From 29bc00c04cf3725deca930399becab6f360993b2 Mon Sep 17 00:00:00 2001 From: Mikhail Shustov Date: Thu, 24 Sep 2020 12:15:25 +0300 Subject: [PATCH 01/63] disable incremental build for x-pack tests (#78131) Co-authored-by: Elastic Machine --- x-pack/test/tsconfig.json | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/x-pack/test/tsconfig.json b/x-pack/test/tsconfig.json index e8af79b9e84e0..3736d957a55a6 100644 --- a/x-pack/test/tsconfig.json +++ b/x-pack/test/tsconfig.json @@ -1,7 +1,8 @@ { "extends": "../../tsconfig.base.json", "compilerOptions": { - "tsBuildInfoFile": "../../build/tsbuildinfo/x-pack/test", + // overhead is too significant + "incremental": false, "types": [ "mocha", "node", From 5d5ce401680412dc4aefcb2bd0cab16b3ce76fda Mon Sep 17 00:00:00 2001 From: Joe Reuter Date: Thu, 24 Sep 2020 11:42:35 +0200 Subject: [PATCH 02/63] fix drilldown in tsvb (#78005) --- .../application/components/vis_types/table/vis.js | 11 ++++++++--- .../application/components/vis_types/top_n/vis.js | 4 +++- 2 files changed, 11 insertions(+), 4 deletions(-) diff --git a/src/plugins/vis_type_timeseries/public/application/components/vis_types/table/vis.js b/src/plugins/vis_type_timeseries/public/application/components/vis_types/table/vis.js index d55afeda62e70..1341cf02202a0 100644 --- a/src/plugins/vis_type_timeseries/public/application/components/vis_types/table/vis.js +++ b/src/plugins/vis_type_timeseries/public/application/components/vis_types/table/vis.js @@ -20,6 +20,7 @@ import _, { isArray, last, get } from 'lodash'; import React, { Component } from 'react'; import PropTypes from 'prop-types'; +import { RedirectAppLinks } from '../../../../../../kibana_react/public'; import { createTickFormatter } from '../../lib/tick_formatter'; import { calculateLabel } from '../../../../../../../plugins/vis_type_timeseries/common/calculate_label'; import { isSortable } from './is_sortable'; @@ -27,7 +28,7 @@ import { EuiToolTip, EuiIcon } from '@elastic/eui'; import { replaceVars } from '../../lib/replace_vars'; import { fieldFormats } from '../../../../../../../plugins/data/public'; import { FormattedMessage } from '@kbn/i18n/react'; -import { getFieldFormats } from '../../../../services'; +import { getFieldFormats, getCoreStart } from '../../../../services'; import { METRIC_TYPES } from '../../../../../../../plugins/vis_type_timeseries/common/metric_types'; @@ -231,12 +232,16 @@ export class TableVis extends Component { ); } return ( -
+ {header}{rows}
-
+ ); } } diff --git a/src/plugins/vis_type_timeseries/public/application/components/vis_types/top_n/vis.js b/src/plugins/vis_type_timeseries/public/application/components/vis_types/top_n/vis.js index a4fe6f796bc0b..e9f64c93d337f 100644 --- a/src/plugins/vis_type_timeseries/public/application/components/vis_types/top_n/vis.js +++ b/src/plugins/vis_type_timeseries/public/application/components/vis_types/top_n/vis.js @@ -17,6 +17,7 @@ * under the License. */ +import { getCoreStart } from '../../../../services'; import { createTickFormatter } from '../../lib/tick_formatter'; import { TopN } from '../../../visualizations/views/top_n'; import { getLastValue } from '../../../../../../../plugins/vis_type_timeseries/common/get_last_value'; @@ -89,7 +90,8 @@ export function TopNVisualization(props) { if (model.drilldown_url) { params.onClick = (item) => { - window.location = replaceVars(model.drilldown_url, {}, { key: item.label }); + const url = replaceVars(model.drilldown_url, {}, { key: item.label }); + getCoreStart().application.navigateToUrl(url); }; } From 88b03d943b7631161136dd0bf8201e3eff919c7c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Alejandro=20Fern=C3=A1ndez=20Haro?= Date: Thu, 24 Sep 2020 10:49:31 +0100 Subject: [PATCH 03/63] [Usage Collection] [schema] `static_telemetry` (#77902) Co-authored-by: Elastic Machine --- .telemetryrc.json | 3 +- src/plugins/telemetry/schema/oss_plugins.json | 115 ++++++++++++++++++ .../server/collectors/usage/schema.ts | 58 +++++++++ .../usage/telemetry_usage_collector.ts | 49 +++++++- 4 files changed, 219 insertions(+), 6 deletions(-) create mode 100644 src/plugins/telemetry/server/collectors/usage/schema.ts diff --git a/.telemetryrc.json b/.telemetryrc.json index 818f9805628e1..13bb6e3ae88c0 100644 --- a/.telemetryrc.json +++ b/.telemetryrc.json @@ -8,8 +8,7 @@ "src/plugins/kibana_utils/", "src/plugins/kibana_usage_collection/server/collectors/kibana/kibana_usage_collector.ts", "src/plugins/kibana_usage_collection/server/collectors/management/telemetry_management_collector.ts", - "src/plugins/kibana_usage_collection/server/collectors/ui_metric/telemetry_ui_metric_collector.ts", - "src/plugins/telemetry/server/collectors/usage/telemetry_usage_collector.ts" + "src/plugins/kibana_usage_collection/server/collectors/ui_metric/telemetry_ui_metric_collector.ts" ] } ] diff --git a/src/plugins/telemetry/schema/oss_plugins.json b/src/plugins/telemetry/schema/oss_plugins.json index 5bce03a292760..6662482402fc5 100644 --- a/src/plugins/telemetry/schema/oss_plugins.json +++ b/src/plugins/telemetry/schema/oss_plugins.json @@ -1310,6 +1310,121 @@ } } }, + "static_telemetry": { + "properties": { + "ece": { + "properties": { + "kb_uuid": { + "type": "keyword" + }, + "es_uuid": { + "type": "keyword" + }, + "account_id": { + "type": "keyword" + }, + "license": { + "properties": { + "uuid": { + "type": "keyword" + }, + "type": { + "type": "keyword" + }, + "issued_to": { + "type": "text" + }, + "issuer": { + "type": "text" + }, + "issue_date_in_millis": { + "type": "long" + }, + "start_date_in_millis": { + "type": "long" + }, + "expiry_date_in_millis": { + "type": "long" + }, + "max_resource_units": { + "type": "long" + } + } + } + } + }, + "ess": { + "properties": { + "kb_uuid": { + "type": "keyword" + }, + "es_uuid": { + "type": "keyword" + }, + "account_id": { + "type": "keyword" + }, + "license": { + "properties": { + "uuid": { + "type": "keyword" + }, + "type": { + "type": "keyword" + }, + "issued_to": { + "type": "text" + }, + "issuer": { + "type": "text" + }, + "issue_date_in_millis": { + "type": "long" + }, + "start_date_in_millis": { + "type": "long" + }, + "expiry_date_in_millis": { + "type": "long" + }, + "max_resource_units": { + "type": "long" + } + } + } + } + }, + "eck": { + "properties": { + "operator_uuid": { + "type": "keyword" + }, + "operator_roles": { + "type": "keyword" + }, + "custom_operator_namespace": { + "type": "boolean" + }, + "distribution": { + "type": "text" + }, + "build": { + "properties": { + "hash": { + "type": "text" + }, + "date": { + "type": "date" + }, + "version": { + "type": "keyword" + } + } + } + } + } + } + }, "tsvb-validation": { "properties": { "failed_validations": { diff --git a/src/plugins/telemetry/server/collectors/usage/schema.ts b/src/plugins/telemetry/server/collectors/usage/schema.ts new file mode 100644 index 0000000000000..8f4d555d75c49 --- /dev/null +++ b/src/plugins/telemetry/server/collectors/usage/schema.ts @@ -0,0 +1,58 @@ +/* + * Licensed to Elasticsearch B.V. under one or more contributor + * license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright + * ownership. Elasticsearch B.V. licenses this file to you under + * the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +import { MakeSchemaFrom } from 'src/plugins/usage_collection/server'; +import { LicenseUsage, StaticTelemetryUsage } from './telemetry_usage_collector'; + +const licenseSchema: MakeSchemaFrom = { + uuid: { type: 'keyword' }, + type: { type: 'keyword' }, + issued_to: { type: 'text' }, + issuer: { type: 'text' }, + issue_date_in_millis: { type: 'long' }, + start_date_in_millis: { type: 'long' }, + expiry_date_in_millis: { type: 'long' }, + max_resource_units: { type: 'long' }, +}; + +export const staticTelemetrySchema: MakeSchemaFrom> = { + ece: { + kb_uuid: { type: 'keyword' }, + es_uuid: { type: 'keyword' }, + account_id: { type: 'keyword' }, + license: licenseSchema, + }, + ess: { + kb_uuid: { type: 'keyword' }, + es_uuid: { type: 'keyword' }, + account_id: { type: 'keyword' }, + license: licenseSchema, + }, + eck: { + operator_uuid: { type: 'keyword' }, + operator_roles: { type: 'keyword' }, + custom_operator_namespace: { type: 'boolean' }, + distribution: { type: 'text' }, + build: { + hash: { type: 'text' }, + date: { type: 'date' }, + version: { type: 'keyword' }, + }, + }, +}; diff --git a/src/plugins/telemetry/server/collectors/usage/telemetry_usage_collector.ts b/src/plugins/telemetry/server/collectors/usage/telemetry_usage_collector.ts index bde7cfa5c4445..39f8ef0151a0b 100644 --- a/src/plugins/telemetry/server/collectors/usage/telemetry_usage_collector.ts +++ b/src/plugins/telemetry/server/collectors/usage/telemetry_usage_collector.ts @@ -29,6 +29,7 @@ import { TelemetryConfigType } from '../../config'; // look for telemetry.yml in the same places we expect kibana.yml import { ensureDeepObject } from './ensure_deep_object'; +import { staticTelemetrySchema } from './schema'; /** * The maximum file size before we ignore it (note: this limit is arbitrary). @@ -60,10 +61,12 @@ export function isFileReadable(path: string): boolean { * @param configPath The config file path. * @returns The unmodified JSON object if the file exists and is a valid YAML file. */ -export async function readTelemetryFile(path: string): Promise { +export async function readTelemetryFile( + configPath: string +): Promise { try { - if (isFileReadable(path)) { - const yaml = readFileSync(path); + if (isFileReadable(configPath)) { + const yaml = readFileSync(configPath); const data = safeLoad(yaml.toString()); // don't bother returning empty objects @@ -79,11 +82,48 @@ export async function readTelemetryFile(path: string): Promise Promise ) { - return usageCollection.makeUsageCollector({ + return usageCollection.makeUsageCollector({ type: 'static_telemetry', isReady: () => true, fetch: async () => { @@ -91,6 +131,7 @@ export function createTelemetryUsageCollector( const telemetryPath = join(dirname(configPath), 'telemetry.yml'); return await readTelemetryFile(telemetryPath); }, + schema: staticTelemetrySchema, }); } From 9ca22382fb9f4aca147e07ac9a42bdb1e9d737e4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Alejandro=20Fern=C3=A1ndez=20Haro?= Date: Thu, 24 Sep 2020 10:51:42 +0100 Subject: [PATCH 04/63] [Usage Collection] [Schema] "kibana" collector (#77893) Co-authored-by: Elastic Machine --- .telemetryrc.json | 1 - .../kibana/get_saved_object_counts.ts | 11 +++-- .../kibana/kibana_usage_collector.ts | 17 ++++++- src/plugins/telemetry/schema/oss_plugins.json | 49 +++++++++++++++++++ 4 files changed, 71 insertions(+), 7 deletions(-) diff --git a/.telemetryrc.json b/.telemetryrc.json index 13bb6e3ae88c0..7d9743b20ff68 100644 --- a/.telemetryrc.json +++ b/.telemetryrc.json @@ -6,7 +6,6 @@ "src/plugins/kibana_react/", "src/plugins/testbed/", "src/plugins/kibana_utils/", - "src/plugins/kibana_usage_collection/server/collectors/kibana/kibana_usage_collector.ts", "src/plugins/kibana_usage_collection/server/collectors/management/telemetry_management_collector.ts", "src/plugins/kibana_usage_collection/server/collectors/ui_metric/telemetry_ui_metric_collector.ts" ] diff --git a/src/plugins/kibana_usage_collection/server/collectors/kibana/get_saved_object_counts.ts b/src/plugins/kibana_usage_collection/server/collectors/kibana/get_saved_object_counts.ts index 1adc0dc6896fd..e88d90fe5b24b 100644 --- a/src/plugins/kibana_usage_collection/server/collectors/kibana/get_saved_object_counts.ts +++ b/src/plugins/kibana_usage_collection/server/collectors/kibana/get_saved_object_counts.ts @@ -39,9 +39,12 @@ const TYPES = [ ]; export interface KibanaSavedObjectCounts { - [pluginName: string]: { - total: number; - }; + dashboard: { total: number }; + visualization: { total: number }; + search: { total: number }; + index_pattern: { total: number }; + graph_workspace: { total: number }; + timelion_sheet: { total: number }; } export async function getSavedObjectsCounts( @@ -71,7 +74,7 @@ export async function getSavedObjectsCounts( // Initialise the object with all zeros for all the types const allZeros: KibanaSavedObjectCounts = TYPES.reduce( (acc, type) => ({ ...acc, [snakeCase(type)]: { total: 0 } }), - {} + {} as KibanaSavedObjectCounts ); // Add the doc_count from each bucket diff --git a/src/plugins/kibana_usage_collection/server/collectors/kibana/kibana_usage_collector.ts b/src/plugins/kibana_usage_collection/server/collectors/kibana/kibana_usage_collector.ts index 9cc079a9325d5..5b56e1a9b596f 100644 --- a/src/plugins/kibana_usage_collection/server/collectors/kibana/kibana_usage_collector.ts +++ b/src/plugins/kibana_usage_collection/server/collectors/kibana/kibana_usage_collector.ts @@ -22,15 +22,28 @@ import { take } from 'rxjs/operators'; import { SharedGlobalConfig } from 'kibana/server'; import { UsageCollectionSetup } from 'src/plugins/usage_collection/server'; import { KIBANA_STATS_TYPE } from '../../../common/constants'; -import { getSavedObjectsCounts } from './get_saved_object_counts'; +import { getSavedObjectsCounts, KibanaSavedObjectCounts } from './get_saved_object_counts'; + +interface KibanaUsage extends KibanaSavedObjectCounts { + index: string; +} export function getKibanaUsageCollector( usageCollection: UsageCollectionSetup, legacyConfig$: Observable ) { - return usageCollection.makeUsageCollector({ + return usageCollection.makeUsageCollector({ type: 'kibana', isReady: () => true, + schema: { + index: { type: 'keyword' }, + dashboard: { total: { type: 'long' } }, + visualization: { total: { type: 'long' } }, + search: { total: { type: 'long' } }, + index_pattern: { total: { type: 'long' } }, + graph_workspace: { total: { type: 'long' } }, + timelion_sheet: { total: { type: 'long' } }, + }, async fetch(callCluster) { const { kibana: { index }, diff --git a/src/plugins/telemetry/schema/oss_plugins.json b/src/plugins/telemetry/schema/oss_plugins.json index 6662482402fc5..a83cd5a562ff6 100644 --- a/src/plugins/telemetry/schema/oss_plugins.json +++ b/src/plugins/telemetry/schema/oss_plugins.json @@ -1297,6 +1297,55 @@ } } }, + "kibana": { + "properties": { + "index": { + "type": "keyword" + }, + "dashboard": { + "properties": { + "total": { + "type": "long" + } + } + }, + "visualization": { + "properties": { + "total": { + "type": "long" + } + } + }, + "search": { + "properties": { + "total": { + "type": "long" + } + } + }, + "index_pattern": { + "properties": { + "total": { + "type": "long" + } + } + }, + "graph_workspace": { + "properties": { + "total": { + "type": "long" + } + } + }, + "timelion_sheet": { + "properties": { + "total": { + "type": "long" + } + } + } + } + }, "telemetry": { "properties": { "opt_in_status": { From 8ad53d52037bc9c5842e5a74766ec6fc08fd5c94 Mon Sep 17 00:00:00 2001 From: Matthias Wilhelm Date: Thu, 24 Sep 2020 12:29:29 +0200 Subject: [PATCH 05/63] [Discover] Context - Fix bug when document id contains a slash (#77435) --- .../public/application/angular/context.js | 30 +++++++------------ src/plugins/discover/public/plugin.ts | 8 +++++ 2 files changed, 19 insertions(+), 19 deletions(-) diff --git a/src/plugins/discover/public/application/angular/context.js b/src/plugins/discover/public/application/angular/context.js index 6223090aa9f97..bb9d71c8671a2 100644 --- a/src/plugins/discover/public/application/angular/context.js +++ b/src/plugins/discover/public/application/angular/context.js @@ -45,26 +45,18 @@ const k7Breadcrumbs = ($route) => { }; getAngularModule().config(($routeProvider) => { - $routeProvider - // deprecated route, kept for compatibility - // should be removed in the future - .when('/context/:indexPatternId/:type/:id*', { - redirectTo: '/context/:indexPatternId/:id', - }) - .when('/context/:indexPatternId/:id*', { - controller: ContextAppRouteController, - k7Breadcrumbs, - controllerAs: 'contextAppRoute', - resolve: { - indexPattern: ($route, Promise) => { - const indexPattern = getServices().indexPatterns.get( - $route.current.params.indexPatternId - ); - return Promise.props({ ip: indexPattern }); - }, + $routeProvider.when('/context/:indexPatternId/:id*', { + controller: ContextAppRouteController, + k7Breadcrumbs, + controllerAs: 'contextAppRoute', + resolve: { + indexPattern: ($route, Promise) => { + const indexPattern = getServices().indexPatterns.get($route.current.params.indexPatternId); + return Promise.props({ ip: indexPattern }); }, - template: contextAppRouteTemplate, - }); + }, + template: contextAppRouteTemplate, + }); }); function ContextAppRouteController($routeParams, $scope, $route) { diff --git a/src/plugins/discover/public/plugin.ts b/src/plugins/discover/public/plugin.ts index 440bd3fdf86d3..b1bbc89b62d9d 100644 --- a/src/plugins/discover/public/plugin.ts +++ b/src/plugins/discover/public/plugin.ts @@ -277,6 +277,14 @@ export class DiscoverPlugin return `#${path}`; }); plugins.urlForwarding.forwardApp('context', 'discover', (path) => { + const urlParts = path.split('/'); + // take care of urls containing legacy url, those split in the following way + // ["", "context", indexPatternId, _type, id + params] + if (urlParts[4]) { + // remove _type part + const newPath = [...urlParts.slice(0, 3), ...urlParts.slice(4)].join('/'); + return `#${newPath}`; + } return `#${path}`; }); plugins.urlForwarding.forwardApp('discover', 'discover', (path) => { From 4d08763af7ec6a1381ab8a9c2c29866d2e7a7923 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Alejandro=20Fern=C3=A1ndez=20Haro?= Date: Thu, 24 Sep 2020 11:40:59 +0100 Subject: [PATCH 06/63] [Usage Collection] [schema] `lens` (#77929) Co-authored-by: Elastic Machine --- .../__fixture__/parsed_working_collector.ts | 8 +- .../extract_collectors.test.ts.snap | 26 +- .../src/tools/serializer.test.ts | 26 +- .../src/tools/serializer.ts | 27 +- .../kbn-telemetry-tools/src/tools/utils.ts | 2 +- .../telemetry_collectors/constants.ts | 4 + x-pack/.telemetryrc.json | 1 - .../plugins/lens/server/usage/collectors.ts | 6 +- x-pack/plugins/lens/server/usage/schema.ts | 83 ++++ .../schema/xpack_plugins.json | 374 ++++++++++++++++++ 10 files changed, 528 insertions(+), 29 deletions(-) create mode 100644 x-pack/plugins/lens/server/usage/schema.ts diff --git a/packages/kbn-telemetry-tools/src/tools/__fixture__/parsed_working_collector.ts b/packages/kbn-telemetry-tools/src/tools/__fixture__/parsed_working_collector.ts index b238c5aa346ad..54983278726eb 100644 --- a/packages/kbn-telemetry-tools/src/tools/__fixture__/parsed_working_collector.ts +++ b/packages/kbn-telemetry-tools/src/tools/__fixture__/parsed_working_collector.ts @@ -75,11 +75,9 @@ export const parsedWorkingCollector: ParsedUsageCollection = [ type: 'StringKeyword', }, my_index_signature_prop: { - '': { - '@@INDEX@@': { - kind: SyntaxKind.NumberKeyword, - type: 'NumberKeyword', - }, + '@@INDEX@@': { + kind: SyntaxKind.NumberKeyword, + type: 'NumberKeyword', }, }, my_objects: { diff --git a/packages/kbn-telemetry-tools/src/tools/__snapshots__/extract_collectors.test.ts.snap b/packages/kbn-telemetry-tools/src/tools/__snapshots__/extract_collectors.test.ts.snap index 68b068b0cfe06..9868a7d31d498 100644 --- a/packages/kbn-telemetry-tools/src/tools/__snapshots__/extract_collectors.test.ts.snap +++ b/packages/kbn-telemetry-tools/src/tools/__snapshots__/extract_collectors.test.ts.snap @@ -96,16 +96,14 @@ Array [ "collectorName": "indexed_interface_with_not_matching_schema", "fetch": Object { "typeDescriptor": Object { - "": Object { - "@@INDEX@@": Object { - "count_1": Object { - "kind": 143, - "type": "NumberKeyword", - }, - "count_2": Object { - "kind": 143, - "type": "NumberKeyword", - }, + "@@INDEX@@": Object { + "count_1": Object { + "kind": 143, + "type": "NumberKeyword", + }, + "count_2": Object { + "kind": 143, + "type": "NumberKeyword", }, }, }, @@ -165,11 +163,9 @@ Array [ }, }, "my_index_signature_prop": Object { - "": Object { - "@@INDEX@@": Object { - "kind": 143, - "type": "NumberKeyword", - }, + "@@INDEX@@": Object { + "kind": 143, + "type": "NumberKeyword", }, }, "my_objects": Object { diff --git a/packages/kbn-telemetry-tools/src/tools/serializer.test.ts b/packages/kbn-telemetry-tools/src/tools/serializer.test.ts index 9475574a44219..6742117226368 100644 --- a/packages/kbn-telemetry-tools/src/tools/serializer.test.ts +++ b/packages/kbn-telemetry-tools/src/tools/serializer.test.ts @@ -44,13 +44,13 @@ export function loadFixtureProgram(fixtureName: string) { } describe('getDescriptor', () => { - const usageInterfaces = new Map(); + const usageInterfaces = new Map(); let tsProgram: ts.Program; beforeAll(() => { const { program, sourceFile } = loadFixtureProgram('constants'); tsProgram = program; for (const node of traverseNodes(sourceFile)) { - if (ts.isInterfaceDeclaration(node)) { + if (ts.isInterfaceDeclaration(node) || ts.isTypeAliasDeclaration(node)) { const interfaceName = node.name.getText(); usageInterfaces.set(interfaceName, node); } @@ -102,4 +102,26 @@ describe('getDescriptor', () => { 'Mapping does not support conflicting union types.' ); }); + + it('serializes TypeAliasDeclaration', () => { + const usageInterface = usageInterfaces.get('TypeAliasWithUnion')!; + const descriptor = getDescriptor(usageInterface, tsProgram); + expect(descriptor).toEqual({ + locale: { kind: ts.SyntaxKind.StringKeyword, type: 'StringKeyword' }, + prop1: { kind: ts.SyntaxKind.StringKeyword, type: 'StringKeyword' }, + prop2: { kind: ts.SyntaxKind.StringKeyword, type: 'StringKeyword' }, + prop3: { kind: ts.SyntaxKind.StringKeyword, type: 'StringKeyword' }, + prop4: { kind: ts.SyntaxKind.StringLiteral, type: 'StringLiteral' }, + prop5: { kind: ts.SyntaxKind.FirstLiteralToken, type: 'FirstLiteralToken' }, + }); + }); + + it('serializes Record entries', () => { + const usageInterface = usageInterfaces.get('TypeAliasWithRecord')!; + const descriptor = getDescriptor(usageInterface, tsProgram); + expect(descriptor).toEqual({ + locale: { kind: ts.SyntaxKind.StringKeyword, type: 'StringKeyword' }, + '@@INDEX@@': { kind: ts.SyntaxKind.NumberKeyword, type: 'NumberKeyword' }, + }); + }); }); diff --git a/packages/kbn-telemetry-tools/src/tools/serializer.ts b/packages/kbn-telemetry-tools/src/tools/serializer.ts index 7afe828298b4b..6fe02e3824ba7 100644 --- a/packages/kbn-telemetry-tools/src/tools/serializer.ts +++ b/packages/kbn-telemetry-tools/src/tools/serializer.ts @@ -79,9 +79,13 @@ export function getDescriptor(node: ts.Node, program: ts.Program): Descriptor | } if (ts.isTypeLiteralNode(node) || ts.isInterfaceDeclaration(node)) { return node.members.reduce((acc, m) => { - acc[m.name?.getText() || ''] = getDescriptor(m, program); - return acc; - }, {} as any); + const key = m.name?.getText(); + if (key) { + return { ...acc, [key]: getDescriptor(m, program) }; + } else { + return { ...acc, ...getDescriptor(m, program) }; + } + }, {}); } // If it's defined as signature { [key: string]: OtherInterface } @@ -114,6 +118,10 @@ export function getDescriptor(node: ts.Node, program: ts.Program): Descriptor | if (symbolName === 'Date') { return { kind: TelemetryKinds.Date, type: 'Date' }; } + // Support `Record` + if (symbolName === 'Record' && node.typeArguments![0].kind === ts.SyntaxKind.StringKeyword) { + return { '@@INDEX@@': getDescriptor(node.typeArguments![1], program) }; + } const declaration = (symbol?.getDeclarations() || [])[0]; if (declaration) { return getDescriptor(declaration, program); @@ -157,6 +165,19 @@ export function getDescriptor(node: ts.Node, program: ts.Program): Descriptor | return uniqueKinds[0]; } + // Support `type MyUsageType = SomethingElse` + if (ts.isTypeAliasDeclaration(node)) { + return getDescriptor(node.type, program); + } + + // Support `&` unions + if (ts.isIntersectionTypeNode(node)) { + return node.types.reduce( + (acc, unionNode) => ({ ...acc, ...getDescriptor(unionNode, program) }), + {} + ); + } + switch (node.kind) { case ts.SyntaxKind.NumberKeyword: case ts.SyntaxKind.BooleanKeyword: diff --git a/packages/kbn-telemetry-tools/src/tools/utils.ts b/packages/kbn-telemetry-tools/src/tools/utils.ts index 3d6764117374c..e8e1b3fed1aef 100644 --- a/packages/kbn-telemetry-tools/src/tools/utils.ts +++ b/packages/kbn-telemetry-tools/src/tools/utils.ts @@ -249,7 +249,7 @@ export function difference(actual: any, expected: any) { function (result, value, key) { if (key && /@@INDEX@@/.test(`${key}`)) { // The type definition is an Index Signature, fuzzy searching for similar keys - const regexp = new RegExp(`${key}`.replace(/@@INDEX@@/g, '(.+)?')); + const regexp = new RegExp(`^${key}`.replace(/@@INDEX@@/g, '(.+)?')); const keysInBase = Object.keys(base) .map((k) => { const match = k.match(regexp); diff --git a/src/fixtures/telemetry_collectors/constants.ts b/src/fixtures/telemetry_collectors/constants.ts index 4aac9e66cdbdb..d4c9a1f85c4d7 100644 --- a/src/fixtures/telemetry_collectors/constants.ts +++ b/src/fixtures/telemetry_collectors/constants.ts @@ -51,3 +51,7 @@ export const externallyDefinedSchema: MakeSchemaFrom<{ locale: string }> = { type: 'keyword', }, }; + +export type TypeAliasWithUnion = Usage & WithUnion; + +export type TypeAliasWithRecord = Usage & Record; diff --git a/x-pack/.telemetryrc.json b/x-pack/.telemetryrc.json index 2c16491c1096b..30b2178259d68 100644 --- a/x-pack/.telemetryrc.json +++ b/x-pack/.telemetryrc.json @@ -7,7 +7,6 @@ "plugins/apm/server/lib/apm_telemetry/index.ts", "plugins/canvas/server/collectors/collector.ts", "plugins/infra/server/usage/usage_collector.ts", - "plugins/lens/server/usage/collectors.ts", "plugins/reporting/server/usage/reporting_usage_collector.ts", "plugins/maps/server/maps_telemetry/collectors/register.ts" ] diff --git a/x-pack/plugins/lens/server/usage/collectors.ts b/x-pack/plugins/lens/server/usage/collectors.ts index 3f033bd3b03d0..c32fc0371ed8a 100644 --- a/x-pack/plugins/lens/server/usage/collectors.ts +++ b/x-pack/plugins/lens/server/usage/collectors.ts @@ -10,6 +10,7 @@ import { UsageCollectionSetup } from 'src/plugins/usage_collection/server'; import { TaskManagerStartContract } from '../../../task_manager/server'; import { LensUsage, LensTelemetryState } from './types'; +import { lensUsageSchema } from './schema'; export function registerLensUsageCollector( usageCollection: UsageCollectionSetup, @@ -20,9 +21,9 @@ export function registerLensUsageCollector( // mark lensUsageCollector as ready to collect when the TaskManager is ready isCollectorReady = true; }); - const lensUsageCollector = usageCollection.makeUsageCollector({ + const lensUsageCollector = usageCollection.makeUsageCollector({ type: 'lens', - fetch: async (): Promise => { + async fetch() { try { const docs = await getLatestTaskState(await taskManager); // get the accumulated state from the recurring task @@ -55,6 +56,7 @@ export function registerLensUsageCollector( } }, isReady: () => isCollectorReady, + schema: lensUsageSchema, }); usageCollection.registerCollector(lensUsageCollector); diff --git a/x-pack/plugins/lens/server/usage/schema.ts b/x-pack/plugins/lens/server/usage/schema.ts new file mode 100644 index 0000000000000..a35d4d91845ee --- /dev/null +++ b/x-pack/plugins/lens/server/usage/schema.ts @@ -0,0 +1,83 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License; + * you may not use this file except in compliance with the Elastic License. + */ + +import { MakeSchemaFrom } from 'src/plugins/usage_collection/server'; +import { LensUsage } from './types'; + +const eventsSchema: MakeSchemaFrom = { + app_query_change: { type: 'long' }, + indexpattern_field_info_click: { type: 'long' }, + loaded: { type: 'long' }, + app_filters_updated: { type: 'long' }, + app_date_change: { type: 'long' }, + save_failed: { type: 'long' }, + loaded_404: { type: 'long' }, + drop_total: { type: 'long' }, + chart_switch: { type: 'long' }, + suggestion_confirmed: { type: 'long' }, + suggestion_clicked: { type: 'long' }, + drop_onto_workspace: { type: 'long' }, + drop_non_empty: { type: 'long' }, + drop_empty: { type: 'long' }, + indexpattern_changed: { type: 'long' }, + indexpattern_filters_cleared: { type: 'long' }, + indexpattern_type_filter_toggled: { type: 'long' }, + indexpattern_existence_toggled: { type: 'long' }, + indexpattern_show_all_fields_clicked: { type: 'long' }, + drop_onto_dimension: { type: 'long' }, + indexpattern_dimension_removed: { type: 'long' }, + indexpattern_dimension_field_changed: { type: 'long' }, + xy_change_layer_display: { type: 'long' }, + xy_layer_removed: { type: 'long' }, + xy_layer_added: { type: 'long' }, + indexpattern_dimension_operation_terms: { type: 'long' }, + indexpattern_dimension_operation_date_histogram: { type: 'long' }, + indexpattern_dimension_operation_avg: { type: 'long' }, + indexpattern_dimension_operation_min: { type: 'long' }, + indexpattern_dimension_operation_max: { type: 'long' }, + indexpattern_dimension_operation_sum: { type: 'long' }, + indexpattern_dimension_operation_count: { type: 'long' }, + indexpattern_dimension_operation_cardinality: { type: 'long' }, + indexpattern_dimension_operation_filters: { type: 'long' }, +}; + +const suggestionEventsSchema: MakeSchemaFrom = { + back_to_current: { type: 'long' }, + reload: { type: 'long' }, +}; + +const savedSchema: MakeSchemaFrom = { + bar: { type: 'long' }, + bar_horizontal: { type: 'long' }, + line: { type: 'long' }, + area: { type: 'long' }, + bar_stacked: { type: 'long' }, + bar_percentage_stacked: { type: 'long' }, + bar_horizontal_stacked: { type: 'long' }, + bar_horizontal_percentage_stacked: { type: 'long' }, + area_stacked: { type: 'long' }, + area_percentage_stacked: { type: 'long' }, + lnsDatatable: { type: 'long' }, + lnsPie: { type: 'long' }, + lnsMetric: { type: 'long' }, +}; + +export const lensUsageSchema: MakeSchemaFrom = { + // LensClickUsage + events_30_days: eventsSchema, + events_90_days: eventsSchema, + suggestion_events_30_days: suggestionEventsSchema, + suggestion_events_90_days: suggestionEventsSchema, + + // LensVisualizationUsage + saved_overall_total: { type: 'long' }, + saved_30_days_total: { type: 'long' }, + saved_90_days_total: { type: 'long' }, + + saved_overall: savedSchema, + saved_30_days: savedSchema, + saved_90_days: savedSchema, +}; diff --git a/x-pack/plugins/telemetry_collection_xpack/schema/xpack_plugins.json b/x-pack/plugins/telemetry_collection_xpack/schema/xpack_plugins.json index 904b14a7459ad..86b7889957c9f 100644 --- a/x-pack/plugins/telemetry_collection_xpack/schema/xpack_plugins.json +++ b/x-pack/plugins/telemetry_collection_xpack/schema/xpack_plugins.json @@ -155,6 +155,380 @@ } } }, + "lens": { + "properties": { + "events_30_days": { + "properties": { + "app_query_change": { + "type": "long" + }, + "indexpattern_field_info_click": { + "type": "long" + }, + "loaded": { + "type": "long" + }, + "app_filters_updated": { + "type": "long" + }, + "app_date_change": { + "type": "long" + }, + "save_failed": { + "type": "long" + }, + "loaded_404": { + "type": "long" + }, + "drop_total": { + "type": "long" + }, + "chart_switch": { + "type": "long" + }, + "suggestion_confirmed": { + "type": "long" + }, + "suggestion_clicked": { + "type": "long" + }, + "drop_onto_workspace": { + "type": "long" + }, + "drop_non_empty": { + "type": "long" + }, + "drop_empty": { + "type": "long" + }, + "indexpattern_changed": { + "type": "long" + }, + "indexpattern_filters_cleared": { + "type": "long" + }, + "indexpattern_type_filter_toggled": { + "type": "long" + }, + "indexpattern_existence_toggled": { + "type": "long" + }, + "indexpattern_show_all_fields_clicked": { + "type": "long" + }, + "drop_onto_dimension": { + "type": "long" + }, + "indexpattern_dimension_removed": { + "type": "long" + }, + "indexpattern_dimension_field_changed": { + "type": "long" + }, + "xy_change_layer_display": { + "type": "long" + }, + "xy_layer_removed": { + "type": "long" + }, + "xy_layer_added": { + "type": "long" + }, + "indexpattern_dimension_operation_terms": { + "type": "long" + }, + "indexpattern_dimension_operation_date_histogram": { + "type": "long" + }, + "indexpattern_dimension_operation_avg": { + "type": "long" + }, + "indexpattern_dimension_operation_min": { + "type": "long" + }, + "indexpattern_dimension_operation_max": { + "type": "long" + }, + "indexpattern_dimension_operation_sum": { + "type": "long" + }, + "indexpattern_dimension_operation_count": { + "type": "long" + }, + "indexpattern_dimension_operation_cardinality": { + "type": "long" + }, + "indexpattern_dimension_operation_filters": { + "type": "long" + } + } + }, + "events_90_days": { + "properties": { + "app_query_change": { + "type": "long" + }, + "indexpattern_field_info_click": { + "type": "long" + }, + "loaded": { + "type": "long" + }, + "app_filters_updated": { + "type": "long" + }, + "app_date_change": { + "type": "long" + }, + "save_failed": { + "type": "long" + }, + "loaded_404": { + "type": "long" + }, + "drop_total": { + "type": "long" + }, + "chart_switch": { + "type": "long" + }, + "suggestion_confirmed": { + "type": "long" + }, + "suggestion_clicked": { + "type": "long" + }, + "drop_onto_workspace": { + "type": "long" + }, + "drop_non_empty": { + "type": "long" + }, + "drop_empty": { + "type": "long" + }, + "indexpattern_changed": { + "type": "long" + }, + "indexpattern_filters_cleared": { + "type": "long" + }, + "indexpattern_type_filter_toggled": { + "type": "long" + }, + "indexpattern_existence_toggled": { + "type": "long" + }, + "indexpattern_show_all_fields_clicked": { + "type": "long" + }, + "drop_onto_dimension": { + "type": "long" + }, + "indexpattern_dimension_removed": { + "type": "long" + }, + "indexpattern_dimension_field_changed": { + "type": "long" + }, + "xy_change_layer_display": { + "type": "long" + }, + "xy_layer_removed": { + "type": "long" + }, + "xy_layer_added": { + "type": "long" + }, + "indexpattern_dimension_operation_terms": { + "type": "long" + }, + "indexpattern_dimension_operation_date_histogram": { + "type": "long" + }, + "indexpattern_dimension_operation_avg": { + "type": "long" + }, + "indexpattern_dimension_operation_min": { + "type": "long" + }, + "indexpattern_dimension_operation_max": { + "type": "long" + }, + "indexpattern_dimension_operation_sum": { + "type": "long" + }, + "indexpattern_dimension_operation_count": { + "type": "long" + }, + "indexpattern_dimension_operation_cardinality": { + "type": "long" + }, + "indexpattern_dimension_operation_filters": { + "type": "long" + } + } + }, + "suggestion_events_30_days": { + "properties": { + "back_to_current": { + "type": "long" + }, + "reload": { + "type": "long" + } + } + }, + "suggestion_events_90_days": { + "properties": { + "back_to_current": { + "type": "long" + }, + "reload": { + "type": "long" + } + } + }, + "saved_overall_total": { + "type": "long" + }, + "saved_30_days_total": { + "type": "long" + }, + "saved_90_days_total": { + "type": "long" + }, + "saved_overall": { + "properties": { + "bar": { + "type": "long" + }, + "bar_horizontal": { + "type": "long" + }, + "line": { + "type": "long" + }, + "area": { + "type": "long" + }, + "bar_stacked": { + "type": "long" + }, + "bar_percentage_stacked": { + "type": "long" + }, + "bar_horizontal_stacked": { + "type": "long" + }, + "bar_horizontal_percentage_stacked": { + "type": "long" + }, + "area_stacked": { + "type": "long" + }, + "area_percentage_stacked": { + "type": "long" + }, + "lnsDatatable": { + "type": "long" + }, + "lnsPie": { + "type": "long" + }, + "lnsMetric": { + "type": "long" + } + } + }, + "saved_30_days": { + "properties": { + "bar": { + "type": "long" + }, + "bar_horizontal": { + "type": "long" + }, + "line": { + "type": "long" + }, + "area": { + "type": "long" + }, + "bar_stacked": { + "type": "long" + }, + "bar_percentage_stacked": { + "type": "long" + }, + "bar_horizontal_stacked": { + "type": "long" + }, + "bar_horizontal_percentage_stacked": { + "type": "long" + }, + "area_stacked": { + "type": "long" + }, + "area_percentage_stacked": { + "type": "long" + }, + "lnsDatatable": { + "type": "long" + }, + "lnsPie": { + "type": "long" + }, + "lnsMetric": { + "type": "long" + } + } + }, + "saved_90_days": { + "properties": { + "bar": { + "type": "long" + }, + "bar_horizontal": { + "type": "long" + }, + "line": { + "type": "long" + }, + "area": { + "type": "long" + }, + "bar_stacked": { + "type": "long" + }, + "bar_percentage_stacked": { + "type": "long" + }, + "bar_horizontal_stacked": { + "type": "long" + }, + "bar_horizontal_percentage_stacked": { + "type": "long" + }, + "area_stacked": { + "type": "long" + }, + "area_percentage_stacked": { + "type": "long" + }, + "lnsDatatable": { + "type": "long" + }, + "lnsPie": { + "type": "long" + }, + "lnsMetric": { + "type": "long" + } + } + } + } + }, "mlTelemetry": { "properties": { "file_data_visualizer": { From 3618cef1a4a921ae73dfcee2785585beda2220c7 Mon Sep 17 00:00:00 2001 From: Shahzad Date: Thu, 24 Sep 2020 13:26:00 +0200 Subject: [PATCH 07/63] [UX] Update csm app name to UX (#78179) --- .../support/step_definitions/csm/csm_dashboard.ts | 2 +- x-pack/plugins/apm/public/application/csmApp.tsx | 6 +++--- .../apm/public/components/app/RumDashboard/RumHome.tsx | 10 +++++----- .../ClientSideMonitoringCallout.tsx | 4 ++-- x-pack/plugins/apm/public/plugin.ts | 4 ++-- x-pack/plugins/apm/server/feature.ts | 8 ++++---- .../apps/apm/feature_controls/apm_security.ts | 4 ++-- 7 files changed, 19 insertions(+), 19 deletions(-) diff --git a/x-pack/plugins/apm/e2e/cypress/support/step_definitions/csm/csm_dashboard.ts b/x-pack/plugins/apm/e2e/cypress/support/step_definitions/csm/csm_dashboard.ts index 461e2960c5e02..28af4fd5d8a56 100644 --- a/x-pack/plugins/apm/e2e/cypress/support/step_definitions/csm/csm_dashboard.ts +++ b/x-pack/plugins/apm/e2e/cypress/support/step_definitions/csm/csm_dashboard.ts @@ -16,7 +16,7 @@ Given(`a user browses the APM UI application for RUM Data`, () => { const RANGE_FROM = 'now-24h'; const RANGE_TO = 'now'; loginAndWaitForPage( - `/app/csm`, + `/app/ux`, { from: RANGE_FROM, to: RANGE_TO, diff --git a/x-pack/plugins/apm/public/application/csmApp.tsx b/x-pack/plugins/apm/public/application/csmApp.tsx index c63ec3700c877..5ebe14b663f56 100644 --- a/x-pack/plugins/apm/public/application/csmApp.tsx +++ b/x-pack/plugins/apm/public/application/csmApp.tsx @@ -20,7 +20,7 @@ import { import { APMRouteDefinition } from '../application/routes'; import { renderAsRedirectTo } from '../components/app/Main/route_config'; import { ScrollToTopOnPathChange } from '../components/app/Main/ScrollToTopOnPathChange'; -import { RumHome } from '../components/app/RumDashboard/RumHome'; +import { RumHome, UX_LABEL } from '../components/app/RumDashboard/RumHome'; import { ApmPluginContext } from '../context/ApmPluginContext'; import { LoadingIndicatorProvider } from '../context/LoadingIndicatorContext'; import { UrlParamsProvider } from '../context/UrlParamsContext'; @@ -39,8 +39,8 @@ export const rumRoutes: APMRouteDefinition[] = [ { exact: true, path: '/', - render: renderAsRedirectTo('/csm'), - breadcrumb: 'Client Side Monitoring', + render: renderAsRedirectTo('/ux'), + breadcrumb: UX_LABEL, }, ]; diff --git a/x-pack/plugins/apm/public/components/app/RumDashboard/RumHome.tsx b/x-pack/plugins/apm/public/components/app/RumDashboard/RumHome.tsx index 24da5e9ef3897..9abf792d7a0cf 100644 --- a/x-pack/plugins/apm/public/components/app/RumDashboard/RumHome.tsx +++ b/x-pack/plugins/apm/public/components/app/RumDashboard/RumHome.tsx @@ -10,6 +10,10 @@ import { i18n } from '@kbn/i18n'; import { RumOverview } from '../RumDashboard'; import { RumHeader } from './RumHeader'; +export const UX_LABEL = i18n.translate('xpack.apm.ux.title', { + defaultMessage: 'User Experience', +}); + export function RumHome() { return (
@@ -17,11 +21,7 @@ export function RumHome() { -

- {i18n.translate('xpack.apm.csm.title', { - defaultMessage: 'Client Side Monitoring', - })} -

