { id: string }) => void; + eventsType?: boolean; hideHistogramIfEmpty?: boolean; id: string; mapping?: MatrixHistogramMappingTypes; diff --git a/x-pack/legacy/plugins/siem/public/containers/matrix_histogram/utils.ts b/x-pack/legacy/plugins/siem/public/containers/matrix_histogram/utils.ts index 7c5fb007eb350..5f1d305371837 100644 --- a/x-pack/legacy/plugins/siem/public/containers/matrix_histogram/utils.ts +++ b/x-pack/legacy/plugins/siem/public/containers/matrix_histogram/utils.ts @@ -9,8 +9,6 @@ import { i18n } from '@kbn/i18n'; import { MatrixHistogramDataTypes, MatrixHistogramQueryProps, - MatrixHistogramQueryVariables, - MatrixHistogramQuery, } from '../../components/matrix_histogram/types'; import { DEFAULT_INDEX_KEY } from '../../../common/constants'; import { useStateToaster } from '../../components/toasters'; @@ -19,9 +17,14 @@ import { useUiSetting$ } from '../../lib/kibana'; import { createFilter } from '../helpers'; import { useApolloClient } from '../../utils/apollo_context'; import { inputsModel } from '../../store'; +import { GetMatrixHistogramQuery, GetNetworkDnsQuery } from '../../graphql/types'; export const useQuery = ({ + alertsType = false, + anomaliesType = false, + authenticationsType = false, dataKey, + eventsType = false, endDate, filterQuery, query, @@ -41,6 +44,45 @@ export const useQuery = ({ const [data, setData] = useState(null); const [inspect, setInspect] = useState(null); const [totalCount, setTotalCount] = useState(-1); + + const isDNSQuery = ( + variable: GetNetworkDnsQuery.Variables | GetMatrixHistogramQuery.Variables + ): variable is GetNetworkDnsQuery.Variables => { + return ( + (variable as GetNetworkDnsQuery.Variables).isHistogram !== undefined && + (variable as GetNetworkDnsQuery.Variables).isPtrIncluded !== undefined && + (variable as GetNetworkDnsQuery.Variables).sort !== undefined && + (variable as GetNetworkDnsQuery.Variables).pagination !== undefined + ); + }; + + const basicVariables = { + filterQuery: createFilter(filterQuery), + sourceId: 'default', + timerange: { + interval: '12h', + from: startDate!, + to: endDate!, + }, + defaultIndex, + inspect: isInspected, + stackByField, + }; + const dnsVariables = { + ...basicVariables, + isHistogram, + isPtrIncluded, + sort, + pagination, + }; + const matrixHistogramVariables: GetMatrixHistogramQuery.Variables = { + ...basicVariables, + alertsType, + anomaliesType, + authenticationsType, + eventsType, + }; + const apolloClient = useApolloClient(); useEffect(() => { @@ -52,25 +94,13 @@ export const useQuery = ({ if (!apolloClient || (pagination != null && pagination.querySize < 0)) return null; setLoading(true); return apolloClient - .query({ + .query< + GetMatrixHistogramQuery.Query | GetNetworkDnsQuery.Query, + GetMatrixHistogramQuery.Variables | GetNetworkDnsQuery.Variables + >({ query, fetchPolicy: 'cache-first', - variables: { - filterQuery: createFilter(filterQuery), - sourceId: 'default', - timerange: { - interval: '12h', - from: startDate!, - to: endDate!, - }, - defaultIndex, - inspect: isInspected, - isHistogram, - stackByField, - sort, - isPtrIncluded, - pagination, - }, + variables: isDNSQuery(dnsVariables) ? dnsVariables : matrixHistogramVariables, context: { fetchOptions: { abortSignal, diff --git a/x-pack/legacy/plugins/siem/public/containers/network_dns/index.gql_query.ts b/x-pack/legacy/plugins/siem/public/containers/network_dns/index.gql_query.ts index daa14eca80c9d..a0b0ca8f51e5a 100644 --- a/x-pack/legacy/plugins/siem/public/containers/network_dns/index.gql_query.ts +++ b/x-pack/legacy/plugins/siem/public/containers/network_dns/index.gql_query.ts @@ -8,15 +8,16 @@ import gql from 'graphql-tag'; export const networkDnsQuery = gql` query GetNetworkDnsQuery( - $sourceId: ID! - $sort: NetworkDnsSortField! - $isPtrIncluded: Boolean! - $timerange: TimerangeInput! - $pagination: PaginationInputPaginated! - $filterQuery: String $defaultIndex: [String!]! + $filterQuery: String $inspect: Boolean! $isHistogram: Boolean! + $isPtrIncluded: Boolean! + $pagination: PaginationInputPaginated! + $sort: NetworkDnsSortField! + $sourceId: ID! + $stackByField: String + $timerange: TimerangeInput! ) { source(id: $sourceId) { id diff --git a/x-pack/legacy/plugins/siem/public/containers/network_dns/index.tsx b/x-pack/legacy/plugins/siem/public/containers/network_dns/index.tsx index fc7976f3ce30d..30b773510e154 100644 --- a/x-pack/legacy/plugins/siem/public/containers/network_dns/index.tsx +++ b/x-pack/legacy/plugins/siem/public/containers/network_dns/index.tsx @@ -43,6 +43,7 @@ export interface NetworkDnsArgs { networkDns: NetworkDnsEdges[]; pageInfo: PageInfoPaginated; refetch: inputsModel.Refetch; + stackByField?: string; totalCount: number; histogram: MatrixOverOrdinalHistogramData[]; } diff --git a/x-pack/legacy/plugins/siem/public/graphql/introspection.json b/x-pack/legacy/plugins/siem/public/graphql/introspection.json index 8f3edb823122b..85a2abe335835 100644 --- a/x-pack/legacy/plugins/siem/public/graphql/introspection.json +++ b/x-pack/legacy/plugins/siem/public/graphql/introspection.json @@ -1858,6 +1858,12 @@ }, "defaultValue": null }, + { + "name": "stackByField", + "description": "", + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "defaultValue": null + }, { "name": "timerange", "description": "", diff --git a/x-pack/legacy/plugins/siem/public/graphql/types.ts b/x-pack/legacy/plugins/siem/public/graphql/types.ts index d72ae3bc380c7..53ca877953e97 100644 --- a/x-pack/legacy/plugins/siem/public/graphql/types.ts +++ b/x-pack/legacy/plugins/siem/public/graphql/types.ts @@ -2348,6 +2348,8 @@ export interface NetworkDnsSourceArgs { sort: NetworkDnsSortField; + stackByField?: Maybe; + timerange: TimerangeInput; defaultIndex: string[]; @@ -3223,17 +3225,165 @@ export namespace GetKpiNetworkQuery { }; } -export namespace GetNetworkDnsQuery { +export namespace GetMatrixHistogramQuery { export type Variables = { + alertsType: boolean; + anomaliesType: boolean; + authenticationsType: boolean; + defaultIndex: string[]; + eventsType: boolean; + filterQuery?: Maybe; + inspect: boolean; sourceId: string; - sort: NetworkDnsSortField; - isPtrIncluded: boolean; + stackByField?: Maybe; timerange: TimerangeInput; - pagination: PaginationInputPaginated; - filterQuery?: Maybe; + }; + + export type Query = { + __typename?: 'Query'; + + source: Source; + }; + + export type Source = { + __typename?: 'Source'; + + id: string; + + AlertsHistogram: AlertsHistogram; + + AnomaliesHistogram: AnomaliesHistogram; + + AuthenticationsHistogram: AuthenticationsHistogram; + + EventsHistogram: EventsHistogram; + }; + + export type AlertsHistogram = { + __typename?: 'AlertsOverTimeData'; + + AlertsOverTimeByModule: AlertsOverTimeByModule[]; + + totalCount: number; + + inspect: Maybe; + }; + + export type AlertsOverTimeByModule = { + __typename?: 'MatrixOverTimeHistogramData'; + + x: number; + + y: number; + + g: string; + }; + + export type Inspect = { + __typename?: 'Inspect'; + + dsl: string[]; + + response: string[]; + }; + + export type AnomaliesHistogram = { + __typename?: 'AnomaliesOverTimeData'; + + AnomaliesOverTimeByModule: AnomaliesOverTimeByModule[]; + + totalCount: number; + + inspect: Maybe<_Inspect>; + }; + + export type AnomaliesOverTimeByModule = { + __typename?: 'MatrixOverTimeHistogramData'; + + x: number; + + y: number; + + g: string; + }; + + export type _Inspect = { + __typename?: 'Inspect'; + + dsl: string[]; + + response: string[]; + }; + + export type AuthenticationsHistogram = { + __typename?: 'AuthenticationsOverTimeData'; + + AuthenticationsOverTimeByModule: AuthenticationsOverTimeByModule[]; + + totalCount: number; + + inspect: Maybe<__Inspect>; + }; + + export type AuthenticationsOverTimeByModule = { + __typename?: 'MatrixOverTimeHistogramData'; + + x: number; + + y: number; + + g: string; + }; + + export type __Inspect = { + __typename?: 'Inspect'; + + dsl: string[]; + + response: string[]; + }; + + export type EventsHistogram = { + __typename?: 'EventsOverTimeData'; + + EventsOverTimeByModule: EventsOverTimeByModule[]; + + totalCount: number; + + inspect: Maybe<___Inspect>; + }; + + export type EventsOverTimeByModule = { + __typename?: 'MatrixOverTimeHistogramData'; + + x: number; + + y: number; + + g: string; + }; + + export type ___Inspect = { + __typename?: 'Inspect'; + + dsl: string[]; + + response: string[]; + }; +} + +export namespace GetNetworkDnsQuery { + export type Variables = { defaultIndex: string[]; + filterQuery?: Maybe; inspect: boolean; isHistogram: boolean; + isPtrIncluded: boolean; + pagination: PaginationInputPaginated; + sort: NetworkDnsSortField; + sourceId: string; + stackByField?: Maybe; + timerange: TimerangeInput; }; export type Query = { diff --git a/x-pack/legacy/plugins/siem/public/pages/hosts/navigation/authentications_query_tab_body.tsx b/x-pack/legacy/plugins/siem/public/pages/hosts/navigation/authentications_query_tab_body.tsx index 3bd1a01e20dba..c0291e5789da9 100644 --- a/x-pack/legacy/plugins/siem/public/pages/hosts/navigation/authentications_query_tab_body.tsx +++ b/x-pack/legacy/plugins/siem/public/pages/hosts/navigation/authentications_query_tab_body.tsx @@ -7,7 +7,6 @@ import { getOr } from 'lodash/fp'; import React from 'react'; import { EuiSpacer } from '@elastic/eui'; -import gql from 'graphql-tag'; import { AuthenticationTable } from '../../../components/page/hosts/authentications_table'; import { manageQuery } from '../../../components/page/manage_query'; import { AuthenticationsQuery } from '../../../containers/authentications'; @@ -18,8 +17,8 @@ import { MatrixHistogramMappingTypes, } from '../../../components/matrix_histogram/types'; import { MatrixHistogramContainer } from '../../../containers/matrix_histogram'; -import { getMatrixHistogramQuery } from '../../../containers/helpers'; import { KpiHostsChartColors } from '../../../components/page/hosts/kpi_hosts/types'; +import { MatrixHistogramGqlQuery } from '../../../containers/matrix_histogram/index.gql_query'; const AuthenticationTableManage = manageQuery(AuthenticationTable); const ID = 'authenticationsOverTimeQuery'; @@ -30,10 +29,6 @@ const authStackByOptions: MatrixHistogramOption[] = [ }, ]; -const AuthenticationsOverTimeGqlQuery = gql` - ${getMatrixHistogramQuery('Authentications')} -`; - enum AuthMatrixDataGroup { authSuccess = 'authentication_success', authFailure = 'authentication_failure', @@ -64,6 +59,7 @@ export const AuthenticationsQueryTabBody = ({ }: HostsComponentsQueryProps) => ( <> ; + timerange: TimerangeInput; defaultIndex: string[]; @@ -3196,6 +3198,8 @@ export namespace SourceResolvers { sort: NetworkDnsSortField; + stackByField?: Maybe; + timerange: TimerangeInput; defaultIndex: string[]; diff --git a/x-pack/legacy/plugins/siem/server/lib/alerts/index.ts b/x-pack/legacy/plugins/siem/server/lib/alerts/index.ts index 13a693a6e1fbb..9cfb1841edfef 100644 --- a/x-pack/legacy/plugins/siem/server/lib/alerts/index.ts +++ b/x-pack/legacy/plugins/siem/server/lib/alerts/index.ts @@ -4,7 +4,7 @@ * you may not use this file except in compliance with the Elastic License. */ -import { FrameworkRequest, RequestBasicOptions } from '../framework'; +import { FrameworkRequest, MatrixHistogramRequestOptions } from '../framework'; export * from './elasticsearch_adapter'; import { AlertsAdapter } from './types'; import { AlertsOverTimeData } from '../../graphql/types'; @@ -14,7 +14,7 @@ export class Alerts { public async getAlertsHistogramData( req: FrameworkRequest, - options: RequestBasicOptions + options: MatrixHistogramRequestOptions ): Promise { return this.adapter.getAlertsHistogramData(req, options); } diff --git a/x-pack/legacy/plugins/siem/server/lib/alerts/types.ts b/x-pack/legacy/plugins/siem/server/lib/alerts/types.ts index e6a4ff4b7c9d1..67da38e8052d2 100644 --- a/x-pack/legacy/plugins/siem/server/lib/alerts/types.ts +++ b/x-pack/legacy/plugins/siem/server/lib/alerts/types.ts @@ -5,7 +5,7 @@ */ import { AlertsOverTimeData } from '../../graphql/types'; -import { FrameworkRequest, RequestBasicOptions } from '../framework'; +import { FrameworkRequest, MatrixHistogramRequestOptions } from '../framework'; export interface AlertsBucket { key: number; @@ -22,6 +22,6 @@ export interface AlertsGroupData { export interface AlertsAdapter { getAlertsHistogramData( request: FrameworkRequest, - options: RequestBasicOptions + options: MatrixHistogramRequestOptions ): Promise; } diff --git a/x-pack/legacy/plugins/siem/server/lib/network/index.ts b/x-pack/legacy/plugins/siem/server/lib/network/index.ts index 0a2de936799b6..9b14be20636e2 100644 --- a/x-pack/legacy/plugins/siem/server/lib/network/index.ts +++ b/x-pack/legacy/plugins/siem/server/lib/network/index.ts @@ -41,6 +41,7 @@ export interface NetworkHttpRequestOptions extends RequestOptionsPaginated { export interface NetworkDnsRequestOptions extends RequestOptionsPaginated { isPtrIncluded: boolean; networkDnsSortField: NetworkDnsSortField; + stackByField: string; } export class Network { diff --git a/x-pack/legacy/plugins/siem/server/lib/network/query_dns.dsl.ts b/x-pack/legacy/plugins/siem/server/lib/network/query_dns.dsl.ts index 48409cd938598..96b5d260b1544 100644 --- a/x-pack/legacy/plugins/siem/server/lib/network/query_dns.dsl.ts +++ b/x-pack/legacy/plugins/siem/server/lib/network/query_dns.dsl.ts @@ -64,6 +64,7 @@ export const buildDnsQuery = ({ sourceConfiguration: { fields: { timestamp }, }, + stackByField = 'dns.question.registered_domain', timerange: { from, to }, }: NetworkDnsRequestOptions) => { const filter = [ @@ -87,7 +88,7 @@ export const buildDnsQuery = ({ ...getCountAgg(), dns_name_query_count: { terms: { - field: 'dns.question.registered_domain', + field: stackByField, size: querySize, order: { ...getQueryOrder(networkDnsSortField), diff --git a/x-pack/legacy/plugins/siem/server/lib/network/types.ts b/x-pack/legacy/plugins/siem/server/lib/network/types.ts index 6afcb211b5996..960fbe425b002 100644 --- a/x-pack/legacy/plugins/siem/server/lib/network/types.ts +++ b/x-pack/legacy/plugins/siem/server/lib/network/types.ts @@ -12,6 +12,7 @@ import { } from '../../graphql/types'; import { FrameworkRequest, RequestOptionsPaginated } from '../framework'; import { TotalValue } from '../types'; +import { NetworkDnsRequestOptions } from '.'; export interface NetworkAdapter { getNetworkTopCountries( @@ -22,7 +23,7 @@ export interface NetworkAdapter { req: FrameworkRequest, options: RequestOptionsPaginated ): Promise; - getNetworkDns(req: FrameworkRequest, options: RequestOptionsPaginated): Promise; + getNetworkDns(req: FrameworkRequest, options: NetworkDnsRequestOptions): Promise; getNetworkHttp(req: FrameworkRequest, options: RequestOptionsPaginated): Promise; } From cefb6b9b45da7941594bca76d5612dc3634f6b7b Mon Sep 17 00:00:00 2001 From: Angela Chuang Date: Mon, 13 Jan 2020 00:25:28 +0800 Subject: [PATCH 14/25] rename grqphql data --- .../public/components/alerts_viewer/index.tsx | 2 +- .../anomalies_query_tab_body/index.tsx | 2 +- .../matrix_histogram/index.gql_query.ts | 8 +++---- .../containers/matrix_histogram/utils.ts | 4 ++-- .../containers/network_dns/index.gql_query.ts | 1 + .../siem/public/graphql/introspection.json | 8 +++---- .../plugins/siem/public/graphql/types.ts | 24 +++++++++---------- .../authentications_query_tab_body.tsx | 2 +- .../navigation/events_query_tab_body.tsx | 2 +- .../siem/server/graphql/alerts/schema.gql.ts | 2 +- .../server/graphql/anomalies/schema.gql.ts | 2 +- .../graphql/authentications/schema.gql.ts | 2 +- .../siem/server/graphql/events/schema.gql.ts | 2 +- .../plugins/siem/server/graphql/types.ts | 24 +++++++++---------- .../lib/alerts/elasticsearch_adapter.ts | 4 ++-- .../lib/alerts/elasticseatch_adapter.test.ts | 2 +- .../lib/anomalies/elasticsearch_adapter.ts | 2 +- .../authentications/elasticsearch_adapter.ts | 2 +- .../lib/events/elasticsearch_adapter.ts | 2 +- 19 files changed, 49 insertions(+), 48 deletions(-) diff --git a/x-pack/legacy/plugins/siem/public/components/alerts_viewer/index.tsx b/x-pack/legacy/plugins/siem/public/components/alerts_viewer/index.tsx index 64feca34a493e..5412143fa72c8 100644 --- a/x-pack/legacy/plugins/siem/public/components/alerts_viewer/index.tsx +++ b/x-pack/legacy/plugins/siem/public/components/alerts_viewer/index.tsx @@ -20,7 +20,7 @@ const alertsStackByOptions: MatrixHistogramOption[] = [ value: 'event.module', }, ]; -const dataKey = 'Alerts'; +const dataKey = 'AlertsHistogram'; export const AlertsView = ({ deleteQuery, endDate, diff --git a/x-pack/legacy/plugins/siem/public/containers/anomalies/anomalies_query_tab_body/index.tsx b/x-pack/legacy/plugins/siem/public/containers/anomalies/anomalies_query_tab_body/index.tsx index 928101579b71e..6305e42bbe2b2 100644 --- a/x-pack/legacy/plugins/siem/public/containers/anomalies/anomalies_query_tab_body/index.tsx +++ b/x-pack/legacy/plugins/siem/public/containers/anomalies/anomalies_query_tab_body/index.tsx @@ -54,7 +54,7 @@ export const AnomaliesQueryTabBody = ({ <> ({ result => { if (isSubscribed) { const isDataKeyAnArray = Array.isArray(dataKey); - const rootDataKey = isDataKeyAnArray ? dataKey[0] : `${dataKey}Histogram`; - const histogramDataKey = isDataKeyAnArray ? dataKey[1] : `${dataKey}OverTimeByModule`; + const rootDataKey = isDataKeyAnArray ? dataKey[0] : `${dataKey}`; + const histogramDataKey = isDataKeyAnArray ? dataKey[1] : `matrixHistogramData`; const source = getOr({}, `data.source.${rootDataKey}`, result); setData(getOr([], histogramDataKey, source)); setTotalCount(getOr(-1, 'totalCount', source)); diff --git a/x-pack/legacy/plugins/siem/public/containers/network_dns/index.gql_query.ts b/x-pack/legacy/plugins/siem/public/containers/network_dns/index.gql_query.ts index a0b0ca8f51e5a..cec5d40446b35 100644 --- a/x-pack/legacy/plugins/siem/public/containers/network_dns/index.gql_query.ts +++ b/x-pack/legacy/plugins/siem/public/containers/network_dns/index.gql_query.ts @@ -28,6 +28,7 @@ export const networkDnsQuery = gql` pagination: $pagination filterQuery: $filterQuery defaultIndex: $defaultIndex + stackByField: $stackByField ) { totalCount edges @skip(if: $isHistogram) { diff --git a/x-pack/legacy/plugins/siem/public/graphql/introspection.json b/x-pack/legacy/plugins/siem/public/graphql/introspection.json index 85a2abe335835..c48b5ab9a27a4 100644 --- a/x-pack/legacy/plugins/siem/public/graphql/introspection.json +++ b/x-pack/legacy/plugins/siem/public/graphql/introspection.json @@ -2629,7 +2629,7 @@ "deprecationReason": null }, { - "name": "AlertsOverTimeByModule", + "name": "matrixHistogramData", "description": "", "args": [], "type": { @@ -2782,7 +2782,7 @@ "deprecationReason": null }, { - "name": "AnomaliesOverTimeByModule", + "name": "matrixHistogramData", "description": "", "args": [], "type": { @@ -3546,7 +3546,7 @@ "deprecationReason": null }, { - "name": "AuthenticationsOverTimeByModule", + "name": "matrixHistogramData", "description": "", "args": [], "type": { @@ -6265,7 +6265,7 @@ "deprecationReason": null }, { - "name": "EventsOverTimeByModule", + "name": "matrixHistogramData", "description": "", "args": [], "type": { diff --git a/x-pack/legacy/plugins/siem/public/graphql/types.ts b/x-pack/legacy/plugins/siem/public/graphql/types.ts index 53ca877953e97..53a34220a1108 100644 --- a/x-pack/legacy/plugins/siem/public/graphql/types.ts +++ b/x-pack/legacy/plugins/siem/public/graphql/types.ts @@ -563,7 +563,7 @@ export interface IndexField { export interface AlertsOverTimeData { inspect?: Maybe; - AlertsOverTimeByModule: MatrixOverTimeHistogramData[]; + matrixHistogramData: MatrixOverTimeHistogramData[]; totalCount: number; } @@ -585,7 +585,7 @@ export interface MatrixOverTimeHistogramData { export interface AnomaliesOverTimeData { inspect?: Maybe; - AnomaliesOverTimeByModule: MatrixOverTimeHistogramData[]; + matrixHistogramData: MatrixOverTimeHistogramData[]; totalCount: number; } @@ -727,7 +727,7 @@ export interface PageInfoPaginated { export interface AuthenticationsOverTimeData { inspect?: Maybe; - AuthenticationsOverTimeByModule: MatrixOverTimeHistogramData[]; + matrixHistogramData: MatrixOverTimeHistogramData[]; totalCount: number; } @@ -1311,7 +1311,7 @@ export interface LastEventTimeData { export interface EventsOverTimeData { inspect?: Maybe; - EventsOverTimeByModule: MatrixOverTimeHistogramData[]; + matrixHistogramData: MatrixOverTimeHistogramData[]; totalCount: number; } @@ -3262,14 +3262,14 @@ export namespace GetMatrixHistogramQuery { export type AlertsHistogram = { __typename?: 'AlertsOverTimeData'; - AlertsOverTimeByModule: AlertsOverTimeByModule[]; + matrixHistogramData: MatrixHistogramData[]; totalCount: number; inspect: Maybe; }; - export type AlertsOverTimeByModule = { + export type MatrixHistogramData = { __typename?: 'MatrixOverTimeHistogramData'; x: number; @@ -3290,14 +3290,14 @@ export namespace GetMatrixHistogramQuery { export type AnomaliesHistogram = { __typename?: 'AnomaliesOverTimeData'; - AnomaliesOverTimeByModule: AnomaliesOverTimeByModule[]; + matrixHistogramData: _MatrixHistogramData[]; totalCount: number; inspect: Maybe<_Inspect>; }; - export type AnomaliesOverTimeByModule = { + export type _MatrixHistogramData = { __typename?: 'MatrixOverTimeHistogramData'; x: number; @@ -3318,14 +3318,14 @@ export namespace GetMatrixHistogramQuery { export type AuthenticationsHistogram = { __typename?: 'AuthenticationsOverTimeData'; - AuthenticationsOverTimeByModule: AuthenticationsOverTimeByModule[]; + matrixHistogramData: __MatrixHistogramData[]; totalCount: number; inspect: Maybe<__Inspect>; }; - export type AuthenticationsOverTimeByModule = { + export type __MatrixHistogramData = { __typename?: 'MatrixOverTimeHistogramData'; x: number; @@ -3346,14 +3346,14 @@ export namespace GetMatrixHistogramQuery { export type EventsHistogram = { __typename?: 'EventsOverTimeData'; - EventsOverTimeByModule: EventsOverTimeByModule[]; + matrixHistogramData: ___MatrixHistogramData[]; totalCount: number; inspect: Maybe<___Inspect>; }; - export type EventsOverTimeByModule = { + export type ___MatrixHistogramData = { __typename?: 'MatrixOverTimeHistogramData'; x: number; diff --git a/x-pack/legacy/plugins/siem/public/pages/hosts/navigation/authentications_query_tab_body.tsx b/x-pack/legacy/plugins/siem/public/pages/hosts/navigation/authentications_query_tab_body.tsx index c0291e5789da9..cd489eb479e90 100644 --- a/x-pack/legacy/plugins/siem/public/pages/hosts/navigation/authentications_query_tab_body.tsx +++ b/x-pack/legacy/plugins/siem/public/pages/hosts/navigation/authentications_query_tab_body.tsx @@ -60,7 +60,7 @@ export const AuthenticationsQueryTabBody = ({ <> ; - AlertsOverTimeByModule: MatrixOverTimeHistogramData[]; + matrixHistogramData: MatrixOverTimeHistogramData[]; totalCount: number; } @@ -587,7 +587,7 @@ export interface MatrixOverTimeHistogramData { export interface AnomaliesOverTimeData { inspect?: Maybe; - AnomaliesOverTimeByModule: MatrixOverTimeHistogramData[]; + matrixHistogramData: MatrixOverTimeHistogramData[]; totalCount: number; } @@ -729,7 +729,7 @@ export interface PageInfoPaginated { export interface AuthenticationsOverTimeData { inspect?: Maybe; - AuthenticationsOverTimeByModule: MatrixOverTimeHistogramData[]; + matrixHistogramData: MatrixOverTimeHistogramData[]; totalCount: number; } @@ -1313,7 +1313,7 @@ export interface LastEventTimeData { export interface EventsOverTimeData { inspect?: Maybe; - EventsOverTimeByModule: MatrixOverTimeHistogramData[]; + matrixHistogramData: MatrixOverTimeHistogramData[]; totalCount: number; } @@ -3463,7 +3463,7 @@ export namespace AlertsOverTimeDataResolvers { export interface Resolvers { inspect?: InspectResolver, TypeParent, TContext>; - AlertsOverTimeByModule?: AlertsOverTimeByModuleResolver< + matrixHistogramData?: MatrixHistogramDataResolver< MatrixOverTimeHistogramData[], TypeParent, TContext @@ -3477,7 +3477,7 @@ export namespace AlertsOverTimeDataResolvers { Parent = AlertsOverTimeData, TContext = SiemContext > = Resolver; - export type AlertsOverTimeByModuleResolver< + export type MatrixHistogramDataResolver< R = MatrixOverTimeHistogramData[], Parent = AlertsOverTimeData, TContext = SiemContext @@ -3538,7 +3538,7 @@ export namespace AnomaliesOverTimeDataResolvers { export interface Resolvers { inspect?: InspectResolver, TypeParent, TContext>; - AnomaliesOverTimeByModule?: AnomaliesOverTimeByModuleResolver< + matrixHistogramData?: MatrixHistogramDataResolver< MatrixOverTimeHistogramData[], TypeParent, TContext @@ -3552,7 +3552,7 @@ export namespace AnomaliesOverTimeDataResolvers { Parent = AnomaliesOverTimeData, TContext = SiemContext > = Resolver; - export type AnomaliesOverTimeByModuleResolver< + export type MatrixHistogramDataResolver< R = MatrixOverTimeHistogramData[], Parent = AnomaliesOverTimeData, TContext = SiemContext @@ -4013,7 +4013,7 @@ export namespace AuthenticationsOverTimeDataResolvers { export interface Resolvers { inspect?: InspectResolver, TypeParent, TContext>; - AuthenticationsOverTimeByModule?: AuthenticationsOverTimeByModuleResolver< + matrixHistogramData?: MatrixHistogramDataResolver< MatrixOverTimeHistogramData[], TypeParent, TContext @@ -4027,7 +4027,7 @@ export namespace AuthenticationsOverTimeDataResolvers { Parent = AuthenticationsOverTimeData, TContext = SiemContext > = Resolver; - export type AuthenticationsOverTimeByModuleResolver< + export type MatrixHistogramDataResolver< R = MatrixOverTimeHistogramData[], Parent = AuthenticationsOverTimeData, TContext = SiemContext @@ -5967,7 +5967,7 @@ export namespace EventsOverTimeDataResolvers { export interface Resolvers { inspect?: InspectResolver, TypeParent, TContext>; - EventsOverTimeByModule?: EventsOverTimeByModuleResolver< + matrixHistogramData?: MatrixHistogramDataResolver< MatrixOverTimeHistogramData[], TypeParent, TContext @@ -5981,7 +5981,7 @@ export namespace EventsOverTimeDataResolvers { Parent = EventsOverTimeData, TContext = SiemContext > = Resolver; - export type EventsOverTimeByModuleResolver< + export type MatrixHistogramDataResolver< R = MatrixOverTimeHistogramData[], Parent = EventsOverTimeData, TContext = SiemContext diff --git a/x-pack/legacy/plugins/siem/server/lib/alerts/elasticsearch_adapter.ts b/x-pack/legacy/plugins/siem/server/lib/alerts/elasticsearch_adapter.ts index 61e090c6377c7..cedd781596812 100644 --- a/x-pack/legacy/plugins/siem/server/lib/alerts/elasticsearch_adapter.ts +++ b/x-pack/legacy/plugins/siem/server/lib/alerts/elasticsearch_adapter.ts @@ -31,14 +31,14 @@ export class ElasticsearchAlertsAdapter implements AlertsAdapter { dsl ); const totalCount = getOr(0, 'hits.total.value', response); - const AlertsOverTimeByModule = getOr([], 'aggregations.alertsByModuleGroup.buckets', response); + const matrixHistogramData = getOr([], 'aggregations.alertsByModuleGroup.buckets', response); const inspect = { dsl: [inspectStringifyObject(dsl)], response: [inspectStringifyObject(response)], }; return { inspect, - AlertsOverTimeByModule: getAlertsOverTimeByModule(AlertsOverTimeByModule), + matrixHistogramData: getAlertsOverTimeByModule(matrixHistogramData), totalCount, }; } diff --git a/x-pack/legacy/plugins/siem/server/lib/alerts/elasticseatch_adapter.test.ts b/x-pack/legacy/plugins/siem/server/lib/alerts/elasticseatch_adapter.test.ts index 9e05d3a628022..3aefb6c0e1e5f 100644 --- a/x-pack/legacy/plugins/siem/server/lib/alerts/elasticseatch_adapter.test.ts +++ b/x-pack/legacy/plugins/siem/server/lib/alerts/elasticseatch_adapter.test.ts @@ -45,7 +45,7 @@ describe('alerts elasticsearch_adapter', () => { ); expect(data).to.eql({ - AlertsOverTimeByModule: mockAlertsHistogramDataFormattedResponse, + matrixHistogramData: mockAlertsHistogramDataFormattedResponse, inspect: { dsl: ['"mockAlertsHistogramQueryDsl"'], response: [JSON.stringify(mockAlertsHistogramDataResponse, null, 2)], diff --git a/x-pack/legacy/plugins/siem/server/lib/anomalies/elasticsearch_adapter.ts b/x-pack/legacy/plugins/siem/server/lib/anomalies/elasticsearch_adapter.ts index ddce2129ceecf..0955bc69c7c93 100644 --- a/x-pack/legacy/plugins/siem/server/lib/anomalies/elasticsearch_adapter.ts +++ b/x-pack/legacy/plugins/siem/server/lib/anomalies/elasticsearch_adapter.ts @@ -39,7 +39,7 @@ export class ElasticsearchAnomaliesAdapter implements AnomaliesAdapter { }; return { inspect, - AnomaliesOverTimeByModule: getAnomaliesOverTimeByJobId(anomaliesOverTimeBucket), + matrixHistogramData: getAnomaliesOverTimeByJobId(anomaliesOverTimeBucket), totalCount, }; } diff --git a/x-pack/legacy/plugins/siem/server/lib/authentications/elasticsearch_adapter.ts b/x-pack/legacy/plugins/siem/server/lib/authentications/elasticsearch_adapter.ts index c06e63927c7ba..85008adcd985f 100644 --- a/x-pack/legacy/plugins/siem/server/lib/authentications/elasticsearch_adapter.ts +++ b/x-pack/legacy/plugins/siem/server/lib/authentications/elasticsearch_adapter.ts @@ -132,7 +132,7 @@ export class ElasticsearchAuthenticationAdapter implements AuthenticationsAdapte }; return { inspect, - AuthenticationsOverTimeByModule: getAuthenticationsOverTimeByAuthenticationResult( + matrixHistogramData: getAuthenticationsOverTimeByAuthenticationResult( authenticationsOverTimeBucket ), totalCount, diff --git a/x-pack/legacy/plugins/siem/server/lib/events/elasticsearch_adapter.ts b/x-pack/legacy/plugins/siem/server/lib/events/elasticsearch_adapter.ts index 6fcac95ee7b74..d06f6c030b380 100644 --- a/x-pack/legacy/plugins/siem/server/lib/events/elasticsearch_adapter.ts +++ b/x-pack/legacy/plugins/siem/server/lib/events/elasticsearch_adapter.ts @@ -147,7 +147,7 @@ export class ElasticsearchEventsAdapter implements EventsAdapter { }; return { inspect, - EventsOverTimeByModule: getEventsOverTimeByActionName(eventsOverTimeBucket), + matrixHistogramData: getEventsOverTimeByActionName(eventsOverTimeBucket), totalCount, }; } From e4c2806f83d9a81da170df28dd9b0c1e3a8be55b Mon Sep 17 00:00:00 2001 From: Angela Chuang Date: Mon, 13 Jan 2020 02:02:40 +0800 Subject: [PATCH 15/25] i18n --- .../matrix_histogram/index.test.tsx | 2 +- .../components/matrix_histogram/index.tsx | 2 + .../components/matrix_histogram/types.ts | 6 +- .../components/matrix_histogram/utils.ts | 4 +- .../__snapshots__/index.test.tsx.snap | 6 +- .../anomalies_query_tab_body/index.tsx | 15 +- .../anomalies_query_tab_body/translations.ts | 18 +++ .../authentications_query_tab_body.tsx | 134 ++++++++++-------- .../navigation/events_query_tab_body.tsx | 14 +- .../siem/public/pages/hosts/translations.ts | 14 ++ .../network/navigation/dns_query_tab_body.tsx | 5 +- .../siem/public/pages/network/translations.ts | 7 + .../siem/server/lib/anomalies/index.ts | 4 +- .../siem/server/lib/anomalies/types.ts | 4 +- .../siem/server/lib/authentications/index.ts | 8 +- .../siem/server/lib/authentications/types.ts | 8 +- .../siem/server/lib/framework/types.ts | 3 +- .../plugins/siem/server/lib/network/index.ts | 2 +- 18 files changed, 167 insertions(+), 89 deletions(-) create mode 100644 x-pack/legacy/plugins/siem/public/containers/anomalies/anomalies_query_tab_body/translations.ts diff --git a/x-pack/legacy/plugins/siem/public/components/matrix_histogram/index.test.tsx b/x-pack/legacy/plugins/siem/public/components/matrix_histogram/index.test.tsx index 5b065d173af43..f0ffecfce1bf5 100644 --- a/x-pack/legacy/plugins/siem/public/components/matrix_histogram/index.test.tsx +++ b/x-pack/legacy/plugins/siem/public/components/matrix_histogram/index.test.tsx @@ -8,7 +8,7 @@ import { shallow } from 'enzyme'; import * as React from 'react'; import { MatrixHistogram } from '.'; -import { MatrixHistogramGqlQuery as mockQuery } from '../../container/matrix_histogram/index.gql_query'; +import { MatrixHistogramGqlQuery as mockQuery } from '../../containers/matrix_histogram/index.gql_query'; jest.mock('../../lib/kibana'); diff --git a/x-pack/legacy/plugins/siem/public/components/matrix_histogram/index.tsx b/x-pack/legacy/plugins/siem/public/components/matrix_histogram/index.tsx index 2a89b057aa22e..cf6d0788cf338 100644 --- a/x-pack/legacy/plugins/siem/public/components/matrix_histogram/index.tsx +++ b/x-pack/legacy/plugins/siem/public/components/matrix_histogram/index.tsx @@ -44,6 +44,7 @@ export const MatrixHistogram = React.memo( id, isPtrIncluded, isInspected, + legendPosition, limit, mapping, query, @@ -66,6 +67,7 @@ export const MatrixHistogram = React.memo( scaleType, yTickFormatter, showLegend, + legendPosition, }); const [showInspect, setShowInspect] = useState(false); const [darkMode] = useUiSetting$(DEFAULT_DARK_MODE); diff --git a/x-pack/legacy/plugins/siem/public/components/matrix_histogram/types.ts b/x-pack/legacy/plugins/siem/public/components/matrix_histogram/types.ts index 328d43f0ca0e2..1cf611bbacf37 100644 --- a/x-pack/legacy/plugins/siem/public/components/matrix_histogram/types.ts +++ b/x-pack/legacy/plugins/siem/public/components/matrix_histogram/types.ts @@ -4,7 +4,7 @@ * you may not use this file except in compliance with the Elastic License. */ -import { ScaleType } from '@elastic/charts'; +import { ScaleType, Position } from '@elastic/charts'; import { SetStateAction } from 'react'; import { DocumentNode } from 'graphql'; import { @@ -12,9 +12,6 @@ import { MatrixOverOrdinalHistogramData, NetworkDnsSortField, PaginationInputPaginated, - TimerangeInput, - Maybe, - Source, } from '../../graphql/types'; import { UpdateDateRange } from '../charts/common'; import { ESQuery } from '../../../common/typed_json'; @@ -71,6 +68,7 @@ export interface MatrixHistogramProps extends MatrixHistogramBasicProps { scaleType?: ScaleType; yTickFormatter?: (value: number) => string; showLegend?: boolean; + legendPosition?: Position; } export interface HistogramBucket { diff --git a/x-pack/legacy/plugins/siem/public/components/matrix_histogram/utils.ts b/x-pack/legacy/plugins/siem/public/components/matrix_histogram/utils.ts index 600cafa4aea0c..a29334294a865 100644 --- a/x-pack/legacy/plugins/siem/public/components/matrix_histogram/utils.ts +++ b/x-pack/legacy/plugins/siem/public/components/matrix_histogram/utils.ts @@ -20,6 +20,7 @@ export const getBarchartConfigs = ({ onBrushEnd, yTickFormatter, showLegend, + legendPosition, }: { from: number; to: number; @@ -27,6 +28,7 @@ export const getBarchartConfigs = ({ onBrushEnd: UpdateDateRange; yTickFormatter?: (value: number) => string; showLegend?: boolean; + legendPosition?: Position; }) => ({ series: { xScaleType: scaleType || ScaleType.Time, @@ -42,7 +44,7 @@ export const getBarchartConfigs = ({ tickSize: 8, }, settings: { - legendPosition: Position.Bottom, + legendPosition: legendPosition || Position.Bottom, onBrushEnd, showLegend: showLegend || true, theme: { diff --git a/x-pack/legacy/plugins/siem/public/components/stat_items/__snapshots__/index.test.tsx.snap b/x-pack/legacy/plugins/siem/public/components/stat_items/__snapshots__/index.test.tsx.snap index 098f54640e4b2..5ed750b519cbf 100644 --- a/x-pack/legacy/plugins/siem/public/components/stat_items/__snapshots__/index.test.tsx.snap +++ b/x-pack/legacy/plugins/siem/public/components/stat_items/__snapshots__/index.test.tsx.snap @@ -105,7 +105,7 @@ exports[`Stat Items Component disable charts it renders the default widget 1`] = showInspect={false} >
{ + return () => { + if (deleteQuery) { + deleteQuery({ id: ID }); + } + }; + }, []); + return ( <> diff --git a/x-pack/legacy/plugins/siem/public/containers/anomalies/anomalies_query_tab_body/translations.ts b/x-pack/legacy/plugins/siem/public/containers/anomalies/anomalies_query_tab_body/translations.ts new file mode 100644 index 0000000000000..f040cbc338016 --- /dev/null +++ b/x-pack/legacy/plugins/siem/public/containers/anomalies/anomalies_query_tab_body/translations.ts @@ -0,0 +1,18 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License; + * you may not use this file except in compliance with the Elastic License. + */ + +import { i18n } from '@kbn/i18n'; + +export const ANOMALIES_STACK_BY_JOB_ID = i18n.translate( + 'xpack.siem.containers.anomalies.stackByJobId', + { + defaultMessage: 'job', + } +); + +export const ANOMALIES_TITLE = i18n.translate('xpack.siem.containers.anomalies.title', { + defaultMessage: 'Anomalies', +}); diff --git a/x-pack/legacy/plugins/siem/public/pages/hosts/navigation/authentications_query_tab_body.tsx b/x-pack/legacy/plugins/siem/public/pages/hosts/navigation/authentications_query_tab_body.tsx index cd489eb479e90..929c1044f5f34 100644 --- a/x-pack/legacy/plugins/siem/public/pages/hosts/navigation/authentications_query_tab_body.tsx +++ b/x-pack/legacy/plugins/siem/public/pages/hosts/navigation/authentications_query_tab_body.tsx @@ -5,7 +5,7 @@ */ import { getOr } from 'lodash/fp'; -import React from 'react'; +import React, { useEffect } from 'react'; import { EuiSpacer } from '@elastic/eui'; import { AuthenticationTable } from '../../../components/page/hosts/authentications_table'; import { manageQuery } from '../../../components/page/manage_query'; @@ -19,12 +19,13 @@ import { import { MatrixHistogramContainer } from '../../../containers/matrix_histogram'; import { KpiHostsChartColors } from '../../../components/page/hosts/kpi_hosts/types'; import { MatrixHistogramGqlQuery } from '../../../containers/matrix_histogram/index.gql_query'; +import * as i18n from '../translations'; const AuthenticationTableManage = manageQuery(AuthenticationTable); const ID = 'authenticationsOverTimeQuery'; const authStackByOptions: MatrixHistogramOption[] = [ { - text: 'event type', + text: i18n.NAVIGATION_AUTHENTICATIONS_STACK_BY_EVENT_TYPE, value: 'event.type', }, ]; @@ -56,65 +57,74 @@ export const AuthenticationsQueryTabBody = ({ startDate, type, updateDateRange = () => {}, -}: HostsComponentsQueryProps) => ( - <> - - - - {({ - authentications, - totalCount, - loading, - pageInfo, - loadPage, - id, - inspect, - isInspected, - refetch, - }) => ( - - )} - - -); +}: HostsComponentsQueryProps) => { + useEffect(() => { + return () => { + if (deleteQuery) { + deleteQuery({ id: ID }); + } + }; + }, []); + return ( + <> + + + + {({ + authentications, + totalCount, + loading, + pageInfo, + loadPage, + id, + inspect, + isInspected, + refetch, + }) => ( + + )} + + + ); +}; AuthenticationsQueryTabBody.displayName = 'AuthenticationsQueryTabBody'; diff --git a/x-pack/legacy/plugins/siem/public/pages/hosts/navigation/events_query_tab_body.tsx b/x-pack/legacy/plugins/siem/public/pages/hosts/navigation/events_query_tab_body.tsx index 67753c0a4f1ed..31e4935c64f0e 100644 --- a/x-pack/legacy/plugins/siem/public/pages/hosts/navigation/events_query_tab_body.tsx +++ b/x-pack/legacy/plugins/siem/public/pages/hosts/navigation/events_query_tab_body.tsx @@ -4,7 +4,7 @@ * you may not use this file except in compliance with the Elastic License. */ -import React from 'react'; +import React, { useEffect } from 'react'; import { EuiSpacer } from '@elastic/eui'; import { StatefulEventsViewer } from '../../../components/events_viewer'; import { HostsComponentsQueryProps } from './types'; @@ -13,13 +13,14 @@ import { eventsDefaultModel } from '../../../components/events_viewer/default_mo import { MatrixHistogramOption } from '../../../components/matrix_histogram/types'; import { MatrixHistogramContainer } from '../../../containers/matrix_histogram'; import { MatrixHistogramGqlQuery } from '../../../containers/matrix_histogram/index.gql_query'; +import * as i18n from '../translations'; const HOSTS_PAGE_TIMELINE_ID = 'hosts-page'; const EVENTS_HISTOGRAM_ID = 'eventsOverTimeQuery'; const eventsStackByOptions: MatrixHistogramOption[] = [ { - text: 'action', + text: i18n.NAVIGATION_EVENTS_STACK_BY_EVENT_ACTION, value: 'event.action', }, ]; @@ -33,6 +34,13 @@ export const EventsQueryTabBody = ({ startDate, updateDateRange = () => {}, }: HostsComponentsQueryProps) => { + useEffect(() => { + return () => { + if (deleteQuery) { + deleteQuery({ id: EVENTS_HISTOGRAM_ID }); + } + }; + }, []); return ( <> diff --git a/x-pack/legacy/plugins/siem/public/pages/hosts/translations.ts b/x-pack/legacy/plugins/siem/public/pages/hosts/translations.ts index 87617f6bc5f7f..df5f9df6974ef 100644 --- a/x-pack/legacy/plugins/siem/public/pages/hosts/translations.ts +++ b/x-pack/legacy/plugins/siem/public/pages/hosts/translations.ts @@ -28,6 +28,13 @@ export const NAVIGATION_AUTHENTICATIONS_TITLE = i18n.translate( } ); +export const NAVIGATION_AUTHENTICATIONS_STACK_BY_EVENT_TYPE = i18n.translate( + 'xpack.siem.hosts.navigation.authentications.stackByEventType', + { + defaultMessage: 'event type', + } +); + export const NAVIGATION_UNCOMMON_PROCESSES_TITLE = i18n.translate( 'xpack.siem.hosts.navigation.uncommonProcessesTitle', { @@ -46,6 +53,13 @@ export const NAVIGATION_EVENTS_TITLE = i18n.translate('xpack.siem.hosts.navigati defaultMessage: 'Events', }); +export const NAVIGATION_EVENTS_STACK_BY_EVENT_ACTION = i18n.translate( + 'xpack.siem.hosts.navigation.authentications.stackByEventType', + { + defaultMessage: 'action', + } +); + export const NAVIGATION_ALERTS_TITLE = i18n.translate('xpack.siem.hosts.navigation.alertsTitle', { defaultMessage: 'Alerts', }); diff --git a/x-pack/legacy/plugins/siem/public/pages/network/navigation/dns_query_tab_body.tsx b/x-pack/legacy/plugins/siem/public/pages/network/navigation/dns_query_tab_body.tsx index 8364af37afde5..28f5d5cff0dd0 100644 --- a/x-pack/legacy/plugins/siem/public/pages/network/navigation/dns_query_tab_body.tsx +++ b/x-pack/legacy/plugins/siem/public/pages/network/navigation/dns_query_tab_body.tsx @@ -22,12 +22,13 @@ import { networkModel } from '../../../store'; import { MatrixHistogramOption } from '../../../components/matrix_histogram/types'; import { networkDnsQuery } from '../../../containers/network_dns/index.gql_query'; import { bytesFormatter } from '../../../components/matrix_histogram/utils'; +import * as i18n from '../translations'; const NetworkDnsTableManage = manageQuery(NetworkDnsTable); const dnsStackByOptions: MatrixHistogramOption[] = [ { - text: 'domain', + text: i18n.NAVIGATION_DNS_STACK_BY_DOMAIN, value: 'dns.question.registered_domain', }, ]; @@ -82,7 +83,7 @@ export const DnsQueryTabBody = ({ sourceId="default" startDate={startDate} stackByOptions={dnsStackByOptions} - title="DNS" + title={i18n.NAVIGATION_DNS_TITLE} type={networkModel.NetworkType.page} updateDateRange={updateDateRange} yTickFormatter={bytesFormatter} diff --git a/x-pack/legacy/plugins/siem/public/pages/network/translations.ts b/x-pack/legacy/plugins/siem/public/pages/network/translations.ts index 91c3338ff7903..ae30cf7b3c86f 100644 --- a/x-pack/legacy/plugins/siem/public/pages/network/translations.ts +++ b/x-pack/legacy/plugins/siem/public/pages/network/translations.ts @@ -35,6 +35,13 @@ export const NAVIGATION_DNS_TITLE = i18n.translate('xpack.siem.network.navigatio defaultMessage: 'DNS', }); +export const NAVIGATION_DNS_STACK_BY_DOMAIN = i18n.translate( + 'xpack.siem.hosts.navigation.dns.stackByDomain', + { + defaultMessage: 