Skip to content

[Security Solution][Resolver] Add support for predefined schemas for endpoint and winlogbeat#84103

Merged
jonathan-buttner merged 6 commits intoelastic:masterfrom
jonathan-buttner:resolver-multi-fields-entity-route
Nov 25, 2020
Merged

[Security Solution][Resolver] Add support for predefined schemas for endpoint and winlogbeat#84103
jonathan-buttner merged 6 commits intoelastic:masterfrom
jonathan-buttner:resolver-multi-fields-entity-route

Conversation

@jonathan-buttner
Copy link
Contributor

@jonathan-buttner jonathan-buttner commented Nov 23, 2020

This PR adds support for two predefined schemas in the resolver backend /entity route. This is needed in combination with the new /tree api route here: #81679

The /entity route will check the document found using the passed in _id field and determine what schema it matches (endpoint or winlogbeat for now). If it matches a schema, it returns the necessary schema fields so the frontend can make subsequent requests using that schema for the /tree api to display a resolver graph.

Currently, the frontend just ignores the schema fields that are returned until the /tree api changes are merged.

image

@jonathan-buttner jonathan-buttner added v8.0.0 release_note:skip Skip the PR/issue when compiling release notes Feature:Resolver Security Solution Resolver feature v7.11.0 Team:Threat Hunting Security Solution Threat Hunting Team labels Nov 23, 2020
@jonathan-buttner jonathan-buttner marked this pull request as ready for review November 24, 2020 18:12
@jonathan-buttner jonathan-buttner requested review from a team as code owners November 24, 2020 18:12
@elasticmachine
Copy link
Contributor

elasticmachine commented Nov 24, 2020

Pinging @elastic/endpoint-app-team (Feature:Resolver)

@kibanamachine
Copy link
Contributor

kibanamachine commented Nov 24, 2020

💚 Build Succeeded

Metrics [docs]

Async chunks

Total size of all lazy-loaded chunks that will be downloaded as the user navigates the app

id before after diff
securitySolution 8.0MB 8.0MB +120.0B

History

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

@jonathan-buttner jonathan-buttner merged commit 5fda300 into elastic:master Nov 25, 2020
@jonathan-buttner jonathan-buttner deleted the resolver-multi-fields-entity-route branch November 25, 2020 19:47
kqualters-elastic
kqualters-elastic reviewed Nov 25, 2020
View reviewed changes
...ugins/security_solution/public/resolver/data_access_layer/mocks/no_ancestors_two_children.ts
*/
entities(): Promise<ResolverEntityIndex> {
return Promise.resolve([{ entity_id: metadata.entityIDs.origin }]);
return Promise.resolve([
Copy link
Contributor

@kqualters-elastic kqualters-elastic Nov 25, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

maybe add a TODO to dedupe the code in these mocks at some point

kqualters-elastic
kqualters-elastic approved these changes Nov 25, 2020
View reviewed changes
Copy link
Contributor

@kqualters-elastic kqualters-elastic left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍 lgtm

gmmorris added a commit to gmmorris/kibana that referenced this pull request Nov 26, 2020
@gmmorris
Merge branch 'master' into alerts/fix-buggy-default-message
2c5348f 
* master: (70 commits)
  [Uptime] Fix headers io-ts type (elastic#84089)
  [fleet] Add config options to accepted docker env vars (elastic#84338)
  [Fleet] Support URL query state in agent logs UI (elastic#84298)
  [basePathProxy] include query in redirect (elastic#84356)
  [Security Solution] Add Endpoint policy feature checks (elastic#83972)
  Fix issues with show_license_expiration (elastic#84361)
  [Security Solution][Resolver] Add support for predefined schemas for endpoint and winlogbeat (elastic#84103)
  [cli/dev] log a warning when --no-base-path is used with --dev (elastic#84354)
  [Fleet] Support input-level vars & templates (elastic#83878)
  [APM] Elastic chart issues (elastic#84238)
  [Time to Visualize] Fix Unlink Action via Rollback of ReplacePanel (elastic#83873)
  redirect to visualize listing page when by value visualization editor doesn't have a value input (elastic#84287)
  add live region for field search (elastic#84310)
  [ML] Persisted URL state for Anomalies table (elastic#84314)
  [dev/cli] detect worker type using env, not cluster module (elastic#83977)
  [Workplace Search] Migrate DisplaySettings tree (elastic#84283)
  Deprecate `xpack.task_manager.index` setting (elastic#84155)
  [Search] Search batching using bfetch (again) (elastic#84043)
  Use .kibana instead of .kibana_current to mark migration completion (elastic#83373)
  [Monitoring] Only look at ES for the missing data alert for now (elastic#83839)
  ...
gmmorris added a commit to gmmorris/kibana that referenced this pull request Nov 26, 2020
@gmmorris
Merge branch 'master' into alerts/rename-resolved-to-recovered
f2bd0e0 
* master: (119 commits)
  [Uptime] Fix headers io-ts type (elastic#84089)
  [fleet] Add config options to accepted docker env vars (elastic#84338)
  [Fleet] Support URL query state in agent logs UI (elastic#84298)
  [basePathProxy] include query in redirect (elastic#84356)
  [Security Solution] Add Endpoint policy feature checks (elastic#83972)
  Fix issues with show_license_expiration (elastic#84361)
  [Security Solution][Resolver] Add support for predefined schemas for endpoint and winlogbeat (elastic#84103)
  [cli/dev] log a warning when --no-base-path is used with --dev (elastic#84354)
  [Fleet] Support input-level vars & templates (elastic#83878)
  [APM] Elastic chart issues (elastic#84238)
  [Time to Visualize] Fix Unlink Action via Rollback of ReplacePanel (elastic#83873)
  redirect to visualize listing page when by value visualization editor doesn't have a value input (elastic#84287)
  add live region for field search (elastic#84310)
  [ML] Persisted URL state for Anomalies table (elastic#84314)
  [dev/cli] detect worker type using env, not cluster module (elastic#83977)
  [Workplace Search] Migrate DisplaySettings tree (elastic#84283)
  Deprecate `xpack.task_manager.index` setting (elastic#84155)
  [Search] Search batching using bfetch (again) (elastic#84043)
  Use .kibana instead of .kibana_current to mark migration completion (elastic#83373)
  [Monitoring] Only look at ES for the missing data alert for now (elastic#83839)
  ...
@kibanamachine kibanamachine added the backport missing Added to PRs automatically when the are determined to be missing a backport. label Nov 27, 2020
@kibanamachine
Copy link
Contributor