+

{UX_LABEL}

 diff --git a/x-pack/plugins/apm/public/components/app/TransactionOverview/ClientSideMonitoringCallout.tsx b/x-pack/plugins/apm/public/components/app/TransactionOverview/ClientSideMonitoringCallout.tsx index b6938b211994d..becae4d7eb5d7 100644 --- a/x-pack/plugins/apm/public/components/app/TransactionOverview/ClientSideMonitoringCallout.tsx +++ b/x-pack/plugins/apm/public/components/app/TransactionOverview/ClientSideMonitoringCallout.tsx @@ -11,14 +11,14 @@ import { useApmPluginContext } from '../../../hooks/useApmPluginContext'; export function ClientSideMonitoringCallout() { const { core } = useApmPluginContext(); - const clientSideMonitoringHref = core.http.basePath.prepend(`/app/csm`); + const clientSideMonitoringHref = core.http.basePath.prepend(`/app/ux`); return ( diff --git a/x-pack/plugins/apm/public/plugin.ts b/x-pack/plugins/apm/public/plugin.ts index ab3f1026a92dd..dd9659a4cd1be 100644 --- a/x-pack/plugins/apm/public/plugin.ts +++ b/x-pack/plugins/apm/public/plugin.ts @@ -120,8 +120,8 @@ export class ApmPlugin implements Plugin { }); core.application.register({ - id: 'csm', - title: 'Client Side Monitoring', + id: 'ux', + title: 'User Experience', order: 8500, euiIconType: 'logoObservability', category: DEFAULT_APP_CATEGORIES.observability, diff --git a/x-pack/plugins/apm/server/feature.ts b/x-pack/plugins/apm/server/feature.ts index 14d8e2c3a4d50..75d8842d4843b 100644 --- a/x-pack/plugins/apm/server/feature.ts +++ b/x-pack/plugins/apm/server/feature.ts @@ -16,13 +16,13 @@ import { export const APM_FEATURE = { id: 'apm', name: i18n.translate('xpack.apm.featureRegistry.apmFeatureName', { - defaultMessage: 'APM and Client Side Monitoring', + defaultMessage: 'APM and User Experience', }), order: 900, category: DEFAULT_APP_CATEGORIES.observability, icon: 'apmApp', navLinkId: 'apm', - app: ['apm', 'csm', 'kibana'], + app: ['apm', 'ux', 'kibana'], catalogue: ['apm'], management: { insightsAndAlerting: ['triggersActions'], @@ -31,7 +31,7 @@ export const APM_FEATURE = { // see x-pack/plugins/features/common/feature_kibana_privileges.ts privileges: { all: { - app: ['apm', 'csm', 'kibana'], + app: ['apm', 'ux', 'kibana'], api: ['apm', 'apm_write'], catalogue: ['apm'], savedObject: { @@ -47,7 +47,7 @@ export const APM_FEATURE = { ui: ['show', 'save', 'alerting:show', 'alerting:save'], }, read: { - app: ['apm', 'csm', 'kibana'], + app: ['apm', 'ux', 'kibana'], api: ['apm'], catalogue: ['apm'], savedObject: { diff --git a/x-pack/test/functional/apps/apm/feature_controls/apm_security.ts b/x-pack/test/functional/apps/apm/feature_controls/apm_security.ts index b93039c8fb0e4..3099057f65b80 100644 --- a/x-pack/test/functional/apps/apm/feature_controls/apm_security.ts +++ b/x-pack/test/functional/apps/apm/feature_controls/apm_security.ts @@ -63,7 +63,7 @@ export default function ({ getPageObjects, getService }: FtrProviderContext) { expect(navLinks.map((link) => link.text)).to.eql([ 'Overview', 'APM', - 'Client Side Monitoring', + 'User Experience', 'Stack Management', ]); }); @@ -114,7 +114,7 @@ export default function ({ getPageObjects, getService }: FtrProviderContext) { it('shows apm navlink', async () => { const navLinks = (await appsMenu.readLinks()).map((link) => link.text); - expect(navLinks).to.eql(['Overview', 'APM', 'Client Side Monitoring', 'Stack Management']); + expect(navLinks).to.eql(['Overview', 'APM', 'User Experience', 'Stack Management']); }); it('can navigate to APM app', async () => { From 89e1f087a23f82de2b5fb85dabc32cde2555885d Mon Sep 17 00:00:00 2001 From: Anton Dosov Date: Thu, 24 Sep 2020 15:02:59 +0200 Subject: [PATCH 08/63] bump @testing-library (#78270) --- package.json | 13 +- src/dev/jest/setup/react_testing_library.js | 2 +- x-pack/package.json | 11 +- .../apm/public/hooks/useFetcher.test.tsx | 19 +- .../hooks/use_metrics_explorer_data.test.tsx | 15 +- .../user_action_tree/index.test.tsx | 26 +-- .../components/open_timeline/index.test.tsx | 18 +- .../step_define/step_define_form.test.tsx | 5 +- .../action_wizard/action_wizard.test.tsx | 2 +- ...onnected_flyout_manage_drilldowns.test.tsx | 6 +- yarn.lock | 205 +++++++++++------- 11 files changed, 198 insertions(+), 124 deletions(-) diff --git a/package.json b/package.json index 57f5ac16059c9..69df2818bb242 100644 --- a/package.json +++ b/package.json @@ -248,8 +248,11 @@ "@microsoft/api-documenter": "7.7.2", "@microsoft/api-extractor": "7.7.0", "@percy/agent": "^0.26.0", - "@testing-library/react": "^9.3.2", - "@testing-library/react-hooks": "^3.2.1", + "@testing-library/dom": "^7.24.2", + "@testing-library/jest-dom": "^5.11.4", + "@testing-library/react": "^11.0.4", + "@testing-library/react-hooks": "^3.4.1", + "@testing-library/user-event": "^12.1.6", "@types/accept": "3.1.1", "@types/angular": "^1.6.56", "@types/angular-mocks": "^1.7.0", @@ -329,10 +332,8 @@ "@types/supertest": "^2.0.5", "@types/supertest-as-promised": "^2.0.38", "@types/tar": "^4.0.3", - "@types/testing-library__dom": "^6.10.0", - "@types/testing-library__jest-dom": "^5.7.0", - "@types/testing-library__react": "^9.1.2", - "@types/testing-library__react-hooks": "^3.1.0", + "@types/testing-library__jest-dom": "^5.9.2", + "@types/testing-library__react-hooks": "^3.4.0", "@types/type-detect": "^4.0.1", "@types/uuid": "^3.4.4", "@types/vinyl": "^2.0.4", diff --git a/src/dev/jest/setup/react_testing_library.js b/src/dev/jest/setup/react_testing_library.js index 41f58354844a3..84b5b6096e79b 100644 --- a/src/dev/jest/setup/react_testing_library.js +++ b/src/dev/jest/setup/react_testing_library.js @@ -29,4 +29,4 @@ import '@testing-library/jest-dom'; import { configure } from '@testing-library/react/pure'; // instead of default 'data-testid', use kibana's 'data-test-subj' -configure({ testIdAttribute: 'data-test-subj' }); +configure({ testIdAttribute: 'data-test-subj', asyncUtilTimeout: 4500 }); diff --git a/x-pack/package.json b/x-pack/package.json index 3af97ed16ed6f..806b4cd5e2ee8 100644 --- a/x-pack/package.json +++ b/x-pack/package.json @@ -50,9 +50,11 @@ "@storybook/addon-storyshots": "^5.3.19", "@storybook/react": "^5.3.19", "@storybook/theming": "^5.3.19", - "@testing-library/jest-dom": "^5.8.0", - "@testing-library/react": "^9.3.2", - "@testing-library/react-hooks": "^3.2.1", + "@testing-library/dom": "^7.24.2", + "@testing-library/jest-dom": "^5.11.4", + "@testing-library/react": "^11.0.4", + "@testing-library/react-hooks": "^3.4.1", + "@testing-library/user-event": "^12.1.6", "@turf/bbox": "6.0.1", "@turf/bbox-polygon": "6.0.1", "@turf/boolean-contains": "6.0.1", @@ -126,7 +128,8 @@ "@types/styled-components": "^5.1.0", "@types/supertest": "^2.0.5", "@types/tar-fs": "^1.16.1", - "@types/testing-library__jest-dom": "^5.7.0", + "@types/testing-library__jest-dom": "^5.9.2", + "@types/testing-library__react-hooks": "^3.4.0", "@types/tinycolor2": "^1.4.1", "@types/use-resize-observer": "^6.0.0", "@types/uuid": "^3.4.4", diff --git a/x-pack/plugins/apm/public/hooks/useFetcher.test.tsx b/x-pack/plugins/apm/public/hooks/useFetcher.test.tsx index 2db4659c83603..59dd9455c724c 100644 --- a/x-pack/plugins/apm/public/hooks/useFetcher.test.tsx +++ b/x-pack/plugins/apm/public/hooks/useFetcher.test.tsx @@ -4,17 +4,23 @@ * you may not use this file except in compliance with the Elastic License. */ -import { renderHook } from '@testing-library/react-hooks'; +import { renderHook, RenderHookResult } from '@testing-library/react-hooks'; import { delay } from '../utils/testHelpers'; -import { useFetcher } from './useFetcher'; +import { FetcherResult, useFetcher } from './useFetcher'; import { MockApmPluginContextWrapper } from '../context/ApmPluginContext/MockApmPluginContext'; +import { ApmPluginContextValue } from '../context/ApmPluginContext'; // Wrap the hook with a provider so it can useApmPluginContext const wrapper = MockApmPluginContextWrapper; describe('useFetcher', () => { describe('when resolving after 500ms', () => { - let hook: ReturnType; + let hook: RenderHookResult< + { children?: React.ReactNode; value?: ApmPluginContextValue }, + FetcherResult & { + refetch: () => void; + } + >; beforeEach(() => { jest.useFakeTimers(); async function fn() { @@ -58,7 +64,12 @@ describe('useFetcher', () => { }); describe('when throwing after 500ms', () => { - let hook: ReturnType; + let hook: RenderHookResult< + { children?: React.ReactNode; value?: ApmPluginContextValue }, + FetcherResult & { + refetch: () => void; + } + >; beforeEach(() => { jest.useFakeTimers(); async function fn() { diff --git a/x-pack/plugins/infra/public/pages/metrics/metrics_explorer/hooks/use_metrics_explorer_data.test.tsx b/x-pack/plugins/infra/public/pages/metrics/metrics_explorer/hooks/use_metrics_explorer_data.test.tsx index b33fe5c232f01..f566e5253c615 100644 --- a/x-pack/plugins/infra/public/pages/metrics/metrics_explorer/hooks/use_metrics_explorer_data.test.tsx +++ b/x-pack/plugins/infra/public/pages/metrics/metrics_explorer/hooks/use_metrics_explorer_data.test.tsx @@ -18,6 +18,10 @@ import { resp, createSeries, } from '../../../../utils/fixtures/metrics_explorer'; +import { MetricsExplorerOptions, MetricsExplorerTimeOptions } from './use_metrics_explorer_options'; +import { SourceQuery } from '../../../../../common/graphql/types'; +import { IIndexPattern } from '../../../../../../../../src/plugins/data/public'; +import { HttpHandler } from 'kibana/public'; const mockedFetch = jest.fn(); @@ -31,7 +35,16 @@ const renderUseMetricsExplorerDataHook = () => { return {children}; }; return renderHook( - (props) => + (props: { + options: MetricsExplorerOptions; + source: SourceQuery.Query['source']['configuration'] | undefined; + derivedIndexPattern: IIndexPattern; + timeRange: MetricsExplorerTimeOptions; + afterKey: string | null | Record; + signal: any; + fetch?: HttpHandler; + shouldLoadImmediately?: boolean; + }) => useMetricsExplorerData( props.options, props.source, diff --git a/x-pack/plugins/security_solution/public/cases/components/user_action_tree/index.test.tsx b/x-pack/plugins/security_solution/public/cases/components/user_action_tree/index.test.tsx index d2bb2fb243458..0b376f26a1ae0 100644 --- a/x-pack/plugins/security_solution/public/cases/components/user_action_tree/index.test.tsx +++ b/x-pack/plugins/security_solution/public/cases/components/user_action_tree/index.test.tsx @@ -6,8 +6,7 @@ import React from 'react'; import { mount } from 'enzyme'; -// we don't have the types for waitFor just yet, so using "as waitFor" until when we do -import { wait as waitFor } from '@testing-library/react'; +import { waitFor } from '@testing-library/react'; import { act } from 'react-dom/test-utils'; import { Router, routeData, mockHistory, mockLocation } from '../__mock__/router'; @@ -364,12 +363,12 @@ describe('UserActionTree ', () => { await waitFor(() => { wrapper.update(); - }); - wrapper - .find(`[data-test-subj="description-action"] [data-test-subj="property-actions-quote"]`) - .first() - .simulate('click'); + wrapper + .find(`[data-test-subj="description-action"] [data-test-subj="property-actions-quote"]`) + .first() + .simulate('click'); + }); expect(setFieldValue).toBeCalledWith('comment', `> ${props.data.description} \n`); }); @@ -396,14 +395,13 @@ describe('UserActionTree ', () => { await waitFor(() => { wrapper.update(); + expect( + wrapper + .find(`[data-test-subj="comment-create-action-${commentId}"]`) + .first() + .hasClass('outlined') + ).toBeTruthy(); }); - - expect( - wrapper - .find(`[data-test-subj="comment-create-action-${commentId}"]`) - .first() - .hasClass('outlined') - ).toBeTruthy(); }); }); }); diff --git a/x-pack/plugins/security_solution/public/timelines/components/open_timeline/index.test.tsx b/x-pack/plugins/security_solution/public/timelines/components/open_timeline/index.test.tsx index facdc392ff7ba..64b9db59467e1 100644 --- a/x-pack/plugins/security_solution/public/timelines/components/open_timeline/index.test.tsx +++ b/x-pack/plugins/security_solution/public/timelines/components/open_timeline/index.test.tsx @@ -10,8 +10,7 @@ import React from 'react'; import { renderHook, act } from '@testing-library/react-hooks'; import { mount } from 'enzyme'; import { MockedProvider } from 'react-apollo/test-utils'; -// we don't have the types for waitFor just yet, so using "as waitFor" until when we do -import { wait as waitFor } from '@testing-library/react'; +import { waitFor } from '@testing-library/react'; import { useHistory, useParams } from 'react-router-dom'; import '../../../common/mock/match_media'; @@ -533,18 +532,15 @@ describe('StatefulOpenTimeline', () => { ); - await waitFor(() => { - wrapper.update(); + wrapper.update(); - expect( - wrapper - .find('[data-test-subj="open-timeline"]') - .last() - .prop('itemIdToExpandedNotesRowMap') - ).toEqual({}); + expect( + wrapper.find('[data-test-subj="open-timeline"]').last().prop('itemIdToExpandedNotesRowMap') + ).toEqual({}); - wrapper.find('[data-test-subj="expand-notes"]').first().simulate('click'); + wrapper.find('[data-test-subj="expand-notes"]').first().simulate('click'); + await waitFor(() => { expect( wrapper .find('[data-test-subj="open-timeline"]') diff --git a/x-pack/plugins/transform/public/app/sections/create_transform/components/step_define/step_define_form.test.tsx b/x-pack/plugins/transform/public/app/sections/create_transform/components/step_define/step_define_form.test.tsx index 986ac0a212e8a..d6526fd1db05e 100644 --- a/x-pack/plugins/transform/public/app/sections/create_transform/components/step_define/step_define_form.test.tsx +++ b/x-pack/plugins/transform/public/app/sections/create_transform/components/step_define/step_define_form.test.tsx @@ -66,7 +66,7 @@ describe('Transform: ', () => { storage: createMockStorage(), }; - const { getByLabelText } = render( + const { getByText } = render( @@ -76,7 +76,8 @@ describe('Transform: ', () => { // Act // Assert - expect(getByLabelText('Index pattern')).toBeInTheDocument(); + expect(getByText('Index pattern')).toBeInTheDocument(); + expect(getByText(searchItems.indexPattern.title)).toBeInTheDocument(); await wait(); done(); }); diff --git a/x-pack/plugins/ui_actions_enhanced/public/components/action_wizard/action_wizard.test.tsx b/x-pack/plugins/ui_actions_enhanced/public/components/action_wizard/action_wizard.test.tsx index fcea8caf9090e..26033b7f020ad 100644 --- a/x-pack/plugins/ui_actions_enhanced/public/components/action_wizard/action_wizard.test.tsx +++ b/x-pack/plugins/ui_actions_enhanced/public/components/action_wizard/action_wizard.test.tsx @@ -80,7 +80,7 @@ test('If not enough license, button is disabled', () => { // check that all factories are displayed to pick expect(screen.getAllByTestId(new RegExp(TEST_SUBJ_ACTION_FACTORY_ITEM))).toHaveLength(2); - expect(screen.getByText(/Go to URL/i)).toBeDisabled(); + expect(screen.getByTestId(/actionFactoryItem-Url/i)).toBeDisabled(); }); test('if action is beta, beta badge is shown', () => { diff --git a/x-pack/plugins/ui_actions_enhanced/public/drilldowns/components/connected_flyout_manage_drilldowns/connected_flyout_manage_drilldowns.test.tsx b/x-pack/plugins/ui_actions_enhanced/public/drilldowns/components/connected_flyout_manage_drilldowns/connected_flyout_manage_drilldowns.test.tsx index c4b07fa05c3c1..a546fabfbbc01 100644 --- a/x-pack/plugins/ui_actions_enhanced/public/drilldowns/components/connected_flyout_manage_drilldowns/connected_flyout_manage_drilldowns.test.tsx +++ b/x-pack/plugins/ui_actions_enhanced/public/drilldowns/components/connected_flyout_manage_drilldowns/connected_flyout_manage_drilldowns.test.tsx @@ -56,7 +56,8 @@ test('Allows to manage drilldowns', async () => { fireEvent.click(screen.getByText(/Create new/i)); - let [createHeading, createButton] = screen.getAllByText(/Create Drilldown/i); + let [createHeading] = screen.getAllByText(/Create Drilldown/i); + let createButton = screen.getByRole('button', { name: /Create Drilldown/i }); expect(createHeading).toBeVisible(); expect(screen.getByLabelText(/Back/i)).toBeVisible(); @@ -77,7 +78,8 @@ test('Allows to manage drilldowns', async () => { target: { value: URL }, }); - [createHeading, createButton] = screen.getAllByText(/Create Drilldown/i); + [createHeading] = screen.getAllByText(/Create Drilldown/i); + createButton = screen.getByRole('button', { name: /Create Drilldown/i }); expect(createButton).toBeEnabled(); fireEvent.click(createButton); diff --git a/yarn.lock b/yarn.lock index 3549c79970bff..afb302e17fd2c 100644 --- a/yarn.lock +++ b/yarn.lock @@ -990,6 +990,14 @@ core-js "^2.6.5" regenerator-runtime "^0.13.4" +"@babel/runtime-corejs3@^7.10.2": + version "7.11.2" + resolved "https://registry.yarnpkg.com/@babel/runtime-corejs3/-/runtime-corejs3-7.11.2.tgz#02c3029743150188edeb66541195f54600278419" + integrity sha512-qh5IR+8VgFz83VBa6OkaET6uN/mJOhHONuy3m1sgF0CV6mXdPSEBdA7e1eUbVvyNtANjMbg22JUv71BaDXLY6A== + dependencies: + core-js-pure "^3.0.0" + regenerator-runtime "^0.13.4" + "@babel/runtime@7.3.4": version "7.3.4" resolved "https://registry.yarnpkg.com/@babel/runtime/-/runtime-7.3.4.tgz#73d12ba819e365fcf7fd152aed56d6df97d21c83" @@ -997,7 +1005,7 @@ dependencies: regenerator-runtime "^0.12.0" -"@babel/runtime@^7.0.0", "@babel/runtime@^7.1.2", "@babel/runtime@^7.11.2", "@babel/runtime@^7.3.1", "@babel/runtime@^7.4.4", "@babel/runtime@^7.4.5", "@babel/runtime@^7.5.0", "@babel/runtime@^7.5.4", "@babel/runtime@^7.5.5", "@babel/runtime@^7.6.0", "@babel/runtime@^7.6.2", "@babel/runtime@^7.6.3", "@babel/runtime@^7.7.2", "@babel/runtime@^7.7.6", "@babel/runtime@^7.8.4", "@babel/runtime@^7.8.7", "@babel/runtime@^7.9.2": +"@babel/runtime@^7.0.0", "@babel/runtime@^7.1.2", "@babel/runtime@^7.10.2", "@babel/runtime@^7.10.3", "@babel/runtime@^7.11.2", "@babel/runtime@^7.3.1", "@babel/runtime@^7.4.4", "@babel/runtime@^7.4.5", "@babel/runtime@^7.5.0", "@babel/runtime@^7.5.4", "@babel/runtime@^7.5.5", "@babel/runtime@^7.6.2", "@babel/runtime@^7.6.3", "@babel/runtime@^7.7.2", "@babel/runtime@^7.7.6", "@babel/runtime@^7.8.4", "@babel/runtime@^7.8.7", "@babel/runtime@^7.9.2": version "7.11.2" resolved "https://registry.yarnpkg.com/@babel/runtime/-/runtime-7.11.2.tgz#f549c13c754cc40b87644b9fa9f09a6a95fe0736" integrity sha512-TeWkU52so0mPtDcaCTxNBI/IHiz0pZgr8VEFqXFtZWpYD08ZB6FaSwVAS8MKRQAP3bYKiVjwysOJgMFY28o6Tw== @@ -1844,6 +1852,17 @@ "@types/yargs" "^15.0.0" chalk "^3.0.0" +"@jest/types@^26.3.0": + version "26.3.0" + resolved "https://registry.yarnpkg.com/@jest/types/-/types-26.3.0.tgz#97627bf4bdb72c55346eef98e3b3f7ddc4941f71" + integrity sha512-BDPG23U0qDeAvU4f99haztXwdAg3hz4El95LkAM+tHAqqhiVzRpEGHHU8EDxT/AnxOrA65YjLBwDahdJ9pTLJQ== + dependencies: + "@types/istanbul-lib-coverage" "^2.0.0" + "@types/istanbul-reports" "^3.0.0" + "@types/node" "*" + "@types/yargs" "^15.0.0" + chalk "^4.0.0" + "@jimp/bmp@^0.14.0": version "0.14.0" resolved "https://registry.yarnpkg.com/@jimp/bmp/-/bmp-0.14.0.tgz#6df246026554f276f7b354047c6fff9f5b2b5182" @@ -2720,11 +2739,6 @@ dependencies: url-pattern "^1.0.3" -"@sheerun/mutationobserver-shim@^0.3.2": - version "0.3.2" - resolved "https://registry.yarnpkg.com/@sheerun/mutationobserver-shim/-/mutationobserver-shim-0.3.2.tgz#8013f2af54a2b7d735f71560ff360d3a8176a87b" - integrity sha512-vTCdPp/T/Q3oSqwHmZ5Kpa9oI7iLtGl3RQaA/NyLHikvcrPxACkkKVr/XzkSPJWXHRhKGzVvb0urJsbMlRxi1Q== - "@sindresorhus/is@^0.14.0": version "0.14.0" resolved "https://registry.yarnpkg.com/@sindresorhus/is/-/is-0.14.0.tgz#9fb3a3cf3132328151f353de4632e01e52102bea" @@ -3342,49 +3356,55 @@ resolved "https://registry.yarnpkg.com/@testim/chrome-version/-/chrome-version-1.0.7.tgz#0cd915785ec4190f08a3a6acc9b61fc38fb5f1a9" integrity sha512-8UT/J+xqCYfn3fKtOznAibsHpiuDshCb0fwgWxRazTT19Igp9ovoXMPhXyLD6m3CKQGTMHgqoxaFfMWaL40Rnw== -"@testing-library/dom@^6.3.0": - version "6.10.1" - resolved "https://registry.yarnpkg.com/@testing-library/dom/-/dom-6.10.1.tgz#da5bf5065d3f9e484aef4cc495f4e1a5bea6df2e" - integrity sha512-5BPKxaO+zSJDUbVZBRNf9KrmDkm/EcjjaHSg3F9+031VZyPACKXlwLBjVzZxheunT9m72DoIq7WvyE457/Xweg== +"@testing-library/dom@^7.24.2": + version "7.24.2" + resolved "https://registry.yarnpkg.com/@testing-library/dom/-/dom-7.24.2.tgz#6d2b7dd21efbd5358b98c2777fc47c252f3ae55e" + integrity sha512-ERxcZSoHx0EcN4HfshySEWmEf5Kkmgi+J7O79yCJ3xggzVlBJ2w/QjJUC+EBkJJ2OeSw48i3IoePN4w8JlVUIA== dependencies: - "@babel/runtime" "^7.6.2" - "@sheerun/mutationobserver-shim" "^0.3.2" - "@types/testing-library__dom" "^6.0.0" - aria-query "3.0.0" - pretty-format "^24.9.0" - wait-for-expect "^3.0.0" + "@babel/code-frame" "^7.10.4" + "@babel/runtime" "^7.10.3" + "@types/aria-query" "^4.2.0" + aria-query "^4.2.2" + chalk "^4.1.0" + dom-accessibility-api "^0.5.1" + pretty-format "^26.4.2" -"@testing-library/jest-dom@^5.8.0": - version "5.8.0" - resolved "https://registry.yarnpkg.com/@testing-library/jest-dom/-/jest-dom-5.8.0.tgz#815e830129c4dda6c8e9a725046397acec523669" - integrity sha512-9Y4FxYIxfwHpUyJVqI8EOfDP2LlEBqKwXE3F+V8ightji0M2rzQB+9kqZ5UJxNs+9oXJIgvYj7T3QaXLNHVDMw== +"@testing-library/jest-dom@^5.11.4": + version "5.11.4" + resolved "https://registry.yarnpkg.com/@testing-library/jest-dom/-/jest-dom-5.11.4.tgz#f325c600db352afb92995c2576022b35621ddc99" + integrity sha512-6RRn3epuweBODDIv3dAlWjOEHQLpGJHB2i912VS3JQtsD22+ENInhdDNl4ZZQiViLlIfFinkSET/J736ytV9sw== dependencies: "@babel/runtime" "^7.9.2" - "@types/testing-library__jest-dom" "^5.0.2" + "@types/testing-library__jest-dom" "^5.9.1" + aria-query "^4.2.2" chalk "^3.0.0" - css "^2.2.4" + css "^3.0.0" css.escape "^1.5.1" - jest-diff "^25.1.0" - jest-matcher-utils "^25.1.0" lodash "^4.17.15" redent "^3.0.0" -"@testing-library/react-hooks@^3.2.1": - version "3.2.1" - resolved "https://registry.yarnpkg.com/@testing-library/react-hooks/-/react-hooks-3.2.1.tgz#19b6caa048ef15faa69d439c469033873ea01294" - integrity sha512-1OB6Ksvlk6BCJA1xpj8/WWz0XVd1qRcgqdaFAq+xeC6l61Ucj0P6QpA5u+Db/x9gU4DCX8ziR5b66Mlfg0M2RA== +"@testing-library/react-hooks@^3.4.1": + version "3.4.1" + resolved "https://registry.yarnpkg.com/@testing-library/react-hooks/-/react-hooks-3.4.1.tgz#1f8ccd21208086ec228d9743fe40b69d0efcd7e5" + integrity sha512-LbzvE7oKsVzuW1cxA/aOeNgeVvmHWG2p/WSzalIGyWuqZT3jVcNDT5KPEwy36sUYWde0Qsh32xqIUFXukeywXg== dependencies: "@babel/runtime" "^7.5.4" - "@types/testing-library__react-hooks" "^3.0.0" + "@types/testing-library__react-hooks" "^3.3.0" -"@testing-library/react@^9.3.2": - version "9.3.2" - resolved "https://registry.yarnpkg.com/@testing-library/react/-/react-9.3.2.tgz#418000daa980dafd2d9420cc733d661daece9aa0" - integrity sha512-J6ftWtm218tOLS175MF9eWCxGp+X+cUXCpkPIin8KAXWtyZbr9CbqJ8M8QNd6spZxJDAGlw+leLG4MJWLlqVgg== +"@testing-library/react@^11.0.4": + version "11.0.4" + resolved "https://registry.yarnpkg.com/@testing-library/react/-/react-11.0.4.tgz#c84082bfe1593d8fcd475d46baee024452f31dee" + integrity sha512-U0fZO2zxm7M0CB5h1+lh31lbAwMSmDMEMGpMT3BUPJwIjDEKYWOV4dx7lb3x2Ue0Pyt77gmz/VropuJnSz/Iew== + dependencies: + "@babel/runtime" "^7.11.2" + "@testing-library/dom" "^7.24.2" + +"@testing-library/user-event@^12.1.6": + version "12.1.6" + resolved "https://registry.yarnpkg.com/@testing-library/user-event/-/user-event-12.1.6.tgz#f550b138dfdc20387b89cbe3e9f3d969ab10c2bd" + integrity sha512-BdSe6cmzDEapTBH3s1NKbzu+GyX5bJKraKwVpM2vZF1+EEWxZr0EiA0z9bA5Nux8P+6nKMOZKsXQrj5q/kicfQ== dependencies: - "@babel/runtime" "^7.6.0" - "@testing-library/dom" "^6.3.0" - "@types/testing-library__react" "^9.1.0" + "@babel/runtime" "^7.10.2" "@turf/bbox-polygon@6.0.1": version "6.0.1" @@ -3510,6 +3530,11 @@ resolved "https://registry.yarnpkg.com/@types/argparse/-/argparse-1.0.33.tgz#2728669427cdd74a99e53c9f457ca2866a37c52d" integrity sha512-VQgHxyPMTj3hIlq9SY1mctqx+Jj8kpQfoLvDlVSDNOyuYs8JYfkuY3OW/4+dO657yPmNhHpePRx0/Tje5ImNVQ== +"@types/aria-query@^4.2.0": + version "4.2.0" + resolved "https://registry.yarnpkg.com/@types/aria-query/-/aria-query-4.2.0.tgz#14264692a9d6e2fa4db3df5e56e94b5e25647ac0" + integrity sha512-iIgQNzCm0v7QMhhe4Jjn9uRh+I6GoPmt03CbEtwx3ao8/EfoQcmgtqH4vQ5Db/lxiIGaWDv6nwvunuh0RyX0+A== + "@types/async@2.0.49": version "2.0.49" resolved "https://registry.yarnpkg.com/@types/async/-/async-2.0.49.tgz#92e33d13f74c895cb9a7f38ba97db8431ed14bc0" @@ -4105,6 +4130,13 @@ "@types/istanbul-lib-coverage" "*" "@types/istanbul-lib-report" "*" +"@types/istanbul-reports@^3.0.0": + version "3.0.0" + resolved "https://registry.yarnpkg.com/@types/istanbul-reports/-/istanbul-reports-3.0.0.tgz#508b13aa344fa4976234e75dddcc34925737d821" + integrity sha512-nwKNbvnwJ2/mndE9ItP/zc2TCzw6uuodnF4EHYWD+gCQDVBuRQL5UzbZD0/ezy1iKsFU2ZQiDqg4M9dN4+wZgA== + dependencies: + "@types/istanbul-lib-report" "*" + "@types/jest-specific-snapshot@^0.5.3", "@types/jest-specific-snapshot@^0.5.4": version "0.5.4" resolved "https://registry.yarnpkg.com/@types/jest-specific-snapshot/-/jest-specific-snapshot-0.5.4.tgz#997364c39a59ddeff0ee790a19415e79dd061d1e" @@ -4564,7 +4596,7 @@ dependencies: "@types/react" "*" -"@types/react-dom@*", "@types/react-dom@^16.9.8": +"@types/react-dom@^16.9.8": version "16.9.8" resolved "https://registry.yarnpkg.com/@types/react-dom/-/react-dom-16.9.8.tgz#fe4c1e11dfc67155733dfa6aa65108b4971cb423" integrity sha512-ykkPQ+5nFknnlU6lDd947WbQ6TE3NNzbQAkInC2EKY1qeYdTKp7onFusmYZb+ityzx2YviqT6BXSu+LyWWJwcA== @@ -4880,43 +4912,20 @@ resolved "https://registry.yarnpkg.com/@types/tempy/-/tempy-0.2.0.tgz#8b7a93f6912aef25cc0b8d8a80ff974151478685" integrity sha512-YaX74QljqR45Xu7dd22wMvzTS+ItUiSyDl9XJl6WTgYNE09r2TF+mV2FDjWRM5Sdzf9C9dXRTUdz9J5SoEYxXg== -"@types/testing-library__dom@*", "@types/testing-library__dom@^6.0.0": - version "6.10.0" - resolved "https://registry.yarnpkg.com/@types/testing-library__dom/-/testing-library__dom-6.10.0.tgz#590d76e3875a7c536dc744eb530cbf51b6483404" - integrity sha512-mL/GMlyQxiZplbUuFNwA0vAI3k3uJNSf6slr5AVve9TXmfLfyefNT0uHHnxwdYuPMxYD5gI/+dgAvc/5opW9JQ== - dependencies: - pretty-format "^24.3.0" - -"@types/testing-library__dom@^6.10.0": - version "6.14.0" - resolved "https://registry.yarnpkg.com/@types/testing-library__dom/-/testing-library__dom-6.14.0.tgz#1aede831cb4ed4a398448df5a2c54b54a365644e" - integrity sha512-sMl7OSv0AvMOqn1UJ6j1unPMIHRXen0Ita1ujnMX912rrOcawe4f7wu0Zt9GIQhBhJvH2BaibqFgQ3lP+Pj2hA== - dependencies: - pretty-format "^24.3.0" - -"@types/testing-library__jest-dom@^5.0.2", "@types/testing-library__jest-dom@^5.7.0": - version "5.7.0" - resolved "https://registry.yarnpkg.com/@types/testing-library__jest-dom/-/testing-library__jest-dom-5.7.0.tgz#078790bf4dc89152a74428591a228ec5f9433251" - integrity sha512-LoZ3uonlnAbJUz4bg6UoeFl+frfndXngmkCItSjJ8DD5WlRfVqPC5/LgJASsY/dy7AHH2YJ7PcsdASOydcVeFA== +"@types/testing-library__jest-dom@^5.9.1", "@types/testing-library__jest-dom@^5.9.2": + version "5.9.2" + resolved "https://registry.yarnpkg.com/@types/testing-library__jest-dom/-/testing-library__jest-dom-5.9.2.tgz#59e4771a1cf87d51e89a5cc8195cd3b647cba322" + integrity sha512-K7nUSpH/5i8i0NagTJ+uFUDRueDlnMNhJtMjMwTGPPSqyImbWC/hgKPDCKt6Phu2iMJg2kWqlax+Ucj2DKMwpA== dependencies: "@types/jest" "*" -"@types/testing-library__react-hooks@^3.0.0", "@types/testing-library__react-hooks@^3.1.0": - version "3.1.0" - resolved "https://registry.yarnpkg.com/@types/testing-library__react-hooks/-/testing-library__react-hooks-3.1.0.tgz#04d174ce767fbcce3ccb5021d7f156e1b06008a9" - integrity sha512-QJc1sgH9DD6jbfybzugnP0sY8wPzzIq8sHDBuThzCr2ZEbyHIaAvN9ytx/tHzcWL5MqmeZJqiUm/GsythaGx3g== +"@types/testing-library__react-hooks@^3.3.0", "@types/testing-library__react-hooks@^3.4.0": + version "3.4.0" + resolved "https://registry.yarnpkg.com/@types/testing-library__react-hooks/-/testing-library__react-hooks-3.4.0.tgz#be148b7fa7d19cd3349c4ef9d9534486bc582fcc" + integrity sha512-QYLZipqt1hpwYsBU63Ssa557v5wWbncqL36No59LI7W3nCMYKrLWTnYGn2griZ6v/3n5nKXNYkTeYpqPHY7Ukg== dependencies: - "@types/react" "*" "@types/react-test-renderer" "*" -"@types/testing-library__react@^9.1.0", "@types/testing-library__react@^9.1.2": - version "9.1.2" - resolved "https://registry.yarnpkg.com/@types/testing-library__react/-/testing-library__react-9.1.2.tgz#e33af9124c60a010fc03a34eff8f8a34a75c4351" - integrity sha512-CYaMqrswQ+cJACy268jsLAw355DZtPZGt3Jwmmotlcu8O/tkoXBI6AeZ84oZBJsIsesozPKzWzmv/0TIU+1E9Q== - dependencies: - "@types/react-dom" "*" - "@types/testing-library__dom" "*" - "@types/through@*": version "0.0.30" resolved "https://registry.yarnpkg.com/@types/through/-/through-0.0.30.tgz#e0e42ce77e897bd6aead6f6ea62aeb135b8a3895" @@ -6291,7 +6300,7 @@ aria-hidden@^1.1.1: dependencies: tslib "^1.0.0" -aria-query@3.0.0, aria-query@^3.0.0: +aria-query@^3.0.0: version "3.0.0" resolved "https://registry.yarnpkg.com/aria-query/-/aria-query-3.0.0.tgz#65b3fcc1ca1155a8c9ae64d6eee297f15d5133cc" integrity sha1-ZbP8wcoRVajJrmTW7uKX8V1RM8w= @@ -6299,6 +6308,14 @@ aria-query@3.0.0, aria-query@^3.0.0: ast-types-flow "0.0.7" commander "^2.11.0" +aria-query@^4.2.2: + version "4.2.2" + resolved "https://registry.yarnpkg.com/aria-query/-/aria-query-4.2.2.tgz#0d2ca6c9aceb56b8977e9fed6aed7e15bbd2f83b" + integrity sha512-o/HelwhuKpTj/frsOsbNLNgnNGVIFsVP/SW2BSF14gVl7kAfMOJ6/8wUAUvG1R1NHKrfG+2sHZTu0yauT1qBrA== + dependencies: + "@babel/runtime" "^7.10.2" + "@babel/runtime-corejs3" "^7.10.2" + arr-diff@^4.0.0: version "4.0.0" resolved "https://registry.yarnpkg.com/arr-diff/-/arr-diff-4.0.0.tgz#d6461074febfec71e7e15235761a329a5dc7c520" @@ -6702,7 +6719,7 @@ atob-lite@^2.0.0: resolved "https://registry.yarnpkg.com/atob-lite/-/atob-lite-2.0.0.tgz#0fef5ad46f1bd7a8502c65727f0367d5ee43d696" integrity sha1-D+9a1G8b16hQLGVyfwNn1e5D1pY= -atob@^2.1.1: +atob@^2.1.1, atob@^2.1.2: version "2.1.2" resolved "https://registry.yarnpkg.com/atob/-/atob-2.1.2.tgz#6d9517eb9e030d2436666651e86bd9f6f13533c9" integrity sha512-Wm6ukoaOGJi/73p/cl2GvLjTI5JM1k/O14isD73YML8StrH/7/lRFgmg8nICZgD3bZZvjwCGxtMOD3wWNAu8cg== @@ -9572,6 +9589,11 @@ core-js-compat@^3.6.2: browserslist "^4.8.3" semver "7.0.0" +core-js-pure@^3.0.0: + version "3.6.5" + resolved "https://registry.yarnpkg.com/core-js-pure/-/core-js-pure-3.6.5.tgz#c79e75f5e38dbc85a662d91eea52b8256d53b813" + integrity sha512-lacdXOimsiD0QyNf9BC/mxivNJ/ybBGJXQFKzRekp1WTHoVUWsUHEn+2T8GJAzzIhyOuXA+gOxCVN3l+5PLPUA== + core-js-pure@^3.0.1: version "3.2.1" resolved "https://registry.yarnpkg.com/core-js-pure/-/core-js-pure-3.2.1.tgz#879a23699cff46175bfd2d09158b5c50645a3c45" @@ -9995,6 +10017,15 @@ css@2.X, css@^2.2.1, css@^2.2.4: source-map-resolve "^0.5.2" urix "^0.1.0" +css@^3.0.0: + version "3.0.0" + resolved "https://registry.yarnpkg.com/css/-/css-3.0.0.tgz#4447a4d58fdd03367c516ca9f64ae365cee4aa5d" + integrity sha512-DG9pFfwOrzc+hawpmqX/dHYHJG+Bsdb0klhyi1sDneOgGOXy9wQIC8hzyVp1e4NRYDBdxcylvywPkkXCHAzTyQ== + dependencies: + inherits "^2.0.4" + source-map "^0.6.1" + source-map-resolve "^0.6.0" + csscolorparser@~1.0.3: version "1.0.3" resolved "https://registry.yarnpkg.com/csscolorparser/-/csscolorparser-1.0.3.tgz#b34f391eea4da8f3e98231e2ccd8df9c041f171b" @@ -11086,6 +11117,11 @@ doctrine@^3.0.0: dependencies: esutils "^2.0.2" +dom-accessibility-api@^0.5.1: + version "0.5.2" + resolved "https://registry.yarnpkg.com/dom-accessibility-api/-/dom-accessibility-api-0.5.2.tgz#ef3cdb5d3f0d599d8f9c8b18df2fb63c9793739d" + integrity sha512-k7hRNKAiPJXD2aBqfahSo4/01cTsKWXf+LqJgglnkN2Nz8TsxXKQBXHhKe0Ye9fEfHEZY49uSA5Sr3AqP/sWKA== + dom-converter@~0.2: version "0.2.0" resolved "https://registry.yarnpkg.com/dom-converter/-/dom-converter-0.2.0.tgz#6721a9daee2e293682955b6afe416771627bb768" @@ -17395,7 +17431,7 @@ jest-diff@^24.3.0, jest-diff@^24.9.0: jest-get-type "^24.9.0" pretty-format "^24.9.0" -jest-diff@^25.1.0, jest-diff@^25.2.1, jest-diff@^25.5.0: +jest-diff@^25.2.1, jest-diff@^25.5.0: version "25.5.0" resolved "https://registry.yarnpkg.com/jest-diff/-/jest-diff-25.5.0.tgz#1dd26ed64f96667c068cef026b677dfa01afcfa9" integrity sha512-z1kygetuPiREYdNIumRpAHY6RXiGmp70YHptjdaxTWGmA085W3iCnXNx0DhflK3vwrKmrRWyY1wUpkPMVxMK7A== @@ -17546,7 +17582,7 @@ jest-matcher-utils@^24.9.0: jest-get-type "^24.9.0" pretty-format "^24.9.0" -jest-matcher-utils@^25.1.0, jest-matcher-utils@^25.5.0: +jest-matcher-utils@^25.5.0: version "25.5.0" resolved "https://registry.yarnpkg.com/jest-matcher-utils/-/jest-matcher-utils-25.5.0.tgz#fbc98a12d730e5d2453d7f1ed4a4d948e34b7867" integrity sha512-VWI269+9JS5cpndnpCwm7dy7JtGQT30UHfrnM3mXl22gHGt/b7NkjBqXfbhZ8V4B7ANUsjK18PlSBmG0YH7gjw== @@ -22815,7 +22851,7 @@ pretty-error@^2.1.1: renderkid "^2.0.1" utila "~0.4" -pretty-format@^24.3.0, pretty-format@^24.9.0: +pretty-format@^24.9.0: version "24.9.0" resolved "https://registry.yarnpkg.com/pretty-format/-/pretty-format-24.9.0.tgz#12fac31b37019a4eea3c11aa9a959eb7628aa7c9" integrity sha512-00ZMZUiHaJrNfk33guavqgvfJS30sLYf0f8+Srklv0AMPodGGHcoHgksZ3OThYnIvOd+8yMCn0YiEOogjlgsnA== @@ -22835,6 +22871,16 @@ pretty-format@^25.2.1, pretty-format@^25.5.0: ansi-styles "^4.0.0" react-is "^16.12.0" +pretty-format@^26.4.2: + version "26.4.2" + resolved "https://registry.yarnpkg.com/pretty-format/-/pretty-format-26.4.2.tgz#d081d032b398e801e2012af2df1214ef75a81237" + integrity sha512-zK6Gd8zDsEiVydOCGLkoBoZuqv8VTiHyAbKznXe/gaph/DAeZOmit9yMfgIz5adIgAMMs5XfoYSwAX3jcCO1tA== + dependencies: + "@jest/types" "^26.3.0" + ansi-regex "^5.0.0" + ansi-styles "^4.0.0" + react-is "^16.12.0" + pretty-hrtime@^1.0.0, pretty-hrtime@^1.0.3: version "1.0.3" resolved "https://registry.yarnpkg.com/pretty-hrtime/-/pretty-hrtime-1.0.3.tgz#b7e3ea42435a4c9b2759d99e0f201eb195802ee1" @@ -26342,6 +26388,14 @@ source-map-resolve@^0.5.0, source-map-resolve@^0.5.2: source-map-url "^0.4.0" urix "^0.1.0" +source-map-resolve@^0.6.0: + version "0.6.0" + resolved "https://registry.yarnpkg.com/source-map-resolve/-/source-map-resolve-0.6.0.tgz#3d9df87e236b53f16d01e58150fc7711138e5ed2" + integrity sha512-KXBr9d/fO/bWo97NXsPIAW1bFSBOuCnjbNTBMO7N59hsv5i9yzRDfcYwwt0l04+VqnKC+EwzvJZIP/qkuMgR/w== + dependencies: + atob "^2.1.2" + decode-uri-component "^0.2.0" + source-map-support@^0.3.2: version "0.3.3" resolved "https://registry.yarnpkg.com/source-map-support/-/source-map-support-0.3.3.tgz#34900977d5ba3f07c7757ee72e73bb1a9b53754f" @@ -29887,11 +29941,6 @@ w3c-xmlserializer@^1.0.1, w3c-xmlserializer@^1.1.2: webidl-conversions "^4.0.2" xml-name-validator "^3.0.0" -wait-for-expect@^3.0.0: - version "3.0.1" - resolved "https://registry.yarnpkg.com/wait-for-expect/-/wait-for-expect-3.0.1.tgz#ec204a76b0038f17711e575720aaf28505ac7185" - integrity sha512-3Ha7lu+zshEG/CeHdcpmQsZnnZpPj/UsG3DuKO8FskjuDbkx3jE3845H+CuwZjA2YWYDfKMU2KhnCaXMLd3wVw== - walk@2.3.x: version "2.3.9" resolved "https://registry.yarnpkg.com/walk/-/walk-2.3.9.tgz#31b4db6678f2ae01c39ea9fb8725a9031e558a7b" From 18f7f042c1b6bd36c0cf09c9fed4396e7484e0a4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Alejandro=20Fern=C3=A1ndez=20Haro?= Date: Thu, 24 Sep 2020 14:05:19 +0100 Subject: [PATCH 09/63] [Usage Collection] Add schema to `stack_management` (#77897) Co-authored-by: Elastic Machine --- .telemetryrc.json | 1 - .../src/tools/check_collector_integrity.ts | 2 + .../server/collectors/management/schema.ts | 116 ++++++++ .../telemetry_management_collector.ts | 10 +- src/plugins/telemetry/schema/oss_plugins.json | 271 ++++++++++++++++++ 5 files changed, 397 insertions(+), 3 deletions(-) create mode 100644 src/plugins/kibana_usage_collection/server/collectors/management/schema.ts diff --git a/.telemetryrc.json b/.telemetryrc.json index 7d9743b20ff68..d3446b45033ee 100644 --- a/.telemetryrc.json +++ b/.telemetryrc.json @@ -6,7 +6,6 @@ "src/plugins/kibana_react/", "src/plugins/testbed/", "src/plugins/kibana_utils/", - "src/plugins/kibana_usage_collection/server/collectors/management/telemetry_management_collector.ts", "src/plugins/kibana_usage_collection/server/collectors/ui_metric/telemetry_ui_metric_collector.ts" ] } diff --git a/packages/kbn-telemetry-tools/src/tools/check_collector_integrity.ts b/packages/kbn-telemetry-tools/src/tools/check_collector_integrity.ts index 3205edb87aa29..8a5752f77d7fc 100644 --- a/packages/kbn-telemetry-tools/src/tools/check_collector_integrity.ts +++ b/packages/kbn-telemetry-tools/src/tools/check_collector_integrity.ts @@ -47,6 +47,7 @@ export function checkCompatibleTypeDescriptor( const typeDescriptorKinds = reduce( typeDescriptorTypes, (acc: any, type: number, key: string) => { + key = key.replace(/'/g, ''); try { acc[key] = kindToDescriptorName(type); } catch (err) { @@ -61,6 +62,7 @@ export function checkCompatibleTypeDescriptor( const transformedMappingKinds = reduce( schemaTypes, (acc: any, type: string, key: string) => { + key = key.replace(/'/g, ''); try { acc[key.replace(/.type$/, '.kind')] = compatibleSchemaTypes(type as any); } catch (err) { diff --git a/src/plugins/kibana_usage_collection/server/collectors/management/schema.ts b/src/plugins/kibana_usage_collection/server/collectors/management/schema.ts new file mode 100644 index 0000000000000..792ac24b4de3d --- /dev/null +++ b/src/plugins/kibana_usage_collection/server/collectors/management/schema.ts @@ -0,0 +1,116 @@ +/* + * Licensed to Elasticsearch B.V. under one or more contributor + * license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright + * ownership. Elasticsearch B.V. licenses this file to you under + * the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +import { MakeSchemaFrom } from 'src/plugins/usage_collection/server'; +import { UsageStats } from './telemetry_management_collector'; + +// Retrieved by changing all the current settings in Kibana (we'll need to revisit it in the future). +// I would suggest we use flattened type for the mappings of this collector. +export const stackManagementSchema: MakeSchemaFrom = { + 'visualize:enableLabs': { type: 'boolean' }, + 'visualization:heatmap:maxBuckets': { type: 'long' }, + 'visualization:colorMapping': { type: 'text' }, + 'visualization:regionmap:showWarnings': { type: 'boolean' }, + 'visualization:dimmingOpacity': { type: 'float' }, + 'visualization:tileMap:maxPrecision': { type: 'long' }, + 'securitySolution:ipReputationLinks': { type: 'text' }, + 'csv:separator': { type: 'keyword' }, + 'visualization:tileMap:WMSdefaults': { type: 'text' }, + 'timelion:target_buckets': { type: 'long' }, + 'timelion:max_buckets': { type: 'long' }, + 'timelion:es.timefield': { type: 'keyword' }, + 'timelion:min_interval': { type: 'keyword' }, + 'timelion:default_rows': { type: 'long' }, + 'timelion:default_columns': { type: 'long' }, + 'timelion:quandl.key': { type: 'keyword' }, + 'timelion:es.default_index': { type: 'keyword' }, + 'timelion:showTutorial': { type: 'boolean' }, + 'securitySolution:timeDefaults': { type: 'keyword' }, + 'securitySolution:defaultAnomalyScore': { type: 'long' }, + 'securitySolution:defaultIndex': { type: 'keyword' }, // it's an array + 'securitySolution:refreshIntervalDefaults': { type: 'keyword' }, + 'securitySolution:newsFeedUrl': { type: 'keyword' }, + 'securitySolution:enableNewsFeed': { type: 'boolean' }, + 'search:includeFrozen': { type: 'boolean' }, + 'courier:maxConcurrentShardRequests': { type: 'long' }, + 'courier:batchSearches': { type: 'boolean' }, + 'courier:setRequestPreference': { type: 'keyword' }, + 'courier:customRequestPreference': { type: 'keyword' }, + 'courier:ignoreFilterIfFieldNotInIndex': { type: 'boolean' }, + 'rollups:enableIndexPatterns': { type: 'boolean' }, + 'xpackReporting:customPdfLogo': { type: 'text' }, + 'notifications:lifetime:warning': { type: 'long' }, + 'notifications:lifetime:banner': { type: 'long' }, + 'notifications:lifetime:info': { type: 'long' }, + 'notifications:banner': { type: 'text' }, + 'notifications:lifetime:error': { type: 'long' }, + 'doc_table:highlight': { type: 'boolean' }, + 'discover:searchOnPageLoad': { type: 'boolean' }, + // eslint-disable-next-line @typescript-eslint/naming-convention + 'doc_table:hideTimeColumn': { type: 'boolean' }, + 'discover:sampleSize': { type: 'long' }, + defaultColumns: { type: 'keyword' }, // it's an array + 'context:defaultSize': { type: 'long' }, + 'discover:aggs:terms:size': { type: 'long' }, + 'context:tieBreakerFields': { type: 'keyword' }, // it's an array + 'discover:sort:defaultOrder': { type: 'keyword' }, + 'context:step': { type: 'long' }, + 'accessibility:disableAnimations': { type: 'boolean' }, + 'ml:fileDataVisualizerMaxFileSize': { type: 'keyword' }, + 'ml:anomalyDetection:results:enableTimeDefaults': { type: 'boolean' }, + 'ml:anomalyDetection:results:timeDefaults': { type: 'keyword' }, + 'truncate:maxHeight': { type: 'long' }, + 'timepicker:timeDefaults': { type: 'keyword' }, + 'timepicker:refreshIntervalDefaults': { type: 'keyword' }, + 'timepicker:quickRanges': { type: 'keyword' }, + 'theme:version': { type: 'keyword' }, + 'theme:darkMode': { type: 'boolean' }, + 'state:storeInSessionStorage': { type: 'boolean' }, + 'savedObjects:perPage': { type: 'long' }, + 'search:queryLanguage': { type: 'keyword' }, + 'shortDots:enable': { type: 'boolean' }, + 'sort:options': { type: 'keyword' }, + 'savedObjects:listingLimit': { type: 'long' }, + 'query:queryString:options': { type: 'keyword' }, + pageNavigation: { type: 'keyword' }, + 'metrics:max_buckets': { type: 'long' }, + 'query:allowLeadingWildcards': { type: 'boolean' }, + metaFields: { type: 'keyword' }, // it's an array + 'indexPattern:placeholder': { type: 'keyword' }, + 'histogram:barTarget': { type: 'long' }, + 'histogram:maxBars': { type: 'long' }, + 'format:number:defaultLocale': { type: 'keyword' }, + 'format:percent:defaultPattern': { type: 'keyword' }, + 'format:number:defaultPattern': { type: 'keyword' }, + 'history:limit': { type: 'long' }, + 'format:defaultTypeMap': { type: 'keyword' }, + 'format:currency:defaultPattern': { type: 'keyword' }, + defaultIndex: { type: 'keyword' }, + 'format:bytes:defaultPattern': { type: 'keyword' }, + 'filters:pinnedByDefault': { type: 'boolean' }, + 'filterEditor:suggestValues': { type: 'boolean' }, + 'fields:popularLimit': { type: 'long' }, + dateNanosFormat: { type: 'keyword' }, + defaultRoute: { type: 'keyword' }, + 'dateFormat:tz': { type: 'keyword' }, + 'dateFormat:scaled': { type: 'keyword' }, + 'csv:quoteValues': { type: 'boolean' }, + 'dateFormat:dow': { type: 'keyword' }, + dateFormat: { type: 'keyword' }, +}; diff --git a/src/plugins/kibana_usage_collection/server/collectors/management/telemetry_management_collector.ts b/src/plugins/kibana_usage_collection/server/collectors/management/telemetry_management_collector.ts index 3a777beebd90a..612b1714020ef 100644 --- a/src/plugins/kibana_usage_collection/server/collectors/management/telemetry_management_collector.ts +++ b/src/plugins/kibana_usage_collection/server/collectors/management/telemetry_management_collector.ts @@ -19,8 +19,13 @@ import { IUiSettingsClient } from 'kibana/server'; import { UsageCollectionSetup } from 'src/plugins/usage_collection/server'; +import { stackManagementSchema } from './schema'; -export type UsageStats = Record; +export interface UsageStats extends Record { + // We don't support `type` yet. Only interfaces. So I added at least 1 known key to the generic + // Record extension to avoid eslint reverting it back to a `type` + 'visualize:enableLabs': boolean; +} export function createCollectorFetch(getUiSettingsClient: () => IUiSettingsClient | undefined) { return async function fetchUsageStats(): Promise { @@ -45,10 +50,11 @@ export function registerManagementUsageCollector( usageCollection: UsageCollectionSetup, getUiSettingsClient: () => IUiSettingsClient | undefined ) { - const collector = usageCollection.makeUsageCollector({ + const collector = usageCollection.makeUsageCollector({ type: 'stack_management', isReady: () => typeof getUiSettingsClient() !== 'undefined', fetch: createCollectorFetch(getUiSettingsClient), + schema: stackManagementSchema, }); usageCollection.registerCollector(collector); diff --git a/src/plugins/telemetry/schema/oss_plugins.json b/src/plugins/telemetry/schema/oss_plugins.json index a83cd5a562ff6..3ee0c181203aa 100644 --- a/src/plugins/telemetry/schema/oss_plugins.json +++ b/src/plugins/telemetry/schema/oss_plugins.json @@ -1346,6 +1346,277 @@ } } }, + "stack_management": { + "properties": { + "visualize:enableLabs": { + "type": "boolean" + }, + "visualization:heatmap:maxBuckets": { + "type": "long" + }, + "visualization:colorMapping": { + "type": "text" + }, + "visualization:regionmap:showWarnings": { + "type": "boolean" + }, + "visualization:dimmingOpacity": { + "type": "float" + }, + "visualization:tileMap:maxPrecision": { + "type": "long" + }, + "securitySolution:ipReputationLinks": { + "type": "text" + }, + "csv:separator": { + "type": "keyword" + }, + "visualization:tileMap:WMSdefaults": { + "type": "text" + }, + "timelion:target_buckets": { + "type": "long" + }, + "timelion:max_buckets": { + "type": "long" + }, + "timelion:es.timefield": { + "type": "keyword" + }, + "timelion:min_interval": { + "type": "keyword" + }, + "timelion:default_rows": { + "type": "long" + }, + "timelion:default_columns": { + "type": "long" + }, + "timelion:quandl.key": { + "type": "keyword" + }, + "timelion:es.default_index": { + "type": "keyword" + }, + "timelion:showTutorial": { + "type": "boolean" + }, + "securitySolution:timeDefaults": { + "type": "keyword" + }, + "securitySolution:defaultAnomalyScore": { + "type": "long" + }, + "securitySolution:defaultIndex": { + "type": "keyword" + }, + "securitySolution:refreshIntervalDefaults": { + "type": "keyword" + }, + "securitySolution:newsFeedUrl": { + "type": "keyword" + }, + "securitySolution:enableNewsFeed": { + "type": "boolean" + }, + "search:includeFrozen": { + "type": "boolean" + }, + "courier:maxConcurrentShardRequests": { + "type": "long" + }, + "courier:batchSearches": { + "type": "boolean" + }, + "courier:setRequestPreference": { + "type": "keyword" + }, + "courier:customRequestPreference": { + "type": "keyword" + }, + "courier:ignoreFilterIfFieldNotInIndex": { + "type": "boolean" + }, + "rollups:enableIndexPatterns": { + "type": "boolean" + }, + "xpackReporting:customPdfLogo": { + "type": "text" + }, + "notifications:lifetime:warning": { + "type": "long" + }, + "notifications:lifetime:banner": { + "type": "long" + }, + "notifications:lifetime:info": { + "type": "long" + }, + "notifications:banner": { + "type": "text" + }, + "notifications:lifetime:error": { + "type": "long" + }, + "doc_table:highlight": { + "type": "boolean" + }, + "discover:searchOnPageLoad": { + "type": "boolean" + }, + "doc_table:hideTimeColumn": { + "type": "boolean" + }, + "discover:sampleSize": { + "type": "long" + }, + "defaultColumns": { + "type": "keyword" + }, + "context:defaultSize": { + "type": "long" + }, + "discover:aggs:terms:size": { + "type": "long" + }, + "context:tieBreakerFields": { + "type": "keyword" + }, + "discover:sort:defaultOrder": { + "type": "keyword" + }, + "context:step": { + "type": "long" + }, + "accessibility:disableAnimations": { + "type": "boolean" + }, + "ml:fileDataVisualizerMaxFileSize": { + "type": "keyword" + }, + "ml:anomalyDetection:results:enableTimeDefaults": { + "type": "boolean" + }, + "ml:anomalyDetection:results:timeDefaults": { + "type": "keyword" + }, + "truncate:maxHeight": { + "type": "long" + }, + "timepicker:timeDefaults": { + "type": "keyword" + }, + "timepicker:refreshIntervalDefaults": { + "type": "keyword" + }, + "timepicker:quickRanges": { + "type": "keyword" + }, + "theme:version": { + "type": "keyword" + }, + "theme:darkMode": { + "type": "boolean" + }, + "state:storeInSessionStorage": { + "type": "boolean" + }, + "savedObjects:perPage": { + "type": "long" + }, + "search:queryLanguage": { + "type": "keyword" + }, + "shortDots:enable": { + "type": "boolean" + }, + "sort:options": { + "type": "keyword" + }, + "savedObjects:listingLimit": { + "type": "long" + }, + "query:queryString:options": { + "type": "keyword" + }, + "pageNavigation": { + "type": "keyword" + }, + "metrics:max_buckets": { + "type": "long" + }, + "query:allowLeadingWildcards": { + "type": "boolean" + }, + "metaFields": { + "type": "keyword" + }, + "indexPattern:placeholder": { + "type": "keyword" + }, + "histogram:barTarget": { + "type": "long" + }, + "histogram:maxBars": { + "type": "long" + }, + "format:number:defaultLocale": { + "type": "keyword" + }, + "format:percent:defaultPattern": { + "type": "keyword" + }, + "format:number:defaultPattern": { + "type": "keyword" + }, + "history:limit": { + "type": "long" + }, + "format:defaultTypeMap": { + "type": "keyword" + }, + "format:currency:defaultPattern": { + "type": "keyword" + }, + "defaultIndex": { + "type": "keyword" + }, + "format:bytes:defaultPattern": { + "type": "keyword" + }, + "filters:pinnedByDefault": { + "type": "boolean" + }, + "filterEditor:suggestValues": { + "type": "boolean" + }, + "fields:popularLimit": { + "type": "long" + }, + "dateNanosFormat": { + "type": "keyword" + }, + "defaultRoute": { + "type": "keyword" + }, + "dateFormat:tz": { + "type": "keyword" + }, + "dateFormat:scaled": { + "type": "keyword" + }, + "csv:quoteValues": { + "type": "boolean" + }, + "dateFormat:dow": { + "type": "keyword" + }, + "dateFormat": { + "type": "keyword" + } + } + }, "telemetry": { "properties": { "opt_in_status": { From cfad030ed13b25ac47128ab4453d3f4e52658423 Mon Sep 17 00:00:00 2001 From: Tim Roes Date: Thu, 24 Sep 2020 15:21:17 +0200 Subject: [PATCH 10/63] Change CODEOWNERS of visualizations plugin (#78419) --- .github/CODEOWNERS | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index 8a8cc5c5e448c..2d1317e040de4 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -25,6 +25,7 @@ /src/plugins/vis_type_vislib/ @elastic/kibana-app /src/plugins/vis_type_xy/ @elastic/kibana-app /src/plugins/visualize/ @elastic/kibana-app +/src/plugins/visualizations/ @elastic/kibana-app # App Architecture /examples/bfetch_explorer/ @elastic/kibana-app-arch @@ -51,7 +52,6 @@ /src/plugins/navigation/ @elastic/kibana-app-arch /src/plugins/share/ @elastic/kibana-app-arch /src/plugins/ui_actions/ @elastic/kibana-app-arch -/src/plugins/visualizations/ @elastic/kibana-app-arch /x-pack/examples/ui_actions_enhanced_examples/ @elastic/kibana-app-arch /x-pack/plugins/data_enhanced/ @elastic/kibana-app-arch /x-pack/plugins/embeddable_enhanced/ @elastic/kibana-app-arch From ba635340bee7535a53f441ec70b40a81d11d0f44 Mon Sep 17 00:00:00 2001 From: Caroline Horn <549577+cchaos@users.noreply.github.com> Date: Thu, 24 Sep 2020 09:46:18 -0400 Subject: [PATCH 11/63] [Lens] Add a better drag/drop illustration (#78245) Fixes #76021 --- .../lens/public/assets/drop_illustration.tsx | 48 +++++++++ .../_workspace_panel_wrapper.scss | 89 ++++++++++++++- .../workspace_panel/workspace_panel.tsx | 102 +++++++++--------- .../indexpattern_datasource/field_item.tsx | 1 - .../lens/public/visualization_container.scss | 3 +- 5 files changed, 190 insertions(+), 53 deletions(-) create mode 100644 x-pack/plugins/lens/public/assets/drop_illustration.tsx diff --git a/x-pack/plugins/lens/public/assets/drop_illustration.tsx b/x-pack/plugins/lens/public/assets/drop_illustration.tsx new file mode 100644 index 0000000000000..1076f4875d60c --- /dev/null +++ b/x-pack/plugins/lens/public/assets/drop_illustration.tsx @@ -0,0 +1,48 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License; + * you may not use this file except in compliance with the Elastic License. + */ + +import * as React from 'react'; +import { EuiIconProps } from '@elastic/eui'; + +export const DropIllustration = ({ title, titleId, ...props }: Omit) => ( + + {title ? {title} : null} + + + + + + + + +); diff --git a/x-pack/plugins/lens/public/editor_frame_service/editor_frame/_workspace_panel_wrapper.scss b/x-pack/plugins/lens/public/editor_frame_service/editor_frame/_workspace_panel_wrapper.scss index a4d8288d5e600..7f7385f029ed4 100644 --- a/x-pack/plugins/lens/public/editor_frame_service/editor_frame/_workspace_panel_wrapper.scss +++ b/x-pack/plugins/lens/public/editor_frame_service/editor_frame/_workspace_panel_wrapper.scss @@ -6,6 +6,7 @@ margin-bottom: $euiSize; display: flex; flex-direction: column; + position: relative; // For positioning the dnd overlay .lnsWorkspacePanelWrapper__pageContentHeader { @include euiTitle('xs'); @@ -24,8 +25,7 @@ display: flex; align-items: stretch; justify-content: stretch; - overflow: auto; - position: relative; + overflow: hidden; > * { flex: 1 1 100%; @@ -37,6 +37,91 @@ } } +.lnsWorkspacePanel__dragDrop { + // Disable the coloring of the DnD for this element as we'll + // Color the whole panel instead + background-color: transparent !important; // sass-lint:disable-line no-important +} + +.lnsExpressionRenderer { + .lnsDragDrop-isDropTarget & { + transition: filter $euiAnimSpeedNormal ease-in-out, opacity $euiAnimSpeedNormal ease-in-out; + filter: blur($euiSizeXS); + opacity: .25; + } +} + +.lnsWorkspacePanel__emptyContent { + position: absolute; + left: 0; + right: 0; + bottom: 0; + top: 0; + display: flex; + justify-content: center; + align-items: center; + transition: background-color $euiAnimSpeedNormal ease-in-out; + + .lnsDragDrop-isDropTarget & { + background-color: transparentize($euiColorSecondary, .9); + + p { + transition: filter $euiAnimSpeedNormal ease-in-out; + filter: blur(5px); + } + } + + .lnsDragDrop-isActiveDropTarget & { + background-color: transparentize($euiColorSecondary, .75); + + .lnsDropIllustration__hand { + animation: pulseArrowContinuous 1.5s ease-in-out 0s infinite normal forwards; + } + } + + &.lnsWorkspacePanel__emptyContent-onTop p { + display: none; + } +} + .lnsWorkspacePanelWrapper__toolbar { margin-bottom: 0; } + +.lnsDropIllustration__adjustFill { + fill: $euiColorFullShade; +} + +.lnsWorkspacePanel__dropIllustration { + overflow: visible; // Shows arrow animation when it gets out of bounds + margin-top: $euiSizeL; + margin-bottom: $euiSizeXXL; + // Drop shadow values is a dupe of @euiBottomShadowMedium but used as a filter + // Hard-coded px values OK (@cchaos) + // sass-lint:disable-block indentation + filter: + drop-shadow(0 6px 12px transparentize($euiShadowColor, .8)) + drop-shadow(0 4px 4px transparentize($euiShadowColor, .8)) + drop-shadow(0 2px 2px transparentize($euiShadowColor, .8)); +} + +.lnsDropIllustration__hand { + animation: pulseArrow 5s ease-in-out 0s infinite normal forwards; +} + +@keyframes pulseArrow { + 0% { transform: translateY(0%); } + 65% { transform: translateY(0%); } + 72% { transform: translateY(10%); } + 79% { transform: translateY(7%); } + 86% { transform: translateY(10%); } + 95% { transform: translateY(0); } +} + +@keyframes pulseArrowContinuous { + 0% { transform: translateY(10%); } + 25% { transform: translateY(15%); } + 50% { transform: translateY(10%); } + 75% { transform: translateY(15%); } + 100% { transform: translateY(10%); } +} diff --git a/x-pack/plugins/lens/public/editor_frame_service/editor_frame/workspace_panel/workspace_panel.tsx b/x-pack/plugins/lens/public/editor_frame_service/editor_frame/workspace_panel/workspace_panel.tsx index 06cd858eda210..e56e55fdd5d6c 100644 --- a/x-pack/plugins/lens/public/editor_frame_service/editor_frame/workspace_panel/workspace_panel.tsx +++ b/x-pack/plugins/lens/public/editor_frame_service/editor_frame/workspace_panel/workspace_panel.tsx @@ -5,17 +5,10 @@ */ import React, { useState, useEffect, useMemo, useContext, useCallback } from 'react'; +import classNames from 'classnames'; import { FormattedMessage } from '@kbn/i18n/react'; import { i18n } from '@kbn/i18n'; -import { - EuiFlexGroup, - EuiFlexItem, - EuiIcon, - EuiImage, - EuiText, - EuiButtonEmpty, - EuiLink, -} from '@elastic/eui'; +import { EuiFlexGroup, EuiFlexItem, EuiIcon, EuiText, EuiButtonEmpty, EuiLink } from '@elastic/eui'; import { CoreStart, CoreSetup } from 'kibana/public'; import { ExecutionContextSearch } from 'src/plugins/expressions'; import { @@ -39,6 +32,7 @@ import { UiActionsStart } from '../../../../../../../src/plugins/ui_actions/publ import { VIS_EVENT_TO_TRIGGER } from '../../../../../../../src/plugins/visualizations/public'; import { DataPublicPluginStart } from '../../../../../../../src/plugins/data/public'; import { WorkspacePanelWrapper } from './workspace_panel_wrapper'; +import { DropIllustration } from '../../../assets/drop_illustration'; export interface WorkspacePanelProps { activeVisualizationId: string | null; @@ -78,11 +72,6 @@ export function InnerWorkspacePanel({ ExpressionRenderer: ExpressionRendererComponent, title, }: WorkspacePanelProps) { - const IS_DARK_THEME = core.uiSettings.get('theme:darkMode'); - const emptyStateGraphicURL = IS_DARK_THEME - ? '/plugins/lens/assets/lens_app_graphic_dark_2x.png' - : '/plugins/lens/assets/lens_app_graphic_light_2x.png'; - const dragDropContext = useContext(DragContext); const suggestionForDraggedField = useMemo( @@ -210,41 +199,54 @@ export function InnerWorkspacePanel({ function renderEmptyWorkspace() { return ( -
- -