'domain', + } +); + export const NAVIGATION_TLS_TITLE = i18n.translate('xpack.siem.network.navigation.tlsTitle', { defaultMessage: 'TLS', }); diff --git a/x-pack/legacy/plugins/siem/server/lib/anomalies/index.ts b/x-pack/legacy/plugins/siem/server/lib/anomalies/index.ts index 7beeea4ad9e4e..727c45a3bac44 100644 --- a/x-pack/legacy/plugins/siem/server/lib/anomalies/index.ts +++ b/x-pack/legacy/plugins/siem/server/lib/anomalies/index.ts @@ -4,7 +4,7 @@ * you may not use this file except in compliance with the Elastic License. */ -import { FrameworkRequest, RequestBasicOptions } from '../framework'; +import { FrameworkRequest, MatrixHistogramRequestOptions } from '../framework'; export * from './elasticsearch_adapter'; import { AnomaliesAdapter } from './types'; import { AnomaliesOverTimeData } from '../../../public/graphql/types'; @@ -14,7 +14,7 @@ export class Anomalies { public async getAnomaliesOverTime( req: FrameworkRequest, - options: RequestBasicOptions + options: MatrixHistogramRequestOptions ): Promise { return this.adapter.getAnomaliesOverTime(req, options); } diff --git a/x-pack/legacy/plugins/siem/server/lib/anomalies/types.ts b/x-pack/legacy/plugins/siem/server/lib/anomalies/types.ts index 1e13ad88f8af3..9fde81da63ec7 100644 --- a/x-pack/legacy/plugins/siem/server/lib/anomalies/types.ts +++ b/x-pack/legacy/plugins/siem/server/lib/anomalies/types.ts @@ -5,13 +5,13 @@ */ import { AnomaliesOverTimeData } from '../../graphql/types'; -import { FrameworkRequest, RequestBasicOptions } from '../framework'; +import { FrameworkRequest, MatrixHistogramRequestOptions } from '../framework'; import { SearchHit } from '../types'; export interface AnomaliesAdapter { getAnomaliesOverTime( req: FrameworkRequest, - options: RequestBasicOptions + options: MatrixHistogramRequestOptions ): Promise; } diff --git a/x-pack/legacy/plugins/siem/server/lib/authentications/index.ts b/x-pack/legacy/plugins/siem/server/lib/authentications/index.ts index b369c358e1619..bd5712c105f31 100644 --- a/x-pack/legacy/plugins/siem/server/lib/authentications/index.ts +++ b/x-pack/legacy/plugins/siem/server/lib/authentications/index.ts @@ -5,7 +5,11 @@ */ import { AuthenticationsData } from '../../graphql/types'; -import { FrameworkRequest, RequestOptionsPaginated, RequestBasicOptions } from '../framework'; +import { + FrameworkRequest, + RequestOptionsPaginated, + MatrixHistogramRequestOptions, +} from '../framework'; import { AuthenticationsAdapter } from './types'; import { AuthenticationsOverTimeData } from '../../../public/graphql/types'; @@ -22,7 +26,7 @@ export class Authentications { public async getAuthenticationsOverTime( req: FrameworkRequest, - options: RequestBasicOptions + options: MatrixHistogramRequestOptions ): Promise { return this.adapter.getAuthenticationsOverTime(req, options); } diff --git a/x-pack/legacy/plugins/siem/server/lib/authentications/types.ts b/x-pack/legacy/plugins/siem/server/lib/authentications/types.ts index 6e83a2bdba956..e1ec871ff4b58 100644 --- a/x-pack/legacy/plugins/siem/server/lib/authentications/types.ts +++ b/x-pack/legacy/plugins/siem/server/lib/authentications/types.ts @@ -9,7 +9,11 @@ import { AuthenticationsOverTimeData, LastSourceHost, } from '../../graphql/types'; -import { FrameworkRequest, RequestOptionsPaginated, RequestBasicOptions } from '../framework'; +import { + FrameworkRequest, + RequestOptionsPaginated, + MatrixHistogramRequestOptions, +} from '../framework'; import { Hit, SearchHit, TotalHit } from '../types'; export interface AuthenticationsAdapter { @@ -19,7 +23,7 @@ export interface AuthenticationsAdapter { ): Promise; getAuthenticationsOverTime( req: FrameworkRequest, - options: RequestBasicOptions + options: MatrixHistogramRequestOptions ): Promise; } diff --git a/x-pack/legacy/plugins/siem/server/lib/framework/types.ts b/x-pack/legacy/plugins/siem/server/lib/framework/types.ts index d497d8c58a29e..67861ce0dcf28 100644 --- a/x-pack/legacy/plugins/siem/server/lib/framework/types.ts +++ b/x-pack/legacy/plugins/siem/server/lib/framework/types.ts @@ -17,6 +17,7 @@ import { SortField, SourceConfiguration, TimerangeInput, + Maybe, } from '../../graphql/types'; import { RequestFacade } from '../../types'; @@ -131,7 +132,7 @@ export interface RequestBasicOptions { } export interface MatrixHistogramRequestOptions extends RequestBasicOptions { - stackByField: string; + stackByField?: Maybe; } export interface RequestOptions extends RequestBasicOptions { diff --git a/x-pack/legacy/plugins/siem/server/lib/network/index.ts b/x-pack/legacy/plugins/siem/server/lib/network/index.ts index 9b14be20636e2..42ce9f0726ddb 100644 --- a/x-pack/legacy/plugins/siem/server/lib/network/index.ts +++ b/x-pack/legacy/plugins/siem/server/lib/network/index.ts @@ -41,7 +41,7 @@ export interface NetworkHttpRequestOptions extends RequestOptionsPaginated { export interface NetworkDnsRequestOptions extends RequestOptionsPaginated { isPtrIncluded: boolean; networkDnsSortField: NetworkDnsSortField; - stackByField: string; + stackByField?: Maybe; } export class Network { From b1291dacbb5bd18552bc73fff4128f46f0d51924 Mon Sep 17 00:00:00 2001 From: Angela Chuang Date: Mon, 13 Jan 2020 03:27:16 +0800 Subject: [PATCH 16/25] fix type --- .../public/containers/matrix_histogram/utils.ts | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/x-pack/legacy/plugins/siem/public/containers/matrix_histogram/utils.ts b/x-pack/legacy/plugins/siem/public/containers/matrix_histogram/utils.ts index 71767bd03280c..14bc9fd79b535 100644 --- a/x-pack/legacy/plugins/siem/public/containers/matrix_histogram/utils.ts +++ b/x-pack/legacy/plugins/siem/public/containers/matrix_histogram/utils.ts @@ -46,13 +46,16 @@ export const useQuery = ({ const [totalCount, setTotalCount] = useState(-1); const isDNSQuery = ( - variable: GetNetworkDnsQuery.Variables | GetMatrixHistogramQuery.Variables + variable: Pick< + MatrixHistogramQueryProps, + 'isHistogram' | 'isPtrIncluded' | 'sort' | 'pagination' + > ): variable is GetNetworkDnsQuery.Variables => { return ( - (variable as GetNetworkDnsQuery.Variables).isHistogram !== undefined && - (variable as GetNetworkDnsQuery.Variables).isPtrIncluded !== undefined && - (variable as GetNetworkDnsQuery.Variables).sort !== undefined && - (variable as GetNetworkDnsQuery.Variables).pagination !== undefined + variable.isHistogram !== undefined && + variable.isPtrIncluded !== undefined && + variable.sort !== undefined && + variable.pagination !== undefined ); }; From e40e46b30c3dcd1c777d74a9ba330afb3a5ae16a Mon Sep 17 00:00:00 2001 From: Angela Chuang Date: Mon, 13 Jan 2020 17:22:20 +0800 Subject: [PATCH 17/25] fix i18n --- .../matrix_histogram/translations.ts | 42 +++++++++++++++++++ .../containers/matrix_histogram/utils.ts | 22 +++++----- .../siem/public/pages/hosts/translations.ts | 2 +- 3 files changed, 53 insertions(+), 13 deletions(-) create mode 100644 x-pack/legacy/plugins/siem/public/containers/matrix_histogram/translations.ts diff --git a/x-pack/legacy/plugins/siem/public/containers/matrix_histogram/translations.ts b/x-pack/legacy/plugins/siem/public/containers/matrix_histogram/translations.ts new file mode 100644 index 0000000000000..c0a72fffad8cd --- /dev/null +++ b/x-pack/legacy/plugins/siem/public/containers/matrix_histogram/translations.ts @@ -0,0 +1,42 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License; + * you may not use this file except in compliance with the Elastic License. + */ + +import { i18n } from '@kbn/i18n'; + +export const ERROR_FETCHING_AUTHENTICATIONS_DATA = i18n.translate( + 'xpack.siem.component.matrixHistogram.errorFetchingAuthenticationsData', + { + defaultMessage: 'Failed to query authentications data', + } +); + +export const ERROR_FETCHING_ANOMALIES_DATA = i18n.translate( + 'xpack.siem.component.matrixHistogram.errorFetchingAnomaliesData', + { + defaultMessage: 'Failed to query anomalies data', + } +); + +export const ERROR_FETCHING_EVENTS_DATA = i18n.translate( + 'xpack.siem.component.matrixHistogram.errorFetchingEventsData', + { + defaultMessage: 'Failed to query events data', + } +); + +export const ERROR_FETCHING_ALERTS_DATA = i18n.translate( + 'xpack.siem.component.matrixHistogram.errorFetchingAlertsData', + { + defaultMessage: 'Failed to query alerts data', + } +); + +export const ERROR_FETCHING_DNS_DATA = i18n.translate( + 'xpack.siem.component.matrixHistogram.errorFetchingDnsData', + { + defaultMessage: 'Failed to query DNS data', + } +); diff --git a/x-pack/legacy/plugins/siem/public/containers/matrix_histogram/utils.ts b/x-pack/legacy/plugins/siem/public/containers/matrix_histogram/utils.ts index 14bc9fd79b535..6e5d8a30dc561 100644 --- a/x-pack/legacy/plugins/siem/public/containers/matrix_histogram/utils.ts +++ b/x-pack/legacy/plugins/siem/public/containers/matrix_histogram/utils.ts @@ -5,7 +5,6 @@ */ import { getOr } from 'lodash/fp'; import { useEffect, useState } from 'react'; -import { i18n } from '@kbn/i18n'; import { MatrixHistogramDataTypes, MatrixHistogramQueryProps, @@ -18,6 +17,7 @@ import { createFilter } from '../helpers'; import { useApolloClient } from '../../utils/apollo_context'; import { inputsModel } from '../../store'; import { GetMatrixHistogramQuery, GetNetworkDnsQuery } from '../../graphql/types'; +import * as i18n from './translations'; export const useQuery = ({ alertsType = false, @@ -31,7 +31,6 @@ export const useQuery = ({ stackByField, startDate, sort, - title, isPtrIncluded, isInspected, isHistogram, @@ -45,6 +44,14 @@ export const useQuery = ({ const [inspect, setInspect] = useState(null); const [totalCount, setTotalCount] = useState(-1); + const getErrorMessage = () => { + if (alertsType) return i18n.ERROR_FETCHING_ALERTS_DATA; + if (anomaliesType) return i18n.ERROR_FETCHING_ANOMALIES_DATA; + if (authenticationsType) return i18n.ERROR_FETCHING_AUTHENTICATIONS_DATA; + if (eventsType) return i18n.ERROR_FETCHING_EVENTS_DATA; + return i18n.ERROR_FETCHING_DNS_DATA; + }; + const isDNSQuery = ( variable: Pick< MatrixHistogramQueryProps, @@ -128,16 +135,7 @@ export const useQuery = ({ setData(null); setTotalCount(-1); setInspect(null); - errorToToaster({ - title: i18n.translate( - `xpack.siem.component.matrixHistogram.