kibanamachine commented Nov 27, 2020

Friendly reminder: Looks like this PR hasn’t been backported yet.
To create backports run node scripts/backport --pr 84103 or prevent reminders by adding the backport:skip label.

@jonathan-buttner jonathan-buttner mentioned this pull request Nov 30, 2020
Merged
@kibanamachine kibanamachine removed the backport missing Added to PRs automatically when the are determined to be missing a backport. label Nov 30, 2020
jonathan-buttner added a commit that referenced this pull request Nov 30, 2020
@jonathan-buttner
[Security Solution][Resolver] Add support for predefined schemas for …
97b77b5 
…endpoint and winlogbeat (#84103) (#84533)

* Refactoring entity route to return schema

* Refactoring frontend middleware to pick off id field from entity route

* Refactoring schema and adding name and comments

* Adding name to schema mocks

* Fixing type issue
gmmorris added a commit to gmmorris/kibana that referenced this pull request Dec 9, 2020
@gmmorris
Merge branch 'master' into alerts/rename-resolved-to-recovered
205e526 
* master: (119 commits)
  [Uptime] Fix headers io-ts type (elastic#84089)
  [fleet] Add config options to accepted docker env vars (elastic#84338)
  [Fleet] Support URL query state in agent logs UI (elastic#84298)
  [basePathProxy] include query in redirect (elastic#84356)
  [Security Solution] Add Endpoint policy feature checks (elastic#83972)
  Fix issues with show_license_expiration (elastic#84361)
  [Security Solution][Resolver] Add support for predefined schemas for endpoint and winlogbeat (elastic#84103)
  [cli/dev] log a warning when --no-base-path is used with --dev (elastic#84354)
  [Fleet] Support input-level vars & templates (elastic#83878)
  [APM] Elastic chart issues (elastic#84238)
  [Time to Visualize] Fix Unlink Action via Rollback of ReplacePanel (elastic#83873)
  redirect to visualize listing page when by value visualization editor doesn't have a value input (elastic#84287)
  add live region for field search (elastic#84310)
  [ML] Persisted URL state for Anomalies table (elastic#84314)
  [dev/cli] detect worker type using env, not cluster module (elastic#83977)
  [Workplace Search] Migrate DisplaySettings tree (elastic#84283)
  Deprecate `xpack.task_manager.index` setting (elastic#84155)
  [Search] Search batching using bfetch (again) (elastic#84043)
  Use .kibana instead of .kibana_current to mark migration completion (elastic#83373)
  [Monitoring] Only look at ES for the missing data alert for now (elastic#83839)
  ...
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@michaelolo24 michaelolo24 michaelolo24 approved these changes

@kqualters-elastic kqualters-elastic kqualters-elastic approved these changes

@oatkiller oatkiller Awaiting requested review from oatkiller

Assignees

No one assigned

Labels

Feature:Resolver Security Solution Resolver feature release_note:skip Skip the PR/issue when compiling release notes Team:Threat Hunting Security Solution Threat Hunting Team v7.11.0 v8.0.0

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@jonathan-buttner @elasticmachine @kibanamachine @michaelolo24 @kqualters-elastic