- -

- -

- -

-

- - - - - -

- -
+ +

+ + {expression === null ? ( + + ) : ( + + )} + +

+ + {expression === null && ( + <> +

+ +

+

+ + + + + +

+ + )} + ); } @@ -330,12 +332,14 @@ export function InnerWorkspacePanel({ visualizationMap={visualizationMap} > {renderVisualization()} + {Boolean(suggestionForDraggedField) && expression !== null && renderEmptyWorkspace()} ); diff --git a/x-pack/plugins/lens/public/indexpattern_datasource/field_item.tsx b/x-pack/plugins/lens/public/indexpattern_datasource/field_item.tsx index 1eeb64127310f..f141d3f8ecb9e 100644 --- a/x-pack/plugins/lens/public/indexpattern_datasource/field_item.tsx +++ b/x-pack/plugins/lens/public/indexpattern_datasource/field_item.tsx @@ -196,7 +196,6 @@ export const InnerFieldItem = function InnerFieldItem(props: FieldItemProps) { return ( ('.application') || undefined} diff --git a/x-pack/plugins/lens/public/visualization_container.scss b/x-pack/plugins/lens/public/visualization_container.scss index e5c359112fe4b..59ddbf4bf6478 100644 --- a/x-pack/plugins/lens/public/visualization_container.scss +++ b/x-pack/plugins/lens/public/visualization_container.scss @@ -1,3 +1,4 @@ .lnsVisualizationContainer { + @include euiScrollBar; overflow: auto; -} \ No newline at end of file +} From 38e63d1029226e958cffc73dbe443fd1e4f48dab Mon Sep 17 00:00:00 2001 From: Jean-Louis Leysens Date: Thu, 24 Sep 2020 16:02:14 +0200 Subject: [PATCH 12/63] [ES UI Shared] Remove 'brace' from es_ui_shared public (#78033) * major wip * major wip * fix worker creation leak * just copy the file over for now * Remove xjson from static and from es_ui_shared entirely - moved expand and collapse logic back to es_ui_shared. It has nothing to do with ace - refactor the useXJson hook which bundled XJsonMode with it. This was convenient but ultimately inflates the amount of code Kibana needs to first load up in the client. Users will need to import XJsonMode and instantiate it when they want to use it. Updated existing usage. - Cleaned up Monaco namespace from es_ui_shared because of how useXJsonMode was refactored -- no longer exporting an editor specific instance means this code does not know about anything to do with code editors so it is decoupled from ace and monaco. * fix export of collapse and expand string literals Co-authored-by: Elastic Machine --- .github/CODEOWNERS | 2 + package.json | 2 + packages/kbn-ace/README.md | 5 ++ packages/kbn-ace/package.json | 20 ++++++ packages/kbn-ace/scripts/build.js | 65 +++++++++++++++++++ .../kbn-ace/src}/ace/modes/index.ts | 0 .../elasticsearch_sql_highlight_rules.ts | 0 .../src}/ace/modes/lexer_rules/index.ts | 0 .../lexer_rules/script_highlight_rules.ts | 0 .../lexer_rules/x_json_highlight_rules.ts | 0 .../kbn-ace/src}/ace/modes/x_json/index.ts | 0 .../src}/ace/modes/x_json/worker/index.ts | 0 .../src}/ace/modes/x_json/worker/worker.d.ts | 0 .../modes/x_json/worker/x_json.ace.worker.js | 0 .../kbn-ace/src}/ace/modes/x_json/x_json.ts | 0 .../monaco => packages/kbn-ace/src}/index.ts | 9 ++- packages/kbn-ace/tsconfig.json | 15 +++++ packages/kbn-ace/yarn.lock | 1 + .../legacy/console_editor/editor_output.tsx | 2 +- .../send_request_to_es.ts | 3 +- .../mode/input_highlight_rules.js | 2 +- .../mode/output_highlight_rules.js | 2 +- .../models/legacy_core_editor/mode/script.js | 2 +- .../__tests__/sense_editor.test.js | 4 +- .../models/sense_editor/sense_editor.ts | 4 +- src/plugins/console/public/lib/utils/index.ts | 4 +- src/plugins/console/public/shared_imports.ts | 6 +- .../monaco/use_xjson_mode.ts | 32 --------- .../__packages_do_not_import__/xjson/index.ts | 2 + .../json_xjson_translation_tools.test.ts | 0 .../__tests__/utils_string_collapsing.txt | 0 .../__tests__/utils_string_expanding.txt | 0 .../json_xjson_translation_tools/index.ts | 0 .../json_xjson_translation_tools/parser.ts | 0 .../xjson/use_xjson_mode.ts | 3 +- src/plugins/es_ui_shared/kibana.json | 1 - .../es_ui_shared/public/console_lang/index.ts | 32 --------- .../public/console_lang/lib/index.ts | 20 ------ src/plugins/es_ui_shared/public/index.ts | 15 +---- .../monaco => public/xjson}/index.ts | 2 +- .../static/ace_x_json/hooks/index.ts | 20 ------ .../static/ace_x_json/hooks/use_x_json.ts | 33 ---------- .../field_components/xjson_editor.tsx | 6 +- .../ingest_pipelines/public/shared_imports.ts | 2 +- .../use_create_analytics_form/reducer.ts | 2 +- x-pack/plugins/ml/shared_imports.ts | 9 ++- .../public/application/editor/init_editor.ts | 2 +- .../utils/check_for_json_errors.ts | 4 +- .../hooks/use_advanced_pivot_editor.ts | 7 +- .../transform/public/shared_imports.ts | 13 ++-- .../json_editor_with_message_variables.tsx | 9 ++- .../json_watch_edit/json_watch_edit_form.tsx | 8 ++- .../json_watch_edit_simulate.tsx | 11 +++- .../public/application/shared_imports.ts | 3 +- 54 files changed, 191 insertions(+), 193 deletions(-) create mode 100644 packages/kbn-ace/README.md create mode 100644 packages/kbn-ace/package.json create mode 100644 packages/kbn-ace/scripts/build.js rename {src/plugins/es_ui_shared/public/console_lang => packages/kbn-ace/src}/ace/modes/index.ts (100%) rename {src/plugins/es_ui_shared/public/console_lang => packages/kbn-ace/src}/ace/modes/lexer_rules/elasticsearch_sql_highlight_rules.ts (100%) rename {src/plugins/es_ui_shared/public/console_lang => packages/kbn-ace/src}/ace/modes/lexer_rules/index.ts (100%) rename {src/plugins/es_ui_shared/public/console_lang => packages/kbn-ace/src}/ace/modes/lexer_rules/script_highlight_rules.ts (100%) rename {src/plugins/es_ui_shared/public/console_lang => packages/kbn-ace/src}/ace/modes/lexer_rules/x_json_highlight_rules.ts (100%) rename {src/plugins/es_ui_shared/public/console_lang => packages/kbn-ace/src}/ace/modes/x_json/index.ts (100%) rename {src/plugins/es_ui_shared/public/console_lang => packages/kbn-ace/src}/ace/modes/x_json/worker/index.ts (100%) rename {src/plugins/es_ui_shared/public/console_lang => packages/kbn-ace/src}/ace/modes/x_json/worker/worker.d.ts (100%) rename {src/plugins/es_ui_shared/public/console_lang => packages/kbn-ace/src}/ace/modes/x_json/worker/x_json.ace.worker.js (100%) rename {src/plugins/es_ui_shared/public/console_lang => packages/kbn-ace/src}/ace/modes/x_json/x_json.ts (100%) rename {src/plugins/es_ui_shared/public/monaco => packages/kbn-ace/src}/index.ts (82%) create mode 100644 packages/kbn-ace/tsconfig.json create mode 120000 packages/kbn-ace/yarn.lock delete mode 100644 src/plugins/es_ui_shared/__packages_do_not_import__/monaco/use_xjson_mode.ts rename src/plugins/es_ui_shared/{public/console_lang/lib => __packages_do_not_import__/xjson}/json_xjson_translation_tools/__tests__/json_xjson_translation_tools.test.ts (100%) rename src/plugins/es_ui_shared/{public/console_lang/lib => __packages_do_not_import__/xjson}/json_xjson_translation_tools/__tests__/utils_string_collapsing.txt (100%) rename src/plugins/es_ui_shared/{public/console_lang/lib => __packages_do_not_import__/xjson}/json_xjson_translation_tools/__tests__/utils_string_expanding.txt (100%) rename src/plugins/es_ui_shared/{public/console_lang/lib => __packages_do_not_import__/xjson}/json_xjson_translation_tools/index.ts (100%) rename src/plugins/es_ui_shared/{public/console_lang/lib => __packages_do_not_import__/xjson}/json_xjson_translation_tools/parser.ts (100%) delete mode 100644 src/plugins/es_ui_shared/public/console_lang/index.ts delete mode 100644 src/plugins/es_ui_shared/public/console_lang/lib/index.ts rename src/plugins/es_ui_shared/{__packages_do_not_import__/monaco => public/xjson}/index.ts (93%) delete mode 100644 src/plugins/es_ui_shared/static/ace_x_json/hooks/index.ts delete mode 100644 src/plugins/es_ui_shared/static/ace_x_json/hooks/use_x_json.ts diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index 2d1317e040de4..2f5e14f1f1599 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -246,6 +246,8 @@ x-pack/plugins/telemetry_collection_xpack/schema/xpack_plugins.json @elastic/kib /x-pack/plugins/upgrade_assistant/ @elastic/es-ui /x-pack/plugins/watcher/ @elastic/es-ui /x-pack/plugins/ingest_pipelines/ @elastic/es-ui +/packages/kbn-ace/ @elastic/es-ui +/packages/kbn-monaco/ @elastic/es-ui # Endpoint /x-pack/plugins/endpoint/ @elastic/endpoint-app-team @elastic/siem diff --git a/package.json b/package.json index 69df2818bb242..7102112a29b4f 100644 --- a/package.json +++ b/package.json @@ -138,6 +138,8 @@ "@kbn/telemetry-tools": "1.0.0", "@kbn/test-subj-selector": "0.2.1", "@kbn/ui-framework": "1.0.0", + "@kbn/ace": "1.0.0", + "@kbn/monaco": "1.0.0", "@kbn/ui-shared-deps": "1.0.0", "@types/yauzl": "^2.9.1", "JSONStream": "1.3.5", diff --git a/packages/kbn-ace/README.md b/packages/kbn-ace/README.md new file mode 100644 index 0000000000000..54c422a72c6f8 --- /dev/null +++ b/packages/kbn-ace/README.md @@ -0,0 +1,5 @@ +# @kbn/ace + +Contains all Kibana-specific brace related code. Excluding the code that still inside of Console because that code is only used inside of console at the moment. + +This package enables plugins to use this functionality and import it as needed -- behind an async import so that brace does not bloat the JS code needed for first page load of Kibana. diff --git a/packages/kbn-ace/package.json b/packages/kbn-ace/package.json new file mode 100644 index 0000000000000..cf74d745f4cae --- /dev/null +++ b/packages/kbn-ace/package.json @@ -0,0 +1,20 @@ +{ + "name": "@kbn/ace", + "version": "1.0.0", + "private": true, + "main": "./target/index.js", + "license": "Apache-2.0", + "scripts": { + "build": "node ./scripts/build.js", + "kbn:bootstrap": "yarn build --dev" + }, + "dependencies": { + "brace": "0.11.1" + }, + "devDependencies": { + "@kbn/dev-utils": "1.0.0", + "@kbn/babel-preset": "1.0.0", + "raw-loader": "3.1.0", + "typescript": "4.0.2" + } +} diff --git a/packages/kbn-ace/scripts/build.js b/packages/kbn-ace/scripts/build.js new file mode 100644 index 0000000000000..2f570ffba1fc6 --- /dev/null +++ b/packages/kbn-ace/scripts/build.js @@ -0,0 +1,65 @@ +/* + * Licensed to Elasticsearch B.V. under one or more contributor + * license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright + * ownership. Elasticsearch B.V. licenses this file to you under + * the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +const path = require('path'); +const del = require('del'); +const fs = require('fs'); +const supportsColor = require('supports-color'); +const { run } = require('@kbn/dev-utils'); + +const TARGET_BUILD_DIR = path.resolve(__dirname, '../target'); +const ROOT_DIR = path.resolve(__dirname, '../'); +const WORKER_PATH_SECTION = 'ace/modes/x_json/worker/x_json.ace.worker.js'; + +run( + async ({ procRunner, log }) => { + log.info('Deleting old output'); + + await del(TARGET_BUILD_DIR); + + const cwd = ROOT_DIR; + const env = { ...process.env }; + + if (supportsColor.stdout) { + env.FORCE_COLOR = 'true'; + } + + await procRunner.run('tsc ', { + cmd: 'tsc', + args: [], + wait: true, + env, + cwd, + }); + + log.success('Copying worker file to target.'); + + fs.copyFileSync( + path.resolve(__dirname, '..', 'src', WORKER_PATH_SECTION), + path.resolve(__dirname, '..', 'target', WORKER_PATH_SECTION) + ); + + log.success('Complete'); + }, + { + flags: { + boolean: ['dev'], + }, + } +); diff --git a/src/plugins/es_ui_shared/public/console_lang/ace/modes/index.ts b/packages/kbn-ace/src/ace/modes/index.ts similarity index 100% rename from src/plugins/es_ui_shared/public/console_lang/ace/modes/index.ts rename to packages/kbn-ace/src/ace/modes/index.ts diff --git a/src/plugins/es_ui_shared/public/console_lang/ace/modes/lexer_rules/elasticsearch_sql_highlight_rules.ts b/packages/kbn-ace/src/ace/modes/lexer_rules/elasticsearch_sql_highlight_rules.ts similarity index 100% rename from src/plugins/es_ui_shared/public/console_lang/ace/modes/lexer_rules/elasticsearch_sql_highlight_rules.ts rename to packages/kbn-ace/src/ace/modes/lexer_rules/elasticsearch_sql_highlight_rules.ts diff --git a/src/plugins/es_ui_shared/public/console_lang/ace/modes/lexer_rules/index.ts b/packages/kbn-ace/src/ace/modes/lexer_rules/index.ts similarity index 100% rename from src/plugins/es_ui_shared/public/console_lang/ace/modes/lexer_rules/index.ts rename to packages/kbn-ace/src/ace/modes/lexer_rules/index.ts diff --git a/src/plugins/es_ui_shared/public/console_lang/ace/modes/lexer_rules/script_highlight_rules.ts b/packages/kbn-ace/src/ace/modes/lexer_rules/script_highlight_rules.ts similarity index 100% rename from src/plugins/es_ui_shared/public/console_lang/ace/modes/lexer_rules/script_highlight_rules.ts rename to packages/kbn-ace/src/ace/modes/lexer_rules/script_highlight_rules.ts diff --git a/src/plugins/es_ui_shared/public/console_lang/ace/modes/lexer_rules/x_json_highlight_rules.ts b/packages/kbn-ace/src/ace/modes/lexer_rules/x_json_highlight_rules.ts similarity index 100% rename from src/plugins/es_ui_shared/public/console_lang/ace/modes/lexer_rules/x_json_highlight_rules.ts rename to packages/kbn-ace/src/ace/modes/lexer_rules/x_json_highlight_rules.ts diff --git a/src/plugins/es_ui_shared/public/console_lang/ace/modes/x_json/index.ts b/packages/kbn-ace/src/ace/modes/x_json/index.ts similarity index 100% rename from src/plugins/es_ui_shared/public/console_lang/ace/modes/x_json/index.ts rename to packages/kbn-ace/src/ace/modes/x_json/index.ts diff --git a/src/plugins/es_ui_shared/public/console_lang/ace/modes/x_json/worker/index.ts b/packages/kbn-ace/src/ace/modes/x_json/worker/index.ts similarity index 100% rename from src/plugins/es_ui_shared/public/console_lang/ace/modes/x_json/worker/index.ts rename to packages/kbn-ace/src/ace/modes/x_json/worker/index.ts diff --git a/src/plugins/es_ui_shared/public/console_lang/ace/modes/x_json/worker/worker.d.ts b/packages/kbn-ace/src/ace/modes/x_json/worker/worker.d.ts similarity index 100% rename from src/plugins/es_ui_shared/public/console_lang/ace/modes/x_json/worker/worker.d.ts rename to packages/kbn-ace/src/ace/modes/x_json/worker/worker.d.ts diff --git a/src/plugins/es_ui_shared/public/console_lang/ace/modes/x_json/worker/x_json.ace.worker.js b/packages/kbn-ace/src/ace/modes/x_json/worker/x_json.ace.worker.js similarity index 100% rename from src/plugins/es_ui_shared/public/console_lang/ace/modes/x_json/worker/x_json.ace.worker.js rename to packages/kbn-ace/src/ace/modes/x_json/worker/x_json.ace.worker.js diff --git a/src/plugins/es_ui_shared/public/console_lang/ace/modes/x_json/x_json.ts b/packages/kbn-ace/src/ace/modes/x_json/x_json.ts similarity index 100% rename from src/plugins/es_ui_shared/public/console_lang/ace/modes/x_json/x_json.ts rename to packages/kbn-ace/src/ace/modes/x_json/x_json.ts diff --git a/src/plugins/es_ui_shared/public/monaco/index.ts b/packages/kbn-ace/src/index.ts similarity index 82% rename from src/plugins/es_ui_shared/public/monaco/index.ts rename to packages/kbn-ace/src/index.ts index 23ba93e913234..62a6dbb948997 100644 --- a/src/plugins/es_ui_shared/public/monaco/index.ts +++ b/packages/kbn-ace/src/index.ts @@ -17,4 +17,11 @@ * under the License. */ -export { useXJsonMode } from '../../__packages_do_not_import__/monaco'; +export { + ElasticsearchSqlHighlightRules, + ScriptHighlightRules, + XJsonHighlightRules, + addXJsonToRules, + XJsonMode, + installXJsonMode, +} from './ace/modes'; diff --git a/packages/kbn-ace/tsconfig.json b/packages/kbn-ace/tsconfig.json new file mode 100644 index 0000000000000..6d3f433c6a6d1 --- /dev/null +++ b/packages/kbn-ace/tsconfig.json @@ -0,0 +1,15 @@ +{ + "extends": "../../tsconfig.base.json", + "compilerOptions": { + "outDir": "./target", + "declaration": true, + "sourceMap": true, + "types": [ + "jest", + "node" + ] + }, + "include": [ + "src/**/*" + ] +} diff --git a/packages/kbn-ace/yarn.lock b/packages/kbn-ace/yarn.lock new file mode 120000 index 0000000000000..3f82ebc9cdbae --- /dev/null +++ b/packages/kbn-ace/yarn.lock @@ -0,0 +1 @@ +../../yarn.lock \ No newline at end of file diff --git a/src/plugins/console/public/application/containers/editor/legacy/console_editor/editor_output.tsx b/src/plugins/console/public/application/containers/editor/legacy/console_editor/editor_output.tsx index dd5ef5209a244..44ed5f4b8051e 100644 --- a/src/plugins/console/public/application/containers/editor/legacy/console_editor/editor_output.tsx +++ b/src/plugins/console/public/application/containers/editor/legacy/console_editor/editor_output.tsx @@ -20,7 +20,7 @@ import { EuiScreenReaderOnly } from '@elastic/eui'; import { i18n } from '@kbn/i18n'; import React, { useEffect, useRef } from 'react'; -import { expandLiteralStrings } from '../../../../../../../es_ui_shared/public'; +import { expandLiteralStrings } from '../../../../../shared_imports'; import { useEditorReadContext, useRequestReadContext, diff --git a/src/plugins/console/public/application/hooks/use_send_current_request_to_es/send_request_to_es.ts b/src/plugins/console/public/application/hooks/use_send_current_request_to_es/send_request_to_es.ts index cfbd5691bc22b..d01adf332e24a 100644 --- a/src/plugins/console/public/application/hooks/use_send_current_request_to_es/send_request_to_es.ts +++ b/src/plugins/console/public/application/hooks/use_send_current_request_to_es/send_request_to_es.ts @@ -18,7 +18,8 @@ */ import { extractDeprecationMessages } from '../../../lib/utils'; -import { collapseLiteralStrings } from '../../../../../es_ui_shared/public'; +import { XJson } from '../../../../../es_ui_shared/public'; +const { collapseLiteralStrings } = XJson; // @ts-ignore import * as es from '../../../lib/es/es'; import { BaseResponseType } from '../../../types'; diff --git a/src/plugins/console/public/application/models/legacy_core_editor/mode/input_highlight_rules.js b/src/plugins/console/public/application/models/legacy_core_editor/mode/input_highlight_rules.js index 1558cf0cb5554..bc0129850f299 100644 --- a/src/plugins/console/public/application/models/legacy_core_editor/mode/input_highlight_rules.js +++ b/src/plugins/console/public/application/models/legacy_core_editor/mode/input_highlight_rules.js @@ -18,7 +18,7 @@ */ import ace from 'brace'; -import { addXJsonToRules } from '../../../../../../es_ui_shared/public'; +import { addXJsonToRules } from '@kbn/ace'; export function addEOL(tokens, reg, nextIfEOL, normalNext) { if (typeof reg === 'object') { diff --git a/src/plugins/console/public/application/models/legacy_core_editor/mode/output_highlight_rules.js b/src/plugins/console/public/application/models/legacy_core_editor/mode/output_highlight_rules.js index 448fd847aeacd..2f39689319389 100644 --- a/src/plugins/console/public/application/models/legacy_core_editor/mode/output_highlight_rules.js +++ b/src/plugins/console/public/application/models/legacy_core_editor/mode/output_highlight_rules.js @@ -19,7 +19,7 @@ import ace from 'brace'; import 'brace/mode/json'; -import { addXJsonToRules } from '../../../../../../es_ui_shared/public'; +import { addXJsonToRules } from '@kbn/ace'; const oop = ace.acequire('ace/lib/oop'); const JsonHighlightRules = ace.acequire('ace/mode/json_highlight_rules').JsonHighlightRules; diff --git a/src/plugins/console/public/application/models/legacy_core_editor/mode/script.js b/src/plugins/console/public/application/models/legacy_core_editor/mode/script.js index 6079c9db40eef..03d5b10f82d01 100644 --- a/src/plugins/console/public/application/models/legacy_core_editor/mode/script.js +++ b/src/plugins/console/public/application/models/legacy_core_editor/mode/script.js @@ -18,7 +18,7 @@ */ import ace from 'brace'; -import { ScriptHighlightRules } from '../../../../../../es_ui_shared/public'; +import { ScriptHighlightRules } from '@kbn/ace'; const oop = ace.acequire('ace/lib/oop'); const TextMode = ace.acequire('ace/mode/text').Mode; diff --git a/src/plugins/console/public/application/models/sense_editor/__tests__/sense_editor.test.js b/src/plugins/console/public/application/models/sense_editor/__tests__/sense_editor.test.js index c3fb879f2eeeb..04d3cd1a724e1 100644 --- a/src/plugins/console/public/application/models/sense_editor/__tests__/sense_editor.test.js +++ b/src/plugins/console/public/application/models/sense_editor/__tests__/sense_editor.test.js @@ -22,9 +22,11 @@ import $ from 'jquery'; import _ from 'lodash'; import { create } from '../create'; -import { collapseLiteralStrings } from '../../../../../../es_ui_shared/public'; +import { XJson } from '../../../../../../es_ui_shared/public'; import editorInput1 from './editor_input1.txt'; +const { collapseLiteralStrings } = XJson; + describe('Editor', () => { let input; diff --git a/src/plugins/console/public/application/models/sense_editor/sense_editor.ts b/src/plugins/console/public/application/models/sense_editor/sense_editor.ts index dbf4f1adcba0a..66324050bc2fa 100644 --- a/src/plugins/console/public/application/models/sense_editor/sense_editor.ts +++ b/src/plugins/console/public/application/models/sense_editor/sense_editor.ts @@ -19,7 +19,7 @@ import _ from 'lodash'; import RowParser from '../../../lib/row_parser'; -import { collapseLiteralStrings } from '../../../../../es_ui_shared/public'; +import { XJson } from '../../../../../es_ui_shared/public'; import * as utils from '../../../lib/utils'; // @ts-ignore @@ -30,6 +30,8 @@ import { createTokenIterator } from '../../factories'; import Autocomplete from '../../../lib/autocomplete/autocomplete'; +const { collapseLiteralStrings } = XJson; + export class SenseEditor { currentReqRange: (Range & { markerRef: any }) | null; parser: any; diff --git a/src/plugins/console/public/lib/utils/index.ts b/src/plugins/console/public/lib/utils/index.ts index 917988e0e811b..b95680e5df47e 100644 --- a/src/plugins/console/public/lib/utils/index.ts +++ b/src/plugins/console/public/lib/utils/index.ts @@ -18,7 +18,9 @@ */ import _ from 'lodash'; -import { expandLiteralStrings, collapseLiteralStrings } from '../../../../es_ui_shared/public'; +import { XJson } from '../../../../es_ui_shared/public'; + +const { collapseLiteralStrings, expandLiteralStrings } = XJson; export function textFromRequest(request: any) { let data = request.data; diff --git a/src/plugins/console/public/shared_imports.ts b/src/plugins/console/public/shared_imports.ts index aa64091903fb7..36c50f9c51e0d 100644 --- a/src/plugins/console/public/shared_imports.ts +++ b/src/plugins/console/public/shared_imports.ts @@ -17,6 +17,8 @@ * under the License. */ -import { sendRequest } from '../../es_ui_shared/public'; +import { sendRequest, XJson } from '../../es_ui_shared/public'; -export { sendRequest }; +const { collapseLiteralStrings, expandLiteralStrings } = XJson; + +export { sendRequest, collapseLiteralStrings, expandLiteralStrings }; diff --git a/src/plugins/es_ui_shared/__packages_do_not_import__/monaco/use_xjson_mode.ts b/src/plugins/es_ui_shared/__packages_do_not_import__/monaco/use_xjson_mode.ts deleted file mode 100644 index b783045492f05..0000000000000 --- a/src/plugins/es_ui_shared/__packages_do_not_import__/monaco/use_xjson_mode.ts +++ /dev/null @@ -1,32 +0,0 @@ -/* - * Licensed to Elasticsearch B.V. under one or more contributor - * license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright - * ownership. Elasticsearch B.V. licenses this file to you under - * the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - -import { XJsonLang } from '@kbn/monaco'; -import { useXJsonMode as useBaseXJsonMode } from '../xjson'; - -interface ReturnValue extends ReturnType { - XJsonLang: typeof XJsonLang; -} - -export const useXJsonMode = (json: Parameters[0]): ReturnValue => { - return { - ...useBaseXJsonMode(json), - XJsonLang, - }; -}; diff --git a/src/plugins/es_ui_shared/__packages_do_not_import__/xjson/index.ts b/src/plugins/es_ui_shared/__packages_do_not_import__/xjson/index.ts index a9c6ea1e01d54..adbdbe97c4a07 100644 --- a/src/plugins/es_ui_shared/__packages_do_not_import__/xjson/index.ts +++ b/src/plugins/es_ui_shared/__packages_do_not_import__/xjson/index.ts @@ -18,3 +18,5 @@ */ export { useXJsonMode } from './use_xjson_mode'; + +export { collapseLiteralStrings, expandLiteralStrings } from './json_xjson_translation_tools'; diff --git a/src/plugins/es_ui_shared/public/console_lang/lib/json_xjson_translation_tools/__tests__/json_xjson_translation_tools.test.ts b/src/plugins/es_ui_shared/__packages_do_not_import__/xjson/json_xjson_translation_tools/__tests__/json_xjson_translation_tools.test.ts similarity index 100% rename from src/plugins/es_ui_shared/public/console_lang/lib/json_xjson_translation_tools/__tests__/json_xjson_translation_tools.test.ts rename to src/plugins/es_ui_shared/__packages_do_not_import__/xjson/json_xjson_translation_tools/__tests__/json_xjson_translation_tools.test.ts diff --git a/src/plugins/es_ui_shared/public/console_lang/lib/json_xjson_translation_tools/__tests__/utils_string_collapsing.txt b/src/plugins/es_ui_shared/__packages_do_not_import__/xjson/json_xjson_translation_tools/__tests__/utils_string_collapsing.txt similarity index 100% rename from src/plugins/es_ui_shared/public/console_lang/lib/json_xjson_translation_tools/__tests__/utils_string_collapsing.txt rename to src/plugins/es_ui_shared/__packages_do_not_import__/xjson/json_xjson_translation_tools/__tests__/utils_string_collapsing.txt diff --git a/src/plugins/es_ui_shared/public/console_lang/lib/json_xjson_translation_tools/__tests__/utils_string_expanding.txt b/src/plugins/es_ui_shared/__packages_do_not_import__/xjson/json_xjson_translation_tools/__tests__/utils_string_expanding.txt similarity index 100% rename from src/plugins/es_ui_shared/public/console_lang/lib/json_xjson_translation_tools/__tests__/utils_string_expanding.txt rename to src/plugins/es_ui_shared/__packages_do_not_import__/xjson/json_xjson_translation_tools/__tests__/utils_string_expanding.txt diff --git a/src/plugins/es_ui_shared/public/console_lang/lib/json_xjson_translation_tools/index.ts b/src/plugins/es_ui_shared/__packages_do_not_import__/xjson/json_xjson_translation_tools/index.ts similarity index 100% rename from src/plugins/es_ui_shared/public/console_lang/lib/json_xjson_translation_tools/index.ts rename to src/plugins/es_ui_shared/__packages_do_not_import__/xjson/json_xjson_translation_tools/index.ts diff --git a/src/plugins/es_ui_shared/public/console_lang/lib/json_xjson_translation_tools/parser.ts b/src/plugins/es_ui_shared/__packages_do_not_import__/xjson/json_xjson_translation_tools/parser.ts similarity index 100% rename from src/plugins/es_ui_shared/public/console_lang/lib/json_xjson_translation_tools/parser.ts rename to src/plugins/es_ui_shared/__packages_do_not_import__/xjson/json_xjson_translation_tools/parser.ts diff --git a/src/plugins/es_ui_shared/__packages_do_not_import__/xjson/use_xjson_mode.ts b/src/plugins/es_ui_shared/__packages_do_not_import__/xjson/use_xjson_mode.ts index 7dcc7c9ed83bc..1d4c473ed14e4 100644 --- a/src/plugins/es_ui_shared/__packages_do_not_import__/xjson/use_xjson_mode.ts +++ b/src/plugins/es_ui_shared/__packages_do_not_import__/xjson/use_xjson_mode.ts @@ -18,7 +18,8 @@ */ import { useState, Dispatch } from 'react'; -import { collapseLiteralStrings, expandLiteralStrings } from '../../public'; + +import { collapseLiteralStrings, expandLiteralStrings } from './json_xjson_translation_tools'; interface ReturnValue { xJson: string; diff --git a/src/plugins/es_ui_shared/kibana.json b/src/plugins/es_ui_shared/kibana.json index eab7355d66f09..d442bfb93d5af 100644 --- a/src/plugins/es_ui_shared/kibana.json +++ b/src/plugins/es_ui_shared/kibana.json @@ -4,7 +4,6 @@ "ui": true, "server": true, "extraPublicDirs": [ - "static/ace_x_json/hooks", "static/validators/string", "static/forms/hook_form_lib", "static/forms/helpers", diff --git a/src/plugins/es_ui_shared/public/console_lang/index.ts b/src/plugins/es_ui_shared/public/console_lang/index.ts deleted file mode 100644 index 7d83191569622..0000000000000 --- a/src/plugins/es_ui_shared/public/console_lang/index.ts +++ /dev/null @@ -1,32 +0,0 @@ -/* - * Licensed to Elasticsearch B.V. under one or more contributor - * license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright - * ownership. Elasticsearch B.V. licenses this file to you under - * the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - -// Lib is intentionally not included in this barrel export file to separate worker logic -// from being imported with pure functions - -export { - ElasticsearchSqlHighlightRules, - ScriptHighlightRules, - XJsonHighlightRules, - addXJsonToRules, - XJsonMode, - installXJsonMode, -} from './ace/modes'; - -export { expandLiteralStrings, collapseLiteralStrings } from './lib'; diff --git a/src/plugins/es_ui_shared/public/console_lang/lib/index.ts b/src/plugins/es_ui_shared/public/console_lang/lib/index.ts deleted file mode 100644 index bf7f0290d4158..0000000000000 --- a/src/plugins/es_ui_shared/public/console_lang/lib/index.ts +++ /dev/null @@ -1,20 +0,0 @@ -/* - * Licensed to Elasticsearch B.V. under one or more contributor - * license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright - * ownership. Elasticsearch B.V. licenses this file to you under - * the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - -export { collapseLiteralStrings, expandLiteralStrings } from './json_xjson_translation_tools'; diff --git a/src/plugins/es_ui_shared/public/index.ts b/src/plugins/es_ui_shared/public/index.ts index 5a1c13658604a..94b084e7d3f20 100644 --- a/src/plugins/es_ui_shared/public/index.ts +++ b/src/plugins/es_ui_shared/public/index.ts @@ -22,9 +22,9 @@ * In the future, each top level folder should be exported like that to avoid naming collision */ import * as Forms from './forms'; -import * as Monaco from './monaco'; import * as ace from './ace'; import * as GlobalFlyout from './global_flyout'; +import * as XJson from './xjson'; export { JsonEditor, OnJsonEditorUpdateHandler, JsonEditorState } from './components/json_editor'; @@ -43,17 +43,6 @@ export { export { indices } from './indices'; -export { - installXJsonMode, - XJsonMode, - ElasticsearchSqlHighlightRules, - addXJsonToRules, - ScriptHighlightRules, - XJsonHighlightRules, - collapseLiteralStrings, - expandLiteralStrings, -} from './console_lang'; - export { AuthorizationContext, AuthorizationProvider, @@ -66,7 +55,7 @@ export { useAuthorizationContext, } from './authorization'; -export { Monaco, Forms, ace, GlobalFlyout }; +export { Forms, ace, GlobalFlyout, XJson }; export { extractQueryParams } from './url'; diff --git a/src/plugins/es_ui_shared/__packages_do_not_import__/monaco/index.ts b/src/plugins/es_ui_shared/public/xjson/index.ts similarity index 93% rename from src/plugins/es_ui_shared/__packages_do_not_import__/monaco/index.ts rename to src/plugins/es_ui_shared/public/xjson/index.ts index a9c6ea1e01d54..d505cbe0c6348 100644 --- a/src/plugins/es_ui_shared/__packages_do_not_import__/monaco/index.ts +++ b/src/plugins/es_ui_shared/public/xjson/index.ts @@ -17,4 +17,4 @@ * under the License. */ -export { useXJsonMode } from './use_xjson_mode'; +export * from '../../__packages_do_not_import__/xjson'; diff --git a/src/plugins/es_ui_shared/static/ace_x_json/hooks/index.ts b/src/plugins/es_ui_shared/static/ace_x_json/hooks/index.ts deleted file mode 100644 index 1d2c33a9f0f47..0000000000000 --- a/src/plugins/es_ui_shared/static/ace_x_json/hooks/index.ts +++ /dev/null @@ -1,20 +0,0 @@ -/* - * Licensed to Elasticsearch B.V. under one or more contributor - * license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright - * ownership. Elasticsearch B.V. licenses this file to you under - * the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - -export { useXJsonMode } from './use_x_json'; diff --git a/src/plugins/es_ui_shared/static/ace_x_json/hooks/use_x_json.ts b/src/plugins/es_ui_shared/static/ace_x_json/hooks/use_x_json.ts deleted file mode 100644 index 3a093ac6869d0..0000000000000 --- a/src/plugins/es_ui_shared/static/ace_x_json/hooks/use_x_json.ts +++ /dev/null @@ -1,33 +0,0 @@ -/* - * Licensed to Elasticsearch B.V. under one or more contributor - * license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright - * ownership. Elasticsearch B.V. licenses this file to you under - * the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ -import { XJsonMode } from '../../../public'; -import { useXJsonMode as useBaseXJsonMode } from '../../../__packages_do_not_import__/xjson'; - -const xJsonMode = new XJsonMode(); - -interface ReturnValue extends ReturnType { - xJsonMode: typeof xJsonMode; -} - -export const useXJsonMode = (json: Parameters[0]): ReturnValue => { - return { - ...useBaseXJsonMode(json), - xJsonMode, - }; -}; diff --git a/x-pack/plugins/ingest_pipelines/public/application/components/pipeline_processors_editor/components/processor_form/field_components/xjson_editor.tsx b/x-pack/plugins/ingest_pipelines/public/application/components/pipeline_processors_editor/components/processor_form/field_components/xjson_editor.tsx index e00f9c002e5bc..f482e6f08c2c6 100644 --- a/x-pack/plugins/ingest_pipelines/public/application/components/pipeline_processors_editor/components/processor_form/field_components/xjson_editor.tsx +++ b/x-pack/plugins/ingest_pipelines/public/application/components/pipeline_processors_editor/components/processor_form/field_components/xjson_editor.tsx @@ -5,7 +5,9 @@ */ import { XJsonLang } from '@kbn/monaco'; import React, { FunctionComponent, useCallback } from 'react'; -import { FieldHook, Monaco } from '../../../../../../shared_imports'; +import { FieldHook, XJson } from '../../../../../../shared_imports'; + +const { useXJsonMode } = XJson; import { TextEditor } from './text_editor'; @@ -21,7 +23,7 @@ const defaultEditorOptions = { export const XJsonEditor: FunctionComponent = ({ field, editorProps }) => { const { value, setValue } = field; - const { xJson, setXJson, convertToJson } = Monaco.useXJsonMode(value); + const { xJson, setXJson, convertToJson } = useXJsonMode(value); const onChange = useCallback( (s) => { diff --git a/x-pack/plugins/ingest_pipelines/public/shared_imports.ts b/x-pack/plugins/ingest_pipelines/public/shared_imports.ts index abdbdf2140400..026e0d97fe988 100644 --- a/x-pack/plugins/ingest_pipelines/public/shared_imports.ts +++ b/x-pack/plugins/ingest_pipelines/public/shared_imports.ts @@ -21,7 +21,7 @@ export { useRequest, UseRequestConfig, WithPrivileges, - Monaco, + XJson, JsonEditor, OnJsonEditorUpdateHandler, } from '../../../../src/plugins/es_ui_shared/public/'; diff --git a/x-pack/plugins/ml/public/application/data_frame_analytics/pages/analytics_management/hooks/use_create_analytics_form/reducer.ts b/x-pack/plugins/ml/public/application/data_frame_analytics/pages/analytics_management/hooks/use_create_analytics_form/reducer.ts index 178638322bacd..59c6f7249408d 100644 --- a/x-pack/plugins/ml/public/application/data_frame_analytics/pages/analytics_management/hooks/use_create_analytics_form/reducer.ts +++ b/x-pack/plugins/ml/public/application/data_frame_analytics/pages/analytics_management/hooks/use_create_analytics_form/reducer.ts @@ -10,7 +10,7 @@ import { memoize } from 'lodash'; import numeral from '@elastic/numeral'; import { isValidIndexName } from '../../../../../../../common/util/es_utils'; -import { collapseLiteralStrings } from '../../../../../../../../../../src/plugins/es_ui_shared/public'; +import { collapseLiteralStrings } from '../../../../../../../shared_imports'; import { Action, ACTION } from './actions'; import { diff --git a/x-pack/plugins/ml/shared_imports.ts b/x-pack/plugins/ml/shared_imports.ts index a82ed5387818d..33669a082f7f0 100644 --- a/x-pack/plugins/ml/shared_imports.ts +++ b/x-pack/plugins/ml/shared_imports.ts @@ -3,9 +3,8 @@ * or more contributor license agreements. Licensed under the Elastic License; * you may not use this file except in compliance with the Elastic License. */ +import { XJson } from '../../../src/plugins/es_ui_shared/public'; +const { collapseLiteralStrings, expandLiteralStrings } = XJson; -export { - XJsonMode, - collapseLiteralStrings, - expandLiteralStrings, -} from '../../../src/plugins/es_ui_shared/public'; +export { XJsonMode } from '@kbn/ace'; +export { collapseLiteralStrings, expandLiteralStrings }; diff --git a/x-pack/plugins/searchprofiler/public/application/editor/init_editor.ts b/x-pack/plugins/searchprofiler/public/application/editor/init_editor.ts index 3ad92531e4367..b43506e1323da 100644 --- a/x-pack/plugins/searchprofiler/public/application/editor/init_editor.ts +++ b/x-pack/plugins/searchprofiler/public/application/editor/init_editor.ts @@ -5,7 +5,7 @@ */ import ace from 'brace'; -import { installXJsonMode } from '../../../../../../src/plugins/es_ui_shared/public'; +import { installXJsonMode } from '@kbn/ace'; export function initializeEditor({ el, diff --git a/x-pack/plugins/searchprofiler/public/application/utils/check_for_json_errors.ts b/x-pack/plugins/searchprofiler/public/application/utils/check_for_json_errors.ts index 58a62c4636c25..7832d7bcb63f7 100644 --- a/x-pack/plugins/searchprofiler/public/application/utils/check_for_json_errors.ts +++ b/x-pack/plugins/searchprofiler/public/application/utils/check_for_json_errors.ts @@ -4,7 +4,9 @@ * you may not use this file except in compliance with the Elastic License. */ -import { collapseLiteralStrings } from '../../../../../../src/plugins/es_ui_shared/public'; +import { XJson } from '../../../../../../src/plugins/es_ui_shared/public'; + +const { collapseLiteralStrings } = XJson; export function checkForParseErrors(json: string) { const sanitizedJson = collapseLiteralStrings(json); diff --git a/x-pack/plugins/transform/public/app/sections/create_transform/components/step_define/hooks/use_advanced_pivot_editor.ts b/x-pack/plugins/transform/public/app/sections/create_transform/components/step_define/hooks/use_advanced_pivot_editor.ts index 41b84f04db852..d13376cf838f8 100644 --- a/x-pack/plugins/transform/public/app/sections/create_transform/components/step_define/hooks/use_advanced_pivot_editor.ts +++ b/x-pack/plugins/transform/public/app/sections/create_transform/components/step_define/hooks/use_advanced_pivot_editor.ts @@ -5,13 +5,17 @@ */ import { useEffect, useState } from 'react'; +import { XJsonMode } from '@kbn/ace'; -import { useXJsonMode } from '../../../../../../../../../../src/plugins/es_ui_shared/static/ace_x_json/hooks'; +import { XJson } from '../../../../../../../../../../src/plugins/es_ui_shared/public'; import { PostTransformsPreviewRequestSchema } from '../../../../../../../common/api_schemas/transforms'; import { StepDefineExposedState } from '../common'; +const { useXJsonMode } = XJson; +const xJsonMode = new XJsonMode(); + export const useAdvancedPivotEditor = ( defaults: StepDefineExposedState, previewRequest: PostTransformsPreviewRequestSchema @@ -38,7 +42,6 @@ export const useAdvancedPivotEditor = ( convertToJson, setXJson: setAdvancedEditorConfig, xJson: advancedEditorConfig, - xJsonMode, } = useXJsonMode(stringifiedPivotConfig); useEffect(() => { diff --git a/x-pack/plugins/transform/public/shared_imports.ts b/x-pack/plugins/transform/public/shared_imports.ts index 4737787dbd9ee..b977c657b4a5a 100644 --- a/x-pack/plugins/transform/public/shared_imports.ts +++ b/x-pack/plugins/transform/public/shared_imports.ts @@ -5,13 +5,8 @@ */ export { createSavedSearchesLoader } from '../../../../src/plugins/discover/public'; -export { - XJsonMode, - collapseLiteralStrings, - expandLiteralStrings, - UseRequestConfig, - useRequest, -} from '../../../../src/plugins/es_ui_shared/public'; +export { XJsonMode } from '@kbn/ace'; +export { UseRequestConfig, useRequest } from '../../../../src/plugins/es_ui_shared/public'; export { getFieldType, @@ -31,3 +26,7 @@ export { UseIndexDataReturnType, INDEX_STATUS, } from '../../ml/public'; + +import { XJson } from '../../../../src/plugins/es_ui_shared/public'; +const { expandLiteralStrings, collapseLiteralStrings } = XJson; +export { expandLiteralStrings, collapseLiteralStrings }; diff --git a/x-pack/plugins/triggers_actions_ui/public/application/components/json_editor_with_message_variables.tsx b/x-pack/plugins/triggers_actions_ui/public/application/components/json_editor_with_message_variables.tsx index 5ea15deb53161..e1f368a3f5028 100644 --- a/x-pack/plugins/triggers_actions_ui/public/application/components/json_editor_with_message_variables.tsx +++ b/x-pack/plugins/triggers_actions_ui/public/application/components/json_editor_with_message_variables.tsx @@ -5,8 +5,10 @@ */ import React, { useState } from 'react'; import { EuiCodeEditor, EuiFormRow } from '@elastic/eui'; +import { XJsonMode } from '@kbn/ace'; + import './add_message_variables.scss'; -import { useXJsonMode } from '../../../../../../src/plugins/es_ui_shared/static/ace_x_json/hooks'; +import { XJson } from '../../../../../../src/plugins/es_ui_shared/public'; import { AddMessageVariables } from './add_message_variables'; import { ActionVariable } from '../../types'; @@ -23,6 +25,9 @@ interface Props { onBlur?: () => void; } +const { useXJsonMode } = XJson; +const xJsonMode = new XJsonMode(); + export const JsonEditorWithMessageVariables: React.FunctionComponent = ({ messageVariables, paramsProperty, @@ -36,7 +41,7 @@ export const JsonEditorWithMessageVariables: React.FunctionComponent = ({ }) => { const [cursorPosition, setCursorPosition] = useState(null); - const { xJsonMode, convertToJson, setXJson, xJson } = useXJsonMode(inputTargetValue ?? null); + const { convertToJson, setXJson, xJson } = useXJsonMode(inputTargetValue ?? null); const onSelectMessageVariable = (variable: string) => { const templatedVar = `{{${variable}}}`; diff --git a/x-pack/plugins/watcher/public/application/sections/watch_edit/components/json_watch_edit/json_watch_edit_form.tsx b/x-pack/plugins/watcher/public/application/sections/watch_edit/components/json_watch_edit/json_watch_edit_form.tsx index f2ae4d5533393..1dc3a9e3a8279 100644 --- a/x-pack/plugins/watcher/public/application/sections/watch_edit/components/json_watch_edit/json_watch_edit_form.tsx +++ b/x-pack/plugins/watcher/public/application/sections/watch_edit/components/json_watch_edit/json_watch_edit_form.tsx @@ -20,16 +20,20 @@ import { } from '@elastic/eui'; import { i18n } from '@kbn/i18n'; import { FormattedMessage } from '@kbn/i18n/react'; +import { XJsonMode } from '@kbn/ace'; import { serializeJsonWatch } from '../../../../../../common/lib/serialization'; import { ErrableFormRow, SectionError, Error as ServerError } from '../../../../components'; -import { useXJsonMode } from '../../../../shared_imports'; +import { XJson } from '../../../../shared_imports'; import { onWatchSave } from '../../watch_edit_actions'; import { WatchContext } from '../../watch_context'; import { goToWatchList } from '../../../../lib/navigation'; import { RequestFlyout } from '../request_flyout'; import { useAppContext } from '../../../../app_context'; +const xJsonMode = new XJsonMode(); +const { useXJsonMode } = XJson; + export const JsonWatchEditForm = () => { const { links: { putWatchApiUrl }, @@ -37,7 +41,7 @@ export const JsonWatchEditForm = () => { } = useAppContext(); const { watch, setWatchProperty } = useContext(WatchContext); - const { xJsonMode, convertToJson, setXJson, xJson } = useXJsonMode(watch.watchString); + const { convertToJson, setXJson, xJson } = useXJsonMode(watch.watchString); const { errors } = watch.validate(); const hasErrors = !!Object.keys(errors).find((errorKey) => errors[errorKey].length >= 1); diff --git a/x-pack/plugins/watcher/public/application/sections/watch_edit/components/json_watch_edit/json_watch_edit_simulate.tsx b/x-pack/plugins/watcher/public/application/sections/watch_edit/components/json_watch_edit/json_watch_edit_simulate.tsx index 043e2e598bd02..23027e512c64c 100644 --- a/x-pack/plugins/watcher/public/application/sections/watch_edit/components/json_watch_edit/json_watch_edit_simulate.tsx +++ b/x-pack/plugins/watcher/public/application/sections/watch_edit/components/json_watch_edit/json_watch_edit_simulate.tsx @@ -24,6 +24,9 @@ import { } from '@elastic/eui'; import { i18n } from '@kbn/i18n'; import { FormattedMessage } from '@kbn/i18n/react'; +import { XJsonMode } from '@kbn/ace'; + +const xJsonMode = new XJsonMode(); import { WatchHistoryItem } from '../../../../models/watch_history_item'; @@ -33,14 +36,16 @@ import { ExecutedWatchDetails, ExecutedWatchResults, } from '../../../../../../common/types/watch_types'; -import { ErrableFormRow } from '../../../../components/form_errors'; +import { ErrableFormRow } from '../../../../components'; import { executeWatch } from '../../../../lib/api'; import { WatchContext } from '../../watch_context'; import { JsonWatchEditSimulateResults } from './json_watch_edit_simulate_results'; import { getTimeUnitLabel } from '../../../../lib/get_time_unit_label'; import { useAppContext } from '../../../../app_context'; -import { useXJsonMode } from '../../../../shared_imports'; +import { XJson } from '../../../../shared_imports'; + +const { useXJsonMode } = XJson; const actionModeOptions = Object.keys(ACTION_MODES).map((mode) => ({ text: ACTION_MODES[mode], @@ -96,7 +101,7 @@ export const JsonWatchEditSimulate = ({ ignoreCondition, } = executeDetails; - const { setXJson, convertToJson, xJsonMode, xJson } = useXJsonMode(alternativeInput); + const { setXJson, convertToJson, xJson } = useXJsonMode(alternativeInput); const columns = [ { diff --git a/x-pack/plugins/watcher/public/application/shared_imports.ts b/x-pack/plugins/watcher/public/application/shared_imports.ts index 766e8e659c8ae..ad42b94bc837f 100644 --- a/x-pack/plugins/watcher/public/application/shared_imports.ts +++ b/x-pack/plugins/watcher/public/application/shared_imports.ts @@ -10,6 +10,5 @@ export { UseRequestConfig, sendRequest, useRequest, + XJson, } from '../../../../../src/plugins/es_ui_shared/public'; - -export { useXJsonMode } from '../../../../../src/plugins/es_ui_shared/static/ace_x_json/hooks'; From 1dd0c6a5700f609ca6b7e89ab2632c880570df7d Mon Sep 17 00:00:00 2001 From: Oliver Gupte Date: Thu, 24 Sep 2020 07:48:24 -0700 Subject: [PATCH 13/63] [APM] Service maps grouped external resource nodes (#78136) * Closes #78135 by implementing node grouping on service map data before it's rendered in the Cytoscape. * Truncates resource list items and updates api test snapshot * Added type for ConnectionElement rather using an ad hoc type, removed some unneeded ts-ignores --- x-pack/plugins/apm/common/service_map.ts | 34 ++ .../app/ServiceMap/Popover/Info.tsx | 63 ++- .../app/ServiceMap/cytoscapeOptions.ts | 2 +- .../service_map/group_resource_nodes.test.ts | 24 + .../lib/service_map/group_resource_nodes.ts | 139 +++++ .../group_resource_nodes_grouped.json | 140 ++++++ .../group_resource_nodes_pregrouped.json | 204 ++++++++ .../transform_service_map_responses.test.ts | 6 +- .../transform_service_map_responses.ts | 9 +- .../__snapshots__/service_maps.snap | 476 +++++++++--------- 10 files changed, 847 insertions(+), 250 deletions(-) create mode 100644 x-pack/plugins/apm/server/lib/service_map/group_resource_nodes.test.ts create mode 100644 x-pack/plugins/apm/server/lib/service_map/group_resource_nodes.ts create mode 100644 x-pack/plugins/apm/server/lib/service_map/mock_responses/group_resource_nodes_grouped.json create mode 100644 x-pack/plugins/apm/server/lib/service_map/mock_responses/group_resource_nodes_pregrouped.json diff --git a/x-pack/plugins/apm/common/service_map.ts b/x-pack/plugins/apm/common/service_map.ts index 1dc4d598cd2ee..02456f9b2050f 100644 --- a/x-pack/plugins/apm/common/service_map.ts +++ b/x-pack/plugins/apm/common/service_map.ts @@ -22,15 +22,30 @@ export interface ServiceConnectionNode extends cytoscape.NodeDataDefinition { [SERVICE_ENVIRONMENT]: string | null; [AGENT_NAME]: string; serviceAnomalyStats?: ServiceAnomalyStats; + label?: string; } export interface ExternalConnectionNode extends cytoscape.NodeDataDefinition { [SPAN_DESTINATION_SERVICE_RESOURCE]: string; [SPAN_TYPE]: string; [SPAN_SUBTYPE]: string; + label?: string; } export type ConnectionNode = ServiceConnectionNode | ExternalConnectionNode; +export interface ConnectionEdge { + id: string; + source: ConnectionNode['id']; + target: ConnectionNode['id']; + label?: string; + bidirectional?: boolean; + isInverseEdge?: boolean; +} + +export interface ConnectionElement { + data: ConnectionNode | ConnectionEdge; +} + export interface Connection { source: ConnectionNode; destination: ConnectionNode; @@ -57,3 +72,22 @@ export const invalidLicenseMessage = i18n.translate( "In order to access Service Maps, you must be subscribed to an Elastic Platinum license. With it, you'll have the ability to visualize your entire application stack along with your APM data.", } ); + +const NONGROUPED_SPANS: Record = { + aws: ['servicename'], + cache: ['all'], + db: ['all'], + external: ['graphql', 'grpc', 'websocket'], + messaging: ['all'], + template: ['handlebars'], +}; + +export function isSpanGroupingSupported(type?: string, subtype?: string) { + if (!type || !(type in NONGROUPED_SPANS)) { + return true; + } + return !NONGROUPED_SPANS[type].some( + (nongroupedSubType) => + nongroupedSubType === 'all' || nongroupedSubType === subtype + ); +} diff --git a/x-pack/plugins/apm/public/components/app/ServiceMap/Popover/Info.tsx b/x-pack/plugins/apm/public/components/app/ServiceMap/Popover/Info.tsx index 094cf032c4c9d..7771a232a5c9e 100644 --- a/x-pack/plugins/apm/public/components/app/ServiceMap/Popover/Info.tsx +++ b/x-pack/plugins/apm/public/components/app/ServiceMap/Popover/Info.tsx @@ -3,7 +3,11 @@ * or more contributor license agreements. Licensed under the Elastic License; * you may not use this file except in compliance with the Elastic License. */ - +import { + EuiDescriptionList, + EuiDescriptionListTitle, + EuiDescriptionListDescription, +} from '@elastic/eui'; import { i18n } from '@kbn/i18n'; import cytoscape from 'cytoscape'; import React from 'react'; @@ -12,20 +16,27 @@ import { SPAN_SUBTYPE, SPAN_TYPE, } from '../../../../../common/elasticsearch_fieldnames'; +import { ExternalConnectionNode } from '../../../../../common/service_map'; const ItemRow = styled.div` line-height: 2; `; -const ItemTitle = styled.dt` - color: ${({ theme }) => theme.eui.textColors.subdued}; +const SubduedDescriptionListTitle = styled(EuiDescriptionListTitle)` + &&& { + color: ${({ theme }) => theme.eui.textColors.subdued}; + } `; -const ItemDescription = styled.dd``; +const ExternalResourcesList = styled.section` + max-height: 360px; + overflow: auto; +`; interface InfoProps extends cytoscape.NodeDataDefinition { type?: string; subtype?: string; + className?: string; } export function Info(data: InfoProps) { @@ -51,15 +62,51 @@ export function Info(data: InfoProps) { }, ]; + if (data.groupedConnections) { + return ( + + + {data.groupedConnections.map((resource: ExternalConnectionNode) => { + const title = + resource.label || resource['span.destination.service.resource']; + const desc = `${resource['span.type']} (${resource['span.subtype']})`; + return ( + <> + + {title} + + + {desc} + + + ); + })} + + + ); + } + return ( <> {listItems.map( ({ title, description }) => description && ( - - {title} - {description} - +
+ + + {title} + + + {description} + + +
) )} diff --git a/x-pack/plugins/apm/public/components/app/ServiceMap/cytoscapeOptions.ts b/x-pack/plugins/apm/public/components/app/ServiceMap/cytoscapeOptions.ts index 61ac9bd7cd54c..136be1c7d947c 100644 --- a/x-pack/plugins/apm/public/components/app/ServiceMap/cytoscapeOptions.ts +++ b/x-pack/plugins/apm/public/components/app/ServiceMap/cytoscapeOptions.ts @@ -136,7 +136,7 @@ const getStyle = (theme: EuiTheme): cytoscape.Stylesheet[] => { label: (el: cytoscape.NodeSingular) => isService(el) ? el.data(SERVICE_NAME) - : el.data(SPAN_DESTINATION_SERVICE_RESOURCE), + : el.data('label') || el.data(SPAN_DESTINATION_SERVICE_RESOURCE), 'min-zoomed-font-size': parseInt(theme.eui.euiSizeS, 10), 'overlay-opacity': 0, shape: (el: cytoscape.NodeSingular) => diff --git a/x-pack/plugins/apm/server/lib/service_map/group_resource_nodes.test.ts b/x-pack/plugins/apm/server/lib/service_map/group_resource_nodes.test.ts new file mode 100644 index 0000000000000..2a9a2daf1fe47 --- /dev/null +++ b/x-pack/plugins/apm/server/lib/service_map/group_resource_nodes.test.ts @@ -0,0 +1,24 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License; + * you may not use this file except in compliance with the Elastic License. + */ + +import { groupResourceNodes } from './group_resource_nodes'; +import preGroupedData from './mock_responses/group_resource_nodes_pregrouped.json'; +import expectedGroupedData from './mock_responses/group_resource_nodes_grouped.json'; + +describe('groupResourceNodes', () => { + it('should group external nodes', () => { + const responseWithGroups = groupResourceNodes(preGroupedData); + expect(responseWithGroups.elements).toHaveLength( + expectedGroupedData.elements.length + ); + for (const element of responseWithGroups.elements) { + const expectedElement = expectedGroupedData.elements.find( + ({ data: { id } }: { data: { id: string } }) => id === element.data.id + ); + expect(element).toMatchObject(expectedElement); + } + }); +}); diff --git a/x-pack/plugins/apm/server/lib/service_map/group_resource_nodes.ts b/x-pack/plugins/apm/server/lib/service_map/group_resource_nodes.ts new file mode 100644 index 0000000000000..37ddcdfcff719 --- /dev/null +++ b/x-pack/plugins/apm/server/lib/service_map/group_resource_nodes.ts @@ -0,0 +1,139 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License; + * you may not use this file except in compliance with the Elastic License. + */ +import { i18n } from '@kbn/i18n'; +import { groupBy } from 'lodash'; +import { ValuesType } from 'utility-types'; +import { + SPAN_TYPE, + SPAN_SUBTYPE, +} from '../../../common/elasticsearch_fieldnames'; +import { + ConnectionElement, + isSpanGroupingSupported, +} from '../../../common/service_map'; + +const MINIMUM_GROUP_SIZE = 4; + +export function groupResourceNodes(responseData: { + elements: ConnectionElement[]; +}) { + type ElementDefinition = ValuesType; + const isEdge = (el: ElementDefinition) => + Boolean(el.data.source && el.data.target); + const isNode = (el: ElementDefinition) => !isEdge(el); + const isElligibleGroupNode = (el: ElementDefinition) => { + if (isNode(el) && 'span.type' in el.data) { + return isSpanGroupingSupported(el.data[SPAN_TYPE], el.data[SPAN_SUBTYPE]); + } + return false; + }; + const nodes = responseData.elements.filter(isNode); + const edges = responseData.elements.filter(isEdge); + + // create adjacency list by targets + const groupNodeCandidates = responseData.elements + .filter(isElligibleGroupNode) + .map(({ data: { id } }) => id); + const adjacencyListByTargetMap = new Map(); + edges.forEach(({ data: { source, target } }) => { + if (groupNodeCandidates.includes(target)) { + const sources = adjacencyListByTargetMap.get(target); + if (sources) { + sources.push(source); + } else { + adjacencyListByTargetMap.set(target, [source]); + } + } + }); + const adjacencyListByTarget = [...adjacencyListByTargetMap.entries()].map( + ([target, sources]) => ({ + target, + sources, + groupId: `resourceGroup{${sources.sort().join(';')}}`, + }) + ); + + // group by members + const nodeGroupsById = groupBy(adjacencyListByTarget, 'groupId'); + const nodeGroups = Object.keys(nodeGroupsById) + .map((id) => ({ + id, + sources: nodeGroupsById[id][0].sources, + targets: nodeGroupsById[id].map(({ target }) => target), + })) + .filter(({ targets }) => targets.length > MINIMUM_GROUP_SIZE - 1); + const ungroupedEdges = [...edges]; + const ungroupedNodes = [...nodes]; + nodeGroups.forEach(({ sources, targets }) => { + targets.forEach((target) => { + // removes grouped nodes from original node set: + const groupedNodeIndex = ungroupedNodes.findIndex( + ({ data }) => data.id === target + ); + ungroupedNodes.splice(groupedNodeIndex, 1); + sources.forEach((source) => { + // removes edges of grouped nodes from original edge set: + const groupedEdgeIndex = ungroupedEdges.findIndex( + ({ data }) => data.source === source && data.target === target + ); + ungroupedEdges.splice(groupedEdgeIndex, 1); + }); + }); + }); + + // add in a composite node for each new group + const groupedNodes = nodeGroups.map(({ id, targets }) => ({ + data: { + id, + 'span.type': 'external', + label: i18n.translate('xpack.apm.serviceMap.resourceCountLabel', { + defaultMessage: '{count} resources', + values: { count: targets.length }, + }), + groupedConnections: targets + .map((targetId) => { + const targetElement = nodes.find( + (element) => element.data.id === targetId + ); + if (!targetElement) { + return; + } + const { data } = targetElement; + return { label: data.label || data.id, ...data }; + }) + .filter((node) => !!node), + }, + })); + + // add new edges from source to new groups + const groupedEdges: Array<{ + data: { + id: string; + source: string; + target: string; + }; + }> = []; + nodeGroups.forEach(({ id, sources }) => { + sources.forEach((source) => { + groupedEdges.push({ + data: { + id: `${source}~>${id}`, + source, + target: id, + }, + }); + }); + }); + + return { + elements: [ + ...ungroupedNodes, + ...groupedNodes, + ...ungroupedEdges, + ...groupedEdges, + ], + }; +} diff --git a/x-pack/plugins/apm/server/lib/service_map/mock_responses/group_resource_nodes_grouped.json b/x-pack/plugins/apm/server/lib/service_map/mock_responses/group_resource_nodes_grouped.json new file mode 100644 index 0000000000000..e7bba585de180 --- /dev/null +++ b/x-pack/plugins/apm/server/lib/service_map/mock_responses/group_resource_nodes_grouped.json @@ -0,0 +1,140 @@ +{ + "elements": [ + { + "data": { + "id": "opbeans-rum", + "service.environment": "testing", + "service.name": "opbeans-rum", + "agent.name": "rum-js" + } + }, + { + "data": { + "source": "opbeans-rum", + "target": "opbeans-node", + "id": "opbeans-rum~>opbeans-node" + } + }, + { + "data": { + "id": "opbeans-node", + "service.environment": "testing", + "service.name": "opbeans-node", + "agent.name": "nodejs" + } + }, + { + "data": { + "source": "opbeans-node", + "target": "postgresql", + "id": "opbeans-node~>postgresql" + } + }, + { + "data": { + "id": "postgresql", + "span.subtype": "postgresql", + "span.destination.service.resource": "postgresql", + "span.type": "db", + "label": "postgresql" + } + }, + { + "data": { + "id": "elastic-co-rum-test", + "service.name": "elastic-co-rum-test", + "agent.name": "rum-js" + } + }, + { + "data": { + "id": "elastic-co-frontend", + "service.name": "elastic-co-frontend", + "agent.name": "rum-js" + } + }, + { + "data": { + "source": "elastic-co-frontend", + "target": "0.cdn.example.com:443", + "id": "elastic-co-frontend~>0.cdn.example.com:443" + } + }, + { + "data": { + "source": "elastic-co-frontend", + "target": "resourceGroup{elastic-co-frontend;elastic-co-rum-test}", + "id": "elastic-co-frontend~>resourceGroup{elastic-co-frontend;elastic-co-rum-test}" + } + }, + { + "data": { + "source": "elastic-co-rum-test", + "target": "resourceGroup{elastic-co-frontend;elastic-co-rum-test}", + "id": "elastic-co-rum-test~>resourceGroup{elastic-co-frontend;elastic-co-rum-test}" + } + }, + { + "data": { + "source": "elastic-co-rum-test", + "target": "6.cdn.example.com:443", + "id": "elastic-co-rum-test~>6.cdn.example.com:443" + } + }, + { + "data": { + "id": "resourceGroup{elastic-co-frontend;elastic-co-rum-test}", + "span.type": "external", + "label": "5 resources", + "groupedConnections": [ + { + "label": "1.cdn.example.com:443", + "span.type": "external", + "span.subtype": "http", + "span.destination.service.resource": "1.cdn.example.com:443" + }, + { + "label": "2.cdn.example.com:443", + "span.type": "external", + "span.subtype": "http", + "span.destination.service.resource": "2.cdn.example.com:443" + }, + { + "label": "3.cdn.example.com:443", + "span.type": "external", + "span.subtype": "http", + "span.destination.service.resource": "3.cdn.example.com:443" + }, + { + "label": "4.cdn.example.com:443", + "span.type": "external", + "span.subtype": "http", + "span.destination.service.resource": "4.cdn.example.com:443" + }, + { + "label": "5.cdn.example.com:443", + "span.type": "external", + "span.subtype": "http", + "span.destination.service.resource": "5.cdn.example.com:443" + } + ] + } + }, + { + "data": { + "id": "0.cdn.example.com:443", + "span.type": "external", + "span.subtype": "http", + "span.destination.service.resource": "0.cdn.example.com:443" + } + }, + { + "data": { + "id": "6.cdn.example.com:443", + "span.type": "external", + "span.subtype": "http", + "span.destination.service.resource": "6.cdn.example.com:443" + } + } + ] +} diff --git a/x-pack/plugins/apm/server/lib/service_map/mock_responses/group_resource_nodes_pregrouped.json b/x-pack/plugins/apm/server/lib/service_map/mock_responses/group_resource_nodes_pregrouped.json new file mode 100644 index 0000000000000..22c5c50de7472 --- /dev/null +++ b/x-pack/plugins/apm/server/lib/service_map/mock_responses/group_resource_nodes_pregrouped.json @@ -0,0 +1,204 @@ +{ + "elements": [ + { + "data": { + "id": "opbeans-rum", + "service.environment": "testing", + "service.name": "opbeans-rum", + "agent.name": "rum-js" + } + }, + { + "data": { + "source": "opbeans-rum", + "target": "opbeans-node", + "id": "opbeans-rum~>opbeans-node" + } + }, + { + "data": { + "id": "opbeans-node", + "service.environment": "testing", + "service.name": "opbeans-node", + "agent.name": "nodejs" + } + }, + { + "data": { + "source": "opbeans-node", + "target": "postgresql", + "id": "opbeans-node~>postgresql" + } + }, + { + "data": { + "id": "postgresql", + "span.subtype": "postgresql", + "span.destination.service.resource": "postgresql", + "span.type": "db", + "label": "postgresql" + } + }, + { + "data": { + "id": "elastic-co-rum-test", + "service.name": "elastic-co-rum-test", + "agent.name": "rum-js" + } + }, + { + "data": { + "id": "elastic-co-frontend", + "service.name": "elastic-co-frontend", + "agent.name": "rum-js" + } + }, + { + "data": { + "source": "elastic-co-frontend", + "target": "0.cdn.example.com:443", + "id": "elastic-co-frontend~>0.cdn.example.com:443" + } + }, + { + "data": { + "source": "elastic-co-frontend", + "target": "1.cdn.example.com:443", + "id": "elastic-co-frontend~>1.cdn.example.com:443" + } + }, + { + "data": { + "source": "elastic-co-frontend", + "target": "2.cdn.example.com:443", + "id": "elastic-co-frontend~>2.cdn.example.com:443" + } + }, + { + "data": { + "source": "elastic-co-frontend", + "target": "3.cdn.example.com:443", + "id": "elastic-co-frontend~>3.cdn.example.com:443" + } + }, + { + "data": { + "source": "elastic-co-frontend", + "target": "4.cdn.example.com:443", + "id": "elastic-co-frontend~>4.cdn.example.com:443" + } + }, + { + "data": { + "source": "elastic-co-frontend", + "target": "5.cdn.example.com:443", + "id": "elastic-co-frontend~>5.cdn.example.com:443" + } + }, + { + "data": { + "source": "elastic-co-rum-test", + "target": "1.cdn.example.com:443", + "id": "elastic-co-rum-test~>1.cdn.example.com:443" + } + }, + { + "data": { + "source": "elastic-co-rum-test", + "target": "2.cdn.example.com:443", + "id": "elastic-co-rum-test~>2.cdn.example.com:443" + } + }, + { + "data": { + "source": "elastic-co-rum-test", + "target": "3.cdn.example.com:443", + "id": "elastic-co-rum-test~>3.cdn.example.com:443" + } + }, + { + "data": { + "source": "elastic-co-rum-test", + "target": "4.cdn.example.com:443", + "id": "elastic-co-rum-test~>4.cdn.example.com:443" + } + }, + { + "data": { + "source": "elastic-co-rum-test", + "target": "5.cdn.example.com:443", + "id": "elastic-co-rum-test~>5.cdn.example.com:443" + } + }, + { + "data": { + "source": "elastic-co-rum-test", + "target": "6.cdn.example.com:443", + "id": "elastic-co-rum-test~>6.cdn.example.com:443" + } + }, + { + "data": { + "id": "0.cdn.example.com:443", + "label": "0.cdn.example.com:443", + "span.type": "external", + "span.subtype": "http", + "span.destination.service.resource": "0.cdn.example.com:443" + } + }, + { + "data": { + "id": "1.cdn.example.com:443", + "label": "1.cdn.example.com:443", + "span.type": "external", + "span.subtype": "http", + "span.destination.service.resource": "1.cdn.example.com:443" + } + }, + { + "data": { + "id": "2.cdn.example.com:443", + "label": "2.cdn.example.com:443", + "span.type": "external", + "span.subtype": "http", + "span.destination.service.resource": "2.cdn.example.com:443" + } + }, + { + "data": { + "id": "3.cdn.example.com:443", + "label": "3.cdn.example.com:443", + "span.type": "external", + "span.subtype": "http", + "span.destination.service.resource": "3.cdn.example.com:443" + } + }, + { + "data": { + "id": "4.cdn.example.com:443", + "label": "4.cdn.example.com:443", + "span.type": "external", + "span.subtype": "http", + "span.destination.service.resource": "4.cdn.example.com:443" + } + }, + { + "data": { + "id": "5.cdn.example.com:443", + "label": "5.cdn.example.com:443", + "span.type": "external", + "span.subtype": "http", + "span.destination.service.resource": "5.cdn.example.com:443" + } + }, + { + "data": { + "id": "6.cdn.example.com:443", + "label": "6.cdn.example.com:443", + "span.type": "external", + "span.subtype": "http", + "span.destination.service.resource": "6.cdn.example.com:443" + } + } + ] +} diff --git a/x-pack/plugins/apm/server/lib/service_map/transform_service_map_responses.test.ts b/x-pack/plugins/apm/server/lib/service_map/transform_service_map_responses.test.ts index f30b80feda302..7d832c91022e5 100644 --- a/x-pack/plugins/apm/server/lib/service_map/transform_service_map_responses.test.ts +++ b/x-pack/plugins/apm/server/lib/service_map/transform_service_map_responses.test.ts @@ -75,7 +75,11 @@ describe('transformServiceMapResponses', () => { (element) => 'source' in element.data && 'target' in element.data ); - expect(connection?.data.target).toBe('opbeans-node'); + expect(connection).toHaveProperty('data'); + expect(connection?.data).toHaveProperty('target'); + if (connection?.data && 'target' in connection.data) { + expect(connection.data.target).toBe('opbeans-node'); + } expect( elements.find((element) => element.data.id === '>opbeans-node') diff --git a/x-pack/plugins/apm/server/lib/service_map/transform_service_map_responses.ts b/x-pack/plugins/apm/server/lib/service_map/transform_service_map_responses.ts index 7f5e34f68f922..e2af4315e41a1 100644 --- a/x-pack/plugins/apm/server/lib/service_map/transform_service_map_responses.ts +++ b/x-pack/plugins/apm/server/lib/service_map/transform_service_map_responses.ts @@ -16,9 +16,11 @@ import { ConnectionNode, ServiceConnectionNode, ExternalConnectionNode, + ConnectionElement, } from '../../../common/service_map'; import { ConnectionsResponse, ServicesResponse } from './get_service_map'; import { ServiceAnomaliesResponse } from './get_service_anomalies'; +import { groupResourceNodes } from './group_resource_nodes'; function getConnectionNodeId(node: ConnectionNode): string { if ('span.destination.service.resource' in node) { @@ -213,9 +215,12 @@ export function transformServiceMapResponses(response: ServiceMapResponse) { }, []); // Put everything together in elements, with everything in the "data" property - const elements = [...dedupedConnections, ...dedupedNodes].map((element) => ({ + const elements: ConnectionElement[] = [ + ...dedupedConnections, + ...dedupedNodes, + ].map((element) => ({ data: element, })); - return { elements }; + return groupResourceNodes({ elements }); } diff --git a/x-pack/test/apm_api_integration/trial/tests/service_maps/__snapshots__/service_maps.snap b/x-pack/test/apm_api_integration/trial/tests/service_maps/__snapshots__/service_maps.snap index 8a3929f1e9ba6..320ffd5a98696 100644 --- a/x-pack/test/apm_api_integration/trial/tests/service_maps/__snapshots__/service_maps.snap +++ b/x-pack/test/apm_api_integration/trial/tests/service_maps/__snapshots__/service_maps.snap @@ -65,6 +65,130 @@ Object { exports[`Service Maps with a trial license /api/apm/service-map when there is data returns the correct data 3`] = ` Array [ + Object { + "data": Object { + "agent.name": "rum-js", + "id": "opbeans-rum", + "service.environment": "testing", + "service.name": "opbeans-rum", + "serviceAnomalyStats": Object { + "anomalyScore": 0, + "healthStatus": "healthy", + "jobId": "apm-environment_not_defined-7ed6-high_mean_transaction_duration", + "transactionType": "page-load", + }, + }, + }, + Object { + "data": Object { + "agent.name": "python", + "id": "opbeans-python", + "service.environment": "production", + "service.name": "opbeans-python", + "serviceAnomalyStats": Object { + "actualValue": 66218.0833333333, + "anomalyScore": 0, + "healthStatus": "healthy", + "jobId": "apm-production-229a-high_mean_transaction_duration", + "transactionType": "request", + }, + }, + }, + Object { + "data": Object { + "agent.name": "java", + "id": "opbeans-java", + "service.environment": "production", + "service.name": "opbeans-java", + "serviceAnomalyStats": Object { + "actualValue": 14901.32, + "anomalyScore": 0, + "healthStatus": "healthy", + "jobId": "apm-production-229a-high_mean_transaction_duration", + "transactionType": "request", + }, + }, + }, + Object { + "data": Object { + "agent.name": "nodejs", + "id": "opbeans-node", + "service.environment": "testing", + "service.name": "opbeans-node", + "serviceAnomalyStats": Object { + "actualValue": 32226.649122807, + "anomalyScore": 0, + "healthStatus": "healthy", + "jobId": "apm-testing-d457-high_mean_transaction_duration", + "transactionType": "request", + }, + }, + }, + Object { + "data": Object { + "agent.name": "go", + "id": "opbeans-go", + "service.environment": "testing", + "service.name": "opbeans-go", + "serviceAnomalyStats": Object { + "actualValue": 3933482.17647059, + "anomalyScore": 2.61017027514827, + "healthStatus": "healthy", + "jobId": "apm-testing-d457-high_mean_transaction_duration", + "transactionType": "request", + }, + }, + }, + Object { + "data": Object { + "agent.name": "ruby", + "id": "opbeans-ruby", + "service.environment": "production", + "service.name": "opbeans-ruby", + "serviceAnomalyStats": Object { + "actualValue": 684716.581395349, + "anomalyScore": 0.204989077199074, + "healthStatus": "healthy", + "jobId": "apm-production-229a-high_mean_transaction_duration", + "transactionType": "request", + }, + }, + }, + Object { + "data": Object { + "id": ">postgresql", + "label": "postgresql", + "span.destination.service.resource": "postgresql", + "span.subtype": "postgresql", + "span.type": "db", + }, + }, + Object { + "data": Object { + "id": ">elasticsearch", + "label": "elasticsearch", + "span.destination.service.resource": "elasticsearch", + "span.subtype": "elasticsearch", + "span.type": "db", + }, + }, + Object { + "data": Object { + "id": ">redis", + "label": "redis", + "span.destination.service.resource": "redis", + "span.subtype": "redis", + "span.type": "db", + }, + }, + Object { + "data": Object { + "agent.name": "dotnet", + "id": "opbeans-dotnet", + "service.environment": null, + "service.name": "opbeans-dotnet", + }, + }, Object { "data": Object { "id": "opbeans-go~>postgresql", @@ -921,136 +1045,136 @@ Array [ }, }, }, - Object { - "data": Object { - "agent.name": "rum-js", - "id": "opbeans-rum", - "service.environment": "testing", - "service.name": "opbeans-rum", - "serviceAnomalyStats": Object { - "anomalyScore": 0, - "healthStatus": "healthy", - "jobId": "apm-environment_not_defined-7ed6-high_mean_transaction_duration", - "transactionType": "page-load", +] +`; + +exports[`Service Maps with a trial license when there is data with anomalies returns the correct anomaly stats 3`] = ` +Object { + "elements": Array [ + Object { + "data": Object { + "agent.name": "rum-js", + "id": "opbeans-rum", + "service.environment": "testing", + "service.name": "opbeans-rum", + "serviceAnomalyStats": Object { + "anomalyScore": 0, + "healthStatus": "healthy", + "jobId": "apm-environment_not_defined-7ed6-high_mean_transaction_duration", + "transactionType": "page-load", + }, }, }, - }, - Object { - "data": Object { - "agent.name": "python", - "id": "opbeans-python", - "service.environment": "production", - "service.name": "opbeans-python", - "serviceAnomalyStats": Object { - "actualValue": 66218.0833333333, - "anomalyScore": 0, - "healthStatus": "healthy", - "jobId": "apm-production-229a-high_mean_transaction_duration", - "transactionType": "request", + Object { + "data": Object { + "agent.name": "python", + "id": "opbeans-python", + "service.environment": "production", + "service.name": "opbeans-python", + "serviceAnomalyStats": Object { + "actualValue": 66218.0833333333, + "anomalyScore": 0, + "healthStatus": "healthy", + "jobId": "apm-production-229a-high_mean_transaction_duration", + "transactionType": "request", + }, }, }, - }, - Object { - "data": Object { - "agent.name": "java", - "id": "opbeans-java", - "service.environment": "production", - "service.name": "opbeans-java", - "serviceAnomalyStats": Object { - "actualValue": 14901.32, - "anomalyScore": 0, - "healthStatus": "healthy", - "jobId": "apm-production-229a-high_mean_transaction_duration", - "transactionType": "request", + Object { + "data": Object { + "agent.name": "java", + "id": "opbeans-java", + "service.environment": "production", + "service.name": "opbeans-java", + "serviceAnomalyStats": Object { + "actualValue": 14901.32, + "anomalyScore": 0, + "healthStatus": "healthy", + "jobId": "apm-production-229a-high_mean_transaction_duration", + "transactionType": "request", + }, }, }, - }, - Object { - "data": Object { - "agent.name": "nodejs", - "id": "opbeans-node", - "service.environment": "testing", - "service.name": "opbeans-node", - "serviceAnomalyStats": Object { - "actualValue": 32226.649122807, - "anomalyScore": 0, - "healthStatus": "healthy", - "jobId": "apm-testing-d457-high_mean_transaction_duration", - "transactionType": "request", + Object { + "data": Object { + "agent.name": "nodejs", + "id": "opbeans-node", + "service.environment": "testing", + "service.name": "opbeans-node", + "serviceAnomalyStats": Object { + "actualValue": 32226.649122807, + "anomalyScore": 0, + "healthStatus": "healthy", + "jobId": "apm-testing-d457-high_mean_transaction_duration", + "transactionType": "request", + }, }, }, - }, - Object { - "data": Object { - "agent.name": "go", - "id": "opbeans-go", - "service.environment": "testing", - "service.name": "opbeans-go", - "serviceAnomalyStats": Object { - "actualValue": 3933482.17647059, - "anomalyScore": 2.61017027514827, - "healthStatus": "healthy", - "jobId": "apm-testing-d457-high_mean_transaction_duration", - "transactionType": "request", + Object { + "data": Object { + "agent.name": "go", + "id": "opbeans-go", + "service.environment": "testing", + "service.name": "opbeans-go", + "serviceAnomalyStats": Object { + "actualValue": 3933482.17647059, + "anomalyScore": 2.61017027514827, + "healthStatus": "healthy", + "jobId": "apm-testing-d457-high_mean_transaction_duration", + "transactionType": "request", + }, }, }, - }, - Object { - "data": Object { - "agent.name": "ruby", - "id": "opbeans-ruby", - "service.environment": "production", - "service.name": "opbeans-ruby", - "serviceAnomalyStats": Object { - "actualValue": 684716.581395349, - "anomalyScore": 0.204989077199074, - "healthStatus": "healthy", - "jobId": "apm-production-229a-high_mean_transaction_duration", - "transactionType": "request", + Object { + "data": Object { + "agent.name": "ruby", + "id": "opbeans-ruby", + "service.environment": "production", + "service.name": "opbeans-ruby", + "serviceAnomalyStats": Object { + "actualValue": 684716.581395349, + "anomalyScore": 0.204989077199074, + "healthStatus": "healthy", + "jobId": "apm-production-229a-high_mean_transaction_duration", + "transactionType": "request", + }, }, }, - }, - Object { - "data": Object { - "id": ">postgresql", - "label": "postgresql", - "span.destination.service.resource": "postgresql", - "span.subtype": "postgresql", - "span.type": "db", + Object { + "data": Object { + "id": ">postgresql", + "label": "postgresql", + "span.destination.service.resource": "postgresql", + "span.subtype": "postgresql", + "span.type": "db", + }, }, - }, - Object { - "data": Object { - "id": ">elasticsearch", - "label": "elasticsearch", - "span.destination.service.resource": "elasticsearch", - "span.subtype": "elasticsearch", - "span.type": "db", + Object { + "data": Object { + "id": ">elasticsearch", + "label": "elasticsearch", + "span.destination.service.resource": "elasticsearch", + "span.subtype": "elasticsearch", + "span.type": "db", + }, }, - }, - Object { - "data": Object { - "id": ">redis", - "label": "redis", - "span.destination.service.resource": "redis", - "span.subtype": "redis", - "span.type": "db", + Object { + "data": Object { + "id": ">redis", + "label": "redis", + "span.destination.service.resource": "redis", + "span.subtype": "redis", + "span.type": "db", + }, }, - }, - Object { - "data": Object { - "agent.name": "dotnet", - "id": "opbeans-dotnet", - "service.environment": null, - "service.name": "opbeans-dotnet", + Object { + "data": Object { + "agent.name": "dotnet", + "id": "opbeans-dotnet", + "service.environment": null, + "service.name": "opbeans-dotnet", + }, }, - }, -] -`; - -exports[`Service Maps with a trial license when there is data with anomalies returns the correct anomaly stats 3`] = ` -Object { - "elements": Array [ Object { "data": Object { "id": "opbeans-go~>postgresql", @@ -1907,130 +2031,6 @@ Object { }, }, }, - Object { - "data": Object { - "agent.name": "rum-js", - "id": "opbeans-rum", - "service.environment": "testing", - "service.name": "opbeans-rum", - "serviceAnomalyStats": Object { - "anomalyScore": 0, - "healthStatus": "healthy", - "jobId": "apm-environment_not_defined-7ed6-high_mean_transaction_duration", - "transactionType": "page-load", - }, - }, - }, - Object { - "data": Object { - "agent.name": "python", - "id": "opbeans-python", - "service.environment": "production", - "service.name": "opbeans-python", - "serviceAnomalyStats": Object { - "actualValue": 66218.0833333333, - "anomalyScore": 0, - "healthStatus": "healthy", - "jobId": "apm-production-229a-high_mean_transaction_duration", - "transactionType": "request", - }, - }, - }, - Object { - "data": Object { - "agent.name": "java", - "id": "opbeans-java", - "service.environment": "production", - "service.name": "opbeans-java", - "serviceAnomalyStats": Object { - "actualValue": 14901.32, - "anomalyScore": 0, - "healthStatus": "healthy", - "jobId": "apm-production-229a-high_mean_transaction_duration", - "transactionType": "request", - }, - }, - }, - Object { - "data": Object { - "agent.name": "nodejs", - "id": "opbeans-node", - "service.environment": "testing", - "service.name": "opbeans-node", - "serviceAnomalyStats": Object { - "actualValue": 32226.649122807, - "anomalyScore": 0, - "healthStatus": "healthy", - "jobId": "apm-testing-d457-high_mean_transaction_duration", - "transactionType": "request", - }, - }, - }, - Object { - "data": Object { - "agent.name": "go", - "id": "opbeans-go", - "service.environment": "testing", - "service.name": "opbeans-go", - "serviceAnomalyStats": Object { - "actualValue": 3933482.17647059, - "anomalyScore": 2.61017027514827, - "healthStatus": "healthy", - "jobId": "apm-testing-d457-high_mean_transaction_duration", - "transactionType": "request", - }, - }, - }, - Object { - "data": Object { - "agent.name": "ruby", - "id": "opbeans-ruby", - "service.environment": "production", - "service.name": "opbeans-ruby", - "serviceAnomalyStats": Object { - "actualValue": 684716.581395349, - "anomalyScore": 0.204989077199074, - "healthStatus": "healthy", - "jobId": "apm-production-229a-high_mean_transaction_duration", - "transactionType": "request", - }, - }, - }, - Object { - "data": Object { - "id": ">postgresql", - "label": "postgresql", - "span.destination.service.resource": "postgresql", - "span.subtype": "postgresql", - "span.type": "db", - }, - }, - Object { - "data": Object { - "id": ">elasticsearch", - "label": "elasticsearch", - "span.destination.service.resource": "elasticsearch", - "span.subtype": "elasticsearch", - "span.type": "db", - }, - }, - Object { - "data": Object { - "id": ">redis", - "label": "redis", - "span.destination.service.resource": "redis", - "span.subtype": "redis", - "span.type": "db", - }, - }, - Object { - "data": Object { - "agent.name": "dotnet", - "id": "opbeans-dotnet", - "service.environment": null, - "service.name": "opbeans-dotnet", - }, - }, ], } `; From 6345acaf3551da2bf02573d0b225b0dcaedbf48c Mon Sep 17 00:00:00 2001 From: Jean-Louis Leysens Date: Thu, 24 Sep 2020 16:51:26 +0200 Subject: [PATCH 14/63] [Ingest Node Pipelines] New patterns component for Grok processor (#76533) * wip, issues with use fields getting cleared somehow * New drag and drop text list component - updated use array to add its own field so that we hook into form - added new drag and drop list component - wip on validation (empty lists validate immediately, which it should not) * remove box shadow from editor fields * Style grok patterns based on drag and drop in component templates - still have the issue with validation - need to get some design review at this point * fix i18n * update use_array - maintain the same API though * Grok processor should use the new use array interface - also fix the documentation using links in the processor type description. react was unhappy about hook order changing * fix patterns field validation to check validity of pattern entires * fix drag item styling * fix use of form in use effect and update behaviour of submit button * added smoke test for grok component * fix i18n * Implement PR feedback * Implemented design feedback - decreased spacing between list items and button - fixed a11y issue between label and first text field - moved help text to under label - refactored all of the field layout logic into drag and drop text list component. Co-authored-by: Elastic Machine --- .../processor_form/add_processor_form.tsx | 1 + .../processor_form/edit_processor_form.tsx | 1 + .../drag_and_drop_text_list.scss | 28 +++ .../drag_and_drop_text_list.tsx | 210 ++++++++++++++++++ .../processor_form/field_components/index.ts | 1 + .../field_components/text_editor.scss | 5 + .../field_components/text_editor.tsx | 8 +- .../processor_form.container.tsx | 10 +- .../common_fields/processor_type_field.tsx | 7 +- .../processor_form/processors/grok.test.tsx | 56 +++++ .../processor_form/processors/grok.tsx | 57 ++++- .../shared/map_processor_type_to_form.tsx | 15 +- .../ingest_pipelines/public/shared_imports.ts | 4 + 13 files changed, 370 insertions(+), 33 deletions(-) create mode 100644 x-pack/plugins/ingest_pipelines/public/application/components/pipeline_processors_editor/components/processor_form/field_components/drag_and_drop_text_list.scss create mode 100644 x-pack/plugins/ingest_pipelines/public/application/components/pipeline_processors_editor/components/processor_form/field_components/drag_and_drop_text_list.tsx create mode 100644 x-pack/plugins/ingest_pipelines/public/application/components/pipeline_processors_editor/components/processor_form/field_components/text_editor.scss create mode 100644 x-pack/plugins/ingest_pipelines/public/application/components/pipeline_processors_editor/components/processor_form/processors/grok.test.tsx diff --git a/x-pack/plugins/ingest_pipelines/public/application/components/pipeline_processors_editor/components/processor_form/add_processor_form.tsx b/x-pack/plugins/ingest_pipelines/public/application/components/pipeline_processors_editor/components/processor_form/add_processor_form.tsx index 5231a3d17811b..b663daedd9b9c 100644 --- a/x-pack/plugins/ingest_pipelines/public/application/components/pipeline_processors_editor/components/processor_form/add_processor_form.tsx +++ b/x-pack/plugins/ingest_pipelines/public/application/components/pipeline_processors_editor/components/processor_form/add_processor_form.tsx @@ -118,6 +118,7 @@ export const AddProcessorForm: FunctionComponent = ({ { await handleSubmit(); diff --git a/x-pack/plugins/ingest_pipelines/public/application/components/pipeline_processors_editor/components/processor_form/edit_processor_form.tsx b/x-pack/plugins/ingest_pipelines/public/application/components/pipeline_processors_editor/components/processor_form/edit_processor_form.tsx index e449ed75b6343..d9feaaffa5aec 100644 --- a/x-pack/plugins/ingest_pipelines/public/application/components/pipeline_processors_editor/components/processor_form/edit_processor_form.tsx +++ b/x-pack/plugins/ingest_pipelines/public/application/components/pipeline_processors_editor/components/processor_form/edit_processor_form.tsx @@ -234,6 +234,7 @@ export const EditProcessorForm: FunctionComponent = ({ { if (activeTab === 'output') { diff --git a/x-pack/plugins/ingest_pipelines/public/application/components/pipeline_processors_editor/components/processor_form/field_components/drag_and_drop_text_list.scss b/x-pack/plugins/ingest_pipelines/public/application/components/pipeline_processors_editor/components/processor_form/field_components/drag_and_drop_text_list.scss new file mode 100644 index 0000000000000..2f563d86a6d4a --- /dev/null +++ b/x-pack/plugins/ingest_pipelines/public/application/components/pipeline_processors_editor/components/processor_form/field_components/drag_and_drop_text_list.scss @@ -0,0 +1,28 @@ +.pipelineProcessorsEditor__form__dragAndDropList { + &__panel { + background-color: $euiColorLightestShade; + padding: $euiSizeM; + } + + &__grabIcon { + margin-right: $euiSizeS; + } + + &__removeButton { + margin-left: $euiSizeS; + } + + &__errorIcon { + margin-left: -$euiSizeXL; + } + + &__item { + background-color: $euiColorLightestShade; + padding-top: $euiSizeS; + padding-bottom: $euiSizeS; + } + + &__labelContainer { + margin-bottom: $euiSizeXS; + } +} diff --git a/x-pack/plugins/ingest_pipelines/public/application/components/pipeline_processors_editor/components/processor_form/field_components/drag_and_drop_text_list.tsx b/x-pack/plugins/ingest_pipelines/public/application/components/pipeline_processors_editor/components/processor_form/field_components/drag_and_drop_text_list.tsx new file mode 100644 index 0000000000000..63e1fdaa9a8f0 --- /dev/null +++ b/x-pack/plugins/ingest_pipelines/public/application/components/pipeline_processors_editor/components/processor_form/field_components/drag_and_drop_text_list.tsx @@ -0,0 +1,210 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License; + * you may not use this file except in compliance with the Elastic License. + */ + +import { i18n } from '@kbn/i18n'; +import React, { useState, useCallback, memo } from 'react'; +import uuid from 'uuid'; +import { + EuiButtonEmpty, + EuiButtonIcon, + EuiDragDropContext, + EuiDraggable, + EuiDroppable, + EuiFlexGroup, + EuiFlexItem, + EuiIcon, + EuiFieldText, + EuiIconTip, + EuiFormRow, + EuiText, +} from '@elastic/eui'; + +import { + UseField, + ArrayItem, + ValidationFunc, + getFieldValidityAndErrorMessage, +} from '../../../../../../shared_imports'; + +import './drag_and_drop_text_list.scss'; + +interface Props { + label: string; + helpText: React.ReactNode; + error: string | null; + value: ArrayItem[]; + onMove: (sourceIdx: number, destinationIdx: number) => void; + onAdd: () => void; + onRemove: (id: number) => void; + addLabel: string; + /** + * Validation to be applied to every text item + */ + textValidation?: ValidationFunc; +} + +const i18nTexts = { + removeItemButtonAriaLabel: i18n.translate( + 'xpack.ingestPipelines.pipelineEditor.dragAndDropList.removeItemLabel', + { defaultMessage: 'Remove item' } + ), +}; + +function DragAndDropTextListComponent({ + label, + helpText, + error, + value, + onMove, + onAdd, + onRemove, + addLabel, + textValidation, +}: Props): JSX.Element { + const [droppableId] = useState(() => uuid.v4()); + const [firstItemId] = useState(() => uuid.v4()); + + const onDragEnd = useCallback( + ({ source, destination }) => { + if (source && destination) { + onMove(source.index, destination.index); + } + }, + [onMove] + ); + return ( + + <> + {/* Label and help text. Also wire up the htmlFor so the label points to the first text field. */} + + + + + + + + +