${title}.errorFetchingSignalsDescription`, - { - defaultMessage: `Failed to query ${title}`, - } - ), - error, - dispatchToaster, - }); + errorToToaster({ title: getErrorMessage(), error, dispatchToaster }); setLoading(false); } } diff --git a/x-pack/legacy/plugins/siem/public/pages/hosts/translations.ts b/x-pack/legacy/plugins/siem/public/pages/hosts/translations.ts index df5f9df6974ef..da05c606069b7 100644 --- a/x-pack/legacy/plugins/siem/public/pages/hosts/translations.ts +++ b/x-pack/legacy/plugins/siem/public/pages/hosts/translations.ts @@ -54,7 +54,7 @@ export const NAVIGATION_EVENTS_TITLE = i18n.translate('xpack.siem.hosts.navigati }); export const NAVIGATION_EVENTS_STACK_BY_EVENT_ACTION = i18n.translate( - 'xpack.siem.hosts.navigation.authentications.stackByEventType', + 'xpack.siem.hosts.navigation.eventsStackByEventAction', { defaultMessage: 'action', } From 5dbbf86c27d26b026b757dc36c08c2ac163760ec Mon Sep 17 00:00:00 2001 From: Angela Chuang Date: Mon, 13 Jan 2020 18:16:07 +0800 Subject: [PATCH 18/25] fix i18n --- x-pack/plugins/translations/translations/ja-JP.json | 5 +---- x-pack/plugins/translations/translations/zh-CN.json | 5 +---- 2 files changed, 2 insertions(+), 8 deletions(-) diff --git a/x-pack/plugins/translations/translations/ja-JP.json b/x-pack/plugins/translations/translations/ja-JP.json index 3b0c188318309..bdc3d50c213be 100644 --- a/x-pack/plugins/translations/translations/ja-JP.json +++ b/x-pack/plugins/translations/translations/ja-JP.json @@ -10815,9 +10815,6 @@ "xpack.siem.components.mlPopup.jobsTable.tagsColumn": "グループ", "xpack.siem.components.mlPopup.licenseButtonLabel": "ライセンスの管理", "xpack.siem.components.mlPopup.moduleNotCompatibleTitle": "{incompatibleJobCount} 件が {incompatibleJobCount, plural, =1 {job} other {jobs}} 現在利用できません", - "xpack.siem.eventsOverTime.eventCountFrequencyByActionTitle": "アクション別のイベントカウント", - "xpack.siem.eventsOverTime.showing": "表示中", - "xpack.siem.eventsOverTime.unit": "{totalCount, plural, =1 {event} other {events}}", "xpack.siem.flyout.button.text": "タイムライン", "xpack.siem.network.navigation.anomaliesTitle": "異常", "xpack.siem.network.navigation.dnsTitle": "DNS", @@ -12698,4 +12695,4 @@ "xpack.licensing.welcomeBanner.licenseIsExpiredDescription.updateYourLicenseLinkText": "ライセンスを更新", "xpack.licensing.welcomeBanner.licenseIsExpiredTitle": "ご使用の {licenseType} ライセンスは期限切れです" } -} \ No newline at end of file +} diff --git a/x-pack/plugins/translations/translations/zh-CN.json b/x-pack/plugins/translations/translations/zh-CN.json index 3cc476937d4e7..2c559eaacfc9e 100644 --- a/x-pack/plugins/translations/translations/zh-CN.json +++ b/x-pack/plugins/translations/translations/zh-CN.json @@ -10904,9 +10904,6 @@ "xpack.siem.components.mlPopup.jobsTable.tagsColumn": "组", "xpack.siem.components.mlPopup.licenseButtonLabel": "管理许可", "xpack.siem.components.mlPopup.moduleNotCompatibleTitle": "{incompatibleJobCount} {incompatibleJobCount, plural, =1 {job} other {jobs}}当前不可用。", - "xpack.siem.eventsOverTime.eventCountFrequencyByActionTitle": "事件计数 - 按操作", - "xpack.siem.eventsOverTime.showing": "显示", - "xpack.siem.eventsOverTime.unit": "{totalCount, plural, =1 {event} other {events}}", "xpack.siem.flyout.button.text": "时间线", "xpack.siem.network.navigation.anomaliesTitle": "异常", "xpack.siem.network.navigation.dnsTitle": "DNS", @@ -12787,4 +12784,4 @@ "xpack.licensing.welcomeBanner.licenseIsExpiredDescription.updateYourLicenseLinkText": "更新您的许可", "xpack.licensing.welcomeBanner.licenseIsExpiredTitle": "您的{licenseType}许可已过期" } -} \ No newline at end of file +} From c9241ff4d8e4ebc732b092ae026b822628eefd9d Mon Sep 17 00:00:00 2001 From: Angela Chuang Date: Tue, 14 Jan 2020 02:42:37 +0800 Subject: [PATCH 19/25] fix subtitle --- .../siem/public/components/alerts_viewer/index.tsx | 9 +++++++-- .../siem/public/components/matrix_histogram/index.tsx | 6 +++--- .../siem/public/components/matrix_histogram/types.ts | 4 +++- .../siem/public/containers/matrix_histogram/index.tsx | 3 ++- 4 files changed, 15 insertions(+), 7 deletions(-) diff --git a/x-pack/legacy/plugins/siem/public/components/alerts_viewer/index.tsx b/x-pack/legacy/plugins/siem/public/components/alerts_viewer/index.tsx index 5412143fa72c8..06857fb25b9ba 100644 --- a/x-pack/legacy/plugins/siem/public/components/alerts_viewer/index.tsx +++ b/x-pack/legacy/plugins/siem/public/components/alerts_viewer/index.tsx @@ -4,7 +4,7 @@ * you may not use this file except in compliance with the Elastic License. */ import { noop } from 'lodash/fp'; -import React, { useEffect } from 'react'; +import React, { useEffect, useCallback } from 'react'; import { EuiSpacer } from '@elastic/eui'; import { AlertsComponentsQueryProps } from './types'; @@ -39,6 +39,11 @@ export const AlertsView = ({ } }; }, []); + + const getSubtitle = useCallback( + (totalCount: number) => `${i18n.SHOWING}: ${totalCount} ${i18n.UNIT(totalCount)}`, + [] + ); return ( <> ( defaultStackByOption ); - const [subtitleWithCounts, setSubtitle] = useState(subtitle); + const [subtitleWithCounts, setSubtitle] = useState(''); const [hideHistogram, setHideHistogram] = useState(hideHistogramIfEmpty); const [barChartData, setBarChartData] = useState(null); const setSelectedChatOptionCallback = useCallback( @@ -126,8 +126,8 @@ export const MatrixHistogram = React.memo( }); useEffect(() => { - const formattedSubTitle = subtitle?.replace('{{totalCount}}', totalCount.toString()); - setSubtitle(formattedSubTitle); + if (subtitle != null) + setSubtitle(typeof subtitle === 'function' ? subtitle(totalCount) : subtitle); if (totalCount <= 0) { if (hideHistogramIfEmpty) setHideHistogram(true); diff --git a/x-pack/legacy/plugins/siem/public/components/matrix_histogram/types.ts b/x-pack/legacy/plugins/siem/public/components/matrix_histogram/types.ts index 1cf611bbacf37..edc0e83d047bf 100644 --- a/x-pack/legacy/plugins/siem/public/components/matrix_histogram/types.ts +++ b/x-pack/legacy/plugins/siem/public/components/matrix_histogram/types.ts @@ -26,6 +26,8 @@ export interface MatrixHistogramOption { text: string; value: string; } + +export type GetSubTitle = (count: number) => string; export interface MatrixHistogramBasicProps { defaultIndex: string[]; defaultStackByOption: MatrixHistogramOption; @@ -37,7 +39,7 @@ export interface MatrixHistogramBasicProps { sourceId: string; startDate: number; stackByOptions: MatrixHistogramOption[]; - subtitle?: string; + subtitle?: string | GetSubTitle; title?: string; updateDateRange: UpdateDateRange; } diff --git a/x-pack/legacy/plugins/siem/public/containers/matrix_histogram/index.tsx b/x-pack/legacy/plugins/siem/public/containers/matrix_histogram/index.tsx index cd07e2cf9034b..c6ca3862f273b 100644 --- a/x-pack/legacy/plugins/siem/public/containers/matrix_histogram/index.tsx +++ b/x-pack/legacy/plugins/siem/public/containers/matrix_histogram/index.tsx @@ -17,6 +17,7 @@ import { MatrixHistogram } from '../../components/matrix_histogram'; import { MatrixHistogramOption, MatrixHistogramMappingTypes, + GetSubTitle, } from '../../components/matrix_histogram/types'; import { UpdateDateRange } from '../../components/charts/common'; import { SetQuery } from '../../pages/hosts/navigation/types'; @@ -36,7 +37,7 @@ export interface OwnProps extends QueryTemplateProps { setQuery: SetQuery; sourceId: string; stackByOptions: MatrixHistogramOption[]; - subtitle?: string; + subtitle?: string | GetSubTitle; type: hostsModel.HostsType | networkModel.NetworkType; title: string; updateDateRange: UpdateDateRange; From 1d6f0642ecef5c5ac5c6b43cb283b9e6158f4ec1 Mon Sep 17 00:00:00 2001 From: Angela Chuang Date: Tue, 14 Jan 2020 02:57:30 +0800 Subject: [PATCH 20/25] fix subtitle --- .../plugins/siem/public/components/alerts_viewer/index.tsx | 2 ++ 1 file changed, 2 insertions(+) diff --git a/x-pack/legacy/plugins/siem/public/components/alerts_viewer/index.tsx b/x-pack/legacy/plugins/siem/public/components/alerts_viewer/index.tsx index 06857fb25b9ba..989702cefd453 100644 --- a/x-pack/legacy/plugins/siem/public/components/alerts_viewer/index.tsx +++ b/x-pack/legacy/plugins/siem/public/components/alerts_viewer/index.tsx @@ -21,6 +21,7 @@ const alertsStackByOptions: MatrixHistogramOption[] = [ }, ]; const dataKey = 'AlertsHistogram'; + export const AlertsView = ({ deleteQuery, endDate, @@ -44,6 +45,7 @@ export const AlertsView = ({ (totalCount: number) => `${i18n.SHOWING}: ${totalCount} ${i18n.UNIT(totalCount)}`, [] ); + return ( <> Date: Tue, 14 Jan 2020 03:12:27 +0800 Subject: [PATCH 21/25] fix i18n --- .../public/components/matrix_histogram/index.tsx | 9 ++------- .../components/matrix_histogram/translations.ts | 14 ++++++++++++++ 2 files changed, 16 insertions(+), 7 deletions(-) create mode 100644 x-pack/legacy/plugins/siem/public/components/matrix_histogram/translations.ts diff --git a/x-pack/legacy/plugins/siem/public/components/matrix_histogram/index.tsx b/x-pack/legacy/plugins/siem/public/components/matrix_histogram/index.tsx index b036bdaaa6a6f..dcbd68a79b7ca 100644 --- a/x-pack/legacy/plugins/siem/public/components/matrix_histogram/index.tsx +++ b/x-pack/legacy/plugins/siem/public/components/matrix_histogram/index.tsx @@ -10,8 +10,8 @@ import { ScaleType } from '@elastic/charts'; import darkTheme from '@elastic/eui/dist/eui_theme_dark.json'; import lightTheme from '@elastic/eui/dist/eui_theme_light.json'; import { EuiLoadingContent, EuiSelect } from '@elastic/eui'; -import { i18n } from '@kbn/i18n'; import { noop } from 'lodash/fp'; +import * as i18n from './translations'; import { BarChart } from '../charts/barchart'; import { HeaderSection } from '../header_section'; import { DEFAULT_DARK_MODE } from '../../../common/constants'; @@ -160,12 +160,7 @@ export const MatrixHistogram = React.memo( )} diff --git a/x-pack/legacy/plugins/siem/public/components/matrix_histogram/translations.ts b/x-pack/legacy/plugins/siem/public/components/matrix_histogram/translations.ts new file mode 100644 index 0000000000000..345eb7e937bed --- /dev/null +++ b/x-pack/legacy/plugins/siem/public/components/matrix_histogram/translations.ts @@ -0,0 +1,14 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License; + * you may not use this file except in compliance with the Elastic License. + */ + +import { i18n } from '@kbn/i18n'; + +export const STACK_BY = i18n.translate( + 'xpack.siem.components.histogram.stackByOptions.stackByLabel', + { + defaultMessage: 'Stack by', + } +); From 8c4bd66e91caf22370ab8852d4d03ce62744959e Mon Sep 17 00:00:00 2001 From: Angela Chuang Date: Tue, 14 Jan 2020 08:54:19 +0800 Subject: [PATCH 22/25] fix for reviews --- .../public/components/alerts_viewer/index.tsx | 5 +- .../components/alerts_viewer/translations.ts | 21 +++++--- .../components/matrix_histogram/index.tsx | 54 ++++++++++++------- .../components/matrix_histogram/types.ts | 14 ++--- .../anomalies_query_tab_body/index.tsx | 3 +- .../anomalies_query_tab_body/translations.ts | 7 +++ .../matrix_histogram/index.gql_query.ts | 16 +++--- .../containers/matrix_histogram/index.tsx | 13 +++-- .../matrix_histogram/translations.ts | 42 --------------- .../containers/matrix_histogram/utils.ts | 47 +++++++--------- .../containers/network_dns/index.gql_query.ts | 8 +-- .../public/containers/network_dns/index.tsx | 2 +- .../plugins/siem/public/graphql/types.ts | 10 ++-- .../authentications_query_tab_body.tsx | 5 +- .../navigation/events_query_tab_body.tsx | 5 +- .../siem/public/pages/hosts/translations.ts | 14 +++++ .../network/navigation/dns_query_tab_body.tsx | 4 +- .../siem/public/pages/network/translations.ts | 7 +++ 18 files changed, 142 insertions(+), 135 deletions(-) delete mode 100644 x-pack/legacy/plugins/siem/public/containers/matrix_histogram/translations.ts diff --git a/x-pack/legacy/plugins/siem/public/components/alerts_viewer/index.tsx b/x-pack/legacy/plugins/siem/public/components/alerts_viewer/index.tsx index 989702cefd453..9e0207cf306ee 100644 --- a/x-pack/legacy/plugins/siem/public/components/alerts_viewer/index.tsx +++ b/x-pack/legacy/plugins/siem/public/components/alerts_viewer/index.tsx @@ -49,13 +49,14 @@ export const AlertsView = ({ return ( <> diff --git a/x-pack/legacy/plugins/siem/public/components/alerts_viewer/translations.ts b/x-pack/legacy/plugins/siem/public/components/alerts_viewer/translations.ts index b899939b0f42b..0c709e59ed428 100644 --- a/x-pack/legacy/plugins/siem/public/components/alerts_viewer/translations.ts +++ b/x-pack/legacy/plugins/siem/public/components/alerts_viewer/translations.ts @@ -6,31 +6,38 @@ import { i18n } from '@kbn/i18n'; -export const ALERTS_DOCUMENT_TYPE = i18n.translate('xpack.siem.hosts.alertsDocumentType', { +export const ALERTS_DOCUMENT_TYPE = i18n.translate('xpack.siem.alertsView.alertsDocumentType', { defaultMessage: 'Alerts', }); -export const TOTAL_COUNT_OF_ALERTS = i18n.translate('xpack.siem.hosts.totalCountOfAlerts', { +export const TOTAL_COUNT_OF_ALERTS = i18n.translate('xpack.siem.alertsView.totalCountOfAlerts', { defaultMessage: 'alerts match the search criteria', }); -export const ALERTS_TABLE_TITLE = i18n.translate('xpack.siem.hosts.alertsDocumentType', { +export const ALERTS_TABLE_TITLE = i18n.translate('xpack.siem.alertsView.alertsDocumentType', { defaultMessage: 'Alerts', }); export const ALERTS_STACK_BY_MODULE = i18n.translate( - 'xpack.siem.histogram.alertsStackByOptions.eventActions', + 'xpack.siem.alertsView.alertsStackByOptions.module', { - defaultMessage: 'modules', + defaultMessage: 'module', } ); -export const SHOWING = i18n.translate('xpack.siem.histogram.showing', { +export const SHOWING = i18n.translate('xpack.siem.alertsView.showing', { defaultMessage: 'Showing', }); export const UNIT = (totalCount: number) => - i18n.translate('xpack.siem.histogram.unit', { + i18n.translate('xpack.siem.alertsView.unit', { values: { totalCount }, defaultMessage: `{totalCount, plural, =1 {alert} other {alerts}}`, }); + +export const ERROR_FETCHING_ALERTS_DATA = i18n.translate( + 'xpack.siem.alertsView.errorFetchingAlertsData', + { + defaultMessage: 'Failed to query alerts data', + } +); diff --git a/x-pack/legacy/plugins/siem/public/components/matrix_histogram/index.tsx b/x-pack/legacy/plugins/siem/public/components/matrix_histogram/index.tsx index dcbd68a79b7ca..ab550172cb90f 100644 --- a/x-pack/legacy/plugins/siem/public/components/matrix_histogram/index.tsx +++ b/x-pack/legacy/plugins/siem/public/components/matrix_histogram/index.tsx @@ -32,16 +32,19 @@ import { ChartSeriesData } from '../charts/common'; export const MatrixHistogram = React.memo( ({ activePage, - alertsType, - anomaliesType, - authenticationsType, + dataKey, defaultStackByOption, endDate, - eventsType, + errorMessage, filterQuery, hideHistogramIfEmpty = false, id, + isAlertsHistogram, + isAnomaliesHistogram, + isAuthenticationsHistogram, + isDNSHistogram, + isEventsType, isPtrIncluded, isInspected, legendPosition, @@ -76,12 +79,12 @@ export const MatrixHistogram = React.memo( if (!showInspect) { setShowInspect(true); } - }, [showInspect]); + }, [showInspect, setShowInspect]); const handleOnMouseLeave = useCallback(() => { if (showInspect) { setShowInspect(false); } - }, [showInspect]); + }, [showInspect, setShowInspect]); const [selectedStackByOption, setSelectedStackByOption] = useState( defaultStackByOption @@ -89,7 +92,7 @@ export const MatrixHistogram = React.memo( const [subtitleWithCounts, setSubtitle] = useState(''); const [hideHistogram, setHideHistogram] = useState(hideHistogramIfEmpty); const [barChartData, setBarChartData] = useState(null); - const setSelectedChatOptionCallback = useCallback( + const setSelectedChartOptionCallback = useCallback( (event: React.ChangeEvent) => { setSelectedStackByOption( stackByOptions?.find(co => co.value === event.target.value) ?? defaultStackByOption @@ -106,21 +109,22 @@ export const MatrixHistogram = React.memo( {}, HistogramAggregation >({ - alertsType, - anomaliesType, - authenticationsType, dataKey, endDate, - eventsType, + errorMessage, filterQuery, query, skip, startDate, sort, title, + isAlertsHistogram, + isAnomaliesHistogram, + isAuthenticationsHistogram, + isDNSHistogram, + isEventsType, isInspected, isPtrIncluded, - isHistogram: true, pagination: useMemo(() => getPagination(), [activePage, limit]), stackByField: selectedStackByOption.value, }); @@ -130,8 +134,11 @@ export const MatrixHistogram = React.memo( setSubtitle(typeof subtitle === 'function' ? subtitle(totalCount) : subtitle); if (totalCount <= 0) { - if (hideHistogramIfEmpty) setHideHistogram(true); - else setHideHistogram(false); + if (hideHistogramIfEmpty) { + setHideHistogram(true); + } else { + setHideHistogram(false); + } } else { setHideHistogram(false); } @@ -139,7 +146,18 @@ export const MatrixHistogram = React.memo( setBarChartData(getCustomChartData(data, mapping)); setQuery({ id, inspect, loading, refetch }); - }, [totalCount, isInspected, loading, data]); + }, [ + subtitle, + setSubtitle, + setHideHistogram, + setBarChartData, + setQuery, + hideHistogramIfEmpty, + totalCount, + isInspected, + loading, + data, + ]); return !hideHistogram ? ( = 0 ? subtitleWithCounts : null)} > {stackByOptions && ( void; - eventsType?: boolean; + isEventsType?: boolean; + errorMessage: string; hideHistogramIfEmpty?: boolean; id: string; mapping?: MatrixHistogramMappingTypes; @@ -55,6 +55,5 @@ const makeMapStateToProps = () => { }; export const MatrixHistogramContainer = compose>( - connect(makeMapStateToProps), - withKibana + connect(makeMapStateToProps) )(MatrixHistogram); diff --git a/x-pack/legacy/plugins/siem/public/containers/matrix_histogram/translations.ts b/x-pack/legacy/plugins/siem/public/containers/matrix_histogram/translations.ts deleted file mode 100644 index c0a72fffad8cd..0000000000000 --- a/x-pack/legacy/plugins/siem/public/containers/matrix_histogram/translations.ts +++ /dev/null @@ -1,42 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import { i18n } from '@kbn/i18n'; - -export const ERROR_FETCHING_AUTHENTICATIONS_DATA = i18n.translate( - 'xpack.siem.component.matrixHistogram.errorFetchingAuthenticationsData', - { - defaultMessage: 'Failed to query authentications data', - } -); - -export const ERROR_FETCHING_ANOMALIES_DATA = i18n.translate( - 'xpack.siem.component.matrixHistogram.errorFetchingAnomaliesData', - { - defaultMessage: 'Failed to query anomalies data', - } -); - -export const ERROR_FETCHING_EVENTS_DATA = i18n.translate( - 'xpack.siem.component.matrixHistogram.errorFetchingEventsData', - { - defaultMessage: 'Failed to query events data', - } -); - -export const ERROR_FETCHING_ALERTS_DATA = i18n.translate( - 'xpack.siem.component.matrixHistogram.errorFetchingAlertsData', - { - defaultMessage: 'Failed to query alerts data', - } -); - -export const ERROR_FETCHING_DNS_DATA = i18n.translate( - 'xpack.siem.component.matrixHistogram.errorFetchingDnsData', - { - defaultMessage: 'Failed to query DNS data', - } -); diff --git a/x-pack/legacy/plugins/siem/public/containers/matrix_histogram/utils.ts b/x-pack/legacy/plugins/siem/public/containers/matrix_histogram/utils.ts index 6e5d8a30dc561..1fc1fedae9f88 100644 --- a/x-pack/legacy/plugins/siem/public/containers/matrix_histogram/utils.ts +++ b/x-pack/legacy/plugins/siem/public/containers/matrix_histogram/utils.ts @@ -17,23 +17,23 @@ import { createFilter } from '../helpers'; import { useApolloClient } from '../../utils/apollo_context'; import { inputsModel } from '../../store'; import { GetMatrixHistogramQuery, GetNetworkDnsQuery } from '../../graphql/types'; -import * as i18n from './translations'; export const useQuery = ({ - alertsType = false, - anomaliesType = false, - authenticationsType = false, dataKey, - eventsType = false, endDate, + errorMessage, filterQuery, + isAlertsHistogram = false, + isAnomaliesHistogram = false, + isAuthenticationsHistogram = false, + isEventsType = false, + isDNSHistogram, + isPtrIncluded, + isInspected, query, stackByField, startDate, sort, - isPtrIncluded, - isInspected, - isHistogram, pagination, }: MatrixHistogramQueryProps) => { const [defaultIndex] = useUiSetting$(DEFAULT_INDEX_KEY); @@ -43,29 +43,22 @@ export const useQuery = ({ const [data, setData] = useState(null); const [inspect, setInspect] = useState(null); const [totalCount, setTotalCount] = useState(-1); - - const getErrorMessage = () => { - if (alertsType) return i18n.ERROR_FETCHING_ALERTS_DATA; - if (anomaliesType) return i18n.ERROR_FETCHING_ANOMALIES_DATA; - if (authenticationsType) return i18n.ERROR_FETCHING_AUTHENTICATIONS_DATA; - if (eventsType) return i18n.ERROR_FETCHING_EVENTS_DATA; - return i18n.ERROR_FETCHING_DNS_DATA; - }; + const apolloClient = useApolloClient(); const isDNSQuery = ( variable: Pick< MatrixHistogramQueryProps, - 'isHistogram' | 'isPtrIncluded' | 'sort' | 'pagination' + 'isDNSHistogram' | 'isPtrIncluded' | 'sort' | 'pagination' > ): variable is GetNetworkDnsQuery.Variables => { return ( - variable.isHistogram !== undefined && + !!isDNSHistogram && + variable.isDNSHistogram !== undefined && variable.isPtrIncluded !== undefined && variable.sort !== undefined && variable.pagination !== undefined ); }; - const basicVariables = { filterQuery: createFilter(filterQuery), sourceId: 'default', @@ -80,21 +73,19 @@ export const useQuery = ({ }; const dnsVariables = { ...basicVariables, - isHistogram, + isDNSHistogram, isPtrIncluded, sort, pagination, }; const matrixHistogramVariables: GetMatrixHistogramQuery.Variables = { ...basicVariables, - alertsType, - anomaliesType, - authenticationsType, - eventsType, + isAlertsHistogram, + isAnomaliesHistogram, + isAuthenticationsHistogram, + isEventsType, }; - const apolloClient = useApolloClient(); - useEffect(() => { let isSubscribed = true; const abortCtrl = new AbortController(); @@ -135,7 +126,7 @@ export const useQuery = ({ setData(null); setTotalCount(-1); setInspect(null); - errorToToaster({ title: getErrorMessage(), error, dispatchToaster }); + errorToToaster({ title: errorMessage, error, dispatchToaster }); setLoading(false); } } @@ -154,7 +145,7 @@ export const useQuery = ({ query, filterQuery, isInspected, - isHistogram, + isDNSHistogram, stackByField, sort, isPtrIncluded, diff --git a/x-pack/legacy/plugins/siem/public/containers/network_dns/index.gql_query.ts b/x-pack/legacy/plugins/siem/public/containers/network_dns/index.gql_query.ts index cec5d40446b35..9d82705e9524b 100644 --- a/x-pack/legacy/plugins/siem/public/containers/network_dns/index.gql_query.ts +++ b/x-pack/legacy/plugins/siem/public/containers/network_dns/index.gql_query.ts @@ -11,7 +11,7 @@ export const networkDnsQuery = gql` $defaultIndex: [String!]