{helpText}

+ + + + + {/* The processor panel */} +
+ + + {value.map((item, idx) => { + return ( + + {(provided) => { + return ( + + +
+ +
+ + + + path={item.path} + config={{ + validations: textValidation + ? [{ validator: textValidation }] + : undefined, + }} + readDefaultValueOnForm={!item.isNew} + > + {(field) => { + const { isInvalid, errorMessage } = getFieldValidityAndErrorMessage( + field + ); + return ( + + + + + {typeof errorMessage === 'string' && ( + +
+ +
+ + )} + + ); + }} + + + + {value.length > 1 ? ( + onRemove(item.id)} + /> + ) : ( + // Render a no-op placeholder button + + )} + + + ); + }} + + ); + })} + + + + {addLabel} + +
+ + + ); +} + +export const DragAndDropTextList = memo( + DragAndDropTextListComponent +) as typeof DragAndDropTextListComponent; diff --git a/x-pack/plugins/ingest_pipelines/public/application/components/pipeline_processors_editor/components/processor_form/field_components/index.ts b/x-pack/plugins/ingest_pipelines/public/application/components/pipeline_processors_editor/components/processor_form/field_components/index.ts index 6ce9eefd26445..605568f90ce9f 100644 --- a/x-pack/plugins/ingest_pipelines/public/application/components/pipeline_processors_editor/components/processor_form/field_components/index.ts +++ b/x-pack/plugins/ingest_pipelines/public/application/components/pipeline_processors_editor/components/processor_form/field_components/index.ts @@ -4,5 +4,6 @@ * you may not use this file except in compliance with the Elastic License. */ +export { DragAndDropTextList } from './drag_and_drop_text_list'; export { XJsonEditor } from './xjson_editor'; export { TextEditor } from './text_editor'; diff --git a/x-pack/plugins/ingest_pipelines/public/application/components/pipeline_processors_editor/components/processor_form/field_components/text_editor.scss b/x-pack/plugins/ingest_pipelines/public/application/components/pipeline_processors_editor/components/processor_form/field_components/text_editor.scss new file mode 100644 index 0000000000000..f48e19fd0e635 --- /dev/null +++ b/x-pack/plugins/ingest_pipelines/public/application/components/pipeline_processors_editor/components/processor_form/field_components/text_editor.scss @@ -0,0 +1,5 @@ +.pipelineProcessorsEditor__form__textEditor { + &__panel { + box-shadow: none; + } +} diff --git a/x-pack/plugins/ingest_pipelines/public/application/components/pipeline_processors_editor/components/processor_form/field_components/text_editor.tsx b/x-pack/plugins/ingest_pipelines/public/application/components/pipeline_processors_editor/components/processor_form/field_components/text_editor.tsx index 1d0e36c0d526c..88b4a0aa2be06 100644 --- a/x-pack/plugins/ingest_pipelines/public/application/components/pipeline_processors_editor/components/processor_form/field_components/text_editor.tsx +++ b/x-pack/plugins/ingest_pipelines/public/application/components/pipeline_processors_editor/components/processor_form/field_components/text_editor.tsx @@ -13,6 +13,8 @@ import { getFieldValidityAndErrorMessage, } from '../../../../../../shared_imports'; +import './text_editor.scss'; + interface Props { field: FieldHook; editorProps: { [key: string]: any }; @@ -30,7 +32,11 @@ export const TextEditor: FunctionComponent = ({ field, editorProps }) => error={errorMessage} fullWidth > - + diff --git a/x-pack/plugins/ingest_pipelines/public/application/components/pipeline_processors_editor/components/processor_form/processor_form.container.tsx b/x-pack/plugins/ingest_pipelines/public/application/components/pipeline_processors_editor/components/processor_form/processor_form.container.tsx index c3b1799ac2a28..25c9579e3c48e 100644 --- a/x-pack/plugins/ingest_pipelines/public/application/components/pipeline_processors_editor/components/processor_form/processor_form.container.tsx +++ b/x-pack/plugins/ingest_pipelines/public/application/components/pipeline_processors_editor/components/processor_form/processor_form.container.tsx @@ -60,6 +60,7 @@ export const ProcessorFormContainer: FunctionComponent = ({ const { form } = useForm({ defaultValue: { fields: getProcessor().options }, }); + const { subscribe } = form; const handleSubmit = useCallback( async (shouldCloseFlyout: boolean = true) => { @@ -92,14 +93,9 @@ export const ProcessorFormContainer: FunctionComponent = ({ }, [onSubmit, processor]); useEffect(() => { - const subscription = form.subscribe(onFormUpdate); + const subscription = subscribe(onFormUpdate); return subscription.unsubscribe; - - // TODO: Address this issue - // For some reason adding `form` object to the dependencies array here is causing an - // infinite update loop. - // eslint-disable-next-line react-hooks/exhaustive-deps - }, [onFormUpdate]); + }, [onFormUpdate, subscribe]); if (processor) { return ( diff --git a/x-pack/plugins/ingest_pipelines/public/application/components/pipeline_processors_editor/components/processor_form/processors/common_fields/processor_type_field.tsx b/x-pack/plugins/ingest_pipelines/public/application/components/pipeline_processors_editor/components/processor_form/processors/common_fields/processor_type_field.tsx index 3264923442886..5b3df63a11294 100644 --- a/x-pack/plugins/ingest_pipelines/public/application/components/pipeline_processors_editor/components/processor_form/processors/common_fields/processor_type_field.tsx +++ b/x-pack/plugins/ingest_pipelines/public/application/components/pipeline_processors_editor/components/processor_form/processors/common_fields/processor_type_field.tsx @@ -14,6 +14,7 @@ import { FieldConfig, UseField, fieldValidators, + useKibana, } from '../../../../../../../shared_imports'; import { getProcessorDescriptor, mapProcessorTypeToDescriptor } from '../../../shared'; @@ -64,6 +65,10 @@ const typeConfig: FieldConfig = { }; export const ProcessorTypeField: FunctionComponent = ({ initialType }) => { + const { + services: { documentation }, + } = useKibana(); + const esDocUrl = documentation.getEsDocsBasePath(); return ( config={typeConfig} defaultValue={initialType} path="type"> {(typeField) => { @@ -107,7 +112,7 @@ export const ProcessorTypeField: FunctionComponent = ({ initialType }) => {}; + (this as any).terminate = () => {}; +}; + +describe('', () => { + const setup = (props?: { defaultValue: Record }) => { + function MyComponent() { + const { form } = useForm({ defaultValue: props?.defaultValue }); + const i18n = i18nServiceMock.createStartContract(); + return ( + + +
+ + +
+ + ); + } + return mount(); + }; + + beforeAll(() => { + // disable all react-beautiful-dnd development warnings + (window as any)['__react-beautiful-dnd-disable-dev-warnings'] = true; + }); + + afterAll(() => { + // enable all react-beautiful-dnd development warnings + (window as any)['__react-beautiful-dnd-disable-dev-warnings'] = false; + }); + test('smoke', () => { + setup({ defaultValue: { type: 'grok', fields: { patterns: ['test'] } } }); + }); +}); diff --git a/x-pack/plugins/ingest_pipelines/public/application/components/pipeline_processors_editor/components/processor_form/processors/grok.tsx b/x-pack/plugins/ingest_pipelines/public/application/components/pipeline_processors_editor/components/processor_form/processors/grok.tsx index c5c6adbe2a7a8..5df30be3407a2 100644 --- a/x-pack/plugins/ingest_pipelines/public/application/components/pipeline_processors_editor/components/processor_form/processors/grok.tsx +++ b/x-pack/plugins/ingest_pipelines/public/application/components/pipeline_processors_editor/components/processor_form/processors/grok.tsx @@ -10,24 +10,46 @@ import { i18n } from '@kbn/i18n'; import { FIELD_TYPES, UseField, - ComboBoxField, + UseArray, ToggleField, fieldValidators, + ValidationFunc, + ArrayItem, } from '../../../../../../shared_imports'; -import { XJsonEditor } from '../field_components'; +import { XJsonEditor, DragAndDropTextList } from '../field_components'; import { FieldNameField } from './common_fields/field_name_field'; import { IgnoreMissingField } from './common_fields/ignore_missing_field'; import { FieldsConfig, to, from, EDITOR_PX_HEIGHT } from './shared'; -const { emptyField, isJsonField } = fieldValidators; +const { isJsonField, emptyField } = fieldValidators; + +const i18nTexts = { + addPatternLabel: i18n.translate( + 'xpack.ingestPipelines.pipelineEditor.grokForm.patternsAddPatternLabel', + { defaultMessage: 'Add pattern' } + ), +}; + +const valueRequiredMessage = i18n.translate( + 'xpack.ingestPipelines.pipelineEditor.grokForm.patternsValueRequiredError', + { defaultMessage: 'A value is required.' } +); + +const patternsValidation: ValidationFunc = ({ value, formData }) => { + if (value.length === 0) { + return { + message: valueRequiredMessage, + }; + } +}; + +const patternValidation = emptyField(valueRequiredMessage); const fieldsConfig: FieldsConfig = { /* Required field configs */ patterns: { - type: FIELD_TYPES.COMBO_BOX, - deserializer: to.arrayOfStrings, label: i18n.translate('xpack.ingestPipelines.pipelineEditor.grokForm.patternsFieldLabel', { defaultMessage: 'Patterns', }), @@ -37,12 +59,7 @@ const fieldsConfig: FieldsConfig = { }), validations: [ { - validator: emptyField( - i18n.translate( - 'xpack.ingestPipelines.pipelineEditor.grokForm.patternsValueRequiredError', - { defaultMessage: 'A value is required.' } - ) - ), + validator: patternsValidation as ValidationFunc, }, ], }, @@ -103,7 +120,23 @@ export const Grok: FunctionComponent = () => { )} /> - + + {({ items, addItem, removeItem, moveItem, error }) => { + return ( + + ); + }} + ReactNode); } type MapProcessorTypeToDescriptor = Record; @@ -176,11 +175,7 @@ export const mapProcessorTypeToDescriptor: MapProcessorTypeToDescriptor = { label: i18n.translate('xpack.ingestPipelines.processors.label.enrich', { defaultMessage: 'Enrich', }), - description: function Description() { - const { - services: { documentation }, - } = useKibana(); - const esDocUrl = documentation.getEsDocsBasePath(); + description: (esDocUrl) => { return ( { return ( _useKibana(); From d5713582541eaabfe3a597969479bca789caeec0 Mon Sep 17 00:00:00 2001 From: Josh Dover Date: Thu, 24 Sep 2020 08:54:46 -0600 Subject: [PATCH 15/63] Add more robust error handling to OsCgroupMetricsCollector (#78213) Co-authored-by: Elastic Machine --- .../server/metrics/collectors/cgroup.test.ts | 27 +++++++++++++++++-- src/core/server/metrics/collectors/cgroup.ts | 21 ++++++++++----- src/core/server/metrics/collectors/os.test.ts | 3 ++- src/core/server/metrics/collectors/os.ts | 9 +++++-- src/core/server/metrics/metrics_service.ts | 5 +++- .../metrics/ops_metrics_collector.test.ts | 3 ++- 6 files changed, 55 insertions(+), 13 deletions(-) diff --git a/src/core/server/metrics/collectors/cgroup.test.ts b/src/core/server/metrics/collectors/cgroup.test.ts index 39f917b9f0ba1..163646bf55424 100644 --- a/src/core/server/metrics/collectors/cgroup.test.ts +++ b/src/core/server/metrics/collectors/cgroup.test.ts @@ -18,6 +18,7 @@ */ import mockFs from 'mock-fs'; +import { loggerMock } from '@kbn/logging/target/mocks'; import { OsCgroupMetricsCollector } from './cgroup'; describe('OsCgroupMetricsCollector', () => { @@ -30,8 +31,10 @@ describe('OsCgroupMetricsCollector', () => { }, }); - const collector = new OsCgroupMetricsCollector({}); + const logger = loggerMock.create(); + const collector = new OsCgroupMetricsCollector({ logger }); expect(await collector.collect()).toEqual({}); + expect(logger.error).not.toHaveBeenCalled(); }); it('collects default cgroup data', async () => { @@ -51,7 +54,7 @@ throttled_time 666 `, }); - const collector = new OsCgroupMetricsCollector({}); + const collector = new OsCgroupMetricsCollector({ logger: loggerMock.create() }); expect(await collector.collect()).toMatchInlineSnapshot(` Object { "cpu": Object { @@ -90,6 +93,7 @@ throttled_time 666 }); const collector = new OsCgroupMetricsCollector({ + logger: loggerMock.create(), cpuAcctPath: 'xxcustomcpuacctxx', cpuPath: 'xxcustomcpuxx', }); @@ -112,4 +116,23 @@ throttled_time 666 } `); }); + + it('returns empty object and logs error on an EACCES error', async () => { + mockFs({ + '/proc/self/cgroup': ` +123:memory:/groupname +123:cpu:/groupname +123:cpuacct:/groupname + `, + '/sys/fs/cgroup': mockFs.directory({ mode: parseInt('0000', 8) }), + }); + + const logger = loggerMock.create(); + + const collector = new OsCgroupMetricsCollector({ logger }); + expect(await collector.collect()).toEqual({}); + expect(logger.error).toHaveBeenCalledWith( + "cgroup metrics could not be read due to error: [Error: EACCES, permission denied '/sys/fs/cgroup/cpuacct/groupname/cpuacct.usage']" + ); + }); }); diff --git a/src/core/server/metrics/collectors/cgroup.ts b/src/core/server/metrics/collectors/cgroup.ts index 867ea44dff1ae..42f5d30d115fe 100644 --- a/src/core/server/metrics/collectors/cgroup.ts +++ b/src/core/server/metrics/collectors/cgroup.ts @@ -19,11 +19,13 @@ import fs from 'fs'; import { join as joinPath } from 'path'; +import { Logger } from '@kbn/logging'; import { MetricsCollector, OpsOsMetrics } from './types'; type OsCgroupMetrics = Pick; interface OsCgroupMetricsCollectorOptions { + logger: Logger; cpuPath?: string; cpuAcctPath?: string; } @@ -38,8 +40,12 @@ export class OsCgroupMetricsCollector implements MetricsCollector { try { + if (this.noCgroupPresent) { + return {}; + } + await this.initializePaths(); - if (this.noCgroupPresent || !this.cpuAcctPath || !this.cpuPath) { + if (!this.cpuAcctPath || !this.cpuPath) { return {}; } @@ -64,12 +70,15 @@ export class OsCgroupMetricsCollector implements MetricsCollector (cb: Function) => cb(null, { dist: 'distrib', release: 'release' })); +import { loggerMock } from '@kbn/logging/target/mocks'; import os from 'os'; import { cgroupCollectorMock } from './os.test.mocks'; import { OsMetricsCollector } from './os'; @@ -27,7 +28,7 @@ describe('OsMetricsCollector', () => { let collector: OsMetricsCollector; beforeEach(() => { - collector = new OsMetricsCollector(); + collector = new OsMetricsCollector({ logger: loggerMock.create() }); cgroupCollectorMock.collect.mockReset(); cgroupCollectorMock.reset.mockReset(); }); diff --git a/src/core/server/metrics/collectors/os.ts b/src/core/server/metrics/collectors/os.ts index eae49278405a9..a9d727e57aaf9 100644 --- a/src/core/server/metrics/collectors/os.ts +++ b/src/core/server/metrics/collectors/os.ts @@ -20,12 +20,14 @@ import os from 'os'; import getosAsync, { LinuxOs } from 'getos'; import { promisify } from 'util'; +import { Logger } from '@kbn/logging'; import { OpsOsMetrics, MetricsCollector } from './types'; import { OsCgroupMetricsCollector } from './cgroup'; const getos = promisify(getosAsync); export interface OpsMetricsCollectorOptions { + logger: Logger; cpuPath?: string; cpuAcctPath?: string; } @@ -33,8 +35,11 @@ export interface OpsMetricsCollectorOptions { export class OsMetricsCollector implements MetricsCollector { private readonly cgroupCollector: OsCgroupMetricsCollector; - constructor(options: OpsMetricsCollectorOptions = {}) { - this.cgroupCollector = new OsCgroupMetricsCollector(options); + constructor(options: OpsMetricsCollectorOptions) { + this.cgroupCollector = new OsCgroupMetricsCollector({ + ...options, + logger: options.logger.get('cgroup'), + }); } public async collect(): Promise { diff --git a/src/core/server/metrics/metrics_service.ts b/src/core/server/metrics/metrics_service.ts index ab58a75d49a98..d3495f2748c71 100644 --- a/src/core/server/metrics/metrics_service.ts +++ b/src/core/server/metrics/metrics_service.ts @@ -50,7 +50,10 @@ export class MetricsService .pipe(first()) .toPromise(); - this.metricsCollector = new OpsMetricsCollector(http.server, config.cGroupOverrides); + this.metricsCollector = new OpsMetricsCollector(http.server, { + logger: this.logger, + ...config.cGroupOverrides, + }); await this.refreshMetrics(); diff --git a/src/core/server/metrics/ops_metrics_collector.test.ts b/src/core/server/metrics/ops_metrics_collector.test.ts index 7aa3f7cd3baf0..c748d1cce12e4 100644 --- a/src/core/server/metrics/ops_metrics_collector.test.ts +++ b/src/core/server/metrics/ops_metrics_collector.test.ts @@ -17,6 +17,7 @@ * under the License. */ +import { loggerMock } from '@kbn/logging/target/mocks'; import { mockOsCollector, mockProcessCollector, @@ -30,7 +31,7 @@ describe('OpsMetricsCollector', () => { beforeEach(() => { const hapiServer = httpServiceMock.createInternalSetupContract().server; - collector = new OpsMetricsCollector(hapiServer, {}); + collector = new OpsMetricsCollector(hapiServer, { logger: loggerMock.create() }); mockOsCollector.collect.mockResolvedValue('osMetrics'); }); From 5ff0c0052907167848f8e1244cf1ab1134e6c8f7 Mon Sep 17 00:00:00 2001 From: Brandon Morelli Date: Thu, 24 Sep 2020 07:56:36 -0700 Subject: [PATCH 16/63] docs: typo fix (#77927) --- .../server/tutorial/instructions/apm_agent_instructions.ts | 2 +- x-pack/plugins/translations/translations/ja-JP.json | 1 - x-pack/plugins/translations/translations/zh-CN.json | 1 - 3 files changed, 1 insertion(+), 3 deletions(-) diff --git a/src/plugins/apm_oss/server/tutorial/instructions/apm_agent_instructions.ts b/src/plugins/apm_oss/server/tutorial/instructions/apm_agent_instructions.ts index d2a4ee8297a11..a74223f28dd03 100644 --- a/src/plugins/apm_oss/server/tutorial/instructions/apm_agent_instructions.ts +++ b/src/plugins/apm_oss/server/tutorial/instructions/apm_agent_instructions.ts @@ -37,7 +37,7 @@ export const createNodeAgentInstructions = (apmServerUrl = '', secretToken = '') defaultMessage: 'Agents are libraries that run inside of your application process. \ APM services are created programmatically based on the `serviceName`. \ -This agent supports a vararity of frameworks but can also be used with your custom stack.', +This agent supports a variety of frameworks but can also be used with your custom stack.', }), commands: `// ${i18n.translate( 'apmOss.tutorial.nodeClient.configure.commands.addThisToTheFileTopComment', diff --git a/x-pack/plugins/translations/translations/ja-JP.json b/x-pack/plugins/translations/translations/ja-JP.json index ed66d56d552a5..d395b635fed2b 100644 --- a/x-pack/plugins/translations/translations/ja-JP.json +++ b/x-pack/plugins/translations/translations/ja-JP.json @@ -207,7 +207,6 @@ "apmOss.tutorial.nodeClient.configure.commands.setRequiredServiceNameComment": "package.json からサービス名を上書きします", "apmOss.tutorial.nodeClient.configure.commands.useIfApmRequiresTokenComment": "APM Server にトークンが必要な場合に使います", "apmOss.tutorial.nodeClient.configure.textPost": "[Babel/ES モジュール]({babelEsModulesLink}) との使用を含む高度な用途に関しては、 [ドキュメンテーション]({documentationLink}) をご覧ください。", - "apmOss.tutorial.nodeClient.configure.textPre": "エージェントとは、アプリケーションプロセス内で実行されるライブラリです。APM サービスは「serviceName」に基づいてプログラムで作成されます。このエージェントは様々なフレームワークをサポートしていますが、カスタムスタックで使用することもできます。", "apmOss.tutorial.nodeClient.configure.title": "エージェントの構成", "apmOss.tutorial.nodeClient.install.textPre": "Node.js 用の APM エージェントをアプリケーションに依存関係としてインストール。", "apmOss.tutorial.nodeClient.install.title": "APM エージェントのインストール", diff --git a/x-pack/plugins/translations/translations/zh-CN.json b/x-pack/plugins/translations/translations/zh-CN.json index 103ff4ab146a4..f9c18bcf4e51f 100644 --- a/x-pack/plugins/translations/translations/zh-CN.json +++ b/x-pack/plugins/translations/translations/zh-CN.json @@ -207,7 +207,6 @@ "apmOss.tutorial.nodeClient.configure.commands.setRequiredServiceNameComment": "覆盖来自 package.json 的服务名", "apmOss.tutorial.nodeClient.configure.commands.useIfApmRequiresTokenComment": "APM Server 需要令牌时使用", "apmOss.tutorial.nodeClient.configure.textPost": "请参阅[文档]({documentationLink})以了解高级用法,包括如何用于 [Babel/ES 模块]({babelEsModulesLink})。", - "apmOss.tutorial.nodeClient.configure.textPre": "代理是在您的应用程序进程内运行的库。APM 服务是基于 `serviceName` 以编程方式创建的。此代理支持各种框架,而且还可以与您的定制堆栈配合使用。", "apmOss.tutorial.nodeClient.configure.title": "配置代理", "apmOss.tutorial.nodeClient.install.textPre": "将 Node.js 的 APM 代理安装为您的应用程序的依赖项。", "apmOss.tutorial.nodeClient.install.title": "安装 APM 代理", From 3f2e9f770593397c958c606afb72c22408732723 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Felix=20St=C3=BCrmer?= Date: Thu, 24 Sep 2020 17:02:23 +0200 Subject: [PATCH 17/63] [Logs UI] Add dataset-specific categorization warnings (#75351) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This adds dataset-specific categorization warnings for the categorization module. The warnings are displayed in call-outs on the relevant tabs as well as the job setup screens if a prior job with warnings exists. To that end this also changes the categorization job configuration to enable the partitioned categorization mode. Co-authored-by: Alejandro Fernández Gómez --- src/dev/storybook/aliases.ts | 2 +- .../http_api/log_analysis/results/index.ts | 1 + .../log_entry_category_datasets_stats.ts | 72 ++++++++++ .../infra/common/log_analysis/index.ts | 1 + .../log_analysis/log_analysis_quality.ts | 42 ++++++ .../job_configuration_outdated_callout.tsx | 1 + .../job_definition_outdated_callout.tsx | 1 + .../notices_section.tsx | 8 +- .../quality_warning_notices.stories.tsx | 68 +++++++++ .../quality_warning_notices.tsx | 110 ++++++++++----- .../recreate_job_callout.tsx | 2 +- .../analysis_setup_indices_form.tsx | 4 + .../index_setup_dataset_filter.tsx | 30 +++- .../index_setup_row.tsx | 62 ++++++-- .../initial_configuration_step.stories.tsx | 104 ++++++++++++++ .../initial_configuration_step.tsx | 5 +- .../log_entry_categories_setup_view.tsx | 9 ++ .../setup_flyout/setup_flyout.tsx | 68 ++++++--- .../setup_flyout/setup_flyout_state.ts | 2 + .../get_latest_categories_datasets_stats.ts | 47 +++++++ .../api/ml_get_jobs_summary_api.ts | 14 ++ .../log_analysis/log_analysis_module_types.ts | 40 ------ .../use_log_entry_categories_quality.ts | 107 ++++++++++++-- .../use_log_entry_categories_setup.tsx | 4 + .../log_entry_categories/page_content.tsx | 24 ++-- .../log_entry_categories/page_providers.tsx | 3 +- .../log_entry_categories/setup_flyout.tsx | 128 ----------------- x-pack/plugins/infra/server/infra_server.ts | 2 + .../infra/server/lib/log_analysis/common.ts | 2 +- .../infra/server/lib/log_analysis/index.ts | 1 + .../log_entry_categories_datasets_stats.ts | 94 +++++++++++++ .../server/lib/log_analysis/queries/common.ts | 15 +- ...est_log_entry_categories_datasets_stats.ts | 133 ++++++++++++++++++ .../routes/log_analysis/results/index.ts | 1 + .../log_entry_category_datasets_stats.ts | 79 +++++++++++ .../ml/log_entry_categories_count.json | 8 +- .../translations/translations/ja-JP.json | 3 - .../translations/translations/zh-CN.json | 3 - 38 files changed, 1027 insertions(+), 273 deletions(-) create mode 100644 x-pack/plugins/infra/common/http_api/log_analysis/results/log_entry_category_datasets_stats.ts create mode 100644 x-pack/plugins/infra/common/log_analysis/log_analysis_quality.ts create mode 100644 x-pack/plugins/infra/public/components/logging/log_analysis_job_status/quality_warning_notices.stories.tsx create mode 100644 x-pack/plugins/infra/public/components/logging/log_analysis_setup/initial_configuration_step/initial_configuration_step.stories.tsx create mode 100644 x-pack/plugins/infra/public/containers/logs/log_analysis/api/get_latest_categories_datasets_stats.ts delete mode 100644 x-pack/plugins/infra/public/pages/logs/log_entry_categories/setup_flyout.tsx create mode 100644 x-pack/plugins/infra/server/lib/log_analysis/log_entry_categories_datasets_stats.ts create mode 100644 x-pack/plugins/infra/server/lib/log_analysis/queries/latest_log_entry_categories_datasets_stats.ts create mode 100644 x-pack/plugins/infra/server/routes/log_analysis/results/log_entry_category_datasets_stats.ts diff --git a/src/dev/storybook/aliases.ts b/src/dev/storybook/aliases.ts index 9d9f5616b5a33..d31a408e98c67 100644 --- a/src/dev/storybook/aliases.ts +++ b/src/dev/storybook/aliases.ts @@ -23,7 +23,7 @@ export const storybookAliases = { codeeditor: 'src/plugins/kibana_react/public/code_editor/scripts/storybook.ts', dashboard_enhanced: 'x-pack/plugins/dashboard_enhanced/scripts/storybook.js', embeddable: 'src/plugins/embeddable/scripts/storybook.js', - infra: 'x-pack/legacy/plugins/infra/scripts/storybook.js', + infra: 'x-pack/plugins/infra/scripts/storybook.js', security_solution: 'x-pack/plugins/security_solution/scripts/storybook.js', ui_actions_enhanced: 'x-pack/plugins/ui_actions_enhanced/scripts/storybook.js', observability: 'x-pack/plugins/observability/scripts/storybook.js', diff --git a/x-pack/plugins/infra/common/http_api/log_analysis/results/index.ts b/x-pack/plugins/infra/common/http_api/log_analysis/results/index.ts index a01042616a872..e696477253823 100644 --- a/x-pack/plugins/infra/common/http_api/log_analysis/results/index.ts +++ b/x-pack/plugins/infra/common/http_api/log_analysis/results/index.ts @@ -6,6 +6,7 @@ export * from './log_entry_categories'; export * from './log_entry_category_datasets'; +export * from './log_entry_category_datasets_stats'; export * from './log_entry_category_examples'; export * from './log_entry_rate'; export * from './log_entry_examples'; diff --git a/x-pack/plugins/infra/common/http_api/log_analysis/results/log_entry_category_datasets_stats.ts b/x-pack/plugins/infra/common/http_api/log_analysis/results/log_entry_category_datasets_stats.ts new file mode 100644 index 0000000000000..4511678242f1c --- /dev/null +++ b/x-pack/plugins/infra/common/http_api/log_analysis/results/log_entry_category_datasets_stats.ts @@ -0,0 +1,72 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License; + * you may not use this file except in compliance with the Elastic License. + */ + +import * as rt from 'io-ts'; + +import { timeRangeRT, routeTimingMetadataRT } from '../../shared'; + +export const LOG_ANALYSIS_GET_LATEST_LOG_ENTRY_CATEGORY_DATASETS_STATS_PATH = + '/api/infra/log_analysis/results/latest_log_entry_category_datasets_stats'; + +const categorizerStatusRT = rt.keyof({ + ok: null, + warn: null, +}); + +export type CategorizerStatus = rt.TypeOf; + +/** + * request + */ + +export const getLatestLogEntryCategoryDatasetsStatsRequestPayloadRT = rt.type({ + data: rt.type({ + // the ids of the categorization jobs + jobIds: rt.array(rt.string), + // the time range to fetch the category datasets stats for + timeRange: timeRangeRT, + // the categorizer statuses to include stats for, empty means all + includeCategorizerStatuses: rt.array(categorizerStatusRT), + }), +}); + +export type GetLatestLogEntryCategoryDatasetsStatsRequestPayload = rt.TypeOf< + typeof getLatestLogEntryCategoryDatasetsStatsRequestPayloadRT +>; + +/** + * response + */ + +const logEntryCategoriesDatasetStatsRT = rt.type({ + categorization_status: categorizerStatusRT, + categorized_doc_count: rt.number, + dataset: rt.string, + dead_category_count: rt.number, + failed_category_count: rt.number, + frequent_category_count: rt.number, + job_id: rt.string, + log_time: rt.number, + rare_category_count: rt.number, + total_category_count: rt.number, +}); + +export type LogEntryCategoriesDatasetStats = rt.TypeOf; + +export const getLatestLogEntryCategoryDatasetsStatsSuccessResponsePayloadRT = rt.intersection([ + rt.type({ + data: rt.type({ + datasetStats: rt.array(logEntryCategoriesDatasetStatsRT), + }), + }), + rt.partial({ + timing: routeTimingMetadataRT, + }), +]); + +export type GetLatestLogEntryCategoryDatasetsStatsSuccessResponsePayload = rt.TypeOf< + typeof getLatestLogEntryCategoryDatasetsStatsSuccessResponsePayloadRT +>; diff --git a/x-pack/plugins/infra/common/log_analysis/index.ts b/x-pack/plugins/infra/common/log_analysis/index.ts index 22137e63ab7e7..0b4fa374a5da9 100644 --- a/x-pack/plugins/infra/common/log_analysis/index.ts +++ b/x-pack/plugins/infra/common/log_analysis/index.ts @@ -5,6 +5,7 @@ */ export * from './log_analysis'; +export * from './log_analysis_quality'; export * from './log_analysis_results'; export * from './log_entry_rate_analysis'; export * from './log_entry_categories_analysis'; diff --git a/x-pack/plugins/infra/common/log_analysis/log_analysis_quality.ts b/x-pack/plugins/infra/common/log_analysis/log_analysis_quality.ts new file mode 100644 index 0000000000000..7ffa6c172886b --- /dev/null +++ b/x-pack/plugins/infra/common/log_analysis/log_analysis_quality.ts @@ -0,0 +1,42 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License; + * you may not use this file except in compliance with the Elastic License. + */ + +interface ManyCategoriesWarningReason { + type: 'manyCategories'; + categoriesDocumentRatio: number; +} +interface ManyDeadCategoriesWarningReason { + type: 'manyDeadCategories'; + deadCategoriesRatio: number; +} +interface ManyRareCategoriesWarningReason { + type: 'manyRareCategories'; + rareCategoriesRatio: number; +} +interface NoFrequentCategoriesWarningReason { + type: 'noFrequentCategories'; +} +interface SingleCategoryWarningReason { + type: 'singleCategory'; +} + +export type CategoryQualityWarningReason = + | ManyCategoriesWarningReason + | ManyDeadCategoriesWarningReason + | ManyRareCategoriesWarningReason + | NoFrequentCategoriesWarningReason + | SingleCategoryWarningReason; + +export type CategoryQualityWarningReasonType = CategoryQualityWarningReason['type']; + +export interface CategoryQualityWarning { + type: 'categoryQualityWarning'; + jobId: string; + dataset: string; + reasons: CategoryQualityWarningReason[]; +} + +export type QualityWarning = CategoryQualityWarning; diff --git a/x-pack/plugins/infra/public/components/logging/log_analysis_job_status/job_configuration_outdated_callout.tsx b/x-pack/plugins/infra/public/components/logging/log_analysis_job_status/job_configuration_outdated_callout.tsx index 0489bd7d9929a..5b2ce862f7a81 100644 --- a/x-pack/plugins/infra/public/components/logging/log_analysis_job_status/job_configuration_outdated_callout.tsx +++ b/x-pack/plugins/infra/public/components/logging/log_analysis_job_status/job_configuration_outdated_callout.tsx @@ -31,6 +31,7 @@ export const JobConfigurationOutdatedCallout: React.FC<{ values={{ moduleName, }} + tagName="p" /> ); diff --git a/x-pack/plugins/infra/public/components/logging/log_analysis_job_status/job_definition_outdated_callout.tsx b/x-pack/plugins/infra/public/components/logging/log_analysis_job_status/job_definition_outdated_callout.tsx index df9de49ea0445..b9e68b25482b6 100644 --- a/x-pack/plugins/infra/public/components/logging/log_analysis_job_status/job_definition_outdated_callout.tsx +++ b/x-pack/plugins/infra/public/components/logging/log_analysis_job_status/job_definition_outdated_callout.tsx @@ -31,6 +31,7 @@ export const JobDefinitionOutdatedCallout: React.FC<{ values={{ moduleName, }} + tagName="p" /> ); diff --git a/x-pack/plugins/infra/public/components/logging/log_analysis_job_status/notices_section.tsx b/x-pack/plugins/infra/public/components/logging/log_analysis_job_status/notices_section.tsx index 2535058322cba..3785d0e8d9423 100644 --- a/x-pack/plugins/infra/public/components/logging/log_analysis_job_status/notices_section.tsx +++ b/x-pack/plugins/infra/public/components/logging/log_analysis_job_status/notices_section.tsx @@ -5,7 +5,7 @@ */ import React from 'react'; -import { QualityWarning } from '../../../containers/logs/log_analysis/log_analysis_module_types'; +import { QualityWarning } from '../../../../common/log_analysis'; import { LogAnalysisJobProblemIndicator } from './log_analysis_job_problem_indicator'; import { CategoryQualityWarnings } from './quality_warning_notices'; @@ -41,6 +41,10 @@ export const CategoryJobNoticesSection: React.FC<{ onRecreateMlJobForReconfiguration={onRecreateMlJobForReconfiguration} onRecreateMlJobForUpdate={onRecreateMlJobForUpdate} /> - + ); diff --git a/x-pack/plugins/infra/public/components/logging/log_analysis_job_status/quality_warning_notices.stories.tsx b/x-pack/plugins/infra/public/components/logging/log_analysis_job_status/quality_warning_notices.stories.tsx new file mode 100644 index 0000000000000..7caf75417091a --- /dev/null +++ b/x-pack/plugins/infra/public/components/logging/log_analysis_job_status/quality_warning_notices.stories.tsx @@ -0,0 +1,68 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License; + * you may not use this file except in compliance with the Elastic License. + */ + +import { action } from '@storybook/addon-actions'; +import { storiesOf } from '@storybook/react'; +import React from 'react'; +import { EuiThemeProvider } from '../../../../../observability/public'; +import { QualityWarning } from '../../../../common/log_analysis'; +import { CategoryQualityWarnings } from './quality_warning_notices'; + +storiesOf('infra/logAnalysis/CategoryQualityWarnings', module) + .addDecorator((renderStory) => {renderStory()}) + .add('Partitioned warnings', () => { + return ( + + ); + }) + .add('Unpartitioned warnings', () => { + return ( + + ); + }); + +const partitionedQualityWarnings: QualityWarning[] = [ + { + type: 'categoryQualityWarning', + jobId: 'theMlJobId', + dataset: 'first.dataset', + reasons: [ + { type: 'singleCategory' }, + { type: 'manyRareCategories', rareCategoriesRatio: 0.95 }, + { type: 'manyCategories', categoriesDocumentRatio: 0.7 }, + ], + }, + { + type: 'categoryQualityWarning', + jobId: 'theMlJobId', + dataset: 'second.dataset', + reasons: [ + { type: 'noFrequentCategories' }, + { type: 'manyDeadCategories', deadCategoriesRatio: 0.7 }, + ], + }, +]; + +const unpartitionedQualityWarnings: QualityWarning[] = [ + { + type: 'categoryQualityWarning', + jobId: 'theMlJobId', + dataset: '', + reasons: [ + { type: 'singleCategory' }, + { type: 'manyRareCategories', rareCategoriesRatio: 0.95 }, + { type: 'manyCategories', categoriesDocumentRatio: 0.7 }, + ], + }, +]; diff --git a/x-pack/plugins/infra/public/components/logging/log_analysis_job_status/quality_warning_notices.tsx b/x-pack/plugins/infra/public/components/logging/log_analysis_job_status/quality_warning_notices.tsx index 0d93ead5a82c6..928c9738c4761 100644 --- a/x-pack/plugins/infra/public/components/logging/log_analysis_job_status/quality_warning_notices.tsx +++ b/x-pack/plugins/infra/public/components/logging/log_analysis_job_status/quality_warning_notices.tsx @@ -4,43 +4,89 @@ * you may not use this file except in compliance with the Elastic License. */ -import { EuiCallOut } from '@elastic/eui'; +import { + EuiAccordion, + EuiDescriptionList, + EuiDescriptionListDescription, + EuiDescriptionListTitle, + EuiSpacer, + htmlIdGenerator, +} from '@elastic/eui'; import { i18n } from '@kbn/i18n'; import { FormattedMessage } from '@kbn/i18n/react'; -import React from 'react'; -import type { +import groupBy from 'lodash/groupBy'; +import React, { Fragment, useState } from 'react'; +import { euiStyled } from '../../../../../observability/public'; +import { + CategoryQualityWarning, CategoryQualityWarningReason, - QualityWarning, -} from '../../../containers/logs/log_analysis/log_analysis_module_types'; + getFriendlyNameForPartitionId, +} from '../../../../common/log_analysis'; +import { RecreateJobCallout } from './recreate_job_callout'; -export const CategoryQualityWarnings: React.FC<{ qualityWarnings: QualityWarning[] }> = ({ - qualityWarnings, -}) => ( - <> - {qualityWarnings.map((qualityWarning, qualityWarningIndex) => ( - -

+export const CategoryQualityWarnings: React.FC<{ + hasSetupCapabilities: boolean; + onRecreateMlJob: () => void; + qualityWarnings: CategoryQualityWarning[]; +}> = ({ hasSetupCapabilities, onRecreateMlJob, qualityWarnings }) => { + const [detailAccordionId] = useState(htmlIdGenerator()()); + + const categoryQualityWarningsByJob = groupBy(qualityWarnings, 'jobId'); + + return ( + <> + {Object.entries(categoryQualityWarningsByJob).map(([jobId, qualityWarningsForJob]) => ( + -

-
    - {qualityWarning.reasons.map((reason, reasonIndex) => ( -
  • - -
    • - ))} -
- - ))} - -); + + } + paddingSize="m" + > + + {qualityWarningsForJob.flatMap((qualityWarning) => ( + + + {getFriendlyNameForPartitionId(qualityWarning.dataset)} + + {qualityWarning.reasons.map((reason) => ( + + + + ))} + + ))} + + + + + ))} + + ); +}; + +const QualityWarningReasonDescription = euiStyled(EuiDescriptionListDescription)` + display: list-item; + list-style-type: disc; + margin-left: ${(props) => props.theme.eui.paddingSizes.m}; +`; const categoryQualityWarningCalloutTitle = i18n.translate( 'xpack.infra.logs.logEntryCategories.categoryQUalityWarningCalloutTitle', @@ -49,7 +95,7 @@ const categoryQualityWarningCalloutTitle = i18n.translate( } ); -const CategoryQualityWarningReasonDescription: React.FC<{ +export const CategoryQualityWarningReasonDescription: React.FC<{ reason: CategoryQualityWarningReason; }> = ({ reason }) => { switch (reason.type) { @@ -57,7 +103,7 @@ const CategoryQualityWarningReasonDescription: React.FC<{ return ( ); case 'manyRareCategories': diff --git a/x-pack/plugins/infra/public/components/logging/log_analysis_job_status/recreate_job_callout.tsx b/x-pack/plugins/infra/public/components/logging/log_analysis_job_status/recreate_job_callout.tsx index cdf030a849fa1..2a0337bd99767 100644 --- a/x-pack/plugins/infra/public/components/logging/log_analysis_job_status/recreate_job_callout.tsx +++ b/x-pack/plugins/infra/public/components/logging/log_analysis_job_status/recreate_job_callout.tsx @@ -14,7 +14,7 @@ export const RecreateJobCallout: React.FC<{ title?: React.ReactNode; }> = ({ children, hasSetupCapabilities, onRecreateMlJob, title }) => ( -

{children}

+ {children} void; + previousQualityWarnings?: QualityWarning[]; validationErrors?: ValidationIndicesError[]; }> = ({ disabled = false, indices, isValidating, onChangeSelectedIndices, + previousQualityWarnings = [], validationErrors = [], }) => { const changeIsIndexSelected = useCallback( @@ -81,6 +84,7 @@ export const AnalysisSetupIndicesForm: React.FunctionComponent<{ key={index.name} onChangeIsSelected={changeIsIndexSelected} onChangeDatasetFilter={changeDatasetFilter} + previousQualityWarnings={previousQualityWarnings} /> ))} diff --git a/x-pack/plugins/infra/public/components/logging/log_analysis_setup/initial_configuration_step/index_setup_dataset_filter.tsx b/x-pack/plugins/infra/public/components/logging/log_analysis_setup/initial_configuration_step/index_setup_dataset_filter.tsx index d3ed8aeaf6155..481cc6071864c 100644 --- a/x-pack/plugins/infra/public/components/logging/log_analysis_setup/initial_configuration_step/index_setup_dataset_filter.tsx +++ b/x-pack/plugins/infra/public/components/logging/log_analysis_setup/initial_configuration_step/index_setup_dataset_filter.tsx @@ -7,6 +7,7 @@ import { EuiFilterButton, EuiFilterGroup, + EuiIconTip, EuiPopover, EuiPopoverTitle, EuiSelectable, @@ -14,11 +15,15 @@ import { } from '@elastic/eui'; import { FormattedMessage } from '@kbn/i18n/react'; import React, { useCallback, useMemo } from 'react'; -import { DatasetFilter } from '../../../../../common/log_analysis'; +import { DatasetFilter, QualityWarning } from '../../../../../common/log_analysis'; import { useVisibilityState } from '../../../../utils/use_visibility_state'; +import { CategoryQualityWarningReasonDescription } from '../../log_analysis_job_status/quality_warning_notices'; export const IndexSetupDatasetFilter: React.FC<{ - availableDatasets: string[]; + availableDatasets: Array<{ + dataset: string; + warnings: QualityWarning[]; + }>; datasetFilter: DatasetFilter; isDisabled?: boolean; onChangeDatasetFilter: (datasetFilter: DatasetFilter) => void; @@ -40,12 +45,13 @@ export const IndexSetupDatasetFilter: React.FC<{ [onChangeDatasetFilter] ); - const selectableOptions: EuiSelectableOption[] = useMemo( + const selectableOptions = useMemo( () => - availableDatasets.map((datasetName) => ({ - label: datasetName, + availableDatasets.map(({ dataset, warnings }) => ({ + label: dataset, + append: warnings.length > 0 ? : null, checked: - datasetFilter.type === 'includeSome' && datasetFilter.datasets.includes(datasetName) + datasetFilter.type === 'includeSome' && datasetFilter.datasets.includes(dataset) ? 'on' : undefined, })), @@ -86,3 +92,15 @@ export const IndexSetupDatasetFilter: React.FC<{ ); }; + +const DatasetWarningMarker: React.FC<{ warnings: QualityWarning[] }> = ({ warnings }) => { + const warningDescriptions = warnings.flatMap((warning) => + warning.type === 'categoryQualityWarning' + ? warning.reasons.map((reason) => ( + + )) + : [] + ); + + return ; +}; diff --git a/x-pack/plugins/infra/public/components/logging/log_analysis_setup/initial_configuration_step/index_setup_row.tsx b/x-pack/plugins/infra/public/components/logging/log_analysis_setup/initial_configuration_step/index_setup_row.tsx index 92774dbd6838b..b101b9b0cab0c 100644 --- a/x-pack/plugins/infra/public/components/logging/log_analysis_setup/initial_configuration_step/index_setup_row.tsx +++ b/x-pack/plugins/infra/public/components/logging/log_analysis_setup/initial_configuration_step/index_setup_row.tsx @@ -4,10 +4,10 @@ * you may not use this file except in compliance with the Elastic License. */ -import { EuiCheckbox, EuiCode, EuiFlexGroup, EuiFlexItem, EuiIcon, EuiToolTip } from '@elastic/eui'; +import { EuiCheckbox, EuiCode, EuiFlexGroup, EuiFlexItem, EuiIconTip } from '@elastic/eui'; import { FormattedMessage } from '@kbn/i18n/react'; -import React, { useCallback } from 'react'; -import { DatasetFilter } from '../../../../../common/log_analysis'; +import React, { useCallback, useMemo } from 'react'; +import { DatasetFilter, QualityWarning } from '../../../../../common/log_analysis'; import { IndexSetupDatasetFilter } from './index_setup_dataset_filter'; import { AvailableIndex, ValidationUIError } from './validation'; @@ -16,7 +16,14 @@ export const IndexSetupRow: React.FC<{ isDisabled: boolean; onChangeDatasetFilter: (indexName: string, datasetFilter: DatasetFilter) => void; onChangeIsSelected: (indexName: string, isSelected: boolean) => void; -}> = ({ index, isDisabled, onChangeDatasetFilter, onChangeIsSelected }) => { + previousQualityWarnings: QualityWarning[]; +}> = ({ + index, + isDisabled, + onChangeDatasetFilter, + onChangeIsSelected, + previousQualityWarnings, +}) => { const changeIsSelected = useCallback( (event: React.ChangeEvent) => { onChangeIsSelected(index.name, event.currentTarget.checked); @@ -29,6 +36,29 @@ export const IndexSetupRow: React.FC<{ [index.name, onChangeDatasetFilter] ); + const datasets = useMemo( + () => + index.validity === 'valid' + ? index.availableDatasets.map((availableDataset) => ({ + dataset: availableDataset, + warnings: previousQualityWarnings.filter(({ dataset }) => dataset === availableDataset), + })) + : [], + [index, previousQualityWarnings] + ); + + const datasetIndependentQualityWarnings = useMemo( + () => previousQualityWarnings.filter(({ dataset }) => dataset === ''), + [previousQualityWarnings] + ); + + const hasWarnings = useMemo( + () => + datasetIndependentQualityWarnings.length > 0 || + datasets.some(({ warnings }) => warnings.length > 0), + [datasetIndependentQualityWarnings, datasets] + ); + const isSelected = index.validity === 'valid' && index.isSelected; return ( @@ -37,7 +67,23 @@ export const IndexSetupRow: React.FC<{ {index.name}} + label={ + <> + {index.name}{' '} + {index.validity === 'valid' && hasWarnings ? ( + + } + type="alert" + color="warning" + /> + ) : null} + + } onChange={changeIsSelected} checked={isSelected} disabled={isDisabled || index.validity === 'invalid'} @@ -45,12 +91,10 @@ export const IndexSetupRow: React.FC<{ {index.validity === 'invalid' ? ( - - - + ) : index.validity === 'valid' ? ( ( + +
{renderStory()}
+ + )) + .add('Reconfiguration with partitioned warnings', () => { + return ( + + ); + }) + .add('Reconfiguration with unpartitioned warnings', () => { + return ( + + ); + }); + +const storyActions = actions('setStartTime', 'setEndTime', 'setValidatedIndices'); diff --git a/x-pack/plugins/infra/public/components/logging/log_analysis_setup/initial_configuration_step/initial_configuration_step.tsx b/x-pack/plugins/infra/public/components/logging/log_analysis_setup/initial_configuration_step/initial_configuration_step.tsx index d4c3c727bd34e..1ea972335d8fc 100644 --- a/x-pack/plugins/infra/public/components/logging/log_analysis_setup/initial_configuration_step/initial_configuration_step.tsx +++ b/x-pack/plugins/infra/public/components/logging/log_analysis_setup/initial_configuration_step/initial_configuration_step.tsx @@ -9,7 +9,7 @@ import { EuiContainedStepProps } from '@elastic/eui/src/components/steps/steps'; import { i18n } from '@kbn/i18n'; import { FormattedMessage } from '@kbn/i18n/react'; import React, { useMemo } from 'react'; -import { SetupStatus } from '../../../../../common/log_analysis'; +import { QualityWarning, SetupStatus } from '../../../../../common/log_analysis'; import { AnalysisSetupIndicesForm } from './analysis_setup_indices_form'; import { AnalysisSetupTimerangeForm } from './analysis_setup_timerange_form'; import { @@ -31,6 +31,7 @@ interface InitialConfigurationStepProps { setupStatus: SetupStatus; setValidatedIndices: (selectedIndices: AvailableIndex[]) => void; validationErrors?: ValidationUIError[]; + previousQualityWarnings?: QualityWarning[]; } export const createInitialConfigurationStep = ( @@ -50,6 +51,7 @@ export const InitialConfigurationStep: React.FunctionComponent { const disabled = useMemo(() => !editableFormStatus.includes(setupStatus.type), [setupStatus]); @@ -75,6 +77,7 @@ export const InitialConfigurationStep: React.FunctionComponent diff --git a/x-pack/plugins/infra/public/components/logging/log_analysis_setup/setup_flyout/log_entry_categories_setup_view.tsx b/x-pack/plugins/infra/public/components/logging/log_analysis_setup/setup_flyout/log_entry_categories_setup_view.tsx index 2bc5b08a1016a..e7961a11a4d52 100644 --- a/x-pack/plugins/infra/public/components/logging/log_analysis_setup/setup_flyout/log_entry_categories_setup_view.tsx +++ b/x-pack/plugins/infra/public/components/logging/log_analysis_setup/setup_flyout/log_entry_categories_setup_view.tsx @@ -6,6 +6,7 @@ import { EuiSpacer, EuiSteps, EuiText, EuiTitle } from '@elastic/eui'; import React, { useCallback, useMemo } from 'react'; +import { useMount } from 'react-use'; import { useLogEntryCategoriesSetup } from '../../../../containers/logs/log_analysis/modules/log_entry_categories'; import { createInitialConfigurationStep } from '../initial_configuration_step'; import { createProcessStep } from '../process_step'; @@ -14,8 +15,10 @@ export const LogEntryCategoriesSetupView: React.FC<{ onClose: () => void; }> = ({ onClose }) => { const { + categoryQualityWarnings, cleanUpAndSetUp, endTime, + fetchJobStatus, isValidating, lastSetupErrorMessages, moduleDescriptor, @@ -30,6 +33,10 @@ export const LogEntryCategoriesSetupView: React.FC<{ viewResults, } = useLogEntryCategoriesSetup(); + useMount(() => { + fetchJobStatus(); + }); + const viewResultsAndClose = useCallback(() => { viewResults(); onClose(); @@ -47,6 +54,7 @@ export const LogEntryCategoriesSetupView: React.FC<{ setupStatus, setValidatedIndices, validationErrors, + previousQualityWarnings: categoryQualityWarnings, }), createProcessStep({ cleanUpAndSetUp, @@ -58,6 +66,7 @@ export const LogEntryCategoriesSetupView: React.FC<{ }), ], [ + categoryQualityWarnings, cleanUpAndSetUp, endTime, isValidating, diff --git a/x-pack/plugins/infra/public/components/logging/log_analysis_setup/setup_flyout/setup_flyout.tsx b/x-pack/plugins/infra/public/components/logging/log_analysis_setup/setup_flyout/setup_flyout.tsx index 8e00254431438..407c851f2de95 100644 --- a/x-pack/plugins/infra/public/components/logging/log_analysis_setup/setup_flyout/setup_flyout.tsx +++ b/x-pack/plugins/infra/public/components/logging/log_analysis_setup/setup_flyout/setup_flyout.tsx @@ -15,14 +15,16 @@ import { } from '@elastic/eui'; import { FormattedMessage } from '@kbn/i18n/react'; import React from 'react'; -import { LogEntryRateSetupView } from './log_entry_rate_setup_view'; import { LogEntryCategoriesSetupView } from './log_entry_categories_setup_view'; +import { LogEntryRateSetupView } from './log_entry_rate_setup_view'; import { LogAnalysisModuleList } from './module_list'; -import { useLogAnalysisSetupFlyoutStateContext } from './setup_flyout_state'; +import { ModuleId, moduleIds, useLogAnalysisSetupFlyoutStateContext } from './setup_flyout_state'; const FLYOUT_HEADING_ID = 'logAnalysisSetupFlyoutHeading'; -export const LogAnalysisSetupFlyout: React.FC = () => { +export const LogAnalysisSetupFlyout: React.FC<{ + allowedModules?: ModuleId[]; +}> = ({ allowedModules = moduleIds }) => { const { closeFlyout, flyoutView, @@ -49,32 +51,58 @@ export const LogAnalysisSetupFlyout: React.FC = () => { {flyoutView.view === 'moduleList' ? ( - ) : flyoutView.view === 'moduleSetup' && flyoutView.module === 'logs_ui_analysis' ? ( - - - - ) : flyoutView.view === 'moduleSetup' && flyoutView.module === 'logs_ui_categories' ? ( - - - + ) : flyoutView.view === 'moduleSetup' && allowedModules.includes(flyoutView.module) ? ( + 1 ? showModuleList : undefined} + /> ) : null} ); }; +const ModuleSetupView: React.FC<{ + moduleId: ModuleId; + onClose: () => void; + onViewModuleList?: () => void; +}> = ({ moduleId, onClose, onViewModuleList }) => { + switch (moduleId) { + case 'logs_ui_analysis': + return ( + + + + ); + case 'logs_ui_categories': + return ( + + + + ); + } +}; + const LogAnalysisSetupFlyoutSubPage: React.FC<{ - onViewModuleList: () => void; + onViewModuleList?: () => void; }> = ({ children, onViewModuleList }) => ( - - - - - + {onViewModuleList ? ( + + + + + + ) : null} {children} ); diff --git a/x-pack/plugins/infra/public/components/logging/log_analysis_setup/setup_flyout/setup_flyout_state.ts b/x-pack/plugins/infra/public/components/logging/log_analysis_setup/setup_flyout/setup_flyout_state.ts index 7a64584df4303..5f131daf952bf 100644 --- a/x-pack/plugins/infra/public/components/logging/log_analysis_setup/setup_flyout/setup_flyout_state.ts +++ b/x-pack/plugins/infra/public/components/logging/log_analysis_setup/setup_flyout/setup_flyout_state.ts @@ -9,6 +9,8 @@ import { useState, useCallback } from 'react'; export type ModuleId = 'logs_ui_analysis' | 'logs_ui_categories'; +export const moduleIds = ['logs_ui_analysis', 'logs_ui_categories'] as const; + type FlyoutView = | { view: 'hidden' } | { view: 'moduleList' } diff --git a/x-pack/plugins/infra/public/containers/logs/log_analysis/api/get_latest_categories_datasets_stats.ts b/x-pack/plugins/infra/public/containers/logs/log_analysis/api/get_latest_categories_datasets_stats.ts new file mode 100644 index 0000000000000..c095c7000f031 --- /dev/null +++ b/x-pack/plugins/infra/public/containers/logs/log_analysis/api/get_latest_categories_datasets_stats.ts @@ -0,0 +1,47 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License; + * you may not use this file except in compliance with the Elastic License. + */ + +import { HttpHandler } from 'src/core/public'; +import { + CategorizerStatus, + getLatestLogEntryCategoryDatasetsStatsRequestPayloadRT, + getLatestLogEntryCategoryDatasetsStatsSuccessResponsePayloadRT, + LogEntryCategoriesDatasetStats, + LOG_ANALYSIS_GET_LATEST_LOG_ENTRY_CATEGORY_DATASETS_STATS_PATH, +} from '../../../../../common/http_api'; +import { decodeOrThrow } from '../../../../../common/runtime_types'; + +export { LogEntryCategoriesDatasetStats }; + +export const callGetLatestCategoriesDatasetsStatsAPI = async ( + { + jobIds, + startTime, + endTime, + includeCategorizerStatuses, + }: { + jobIds: string[]; + startTime: number; + endTime: number; + includeCategorizerStatuses: CategorizerStatus[]; + }, + fetch: HttpHandler +) => { + const response = await fetch(LOG_ANALYSIS_GET_LATEST_LOG_ENTRY_CATEGORY_DATASETS_STATS_PATH, { + method: 'POST', + body: JSON.stringify( + getLatestLogEntryCategoryDatasetsStatsRequestPayloadRT.encode({ + data: { + jobIds, + timeRange: { startTime, endTime }, + includeCategorizerStatuses, + }, + }) + ), + }); + + return decodeOrThrow(getLatestLogEntryCategoryDatasetsStatsSuccessResponsePayloadRT)(response); +}; diff --git a/x-pack/plugins/infra/public/containers/logs/log_analysis/api/ml_get_jobs_summary_api.ts b/x-pack/plugins/infra/public/containers/logs/log_analysis/api/ml_get_jobs_summary_api.ts index dbd75a646b532..7441c0ab7d34c 100644 --- a/x-pack/plugins/infra/public/containers/logs/log_analysis/api/ml_get_jobs_summary_api.ts +++ b/x-pack/plugins/infra/public/containers/logs/log_analysis/api/ml_get_jobs_summary_api.ts @@ -54,6 +54,17 @@ const jobStateRT = rt.keyof({ opening: null, }); +const jobAnalysisConfigRT = rt.partial({ + per_partition_categorization: rt.intersection([ + rt.type({ + enabled: rt.boolean, + }), + rt.partial({ + stop_on_warn: rt.boolean, + }), + ]), +}); + const jobCategorizationStatusRT = rt.keyof({ ok: null, warn: null, @@ -64,6 +75,7 @@ const jobModelSizeStatsRT = rt.type({ categorized_doc_count: rt.number, dead_category_count: rt.number, frequent_category_count: rt.number, + log_time: rt.number, rare_category_count: rt.number, total_category_count: rt.number, }); @@ -79,6 +91,8 @@ export const jobSummaryRT = rt.intersection([ datafeedIndices: rt.array(rt.string), datafeedState: datafeedStateRT, fullJob: rt.partial({ + analysis_config: jobAnalysisConfigRT, + create_time: rt.number, custom_settings: jobCustomSettingsRT, finished_time: rt.number, model_size_stats: jobModelSizeStatsRT, diff --git a/x-pack/plugins/infra/public/containers/logs/log_analysis/log_analysis_module_types.ts b/x-pack/plugins/infra/public/containers/logs/log_analysis/log_analysis_module_types.ts index 4930c8b478a9c..ba355ad195b11 100644 --- a/x-pack/plugins/infra/public/containers/logs/log_analysis/log_analysis_module_types.ts +++ b/x-pack/plugins/infra/public/containers/logs/log_analysis/log_analysis_module_types.ts @@ -50,43 +50,3 @@ export interface ModuleSourceConfiguration { spaceId: string; timestampField: string; } - -interface ManyCategoriesWarningReason { - type: 'manyCategories'; - categoriesDocumentRatio: number; -} - -interface ManyDeadCategoriesWarningReason { - type: 'manyDeadCategories'; - deadCategoriesRatio: number; -} - -interface ManyRareCategoriesWarningReason { - type: 'manyRareCategories'; - rareCategoriesRatio: number; -} - -interface NoFrequentCategoriesWarningReason { - type: 'noFrequentCategories'; -} - -interface SingleCategoryWarningReason { - type: 'singleCategory'; -} - -export type CategoryQualityWarningReason = - | ManyCategoriesWarningReason - | ManyDeadCategoriesWarningReason - | ManyRareCategoriesWarningReason - | NoFrequentCategoriesWarningReason - | SingleCategoryWarningReason; - -export type CategoryQualityWarningReasonType = CategoryQualityWarningReason['type']; - -export interface CategoryQualityWarning { - type: 'categoryQualityWarning'; - jobId: string; - reasons: CategoryQualityWarningReason[]; -} - -export type QualityWarning = CategoryQualityWarning; diff --git a/x-pack/plugins/infra/public/containers/logs/log_analysis/modules/log_entry_categories/use_log_entry_categories_quality.ts b/x-pack/plugins/infra/public/containers/logs/log_analysis/modules/log_entry_categories/use_log_entry_categories_quality.ts index 346281fa94e1b..6bad94ec49f87 100644 --- a/x-pack/plugins/infra/public/containers/logs/log_analysis/modules/log_entry_categories/use_log_entry_categories_quality.ts +++ b/x-pack/plugins/infra/public/containers/logs/log_analysis/modules/log_entry_categories/use_log_entry_categories_quality.ts @@ -4,43 +4,124 @@ * you may not use this file except in compliance with the Elastic License. */ -import { useMemo } from 'react'; +import { useMemo, useState } from 'react'; +import { useDeepCompareEffect } from 'react-use'; import { - JobModelSizeStats, - JobSummary, - QualityWarning, CategoryQualityWarningReason, -} from '../../log_analysis_module_types'; + QualityWarning, +} from '../../../../../../common/log_analysis'; +import { useKibanaContextForPlugin } from '../../../../../hooks/use_kibana'; +import { useTrackedPromise } from '../../../../../utils/use_tracked_promise'; +import { + callGetLatestCategoriesDatasetsStatsAPI, + LogEntryCategoriesDatasetStats, +} from '../../api/get_latest_categories_datasets_stats'; +import { JobModelSizeStats, JobSummary } from '../../log_analysis_module_types'; export const useLogEntryCategoriesQuality = ({ jobSummaries }: { jobSummaries: JobSummary[] }) => { + const { + services: { + http: { fetch }, + }, + } = useKibanaContextForPlugin(); + + const [lastestWarnedDatasetsStats, setLatestWarnedDatasetsStats] = useState< + LogEntryCategoriesDatasetStats[] + >([]); + + const jobSummariesWithCategoryWarnings = useMemo( + () => jobSummaries.filter(isJobWithCategoryWarnings), + [jobSummaries] + ); + + const jobSummariesWithPartitionedCategoryWarnings = useMemo( + () => jobSummariesWithCategoryWarnings.filter(isJobWithPartitionedCategories), + [jobSummariesWithCategoryWarnings] + ); + + const [fetchLatestWarnedDatasetsStatsRequest, fetchLatestWarnedDatasetsStats] = useTrackedPromise( + { + cancelPreviousOn: 'creation', + createPromise: ( + statsIntervals: Array<{ jobId: string; startTime: number; endTime: number }> + ) => + Promise.all( + statsIntervals.map(({ jobId, startTime, endTime }) => + callGetLatestCategoriesDatasetsStatsAPI( + { jobIds: [jobId], startTime, endTime, includeCategorizerStatuses: ['warn'] }, + fetch + ) + ) + ), + onResolve: (results) => { + setLatestWarnedDatasetsStats(results.flatMap(({ data: { datasetStats } }) => datasetStats)); + }, + }, + [] + ); + + useDeepCompareEffect(() => { + fetchLatestWarnedDatasetsStats( + jobSummariesWithPartitionedCategoryWarnings.map((jobSummary) => ({ + jobId: jobSummary.id, + startTime: jobSummary.fullJob?.create_time ?? 0, + endTime: jobSummary.fullJob?.model_size_stats?.log_time ?? Date.now(), + })) + ); + }, [jobSummariesWithPartitionedCategoryWarnings]); + const categoryQualityWarnings: QualityWarning[] = useMemo( - () => - jobSummaries - .filter( - (jobSummary) => jobSummary.fullJob?.model_size_stats?.categorization_status === 'warn' - ) + () => [ + ...jobSummariesWithCategoryWarnings + .filter((jobSummary) => !isJobWithPartitionedCategories(jobSummary)) .map((jobSummary) => ({ - type: 'categoryQualityWarning', + type: 'categoryQualityWarning' as const, jobId: jobSummary.id, + dataset: '', reasons: jobSummary.fullJob?.model_size_stats ? getCategoryQualityWarningReasons(jobSummary.fullJob.model_size_stats) : [], })), - [jobSummaries] + ...lastestWarnedDatasetsStats.map((datasetStats) => ({ + type: 'categoryQualityWarning' as const, + jobId: datasetStats.job_id, + dataset: datasetStats.dataset, + reasons: getCategoryQualityWarningReasons(datasetStats), + })), + ], + [jobSummariesWithCategoryWarnings, lastestWarnedDatasetsStats] ); return { categoryQualityWarnings, + lastLatestWarnedDatasetsStatsRequestErrors: + fetchLatestWarnedDatasetsStatsRequest.state === 'rejected' + ? fetchLatestWarnedDatasetsStatsRequest.value + : null, + isLoadingCategoryQualityWarnings: fetchLatestWarnedDatasetsStatsRequest.state === 'pending', }; }; +const isJobWithCategoryWarnings = (jobSummary: JobSummary) => + jobSummary.fullJob?.model_size_stats?.categorization_status === 'warn'; + +const isJobWithPartitionedCategories = (jobSummary: JobSummary) => + jobSummary.fullJob?.analysis_config?.per_partition_categorization ?? false; + const getCategoryQualityWarningReasons = ({ categorized_doc_count: categorizedDocCount, dead_category_count: deadCategoryCount, frequent_category_count: frequentCategoryCount, rare_category_count: rareCategoryCount, total_category_count: totalCategoryCount, -}: JobModelSizeStats): CategoryQualityWarningReason[] => { +}: Pick< + JobModelSizeStats, + | 'categorized_doc_count' + | 'dead_category_count' + | 'frequent_category_count' + | 'rare_category_count' + | 'total_category_count' +>): CategoryQualityWarningReason[] => { const rareCategoriesRatio = rareCategoryCount / totalCategoryCount; const categoriesDocumentRatio = totalCategoryCount / categorizedDocCount; const deadCategoriesRatio = deadCategoryCount / totalCategoryCount; diff --git a/x-pack/plugins/infra/public/containers/logs/log_analysis/modules/log_entry_categories/use_log_entry_categories_setup.tsx b/x-pack/plugins/infra/public/containers/logs/log_analysis/modules/log_entry_categories/use_log_entry_categories_setup.tsx index 399c30cf47e71..269b64c6f4076 100644 --- a/x-pack/plugins/infra/public/containers/logs/log_analysis/modules/log_entry_categories/use_log_entry_categories_setup.tsx +++ b/x-pack/plugins/infra/public/containers/logs/log_analysis/modules/log_entry_categories/use_log_entry_categories_setup.tsx @@ -9,7 +9,9 @@ import { useLogEntryCategoriesModuleContext } from './use_log_entry_categories_m export const useLogEntryCategoriesSetup = () => { const { + categoryQualityWarnings, cleanUpAndSetUpModule, + fetchJobStatus, lastSetupErrorMessages, moduleDescriptor, setUpModule, @@ -37,8 +39,10 @@ export const useLogEntryCategoriesSetup = () => { }); return { + categoryQualityWarnings, cleanUpAndSetUp, endTime, + fetchJobStatus, isValidating, lastSetupErrorMessages, moduleDescriptor, diff --git a/x-pack/plugins/infra/public/pages/logs/log_entry_categories/page_content.tsx b/x-pack/plugins/infra/public/pages/logs/log_entry_categories/page_content.tsx index 2880b1b794443..b5765942e9f10 100644 --- a/x-pack/plugins/infra/public/pages/logs/log_entry_categories/page_content.tsx +++ b/x-pack/plugins/infra/public/pages/logs/log_entry_categories/page_content.tsx @@ -5,7 +5,7 @@ */ import { i18n } from '@kbn/i18n'; -import React, { useCallback, useEffect, useState } from 'react'; +import React, { useCallback, useEffect } from 'react'; import { isJobStatusWithResults } from '../../../../common/log_analysis'; import { LoadingPage } from '../../../components/loading_page'; import { @@ -14,6 +14,10 @@ import { MissingSetupPrivilegesPrompt, SubscriptionSplashContent, } from '../../../components/logging/log_analysis_setup'; +import { + LogAnalysisSetupFlyout, + useLogAnalysisSetupFlyoutStateContext, +} from '../../../components/logging/log_analysis_setup/setup_flyout'; import { SourceErrorPage } from '../../../components/source_error_page'; import { SourceLoadingPage } from '../../../components/source_loading_page'; import { useLogAnalysisCapabilitiesContext } from '../../../containers/logs/log_analysis'; @@ -21,7 +25,6 @@ import { useLogEntryCategoriesModuleContext } from '../../../containers/logs/log import { useLogSourceContext } from '../../../containers/logs/log_source'; import { LogEntryCategoriesResultsContent } from './page_results_content'; import { LogEntryCategoriesSetupContent } from './page_setup_content'; -import { LogEntryCategoriesSetupFlyout } from './setup_flyout'; export const LogEntryCategoriesPageContent = () => { const { @@ -40,9 +43,10 @@ export const LogEntryCategoriesPageContent = () => { const { fetchJobStatus, setupStatus, jobStatus } = useLogEntryCategoriesModuleContext(); - const [isFlyoutOpen, setIsFlyoutOpen] = useState(false); - const openFlyout = useCallback(() => setIsFlyoutOpen(true), []); - const closeFlyout = useCallback(() => setIsFlyoutOpen(false), []); + const { showModuleSetup } = useLogAnalysisSetupFlyoutStateContext(); + const showCategoriesModuleSetup = useCallback(() => showModuleSetup('logs_ui_categories'), [ + showModuleSetup, + ]); useEffect(() => { if (hasLogAnalysisReadCapabilities) { @@ -71,8 +75,8 @@ export const LogEntryCategoriesPageContent = () => { } else if (isJobStatusWithResults(jobStatus['log-entry-categories-count'])) { return ( <> - - + + ); } else if (!hasLogAnalysisSetupCapabilities) { @@ -80,9 +84,11 @@ export const LogEntryCategoriesPageContent = () => { } else { return ( <> - - + + ); } }; + +const allowedSetupModules = ['logs_ui_categories' as const]; diff --git a/x-pack/plugins/infra/public/pages/logs/log_entry_categories/page_providers.tsx b/x-pack/plugins/infra/public/pages/logs/log_entry_categories/page_providers.tsx index 723d833799e29..7d2f1d5418bc5 100644 --- a/x-pack/plugins/infra/public/pages/logs/log_entry_categories/page_providers.tsx +++ b/x-pack/plugins/infra/public/pages/logs/log_entry_categories/page_providers.tsx @@ -5,6 +5,7 @@ */ import React from 'react'; +import { LogAnalysisSetupFlyoutStateProvider } from '../../../components/logging/log_analysis_setup/setup_flyout'; import { LogEntryCategoriesModuleProvider } from '../../../containers/logs/log_analysis/modules/log_entry_categories'; import { useLogSourceContext } from '../../../containers/logs/log_source'; import { useActiveKibanaSpace } from '../../../hooks/use_kibana_space'; @@ -27,7 +28,7 @@ export const LogEntryCategoriesPageProviders: React.FunctionComponent = ({ child spaceId={space.id} timestampField={sourceConfiguration.configuration.fields.timestamp} > - {children} + {children} ); }; diff --git a/x-pack/plugins/infra/public/pages/logs/log_entry_categories/setup_flyout.tsx b/x-pack/plugins/infra/public/pages/logs/log_entry_categories/setup_flyout.tsx deleted file mode 100644 index a038765de2bf3..0000000000000 --- a/x-pack/plugins/infra/public/pages/logs/log_entry_categories/setup_flyout.tsx +++ /dev/null @@ -1,128 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import { - EuiFlyout, - EuiFlyoutBody, - EuiFlyoutHeader, - EuiSpacer, - EuiSteps, - EuiText, - EuiTitle, -} from '@elastic/eui'; -import { FormattedMessage } from '@kbn/i18n/react'; -import React, { useCallback, useMemo } from 'react'; -import { - createInitialConfigurationStep, - createProcessStep, -} from '../../../components/logging/log_analysis_setup'; -import { useLogEntryCategoriesSetup } from '../../../containers/logs/log_analysis/modules/log_entry_categories'; - -interface LogEntryCategoriesSetupFlyoutProps { - isOpen: boolean; - onClose: () => void; -} - -export const LogEntryCategoriesSetupFlyout: React.FC = ({ - isOpen, - onClose, -}) => { - const { - cleanUpAndSetUp, - endTime, - isValidating, - lastSetupErrorMessages, - setEndTime, - setStartTime, - setValidatedIndices, - setUp, - setupStatus, - startTime, - validatedIndices, - validationErrors, - viewResults, - } = useLogEntryCategoriesSetup(); - - const viewResultsAndClose = useCallback(() => { - viewResults(); - onClose(); - }, [viewResults, onClose]); - - const steps = useMemo( - () => [ - createInitialConfigurationStep({ - setStartTime, - setEndTime, - startTime, - endTime, - isValidating, - validatedIndices, - setupStatus, - setValidatedIndices, - validationErrors, - }), - createProcessStep({ - cleanUpAndSetUp, - errorMessages: lastSetupErrorMessages, - isConfigurationValid: validationErrors.length <= 0 && !isValidating, - setUp, - setupStatus, - viewResults: viewResultsAndClose, - }), - ], - [ - cleanUpAndSetUp, - endTime, - isValidating, - lastSetupErrorMessages, - setEndTime, - setStartTime, - setUp, - setValidatedIndices, - setupStatus, - startTime, - validatedIndices, - validationErrors, - viewResultsAndClose, - ] - ); - - if (!isOpen) { - return null; - } - return ( - - - -