! $filterQuery: String $inspect: Boolean! - $isHistogram: Boolean! + $isDNSHistogram: Boolean! $isPtrIncluded: Boolean! $pagination: PaginationInputPaginated! $sort: NetworkDnsSortField! @@ -31,7 +31,7 @@ export const networkDnsQuery = gql` stackByField: $stackByField ) { totalCount - edges @skip(if: $isHistogram) { + edges @skip(if: $isDNSHistogram) { node { _id dnsBytesIn @@ -44,7 +44,7 @@ export const networkDnsQuery = gql` value } } - pageInfo @skip(if: $isHistogram) { + pageInfo @skip(if: $isDNSHistogram) { activePage fakeTotalCount showMorePagesIndicator @@ -53,7 +53,7 @@ export const networkDnsQuery = gql` dsl response } - histogram @include(if: $isHistogram) { + histogram @include(if: $isDNSHistogram) { x y g diff --git a/x-pack/legacy/plugins/siem/public/containers/network_dns/index.tsx b/x-pack/legacy/plugins/siem/public/containers/network_dns/index.tsx index 30b773510e154..c939444eb637a 100644 --- a/x-pack/legacy/plugins/siem/public/containers/network_dns/index.tsx +++ b/x-pack/legacy/plugins/siem/public/containers/network_dns/index.tsx @@ -102,7 +102,7 @@ export class NetworkDnsComponentQuery extends QueryTemplatePaginated< const variables: GetNetworkDnsQuery.Variables = { defaultIndex: kibana.services.uiSettings.get(DEFAULT_INDEX_KEY), filterQuery: createFilter(filterQuery), - isHistogram: false, + isDNSHistogram: false, inspect: isInspected, isPtrIncluded, pagination: generateTablePaginationOptions(activePage, limit), diff --git a/x-pack/legacy/plugins/siem/public/graphql/types.ts b/x-pack/legacy/plugins/siem/public/graphql/types.ts index 53a34220a1108..e35ddedafc7c8 100644 --- a/x-pack/legacy/plugins/siem/public/graphql/types.ts +++ b/x-pack/legacy/plugins/siem/public/graphql/types.ts @@ -3227,11 +3227,11 @@ export namespace GetKpiNetworkQuery { export namespace GetMatrixHistogramQuery { export type Variables = { - alertsType: boolean; - anomaliesType: boolean; - authenticationsType: boolean; + isAlertsHistogram: boolean; + isAnomaliesHistogram: boolean; + isAuthenticationsHistogram: boolean; defaultIndex: string[]; - eventsType: boolean; + isEventsType: boolean; filterQuery?: Maybe; inspect: boolean; sourceId: string; @@ -3377,7 +3377,7 @@ export namespace GetNetworkDnsQuery { defaultIndex: string[]; filterQuery?: Maybe; inspect: boolean; - isHistogram: boolean; + isDNSHistogram: boolean; isPtrIncluded: boolean; pagination: PaginationInputPaginated; sort: NetworkDnsSortField; diff --git a/x-pack/legacy/plugins/siem/public/pages/hosts/navigation/authentications_query_tab_body.tsx b/x-pack/legacy/plugins/siem/public/pages/hosts/navigation/authentications_query_tab_body.tsx index 929c1044f5f34..0bb9563296316 100644 --- a/x-pack/legacy/plugins/siem/public/pages/hosts/navigation/authentications_query_tab_body.tsx +++ b/x-pack/legacy/plugins/siem/public/pages/hosts/navigation/authentications_query_tab_body.tsx @@ -64,15 +64,16 @@ export const AuthenticationsQueryTabBody = ({ deleteQuery({ id: ID }); } }; - }, []); + }, [deleteQuery]); return ( <> Date: Tue, 14 Jan 2020 17:36:16 +0800 Subject: [PATCH 23/25] fix types --- .../siem/public/components/matrix_histogram/index.test.tsx | 1 + .../siem/public/components/matrix_histogram/types.ts | 1 - .../siem/public/containers/matrix_histogram/index.tsx | 2 +- .../plugins/siem/public/containers/network_dns/index.tsx | 7 +++++-- 4 files changed, 7 insertions(+), 4 deletions(-) diff --git a/x-pack/legacy/plugins/siem/public/components/matrix_histogram/index.test.tsx b/x-pack/legacy/plugins/siem/public/components/matrix_histogram/index.test.tsx index 136422246d2c8..a44efed47372d 100644 --- a/x-pack/legacy/plugins/siem/public/components/matrix_histogram/index.test.tsx +++ b/x-pack/legacy/plugins/siem/public/components/matrix_histogram/index.test.tsx @@ -38,6 +38,7 @@ describe('Matrix Histogram Component', () => { defaultIndex: ['defaultIndex'], defaultStackByOption: { text: 'text', value: 'value' }, endDate: new Date('2019-07-18T20:00:00.000Z').valueOf(), + errorMessage: 'error', id: 'mockId', isInspected: false, isPtrIncluded: false, diff --git a/x-pack/legacy/plugins/siem/public/components/matrix_histogram/types.ts b/x-pack/legacy/plugins/siem/public/components/matrix_histogram/types.ts index fd76896eadd39..39a16b6c1b3d1 100644 --- a/x-pack/legacy/plugins/siem/public/components/matrix_histogram/types.ts +++ b/x-pack/legacy/plugins/siem/public/components/matrix_histogram/types.ts @@ -64,7 +64,6 @@ export interface MatrixHistogramQueryProps { isEventsType?: boolean; isInspected: boolean; isPtrIncluded?: boolean; - isDNSHistogram?: boolean; pagination?: PaginationInputPaginated; } diff --git a/x-pack/legacy/plugins/siem/public/containers/matrix_histogram/index.tsx b/x-pack/legacy/plugins/siem/public/containers/matrix_histogram/index.tsx index fd5e1d0cab370..0167f6253c3b1 100644 --- a/x-pack/legacy/plugins/siem/public/containers/matrix_histogram/index.tsx +++ b/x-pack/legacy/plugins/siem/public/containers/matrix_histogram/index.tsx @@ -38,8 +38,8 @@ export interface OwnProps extends QueryTemplateProps { sourceId: string; stackByOptions: MatrixHistogramOption[]; subtitle?: string | GetSubTitle; - type: hostsModel.HostsType | networkModel.NetworkType; title: string; + type: hostsModel.HostsType | networkModel.NetworkType; updateDateRange: UpdateDateRange; } diff --git a/x-pack/legacy/plugins/siem/public/containers/network_dns/index.tsx b/x-pack/legacy/plugins/siem/public/containers/network_dns/index.tsx index c939444eb637a..5c5552edcc4ba 100644 --- a/x-pack/legacy/plugins/siem/public/containers/network_dns/index.tsx +++ b/x-pack/legacy/plugins/siem/public/containers/network_dns/index.tsx @@ -28,7 +28,7 @@ import { QueryTemplatePaginated, QueryTemplatePaginatedProps } from '../query_te import { networkDnsQuery } from './index.gql_query'; import { DEFAULT_TABLE_ACTIVE_PAGE } from '../../store/constants'; import { MatrixHistogram } from '../../components/matrix_histogram'; -import { MatrixHistogramOption } from '../../components/matrix_histogram/types'; +import { MatrixHistogramOption, GetSubTitle } from '../../components/matrix_histogram/types'; import { UpdateDateRange } from '../../components/charts/common'; import { SetQuery } from '../../pages/hosts/navigation/types'; @@ -56,16 +56,19 @@ export interface OwnProps extends QueryTemplatePaginatedProps { interface DnsHistogramOwnProps extends QueryTemplatePaginatedProps { dataKey: string | string[]; defaultStackByOption: MatrixHistogramOption; + errorMessage: string; + isDNSHistogram?: boolean; limit: number; query: DocumentNode; scaleType: ScaleType; setQuery: SetQuery; + showLegend?: boolean; stackByOptions: MatrixHistogramOption[]; + subtitle?: string | GetSubTitle; title: string; type: networkModel.NetworkType; updateDateRange: UpdateDateRange; yTickFormatter?: (value: number) => string; - showLegend?: boolean; } export interface NetworkDnsComponentReduxProps { From 68b4f97856b00d70f0ca5ce61efddc8fbac0ad95 Mon Sep 17 00:00:00 2001 From: Angela Chuang Date: Wed, 15 Jan 2020 01:01:15 +0800 Subject: [PATCH 24/25] remove unused test --- x-pack/test/api_integration/apis/siem/index.js | 1 - 1 file changed, 1 deletion(-) diff --git a/x-pack/test/api_integration/apis/siem/index.js b/x-pack/test/api_integration/apis/siem/index.js index ded2b36e8159e..ac10f89eac814 100644 --- a/x-pack/test/api_integration/apis/siem/index.js +++ b/x-pack/test/api_integration/apis/siem/index.js @@ -7,7 +7,6 @@ export default function({ loadTestFile }) { describe('Siem GraphQL Endpoints', () => { loadTestFile(require.resolve('./authentications')); - loadTestFile(require.resolve('./events_over_time')); loadTestFile(require.resolve('./hosts')); loadTestFile(require.resolve('./kpi_network')); loadTestFile(require.resolve('./kpi_hosts')); From 3d421ac1db9ab62263ef824aaa7112b371c71834 Mon Sep 17 00:00:00 2001 From: Angela Chuang Date: Wed, 15 Jan 2020 02:01:08 +0800 Subject: [PATCH 25/25] fix integration --- .../api_integration/apis/siem/network_dns.ts | 40 ++++++++++--------- 1 file changed, 22 insertions(+), 18 deletions(-) diff --git a/x-pack/test/api_integration/apis/siem/network_dns.ts b/x-pack/test/api_integration/apis/siem/network_dns.ts index db22da59257d6..5de7ea3a67087 100644 --- a/x-pack/test/api_integration/apis/siem/network_dns.ts +++ b/x-pack/test/api_integration/apis/siem/network_dns.ts @@ -29,22 +29,24 @@ export default function({ getService }: FtrProviderContext) { .query({ query: networkDnsQuery, variables: { - sourceId: 'default', - timerange: { - interval: '12h', - to: TO, - from: FROM, - }, + defaultIndex: ['auditbeat-*', 'filebeat-*', 'packetbeat-*', 'winlogbeat-*'], + isDNSHistogram: false, + inspect: false, isPtrIncluded: false, - sort: { field: NetworkDnsFields.uniqueDomains, direction: Direction.asc }, pagination: { activePage: 0, cursorStart: 0, fakePossibleCount: 30, querySize: 10, }, - defaultIndex: ['auditbeat-*', 'filebeat-*', 'packetbeat-*', 'winlogbeat-*'], - inspect: false, + sort: { field: NetworkDnsFields.uniqueDomains, direction: Direction.asc }, + sourceId: 'default', + stackByField: 'dns.question.registered_domain', + timerange: { + interval: '12h', + to: TO, + from: FROM, + }, }, }) .then(resp => { @@ -63,22 +65,24 @@ export default function({ getService }: FtrProviderContext) { .query({ query: networkDnsQuery, variables: { - sourceId: 'default', - timerange: { - interval: '12h', - to: TO, - from: FROM, - }, + defaultIndex: ['auditbeat-*', 'filebeat-*', 'packetbeat-*', 'winlogbeat-*'], + isDNSHistogram: false, + inspect: false, isPtrIncluded: false, - sort: { field: NetworkDnsFields.uniqueDomains, direction: Direction.desc }, pagination: { activePage: 0, cursorStart: 0, fakePossibleCount: 30, querySize: 10, }, - defaultIndex: ['auditbeat-*', 'filebeat-*', 'packetbeat-*', 'winlogbeat-*'], - inspect: false, + sourceId: 'default', + sort: { field: NetworkDnsFields.uniqueDomains, direction: Direction.desc }, + stackByField: 'dns.question.registered_domain', + timerange: { + interval: '12h', + to: TO, + from: FROM, + }, }, }) .then(resp => {