- -

- - - - -

- -

- - - - - - - - - ); -}; diff --git a/x-pack/plugins/infra/server/infra_server.ts b/x-pack/plugins/infra/server/infra_server.ts index 206fffdd2e188..1d89b7be43296 100644 --- a/x-pack/plugins/infra/server/infra_server.ts +++ b/x-pack/plugins/infra/server/infra_server.ts @@ -13,6 +13,7 @@ import { InfraBackendLibs } from './lib/infra_types'; import { initGetLogEntryCategoriesRoute, initGetLogEntryCategoryDatasetsRoute, + initGetLogEntryCategoryDatasetsStatsRoute, initGetLogEntryCategoryExamplesRoute, initGetLogEntryRateRoute, initGetLogEntryExamplesRoute, @@ -54,6 +55,7 @@ export const initInfraServer = (libs: InfraBackendLibs) => { initIpToHostName(libs); initGetLogEntryCategoriesRoute(libs); initGetLogEntryCategoryDatasetsRoute(libs); + initGetLogEntryCategoryDatasetsStatsRoute(libs); initGetLogEntryCategoryExamplesRoute(libs); initGetLogEntryRateRoute(libs); initGetLogEntryAnomaliesRoute(libs); diff --git a/x-pack/plugins/infra/server/lib/log_analysis/common.ts b/x-pack/plugins/infra/server/lib/log_analysis/common.ts index 4d2be94c7cd62..7e4a714a47d1f 100644 --- a/x-pack/plugins/infra/server/lib/log_analysis/common.ts +++ b/x-pack/plugins/infra/server/lib/log_analysis/common.ts @@ -36,7 +36,7 @@ export async function fetchMlJob(mlAnomalyDetectors: MlAnomalyDetectors, jobId: }; } -const COMPOSITE_AGGREGATION_BATCH_SIZE = 1000; +export const COMPOSITE_AGGREGATION_BATCH_SIZE = 1000; // Finds datasets related to ML job ids export async function getLogEntryDatasets( diff --git a/x-pack/plugins/infra/server/lib/log_analysis/index.ts b/x-pack/plugins/infra/server/lib/log_analysis/index.ts index c9a176be0a28f..bb571a8edf39b 100644 --- a/x-pack/plugins/infra/server/lib/log_analysis/index.ts +++ b/x-pack/plugins/infra/server/lib/log_analysis/index.ts @@ -6,5 +6,6 @@ export * from './errors'; export * from './log_entry_categories_analysis'; +export * from './log_entry_categories_datasets_stats'; export * from './log_entry_rate_analysis'; export * from './log_entry_anomalies'; diff --git a/x-pack/plugins/infra/server/lib/log_analysis/log_entry_categories_datasets_stats.ts b/x-pack/plugins/infra/server/lib/log_analysis/log_entry_categories_datasets_stats.ts new file mode 100644 index 0000000000000..ec5f3c88dff2a --- /dev/null +++ b/x-pack/plugins/infra/server/lib/log_analysis/log_entry_categories_datasets_stats.ts @@ -0,0 +1,94 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License; + * you may not use this file except in compliance with the Elastic License. + */ + +import { startTracingSpan } from '../../../common/performance_tracing'; +import { decodeOrThrow } from '../../../common/runtime_types'; +import type { MlAnomalyDetectors, MlSystem } from '../../types'; +import { COMPOSITE_AGGREGATION_BATCH_SIZE } from './common'; +import { + CompositeDatasetKey, + createLatestLogEntryCategoriesDatasetsStatsQuery, + latestLogEntryCategoriesDatasetsStatsResponseRT, + LogEntryCategoryDatasetStatsBucket, +} from './queries/latest_log_entry_categories_datasets_stats'; + +export async function getLatestLogEntriesCategoriesDatasetsStats( + context: { + infra: { + mlAnomalyDetectors: MlAnomalyDetectors; + mlSystem: MlSystem; + }; + }, + jobIds: string[], + startTime: number, + endTime: number, + includeCategorizerStatuses: Array<'ok' | 'warn'> = [] +) { + const finalizeLogEntryCategoriesDatasetsStats = startTracingSpan('get categories datasets stats'); + + let latestLogEntryCategoriesDatasetsStatsBuckets: LogEntryCategoryDatasetStatsBucket[] = []; + let afterLatestBatchKey: CompositeDatasetKey | undefined; + + while (true) { + const latestLogEntryCategoriesDatasetsStatsResponse = await context.infra.mlSystem.mlAnomalySearch( + createLatestLogEntryCategoriesDatasetsStatsQuery( + jobIds, + startTime, + endTime, + COMPOSITE_AGGREGATION_BATCH_SIZE, + afterLatestBatchKey + ) + ); + + const { after_key: afterKey, buckets: latestBatchBuckets = [] } = + decodeOrThrow(latestLogEntryCategoriesDatasetsStatsResponseRT)( + latestLogEntryCategoriesDatasetsStatsResponse + ).aggregations?.dataset_composite_terms ?? {}; + + const latestIncludedBatchBuckets = + includeCategorizerStatuses.length > 0 + ? latestBatchBuckets.filter((bucket) => + bucket.categorizer_stats_top_hits.hits.hits.some((hit) => + includeCategorizerStatuses.includes(hit._source.categorization_status) + ) + ) + : latestBatchBuckets; + + latestLogEntryCategoriesDatasetsStatsBuckets = [ + ...latestLogEntryCategoriesDatasetsStatsBuckets, + ...latestIncludedBatchBuckets, + ]; + + afterLatestBatchKey = afterKey; + if (afterKey == null || latestBatchBuckets.length < COMPOSITE_AGGREGATION_BATCH_SIZE) { + break; + } + } + + const logEntryCategoriesDatasetsStatsSpan = finalizeLogEntryCategoriesDatasetsStats(); + + return { + data: latestLogEntryCategoriesDatasetsStatsBuckets.map((bucket) => { + const latestHitSource = bucket.categorizer_stats_top_hits.hits.hits[0]._source; + + return { + categorization_status: latestHitSource.categorization_status, + categorized_doc_count: latestHitSource.categorized_doc_count, + dataset: bucket.key.dataset ?? '', + dead_category_count: latestHitSource.dead_category_count, + failed_category_count: latestHitSource.failed_category_count, + frequent_category_count: latestHitSource.frequent_category_count, + job_id: latestHitSource.job_id, + log_time: latestHitSource.log_time, + rare_category_count: latestHitSource.rare_category_count, + total_category_count: latestHitSource.total_category_count, + }; + }), + timing: { + spans: [logEntryCategoriesDatasetsStatsSpan], + }, + }; +} diff --git a/x-pack/plugins/infra/server/lib/log_analysis/queries/common.ts b/x-pack/plugins/infra/server/lib/log_analysis/queries/common.ts index 63e39ef022392..bb1a1969e99eb 100644 --- a/x-pack/plugins/infra/server/lib/log_analysis/queries/common.ts +++ b/x-pack/plugins/infra/server/lib/log_analysis/queries/common.ts @@ -40,7 +40,20 @@ export const createTimeRangeFilters = (startTime: number, endTime: number) => [ }, ]; -export const createResultTypeFilters = (resultTypes: Array<'model_plot' | 'record'>) => [ +export const createLogTimeRangeFilters = (startTime: number, endTime: number) => [ + { + range: { + log_time: { + gte: startTime, + lte: endTime, + }, + }, + }, +]; + +export const createResultTypeFilters = ( + resultTypes: Array<'categorizer_stats' | 'model_plot' | 'record'> +) => [ { terms: { result_type: resultTypes, diff --git a/x-pack/plugins/infra/server/lib/log_analysis/queries/latest_log_entry_categories_datasets_stats.ts b/x-pack/plugins/infra/server/lib/log_analysis/queries/latest_log_entry_categories_datasets_stats.ts new file mode 100644 index 0000000000000..b9224e8125a48 --- /dev/null +++ b/x-pack/plugins/infra/server/lib/log_analysis/queries/latest_log_entry_categories_datasets_stats.ts @@ -0,0 +1,133 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License; + * you may not use this file except in compliance with the Elastic License. + */ + +import * as rt from 'io-ts'; +import { commonSearchSuccessResponseFieldsRT } from '../../../utils/elasticsearch_runtime_types'; +import { + createJobIdsFilters, + createResultTypeFilters, + defaultRequestParameters, + createLogTimeRangeFilters, +} from './common'; + +export const createLatestLogEntryCategoriesDatasetsStatsQuery = ( + logEntryCategoriesJobIds: string[], + startTime: number, + endTime: number, + size: number, + afterKey?: CompositeDatasetKey +) => ({ + ...defaultRequestParameters, + body: { + query: { + bool: { + filter: [ + ...createJobIdsFilters(logEntryCategoriesJobIds), + ...createResultTypeFilters(['categorizer_stats']), + ...createLogTimeRangeFilters(startTime, endTime), + ], + }, + }, + aggregations: { + dataset_composite_terms: { + composite: { + after: afterKey, + size, + sources: [ + { + dataset: { + terms: { + field: 'partition_field_value', + missing_bucket: true, + }, + }, + }, + ], + }, + aggs: { + categorizer_stats_top_hits: { + top_hits: { + size: 1, + sort: [ + { + log_time: 'desc', + }, + ], + _source: [ + 'categorization_status', + 'categorized_doc_count', + 'dead_category_count', + 'failed_category_count', + 'frequent_category_count', + 'job_id', + 'log_time', + 'rare_category_count', + 'total_category_count', + ], + }, + }, + }, + }, + }, + }, + size: 0, +}); + +export const logEntryCategoryStatusRT = rt.keyof({ + ok: null, + warn: null, +}); + +export const logEntryCategorizerStatsHitRT = rt.type({ + _source: rt.type({ + categorization_status: logEntryCategoryStatusRT, + categorized_doc_count: rt.number, + dead_category_count: rt.number, + failed_category_count: rt.number, + frequent_category_count: rt.number, + job_id: rt.string, + log_time: rt.number, + rare_category_count: rt.number, + total_category_count: rt.number, + }), +}); + +export type LogEntryCategorizerStatsHit = rt.TypeOf; + +const compositeDatasetKeyRT = rt.type({ + dataset: rt.union([rt.string, rt.null]), +}); + +export type CompositeDatasetKey = rt.TypeOf; + +const logEntryCategoryDatasetStatsBucketRT = rt.type({ + key: compositeDatasetKeyRT, + categorizer_stats_top_hits: rt.type({ + hits: rt.type({ + hits: rt.array(logEntryCategorizerStatsHitRT), + }), + }), +}); + +export type LogEntryCategoryDatasetStatsBucket = rt.TypeOf< + typeof logEntryCategoryDatasetStatsBucketRT +>; + +export const latestLogEntryCategoriesDatasetsStatsResponseRT = rt.intersection([ + commonSearchSuccessResponseFieldsRT, + rt.partial({ + aggregations: rt.type({ + dataset_composite_terms: rt.type({ + after_key: compositeDatasetKeyRT, + buckets: rt.array(logEntryCategoryDatasetStatsBucketRT), + }), + }), + }), +]); + +export type LatestLogEntryCategoriesDatasetsStatsResponse = rt.TypeOf< + typeof latestLogEntryCategoriesDatasetsStatsResponseRT +>; diff --git a/x-pack/plugins/infra/server/routes/log_analysis/results/index.ts b/x-pack/plugins/infra/server/routes/log_analysis/results/index.ts index a01042616a872..e696477253823 100644 --- a/x-pack/plugins/infra/server/routes/log_analysis/results/index.ts +++ b/x-pack/plugins/infra/server/routes/log_analysis/results/index.ts @@ -6,6 +6,7 @@ export * from './log_entry_categories'; export * from './log_entry_category_datasets'; +export * from './log_entry_category_datasets_stats'; export * from './log_entry_category_examples'; export * from './log_entry_rate'; export * from './log_entry_examples'; diff --git a/x-pack/plugins/infra/server/routes/log_analysis/results/log_entry_category_datasets_stats.ts b/x-pack/plugins/infra/server/routes/log_analysis/results/log_entry_category_datasets_stats.ts new file mode 100644 index 0000000000000..8414fc2062ae9 --- /dev/null +++ b/x-pack/plugins/infra/server/routes/log_analysis/results/log_entry_category_datasets_stats.ts @@ -0,0 +1,79 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License; + * you may not use this file except in compliance with the Elastic License. + */ + +import Boom from 'boom'; +import { + getLatestLogEntryCategoryDatasetsStatsRequestPayloadRT, + getLatestLogEntryCategoryDatasetsStatsSuccessResponsePayloadRT, + LOG_ANALYSIS_GET_LATEST_LOG_ENTRY_CATEGORY_DATASETS_STATS_PATH, +} from '../../../../common/http_api/log_analysis'; +import { createValidationFunction } from '../../../../common/runtime_types'; +import type { InfraBackendLibs } from '../../../lib/infra_types'; +import { getLatestLogEntriesCategoriesDatasetsStats } from '../../../lib/log_analysis'; +import { isMlPrivilegesError } from '../../../lib/log_analysis/errors'; +import { assertHasInfraMlPlugins } from '../../../utils/request_context'; + +export const initGetLogEntryCategoryDatasetsStatsRoute = ({ framework }: InfraBackendLibs) => { + framework.registerRoute( + { + method: 'post', + path: LOG_ANALYSIS_GET_LATEST_LOG_ENTRY_CATEGORY_DATASETS_STATS_PATH, + validate: { + body: createValidationFunction(getLatestLogEntryCategoryDatasetsStatsRequestPayloadRT), + }, + }, + framework.router.handleLegacyErrors(async (requestContext, request, response) => { + const { + data: { + jobIds, + timeRange: { startTime, endTime }, + includeCategorizerStatuses, + }, + } = request.body; + + try { + assertHasInfraMlPlugins(requestContext); + + const { data: datasetStats, timing } = await getLatestLogEntriesCategoriesDatasetsStats( + requestContext, + jobIds, + startTime, + endTime, + includeCategorizerStatuses + ); + + return response.ok({ + body: getLatestLogEntryCategoryDatasetsStatsSuccessResponsePayloadRT.encode({ + data: { + datasetStats, + }, + timing, + }), + }); + } catch (error) { + if (Boom.isBoom(error)) { + throw error; + } + + if (isMlPrivilegesError(error)) { + return response.customError({ + statusCode: 403, + body: { + message: error.message, + }, + }); + } + + return response.customError({ + statusCode: error.statusCode ?? 500, + body: { + message: error.message ?? 'An unexpected error occurred', + }, + }); + } + }) + ); +}; diff --git a/x-pack/plugins/ml/server/models/data_recognizer/modules/logs_ui_categories/ml/log_entry_categories_count.json b/x-pack/plugins/ml/server/models/data_recognizer/modules/logs_ui_categories/ml/log_entry_categories_count.json index b4fb242f16522..40c47352371d4 100644 --- a/x-pack/plugins/ml/server/models/data_recognizer/modules/logs_ui_categories/ml/log_entry_categories_count.json +++ b/x-pack/plugins/ml/server/models/data_recognizer/modules/logs_ui_categories/ml/log_entry_categories_count.json @@ -14,7 +14,11 @@ "use_null": true } ], - "influencers": ["event.dataset", "mlcategory"] + "influencers": ["event.dataset", "mlcategory"], + "per_partition_categorization": { + "enabled": true, + "stop_on_warn": false + } }, "analysis_limits": { "model_memory_limit": "100mb", @@ -29,6 +33,6 @@ }, "custom_settings": { "created_by": "ml-module-logs-ui-categories", - "job_revision": 0 + "job_revision": 1 } } diff --git a/x-pack/plugins/translations/translations/ja-JP.json b/x-pack/plugins/translations/translations/ja-JP.json index d395b635fed2b..42e695788448f 100644 --- a/x-pack/plugins/translations/translations/ja-JP.json +++ b/x-pack/plugins/translations/translations/ja-JP.json @@ -8486,9 +8486,6 @@ "xpack.infra.logs.search.searchInLogsAriaLabel": "検索", "xpack.infra.logs.search.searchInLogsPlaceholder": "検索", "xpack.infra.logs.searchResultTooltip": "{bucketCount, plural, one {# 件のハイライトされたエントリー} other {# 件のハイライトされたエントリー}}", - "xpack.infra.logs.setupFlyout.logCategoriesDescription": "機械学習を使用して、ログメッセージを自動的に分類します。", - "xpack.infra.logs.setupFlyout.logCategoriesTitle": "ログカテゴリー", - "xpack.infra.logs.setupFlyout.setupFlyoutTitle": "機械学習を使用した異常検知", "xpack.infra.logs.showingEntriesFromTimestamp": "{timestamp} 以降のエントリーを表示中", "xpack.infra.logs.showingEntriesUntilTimestamp": "{timestamp} までのエントリーを表示中", "xpack.infra.logs.startStreamingButtonLabel": "ライブストリーム", diff --git a/x-pack/plugins/translations/translations/zh-CN.json b/x-pack/plugins/translations/translations/zh-CN.json index f9c18bcf4e51f..394acbf65d1b5 100644 --- a/x-pack/plugins/translations/translations/zh-CN.json +++ b/x-pack/plugins/translations/translations/zh-CN.json @@ -8491,9 +8491,6 @@ "xpack.infra.logs.search.searchInLogsAriaLabel": "搜索", "xpack.infra.logs.search.searchInLogsPlaceholder": "搜索", "xpack.infra.logs.searchResultTooltip": "{bucketCount, plural, one {# 个高亮条目} other {# 个高亮条目}}", - "xpack.infra.logs.setupFlyout.logCategoriesDescription": "使用 Machine Learning 自动归类日志消息。", - "xpack.infra.logs.setupFlyout.logCategoriesTitle": "日志类别", - "xpack.infra.logs.setupFlyout.setupFlyoutTitle": "通过 Machine Learning 检测异常", "xpack.infra.logs.showingEntriesFromTimestamp": "正在显示自 {timestamp} 起的条目", "xpack.infra.logs.showingEntriesUntilTimestamp": "正在显示截止于 {timestamp} 的条目", "xpack.infra.logs.startStreamingButtonLabel": "实时流式传输", From 8ba60a400498ed83832625456d0cfee19f4c55c3 Mon Sep 17 00:00:00 2001 From: Mikhail Shustov Date: Thu, 24 Sep 2020 18:15:15 +0300 Subject: [PATCH 18/63] bump query-string version to remove manual type definitions (#78143) * bump query-string version to remove manual type definitions * remove manual type declaration * fix cypress tests * add ) --- package.json | 2 +- packages/kbn-std/src/index.ts | 2 +- packages/kbn-std/src/url.ts | 6 +-- src/core/typings.ts | 28 ----------- .../public/url_utils/url_helper.test.ts | 9 ++-- .../dashboard/public/url_utils/url_helper.ts | 8 ++-- test/typings/query_string.d.ts | 46 ------------------- typings/query_string.d.ts | 46 ------------------- x-pack/package.json | 2 +- .../pages/link_to/redirect_to_logs.test.tsx | 4 +- .../plugins/infra/public/utils/url_state.tsx | 18 ++++---- .../infra/public/utils/use_url_state.ts | 19 ++++---- .../integration/ml_conditional_links.spec.ts | 26 +++++------ .../common/components/url_state/helpers.ts | 18 ++++---- .../hooks/__tests__/use_url_params.test.tsx | 2 +- x-pack/typings/query_string.d.ts | 33 ------------- yarn.lock | 33 ++++++++++--- 17 files changed, 81 insertions(+), 221 deletions(-) delete mode 100644 test/typings/query_string.d.ts delete mode 100644 typings/query_string.d.ts delete mode 100644 x-pack/typings/query_string.d.ts diff --git a/package.json b/package.json index 7102112a29b4f..6703b688b19fd 100644 --- a/package.json +++ b/package.json @@ -195,7 +195,7 @@ "p-map": "^4.0.0", "pegjs": "0.10.0", "proxy-from-env": "1.0.0", - "query-string": "5.1.1", + "query-string": "^6.13.2", "re2": "^1.15.4", "react": "^16.12.0", "react-color": "^2.13.8", diff --git a/packages/kbn-std/src/index.ts b/packages/kbn-std/src/index.ts index 8cffcd43d7537..7cf70a0e28e2c 100644 --- a/packages/kbn-std/src/index.ts +++ b/packages/kbn-std/src/index.ts @@ -24,6 +24,6 @@ export { mapToObject } from './map_to_object'; export { merge } from './merge'; export { pick } from './pick'; export { withTimeout } from './promise'; -export { isRelativeUrl, modifyUrl, URLMeaningfulParts, ParsedQuery } from './url'; +export { isRelativeUrl, modifyUrl, URLMeaningfulParts } from './url'; export { unset } from './unset'; export { getFlattenedObject } from './get_flattened_object'; diff --git a/packages/kbn-std/src/url.ts b/packages/kbn-std/src/url.ts index 7a0f08130816d..edcdebbd2bc81 100644 --- a/packages/kbn-std/src/url.ts +++ b/packages/kbn-std/src/url.ts @@ -18,11 +18,7 @@ */ import { format as formatUrl, parse as parseUrl, UrlObject } from 'url'; - -// duplicate type from 'query-string' to avoid adding the d.ts file to all packages depending on kbn-std -export interface ParsedQuery { - [key: string]: T | T[] | null | undefined; -} +import type { ParsedQuery } from 'query-string'; /** * We define our own typings because the current version of @types/node diff --git a/src/core/typings.ts b/src/core/typings.ts index a84e1c01d2bd2..f271d0b03e0d3 100644 --- a/src/core/typings.ts +++ b/src/core/typings.ts @@ -17,34 +17,6 @@ * under the License. */ -declare module 'query-string' { - type ArrayFormat = 'bracket' | 'index' | 'none'; - - export interface ParseOptions { - arrayFormat?: ArrayFormat; - sort: ((itemLeft: string, itemRight: string) => number) | false; - } - - export interface ParsedQuery { - [key: string]: T | T[] | null | undefined; - } - - export function parse(str: string, options?: ParseOptions): ParsedQuery; - - export function parseUrl(str: string, options?: ParseOptions): { url: string; query: any }; - - export interface StringifyOptions { - strict?: boolean; - encode?: boolean; - arrayFormat?: ArrayFormat; - sort: ((itemLeft: string, itemRight: string) => number) | false; - } - - export function stringify(obj: object, options?: StringifyOptions): string; - - export function extract(str: string): string; -} - type DeeplyMockedKeys = { [P in keyof T]: T[P] extends (...args: any[]) => any ? jest.MockInstance, Parameters> diff --git a/src/plugins/dashboard/public/url_utils/url_helper.test.ts b/src/plugins/dashboard/public/url_utils/url_helper.test.ts index 28d4ab032c33d..d2210e7380667 100644 --- a/src/plugins/dashboard/public/url_utils/url_helper.test.ts +++ b/src/plugins/dashboard/public/url_utils/url_helper.test.ts @@ -24,16 +24,17 @@ describe('', () => { const id = '123eb456cd'; const url = "/pep/app/dashboards#/create?_g=(refreshInterval:(pause:!t,value:0),time:(from:now-15m,to:now))&_a=(description:'',filters:!())"; - expect(addEmbeddableToDashboardUrl(url, id, 'visualization')).toEqual( - `/pep/app/dashboards#/create?_a=%28description%3A%27%27%2Cfilters%3A%21%28%29%29&_g=%28refreshInterval%3A%28pause%3A%21t%2Cvalue%3A0%29%2Ctime%3A%28from%3Anow-15m%2Cto%3Anow%29%29&addEmbeddableId=${id}&addEmbeddableType=visualization` + + expect(addEmbeddableToDashboardUrl(url, id, 'visualization')).toBe( + '/pep/app/dashboards?addEmbeddableId=123eb456cd&addEmbeddableType=visualization#%2Fcreate%3F_g%3D%28refreshInterval%3A%28pause%3A%21t%2Cvalue%3A0%29%2Ctime%3A%28from%3Anow-15m%2Cto%3Anow%29%29%26_a%3D%28description%3A%27%27%2Cfilters%3A%21%28%29%29' ); }); it('addEmbeddableToDashboardUrl when dashboard is saved', () => { const id = '123eb456cd'; const url = "/pep/app/dashboards#/view/9b780cd0-3dd3-11e8-b2b9-5d5dc1715159?_g=(refreshInterval:(pause:!t,value:0),time:(from:now-15m,to:now))&_a=(description:'',filters:!())"; - expect(addEmbeddableToDashboardUrl(url, id, 'visualization')).toEqual( - `/pep/app/dashboards#/view/9b780cd0-3dd3-11e8-b2b9-5d5dc1715159?_a=%28description%3A%27%27%2Cfilters%3A%21%28%29%29&_g=%28refreshInterval%3A%28pause%3A%21t%2Cvalue%3A0%29%2Ctime%3A%28from%3Anow-15m%2Cto%3Anow%29%29&addEmbeddableId=${id}&addEmbeddableType=visualization` + expect(addEmbeddableToDashboardUrl(url, id, 'visualization')).toBe( + '/pep/app/dashboards?addEmbeddableId=123eb456cd&addEmbeddableType=visualization#%2Fview%2F9b780cd0-3dd3-11e8-b2b9-5d5dc1715159%3F_g%3D%28refreshInterval%3A%28pause%3A%21t%2Cvalue%3A0%29%2Ctime%3A%28from%3Anow-15m%2Cto%3Anow%29%29%26_a%3D%28description%3A%27%27%2Cfilters%3A%21%28%29%29' ); }); }); diff --git a/src/plugins/dashboard/public/url_utils/url_helper.ts b/src/plugins/dashboard/public/url_utils/url_helper.ts index 61737e81cf24d..1f4706f0b8a4d 100644 --- a/src/plugins/dashboard/public/url_utils/url_helper.ts +++ b/src/plugins/dashboard/public/url_utils/url_helper.ts @@ -17,7 +17,7 @@ * under the License. */ -import { parseUrl, stringify } from 'query-string'; +import { parseUrl, stringifyUrl } from 'query-string'; import { DashboardConstants } from '../index'; /** * @@ -34,12 +34,14 @@ export function addEmbeddableToDashboardUrl( embeddableId: string, embeddableType: string ) { - const { url, query } = parseUrl(dashboardUrl); + const { url, query, fragmentIdentifier } = parseUrl(dashboardUrl, { + parseFragmentIdentifier: true, + }); if (embeddableId) { query[DashboardConstants.ADD_EMBEDDABLE_TYPE] = embeddableType; query[DashboardConstants.ADD_EMBEDDABLE_ID] = embeddableId; } - return `${url}?${stringify(query)}`; + return stringifyUrl({ url, query, fragmentIdentifier }); } diff --git a/test/typings/query_string.d.ts b/test/typings/query_string.d.ts deleted file mode 100644 index 3e4a8fa4da6a0..0000000000000 --- a/test/typings/query_string.d.ts +++ /dev/null @@ -1,46 +0,0 @@ -/* - * Licensed to Elasticsearch B.V. under one or more contributor - * license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright - * ownership. Elasticsearch B.V. licenses this file to you under - * the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - -declare module 'query-string' { - type ArrayFormat = 'bracket' | 'index' | 'none'; - - export interface ParseOptions { - arrayFormat?: ArrayFormat; - sort: ((itemLeft: string, itemRight: string) => number) | false; - } - - export interface ParsedQuery { - [key: string]: T | T[] | null | undefined; - } - - export function parse(str: string, options?: ParseOptions): ParsedQuery; - - export function parseUrl(str: string, options?: ParseOptions): { url: string; query: any }; - - export interface StringifyOptions { - strict?: boolean; - encode?: boolean; - arrayFormat?: ArrayFormat; - sort: ((itemLeft: string, itemRight: string) => number) | false; - } - - export function stringify(obj: object, options?: StringifyOptions): string; - - export function extract(str: string): string; -} diff --git a/typings/query_string.d.ts b/typings/query_string.d.ts deleted file mode 100644 index 3e4a8fa4da6a0..0000000000000 --- a/typings/query_string.d.ts +++ /dev/null @@ -1,46 +0,0 @@ -/* - * Licensed to Elasticsearch B.V. under one or more contributor - * license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright - * ownership. Elasticsearch B.V. licenses this file to you under - * the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - -declare module 'query-string' { - type ArrayFormat = 'bracket' | 'index' | 'none'; - - export interface ParseOptions { - arrayFormat?: ArrayFormat; - sort: ((itemLeft: string, itemRight: string) => number) | false; - } - - export interface ParsedQuery { - [key: string]: T | T[] | null | undefined; - } - - export function parse(str: string, options?: ParseOptions): ParsedQuery; - - export function parseUrl(str: string, options?: ParseOptions): { url: string; query: any }; - - export interface StringifyOptions { - strict?: boolean; - encode?: boolean; - arrayFormat?: ArrayFormat; - sort: ((itemLeft: string, itemRight: string) => number) | false; - } - - export function stringify(obj: object, options?: StringifyOptions): string; - - export function extract(str: string): string; -} diff --git a/x-pack/package.json b/x-pack/package.json index 806b4cd5e2ee8..3702e1a49cbe5 100644 --- a/x-pack/package.json +++ b/x-pack/package.json @@ -361,7 +361,7 @@ "proper-lockfile": "^3.2.0", "puid": "1.0.7", "puppeteer-core": "^1.19.0", - "query-string": "5.1.1", + "query-string": "^6.13.2", "raw-loader": "3.1.0", "react": "^16.12.0", "react-datetime": "^2.14.0", diff --git a/x-pack/plugins/infra/public/pages/link_to/redirect_to_logs.test.tsx b/x-pack/plugins/infra/public/pages/link_to/redirect_to_logs.test.tsx index 0556955e47f66..e1b294c8383e3 100644 --- a/x-pack/plugins/infra/public/pages/link_to/redirect_to_logs.test.tsx +++ b/x-pack/plugins/infra/public/pages/link_to/redirect_to_logs.test.tsx @@ -19,7 +19,7 @@ describe('RedirectToLogs component', () => { expect(component).toMatchInlineSnapshot(` `); }); @@ -33,7 +33,7 @@ describe('RedirectToLogs component', () => { expect(component).toMatchInlineSnapshot(` `); }); diff --git a/x-pack/plugins/infra/public/utils/url_state.tsx b/x-pack/plugins/infra/public/utils/url_state.tsx index bf4cfbaf05965..5abd35afb7525 100644 --- a/x-pack/plugins/infra/public/utils/url_state.tsx +++ b/x-pack/plugins/infra/public/utils/url_state.tsx @@ -156,16 +156,14 @@ export const replaceStateKeyInQueryString = ( urlState: UrlState | undefined ) => (queryString: string) => { const previousQueryValues = parse(queryString, { sort: false }); - const encodedUrlState = - typeof urlState !== 'undefined' ? encodeRisonUrlState(urlState) : undefined; - - return stringify( - url.encodeQuery({ - ...previousQueryValues, - [stateKey]: encodedUrlState, - }), - { sort: false, encode: false } - ); + const newValue = + typeof urlState === 'undefined' + ? previousQueryValues + : { + ...previousQueryValues, + [stateKey]: encodeRisonUrlState(urlState), + }; + return stringify(url.encodeQuery(newValue), { sort: false, encode: false }); }; const replaceQueryStringInLocation = (location: Location, queryString: string): Location => { diff --git a/x-pack/plugins/infra/public/utils/use_url_state.ts b/x-pack/plugins/infra/public/utils/use_url_state.ts index ab0ca1311194f..dd1cc9aeef9e4 100644 --- a/x-pack/plugins/infra/public/utils/use_url_state.ts +++ b/x-pack/plugins/infra/public/utils/use_url_state.ts @@ -111,16 +111,15 @@ export const replaceStateKeyInQueryString = ( urlState: UrlState | undefined ) => (queryString: string) => { const previousQueryValues = parse(queryString, { sort: false }); - const encodedUrlState = - typeof urlState !== 'undefined' ? encodeRisonUrlState(urlState) : undefined; - - return stringify( - url.encodeQuery({ - ...previousQueryValues, - [stateKey]: encodedUrlState, - }), - { sort: false, encode: false } - ); + const newValue = + typeof urlState === 'undefined' + ? previousQueryValues + : { + ...previousQueryValues, + [stateKey]: encodeRisonUrlState(urlState), + }; + + return stringify(url.encodeQuery(newValue), { sort: false, encode: false }); }; const replaceQueryStringInLocation = (location: Location, queryString: string): Location => { diff --git a/x-pack/plugins/security_solution/cypress/integration/ml_conditional_links.spec.ts b/x-pack/plugins/security_solution/cypress/integration/ml_conditional_links.spec.ts index 06a8d3a79c3cd..7bdc461a7c73d 100644 --- a/x-pack/plugins/security_solution/cypress/integration/ml_conditional_links.spec.ts +++ b/x-pack/plugins/security_solution/cypress/integration/ml_conditional_links.spec.ts @@ -94,7 +94,7 @@ describe('ml conditional links', () => { loginAndWaitForPageWithoutDateRange(mlNetworkSingleIpNullKqlQuery); cy.url().should( 'include', - '/app/security/network/ip/127.0.0.1/source?sourcerer=(default:!(%27auditbeat-*%27))&timerange=(global:(linkTo:!(timeline),timerange:(from:%272019-08-28T11:00:00.000Z%27,kind:absolute,to:%272019-08-28T13:59:59.999Z%27)),timeline:(linkTo:!(global),timerange:(from:%272019-08-28T11:00:00.000Z%27,kind:absolute,to:%272019-08-28T13:59:59.999Z%27)))' + 'app/security/network/ip/127.0.0.1/source?timerange=(global:(linkTo:!(timeline),timerange:(from:%272019-08-28T11:00:00.000Z%27,kind:absolute,to:%272019-08-28T13:59:59.999Z%27)),timeline:(linkTo:!(global),timerange:(from:%272019-08-28T11:00:00.000Z%27,kind:absolute,to:%272019-08-28T13:59:59.999Z%27)))&sourcerer=(default:!(%27auditbeat-*%27))' ); }); @@ -102,7 +102,7 @@ describe('ml conditional links', () => { loginAndWaitForPageWithoutDateRange(mlNetworkSingleIpKqlQuery); cy.url().should( 'include', - '/app/security/network/ip/127.0.0.1/source?query=(language:kuery,query:%27(process.name:%20%22conhost.exe%22%20or%20process.name:%20%22sc.exe%22)%27)&sourcerer=(default:!(%27auditbeat-*%27))&timerange=(global:(linkTo:!(timeline),timerange:(from:%272019-08-28T11:00:00.000Z%27,kind:absolute,to:%272019-08-28T13:59:59.999Z%27)),timeline:(linkTo:!(global),timerange:(from:%272019-08-28T11:00:00.000Z%27,kind:absolute,to:%272019-08-28T13:59:59.999Z%27)))' + '/app/security/network/ip/127.0.0.1/source?query=(language:kuery,query:%27(process.name:%20%22conhost.exe%22%20or%20process.name:%20%22sc.exe%22)%27)&timerange=(global:(linkTo:!(timeline),timerange:(from:%272019-08-28T11:00:00.000Z%27,kind:absolute,to:%272019-08-28T13:59:59.999Z%27)),timeline:(linkTo:!(global),timerange:(from:%272019-08-28T11:00:00.000Z%27,kind:absolute,to:%272019-08-28T13:59:59.999Z%27)))&sourcerer=(default:!(%27auditbeat-*%27))' ); }); @@ -110,7 +110,7 @@ describe('ml conditional links', () => { loginAndWaitForPageWithoutDateRange(mlNetworkMultipleIpNullKqlQuery); cy.url().should( 'include', - 'app/security/network/flows?query=(language:kuery,query:%27((source.ip:%20%22127.0.0.1%22%20or%20destination.ip:%20%22127.0.0.1%22)%20or%20(source.ip:%20%22127.0.0.2%22%20or%20destination.ip:%20%22127.0.0.2%22))%27)&sourcerer=(default:!(%27auditbeat-*%27))&timerange=(global:(linkTo:!(timeline),timerange:(from:%272019-08-28T11:00:00.000Z%27,kind:absolute,to:%272019-08-28T13:59:59.999Z%27)),timeline:(linkTo:!(global),timerange:(from:%272019-08-28T11:00:00.000Z%27,kind:absolute,to:%272019-08-28T13:59:59.999Z%27))' + 'app/security/network/flows?query=(language:kuery,query:%27((source.ip:%20%22127.0.0.1%22%20or%20destination.ip:%20%22127.0.0.1%22)%20or%20(source.ip:%20%22127.0.0.2%22%20or%20destination.ip:%20%22127.0.0.2%22))%27)&timerange=(global:(linkTo:!(timeline),timerange:(from:%272019-08-28T11:00:00.000Z%27,kind:absolute,to:%272019-08-28T13:59:59.999Z%27)),timeline:(linkTo:!(global),timerange:(from:%272019-08-28T11:00:00.000Z%27,kind:absolute,to:%272019-08-28T13:59:59.999Z%27)))&sourcerer=(default:!(%27auditbeat-*%27))' ); }); @@ -118,7 +118,7 @@ describe('ml conditional links', () => { loginAndWaitForPageWithoutDateRange(mlNetworkMultipleIpKqlQuery); cy.url().should( 'include', - '/app/security/network/flows?query=(language:kuery,query:%27((source.ip:%20%22127.0.0.1%22%20or%20destination.ip:%20%22127.0.0.1%22)%20or%20(source.ip:%20%22127.0.0.2%22%20or%20destination.ip:%20%22127.0.0.2%22))%20and%20((process.name:%20%22conhost.exe%22%20or%20process.name:%20%22sc.exe%22))%27)&sourcerer=(default:!(%27auditbeat-*%27))&timerange=(global:(linkTo:!(timeline),timerange:(from:%272019-08-28T11:00:00.000Z%27,kind:absolute,to:%272019-08-28T13:59:59.999Z%27)),timeline:(linkTo:!(global),timerange:(from:%272019-08-28T11:00:00.000Z%27,kind:absolute,to:%272019-08-28T13:59:59.999Z%27)))' + '/app/security/network/flows?query=(language:kuery,query:%27((source.ip:%20%22127.0.0.1%22%20or%20destination.ip:%20%22127.0.0.1%22)%20or%20(source.ip:%20%22127.0.0.2%22%20or%20destination.ip:%20%22127.0.0.2%22))%20and%20((process.name:%20%22conhost.exe%22%20or%20process.name:%20%22sc.exe%22))%27)&timerange=(global:(linkTo:!(timeline),timerange:(from:%272019-08-28T11:00:00.000Z%27,kind:absolute,to:%272019-08-28T13:59:59.999Z%27)),timeline:(linkTo:!(global),timerange:(from:%272019-08-28T11:00:00.000Z%27,kind:absolute,to:%272019-08-28T13:59:59.999Z%27)))&sourcerer=(default:!(%27auditbeat-*%27))' ); }); @@ -126,7 +126,7 @@ describe('ml conditional links', () => { loginAndWaitForPageWithoutDateRange(mlNetworkNullKqlQuery); cy.url().should( 'include', - '/app/security/network/flows?sourcerer=(default:!(%27auditbeat-*%27))&timerange=(global:(linkTo:!(timeline),timerange:(from:%272019-08-28T11:00:00.000Z%27,kind:absolute,to:%272019-08-28T13:59:59.999Z%27)),timeline:(linkTo:!(global),timerange:(from:%272019-08-28T11:00:00.000Z%27,kind:absolute,to:%272019-08-28T13:59:59.999Z%27)))' + '/app/security/network/flows?timerange=(global:(linkTo:!(timeline),timerange:(from:%272019-08-28T11:00:00.000Z%27,kind:absolute,to:%272019-08-28T13:59:59.999Z%27)),timeline:(linkTo:!(global),timerange:(from:%272019-08-28T11:00:00.000Z%27,kind:absolute,to:%272019-08-28T13:59:59.999Z%27)))&sourcerer=(default:!(%27auditbeat-*%27))' ); }); @@ -134,7 +134,7 @@ describe('ml conditional links', () => { loginAndWaitForPageWithoutDateRange(mlNetworkKqlQuery); cy.url().should( 'include', - '/app/security/network/flows?query=(language:kuery,query:%27(process.name:%20%22conhost.exe%22%20or%20process.name:%20%22sc.exe%22)%27)&sourcerer=(default:!(%27auditbeat-*%27))&timerange=(global:(linkTo:!(timeline),timerange:(from:%272019-08-28T11:00:00.000Z%27,kind:absolute,to:%272019-08-28T13:59:59.999Z%27)),timeline:(linkTo:!(global),timerange:(from:%272019-08-28T11:00:00.000Z%27,kind:absolute,to:%272019-08-28T13:59:59.999Z%27)))' + '/app/security/network/flows?query=(language:kuery,query:%27(process.name:%20%22conhost.exe%22%20or%20process.name:%20%22sc.exe%22)%27)&timerange=(global:(linkTo:!(timeline),timerange:(from:%272019-08-28T11:00:00.000Z%27,kind:absolute,to:%272019-08-28T13:59:59.999Z%27)),timeline:(linkTo:!(global),timerange:(from:%272019-08-28T11:00:00.000Z%27,kind:absolute,to:%272019-08-28T13:59:59.999Z%27)))&sourcerer=(default:!(%27auditbeat-*%27))' ); }); @@ -142,7 +142,7 @@ describe('ml conditional links', () => { loginAndWaitForPageWithoutDateRange(mlHostSingleHostNullKqlQuery); cy.url().should( 'include', - '/app/security/hosts/siem-windows/anomalies?sourcerer=(default:!(%27auditbeat-*%27))&timerange=(global:(linkTo:!(timeline),timerange:(from:%272019-06-06T06:00:00.000Z%27,kind:absolute,to:%272019-06-07T05:59:59.999Z%27)),timeline:(linkTo:!(global),timerange:(from:%272019-06-06T06:00:00.000Z%27,kind:absolute,to:%272019-06-07T05:59:59.999Z%27)))' + '/app/security/hosts/siem-windows/anomalies?timerange=(global:(linkTo:!(timeline),timerange:(from:%272019-06-06T06:00:00.000Z%27,kind:absolute,to:%272019-06-07T05:59:59.999Z%27)),timeline:(linkTo:!(global),timerange:(from:%272019-06-06T06:00:00.000Z%27,kind:absolute,to:%272019-06-07T05:59:59.999Z%27)))&sourcerer=(default:!(%27auditbeat-*%27))' ); }); @@ -150,7 +150,7 @@ describe('ml conditional links', () => { loginAndWaitForPageWithoutDateRange(mlHostSingleHostKqlQueryVariable); cy.url().should( 'include', - '/app/security/hosts/siem-windows/anomalies?sourcerer=(default:!(%27auditbeat-*%27))&timerange=(global:(linkTo:!(timeline),timerange:(from:%272019-06-06T06:00:00.000Z%27,kind:absolute,to:%272019-06-07T05:59:59.999Z%27)),timeline:(linkTo:!(global),timerange:(from:%272019-06-06T06:00:00.000Z%27,kind:absolute,to:%272019-06-07T05:59:59.999Z%27)))' + '/app/security/hosts/siem-windows/anomalies?timerange=(global:(linkTo:!(timeline),timerange:(from:%272019-06-06T06:00:00.000Z%27,kind:absolute,to:%272019-06-07T05:59:59.999Z%27)),timeline:(linkTo:!(global),timerange:(from:%272019-06-06T06:00:00.000Z%27,kind:absolute,to:%272019-06-07T05:59:59.999Z%27)))&sourcerer=(default:!(%27auditbeat-*%27))' ); }); @@ -158,7 +158,7 @@ describe('ml conditional links', () => { loginAndWaitForPageWithoutDateRange(mlHostSingleHostKqlQuery); cy.url().should( 'include', - '/app/security/hosts/siem-windows/anomalies?query=(language:kuery,query:%27(process.name:%20%22conhost.exe%22%20or%20process.name:%20%22sc.exe%22)%27)&sourcerer=(default:!(%27auditbeat-*%27))&timerange=(global:(linkTo:!(timeline),timerange:(from:%272019-06-06T06:00:00.000Z%27,kind:absolute,to:%272019-06-07T05:59:59.999Z%27)),timeline:(linkTo:!(global),timerange:(from:%272019-06-06T06:00:00.000Z%27,kind:absolute,to:%272019-06-07T05:59:59.999Z%27)))' + '/app/security/hosts/siem-windows/anomalies?query=(language:kuery,query:%27(process.name:%20%22conhost.exe%22%20or%20process.name:%20%22sc.exe%22)%27)&timerange=(global:(linkTo:!(timeline),timerange:(from:%272019-06-06T06:00:00.000Z%27,kind:absolute,to:%272019-06-07T05:59:59.999Z%27)),timeline:(linkTo:!(global),timerange:(from:%272019-06-06T06:00:00.000Z%27,kind:absolute,to:%272019-06-07T05:59:59.999Z%27)))&sourcerer=(default:!(%27auditbeat-*%27))' ); }); @@ -166,7 +166,7 @@ describe('ml conditional links', () => { loginAndWaitForPageWithoutDateRange(mlHostMultiHostNullKqlQuery); cy.url().should( 'include', - '/app/security/hosts/anomalies?query=(language:kuery,query:%27(host.name:%20%22siem-windows%22%20or%20host.name:%20%22siem-suricata%22)%27)&sourcerer=(default:!(%27auditbeat-*%27))&timerange=(global:(linkTo:!(timeline),timerange:(from:%272019-06-06T06:00:00.000Z%27,kind:absolute,to:%272019-06-07T05:59:59.999Z%27)),timeline:(linkTo:!(global),timerange:(from:%272019-06-06T06:00:00.000Z%27,kind:absolute,to:%272019-06-07T05:59:59.999Z%27)))' + '/app/security/hosts/anomalies?query=(language:kuery,query:%27(host.name:%20%22siem-windows%22%20or%20host.name:%20%22siem-suricata%22)%27)&timerange=(global:(linkTo:!(timeline),timerange:(from:%272019-06-06T06:00:00.000Z%27,kind:absolute,to:%272019-06-07T05:59:59.999Z%27)),timeline:(linkTo:!(global),timerange:(from:%272019-06-06T06:00:00.000Z%27,kind:absolute,to:%272019-06-07T05:59:59.999Z%27)))&sourcerer=(default:!(%27auditbeat-*%27))' ); }); @@ -174,7 +174,7 @@ describe('ml conditional links', () => { loginAndWaitForPageWithoutDateRange(mlHostMultiHostKqlQuery); cy.url().should( 'include', - '/app/security/hosts/anomalies?query=(language:kuery,query:%27(host.name:%20%22siem-windows%22%20or%20host.name:%20%22siem-suricata%22)%20and%20((process.name:%20%22conhost.exe%22%20or%20process.name:%20%22sc.exe%22))%27)&sourcerer=(default:!(%27auditbeat-*%27))&timerange=(global:(linkTo:!(timeline),timerange:(from:%272019-06-06T06:00:00.000Z%27,kind:absolute,to:%272019-06-07T05:59:59.999Z%27)),timeline:(linkTo:!(global),timerange:(from:%272019-06-06T06:00:00.000Z%27,kind:absolute,to:%272019-06-07T05:59:59.999Z%27)))' + '/app/security/hosts/anomalies?query=(language:kuery,query:%27(host.name:%20%22siem-windows%22%20or%20host.name:%20%22siem-suricata%22)%20and%20((process.name:%20%22conhost.exe%22%20or%20process.name:%20%22sc.exe%22))%27)&timerange=(global:(linkTo:!(timeline),timerange:(from:%272019-06-06T06:00:00.000Z%27,kind:absolute,to:%272019-06-07T05:59:59.999Z%27)),timeline:(linkTo:!(global),timerange:(from:%272019-06-06T06:00:00.000Z%27,kind:absolute,to:%272019-06-07T05:59:59.999Z%27)))&sourcerer=(default:!(%27auditbeat-*%27))' ); }); @@ -182,7 +182,7 @@ describe('ml conditional links', () => { loginAndWaitForPageWithoutDateRange(mlHostVariableHostNullKqlQuery); cy.url().should( 'include', - '/app/security/hosts/anomalies?sourcerer=(default:!(%27auditbeat-*%27))&timerange=(global:(linkTo:!(timeline),timerange:(from:%272019-06-06T06:00:00.000Z%27,kind:absolute,to:%272019-06-07T05:59:59.999Z%27)),timeline:(linkTo:!(global),timerange:(from:%272019-06-06T06:00:00.000Z%27,kind:absolute,to:%272019-06-07T05:59:59.999Z%27)))' + '/app/security/hosts/anomalies?timerange=(global:(linkTo:!(timeline),timerange:(from:%272019-06-06T06:00:00.000Z%27,kind:absolute,to:%272019-06-07T05:59:59.999Z%27)),timeline:(linkTo:!(global),timerange:(from:%272019-06-06T06:00:00.000Z%27,kind:absolute,to:%272019-06-07T05:59:59.999Z%27)))&sourcerer=(default:!(%27auditbeat-*%27))' ); }); @@ -190,7 +190,7 @@ describe('ml conditional links', () => { loginAndWaitForPageWithoutDateRange(mlHostVariableHostKqlQuery); cy.url().should( 'include', - '/app/security/hosts/anomalies?query=(language:kuery,query:%27(process.name:%20%22conhost.exe%22%20or%20process.name:%20%22sc.exe%22)%27)&sourcerer=(default:!(%27auditbeat-*%27))&timerange=(global:(linkTo:!(timeline),timerange:(from:%272019-06-06T06:00:00.000Z%27,kind:absolute,to:%272019-06-07T05:59:59.999Z%27)),timeline:(linkTo:!(global),timerange:(from:%272019-06-06T06:00:00.000Z%27,kind:absolute,to:%272019-06-07T05:59:59.999Z%27)))' + '/app/security/hosts/anomalies?query=(language:kuery,query:%27(process.name:%20%22conhost.exe%22%20or%20process.name:%20%22sc.exe%22)%27)&timerange=(global:(linkTo:!(timeline),timerange:(from:%272019-06-06T06:00:00.000Z%27,kind:absolute,to:%272019-06-07T05:59:59.999Z%27)),timeline:(linkTo:!(global),timerange:(from:%272019-06-06T06:00:00.000Z%27,kind:absolute,to:%272019-06-07T05:59:59.999Z%27)))&sourcerer=(default:!(%27auditbeat-*%27))' ); }); }); diff --git a/x-pack/plugins/security_solution/public/common/components/url_state/helpers.ts b/x-pack/plugins/security_solution/public/common/components/url_state/helpers.ts index a915b1c9d09a7..05000f91f094c 100644 --- a/x-pack/plugins/security_solution/public/common/components/url_state/helpers.ts +++ b/x-pack/plugins/security_solution/public/common/components/url_state/helpers.ts @@ -60,16 +60,14 @@ export const replaceStateKeyInQueryString = (stateKey: string, urlState: T) = // ಠ_ಠ Code was copied from x-pack/legacy/plugins/infra/public/utils/url_state.tsx ಠ_ಠ // Remove this if these utilities are promoted to kibana core - const encodedUrlState = - typeof urlState !== 'undefined' ? encodeRisonUrlState(urlState) : undefined; - - return stringify( - url.encodeQuery({ - ...previousQueryValues, - [stateKey]: encodedUrlState, - }), - { sort: false, encode: false } - ); + const newValue = + typeof urlState === 'undefined' + ? previousQueryValues + : { + ...previousQueryValues, + [stateKey]: encodeRisonUrlState(urlState), + }; + return stringify(url.encodeQuery(newValue), { sort: false, encode: false }); }; export const replaceQueryStringInLocation = ( diff --git a/x-pack/plugins/uptime/public/hooks/__tests__/use_url_params.test.tsx b/x-pack/plugins/uptime/public/hooks/__tests__/use_url_params.test.tsx index af5c113a02834..b7efb9bfe2aec 100644 --- a/x-pack/plugins/uptime/public/hooks/__tests__/use_url_params.test.tsx +++ b/x-pack/plugins/uptime/public/hooks/__tests__/use_url_params.test.tsx @@ -121,7 +121,7 @@ describe('useUrlParams', () => { expect(history.push).toHaveBeenCalledWith({ pathname: '/', - search: 'dateRangeEnd=now&dateRangeStart=now-12&g=%22%22', + search: 'g=%22%22&dateRangeStart=now-12&dateRangeEnd=now', }); }); }); diff --git a/x-pack/typings/query_string.d.ts b/x-pack/typings/query_string.d.ts deleted file mode 100644 index 88510bcbda81f..0000000000000 --- a/x-pack/typings/query_string.d.ts +++ /dev/null @@ -1,33 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -declare module 'query-string' { - type ArrayFormat = 'bracket' | 'index' | 'none'; - - export interface ParseOptions { - arrayFormat?: ArrayFormat; - sort?: ((itemLeft: string, itemRight: string) => number) | false; - } - - export interface ParsedQuery { - [key: string]: T | T[] | null | undefined; - } - - export function parse(str: string, options?: ParseOptions): ParsedQuery; - - export function parseUrl(str: string, options?: ParseOptions): { url: string; query: any }; - - export interface StringifyOptions { - strict?: boolean; - encode?: boolean; - arrayFormat?: ArrayFormat; - sort?: ((itemLeft: string, itemRight: string) => number) | false; - } - - export function stringify(obj: object, options?: StringifyOptions): string; - - export function extract(str: string): string; -} diff --git a/yarn.lock b/yarn.lock index afb302e17fd2c..06e735c5caf85 100644 --- a/yarn.lock +++ b/yarn.lock @@ -23251,7 +23251,15 @@ qs@^6.6.0: resolved "https://registry.yarnpkg.com/qs/-/qs-6.8.0.tgz#87b763f0d37ca54200334cd57bb2ef8f68a1d081" integrity sha512-tPSkj8y92PfZVbinY1n84i1Qdx75lZjMQYx9WZhnkofyxzw2r7Ho39G3/aEvSUdebxpnnM4LZJCtvE/Aq3+s9w== -query-string@5.1.1, query-string@^5.0.1: +query-string@^4.1.0, query-string@^4.2.2: + version "4.3.4" + resolved "https://registry.yarnpkg.com/query-string/-/query-string-4.3.4.tgz#bbb693b9ca915c232515b228b1a02b609043dbeb" + integrity sha1-u7aTucqRXCMlFbIosaArYJBD2+s= + dependencies: + object-assign "^4.1.0" + strict-uri-encode "^1.0.0" + +query-string@^5.0.1: version "5.1.1" resolved "https://registry.yarnpkg.com/query-string/-/query-string-5.1.1.tgz#a78c012b71c17e05f2e3fa2319dd330682efb3cb" integrity sha512-gjWOsm2SoGlgLEdAGt7a6slVOk9mGiXmPFMqrEhLQ68rhQuBnpfs3+EmlvqKyxnCo9/PPlF+9MtY02S1aFg+Jw== @@ -23260,13 +23268,14 @@ query-string@5.1.1, query-string@^5.0.1: object-assign "^4.1.0" strict-uri-encode "^1.0.0" -query-string@^4.1.0, query-string@^4.2.2: - version "4.3.4" - resolved "https://registry.yarnpkg.com/query-string/-/query-string-4.3.4.tgz#bbb693b9ca915c232515b228b1a02b609043dbeb" - integrity sha1-u7aTucqRXCMlFbIosaArYJBD2+s= +query-string@^6.13.2: + version "6.13.2" + resolved "https://registry.yarnpkg.com/query-string/-/query-string-6.13.2.tgz#3585aa9412c957cbd358fd5eaca7466f05586dda" + integrity sha512-BMmDaUiLDFU1hlM38jTFcRt7HYiGP/zt1sRzrIWm5zpeEuO1rkbPS0ELI3uehoLuuhHDCS8u8lhFN3fEN4JzPQ== dependencies: - object-assign "^4.1.0" - strict-uri-encode "^1.0.0" + decode-uri-component "^0.2.0" + split-on-first "^1.0.0" + strict-uri-encode "^2.0.0" querystring-es3@^0.2.0: version "0.2.1" @@ -26594,6 +26603,11 @@ spdy@^4.0.2: select-hose "^2.0.0" spdy-transport "^3.0.0" +split-on-first@^1.0.0: + version "1.1.0" + resolved "https://registry.yarnpkg.com/split-on-first/-/split-on-first-1.1.0.tgz#f610afeee3b12bce1d0c30425e76398b78249a5f" + integrity sha512-43ZssAJaMusuKWL8sKUBQXHWOpq8d6CfN/u1p4gUzfJkM05C8rxTmYrkIPTXapZpORA6LkkzcUulJ8FqA7Uudw== + split-string@^3.0.1, split-string@^3.0.2: version "3.1.0" resolved "https://registry.yarnpkg.com/split-string/-/split-string-3.1.0.tgz#7cb09dda3a86585705c64b39a6466038682e8fe2" @@ -26863,6 +26877,11 @@ strict-uri-encode@^1.0.0: resolved "https://registry.yarnpkg.com/strict-uri-encode/-/strict-uri-encode-1.1.0.tgz#279b225df1d582b1f54e65addd4352e18faa0713" integrity sha1-J5siXfHVgrH1TmWt3UNS4Y+qBxM= +strict-uri-encode@^2.0.0: + version "2.0.0" + resolved "https://registry.yarnpkg.com/strict-uri-encode/-/strict-uri-encode-2.0.0.tgz#b9c7330c7042862f6b142dc274bbcc5866ce3546" + integrity sha1-ucczDHBChi9rFC3CdLvMWGbONUY= + string-length@^1.0.0: version "1.0.1" resolved "https://registry.yarnpkg.com/string-length/-/string-length-1.0.1.tgz#56970fb1c38558e9e70b728bf3de269ac45adfac" From 38f517ae9f38f3548591ba070f21657f20144b22 Mon Sep 17 00:00:00 2001 From: Tim Sullivan Date: Thu, 24 Sep 2020 08:54:34 -0700 Subject: [PATCH 19/63] [Reporting] TS changes to reference an interface instead of class as the logger object (#78359) * [Reporting] TS changes to reference an interface instead of class, making functions more shareable * rename the interface * less flexible interface --- .../plugins/reporting/server/browsers/download/clean.ts | 4 ++-- .../reporting/server/browsers/download/download.ts | 4 ++-- .../server/browsers/download/ensure_downloaded.ts | 6 +++--- x-pack/plugins/reporting/server/browsers/install.ts | 4 ++-- x-pack/plugins/reporting/server/lib/level_logger.ts | 9 ++++++++- 5 files changed, 17 insertions(+), 10 deletions(-) diff --git a/x-pack/plugins/reporting/server/browsers/download/clean.ts b/x-pack/plugins/reporting/server/browsers/download/clean.ts index 1a362be8568cd..3d840f445b76e 100644 --- a/x-pack/plugins/reporting/server/browsers/download/clean.ts +++ b/x-pack/plugins/reporting/server/browsers/download/clean.ts @@ -7,13 +7,13 @@ import del from 'del'; import { readdirSync } from 'fs'; import { resolve as resolvePath } from 'path'; -import { LevelLogger } from '../../lib'; +import { GenericLevelLogger } from '../../lib/level_logger'; import { asyncMap } from './util'; /** * Delete any file in the `dir` that is not in the expectedPaths */ -export async function clean(dir: string, expectedPaths: string[], logger: LevelLogger) { +export async function clean(dir: string, expectedPaths: string[], logger: GenericLevelLogger) { let filenames: string[]; try { filenames = await readdirSync(dir); diff --git a/x-pack/plugins/reporting/server/browsers/download/download.ts b/x-pack/plugins/reporting/server/browsers/download/download.ts index 30b50c32a7402..b4b303416facd 100644 --- a/x-pack/plugins/reporting/server/browsers/download/download.ts +++ b/x-pack/plugins/reporting/server/browsers/download/download.ts @@ -8,7 +8,7 @@ import Axios from 'axios'; import { createHash } from 'crypto'; import { closeSync, mkdirSync, openSync, writeSync } from 'fs'; import { dirname } from 'path'; -import { LevelLogger } from '../../lib'; +import { GenericLevelLogger } from '../../lib/level_logger'; /** * Download a url and calculate it's checksum @@ -16,7 +16,7 @@ import { LevelLogger } from '../../lib'; * @param {String} path * @return {Promise} checksum of the downloaded file */ -export async function download(url: string, path: string, logger: LevelLogger) { +export async function download(url: string, path: string, logger: GenericLevelLogger) { logger.info(`Downloading ${url} to ${path}`); const hash = createHash('md5'); diff --git a/x-pack/plugins/reporting/server/browsers/download/ensure_downloaded.ts b/x-pack/plugins/reporting/server/browsers/download/ensure_downloaded.ts index f56af15f5d76b..7c3cb7b1d76bb 100644 --- a/x-pack/plugins/reporting/server/browsers/download/ensure_downloaded.ts +++ b/x-pack/plugins/reporting/server/browsers/download/ensure_downloaded.ts @@ -7,7 +7,7 @@ import { existsSync } from 'fs'; import { resolve as resolvePath } from 'path'; import { BrowserDownload, chromium } from '../'; -import { LevelLogger } from '../../lib'; +import { GenericLevelLogger } from '../../lib/level_logger'; import { md5 } from './checksum'; import { clean } from './clean'; import { download } from './download'; @@ -18,7 +18,7 @@ import { asyncMap } from './util'; * download them if they are missing or their checksum is invalid * @return {Promise} */ -export async function ensureBrowserDownloaded(logger: LevelLogger) { +export async function ensureBrowserDownloaded(logger: GenericLevelLogger) { await ensureDownloaded([chromium], logger); } @@ -29,7 +29,7 @@ export async function ensureBrowserDownloaded(logger: LevelLogger) { * @param {BrowserSpec} browsers * @return {Promise} */ -async function ensureDownloaded(browsers: BrowserDownload[], logger: LevelLogger) { +async function ensureDownloaded(browsers: BrowserDownload[], logger: GenericLevelLogger) { await asyncMap(browsers, async (browser) => { const { archivesPath } = browser.paths; diff --git a/x-pack/plugins/reporting/server/browsers/install.ts b/x-pack/plugins/reporting/server/browsers/install.ts index 35cc5b6d8b7c2..350c988309a1f 100644 --- a/x-pack/plugins/reporting/server/browsers/install.ts +++ b/x-pack/plugins/reporting/server/browsers/install.ts @@ -8,7 +8,7 @@ import del from 'del'; import os from 'os'; import path from 'path'; import * as Rx from 'rxjs'; -import { LevelLogger } from '../lib'; +import { GenericLevelLogger } from '../lib/level_logger'; import { paths } from './chromium/paths'; import { ensureBrowserDownloaded } from './download'; // @ts-ignore @@ -46,7 +46,7 @@ export const getBinaryPath = ( * archive. If there is an error extracting the archive an `ExtractError` is thrown */ export function installBrowser( - logger: LevelLogger, + logger: GenericLevelLogger, chromiumPath: string = path.resolve(__dirname, '../../chromium'), platform: string = process.platform, architecture: string = os.arch() diff --git a/x-pack/plugins/reporting/server/lib/level_logger.ts b/x-pack/plugins/reporting/server/lib/level_logger.ts index d015d500363c1..9db5274a93db8 100644 --- a/x-pack/plugins/reporting/server/lib/level_logger.ts +++ b/x-pack/plugins/reporting/server/lib/level_logger.ts @@ -10,7 +10,14 @@ const trimStr = (toTrim: string) => { return typeof toTrim === 'string' ? toTrim.trim() : toTrim; }; -export class LevelLogger { +export interface GenericLevelLogger { + debug: (msg: string) => void; + info: (msg: string) => void; + warning: (msg: string) => void; + error: (msg: Error) => void; +} + +export class LevelLogger implements GenericLevelLogger { private _logger: LoggerFactory; private _tags: string[]; public warning: (msg: string, tags?: string[]) => void; From 0e1796acc5f4e41c9e51f5c6cda28a7f18139517 Mon Sep 17 00:00:00 2001 From: Liza Katz Date: Thu, 24 Sep 2020 18:59:27 +0300 Subject: [PATCH 20/63] [Search] Generic search request and response types (#78268) * Improve search types to support EQL strategy * doc * Update types.ts * update demo strategy Co-authored-by: Elastic Machine --- ...in-plugins-data-public.iessearchrequest.md | 3 +- ...ins-data-public.iessearchrequest.params.md | 11 ---- ...data-public.iessearchresponse.isrunning.md | 13 ----- ...n-plugins-data-public.iessearchresponse.md | 13 +---- ...ta-public.iessearchresponse.rawresponse.md | 11 ---- ...lugins-data-public.ikibanasearchrequest.md | 4 +- ...ata-public.ikibanasearchrequest.params.md} | 8 ++- ...public.ikibanasearchresponse.ispartial.md} | 4 +- ...-public.ikibanasearchresponse.isrunning.md | 13 +++++ ...ugins-data-public.ikibanasearchresponse.md | 5 +- ...ublic.ikibanasearchresponse.rawresponse.md | 11 ++++ ...-plugins-data-public.iscompleteresponse.md | 2 +- ...ugin-plugins-data-public.isearchgeneric.md | 2 +- ...gin-plugins-data-public.iserrorresponse.md | 2 +- ...n-plugins-data-public.ispartialresponse.md | 2 +- .../kibana-plugin-plugins-data-public.md | 2 +- ...ns-data-public.searchinterceptor.search.md | 4 +- ...in-plugins-data-server.iessearchrequest.md | 3 +- ...ins-data-server.iessearchrequest.params.md | 11 ---- ...data-server.iessearchresponse.ispartial.md | 13 ----- ...data-server.iessearchresponse.isrunning.md | 13 ----- ...n-plugins-data-server.iessearchresponse.md | 13 +---- ...ta-server.iessearchresponse.rawresponse.md | 11 ---- ...plugin-plugins-data-server.isearchsetup.md | 2 +- ...ver.isearchsetup.registersearchstrategy.md | 2 +- ...plugin-plugins-data-server.isearchstart.md | 4 +- ...plugins-data-server.isearchstart.search.md | 2 +- ...gin-plugins-data-server.isearchstrategy.md | 2 +- .../kibana-plugin-plugins-data-server.md | 2 +- .../search_examples/server/my_strategy.ts | 9 ++-- .../data/common/search/es_search/types.ts | 18 +------ .../data/common/search/es_search/utils.ts | 8 +-- src/plugins/data/common/search/index.ts | 1 - src/plugins/data/common/search/types.ts | 25 ++++++--- src/plugins/data/public/public.api.md | 34 ++++++------ .../data/public/search/search_interceptor.ts | 6 +-- .../data/server/search/routes/search.ts | 9 ++-- .../data/server/search/search_service.ts | 54 +++++++++++-------- src/plugins/data/server/search/types.ts | 18 +++---- src/plugins/data/server/server.api.md | 22 +++----- 40 files changed, 152 insertions(+), 240 deletions(-) delete mode 100644 docs/development/plugins/data/public/kibana-plugin-plugins-data-public.iessearchrequest.params.md delete mode 100644 docs/development/plugins/data/public/kibana-plugin-plugins-data-public.iessearchresponse.isrunning.md delete mode 100644 docs/development/plugins/data/public/kibana-plugin-plugins-data-public.iessearchresponse.rawresponse.md rename docs/development/plugins/data/public/{kibana-plugin-plugins-data-public.ikibanasearchrequest.debug.md => kibana-plugin-plugins-data-public.ikibanasearchrequest.params.md} (61%) rename docs/development/plugins/data/public/{kibana-plugin-plugins-data-public.iessearchresponse.ispartial.md => kibana-plugin-plugins-data-public.ikibanasearchresponse.ispartial.md} (50%) create mode 100644 docs/development/plugins/data/public/kibana-plugin-plugins-data-public.ikibanasearchresponse.isrunning.md create mode 100644 docs/development/plugins/data/public/kibana-plugin-plugins-data-public.ikibanasearchresponse.rawresponse.md delete mode 100644 docs/development/plugins/data/server/kibana-plugin-plugins-data-server.iessearchrequest.params.md delete mode 100644 docs/development/plugins/data/server/kibana-plugin-plugins-data-server.iessearchresponse.ispartial.md delete mode 100644 docs/development/plugins/data/server/kibana-plugin-plugins-data-server.iessearchresponse.isrunning.md delete mode 100644 docs/development/plugins/data/server/kibana-plugin-plugins-data-server.iessearchresponse.rawresponse.md diff --git a/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.iessearchrequest.md b/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.iessearchrequest.md index fee34378339af..45cd088ee1203 100644 --- a/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.iessearchrequest.md +++ b/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.iessearchrequest.md @@ -7,7 +7,7 @@ Signature: ```typescript -export interface IEsSearchRequest extends IKibanaSearchRequest +export interface IEsSearchRequest extends IKibanaSearchRequest ``` ## Properties @@ -15,5 +15,4 @@ export interface IEsSearchRequest extends IKibanaSearchRequest | Property | Type | Description | | --- | --- | --- | | [indexType](./kibana-plugin-plugins-data-public.iessearchrequest.indextype.md) | string | | -| [params](./kibana-plugin-plugins-data-public.iessearchrequest.params.md) | ISearchRequestParams | | diff --git a/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.iessearchrequest.params.md b/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.iessearchrequest.params.md deleted file mode 100644 index 24107faa28e8c..0000000000000 --- a/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.iessearchrequest.params.md +++ /dev/null @@ -1,11 +0,0 @@ - - -[Home](./index.md) > [kibana-plugin-plugins-data-public](./kibana-plugin-plugins-data-public.md) > [IEsSearchRequest](./kibana-plugin-plugins-data-public.iessearchrequest.md) > [params](./kibana-plugin-plugins-data-public.iessearchrequest.params.md) - -## IEsSearchRequest.params property - -Signature: - -```typescript -params?: ISearchRequestParams; -``` diff --git a/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.iessearchresponse.isrunning.md b/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.iessearchresponse.isrunning.md deleted file mode 100644 index 56fb1a7519811..0000000000000 --- a/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.iessearchresponse.isrunning.md +++ /dev/null @@ -1,13 +0,0 @@ - - -[Home](./index.md) > [kibana-plugin-plugins-data-public](./kibana-plugin-plugins-data-public.md) > [IEsSearchResponse](./kibana-plugin-plugins-data-public.iessearchresponse.md) > [isRunning](./kibana-plugin-plugins-data-public.iessearchresponse.isrunning.md) - -## IEsSearchResponse.isRunning property - -Indicates whether async search is still in flight - -Signature: - -```typescript -isRunning?: boolean; -``` diff --git a/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.iessearchresponse.md b/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.iessearchresponse.md index 7c9a6aa702463..c8a372edbdb85 100644 --- a/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.iessearchresponse.md +++ b/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.iessearchresponse.md @@ -2,19 +2,10 @@ [Home](./index.md) > [kibana-plugin-plugins-data-public](./kibana-plugin-plugins-data-public.md) > [IEsSearchResponse](./kibana-plugin-plugins-data-public.iessearchresponse.md) -## IEsSearchResponse interface +## IEsSearchResponse type Signature: ```typescript -export interface IEsSearchResponse extends IKibanaSearchResponse +export declare type IEsSearchResponse = IKibanaSearchResponse>; ``` - -## Properties - -| Property | Type | Description | -| --- | --- | --- | -| [isPartial](./kibana-plugin-plugins-data-public.iessearchresponse.ispartial.md) | boolean | Indicates whether the results returned are complete or partial | -| [isRunning](./kibana-plugin-plugins-data-public.iessearchresponse.isrunning.md) | boolean | Indicates whether async search is still in flight | -| [rawResponse](./kibana-plugin-plugins-data-public.iessearchresponse.rawresponse.md) | SearchResponse<Source> | | - diff --git a/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.iessearchresponse.rawresponse.md b/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.iessearchresponse.rawresponse.md deleted file mode 100644 index f4648143ebc2e..0000000000000 --- a/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.iessearchresponse.rawresponse.md +++ /dev/null @@ -1,11 +0,0 @@ - - -[Home](./index.md) > [kibana-plugin-plugins-data-public](./kibana-plugin-plugins-data-public.md) > [IEsSearchResponse](./kibana-plugin-plugins-data-public.iessearchresponse.md) > [rawResponse](./kibana-plugin-plugins-data-public.iessearchresponse.rawresponse.md) - -## IEsSearchResponse.rawResponse property - -Signature: - -```typescript -rawResponse: SearchResponse; -``` diff --git a/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.ikibanasearchrequest.md b/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.ikibanasearchrequest.md index 57e0fbe2c19a9..bba051037e29b 100644 --- a/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.ikibanasearchrequest.md +++ b/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.ikibanasearchrequest.md @@ -7,13 +7,13 @@ Signature: ```typescript -export interface IKibanaSearchRequest +export interface IKibanaSearchRequest ``` ## Properties | Property | Type | Description | | --- | --- | --- | -| [debug](./kibana-plugin-plugins-data-public.ikibanasearchrequest.debug.md) | boolean | Optionally tell search strategies to output debug information. | | [id](./kibana-plugin-plugins-data-public.ikibanasearchrequest.id.md) | string | An id can be used to uniquely identify this request. | +| [params](./kibana-plugin-plugins-data-public.ikibanasearchrequest.params.md) | Params | | diff --git a/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.ikibanasearchrequest.debug.md b/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.ikibanasearchrequest.params.md similarity index 61% rename from docs/development/plugins/data/public/kibana-plugin-plugins-data-public.ikibanasearchrequest.debug.md rename to docs/development/plugins/data/public/kibana-plugin-plugins-data-public.ikibanasearchrequest.params.md index cfb21a78557fd..b7e2006a66c14 100644 --- a/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.ikibanasearchrequest.debug.md +++ b/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.ikibanasearchrequest.params.md @@ -1,13 +1,11 @@ -[Home](./index.md) > [kibana-plugin-plugins-data-public](./kibana-plugin-plugins-data-public.md) > [IKibanaSearchRequest](./kibana-plugin-plugins-data-public.ikibanasearchrequest.md) > [debug](./kibana-plugin-plugins-data-public.ikibanasearchrequest.debug.md) +[Home](./index.md) > [kibana-plugin-plugins-data-public](./kibana-plugin-plugins-data-public.md) > [IKibanaSearchRequest](./kibana-plugin-plugins-data-public.ikibanasearchrequest.md) > [params](./kibana-plugin-plugins-data-public.ikibanasearchrequest.params.md) -## IKibanaSearchRequest.debug property - -Optionally tell search strategies to output debug information. +## IKibanaSearchRequest.params property Signature: ```typescript -debug?: boolean; +params?: Params; ``` diff --git a/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.iessearchresponse.ispartial.md b/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.ikibanasearchresponse.ispartial.md similarity index 50% rename from docs/development/plugins/data/public/kibana-plugin-plugins-data-public.iessearchresponse.ispartial.md rename to docs/development/plugins/data/public/kibana-plugin-plugins-data-public.ikibanasearchresponse.ispartial.md index 00a56c6fe9c31..702c774eb8818 100644 --- a/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.iessearchresponse.ispartial.md +++ b/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.ikibanasearchresponse.ispartial.md @@ -1,8 +1,8 @@ -[Home](./index.md) > [kibana-plugin-plugins-data-public](./kibana-plugin-plugins-data-public.md) > [IEsSearchResponse](./kibana-plugin-plugins-data-public.iessearchresponse.md) > [isPartial](./kibana-plugin-plugins-data-public.iessearchresponse.ispartial.md) +[Home](./index.md) > [kibana-plugin-plugins-data-public](./kibana-plugin-plugins-data-public.md) > [IKibanaSearchResponse](./kibana-plugin-plugins-data-public.ikibanasearchresponse.md) > [isPartial](./kibana-plugin-plugins-data-public.ikibanasearchresponse.ispartial.md) -## IEsSearchResponse.isPartial property +## IKibanaSearchResponse.isPartial property Indicates whether the results returned are complete or partial diff --git a/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.ikibanasearchresponse.isrunning.md b/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.ikibanasearchresponse.isrunning.md new file mode 100644 index 0000000000000..1e625ccff26f9 --- /dev/null +++ b/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.ikibanasearchresponse.isrunning.md @@ -0,0 +1,13 @@ + + +[Home](./index.md) > [kibana-plugin-plugins-data-public](./kibana-plugin-plugins-data-public.md) > [IKibanaSearchResponse](./kibana-plugin-plugins-data-public.ikibanasearchresponse.md) > [isRunning](./kibana-plugin-plugins-data-public.ikibanasearchresponse.isrunning.md) + +## IKibanaSearchResponse.isRunning property + +Indicates whether search is still in flight + +Signature: + +```typescript +isRunning?: boolean; +``` diff --git a/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.ikibanasearchresponse.md b/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.ikibanasearchresponse.md index f7dfd1ddd2f49..159dc8f4ada18 100644 --- a/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.ikibanasearchresponse.md +++ b/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.ikibanasearchresponse.md @@ -7,7 +7,7 @@ Signature: ```typescript -export interface IKibanaSearchResponse +export interface IKibanaSearchResponse ``` ## Properties @@ -15,6 +15,9 @@ export interface IKibanaSearchResponse | Property | Type | Description | | --- | --- | --- | | [id](./kibana-plugin-plugins-data-public.ikibanasearchresponse.id.md) | string | Some responses may contain a unique id to identify the request this response came from. | +| [isPartial](./kibana-plugin-plugins-data-public.ikibanasearchresponse.ispartial.md) | boolean | Indicates whether the results returned are complete or partial | +| [isRunning](./kibana-plugin-plugins-data-public.ikibanasearchresponse.isrunning.md) | boolean | Indicates whether search is still in flight | | [loaded](./kibana-plugin-plugins-data-public.ikibanasearchresponse.loaded.md) | number | If relevant to the search strategy, return a loaded number that represents how progress is indicated. | +| [rawResponse](./kibana-plugin-plugins-data-public.ikibanasearchresponse.rawresponse.md) | RawResponse | | | [total](./kibana-plugin-plugins-data-public.ikibanasearchresponse.total.md) | number | If relevant to the search strategy, return a total number that represents how progress is indicated. | diff --git a/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.ikibanasearchresponse.rawresponse.md b/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.ikibanasearchresponse.rawresponse.md new file mode 100644 index 0000000000000..865c7d795801b --- /dev/null +++ b/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.ikibanasearchresponse.rawresponse.md @@ -0,0 +1,11 @@ + + +[Home](./index.md) > [kibana-plugin-plugins-data-public](./kibana-plugin-plugins-data-public.md) > [IKibanaSearchResponse](./kibana-plugin-plugins-data-public.ikibanasearchresponse.md) > [rawResponse](./kibana-plugin-plugins-data-public.ikibanasearchresponse.rawresponse.md) + +## IKibanaSearchResponse.rawResponse property + +Signature: + +```typescript +rawResponse: RawResponse; +``` diff --git a/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.iscompleteresponse.md b/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.iscompleteresponse.md index 17acf4e0d1be8..e17e453ecb749 100644 --- a/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.iscompleteresponse.md +++ b/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.iscompleteresponse.md @@ -7,5 +7,5 @@ Signature: ```typescript -isCompleteResponse: (response?: IEsSearchResponse | undefined) => boolean | undefined +isCompleteResponse: (response?: IKibanaSearchResponse | undefined) => boolean | undefined ``` diff --git a/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.isearchgeneric.md b/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.isearchgeneric.md index 861b59e73ef04..025ca6681d39b 100644 --- a/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.isearchgeneric.md +++ b/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.isearchgeneric.md @@ -7,5 +7,5 @@ Signature: ```typescript -export declare type ISearchGeneric = (request: SearchStrategyRequest, options?: ISearchOptions) => Observable; +export declare type ISearchGeneric = (request: SearchStrategyRequest, options?: ISearchOptions) => Observable; ``` diff --git a/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.iserrorresponse.md b/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.iserrorresponse.md index 3f9b1d593870d..e4ac35f19e959 100644 --- a/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.iserrorresponse.md +++ b/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.iserrorresponse.md @@ -7,5 +7,5 @@ Signature: ```typescript -isErrorResponse: (response?: IEsSearchResponse | undefined) => boolean | undefined +isErrorResponse: (response?: IKibanaSearchResponse | undefined) => boolean | undefined ``` diff --git a/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.ispartialresponse.md b/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.ispartialresponse.md index 9f2f1bbf2f9e0..4b707ceeacc89 100644 --- a/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.ispartialresponse.md +++ b/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.ispartialresponse.md @@ -7,5 +7,5 @@ Signature: ```typescript -isPartialResponse: (response?: IEsSearchResponse | undefined) => boolean | undefined +isPartialResponse: (response?: IKibanaSearchResponse | undefined) => boolean | undefined ``` diff --git a/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.md b/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.md index 8625120d54848..0f45b5a727676 100644 --- a/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.md +++ b/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.md @@ -61,7 +61,6 @@ | [FieldMappingSpec](./kibana-plugin-plugins-data-public.fieldmappingspec.md) | | | [IDataPluginServices](./kibana-plugin-plugins-data-public.idatapluginservices.md) | | | [IEsSearchRequest](./kibana-plugin-plugins-data-public.iessearchrequest.md) | | -| [IEsSearchResponse](./kibana-plugin-plugins-data-public.iessearchresponse.md) | | | [IFieldSubType](./kibana-plugin-plugins-data-public.ifieldsubtype.md) | | | [IFieldType](./kibana-plugin-plugins-data-public.ifieldtype.md) | | | [IIndexPattern](./kibana-plugin-plugins-data-public.iindexpattern.md) | | @@ -152,6 +151,7 @@ | [Filter](./kibana-plugin-plugins-data-public.filter.md) | | | [IAggConfig](./kibana-plugin-plugins-data-public.iaggconfig.md) | AggConfig This class represents an aggregation, which is displayed in the left-hand nav of the Visualize app. | | [IAggType](./kibana-plugin-plugins-data-public.iaggtype.md) | | +| [IEsSearchResponse](./kibana-plugin-plugins-data-public.iessearchresponse.md) | | | [IFieldFormat](./kibana-plugin-plugins-data-public.ifieldformat.md) | | | [IFieldFormatsRegistry](./kibana-plugin-plugins-data-public.ifieldformatsregistry.md) | | | [IFieldParamType](./kibana-plugin-plugins-data-public.ifieldparamtype.md) | | diff --git a/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.searchinterceptor.search.md b/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.searchinterceptor.search.md index 1752d183a8737..1a71b5808f485 100644 --- a/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.searchinterceptor.search.md +++ b/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.searchinterceptor.search.md @@ -9,7 +9,7 @@ Searches using the given `search` method. Overrides the `AbortSignal` with one t Signature: ```typescript -search(request: IEsSearchRequest, options?: ISearchOptions): Observable; +search(request: IEsSearchRequest, options?: ISearchOptions): Observable; ``` ## Parameters @@ -21,5 +21,5 @@ search(request: IEsSearchRequest, options?: ISearchOptions): ObservableReturns: -`Observable` +`Observable` diff --git a/docs/development/plugins/data/server/kibana-plugin-plugins-data-server.iessearchrequest.md b/docs/development/plugins/data/server/kibana-plugin-plugins-data-server.iessearchrequest.md index 0dfa23eb64c1b..9141bcdd2e8d7 100644 --- a/docs/development/plugins/data/server/kibana-plugin-plugins-data-server.iessearchrequest.md +++ b/docs/development/plugins/data/server/kibana-plugin-plugins-data-server.iessearchrequest.md @@ -7,7 +7,7 @@ Signature: ```typescript -export interface IEsSearchRequest extends IKibanaSearchRequest +export interface IEsSearchRequest extends IKibanaSearchRequest ``` ## Properties @@ -15,5 +15,4 @@ export interface IEsSearchRequest extends IKibanaSearchRequest | Property | Type | Description | | --- | --- | --- | | [indexType](./kibana-plugin-plugins-data-server.iessearchrequest.indextype.md) | string | | -| [params](./kibana-plugin-plugins-data-server.iessearchrequest.params.md) | ISearchRequestParams | | diff --git a/docs/development/plugins/data/server/kibana-plugin-plugins-data-server.iessearchrequest.params.md b/docs/development/plugins/data/server/kibana-plugin-plugins-data-server.iessearchrequest.params.md deleted file mode 100644 index d65281973c951..0000000000000 --- a/docs/development/plugins/data/server/kibana-plugin-plugins-data-server.iessearchrequest.params.md +++ /dev/null @@ -1,11 +0,0 @@ - - -[Home](./index.md) > [kibana-plugin-plugins-data-server](./kibana-plugin-plugins-data-server.md) > [IEsSearchRequest](./kibana-plugin-plugins-data-server.iessearchrequest.md) > [params](./kibana-plugin-plugins-data-server.iessearchrequest.params.md) - -## IEsSearchRequest.params property - -Signature: - -```typescript -params?: ISearchRequestParams; -``` diff --git a/docs/development/plugins/data/server/kibana-plugin-plugins-data-server.iessearchresponse.ispartial.md b/docs/development/plugins/data/server/kibana-plugin-plugins-data-server.iessearchresponse.ispartial.md deleted file mode 100644 index fbddfc1cd9fc4..0000000000000 --- a/docs/development/plugins/data/server/kibana-plugin-plugins-data-server.iessearchresponse.ispartial.md +++ /dev/null @@ -1,13 +0,0 @@ - - -[Home](./index.md) > [kibana-plugin-plugins-data-server](./kibana-plugin-plugins-data-server.md) > [IEsSearchResponse](./kibana-plugin-plugins-data-server.iessearchresponse.md) > [isPartial](./kibana-plugin-plugins-data-server.iessearchresponse.ispartial.md) - -## IEsSearchResponse.isPartial property - -Indicates whether the results returned are complete or partial - -Signature: - -```typescript -isPartial?: boolean; -``` diff --git a/docs/development/plugins/data/server/kibana-plugin-plugins-data-server.iessearchresponse.isrunning.md b/docs/development/plugins/data/server/kibana-plugin-plugins-data-server.iessearchresponse.isrunning.md deleted file mode 100644 index 01f3982957d5c..0000000000000 --- a/docs/development/plugins/data/server/kibana-plugin-plugins-data-server.iessearchresponse.isrunning.md +++ /dev/null @@ -1,13 +0,0 @@ - - -[Home](./index.md) > [kibana-plugin-plugins-data-server](./kibana-plugin-plugins-data-server.md) > [IEsSearchResponse](./kibana-plugin-plugins-data-server.iessearchresponse.md) > [isRunning](./kibana-plugin-plugins-data-server.iessearchresponse.isrunning.md) - -## IEsSearchResponse.isRunning property - -Indicates whether async search is still in flight - -Signature: - -```typescript -isRunning?: boolean; -``` diff --git a/docs/development/plugins/data/server/kibana-plugin-plugins-data-server.iessearchresponse.md b/docs/development/plugins/data/server/kibana-plugin-plugins-data-server.iessearchresponse.md index 55c0399e90e2f..d333af1b278c2 100644 --- a/docs/development/plugins/data/server/kibana-plugin-plugins-data-server.iessearchresponse.md +++ b/docs/development/plugins/data/server/kibana-plugin-plugins-data-server.iessearchresponse.md @@ -2,19 +2,10 @@ [Home](./index.md) > [kibana-plugin-plugins-data-server](./kibana-plugin-plugins-data-server.md) > [IEsSearchResponse](./kibana-plugin-plugins-data-server.iessearchresponse.md) -## IEsSearchResponse interface +## IEsSearchResponse type Signature: ```typescript -export interface IEsSearchResponse extends IKibanaSearchResponse +export declare type IEsSearchResponse = IKibanaSearchResponse>; ``` - -## Properties - -| Property | Type | Description | -| --- | --- | --- | -| [isPartial](./kibana-plugin-plugins-data-server.iessearchresponse.ispartial.md) | boolean | Indicates whether the results returned are complete or partial | -| [isRunning](./kibana-plugin-plugins-data-server.iessearchresponse.isrunning.md) | boolean | Indicates whether async search is still in flight | -| [rawResponse](./kibana-plugin-plugins-data-server.iessearchresponse.rawresponse.md) | SearchResponse<Source> | | - diff --git a/docs/development/plugins/data/server/kibana-plugin-plugins-data-server.iessearchresponse.rawresponse.md b/docs/development/plugins/data/server/kibana-plugin-plugins-data-server.iessearchresponse.rawresponse.md deleted file mode 100644 index 9987debfa551c..0000000000000 --- a/docs/development/plugins/data/server/kibana-plugin-plugins-data-server.iessearchresponse.rawresponse.md +++ /dev/null @@ -1,11 +0,0 @@ - - -[Home](./index.md) > [kibana-plugin-plugins-data-server](./kibana-plugin-plugins-data-server.md) > [IEsSearchResponse](./kibana-plugin-plugins-data-server.iessearchresponse.md) > [rawResponse](./kibana-plugin-plugins-data-server.iessearchresponse.rawresponse.md) - -## IEsSearchResponse.rawResponse property - -Signature: - -```typescript -rawResponse: SearchResponse; -``` diff --git a/docs/development/plugins/data/server/kibana-plugin-plugins-data-server.isearchsetup.md b/docs/development/plugins/data/server/kibana-plugin-plugins-data-server.isearchsetup.md index ac2ae13372f7a..3e27140e8bc08 100644 --- a/docs/development/plugins/data/server/kibana-plugin-plugins-data-server.isearchsetup.md +++ b/docs/development/plugins/data/server/kibana-plugin-plugins-data-server.isearchsetup.md @@ -15,6 +15,6 @@ export interface ISearchSetup | Property | Type | Description | | --- | --- | --- | | [aggs](./kibana-plugin-plugins-data-server.isearchsetup.aggs.md) | AggsSetup | | -| [registerSearchStrategy](./kibana-plugin-plugins-data-server.isearchsetup.registersearchstrategy.md) | <SearchStrategyRequest extends IEsSearchRequest = IEsSearchRequest, SearchStrategyResponse extends IEsSearchResponse = IEsSearchResponse>(name: string, strategy: ISearchStrategy<SearchStrategyRequest, SearchStrategyResponse>) => void | Extension point exposed for other plugins to register their own search strategies. | +| [registerSearchStrategy](./kibana-plugin-plugins-data-server.isearchsetup.registersearchstrategy.md) | <SearchStrategyRequest extends IKibanaSearchRequest = IEsSearchRequest, SearchStrategyResponse extends IKibanaSearchResponse = IEsSearchResponse>(name: string, strategy: ISearchStrategy<SearchStrategyRequest, SearchStrategyResponse>) => void | Extension point exposed for other plugins to register their own search strategies. | | [usage](./kibana-plugin-plugins-data-server.isearchsetup.usage.md) | SearchUsage | Used internally for telemetry | diff --git a/docs/development/plugins/data/server/kibana-plugin-plugins-data-server.isearchsetup.registersearchstrategy.md b/docs/development/plugins/data/server/kibana-plugin-plugins-data-server.isearchsetup.registersearchstrategy.md index f20c6f4911062..81571d343495c 100644 --- a/docs/development/plugins/data/server/kibana-plugin-plugins-data-server.isearchsetup.registersearchstrategy.md +++ b/docs/development/plugins/data/server/kibana-plugin-plugins-data-server.isearchsetup.registersearchstrategy.md @@ -9,5 +9,5 @@ Extension point exposed for other plugins to register their own search strategie Signature: ```typescript -registerSearchStrategy: (name: string, strategy: ISearchStrategy) => void; +registerSearchStrategy: (name: string, strategy: ISearchStrategy) => void; ``` diff --git a/docs/development/plugins/data/server/kibana-plugin-plugins-data-server.isearchstart.md b/docs/development/plugins/data/server/kibana-plugin-plugins-data-server.isearchstart.md index 577532d22b3d3..b8b6ee1f0b28c 100644 --- a/docs/development/plugins/data/server/kibana-plugin-plugins-data-server.isearchstart.md +++ b/docs/development/plugins/data/server/kibana-plugin-plugins-data-server.isearchstart.md @@ -7,7 +7,7 @@ Signature: ```typescript -export interface ISearchStart +export interface ISearchStart ``` ## Properties @@ -16,5 +16,5 @@ export interface ISearchStartAggsStart | | | [getSearchStrategy](./kibana-plugin-plugins-data-server.isearchstart.getsearchstrategy.md) | (name: string) => ISearchStrategy<SearchStrategyRequest, SearchStrategyResponse> | Get other registered search strategies. For example, if a new strategy needs to use the already-registered ES search strategy, it can use this function to accomplish that. | -| [search](./kibana-plugin-plugins-data-server.isearchstart.search.md) | (context: RequestHandlerContext, request: IEsSearchRequest, options: ISearchOptions) => Promise<IEsSearchResponse> | | +| [search](./kibana-plugin-plugins-data-server.isearchstart.search.md) | (context: RequestHandlerContext, request: SearchStrategyRequest, options: ISearchOptions) => Promise<SearchStrategyResponse> | | diff --git a/docs/development/plugins/data/server/kibana-plugin-plugins-data-server.isearchstart.search.md b/docs/development/plugins/data/server/kibana-plugin-plugins-data-server.isearchstart.search.md index 33ca818afc769..fdcd4d6768db5 100644 --- a/docs/development/plugins/data/server/kibana-plugin-plugins-data-server.isearchstart.search.md +++ b/docs/development/plugins/data/server/kibana-plugin-plugins-data-server.isearchstart.search.md @@ -7,5 +7,5 @@ Signature: ```typescript -search: (context: RequestHandlerContext, request: IEsSearchRequest, options: ISearchOptions) => Promise; +search: (context: RequestHandlerContext, request: SearchStrategyRequest, options: ISearchOptions) => Promise; ``` diff --git a/docs/development/plugins/data/server/kibana-plugin-plugins-data-server.isearchstrategy.md b/docs/development/plugins/data/server/kibana-plugin-plugins-data-server.isearchstrategy.md index dc076455ab272..3d2caf417f3cb 100644 --- a/docs/development/plugins/data/server/kibana-plugin-plugins-data-server.isearchstrategy.md +++ b/docs/development/plugins/data/server/kibana-plugin-plugins-data-server.isearchstrategy.md @@ -9,7 +9,7 @@ Search strategy interface contains a search method that takes in a request and r Signature: ```typescript -export interface ISearchStrategy +export interface ISearchStrategy ``` ## Properties diff --git a/docs/development/plugins/data/server/kibana-plugin-plugins-data-server.md b/docs/development/plugins/data/server/kibana-plugin-plugins-data-server.md index 7113ac935907f..f1eecd6e49b02 100644 --- a/docs/development/plugins/data/server/kibana-plugin-plugins-data-server.md +++ b/docs/development/plugins/data/server/kibana-plugin-plugins-data-server.md @@ -46,7 +46,6 @@ | [FieldDescriptor](./kibana-plugin-plugins-data-server.fielddescriptor.md) | | | [FieldFormatConfig](./kibana-plugin-plugins-data-server.fieldformatconfig.md) | | | [IEsSearchRequest](./kibana-plugin-plugins-data-server.iessearchrequest.md) | | -| [IEsSearchResponse](./kibana-plugin-plugins-data-server.iessearchresponse.md) | | | [IFieldSubType](./kibana-plugin-plugins-data-server.ifieldsubtype.md) | | | [IFieldType](./kibana-plugin-plugins-data-server.ifieldtype.md) | | | [IndexPatternAttributes](./kibana-plugin-plugins-data-server.indexpatternattributes.md) | | @@ -92,6 +91,7 @@ | [Filter](./kibana-plugin-plugins-data-server.filter.md) | | | [IAggConfig](./kibana-plugin-plugins-data-server.iaggconfig.md) | AggConfig This class represents an aggregation, which is displayed in the left-hand nav of the Visualize app. | | [IAggType](./kibana-plugin-plugins-data-server.iaggtype.md) | | +| [IEsSearchResponse](./kibana-plugin-plugins-data-server.iessearchresponse.md) | | | [IFieldFormatsRegistry](./kibana-plugin-plugins-data-server.ifieldformatsregistry.md) | | | [IFieldParamType](./kibana-plugin-plugins-data-server.ifieldparamtype.md) | | | [IMetricAggType](./kibana-plugin-plugins-data-server.imetricaggtype.md) | | diff --git a/examples/search_examples/server/my_strategy.ts b/examples/search_examples/server/my_strategy.ts index a1116ddbd759b..1f59d0a5d8f3a 100644 --- a/examples/search_examples/server/my_strategy.ts +++ b/examples/search_examples/server/my_strategy.ts @@ -20,15 +20,16 @@ import { ISearchStrategy, PluginStart } from '../../../src/plugins/data/server'; import { IMyStrategyResponse, IMyStrategyRequest } from '../common'; -export const mySearchStrategyProvider = (data: PluginStart): ISearchStrategy => { +export const mySearchStrategyProvider = ( + data: PluginStart +): ISearchStrategy => { const es = data.search.getSearchStrategy('es'); return { - search: async (context, request, options): Promise => { - request.debug = true; + search: async (context, request, options) => { const esSearchRes = await es.search(context, request, options); return { ...esSearchRes, - cool: (request as IMyStrategyRequest).get_cool ? 'YES' : 'NOPE', + cool: request.get_cool ? 'YES' : 'NOPE', }; }, cancel: async (context, id) => { diff --git a/src/plugins/data/common/search/es_search/types.ts b/src/plugins/data/common/search/es_search/types.ts index 81124c1e095f7..b1c3e5cdd3960 100644 --- a/src/plugins/data/common/search/es_search/types.ts +++ b/src/plugins/data/common/search/es_search/types.ts @@ -37,22 +37,8 @@ export type ISearchRequestParams> = { trackTotalHits?: boolean; } & Search; -export interface IEsSearchRequest extends IKibanaSearchRequest { - params?: ISearchRequestParams; +export interface IEsSearchRequest extends IKibanaSearchRequest { indexType?: string; } -export interface IEsSearchResponse extends IKibanaSearchResponse { - /** - * Indicates whether async search is still in flight - */ - isRunning?: boolean; - /** - * Indicates whether the results returned are complete or partial - */ - isPartial?: boolean; - rawResponse: SearchResponse; -} - -export const isEsResponse = (response: any): response is IEsSearchResponse => - response && response.rawResponse; +export type IEsSearchResponse = IKibanaSearchResponse>; diff --git a/src/plugins/data/common/search/es_search/utils.ts b/src/plugins/data/common/search/es_search/utils.ts index 517a0c03cf5c8..ec66a3d3f923e 100644 --- a/src/plugins/data/common/search/es_search/utils.ts +++ b/src/plugins/data/common/search/es_search/utils.ts @@ -17,25 +17,25 @@ * under the License. */ -import { IEsSearchResponse } from './types'; +import { IKibanaSearchResponse } from '..'; /** * @returns true if response had an error while executing in ES */ -export const isErrorResponse = (response?: IEsSearchResponse) => { +export const isErrorResponse = (response?: IKibanaSearchResponse) => { return !response || (!response.isRunning && response.isPartial); }; /** * @returns true if response is completed successfully */ -export const isCompleteResponse = (response?: IEsSearchResponse) => { +export const isCompleteResponse = (response?: IKibanaSearchResponse) => { return response && !response.isRunning && !response.isPartial; }; /** * @returns true if request is still running an/d response contains partial results */ -export const isPartialResponse = (response?: IEsSearchResponse) => { +export const isPartialResponse = (response?: IKibanaSearchResponse) => { return response && response.isRunning && response.isPartial; }; diff --git a/src/plugins/data/common/search/index.ts b/src/plugins/data/common/search/index.ts index 2ec4afbc60d96..2ee0db384cf06 100644 --- a/src/plugins/data/common/search/index.ts +++ b/src/plugins/data/common/search/index.ts @@ -23,4 +23,3 @@ export * from './expressions'; export * from './search_source'; export * from './tabify'; export * from './types'; -export * from './es_search'; diff --git a/src/plugins/data/common/search/types.ts b/src/plugins/data/common/search/types.ts index 0a299b57275f8..c3943af5c6ff7 100644 --- a/src/plugins/data/common/search/types.ts +++ b/src/plugins/data/common/search/types.ts @@ -26,14 +26,14 @@ export type ISearch = ( ) => Observable; export type ISearchGeneric = < - SearchStrategyRequest extends IEsSearchRequest = IEsSearchRequest, - SearchStrategyResponse extends IEsSearchResponse = IEsSearchResponse + SearchStrategyRequest extends IKibanaSearchRequest = IEsSearchRequest, + SearchStrategyResponse extends IKibanaSearchResponse = IEsSearchResponse >( request: SearchStrategyRequest, options?: ISearchOptions ) => Observable; -export interface IKibanaSearchResponse { +export interface IKibanaSearchResponse { /** * Some responses may contain a unique id to identify the request this response came from. */ @@ -50,16 +50,25 @@ export interface IKibanaSearchResponse { * that represents how progress is indicated. */ loaded?: number; + + /** + * Indicates whether search is still in flight + */ + isRunning?: boolean; + + /** + * Indicates whether the results returned are complete or partial + */ + isPartial?: boolean; + + rawResponse: RawResponse; } -export interface IKibanaSearchRequest { +export interface IKibanaSearchRequest { /** * An id can be used to uniquely identify this request. */ id?: string; - /** - * Optionally tell search strategies to output debug information. - */ - debug?: boolean; + params?: Params; } diff --git a/src/plugins/data/public/public.api.md b/src/plugins/data/public/public.api.md index 28dfbf824470c..6b419f6995447 100644 --- a/src/plugins/data/public/public.api.md +++ b/src/plugins/data/public/public.api.md @@ -918,22 +918,15 @@ export interface IDataPluginServices extends Partial { // Warning: (ae-missing-release-tag) "IEsSearchRequest" is exported by the package, but it is missing a release tag (@alpha, @beta, @public, or @internal) // // @public (undocumented) -export interface IEsSearchRequest extends IKibanaSearchRequest { +export interface IEsSearchRequest extends IKibanaSearchRequest { // (undocumented) indexType?: string; - // (undocumented) - params?: ISearchRequestParams; } // Warning: (ae-missing-release-tag) "IEsSearchResponse" is exported by the package, but it is missing a release tag (@alpha, @beta, @public, or @internal) // // @public (undocumented) -export interface IEsSearchResponse extends IKibanaSearchResponse { - isPartial?: boolean; - isRunning?: boolean; - // (undocumented) - rawResponse: SearchResponse; -} +export type IEsSearchResponse = IKibanaSearchResponse>; // Warning: (ae-missing-release-tag) "IFieldFormat" is exported by the package, but it is missing a release tag (@alpha, @beta, @public, or @internal) // @@ -1062,17 +1055,22 @@ export interface IIndexPatternFieldList extends Array { // Warning: (ae-missing-release-tag) "IKibanaSearchRequest" is exported by the package, but it is missing a release tag (@alpha, @beta, @public, or @internal) // // @public (undocumented) -export interface IKibanaSearchRequest { - debug?: boolean; +export interface IKibanaSearchRequest { id?: string; + // (undocumented) + params?: Params; } // Warning: (ae-missing-release-tag) "IKibanaSearchResponse" is exported by the package, but it is missing a release tag (@alpha, @beta, @public, or @internal) // // @public (undocumented) -export interface IKibanaSearchResponse { +export interface IKibanaSearchResponse { id?: string; + isPartial?: boolean; + isRunning?: boolean; loaded?: number; + // (undocumented) + rawResponse: RawResponse; total?: number; } @@ -1420,7 +1418,7 @@ export type InputTimeRange = TimeRange | { // Warning: (ae-missing-release-tag) "isCompleteResponse" is exported by the package, but it is missing a release tag (@alpha, @beta, @public, or @internal) // // @public (undocumented) -export const isCompleteResponse: (response?: IEsSearchResponse | undefined) => boolean | undefined; +export const isCompleteResponse: (response?: IKibanaSearchResponse | undefined) => boolean | undefined; // Warning: (ae-missing-release-tag) "ISearch" is exported by the package, but it is missing a release tag (@alpha, @beta, @public, or @internal) // @@ -1430,7 +1428,7 @@ export type ISearch = (request: IKibanaSearchRequest, options?: ISearchOptions) // Warning: (ae-missing-release-tag) "ISearchGeneric" is exported by the package, but it is missing a release tag (@alpha, @beta, @public, or @internal) // // @public (undocumented) -export type ISearchGeneric = (request: SearchStrategyRequest, options?: ISearchOptions) => Observable; +export type ISearchGeneric = (request: SearchStrategyRequest, options?: ISearchOptions) => Observable; // Warning: (ae-missing-release-tag) "ISearchOptions" is exported by the package, but it is missing a release tag (@alpha, @beta, @public, or @internal) // @@ -1477,7 +1475,7 @@ export interface ISearchStartSearchSource { // Warning: (ae-missing-release-tag) "isErrorResponse" is exported by the package, but it is missing a release tag (@alpha, @beta, @public, or @internal) // // @public (undocumented) -export const isErrorResponse: (response?: IEsSearchResponse | undefined) => boolean | undefined; +export const isErrorResponse: (response?: IKibanaSearchResponse | undefined) => boolean | undefined; // Warning: (ae-missing-release-tag) "isFilter" is exported by the package, but it is missing a release tag (@alpha, @beta, @public, or @internal) // @@ -1492,7 +1490,7 @@ export const isFilters: (x: unknown) => x is Filter[]; // Warning: (ae-missing-release-tag) "isPartialResponse" is exported by the package, but it is missing a release tag (@alpha, @beta, @public, or @internal) // // @public (undocumented) -export const isPartialResponse: (response?: IEsSearchResponse | undefined) => boolean | undefined; +export const isPartialResponse: (response?: IKibanaSearchResponse | undefined) => boolean | undefined; // Warning: (ae-missing-release-tag) "isQuery" is exported by the package, but it is missing a release tag (@alpha, @beta, @public, or @internal) // @@ -2030,8 +2028,8 @@ export class SearchInterceptor { // @internal protected pendingCount$: BehaviorSubject; // @internal (undocumented) - protected runSearch(request: IEsSearchRequest, signal: AbortSignal, strategy?: string): Observable; - search(request: IEsSearchRequest, options?: ISearchOptions): Observable; + protected runSearch(request: IEsSearchRequest, signal: AbortSignal, strategy?: string): Observable; + search(request: IEsSearchRequest, options?: ISearchOptions): Observable; // @internal (undocumented) protected setupAbortSignal({ abortSignal, timeout, }: { abortSignal?: AbortSignal; diff --git a/src/plugins/data/public/search/search_interceptor.ts b/src/plugins/data/public/search/search_interceptor.ts index 888e12a4285b1..802ee6db9433e 100644 --- a/src/plugins/data/public/search/search_interceptor.ts +++ b/src/plugins/data/public/search/search_interceptor.ts @@ -35,7 +35,7 @@ import { getCombinedSignal, AbortError, IEsSearchRequest, - IEsSearchResponse, + IKibanaSearchResponse, ISearchOptions, ES_SEARCH_STRATEGY, } from '../../common'; @@ -91,7 +91,7 @@ export class SearchInterceptor { request: IEsSearchRequest, signal: AbortSignal, strategy?: string - ): Observable { + ): Observable { const { id, ...searchRequest } = request; const path = trimEnd(`/internal/search/${strategy || ES_SEARCH_STRATEGY}/${id || ''}`, '/'); const body = JSON.stringify(searchRequest); @@ -113,7 +113,7 @@ export class SearchInterceptor { public search( request: IEsSearchRequest, options?: ISearchOptions - ): Observable { + ): Observable { // Defer the following logic until `subscribe` is actually called return defer(() => { if (options?.abortSignal?.aborted) { diff --git a/src/plugins/data/server/search/routes/search.ts b/src/plugins/data/server/search/routes/search.ts index b5d5ec283767d..492ad4395b32a 100644 --- a/src/plugins/data/server/search/routes/search.ts +++ b/src/plugins/data/server/search/routes/search.ts @@ -22,7 +22,6 @@ import { IRouter } from 'src/core/server'; import { getRequestAbortedSignal } from '../../lib'; import { SearchRouteDependencies } from '../search_service'; import { shimHitsTotal } from './shim_hits_total'; -import { isEsResponse } from '../../../common'; export function registerSearchRoute( router: IRouter, @@ -62,11 +61,9 @@ export function registerSearchRoute( return res.ok({ body: { ...response, - ...(isEsResponse(response) - ? { - rawResponse: shimHitsTotal(response.rawResponse), - } - : {}), + ...{ + rawResponse: shimHitsTotal(response.rawResponse), + }, }, }); } catch (err) { diff --git a/src/plugins/data/server/search/search_service.ts b/src/plugins/data/server/search/search_service.ts index e19d3dd8a5451..90da8c5653ac1 100644 --- a/src/plugins/data/server/search/search_service.ts +++ b/src/plugins/data/server/search/search_service.ts @@ -40,12 +40,15 @@ import { UsageCollectionSetup } from '../../../usage_collection/server'; import { registerUsageCollector } from './collectors/register'; import { usageProvider } from './collectors/usage'; import { searchTelemetry } from '../saved_objects'; -import { IEsSearchRequest, IEsSearchResponse, ISearchOptions } from '../../common'; +import { + IKibanaSearchRequest, + IKibanaSearchResponse, + IEsSearchRequest, + IEsSearchResponse, + ISearchOptions, +} from '../../common'; -type StrategyMap< - SearchStrategyRequest extends IEsSearchRequest = IEsSearchRequest, - SearchStrategyResponse extends IEsSearchResponse = IEsSearchResponse -> = Record>; +type StrategyMap = Record>; /** @internal */ export interface SearchServiceSetupDependencies { @@ -67,7 +70,7 @@ export interface SearchRouteDependencies { export class SearchService implements Plugin { private readonly aggsService = new AggsService(); private defaultSearchStrategyName: string = ES_SEARCH_STRATEGY; - private searchStrategies: StrategyMap = {}; + private searchStrategies: StrategyMap = {}; constructor( private initializerContext: PluginInitializerContext, @@ -113,19 +116,6 @@ export class SearchService implements Plugin { usage, }; } - - private search( - context: RequestHandlerContext, - searchRequest: IEsSearchRequest, - options: ISearchOptions - ) { - return this.getSearchStrategy(options.strategy || this.defaultSearchStrategyName).search( - context, - searchRequest, - options - ); - } - public start( { uiSettings }: CoreStart, { fieldFormats }: SearchServiceStartDependencies @@ -135,7 +125,7 @@ export class SearchService implements Plugin { getSearchStrategy: this.getSearchStrategy, search: ( context: RequestHandlerContext, - searchRequest: IEsSearchRequest, + searchRequest: IKibanaSearchRequest, options: Record ) => { return this.search(context, searchRequest, options); @@ -148,8 +138,8 @@ export class SearchService implements Plugin { } private registerSearchStrategy = < - SearchStrategyRequest extends IEsSearchRequest = IEsSearchRequest, - SearchStrategyResponse extends IEsSearchResponse = IEsSearchResponse + SearchStrategyRequest extends IKibanaSearchRequest = IEsSearchRequest, + SearchStrategyResponse extends IKibanaSearchResponse = IEsSearchResponse >( name: string, strategy: ISearchStrategy @@ -158,7 +148,25 @@ export class SearchService implements Plugin { this.searchStrategies[name] = strategy; }; - private getSearchStrategy = (name: string): ISearchStrategy => { + private search = < + SearchStrategyRequest extends IKibanaSearchRequest = IEsSearchRequest, + SearchStrategyResponse extends IKibanaSearchResponse = IEsSearchResponse + >( + context: RequestHandlerContext, + searchRequest: SearchStrategyRequest, + options: ISearchOptions + ): Promise => { + return this.getSearchStrategy( + options.strategy || this.defaultSearchStrategyName + ).search(context, searchRequest, options); + }; + + private getSearchStrategy = < + SearchStrategyRequest extends IKibanaSearchRequest = IEsSearchRequest, + SearchStrategyResponse extends IKibanaSearchResponse = IEsSearchResponse + >( + name: string + ): ISearchStrategy => { this.logger.debug(`Get strategy ${name}`); const strategy = this.searchStrategies[name]; if (!strategy) { diff --git a/src/plugins/data/server/search/types.ts b/src/plugins/data/server/search/types.ts index aefdac2ab639f..4764bd77278ac 100644 --- a/src/plugins/data/server/search/types.ts +++ b/src/plugins/data/server/search/types.ts @@ -18,7 +18,7 @@ */ import { RequestHandlerContext } from '../../../../core/server'; -import { ISearchOptions } from '../../common/search'; +import { ISearchOptions, IKibanaSearchRequest, IKibanaSearchResponse } from '../../common/search'; import { AggsSetup, AggsStart } from './aggs'; import { SearchUsage } from './collectors'; import { IEsSearchRequest, IEsSearchResponse } from './es_search'; @@ -34,8 +34,8 @@ export interface ISearchSetup { * strategies. */ registerSearchStrategy: < - SearchStrategyRequest extends IEsSearchRequest = IEsSearchRequest, - SearchStrategyResponse extends IEsSearchResponse = IEsSearchResponse + SearchStrategyRequest extends IKibanaSearchRequest = IEsSearchRequest, + SearchStrategyResponse extends IKibanaSearchResponse = IEsSearchResponse >( name: string, strategy: ISearchStrategy @@ -53,8 +53,8 @@ export interface ISearchSetup { } export interface ISearchStart< - SearchStrategyRequest extends IEsSearchRequest = IEsSearchRequest, - SearchStrategyResponse extends IEsSearchResponse = IEsSearchResponse + SearchStrategyRequest extends IKibanaSearchRequest = IEsSearchRequest, + SearchStrategyResponse extends IKibanaSearchResponse = IEsSearchResponse > { aggs: AggsStart; /** @@ -66,9 +66,9 @@ export interface ISearchStart< ) => ISearchStrategy; search: ( context: RequestHandlerContext, - request: IEsSearchRequest, + request: SearchStrategyRequest, options: ISearchOptions - ) => Promise; + ) => Promise; } /** @@ -76,8 +76,8 @@ export interface ISearchStart< * that resolves to a response. */ export interface ISearchStrategy< - SearchStrategyRequest extends IEsSearchRequest = IEsSearchRequest, - SearchStrategyResponse extends IEsSearchResponse = IEsSearchResponse + SearchStrategyRequest extends IKibanaSearchRequest = IEsSearchRequest, + SearchStrategyResponse extends IKibanaSearchResponse = IEsSearchResponse > { search: ( context: RequestHandlerContext, diff --git a/src/plugins/data/server/server.api.md b/src/plugins/data/server/server.api.md index 6d4112543ce0e..f465ece697a70 100644 --- a/src/plugins/data/server/server.api.md +++ b/src/plugins/data/server/server.api.md @@ -527,28 +527,20 @@ export type IAggConfigs = AggConfigs; export type IAggType = AggType; // Warning: (ae-forgotten-export) The symbol "IKibanaSearchRequest" needs to be exported by the entry point index.d.ts +// Warning: (ae-forgotten-export) The symbol "ISearchRequestParams" needs to be exported by the entry point index.d.ts // Warning: (ae-missing-release-tag) "IEsSearchRequest" is exported by the package, but it is missing a release tag (@alpha, @beta, @public, or @internal) // // @public (undocumented) -export interface IEsSearchRequest extends IKibanaSearchRequest { +export interface IEsSearchRequest extends IKibanaSearchRequest { // (undocumented) indexType?: string; - // Warning: (ae-forgotten-export) The symbol "ISearchRequestParams" needs to be exported by the entry point index.d.ts - // - // (undocumented) - params?: ISearchRequestParams; } // Warning: (ae-forgotten-export) The symbol "IKibanaSearchResponse" needs to be exported by the entry point index.d.ts // Warning: (ae-missing-release-tag) "IEsSearchResponse" is exported by the package, but it is missing a release tag (@alpha, @beta, @public, or @internal) // // @public (undocumented) -export interface IEsSearchResponse extends IKibanaSearchResponse { - isPartial?: boolean; - isRunning?: boolean; - // (undocumented) - rawResponse: SearchResponse; -} +export type IEsSearchResponse = IKibanaSearchResponse>; // Warning: (ae-missing-release-tag) "IFieldFormatsRegistry" is exported by the package, but it is missing a release tag (@alpha, @beta, @public, or @internal) // @@ -824,14 +816,14 @@ export interface ISearchSetup { // // (undocumented) aggs: AggsSetup; - registerSearchStrategy: (name: string, strategy: ISearchStrategy) => void; + registerSearchStrategy: (name: string, strategy: ISearchStrategy) => void; usage?: SearchUsage; } // Warning: (ae-missing-release-tag) "ISearchStart" is exported by the package, but it is missing a release tag (@alpha, @beta, @public, or @internal) // // @public (undocumented) -export interface ISearchStart { +export interface ISearchStart { // Warning: (ae-forgotten-export) The symbol "AggsStart" needs to be exported by the entry point index.d.ts // // (undocumented) @@ -840,13 +832,13 @@ export interface ISearchStart Promise; + search: (context: RequestHandlerContext, request: SearchStrategyRequest, options: ISearchOptions) => Promise; } // Warning: (ae-missing-release-tag) "ISearchStrategy" is exported by the package, but it is missing a release tag (@alpha, @beta, @public, or @internal) // // @public -export interface ISearchStrategy { +export interface ISearchStrategy { // (undocumented) cancel?: (context: RequestHandlerContext, id: string) => Promise; // (undocumented) From 57d10144f9d9d661257d9eb86dad78b3bffab7cc Mon Sep 17 00:00:00 2001 From: Brandon Kobel Date: Thu, 24 Sep 2020 09:08:50 -0700 Subject: [PATCH 21/63] elasticsearch::Client#child performance improvements (#77836) * Updating the version of the elasticsearch-js Client * ES Client methods aren't implicitly bound to the Client anymore * Adjusting mocks to work with prototypical inheritance * Fixing effects of ping returning a Boolean, now. * Updating @elastic/elasticsearch to 7.9.1 * Responding to @restrry's feedback * Now with destructuring... --- package.json | 2 +- src/core/server/elasticsearch/client/mocks.ts | 57 +++++++++++++------ .../migrations/core/migration_es_client.ts | 2 +- .../server/plugin.ts | 6 +- yarn.lock | 8 +-- 5 files changed, 49 insertions(+), 26 deletions(-) diff --git a/package.json b/package.json index 6703b688b19fd..5345f8752d4af 100644 --- a/package.json +++ b/package.json @@ -118,7 +118,7 @@ "@babel/core": "^7.11.1", "@babel/register": "^7.10.5", "@elastic/datemath": "5.0.3", - "@elastic/elasticsearch": "7.9.0-rc.2", + "@elastic/elasticsearch": "7.9.1", "@elastic/eui": "29.0.0", "@elastic/good": "8.1.1-kibana2", "@elastic/numeral": "^2.5.0", diff --git a/src/core/server/elasticsearch/client/mocks.ts b/src/core/server/elasticsearch/client/mocks.ts index 6fb3dc090bfb4..fb2826c787718 100644 --- a/src/core/server/elasticsearch/client/mocks.ts +++ b/src/core/server/elasticsearch/client/mocks.ts @@ -31,6 +31,7 @@ const createInternalClientMock = (): DeeplyMockedKeys => { '_events', '_eventsCount', '_maxListeners', + 'constructor', 'name', 'serializer', 'connectionPool', @@ -38,35 +39,57 @@ const createInternalClientMock = (): DeeplyMockedKeys => { 'helpers', ]; + const getAllPropertyDescriptors = (obj: Record) => { + const descriptors = Object.entries(Object.getOwnPropertyDescriptors(obj)); + let prototype = Object.getPrototypeOf(obj); + while (prototype != null && prototype !== Object.prototype) { + descriptors.push(...Object.entries(Object.getOwnPropertyDescriptors(prototype))); + prototype = Object.getPrototypeOf(prototype); + } + return descriptors; + }; + const mockify = (obj: Record, omitted: string[] = []) => { - Object.keys(obj) - .filter((key) => !omitted.includes(key)) - .forEach((key) => { - const propType = typeof obj[key]; - if (propType === 'function') { + // the @elastic/elasticsearch::Client uses prototypical inheritance + // so we have to crawl up the prototype chain and get all descriptors + // to find everything that we should be mocking + const descriptors = getAllPropertyDescriptors(obj); + descriptors + .filter(([key]) => !omitted.includes(key)) + .forEach(([key, descriptor]) => { + if (typeof descriptor.value === 'function') { obj[key] = jest.fn(() => createSuccessTransportRequestPromise({})); - } else if (propType === 'object' && obj[key] != null) { - mockify(obj[key]); + } else if (typeof obj[key] === 'object' && obj[key] != null) { + mockify(obj[key], omitted); } }); }; mockify(client, omittedProps); - // client got some read-only (getter) properties - // so we need to extend it to override the getter-only props. - const mock: any = { ...client }; + client.close = jest.fn().mockReturnValue(Promise.resolve()); + client.child = jest.fn().mockImplementation(() => createInternalClientMock()); + + const mockGetter = (obj: Record, propertyName: string) => { + Object.defineProperty(obj, propertyName, { + configurable: true, + enumerable: false, + get: () => jest.fn(), + set: undefined, + }); + }; - mock.transport = { + // `on`, `off`, and `once` are properties without a setter. + // We can't `client.on = jest.fn()` because the following error will be thrown: + // TypeError: Cannot set property on of # which has only a getter + mockGetter(client, 'on'); + mockGetter(client, 'off'); + mockGetter(client, 'once'); + client.transport = { request: jest.fn(), }; - mock.close = jest.fn().mockReturnValue(Promise.resolve()); - mock.child = jest.fn().mockImplementation(() => createInternalClientMock()); - mock.on = jest.fn(); - mock.off = jest.fn(); - mock.once = jest.fn(); - return (mock as unknown) as DeeplyMockedKeys; + return client as DeeplyMockedKeys; }; export type ElasticsearchClientMock = DeeplyMockedKeys; diff --git a/src/core/server/saved_objects/migrations/core/migration_es_client.ts b/src/core/server/saved_objects/migrations/core/migration_es_client.ts index ff859057f8fe8..e8482e6352a82 100644 --- a/src/core/server/saved_objects/migrations/core/migration_es_client.ts +++ b/src/core/server/saved_objects/migrations/core/migration_es_client.ts @@ -80,7 +80,7 @@ export function createMigrationEsClient( throw new Error(`unknown ElasticsearchClient client method [${key}]`); } return await migrationRetryCallCluster( - () => fn(params, { maxRetries: 0, ...options }), + () => fn.call(client, params, { maxRetries: 0, ...options }), log, delay ); diff --git a/test/plugin_functional/plugins/elasticsearch_client_plugin/server/plugin.ts b/test/plugin_functional/plugins/elasticsearch_client_plugin/server/plugin.ts index 5e018ca7818d3..8b6c8a99c73e8 100644 --- a/test/plugin_functional/plugins/elasticsearch_client_plugin/server/plugin.ts +++ b/test/plugin_functional/plugins/elasticsearch_client_plugin/server/plugin.ts @@ -26,7 +26,7 @@ export class ElasticsearchClientPlugin implements Plugin { { path: '/api/elasticsearch_client_plugin/context/ping', validate: false }, async (context, req, res) => { const { body } = await context.core.elasticsearch.client.asInternalUser.ping(); - return res.ok({ body }); + return res.ok({ body: JSON.stringify(body) }); } ); router.get( @@ -34,14 +34,14 @@ export class ElasticsearchClientPlugin implements Plugin { async (context, req, res) => { const [coreStart] = await core.getStartServices(); const { body } = await coreStart.elasticsearch.client.asInternalUser.ping(); - return res.ok({ body }); + return res.ok({ body: JSON.stringify(body) }); } ); router.get( { path: '/api/elasticsearch_client_plugin/custom_client/ping', validate: false }, async (context, req, res) => { const { body } = await this.client!.asInternalUser.ping(); - return res.ok({ body }); + return res.ok({ body: JSON.stringify(body) }); } ); } diff --git a/yarn.lock b/yarn.lock index 06e735c5caf85..182eb90d5f7a4 100644 --- a/yarn.lock +++ b/yarn.lock @@ -1204,10 +1204,10 @@ pump "^3.0.0" secure-json-parse "^2.1.0" -"@elastic/elasticsearch@7.9.0-rc.2": - version "7.9.0-rc.2" - resolved "https://registry.yarnpkg.com/@elastic/elasticsearch/-/elasticsearch-7.9.0-rc.2.tgz#cbc935f30940a15484b5ec3758c9b1ef119a5e5c" - integrity sha512-1FKCQJVr7s/LasKq6VbrmbWCI0LjoPcnjgmh2vKPzC+yyEEHVoYlmEfR5wBRchK1meATTXZtDhCVF95+Q9kVbA== +"@elastic/elasticsearch@7.9.1": + version "7.9.1" + resolved "https://registry.yarnpkg.com/@elastic/elasticsearch/-/elasticsearch-7.9.1.tgz#40f1c38e8f70d783851c13be78a7cb346891c15e" + integrity sha512-NfPADbm9tRK/4ohpm9+aBtJ8WPKQqQaReyBKT225pi2oKQO1IzRlfM+OPplAvbhoH1efrSj1NKk27L+4BCrzXQ== dependencies: debug "^4.1.1" decompress-response "^4.2.0" From b8739c553bf781f50f0d27edffd9556179cdf4b8 Mon Sep 17 00:00:00 2001 From: Rashmi Kulkarni Date: Thu, 24 Sep 2020 09:12:41 -0700 Subject: [PATCH 22/63] test for dashboard drilldown (#78377) --- .../drilldowns/dashboard_to_dashboard_drilldown.ts | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/x-pack/test/functional/apps/dashboard/drilldowns/dashboard_to_dashboard_drilldown.ts b/x-pack/test/functional/apps/dashboard/drilldowns/dashboard_to_dashboard_drilldown.ts index c300412c393bc..43b88915b69d9 100644 --- a/x-pack/test/functional/apps/dashboard/drilldowns/dashboard_to_dashboard_drilldown.ts +++ b/x-pack/test/functional/apps/dashboard/drilldowns/dashboard_to_dashboard_drilldown.ts @@ -21,14 +21,20 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) { const retry = getService('retry'); const testSubjects = getService('testSubjects'); const filterBar = getService('filterBar'); + const security = getService('security'); describe('Dashboard to dashboard drilldown', function () { before(async () => { log.debug('Dashboard Drilldowns:initTests'); + await security.testUser.setRoles(['test_logstash_reader', 'global_dashboard_all']); await PageObjects.common.navigateToApp('dashboard'); await PageObjects.dashboard.preserveCrossAppState(); }); + after(async () => { + await security.testUser.restoreDefaults(); + }); + it('should create dashboard to dashboard drilldown, use it, and then delete it', async () => { await PageObjects.dashboard.gotoDashboardEditMode( dashboardDrilldownsManage.DASHBOARD_WITH_PIE_CHART_NAME From 179c7d996c22fd34cbd5ede8dbdd78c6eb384838 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Patryk=20Kopyci=C5=84ski?= Date: Thu, 24 Sep 2020 18:23:44 +0200 Subject: [PATCH 23/63] [Security Solution] Cleanup graphql (#78403) * [Security Solution] Cleanup graphql * cleanup * cleanup * fix types Co-authored-by: Elastic Machine --- .../common/ecs/network/index.ts | 5 - .../security_solution/network/common/index.ts | 11 + .../components/event_details/json_view.tsx | 6 +- .../common/components/event_details/types.ts | 4 +- .../components/last_event_time/index.test.tsx | 10 +- .../components/last_event_time/index.tsx | 3 +- .../components/matrix_histogram/utils.test.ts | 4 +- .../components/matrix_histogram/utils.ts | 6 +- .../last_event_time.gql_query.ts | 29 - .../containers/events/last_event_time/mock.ts | 52 +- .../matrix_histogram/index.gql_query.ts | 41 - .../public/common/mock/mock_detail_item.ts | 4 +- .../public/common/mock/timeline_results.ts | 11 +- .../components/alerts_table/actions.test.tsx | 15 + .../components/alerts_table/actions.tsx | 31 +- .../components/alerts_table/helpers.ts | 13 +- .../investigate_in_timeline_action.tsx | 14 +- .../components/alerts_table/types.ts | 2 + .../public/graphql/introspection.json | 10410 +++++----------- .../security_solution/public/graphql/types.ts | 4287 ++----- .../authentications/index.gql_query.ts | 74 - .../kpi_host_details/index.gql_query.tsx | 52 - .../containers/kpi_host_details/index.tsx | 93 - .../containers/kpi_hosts/index.gql_query.ts | 52 - .../public/hosts/pages/details/index.tsx | 3 +- .../public/hosts/pages/hosts.tsx | 2 +- .../network/components/direction/index.tsx | 2 +- .../__snapshots__/index.test.tsx.snap | 2 +- .../components/network_dns_table/columns.tsx | 2 +- .../network_dns_table/index.test.tsx | 26 +- .../components/network_dns_table/index.tsx | 216 +- .../components/network_dns_table/mock.ts | 345 +- .../__snapshots__/index.test.tsx.snap | 101 +- .../network_http_table/index.test.tsx | 26 +- .../components/network_http_table/mock.ts | 144 +- .../__snapshots__/index.test.tsx.snap | 12 +- .../network_top_n_flow_table/columns.tsx | 2 +- .../network_top_n_flow_table/index.test.tsx | 40 +- .../network_top_n_flow_table/index.tsx | 83 +- .../network_top_n_flow_table/mock.ts | 130 +- .../containers/kpi_network/index.gql_query.ts | 44 - .../containers/network_dns/index.gql_query.ts | 58 - .../network/containers/network_dns/index.tsx | 2 +- .../network_http/index.gql_query.ts | 57 - .../network/containers/network_http/index.tsx | 3 +- .../network_top_countries/index.gql_query.ts | 68 - .../network_top_n_flow/index.gql_query.ts | 98 - .../public/network/pages/details/index.tsx | 4 +- .../public/network/pages/network.tsx | 2 +- .../components/timeline/footer/index.test.tsx | 39 +- .../components/timeline/footer/mock.ts | 86 - .../containers/details/index.gql_query.ts | 33 - .../timelines/containers/index.gql_query.ts | 375 - .../server/graphql/authentications/index.ts | 8 - .../graphql/authentications/resolvers.ts | 35 - .../graphql/authentications/schema.gql.ts | 47 - .../server/graphql/events/index.ts | 8 - .../server/graphql/events/resolvers.ts | 105 - .../server/graphql/events/schema.gql.ts | 95 - .../security_solution/server/graphql/index.ts | 14 - .../server/graphql/kpi_hosts/index.ts | 8 - .../server/graphql/kpi_hosts/resolvers.ts | 45 - .../server/graphql/kpi_hosts/schema.gql.ts | 56 - .../server/graphql/kpi_network/index.ts | 8 - .../server/graphql/kpi_network/resolvers.ts | 35 - .../server/graphql/kpi_network/schema.gql.ts | 35 - .../server/graphql/matrix_histogram/index.ts | 8 - .../graphql/matrix_histogram/resolvers.ts | 39 - .../graphql/matrix_histogram/schema.gql.ts | 39 - .../server/graphql/network/index.ts | 8 - .../server/graphql/network/resolvers.ts | 83 - .../server/graphql/network/schema.gql.ts | 253 - .../security_solution/server/graphql/types.ts | 9367 ++++++-------- .../server/graphql/who_am_i/index.ts | 8 - .../server/graphql/who_am_i/resolvers.ts | 28 - .../server/graphql/who_am_i/schema.gql.ts | 19 - .../security_solution/server/init_server.ts | 15 - .../elasticsearch_adapter.test.ts | 135 - .../authentications/elasticsearch_adapter.ts | 119 - .../server/lib/authentications/index.ts | 21 - .../server/lib/authentications/query.dsl.ts | 121 - .../server/lib/authentications/types.ts | 62 - .../server/lib/compose/kibana.ts | 15 - .../lib/events/elasticsearch_adapter.test.ts | 549 - .../lib/events/elasticsearch_adapter.ts | 264 - .../server/lib/events/index.ts | 40 - .../server/lib/events/mock.ts | 3412 ----- .../server/lib/events/query.dsl.ts | 104 - .../lib/events/query.last_event_time.dsl.ts | 91 - .../server/lib/events/types.ts | 97 - .../server/lib/framework/types.ts | 7 - .../kpi_hosts/elasticsearch_adapter.test.ts | 282 - .../lib/kpi_hosts/elasticsearch_adapter.ts | 205 - .../server/lib/kpi_hosts/helpers.test.ts | 21 - .../server/lib/kpi_hosts/helpers.ts | 11 - .../server/lib/kpi_hosts/index.ts | 28 - .../server/lib/kpi_hosts/mock.ts | 606 - .../query_authentication.dsl.test.ts | 30 - .../lib/kpi_hosts/query_authentication.dsl.ts | 105 - .../server/lib/kpi_hosts/query_hosts.dsl.ts | 69 - .../kpi_hosts/query_unique_ips.dsl.test.ts | 24 - .../lib/kpi_hosts/query_unique_ips.dsl.ts | 87 - .../server/lib/kpi_hosts/types.ts | 126 - .../lib/kpi_network/elastic_adapter.test.ts | 147 - .../lib/kpi_network/elasticsearch_adapter.ts | 113 - .../server/lib/kpi_network/helpers.ts | 25 - .../server/lib/kpi_network/index.ts | 21 - .../server/lib/kpi_network/mock.ts | 335 - .../server/lib/kpi_network/query_dns.dsl.ts | 78 - .../lib/kpi_network/query_network_events.ts | 52 - .../kpi_network/query_tls_handshakes.dsl.ts | 78 - .../lib/kpi_network/query_unique_flow.ts | 59 - .../query_unique_private_ips.dsl.ts | 108 - .../server/lib/kpi_network/types.ts | 50 - .../matrix_histogram/elasticsearch_adapter.ts | 81 - .../elasticseatch_adapter.test.ts | 56 - .../server/lib/matrix_histogram/index.ts | 21 - .../server/lib/matrix_histogram/mock.ts | 118 - .../query.anomalies_over_time.dsl.ts | 78 - .../query.authentications_over_time.dsl.ts | 92 - .../query.events_over_time.dsl.ts | 93 - .../lib/matrix_histogram/query_alerts.dsl.ts | 121 - .../query_dns_histogram.dsl.ts | 84 - .../lib/matrix_histogram/translations.ts | 14 - .../server/lib/matrix_histogram/types.ts | 144 - .../server/lib/matrix_histogram/utils.ts | 50 - .../elastic_adapter.test.ts.snap | 1366 -- .../lib/network/elastic_adapter.test.ts | 171 - .../lib/network/elasticsearch_adapter.ts | 361 - .../server/lib/network/index.ts | 77 - .../server/lib/network/mock.ts | 1675 --- .../server/lib/network/query_dns.dsl.ts | 134 - .../server/lib/network/query_http.dsl.ts | 116 - .../lib/network/query_top_countries.dsl.ts | 153 - .../lib/network/query_top_n_flow.dsl.ts | 194 - .../server/lib/network/types.ts | 165 - .../security_solution/server/lib/types.ts | 12 - .../apis/security_solution/authentications.ts | 2 + .../apis/security_solution/index.js | 14 +- .../security_solution/kpi_host_details.ts | 2 + .../apis/security_solution/kpi_hosts.ts | 2 + .../apis/security_solution/kpi_network.ts | 2 + .../apis/security_solution/network_dns.ts | 5 + .../security_solution/network_top_n_flow.ts | 5 + .../apis/security_solution/timeline.ts | 2 + .../security_solution/timeline_details.ts | 3 + 146 files changed, 8597 insertions(+), 32113 deletions(-) delete mode 100644 x-pack/plugins/security_solution/public/common/containers/events/last_event_time/last_event_time.gql_query.ts delete mode 100644 x-pack/plugins/security_solution/public/common/containers/matrix_histogram/index.gql_query.ts delete mode 100644 x-pack/plugins/security_solution/public/hosts/containers/authentications/index.gql_query.ts delete mode 100644 x-pack/plugins/security_solution/public/hosts/containers/kpi_host_details/index.gql_query.tsx delete mode 100644 x-pack/plugins/security_solution/public/hosts/containers/kpi_host_details/index.tsx delete mode 100644 x-pack/plugins/security_solution/public/hosts/containers/kpi_hosts/index.gql_query.ts delete mode 100644 x-pack/plugins/security_solution/public/network/containers/kpi_network/index.gql_query.ts delete mode 100644 x-pack/plugins/security_solution/public/network/containers/network_dns/index.gql_query.ts delete mode 100644 x-pack/plugins/security_solution/public/network/containers/network_http/index.gql_query.ts delete mode 100644 x-pack/plugins/security_solution/public/network/containers/network_top_countries/index.gql_query.ts delete mode 100644 x-pack/plugins/security_solution/public/network/containers/network_top_n_flow/index.gql_query.ts delete mode 100644 x-pack/plugins/security_solution/public/timelines/components/timeline/footer/mock.ts delete mode 100644 x-pack/plugins/security_solution/public/timelines/containers/details/index.gql_query.ts delete mode 100644 x-pack/plugins/security_solution/public/timelines/containers/index.gql_query.ts delete mode 100644 x-pack/plugins/security_solution/server/graphql/authentications/index.ts delete mode 100644 x-pack/plugins/security_solution/server/graphql/authentications/resolvers.ts delete mode 100644 x-pack/plugins/security_solution/server/graphql/authentications/schema.gql.ts delete mode 100644 x-pack/plugins/security_solution/server/graphql/events/index.ts delete mode 100644 x-pack/plugins/security_solution/server/graphql/events/resolvers.ts delete mode 100644 x-pack/plugins/security_solution/server/graphql/events/schema.gql.ts delete mode 100644 x-pack/plugins/security_solution/server/graphql/kpi_hosts/index.ts delete mode 100644 x-pack/plugins/security_solution/server/graphql/kpi_hosts/resolvers.ts delete mode 100644 x-pack/plugins/security_solution/server/graphql/kpi_hosts/schema.gql.ts delete mode 100644 x-pack/plugins/security_solution/server/graphql/kpi_network/index.ts delete mode 100644 x-pack/plugins/security_solution/server/graphql/kpi_network/resolvers.ts delete mode 100644 x-pack/plugins/security_solution/server/graphql/kpi_network/schema.gql.ts delete mode 100644 x-pack/plugins/security_solution/server/graphql/matrix_histogram/index.ts delete mode 100644 x-pack/plugins/security_solution/server/graphql/matrix_histogram/resolvers.ts delete mode 100644 x-pack/plugins/security_solution/server/graphql/matrix_histogram/schema.gql.ts delete mode 100644 x-pack/plugins/security_solution/server/graphql/network/index.ts delete mode 100644 x-pack/plugins/security_solution/server/graphql/network/resolvers.ts delete mode 100644 x-pack/plugins/security_solution/server/graphql/network/schema.gql.ts delete mode 100644 x-pack/plugins/security_solution/server/graphql/who_am_i/index.ts delete mode 100644 x-pack/plugins/security_solution/server/graphql/who_am_i/resolvers.ts delete mode 100644 x-pack/plugins/security_solution/server/graphql/who_am_i/schema.gql.ts delete mode 100644 x-pack/plugins/security_solution/server/lib/authentications/elasticsearch_adapter.test.ts delete mode 100644 x-pack/plugins/security_solution/server/lib/authentications/elasticsearch_adapter.ts delete mode 100644 x-pack/plugins/security_solution/server/lib/authentications/index.ts delete mode 100644 x-pack/plugins/security_solution/server/lib/authentications/query.dsl.ts delete mode 100644 x-pack/plugins/security_solution/server/lib/authentications/types.ts delete mode 100644 x-pack/plugins/security_solution/server/lib/events/elasticsearch_adapter.test.ts delete mode 100644 x-pack/plugins/security_solution/server/lib/events/elasticsearch_adapter.ts delete mode 100644 x-pack/plugins/security_solution/server/lib/events/index.ts delete mode 100644 x-pack/plugins/security_solution/server/lib/events/mock.ts delete mode 100644 x-pack/plugins/security_solution/server/lib/events/query.dsl.ts delete mode 100644 x-pack/plugins/security_solution/server/lib/events/query.last_event_time.dsl.ts delete mode 100644 x-pack/plugins/security_solution/server/lib/events/types.ts delete mode 100644 x-pack/plugins/security_solution/server/lib/kpi_hosts/elasticsearch_adapter.test.ts delete mode 100644 x-pack/plugins/security_solution/server/lib/kpi_hosts/elasticsearch_adapter.ts delete mode 100644 x-pack/plugins/security_solution/server/lib/kpi_hosts/helpers.test.ts delete mode 100644 x-pack/plugins/security_solution/server/lib/kpi_hosts/helpers.ts delete mode 100644 x-pack/plugins/security_solution/server/lib/kpi_hosts/index.ts delete mode 100644 x-pack/plugins/security_solution/server/lib/kpi_hosts/mock.ts delete mode 100644 x-pack/plugins/security_solution/server/lib/kpi_hosts/query_authentication.dsl.test.ts delete mode 100644 x-pack/plugins/security_solution/server/lib/kpi_hosts/query_authentication.dsl.ts delete mode 100644 x-pack/plugins/security_solution/server/lib/kpi_hosts/query_hosts.dsl.ts delete mode 100644 x-pack/plugins/security_solution/server/lib/kpi_hosts/query_unique_ips.dsl.test.ts delete mode 100644 x-pack/plugins/security_solution/server/lib/kpi_hosts/query_unique_ips.dsl.ts delete mode 100644 x-pack/plugins/security_solution/server/lib/kpi_hosts/types.ts delete mode 100644 x-pack/plugins/security_solution/server/lib/kpi_network/elastic_adapter.test.ts delete mode 100644 x-pack/plugins/security_solution/server/lib/kpi_network/elasticsearch_adapter.ts delete mode 100644 x-pack/plugins/security_solution/server/lib/kpi_network/helpers.ts delete mode 100644 x-pack/plugins/security_solution/server/lib/kpi_network/index.ts delete mode 100644 x-pack/plugins/security_solution/server/lib/kpi_network/mock.ts delete mode 100644 x-pack/plugins/security_solution/server/lib/kpi_network/query_dns.dsl.ts delete mode 100644 x-pack/plugins/security_solution/server/lib/kpi_network/query_network_events.ts delete mode 100644 x-pack/plugins/security_solution/server/lib/kpi_network/query_tls_handshakes.dsl.ts delete mode 100644 x-pack/plugins/security_solution/server/lib/kpi_network/query_unique_flow.ts delete mode 100644 x-pack/plugins/security_solution/server/lib/kpi_network/query_unique_private_ips.dsl.ts delete mode 100644 x-pack/plugins/security_solution/server/lib/kpi_network/types.ts delete mode 100644 x-pack/plugins/security_solution/server/lib/matrix_histogram/elasticsearch_adapter.ts delete mode 100644 x-pack/plugins/security_solution/server/lib/matrix_histogram/elasticseatch_adapter.test.ts delete mode 100644 x-pack/plugins/security_solution/server/lib/matrix_histogram/index.ts delete mode 100644 x-pack/plugins/security_solution/server/lib/matrix_histogram/mock.ts delete mode 100644 x-pack/plugins/security_solution/server/lib/matrix_histogram/query.anomalies_over_time.dsl.ts delete mode 100644 x-pack/plugins/security_solution/server/lib/matrix_histogram/query.authentications_over_time.dsl.ts delete mode 100644 x-pack/plugins/security_solution/server/lib/matrix_histogram/query.events_over_time.dsl.ts delete mode 100644 x-pack/plugins/security_solution/server/lib/matrix_histogram/query_alerts.dsl.ts delete mode 100644 x-pack/plugins/security_solution/server/lib/matrix_histogram/query_dns_histogram.dsl.ts delete mode 100644 x-pack/plugins/security_solution/server/lib/matrix_histogram/translations.ts delete mode 100644 x-pack/plugins/security_solution/server/lib/matrix_histogram/types.ts delete mode 100644 x-pack/plugins/security_solution/server/lib/matrix_histogram/utils.ts delete mode 100644 x-pack/plugins/security_solution/server/lib/network/__snapshots__/elastic_adapter.test.ts.snap delete mode 100644 x-pack/plugins/security_solution/server/lib/network/elastic_adapter.test.ts delete mode 100644 x-pack/plugins/security_solution/server/lib/network/elasticsearch_adapter.ts delete mode 100644 x-pack/plugins/security_solution/server/lib/network/index.ts delete mode 100644 x-pack/plugins/security_solution/server/lib/network/mock.ts delete mode 100644 x-pack/plugins/security_solution/server/lib/network/query_dns.dsl.ts delete mode 100644 x-pack/plugins/security_solution/server/lib/network/query_http.dsl.ts delete mode 100644 x-pack/plugins/security_solution/server/lib/network/query_top_countries.dsl.ts delete mode 100644 x-pack/plugins/security_solution/server/lib/network/query_top_n_flow.dsl.ts delete mode 100644 x-pack/plugins/security_solution/server/lib/network/types.ts diff --git a/x-pack/plugins/security_solution/common/ecs/network/index.ts b/x-pack/plugins/security_solution/common/ecs/network/index.ts index c2fc3cb4b9f48..18f7583d12231 100644 --- a/x-pack/plugins/security_solution/common/ecs/network/index.ts +++ b/x-pack/plugins/security_solution/common/ecs/network/index.ts @@ -6,14 +6,9 @@ export interface NetworkEcs { bytes?: number[]; - community_id?: string[]; - direction?: string[]; - packets?: number[]; - protocol?: string[]; - transport?: string[]; } diff --git a/x-pack/plugins/security_solution/common/search_strategy/security_solution/network/common/index.ts b/x-pack/plugins/security_solution/common/search_strategy/security_solution/network/common/index.ts index 19521741c5f66..b557755b07a03 100644 --- a/x-pack/plugins/security_solution/common/search_strategy/security_solution/network/common/index.ts +++ b/x-pack/plugins/security_solution/common/search_strategy/security_solution/network/common/index.ts @@ -7,6 +7,17 @@ import { GeoEcs } from '../../../../ecs/geo'; import { Maybe } from '../../..'; +export enum NetworkDirectionEcs { + inbound = 'inbound', + outbound = 'outbound', + internal = 'internal', + external = 'external', + incoming = 'incoming', + outgoing = 'outgoing', + listening = 'listening', + unknown = 'unknown', +} + export enum NetworkTopTablesFields { bytes_in = 'bytes_in', bytes_out = 'bytes_out', diff --git a/x-pack/plugins/security_solution/public/common/components/event_details/json_view.tsx b/x-pack/plugins/security_solution/public/common/components/event_details/json_view.tsx index 1b8177b2038ae..168fe6e65564d 100644 --- a/x-pack/plugins/security_solution/public/common/components/event_details/json_view.tsx +++ b/x-pack/plugins/security_solution/public/common/components/event_details/json_view.tsx @@ -9,11 +9,11 @@ import { set } from '@elastic/safer-lodash-set/fp'; import React from 'react'; import styled from 'styled-components'; -import { DetailItem } from '../../../graphql/types'; +import { TimelineEventsDetailsItem } from '../../../../common/search_strategy'; import { omitTypenameAndEmpty } from '../../../timelines/components/timeline/body/helpers'; interface Props { - data: DetailItem[]; + data: TimelineEventsDetailsItem[]; } const JsonEditor = styled.div` @@ -40,5 +40,5 @@ export const JsonView = React.memo(({ data }) => ( JsonView.displayName = 'JsonView'; -export const buildJsonView = (data: DetailItem[]) => +export const buildJsonView = (data: TimelineEventsDetailsItem[]) => data.reduce((accumulator, item) => set(item.field, item.originalValue, accumulator), {}); diff --git a/x-pack/plugins/security_solution/public/common/components/event_details/types.ts b/x-pack/plugins/security_solution/public/common/components/event_details/types.ts index db53f411fa518..ed27a57745787 100644 --- a/x-pack/plugins/security_solution/public/common/components/event_details/types.ts +++ b/x-pack/plugins/security_solution/public/common/components/event_details/types.ts @@ -5,6 +5,6 @@ */ import { BrowserField } from '../../containers/source'; -import { DetailItem } from '../../../graphql/types'; +import { TimelineEventsDetailsItem } from '../../../../common/search_strategy'; -export type EventFieldsData = BrowserField & DetailItem; +export type EventFieldsData = BrowserField & TimelineEventsDetailsItem; diff --git a/x-pack/plugins/security_solution/public/common/components/last_event_time/index.test.tsx b/x-pack/plugins/security_solution/public/common/components/last_event_time/index.test.tsx index c2800b0705b43..cc0c4d4c837a3 100644 --- a/x-pack/plugins/security_solution/public/common/components/last_event_time/index.test.tsx +++ b/x-pack/plugins/security_solution/public/common/components/last_event_time/index.test.tsx @@ -7,7 +7,7 @@ import React from 'react'; import { getEmptyValue } from '../empty_value'; -import { LastEventIndexKey } from '../../../graphql/types'; +import { LastEventIndexKey } from '../../../../common/search_strategy'; import { mockLastEventTimeQuery } from '../../containers/events/last_event_time/mock'; import { useMountAppended } from '../../utils/use_mount_appended'; @@ -48,8 +48,8 @@ describe('Last Event Time Stat', () => { (useTimelineLastEventTime as jest.Mock).mockReturnValue([ false, { - lastSeen: mockLastEventTimeQuery[0].result.data!.source.LastEventTime.lastSeen, - errorMessage: mockLastEventTimeQuery[0].result.data!.source.LastEventTime.errorMessage, + lastSeen: mockLastEventTimeQuery.lastSeen, + errorMessage: mockLastEventTimeQuery.errorMessage, }, ]); const wrapper = mount( @@ -64,7 +64,7 @@ describe('Last Event Time Stat', () => { false, { lastSeen: 'something-invalid', - errorMessage: mockLastEventTimeQuery[0].result.data!.source.LastEventTime.errorMessage, + errorMessage: mockLastEventTimeQuery.errorMessage, }, ]); const wrapper = mount( @@ -80,7 +80,7 @@ describe('Last Event Time Stat', () => { false, { lastSeen: null, - errorMessage: mockLastEventTimeQuery[0].result.data!.source.LastEventTime.errorMessage, + errorMessage: mockLastEventTimeQuery.errorMessage, }, ]); const wrapper = mount( diff --git a/x-pack/plugins/security_solution/public/common/components/last_event_time/index.tsx b/x-pack/plugins/security_solution/public/common/components/last_event_time/index.tsx index d508040f84239..fe827b3ab324c 100644 --- a/x-pack/plugins/security_solution/public/common/components/last_event_time/index.tsx +++ b/x-pack/plugins/security_solution/public/common/components/last_event_time/index.tsx @@ -8,8 +8,7 @@ import { EuiIcon, EuiLoadingSpinner, EuiToolTip } from '@elastic/eui'; import { FormattedMessage } from '@kbn/i18n/react'; import React, { memo } from 'react'; -import { DocValueFields } from '../../../../common/search_strategy'; -import { LastEventIndexKey } from '../../../graphql/types'; +import { DocValueFields, LastEventIndexKey } from '../../../../common/search_strategy'; import { useTimelineLastEventTime } from '../../containers/events/last_event_time'; import { getEmptyTagValue } from '../empty_value'; import { FormattedRelativePreferenceDate } from '../formatted_date'; diff --git a/x-pack/plugins/security_solution/public/common/components/matrix_histogram/utils.test.ts b/x-pack/plugins/security_solution/public/common/components/matrix_histogram/utils.test.ts index 7a3f44d3ea729..03fa55a3c9fa6 100644 --- a/x-pack/plugins/security_solution/public/common/components/matrix_histogram/utils.test.ts +++ b/x-pack/plugins/security_solution/public/common/components/matrix_histogram/utils.test.ts @@ -13,7 +13,7 @@ import { } from './utils'; import { UpdateDateRange } from '../charts/common'; import { Position } from '@elastic/charts'; -import { MatrixOverTimeHistogramData } from '../../../graphql/types'; +import { MatrixHistogramData } from '../../../../common/search_strategy'; import { BarchartConfigs } from './types'; describe('utils', () => { @@ -77,7 +77,7 @@ describe('utils', () => { describe('formatToChartDataItem', () => { test('it should format data correctly', () => { - const data: [string, MatrixOverTimeHistogramData[]] = [ + const data: [string, MatrixHistogramData[]] = [ 'g1', [ { x: 1, y: 2, g: 'g1' }, diff --git a/x-pack/plugins/security_solution/public/common/components/matrix_histogram/utils.ts b/x-pack/plugins/security_solution/public/common/components/matrix_histogram/utils.ts index 9474929d35a51..5b5b56cf0ec45 100644 --- a/x-pack/plugins/security_solution/public/common/components/matrix_histogram/utils.ts +++ b/x-pack/plugins/security_solution/public/common/components/matrix_histogram/utils.ts @@ -8,7 +8,7 @@ import { get, groupBy, map, toPairs } from 'lodash/fp'; import { UpdateDateRange, ChartSeriesData } from '../charts/common'; import { MatrixHistogramMappingTypes, BarchartConfigs } from './types'; -import { MatrixOverTimeHistogramData } from '../../../graphql/types'; +import { MatrixHistogramData } from '../../../../common/search_strategy'; import { histogramDateTimeFormatter } from '../utils'; interface GetBarchartConfigsProps { @@ -84,14 +84,14 @@ export const defaultLegendColors = [ export const formatToChartDataItem = ([key, value]: [ string, - MatrixOverTimeHistogramData[] + MatrixHistogramData[] ]): ChartSeriesData => ({ key, value, }); export const getCustomChartData = ( - data: MatrixOverTimeHistogramData[] | null, + data: MatrixHistogramData[] | null, mapping?: MatrixHistogramMappingTypes ): ChartSeriesData[] => { if (!data) return []; diff --git a/x-pack/plugins/security_solution/public/common/containers/events/last_event_time/last_event_time.gql_query.ts b/x-pack/plugins/security_solution/public/common/containers/events/last_event_time/last_event_time.gql_query.ts deleted file mode 100644 index 36305ef0dc882..0000000000000 --- a/x-pack/plugins/security_solution/public/common/containers/events/last_event_time/last_event_time.gql_query.ts +++ /dev/null @@ -1,29 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import gql from 'graphql-tag'; - -export const LastEventTimeGqlQuery = gql` - query GetLastEventTimeQuery( - $sourceId: ID! - $indexKey: LastEventIndexKey! - $details: LastTimeDetails! - $defaultIndex: [String!]! - $docValueFields: [docValueFieldsInput!]! - ) { - source(id: $sourceId) { - id - LastEventTime( - indexKey: $indexKey - details: $details - defaultIndex: $defaultIndex - docValueFields: $docValueFields - ) { - lastSeen - } - } - } -`; diff --git a/x-pack/plugins/security_solution/public/common/containers/events/last_event_time/mock.ts b/x-pack/plugins/security_solution/public/common/containers/events/last_event_time/mock.ts index bdeb1db4e1b28..208c03b453e04 100644 --- a/x-pack/plugins/security_solution/public/common/containers/events/last_event_time/mock.ts +++ b/x-pack/plugins/security_solution/public/common/containers/events/last_event_time/mock.ts @@ -4,28 +4,9 @@ * you may not use this file except in compliance with the Elastic License. */ -import { DEFAULT_INDEX_PATTERN } from '../../../../../common/constants'; -import { GetLastEventTimeQuery, LastEventIndexKey } from '../../../../graphql/types'; - -import { LastEventTimeGqlQuery } from './last_event_time.gql_query'; - interface MockLastEventTimeQuery { - request: { - query: GetLastEventTimeQuery.Query; - variables: GetLastEventTimeQuery.Variables; - }; - result: { - data?: { - source: { - id: string; - LastEventTime: { - lastSeen: string | null; - errorMessage: string | null; - }; - }; - }; - errors?: [{ message: string }]; - }; + lastSeen: string | null; + errorMessage: string | null; } const getTimeTwelveMinutesAgo = () => { @@ -35,28 +16,7 @@ const getTimeTwelveMinutesAgo = () => { return new Date(twelveMinutes).toISOString(); }; -export const mockLastEventTimeQuery: MockLastEventTimeQuery[] = [ - { - request: { - query: LastEventTimeGqlQuery, - variables: { - sourceId: 'default', - indexKey: LastEventIndexKey.hosts, - details: {}, - defaultIndex: DEFAULT_INDEX_PATTERN, - docValueFields: [], - }, - }, - result: { - data: { - source: { - id: 'default', - LastEventTime: { - lastSeen: getTimeTwelveMinutesAgo(), - errorMessage: null, - }, - }, - }, - }, - }, -]; +export const mockLastEventTimeQuery: MockLastEventTimeQuery = { + lastSeen: getTimeTwelveMinutesAgo(), + errorMessage: null, +}; diff --git a/x-pack/plugins/security_solution/public/common/containers/matrix_histogram/index.gql_query.ts b/x-pack/plugins/security_solution/public/common/containers/matrix_histogram/index.gql_query.ts deleted file mode 100644 index 6fb729ca7e9a0..0000000000000 --- a/x-pack/plugins/security_solution/public/common/containers/matrix_histogram/index.gql_query.ts +++ /dev/null @@ -1,41 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import gql from 'graphql-tag'; - -export const MatrixHistogramGqlQuery = gql` - query GetMatrixHistogramQuery( - $defaultIndex: [String!]! - $filterQuery: String - $histogramType: HistogramType! - $inspect: Boolean! - $sourceId: ID! - $stackByField: String! - $timerange: TimerangeInput! - ) { - source(id: $sourceId) { - id - MatrixHistogram( - timerange: $timerange - filterQuery: $filterQuery - defaultIndex: $defaultIndex - stackByField: $stackByField - histogramType: $histogramType - ) { - matrixHistogramData { - x - y - g - } - totalCount - inspect @include(if: $inspect) { - dsl - response - } - } - } - } -`; diff --git a/x-pack/plugins/security_solution/public/common/mock/mock_detail_item.ts b/x-pack/plugins/security_solution/public/common/mock/mock_detail_item.ts index 2395010a0ba2e..c5d881c540eec 100644 --- a/x-pack/plugins/security_solution/public/common/mock/mock_detail_item.ts +++ b/x-pack/plugins/security_solution/public/common/mock/mock_detail_item.ts @@ -4,11 +4,11 @@ * you may not use this file except in compliance with the Elastic License. */ -import { DetailItem } from '../../graphql/types'; +import { TimelineEventsDetailsItem } from '../../../common/search_strategy'; export const mockDetailItemDataId = 'Y-6TfmcB0WOhS6qyMv3s'; -export const mockDetailItemData: DetailItem[] = [ +export const mockDetailItemData: TimelineEventsDetailsItem[] = [ { field: '_id', originalValue: 'pEMaMmkBUV60JmNWmWVi', diff --git a/x-pack/plugins/security_solution/public/common/mock/timeline_results.ts b/x-pack/plugins/security_solution/public/common/mock/timeline_results.ts index 6403a50ad4a1d..9f26fc22ede53 100644 --- a/x-pack/plugins/security_solution/public/common/mock/timeline_results.ts +++ b/x-pack/plugins/security_solution/public/common/mock/timeline_results.ts @@ -8,13 +8,8 @@ import { FilterStateStore } from '../../../../../../src/plugins/data/common/es_q import { TimelineId, TimelineType, TimelineStatus } from '../../../common/types/timeline'; import { OpenTimelineResult } from '../../timelines/components/open_timeline/types'; -import { - GetAllTimeline, - SortFieldTimeline, - TimelineResult, - Direction, - DetailItem, -} from '../../graphql/types'; +import { GetAllTimeline, SortFieldTimeline, TimelineResult, Direction } from '../../graphql/types'; +import { TimelineEventsDetailsItem } from '../../../common/search_strategy'; import { allTimelinesQuery } from '../../timelines/containers/all/index.gql_query'; import { CreateTimelineProps } from '../../detections/components/alerts_table/types'; import { TimelineModel } from '../../timelines/store/timeline/model'; @@ -2264,7 +2259,7 @@ export const defaultTimelineProps: CreateTimelineProps = { ruleNote: '# this is some markdown documentation', }; -export const mockTimelineDetails: DetailItem[] = [ +export const mockTimelineDetails: TimelineEventsDetailsItem[] = [ { field: 'host.name', values: ['apache'], diff --git a/x-pack/plugins/security_solution/public/detections/components/alerts_table/actions.test.tsx b/x-pack/plugins/security_solution/public/detections/components/alerts_table/actions.test.tsx index e3440f4158513..f326d5ad54ef2 100644 --- a/x-pack/plugins/security_solution/public/detections/components/alerts_table/actions.test.tsx +++ b/x-pack/plugins/security_solution/public/detections/components/alerts_table/actions.test.tsx @@ -15,10 +15,12 @@ import { apolloClient, mockTimelineApolloResult, mockTimelineDetailsApollo, + mockTimelineDetails, } from '../../../common/mock/'; import { CreateTimeline, UpdateTimelineLoading } from './types'; import { Ecs } from '../../../../common/ecs'; import { TimelineId, TimelineType, TimelineStatus } from '../../../../common/types/timeline'; +import { ISearchStart } from '../../../../../../../src/plugins/data/public'; jest.mock('apollo-client'); @@ -27,6 +29,7 @@ describe('alert actions', () => { const unix = moment(anchor).valueOf(); let createTimeline: CreateTimeline; let updateTimelineIsLoading: UpdateTimelineLoading; + let searchStrategyClient: ISearchStart; let clock: sinon.SinonFakeTimers; beforeEach(() => { @@ -39,6 +42,11 @@ describe('alert actions', () => { createTimeline = jest.fn() as jest.Mocked; updateTimelineIsLoading = jest.fn() as jest.Mocked; + searchStrategyClient = { + aggs: {} as ISearchStart['aggs'], + search: jest.fn().mockResolvedValue({ data: mockTimelineDetails }), + searchSource: {} as ISearchStart['searchSource'], + }; jest.spyOn(apolloClient, 'query').mockImplementation((obj) => { const id = get('variables.id', obj); @@ -64,6 +72,7 @@ describe('alert actions', () => { ecsData: mockEcsDataWithAlert, nonEcsData: [], updateTimelineIsLoading, + searchStrategyClient, }); expect(updateTimelineIsLoading).toHaveBeenCalledTimes(1); @@ -80,6 +89,7 @@ describe('alert actions', () => { ecsData: mockEcsDataWithAlert, nonEcsData: [], updateTimelineIsLoading, + searchStrategyClient, }); const expected = { from: '2018-11-05T18:58:25.937Z', @@ -268,6 +278,7 @@ describe('alert actions', () => { ecsData: mockEcsDataWithAlert, nonEcsData: [], updateTimelineIsLoading, + searchStrategyClient, }); const createTimelineArg = (createTimeline as jest.Mock).mock.calls[0][0]; @@ -297,6 +308,7 @@ describe('alert actions', () => { ecsData: mockEcsDataWithAlert, nonEcsData: [], updateTimelineIsLoading, + searchStrategyClient, }); const createTimelineArg = (createTimeline as jest.Mock).mock.calls[0][0]; @@ -315,6 +327,7 @@ describe('alert actions', () => { ecsData: mockEcsDataWithAlert, nonEcsData: [], updateTimelineIsLoading, + searchStrategyClient, }); expect(updateTimelineIsLoading).toHaveBeenCalledWith({ @@ -349,6 +362,7 @@ describe('alert actions', () => { ecsData: ecsDataMock, nonEcsData: [], updateTimelineIsLoading, + searchStrategyClient, }); expect(updateTimelineIsLoading).not.toHaveBeenCalled(); @@ -374,6 +388,7 @@ describe('alert actions', () => { ecsData: ecsDataMock, nonEcsData: [], updateTimelineIsLoading, + searchStrategyClient, }); expect(updateTimelineIsLoading).not.toHaveBeenCalled(); diff --git a/x-pack/plugins/security_solution/public/detections/components/alerts_table/actions.tsx b/x-pack/plugins/security_solution/public/detections/components/alerts_table/actions.tsx index 7f98d3b2f71de..0e2aee5abd42e 100644 --- a/x-pack/plugins/security_solution/public/detections/components/alerts_table/actions.tsx +++ b/x-pack/plugins/security_solution/public/detections/components/alerts_table/actions.tsx @@ -15,10 +15,13 @@ import { TimelineId, TimelineStatus, TimelineType } from '../../../../common/typ import { updateAlertStatus } from '../../containers/detection_engine/alerts/api'; import { SendAlertToTimelineActionProps, UpdateAlertStatusActionProps } from './types'; import { Ecs } from '../../../../common/ecs'; -import { GetOneTimeline, TimelineResult, GetTimelineDetailsQuery } from '../../../graphql/types'; +import { GetOneTimeline, TimelineResult } from '../../../graphql/types'; import { TimelineNonEcsData, TimelineEventsDetailsItem, + TimelineEventsDetailsRequestOptions, + TimelineEventsDetailsStrategyResponse, + TimelineEventsQueries, } from '../../../../common/search_strategy/timeline'; import { oneTimelineQuery } from '../../../timelines/containers/one/index.gql_query'; import { timelineDefaults } from '../../../timelines/store/timeline/defaults'; @@ -34,7 +37,6 @@ import { } from './helpers'; import { KueryFilterQueryKind } from '../../../common/store'; import { DataProvider } from '../../../timelines/components/timeline/data_providers/data_provider'; -import { timelineDetailsQuery } from '../../../timelines/containers/details/index.gql_query'; export const getUpdateAlertsQuery = (eventIds: Readonly) => { return { @@ -154,6 +156,7 @@ export const sendAlertToTimelineAction = async ({ ecsData, nonEcsData, updateTimelineIsLoading, + searchStrategyClient, }: SendAlertToTimelineActionProps) => { let openAlertInBasicTimeline = true; const noteContent = ecsData.signal?.rule?.note != null ? ecsData.signal?.rule?.note[0] : ''; @@ -172,24 +175,24 @@ export const sendAlertToTimelineAction = async ({ id: timelineId, }, }), - apolloClient.query({ - query: timelineDetailsQuery, - fetchPolicy: 'no-cache', - variables: { + searchStrategyClient.search< + TimelineEventsDetailsRequestOptions, + TimelineEventsDetailsStrategyResponse + >( + { defaultIndex: [], docValueFields: [], - eventId: ecsData._id, indexName: ecsData._index ?? '', - sourceId: 'default', + eventId: ecsData._id, + factoryQueryType: TimelineEventsQueries.details, }, - }), + { + strategy: 'securitySolutionTimelineSearchStrategy', + } + ), ]); const resultingTimeline: TimelineResult = getOr({}, 'data.getOneTimeline', responseTimeline); - const eventData: TimelineEventsDetailsItem[] = getOr( - [], - 'data.source.TimelineDetails.data', - eventDataResp - ); + const eventData: TimelineEventsDetailsItem[] = getOr([], 'data', eventDataResp); if (!isEmpty(resultingTimeline)) { const timelineTemplate: TimelineResult = omitTypenameInTimeline(resultingTimeline); openAlertInBasicTimeline = false; diff --git a/x-pack/plugins/security_solution/public/detections/components/alerts_table/helpers.ts b/x-pack/plugins/security_solution/public/detections/components/alerts_table/helpers.ts index 20c233a03a8cf..b386ce0c9631b 100644 --- a/x-pack/plugins/security_solution/public/detections/components/alerts_table/helpers.ts +++ b/x-pack/plugins/security_solution/public/detections/components/alerts_table/helpers.ts @@ -11,7 +11,8 @@ import { DataProviderType, DataProvidersAnd, } from '../../../timelines/components/timeline/data_providers/data_provider'; -import { DetailItem, TimelineType } from '../../../graphql/types'; +import { TimelineEventsDetailsItem } from '../../../../common/search_strategy'; +import { TimelineType } from '../../../graphql/types'; interface FindValueToChangeInQuery { field: string; @@ -49,7 +50,7 @@ const templateFields = [ */ export const getStringArray = ( field: string, - data: DetailItem[], + data: TimelineEventsDetailsItem[], localConsole = console ): string[] => { const value: unknown | undefined = data.find((d) => d.field === field)?.values ?? null; @@ -108,7 +109,7 @@ export const findValueToChangeInQuery = ( export const replaceTemplateFieldFromQuery = ( query: string, - eventData: DetailItem[], + eventData: TimelineEventsDetailsItem[], timelineType: TimelineType = TimelineType.default ): string => { if (timelineType === TimelineType.default) { @@ -132,7 +133,7 @@ export const replaceTemplateFieldFromQuery = ( export const replaceTemplateFieldFromMatchFilters = ( filters: Filter[], - eventData: DetailItem[] + eventData: TimelineEventsDetailsItem[] ): Filter[] => filters.map((filter) => { if ( @@ -151,7 +152,7 @@ export const replaceTemplateFieldFromMatchFilters = ( export const reformatDataProviderWithNewValue = ( dataProvider: T, - eventData: DetailItem[], + eventData: TimelineEventsDetailsItem[], timelineType: TimelineType = TimelineType.default ): T => { // Support for legacy "template-like" timeline behavior that is using hardcoded list of templateFields @@ -201,7 +202,7 @@ export const reformatDataProviderWithNewValue = dataProviders.map((dataProvider) => { diff --git a/x-pack/plugins/security_solution/public/detections/components/alerts_table/timeline_actions/investigate_in_timeline_action.tsx b/x-pack/plugins/security_solution/public/detections/components/alerts_table/timeline_actions/investigate_in_timeline_action.tsx index f4649b016f67c..8960b7a76660b 100644 --- a/x-pack/plugins/security_solution/public/detections/components/alerts_table/timeline_actions/investigate_in_timeline_action.tsx +++ b/x-pack/plugins/security_solution/public/detections/components/alerts_table/timeline_actions/investigate_in_timeline_action.tsx @@ -7,6 +7,7 @@ import React, { useCallback } from 'react'; import { useDispatch } from 'react-redux'; +import { useKibana } from '../../../../common/lib/kibana'; import { TimelineId } from '../../../../../common/types/timeline'; import { Ecs } from '../../../../../common/ecs'; import { TimelineNonEcsData } from '../../../../../common/search_strategy/timeline'; @@ -30,6 +31,9 @@ const InvestigateInTimelineActionComponent: React.FC { + const { + data: { search: searchStrategyClient }, + } = useKibana().services; const dispatch = useDispatch(); const apolloClient = useApolloClient(); @@ -66,9 +70,17 @@ const InvestigateInTimelineActionComponent: React.FC void; diff --git a/x-pack/plugins/security_solution/public/graphql/introspection.json b/x-pack/plugins/security_solution/public/graphql/introspection.json index ece0712414349..8d780137b847c 100644 --- a/x-pack/plugins/security_solution/public/graphql/introspection.json +++ b/x-pack/plugins/security_solution/public/graphql/introspection.json @@ -683,9 +683,15 @@ "deprecationReason": null }, { - "name": "Authentications", - "description": "Gets Authentication success and failures based on a timerange", + "name": "Hosts", + "description": "Gets Hosts based on timerange and specified criteria, or all events in the timerange if no criteria is specified", "args": [ + { + "name": "id", + "description": "", + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "defaultValue": null + }, { "name": "timerange", "description": "", @@ -710,6 +716,16 @@ }, "defaultValue": null }, + { + "name": "sort", + "description": "", + "type": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "INPUT_OBJECT", "name": "HostsSortField", "ofType": null } + }, + "defaultValue": null + }, { "name": "filterQuery", "description": "", @@ -760,65 +776,41 @@ "type": { "kind": "NON_NULL", "name": null, - "ofType": { "kind": "OBJECT", "name": "AuthenticationsData", "ofType": null } + "ofType": { "kind": "OBJECT", "name": "HostsData", "ofType": null } }, "isDeprecated": false, "deprecationReason": null }, { - "name": "Timeline", + "name": "HostOverview", "description": "", "args": [ { - "name": "pagination", + "name": "id", "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "INPUT_OBJECT", "name": "PaginationInput", "ofType": null } - }, + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, "defaultValue": null }, { - "name": "sortField", + "name": "hostName", "description": "", "type": { "kind": "NON_NULL", "name": null, - "ofType": { "kind": "INPUT_OBJECT", "name": "SortField", "ofType": null } + "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } }, "defaultValue": null }, { - "name": "fieldRequested", + "name": "timerange", "description": "", "type": { "kind": "NON_NULL", "name": null, - "ofType": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } - } - } + "ofType": { "kind": "INPUT_OBJECT", "name": "TimerangeInput", "ofType": null } }, "defaultValue": null }, - { - "name": "timerange", - "description": "", - "type": { "kind": "INPUT_OBJECT", "name": "TimerangeInput", "ofType": null }, - "defaultValue": null - }, - { - "name": "filterQuery", - "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null - }, { "name": "defaultIndex", "description": "", @@ -836,54 +828,28 @@ } }, "defaultValue": null - }, - { - "name": "docValueFields", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { - "kind": "INPUT_OBJECT", - "name": "docValueFieldsInput", - "ofType": null - } - } - } - }, - "defaultValue": null } ], "type": { "kind": "NON_NULL", "name": null, - "ofType": { "kind": "OBJECT", "name": "TimelineData", "ofType": null } + "ofType": { "kind": "OBJECT", "name": "HostItem", "ofType": null } }, "isDeprecated": false, "deprecationReason": null }, { - "name": "TimelineDetails", + "name": "HostFirstLastSeen", "description": "", "args": [ { - "name": "eventId", + "name": "id", "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } - }, + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, "defaultValue": null }, { - "name": "indexName", + "name": "hostName", "description": "", "type": { "kind": "NON_NULL", @@ -936,41 +902,140 @@ "type": { "kind": "NON_NULL", "name": null, - "ofType": { "kind": "OBJECT", "name": "TimelineDetailsData", "ofType": null } + "ofType": { "kind": "OBJECT", "name": "FirstLastSeenHost", "ofType": null } + }, + "isDeprecated": false, + "deprecationReason": null + } + ], + "inputFields": null, + "interfaces": [], + "enumValues": null, + "possibleTypes": null + }, + { + "kind": "OBJECT", + "name": "SourceConfiguration", + "description": "A set of configuration options for a security data source", + "fields": [ + { + "name": "fields", + "description": "The field mapping to use for this source", + "args": [], + "type": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "OBJECT", "name": "SourceFields", "ofType": null } + }, + "isDeprecated": false, + "deprecationReason": null + } + ], + "inputFields": null, + "interfaces": [], + "enumValues": null, + "possibleTypes": null + }, + { + "kind": "OBJECT", + "name": "SourceFields", + "description": "A mapping of semantic fields to their document counterparts", + "fields": [ + { + "name": "container", + "description": "The field to identify a container by", + "args": [], + "type": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } }, "isDeprecated": false, "deprecationReason": null }, { - "name": "LastEventTime", - "description": "", - "args": [ - { - "name": "id", - "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null - }, - { - "name": "indexKey", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "ENUM", "name": "LastEventIndexKey", "ofType": null } - }, - "defaultValue": null - }, - { - "name": "details", - "description": "", - "type": { + "name": "host", + "description": "The fields to identify a host by", + "args": [], + "type": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } + }, + "isDeprecated": false, + "deprecationReason": null + }, + { + "name": "message", + "description": "The fields that may contain the log event message. The first field found win.", + "args": [], + "type": { + "kind": "NON_NULL", + "name": null, + "ofType": { + "kind": "LIST", + "name": null, + "ofType": { "kind": "NON_NULL", "name": null, - "ofType": { "kind": "INPUT_OBJECT", "name": "LastTimeDetails", "ofType": null } - }, - "defaultValue": null - }, + "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } + } + } + }, + "isDeprecated": false, + "deprecationReason": null + }, + { + "name": "pod", + "description": "The field to identify a pod by", + "args": [], + "type": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } + }, + "isDeprecated": false, + "deprecationReason": null + }, + { + "name": "tiebreaker", + "description": "The field to use as a tiebreaker for log events that have identical timestamps", + "args": [], + "type": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } + }, + "isDeprecated": false, + "deprecationReason": null + }, + { + "name": "timestamp", + "description": "The field to use as a timestamp for metrics and logs", + "args": [], + "type": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } + }, + "isDeprecated": false, + "deprecationReason": null + } + ], + "inputFields": null, + "interfaces": [], + "enumValues": null, + "possibleTypes": null + }, + { + "kind": "OBJECT", + "name": "SourceStatus", + "description": "The status of an infrastructure data source", + "fields": [ + { + "name": "indicesExist", + "description": "Whether the configured alias or wildcard pattern resolve to any auditbeat indices", + "args": [ { "name": "defaultIndex", "description": "", @@ -988,9 +1053,22 @@ } }, "defaultValue": null - }, + } + ], + "type": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "SCALAR", "name": "Boolean", "ofType": null } + }, + "isDeprecated": false, + "deprecationReason": null + }, + { + "name": "indexFields", + "description": "The list of fields defined in the index mappings", + "args": [ { - "name": "docValueFields", + "name": "defaultIndex", "description": "", "type": { "kind": "NON_NULL", @@ -1001,11 +1079,7 @@ "ofType": { "kind": "NON_NULL", "name": null, - "ofType": { - "kind": "INPUT_OBJECT", - "name": "docValueFieldsInput", - "ofType": null - } + "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } } } }, @@ -1015,2451 +1089,16 @@ "type": { "kind": "NON_NULL", "name": null, - "ofType": { "kind": "OBJECT", "name": "LastEventTimeData", "ofType": null } - }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "Hosts", - "description": "Gets Hosts based on timerange and specified criteria, or all events in the timerange if no criteria is specified", - "args": [ - { - "name": "id", - "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null - }, - { - "name": "timerange", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "INPUT_OBJECT", "name": "TimerangeInput", "ofType": null } - }, - "defaultValue": null - }, - { - "name": "pagination", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { - "kind": "INPUT_OBJECT", - "name": "PaginationInputPaginated", - "ofType": null - } - }, - "defaultValue": null - }, - { - "name": "sort", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "INPUT_OBJECT", "name": "HostsSortField", "ofType": null } - }, - "defaultValue": null - }, - { - "name": "filterQuery", - "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null - }, - { - "name": "defaultIndex", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } - } - } - }, - "defaultValue": null - }, - { - "name": "docValueFields", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { - "kind": "INPUT_OBJECT", - "name": "docValueFieldsInput", - "ofType": null - } - } - } - }, - "defaultValue": null - } - ], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "HostsData", "ofType": null } - }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "HostOverview", - "description": "", - "args": [ - { - "name": "id", - "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null - }, - { - "name": "hostName", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } - }, - "defaultValue": null - }, - { - "name": "timerange", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "INPUT_OBJECT", "name": "TimerangeInput", "ofType": null } - }, - "defaultValue": null - }, - { - "name": "defaultIndex", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } - } - } - }, - "defaultValue": null - } - ], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "HostItem", "ofType": null } - }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "HostFirstLastSeen", - "description": "", - "args": [ - { - "name": "id", - "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null - }, - { - "name": "hostName", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } - }, - "defaultValue": null - }, - { - "name": "defaultIndex", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } - } - } - }, - "defaultValue": null - }, - { - "name": "docValueFields", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { - "kind": "INPUT_OBJECT", - "name": "docValueFieldsInput", - "ofType": null - } - } - } - }, - "defaultValue": null - } - ], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "FirstLastSeenHost", "ofType": null } - }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "KpiNetwork", - "description": "", - "args": [ - { - "name": "id", - "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null - }, - { - "name": "timerange", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "INPUT_OBJECT", "name": "TimerangeInput", "ofType": null } - }, - "defaultValue": null - }, - { - "name": "filterQuery", - "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null - }, - { - "name": "defaultIndex", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } - } - } - }, - "defaultValue": null - } - ], - "type": { "kind": "OBJECT", "name": "KpiNetworkData", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "KpiHosts", - "description": "", - "args": [ - { - "name": "id", - "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null - }, - { - "name": "timerange", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "INPUT_OBJECT", "name": "TimerangeInput", "ofType": null } - }, - "defaultValue": null - }, - { - "name": "filterQuery", - "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null - }, - { - "name": "defaultIndex", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } - } - } - }, - "defaultValue": null - } - ], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "KpiHostsData", "ofType": null } - }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "KpiHostDetails", - "description": "", - "args": [ - { - "name": "id", - "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null - }, - { - "name": "timerange", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "INPUT_OBJECT", "name": "TimerangeInput", "ofType": null } - }, - "defaultValue": null - }, - { - "name": "filterQuery", - "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null - }, - { - "name": "defaultIndex", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } - } - } - }, - "defaultValue": null - } - ], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "KpiHostDetailsData", "ofType": null } - }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "MatrixHistogram", - "description": "", - "args": [ - { - "name": "filterQuery", - "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null - }, - { - "name": "defaultIndex", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } - } - } - }, - "defaultValue": null - }, - { - "name": "timerange", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "INPUT_OBJECT", "name": "TimerangeInput", "ofType": null } - }, - "defaultValue": null - }, - { - "name": "stackByField", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } - }, - "defaultValue": null - }, - { - "name": "histogramType", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "ENUM", "name": "HistogramType", "ofType": null } - }, - "defaultValue": null - } - ], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "MatrixHistogramOverTimeData", "ofType": null } - }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "NetworkTopCountries", - "description": "", - "args": [ - { - "name": "id", - "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null - }, - { - "name": "filterQuery", - "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null - }, - { - "name": "ip", - "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null - }, - { - "name": "flowTarget", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "ENUM", "name": "FlowTargetSourceDest", "ofType": null } - }, - "defaultValue": null - }, - { - "name": "pagination", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { - "kind": "INPUT_OBJECT", - "name": "PaginationInputPaginated", - "ofType": null - } - }, - "defaultValue": null - }, - { - "name": "sort", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { - "kind": "INPUT_OBJECT", - "name": "NetworkTopTablesSortField", - "ofType": null - } - }, - "defaultValue": null - }, - { - "name": "timerange", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "INPUT_OBJECT", "name": "TimerangeInput", "ofType": null } - }, - "defaultValue": null - }, - { - "name": "defaultIndex", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } - } - } - }, - "defaultValue": null - } - ], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "NetworkTopCountriesData", "ofType": null } - }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "NetworkTopNFlow", - "description": "", - "args": [ - { - "name": "id", - "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null - }, - { - "name": "filterQuery", - "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null - }, - { - "name": "ip", - "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null - }, - { - "name": "flowTarget", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "ENUM", "name": "FlowTargetSourceDest", "ofType": null } - }, - "defaultValue": null - }, - { - "name": "pagination", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { - "kind": "INPUT_OBJECT", - "name": "PaginationInputPaginated", - "ofType": null - } - }, - "defaultValue": null - }, - { - "name": "sort", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { - "kind": "INPUT_OBJECT", - "name": "NetworkTopTablesSortField", - "ofType": null - } - }, - "defaultValue": null - }, - { - "name": "timerange", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "INPUT_OBJECT", "name": "TimerangeInput", "ofType": null } - }, - "defaultValue": null - }, - { - "name": "defaultIndex", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } - } - } - }, - "defaultValue": null - } - ], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "NetworkTopNFlowData", "ofType": null } - }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "NetworkDns", - "description": "", - "args": [ - { - "name": "filterQuery", - "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null - }, - { - "name": "id", - "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null - }, - { - "name": "isPtrIncluded", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "Boolean", "ofType": null } - }, - "defaultValue": null - }, - { - "name": "pagination", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { - "kind": "INPUT_OBJECT", - "name": "PaginationInputPaginated", - "ofType": null - } - }, - "defaultValue": null - }, - { - "name": "sort", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { - "kind": "INPUT_OBJECT", - "name": "NetworkDnsSortField", - "ofType": null - } - }, - "defaultValue": null - }, - { - "name": "stackByField", - "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null - }, - { - "name": "timerange", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "INPUT_OBJECT", "name": "TimerangeInput", "ofType": null } - }, - "defaultValue": null - }, - { - "name": "defaultIndex", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } - } - } - }, - "defaultValue": null - } - ], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "NetworkDnsData", "ofType": null } - }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "NetworkDnsHistogram", - "description": "", - "args": [ - { - "name": "filterQuery", - "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null - }, - { - "name": "defaultIndex", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } - } - } - }, - "defaultValue": null - }, - { - "name": "timerange", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "INPUT_OBJECT", "name": "TimerangeInput", "ofType": null } - }, - "defaultValue": null - }, - { - "name": "stackByField", - "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null - }, - { - "name": "docValueFields", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { - "kind": "INPUT_OBJECT", - "name": "docValueFieldsInput", - "ofType": null - } - } - } - }, - "defaultValue": null - } - ], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "NetworkDsOverTimeData", "ofType": null } - }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "NetworkHttp", - "description": "", - "args": [ - { - "name": "id", - "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null - }, - { - "name": "filterQuery", - "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null - }, - { - "name": "ip", - "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null - }, - { - "name": "pagination", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { - "kind": "INPUT_OBJECT", - "name": "PaginationInputPaginated", - "ofType": null - } - }, - "defaultValue": null - }, - { - "name": "sort", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { - "kind": "INPUT_OBJECT", - "name": "NetworkHttpSortField", - "ofType": null - } - }, - "defaultValue": null - }, - { - "name": "timerange", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "INPUT_OBJECT", "name": "TimerangeInput", "ofType": null } - }, - "defaultValue": null - }, - { - "name": "defaultIndex", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } - } - } - }, - "defaultValue": null - } - ], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "NetworkHttpData", "ofType": null } - }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "whoAmI", - "description": "Just a simple example to get the app name", - "args": [], - "type": { "kind": "OBJECT", "name": "SayMyName", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "SourceConfiguration", - "description": "A set of configuration options for a security data source", - "fields": [ - { - "name": "fields", - "description": "The field mapping to use for this source", - "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "SourceFields", "ofType": null } - }, - "isDeprecated": false, - "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "SourceFields", - "description": "A mapping of semantic fields to their document counterparts", - "fields": [ - { - "name": "container", - "description": "The field to identify a container by", - "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } - }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "host", - "description": "The fields to identify a host by", - "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } - }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "message", - "description": "The fields that may contain the log event message. The first field found win.", - "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } - } - } - }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "pod", - "description": "The field to identify a pod by", - "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } - }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "tiebreaker", - "description": "The field to use as a tiebreaker for log events that have identical timestamps", - "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } - }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "timestamp", - "description": "The field to use as a timestamp for metrics and logs", - "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } - }, - "isDeprecated": false, - "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "SourceStatus", - "description": "The status of an infrastructure data source", - "fields": [ - { - "name": "indicesExist", - "description": "Whether the configured alias or wildcard pattern resolve to any auditbeat indices", - "args": [ - { - "name": "defaultIndex", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } - } - } - }, - "defaultValue": null - } - ], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "Boolean", "ofType": null } - }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "indexFields", - "description": "The list of fields defined in the index mappings", - "args": [ - { - "name": "defaultIndex", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } - } - } - }, - "defaultValue": null - } - ], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } - } - } - }, - "isDeprecated": false, - "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "SCALAR", - "name": "Boolean", - "description": "The `Boolean` scalar type represents `true` or `false`.", - "fields": null, - "inputFields": null, - "interfaces": null, - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "INPUT_OBJECT", - "name": "TimerangeInput", - "description": "", - "fields": null, - "inputFields": [ - { - "name": "interval", - "description": "The interval string to use for last bucket. The format is '{value}{unit}'. For example '5m' would return the metrics for the last 5 minutes of the timespan.", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } - }, - "defaultValue": null - }, - { - "name": "to", - "description": "The end of the timerange", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } - }, - "defaultValue": null - }, - { - "name": "from", - "description": "The beginning of the timerange", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } - }, - "defaultValue": null - } - ], - "interfaces": null, - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "INPUT_OBJECT", - "name": "PaginationInputPaginated", - "description": "", - "fields": null, - "inputFields": [ - { - "name": "activePage", - "description": "The activePage parameter defines the page of results you want to fetch", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "Float", "ofType": null } - }, - "defaultValue": null - }, - { - "name": "cursorStart", - "description": "The cursorStart parameter defines the start of the results to be displayed", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "Float", "ofType": null } - }, - "defaultValue": null - }, - { - "name": "fakePossibleCount", - "description": "The fakePossibleCount parameter determines the total count in order to show 5 additional pages", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "Float", "ofType": null } - }, - "defaultValue": null - }, - { - "name": "querySize", - "description": "The querySize parameter is the number of items to be returned", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "Float", "ofType": null } - }, - "defaultValue": null - } - ], - "interfaces": null, - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "INPUT_OBJECT", - "name": "docValueFieldsInput", - "description": "", - "fields": null, - "inputFields": [ - { - "name": "field", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } - }, - "defaultValue": null - }, - { - "name": "format", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } - }, - "defaultValue": null - } - ], - "interfaces": null, - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "AuthenticationsData", - "description": "", - "fields": [ - { - "name": "edges", - "description": "", - "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "AuthenticationsEdges", "ofType": null } - } - } - }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "totalCount", - "description": "", - "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "Float", "ofType": null } - }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "pageInfo", - "description": "", - "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "PageInfoPaginated", "ofType": null } - }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "inspect", - "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "Inspect", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "AuthenticationsEdges", - "description": "", - "fields": [ - { - "name": "node", - "description": "", - "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "AuthenticationItem", "ofType": null } - }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "cursor", - "description": "", - "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "CursorType", "ofType": null } - }, - "isDeprecated": false, - "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "AuthenticationItem", - "description": "", - "fields": [ - { - "name": "_id", - "description": "", - "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } - }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "failures", - "description": "", - "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "Float", "ofType": null } - }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "successes", - "description": "", - "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "Float", "ofType": null } - }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "user", - "description": "", - "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "UserEcsFields", "ofType": null } - }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "lastSuccess", - "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "LastSourceHost", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "lastFailure", - "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "LastSourceHost", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "UserEcsFields", - "description": "", - "fields": [ - { - "name": "domain", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "id", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "name", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "full_name", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "email", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "hash", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "group", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "SCALAR", - "name": "ToStringArray", - "description": "", - "fields": null, - "inputFields": null, - "interfaces": null, - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "LastSourceHost", - "description": "", - "fields": [ - { - "name": "timestamp", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "Date", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "source", - "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "SourceEcsFields", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "host", - "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "HostEcsFields", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "SCALAR", - "name": "Date", - "description": "", - "fields": null, - "inputFields": null, - "interfaces": null, - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "SourceEcsFields", - "description": "", - "fields": [ - { - "name": "bytes", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "ip", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "port", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "domain", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "geo", - "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "GeoEcsFields", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "packets", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "SCALAR", - "name": "ToNumberArray", - "description": "", - "fields": null, - "inputFields": null, - "interfaces": null, - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "GeoEcsFields", - "description": "", - "fields": [ - { - "name": "city_name", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "continent_name", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "country_iso_code", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "country_name", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "location", - "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "Location", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "region_iso_code", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "region_name", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "Location", - "description": "", - "fields": [ - { - "name": "lon", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "lat", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "HostEcsFields", - "description": "", - "fields": [ - { - "name": "architecture", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "id", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "ip", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "mac", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "name", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "os", - "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "OsEcsFields", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "type", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "OsEcsFields", - "description": "", - "fields": [ - { - "name": "platform", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "name", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "full", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "family", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "version", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "kernel", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "CursorType", - "description": "", - "fields": [ - { - "name": "value", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "tiebreaker", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "PageInfoPaginated", - "description": "", - "fields": [ - { - "name": "activePage", - "description": "", - "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "Float", "ofType": null } - }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "fakeTotalCount", - "description": "", - "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "Float", "ofType": null } - }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "showMorePagesIndicator", - "description": "", - "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "Boolean", "ofType": null } - }, - "isDeprecated": false, - "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "Inspect", - "description": "", - "fields": [ - { - "name": "dsl", - "description": "", - "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } - } - } - }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "response", - "description": "", - "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } - } - } - }, - "isDeprecated": false, - "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "INPUT_OBJECT", - "name": "PaginationInput", - "description": "", - "fields": null, - "inputFields": [ - { - "name": "limit", - "description": "The limit parameter allows you to configure the maximum amount of items to be returned", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "Float", "ofType": null } - }, - "defaultValue": null - }, - { - "name": "cursor", - "description": "The cursor parameter defines the next result you want to fetch", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null - }, - { - "name": "tiebreaker", - "description": "The tiebreaker parameter allow to be more precise to fetch the next item", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null - } - ], - "interfaces": null, - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "INPUT_OBJECT", - "name": "SortField", - "description": "", - "fields": null, - "inputFields": [ - { - "name": "sortFieldId", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } - }, - "defaultValue": null - }, - { - "name": "direction", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "ENUM", "name": "Direction", "ofType": null } - }, - "defaultValue": null - } - ], - "interfaces": null, - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "TimelineData", - "description": "", - "fields": [ - { - "name": "edges", - "description": "", - "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "TimelineEdges", "ofType": null } - } - } - }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "totalCount", - "description": "", - "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "Float", "ofType": null } - }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "pageInfo", - "description": "", - "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "PageInfo", "ofType": null } - }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "inspect", - "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "Inspect", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "TimelineEdges", - "description": "", - "fields": [ - { - "name": "node", - "description": "", - "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "TimelineItem", "ofType": null } - }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "cursor", - "description": "", - "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "CursorType", "ofType": null } - }, - "isDeprecated": false, - "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "TimelineItem", - "description": "", - "fields": [ - { - "name": "_id", - "description": "", - "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } - }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "_index", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "data", - "description": "", - "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "TimelineNonEcsData", "ofType": null } - } - } - }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "ecs", - "description": "", - "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "ECS", "ofType": null } - }, - "isDeprecated": false, - "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "TimelineNonEcsData", - "description": "", - "fields": [ - { - "name": "field", - "description": "", - "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } - }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "value", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "ECS", - "description": "", - "fields": [ - { - "name": "_id", - "description": "", - "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } - }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "_index", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "agent", - "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "AgentEcsField", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "auditd", - "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "AuditdEcsFields", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "destination", - "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "DestinationEcsFields", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "dns", - "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "DnsEcsFields", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "endgame", - "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "EndgameEcsFields", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "event", - "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "EventEcsFields", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "geo", - "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "GeoEcsFields", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "host", - "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "HostEcsFields", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "network", - "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "NetworkEcsField", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "rule", - "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "RuleEcsField", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "signal", - "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "SignalField", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "source", - "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "SourceEcsFields", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "suricata", - "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "SuricataEcsFields", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "tls", - "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "TlsEcsFields", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "zeek", - "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "ZeekEcsFields", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "http", - "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "HttpEcsFields", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "url", - "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "UrlEcsFields", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "timestamp", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "Date", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "message", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "user", - "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "UserEcsFields", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "winlog", - "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "WinlogEcsFields", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "process", - "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "ProcessEcsFields", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "file", - "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "FileFields", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "system", - "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "SystemEcsField", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "AgentEcsField", - "description": "", - "fields": [ - { - "name": "type", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "ofType": { + "kind": "LIST", + "name": null, + "ofType": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } + } + } + }, "isDeprecated": false, "deprecationReason": null } @@ -3470,262 +1109,246 @@ "possibleTypes": null }, { - "kind": "OBJECT", - "name": "AuditdEcsFields", - "description": "", - "fields": [ - { - "name": "result", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "session", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "data", - "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "AuditdData", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "summary", - "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "Summary", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "sequence", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - } - ], + "kind": "SCALAR", + "name": "Boolean", + "description": "The `Boolean` scalar type represents `true` or `false`.", + "fields": null, "inputFields": null, - "interfaces": [], + "interfaces": null, "enumValues": null, "possibleTypes": null }, { - "kind": "OBJECT", - "name": "AuditdData", + "kind": "INPUT_OBJECT", + "name": "TimerangeInput", "description": "", - "fields": [ - { - "name": "acct", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null + "fields": null, + "inputFields": [ + { + "name": "interval", + "description": "The interval string to use for last bucket. The format is '{value}{unit}'. For example '5m' would return the metrics for the last 5 minutes of the timespan.", + "type": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } + }, + "defaultValue": null }, { - "name": "terminal", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null + "name": "to", + "description": "The end of the timerange", + "type": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } + }, + "defaultValue": null }, { - "name": "op", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null + "name": "from", + "description": "The beginning of the timerange", + "type": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } + }, + "defaultValue": null } ], - "inputFields": null, - "interfaces": [], + "interfaces": null, "enumValues": null, "possibleTypes": null }, { - "kind": "OBJECT", - "name": "Summary", + "kind": "INPUT_OBJECT", + "name": "PaginationInputPaginated", "description": "", - "fields": [ - { - "name": "actor", - "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "PrimarySecondary", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, + "fields": null, + "inputFields": [ { - "name": "object", - "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "PrimarySecondary", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null + "name": "activePage", + "description": "The activePage parameter defines the page of results you want to fetch", + "type": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "SCALAR", "name": "Float", "ofType": null } + }, + "defaultValue": null }, { - "name": "how", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null + "name": "cursorStart", + "description": "The cursorStart parameter defines the start of the results to be displayed", + "type": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "SCALAR", "name": "Float", "ofType": null } + }, + "defaultValue": null }, { - "name": "message_type", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null + "name": "fakePossibleCount", + "description": "The fakePossibleCount parameter determines the total count in order to show 5 additional pages", + "type": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "SCALAR", "name": "Float", "ofType": null } + }, + "defaultValue": null }, { - "name": "sequence", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null + "name": "querySize", + "description": "The querySize parameter is the number of items to be returned", + "type": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "SCALAR", "name": "Float", "ofType": null } + }, + "defaultValue": null } ], - "inputFields": null, - "interfaces": [], + "interfaces": null, "enumValues": null, "possibleTypes": null }, { - "kind": "OBJECT", - "name": "PrimarySecondary", + "kind": "INPUT_OBJECT", + "name": "HostsSortField", "description": "", - "fields": [ - { - "name": "primary", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, + "fields": null, + "inputFields": [ { - "name": "secondary", + "name": "field", "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null + "type": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "ENUM", "name": "HostsFields", "ofType": null } + }, + "defaultValue": null }, { - "name": "type", + "name": "direction", "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null + "type": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "ENUM", "name": "Direction", "ofType": null } + }, + "defaultValue": null } ], - "inputFields": null, - "interfaces": [], + "interfaces": null, "enumValues": null, "possibleTypes": null }, { - "kind": "OBJECT", - "name": "DestinationEcsFields", + "kind": "ENUM", + "name": "HostsFields", "description": "", - "fields": [ - { - "name": "bytes", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "ip", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, + "fields": null, + "inputFields": null, + "interfaces": null, + "enumValues": [ { - "name": "port", + "name": "hostName", "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "domain", + "name": "lastSeen", "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null - }, + } + ], + "possibleTypes": null + }, + { + "kind": "INPUT_OBJECT", + "name": "docValueFieldsInput", + "description": "", + "fields": null, + "inputFields": [ { - "name": "geo", + "name": "field", "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "GeoEcsFields", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null + "type": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } + }, + "defaultValue": null }, { - "name": "packets", + "name": "format", "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null + "type": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } + }, + "defaultValue": null } ], - "inputFields": null, - "interfaces": [], + "interfaces": null, "enumValues": null, "possibleTypes": null }, { "kind": "OBJECT", - "name": "DnsEcsFields", + "name": "HostsData", "description": "", "fields": [ { - "name": "question", + "name": "edges", "description": "", "args": [], - "type": { "kind": "OBJECT", "name": "DnsQuestionData", "ofType": null }, + "type": { + "kind": "NON_NULL", + "name": null, + "ofType": { + "kind": "LIST", + "name": null, + "ofType": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "OBJECT", "name": "HostsEdges", "ofType": null } + } + } + }, + "isDeprecated": false, + "deprecationReason": null + }, + { + "name": "totalCount", + "description": "", + "args": [], + "type": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "SCALAR", "name": "Float", "ofType": null } + }, "isDeprecated": false, "deprecationReason": null }, { - "name": "resolved_ip", + "name": "pageInfo", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "type": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "OBJECT", "name": "PageInfoPaginated", "ofType": null } + }, "isDeprecated": false, "deprecationReason": null }, { - "name": "response_code", + "name": "inspect", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "type": { "kind": "OBJECT", "name": "Inspect", "ofType": null }, "isDeprecated": false, "deprecationReason": null } @@ -3737,22 +1360,30 @@ }, { "kind": "OBJECT", - "name": "DnsQuestionData", + "name": "HostsEdges", "description": "", "fields": [ { - "name": "name", + "name": "node", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "type": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "OBJECT", "name": "HostItem", "ofType": null } + }, "isDeprecated": false, "deprecationReason": null }, { - "name": "type", + "name": "cursor", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "type": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "OBJECT", "name": "CursorType", "ofType": null } + }, "isDeprecated": false, "deprecationReason": null } @@ -3764,110 +1395,105 @@ }, { "kind": "OBJECT", - "name": "EndgameEcsFields", + "name": "HostItem", "description": "", "fields": [ { - "name": "exit_code", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "file_name", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "file_path", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "logon_type", + "name": "_id", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "parent_process_name", + "name": "cloud", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "type": { "kind": "OBJECT", "name": "CloudFields", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "pid", + "name": "endpoint", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, + "type": { "kind": "OBJECT", "name": "EndpointFields", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "process_name", + "name": "host", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "type": { "kind": "OBJECT", "name": "HostEcsFields", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "subject_domain_name", + "name": "inspect", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "type": { "kind": "OBJECT", "name": "Inspect", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "subject_logon_id", + "name": "lastSeen", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "type": { "kind": "SCALAR", "name": "Date", "ofType": null }, "isDeprecated": false, "deprecationReason": null - }, + } + ], + "inputFields": null, + "interfaces": [], + "enumValues": null, + "possibleTypes": null + }, + { + "kind": "OBJECT", + "name": "CloudFields", + "description": "", + "fields": [ { - "name": "subject_user_name", + "name": "instance", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "type": { "kind": "OBJECT", "name": "CloudInstance", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "target_domain_name", + "name": "machine", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "type": { "kind": "OBJECT", "name": "CloudMachine", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "target_logon_id", + "name": "provider", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "type": { + "kind": "LIST", + "name": null, + "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } + }, "isDeprecated": false, "deprecationReason": null }, { - "name": "target_user_name", + "name": "region", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "type": { + "kind": "LIST", + "name": null, + "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } + }, "isDeprecated": false, "deprecationReason": null } @@ -3879,67 +1505,116 @@ }, { "kind": "OBJECT", - "name": "EventEcsFields", + "name": "CloudInstance", "description": "", "fields": [ { - "name": "action", + "name": "id", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "type": { + "kind": "LIST", + "name": null, + "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } + }, "isDeprecated": false, "deprecationReason": null - }, + } + ], + "inputFields": null, + "interfaces": [], + "enumValues": null, + "possibleTypes": null + }, + { + "kind": "OBJECT", + "name": "CloudMachine", + "description": "", + "fields": [ { - "name": "category", + "name": "type", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "type": { + "kind": "LIST", + "name": null, + "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } + }, "isDeprecated": false, "deprecationReason": null - }, + } + ], + "inputFields": null, + "interfaces": [], + "enumValues": null, + "possibleTypes": null + }, + { + "kind": "OBJECT", + "name": "EndpointFields", + "description": "", + "fields": [ { - "name": "code", + "name": "endpointPolicy", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "created", + "name": "sensorVersion", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToDateArray", "ofType": null }, + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "dataset", + "name": "policyStatus", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "type": { "kind": "ENUM", "name": "HostPolicyResponseActionStatus", "ofType": null }, "isDeprecated": false, "deprecationReason": null - }, + } + ], + "inputFields": null, + "interfaces": [], + "enumValues": null, + "possibleTypes": null + }, + { + "kind": "ENUM", + "name": "HostPolicyResponseActionStatus", + "description": "", + "fields": null, + "inputFields": null, + "interfaces": null, + "enumValues": [ { - "name": "duration", + "name": "success", "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "end", + "name": "failure", "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToDateArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, + { "name": "warning", "description": "", "isDeprecated": false, "deprecationReason": null } + ], + "possibleTypes": null + }, + { + "kind": "OBJECT", + "name": "HostEcsFields", + "description": "", + "fields": [ { - "name": "hash", + "name": "architecture", "description": "", "args": [], "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, @@ -3955,23 +1630,7 @@ "deprecationReason": null }, { - "name": "kind", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "module", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "original", + "name": "ip", "description": "", "args": [], "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, @@ -3979,7 +1638,7 @@ "deprecationReason": null }, { - "name": "outcome", + "name": "mac", "description": "", "args": [], "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, @@ -3987,42 +1646,18 @@ "deprecationReason": null }, { - "name": "risk_score", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "risk_score_norm", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "severity", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "start", + "name": "name", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToDateArray", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "timezone", + "name": "os", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "type": { "kind": "OBJECT", "name": "OsEcsFields", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, @@ -4042,7 +1677,7 @@ }, { "kind": "SCALAR", - "name": "ToDateArray", + "name": "ToStringArray", "description": "", "fields": null, "inputFields": null, @@ -4052,19 +1687,19 @@ }, { "kind": "OBJECT", - "name": "NetworkEcsField", + "name": "OsEcsFields", "description": "", "fields": [ { - "name": "bytes", + "name": "platform", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "community_id", + "name": "name", "description": "", "args": [], "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, @@ -4072,7 +1707,7 @@ "deprecationReason": null }, { - "name": "direction", + "name": "full", "description": "", "args": [], "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, @@ -4080,15 +1715,15 @@ "deprecationReason": null }, { - "name": "packets", + "name": "family", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "protocol", + "name": "version", "description": "", "args": [], "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, @@ -4096,7 +1731,7 @@ "deprecationReason": null }, { - "name": "transport", + "name": "kernel", "description": "", "args": [], "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, @@ -4111,14 +1746,46 @@ }, { "kind": "OBJECT", - "name": "RuleEcsField", + "name": "Inspect", "description": "", "fields": [ { - "name": "reference", + "name": "dsl", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "type": { + "kind": "NON_NULL", + "name": null, + "ofType": { + "kind": "LIST", + "name": null, + "ofType": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } + } + } + }, + "isDeprecated": false, + "deprecationReason": null + }, + { + "name": "response", + "description": "", + "args": [], + "type": { + "kind": "NON_NULL", + "name": null, + "ofType": { + "kind": "LIST", + "name": null, + "ofType": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } + } + } + }, "isDeprecated": false, "deprecationReason": null } @@ -4128,32 +1795,34 @@ "enumValues": null, "possibleTypes": null }, + { + "kind": "SCALAR", + "name": "Date", + "description": "", + "fields": null, + "inputFields": null, + "interfaces": null, + "enumValues": null, + "possibleTypes": null + }, { "kind": "OBJECT", - "name": "SignalField", + "name": "CursorType", "description": "", "fields": [ { - "name": "rule", - "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "RuleField", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "original_time", + "name": "value", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "status", + "name": "tiebreaker", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, "isDeprecated": false, "deprecationReason": null } @@ -4165,210 +1834,208 @@ }, { "kind": "OBJECT", - "name": "RuleField", + "name": "PageInfoPaginated", "description": "", "fields": [ { - "name": "id", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "rule_id", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "false_positives", + "name": "activePage", "description": "", "args": [], "type": { "kind": "NON_NULL", "name": null, - "ofType": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } - } - } + "ofType": { "kind": "SCALAR", "name": "Float", "ofType": null } }, "isDeprecated": false, "deprecationReason": null }, { - "name": "saved_id", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "timeline_id", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "timeline_title", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "max_signals", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "risk_score", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "output_index", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "description", + "name": "fakeTotalCount", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "type": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "SCALAR", "name": "Float", "ofType": null } + }, "isDeprecated": false, "deprecationReason": null }, { - "name": "from", + "name": "showMorePagesIndicator", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "type": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "SCALAR", "name": "Boolean", "ofType": null } + }, "isDeprecated": false, "deprecationReason": null - }, + } + ], + "inputFields": null, + "interfaces": [], + "enumValues": null, + "possibleTypes": null + }, + { + "kind": "OBJECT", + "name": "FirstLastSeenHost", + "description": "", + "fields": [ { - "name": "immutable", + "name": "inspect", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToBooleanArray", "ofType": null }, + "type": { "kind": "OBJECT", "name": "Inspect", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "index", + "name": "firstSeen", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "type": { "kind": "SCALAR", "name": "Date", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "interval", + "name": "lastSeen", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "type": { "kind": "SCALAR", "name": "Date", "ofType": null }, "isDeprecated": false, "deprecationReason": null - }, + } + ], + "inputFields": null, + "interfaces": [], + "enumValues": null, + "possibleTypes": null + }, + { + "kind": "OBJECT", + "name": "TimelineResult", + "description": "", + "fields": [ { - "name": "language", + "name": "columns", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "type": { + "kind": "LIST", + "name": null, + "ofType": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "OBJECT", "name": "ColumnHeaderResult", "ofType": null } + } + }, "isDeprecated": false, "deprecationReason": null }, { - "name": "query", + "name": "created", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "references", + "name": "createdBy", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "severity", + "name": "dataProviders", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "type": { + "kind": "LIST", + "name": null, + "ofType": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "OBJECT", "name": "DataProviderResult", "ofType": null } + } + }, "isDeprecated": false, "deprecationReason": null }, { - "name": "tags", + "name": "dateRange", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "type": { "kind": "OBJECT", "name": "DateRangePickerResult", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "threat", + "name": "description", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToAny", "ofType": null }, + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "type", + "name": "eventIdToNoteIds", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "type": { + "kind": "LIST", + "name": null, + "ofType": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "OBJECT", "name": "NoteResult", "ofType": null } + } + }, "isDeprecated": false, "deprecationReason": null }, { - "name": "size", + "name": "eventType", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "to", + "name": "excludedRowRendererIds", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "type": { + "kind": "LIST", + "name": null, + "ofType": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "ENUM", "name": "RowRendererId", "ofType": null } + } + }, "isDeprecated": false, "deprecationReason": null }, { - "name": "enabled", + "name": "favorite", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToBooleanArray", "ofType": null }, + "type": { + "kind": "LIST", + "name": null, + "ofType": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "OBJECT", "name": "FavoriteTimelineResult", "ofType": null } + } + }, "isDeprecated": false, "deprecationReason": null }, @@ -4376,226 +2043,207 @@ "name": "filters", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToAny", "ofType": null }, + "type": { + "kind": "LIST", + "name": null, + "ofType": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "OBJECT", "name": "FilterTimelineResult", "ofType": null } + } + }, "isDeprecated": false, "deprecationReason": null }, { - "name": "created_at", + "name": "kqlMode", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "updated_at", + "name": "kqlQuery", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "type": { "kind": "OBJECT", "name": "SerializedFilterQueryResult", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "created_by", + "name": "indexNames", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "type": { + "kind": "LIST", + "name": null, + "ofType": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } + } + }, "isDeprecated": false, "deprecationReason": null }, { - "name": "updated_by", + "name": "notes", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "type": { + "kind": "LIST", + "name": null, + "ofType": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "OBJECT", "name": "NoteResult", "ofType": null } + } + }, "isDeprecated": false, "deprecationReason": null }, { - "name": "version", + "name": "noteIds", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "type": { + "kind": "LIST", + "name": null, + "ofType": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } + } + }, "isDeprecated": false, "deprecationReason": null }, { - "name": "note", + "name": "pinnedEventIds", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "type": { + "kind": "LIST", + "name": null, + "ofType": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } + } + }, "isDeprecated": false, "deprecationReason": null }, { - "name": "threshold", + "name": "pinnedEventsSaveObject", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToAny", "ofType": null }, + "type": { + "kind": "LIST", + "name": null, + "ofType": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "OBJECT", "name": "PinnedEvent", "ofType": null } + } + }, "isDeprecated": false, "deprecationReason": null }, { - "name": "exceptions_list", + "name": "savedQueryId", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToAny", "ofType": null }, + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, "isDeprecated": false, "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "SCALAR", - "name": "ToBooleanArray", - "description": "", - "fields": null, - "inputFields": null, - "interfaces": null, - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "SCALAR", - "name": "ToAny", - "description": "", - "fields": null, - "inputFields": null, - "interfaces": null, - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "SuricataEcsFields", - "description": "", - "fields": [ + }, { - "name": "eve", + "name": "savedObjectId", "description": "", "args": [], - "type": { "kind": "OBJECT", "name": "SuricataEveData", "ofType": null }, + "type": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } + }, "isDeprecated": false, "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "SuricataEveData", - "description": "", - "fields": [ + }, { - "name": "alert", + "name": "sort", "description": "", "args": [], - "type": { "kind": "OBJECT", "name": "SuricataAlertData", "ofType": null }, + "type": { "kind": "OBJECT", "name": "SortTimelineResult", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "flow_id", + "name": "status", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, + "type": { "kind": "ENUM", "name": "TimelineStatus", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "proto", + "name": "title", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, "isDeprecated": false, "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "SuricataAlertData", - "description": "", - "fields": [ + }, { - "name": "signature", + "name": "templateTimelineId", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "signature_id", + "name": "templateTimelineVersion", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, + "type": { "kind": "SCALAR", "name": "Int", "ofType": null }, "isDeprecated": false, "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "TlsEcsFields", - "description": "", - "fields": [ + }, { - "name": "client_certificate", + "name": "timelineType", "description": "", "args": [], - "type": { "kind": "OBJECT", "name": "TlsClientCertificateData", "ofType": null }, + "type": { "kind": "ENUM", "name": "TimelineType", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "fingerprints", + "name": "updated", "description": "", "args": [], - "type": { "kind": "OBJECT", "name": "TlsFingerprintsData", "ofType": null }, + "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "server_certificate", + "name": "updatedBy", "description": "", "args": [], - "type": { "kind": "OBJECT", "name": "TlsServerCertificateData", "ofType": null }, + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, "isDeprecated": false, - "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "TlsClientCertificateData", - "description": "", - "fields": [ + "deprecationReason": null + }, { - "name": "fingerprint", + "name": "version", "description": "", "args": [], - "type": { "kind": "OBJECT", "name": "FingerprintData", "ofType": null }, + "type": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } + }, "isDeprecated": false, "deprecationReason": null } @@ -4607,138 +2255,102 @@ }, { "kind": "OBJECT", - "name": "FingerprintData", + "name": "ColumnHeaderResult", "description": "", "fields": [ { - "name": "sha1", + "name": "aggregatable", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "type": { "kind": "SCALAR", "name": "Boolean", "ofType": null }, "isDeprecated": false, "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "TlsFingerprintsData", - "description": "", - "fields": [ + }, { - "name": "ja3", + "name": "category", "description": "", "args": [], - "type": { "kind": "OBJECT", "name": "TlsJa3Data", "ofType": null }, + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, "isDeprecated": false, "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "TlsJa3Data", - "description": "", - "fields": [ + }, { - "name": "hash", + "name": "columnHeaderType", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, "isDeprecated": false, "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "TlsServerCertificateData", - "description": "", - "fields": [ + }, { - "name": "fingerprint", + "name": "description", "description": "", "args": [], - "type": { "kind": "OBJECT", "name": "FingerprintData", "ofType": null }, + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, "isDeprecated": false, "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "ZeekEcsFields", - "description": "", - "fields": [ + }, { - "name": "session_id", + "name": "example", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "connection", + "name": "indexes", "description": "", "args": [], - "type": { "kind": "OBJECT", "name": "ZeekConnectionData", "ofType": null }, + "type": { + "kind": "LIST", + "name": null, + "ofType": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } + } + }, "isDeprecated": false, "deprecationReason": null }, { - "name": "notice", + "name": "id", "description": "", "args": [], - "type": { "kind": "OBJECT", "name": "ZeekNoticeData", "ofType": null }, + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "dns", + "name": "name", "description": "", "args": [], - "type": { "kind": "OBJECT", "name": "ZeekDnsData", "ofType": null }, + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "http", + "name": "placeholder", "description": "", "args": [], - "type": { "kind": "OBJECT", "name": "ZeekHttpData", "ofType": null }, + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "files", + "name": "searchable", "description": "", "args": [], - "type": { "kind": "OBJECT", "name": "ZeekFileData", "ofType": null }, + "type": { "kind": "SCALAR", "name": "Boolean", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "ssl", + "name": "type", "description": "", "args": [], - "type": { "kind": "OBJECT", "name": "ZeekSslData", "ofType": null }, + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, "isDeprecated": false, "deprecationReason": null } @@ -4750,46 +2362,78 @@ }, { "kind": "OBJECT", - "name": "ZeekConnectionData", + "name": "DataProviderResult", "description": "", "fields": [ { - "name": "local_resp", + "name": "id", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToBooleanArray", "ofType": null }, + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "local_orig", + "name": "name", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToBooleanArray", "ofType": null }, + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "missed_bytes", + "name": "enabled", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, + "type": { "kind": "SCALAR", "name": "Boolean", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "state", + "name": "excluded", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "type": { "kind": "SCALAR", "name": "Boolean", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "history", + "name": "kqlQuery", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null + }, + { + "name": "queryMatch", + "description": "", + "args": [], + "type": { "kind": "OBJECT", "name": "QueryMatchResult", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null + }, + { + "name": "type", + "description": "", + "args": [], + "type": { "kind": "ENUM", "name": "DataProviderType", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null + }, + { + "name": "and", + "description": "", + "args": [], + "type": { + "kind": "LIST", + "name": null, + "ofType": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "OBJECT", "name": "DataProviderResult", "ofType": null } + } + }, "isDeprecated": false, "deprecationReason": null } @@ -4801,212 +2445,210 @@ }, { "kind": "OBJECT", - "name": "ZeekNoticeData", + "name": "QueryMatchResult", "description": "", "fields": [ { - "name": "suppress_for", + "name": "field", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "msg", + "name": "displayField", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "note", + "name": "value", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "sub", + "name": "displayValue", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "dst", + "name": "operator", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, "isDeprecated": false, "deprecationReason": null - }, + } + ], + "inputFields": null, + "interfaces": [], + "enumValues": null, + "possibleTypes": null + }, + { + "kind": "ENUM", + "name": "DataProviderType", + "description": "", + "fields": null, + "inputFields": null, + "interfaces": null, + "enumValues": [ { - "name": "dropped", + "name": "default", "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToBooleanArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "peer_descr", + "name": "template", "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null } ], - "inputFields": null, - "interfaces": [], - "enumValues": null, "possibleTypes": null }, { "kind": "OBJECT", - "name": "ZeekDnsData", + "name": "DateRangePickerResult", "description": "", "fields": [ { - "name": "AA", + "name": "start", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToBooleanArray", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToAny", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "qclass_name", + "name": "end", + "description": "", + "args": [], + "type": { "kind": "SCALAR", "name": "ToAny", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null + } + ], + "inputFields": null, + "interfaces": [], + "enumValues": null, + "possibleTypes": null + }, + { + "kind": "SCALAR", + "name": "ToAny", + "description": "", + "fields": null, + "inputFields": null, + "interfaces": null, + "enumValues": null, + "possibleTypes": null + }, + { + "kind": "ENUM", + "name": "RowRendererId", + "description": "", + "fields": null, + "inputFields": null, + "interfaces": null, + "enumValues": [ + { "name": "auditd", "description": "", "isDeprecated": false, "deprecationReason": null }, + { + "name": "auditd_file", "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "RD", + "name": "netflow", "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToBooleanArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, + { "name": "plain", "description": "", "isDeprecated": false, "deprecationReason": null }, { - "name": "qtype_name", + "name": "suricata", "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, + { "name": "system", "description": "", "isDeprecated": false, "deprecationReason": null }, { - "name": "rejected", + "name": "system_dns", "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToBooleanArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "qtype", + "name": "system_endgame_process", "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "query", + "name": "system_file", "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "trans_id", + "name": "system_fim", "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "qclass", + "name": "system_security_event", "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "RA", + "name": "system_socket", "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToBooleanArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, - { - "name": "TC", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToBooleanArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - } + { "name": "zeek", "description": "", "isDeprecated": false, "deprecationReason": null } ], - "inputFields": null, - "interfaces": [], - "enumValues": null, "possibleTypes": null }, { "kind": "OBJECT", - "name": "ZeekHttpData", + "name": "FavoriteTimelineResult", "description": "", "fields": [ { - "name": "resp_mime_types", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "trans_depth", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "status_msg", + "name": "fullName", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "resp_fuids", + "name": "userName", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "tags", + "name": "favoriteDate", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, "isDeprecated": false, "deprecationReason": null } @@ -5018,193 +2660,161 @@ }, { "kind": "OBJECT", - "name": "ZeekFileData", + "name": "FilterTimelineResult", "description": "", "fields": [ { - "name": "session_ids", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "timedout", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToBooleanArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "local_orig", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToBooleanArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "tx_host", + "name": "exists", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "source", + "name": "meta", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "type": { "kind": "OBJECT", "name": "FilterMetaTimelineResult", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "is_orig", + "name": "match_all", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToBooleanArray", "ofType": null }, + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "overflow_bytes", + "name": "missing", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "sha1", + "name": "query", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "duration", + "name": "range", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "depth", + "name": "script", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, "isDeprecated": false, "deprecationReason": null - }, + } + ], + "inputFields": null, + "interfaces": [], + "enumValues": null, + "possibleTypes": null + }, + { + "kind": "OBJECT", + "name": "FilterMetaTimelineResult", + "description": "", + "fields": [ { - "name": "analyzers", + "name": "alias", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "mime_type", + "name": "controlledBy", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "rx_host", + "name": "disabled", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "type": { "kind": "SCALAR", "name": "Boolean", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "total_bytes", + "name": "field", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "fuid", + "name": "formattedValue", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "seen_bytes", + "name": "index", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "missing_bytes", + "name": "key", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "md5", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "ZeekSslData", - "description": "", - "fields": [ - { - "name": "cipher", + "name": "negate", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "type": { "kind": "SCALAR", "name": "Boolean", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "established", + "name": "params", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToBooleanArray", "ofType": null }, + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "resumed", + "name": "type", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToBooleanArray", "ofType": null }, + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "version", + "name": "value", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, "isDeprecated": false, "deprecationReason": null } @@ -5216,30 +2826,14 @@ }, { "kind": "OBJECT", - "name": "HttpEcsFields", + "name": "SerializedFilterQueryResult", "description": "", "fields": [ { - "name": "version", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "request", - "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "HttpRequestData", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "response", + "name": "filterQuery", "description": "", "args": [], - "type": { "kind": "OBJECT", "name": "HttpResponseData", "ofType": null }, + "type": { "kind": "OBJECT", "name": "SerializedKueryQueryResult", "ofType": null }, "isDeprecated": false, "deprecationReason": null } @@ -5251,38 +2845,22 @@ }, { "kind": "OBJECT", - "name": "HttpRequestData", + "name": "SerializedKueryQueryResult", "description": "", "fields": [ { - "name": "method", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "body", - "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "HttpBodyData", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "referrer", + "name": "kuery", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "type": { "kind": "OBJECT", "name": "KueryFilterQueryResult", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "bytes", + "name": "serializedQuery", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, "isDeprecated": false, "deprecationReason": null } @@ -5294,22 +2872,22 @@ }, { "kind": "OBJECT", - "name": "HttpBodyData", + "name": "KueryFilterQueryResult", "description": "", "fields": [ { - "name": "content", + "name": "kind", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "bytes", + "name": "expression", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, "isDeprecated": false, "deprecationReason": null } @@ -5321,218 +2899,504 @@ }, { "kind": "OBJECT", - "name": "HttpResponseData", + "name": "SortTimelineResult", "description": "", "fields": [ { - "name": "status_code", + "name": "columnId", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "body", + "name": "sortDirection", "description": "", "args": [], - "type": { "kind": "OBJECT", "name": "HttpBodyData", "ofType": null }, + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, "isDeprecated": false, "deprecationReason": null - }, + } + ], + "inputFields": null, + "interfaces": [], + "enumValues": null, + "possibleTypes": null + }, + { + "kind": "ENUM", + "name": "TimelineStatus", + "description": "", + "fields": null, + "inputFields": null, + "interfaces": null, + "enumValues": [ + { "name": "active", "description": "", "isDeprecated": false, "deprecationReason": null }, + { "name": "draft", "description": "", "isDeprecated": false, "deprecationReason": null }, { - "name": "bytes", + "name": "immutable", "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null } ], + "possibleTypes": null + }, + { + "kind": "SCALAR", + "name": "Int", + "description": "The `Int` scalar type represents non-fractional signed whole numeric values. Int can represent values between -(2^31) and 2^31 - 1. ", + "fields": null, "inputFields": null, - "interfaces": [], + "interfaces": null, "enumValues": null, "possibleTypes": null }, { - "kind": "OBJECT", - "name": "UrlEcsFields", + "kind": "ENUM", + "name": "TimelineType", "description": "", - "fields": [ + "fields": null, + "inputFields": null, + "interfaces": null, + "enumValues": [ { - "name": "domain", + "name": "default", "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "original", + "name": "template", "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null + } + ], + "possibleTypes": null + }, + { + "kind": "INPUT_OBJECT", + "name": "PageInfoTimeline", + "description": "", + "fields": null, + "inputFields": [ + { + "name": "pageIndex", + "description": "", + "type": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "SCALAR", "name": "Float", "ofType": null } + }, + "defaultValue": null }, { - "name": "username", + "name": "pageSize", "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null + "type": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "SCALAR", "name": "Float", "ofType": null } + }, + "defaultValue": null + } + ], + "interfaces": null, + "enumValues": null, + "possibleTypes": null + }, + { + "kind": "INPUT_OBJECT", + "name": "SortTimeline", + "description": "", + "fields": null, + "inputFields": [ + { + "name": "sortField", + "description": "", + "type": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "ENUM", "name": "SortFieldTimeline", "ofType": null } + }, + "defaultValue": null }, { - "name": "password", + "name": "sortOrder", "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null + "type": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "ENUM", "name": "Direction", "ofType": null } + }, + "defaultValue": null } ], - "inputFields": null, - "interfaces": [], + "interfaces": null, "enumValues": null, "possibleTypes": null }, { - "kind": "OBJECT", - "name": "WinlogEcsFields", + "kind": "ENUM", + "name": "SortFieldTimeline", "description": "", - "fields": [ + "fields": null, + "inputFields": null, + "interfaces": null, + "enumValues": [ + { "name": "title", "description": "", "isDeprecated": false, "deprecationReason": null }, { - "name": "event_id", + "name": "description", "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null - } + }, + { + "name": "updated", + "description": "", + "isDeprecated": false, + "deprecationReason": null + }, + { "name": "created", "description": "", "isDeprecated": false, "deprecationReason": null } ], - "inputFields": null, - "interfaces": [], - "enumValues": null, "possibleTypes": null }, { "kind": "OBJECT", - "name": "ProcessEcsFields", + "name": "ResponseTimelines", "description": "", "fields": [ { - "name": "hash", + "name": "timeline", "description": "", "args": [], - "type": { "kind": "OBJECT", "name": "ProcessHashData", "ofType": null }, + "type": { + "kind": "NON_NULL", + "name": null, + "ofType": { + "kind": "LIST", + "name": null, + "ofType": { "kind": "OBJECT", "name": "TimelineResult", "ofType": null } + } + }, "isDeprecated": false, "deprecationReason": null }, { - "name": "pid", + "name": "totalCount", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, + "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "name", + "name": "defaultTimelineCount", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "ppid", + "name": "templateTimelineCount", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, + "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "args", + "name": "elasticTemplateTimelineCount", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null + }, + { + "name": "customTemplateTimelineCount", + "description": "", + "args": [], + "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null + }, + { + "name": "favoriteCount", + "description": "", + "args": [], + "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null + } + ], + "inputFields": null, + "interfaces": [], + "enumValues": null, + "possibleTypes": null + }, + { + "kind": "OBJECT", + "name": "Mutation", + "description": "", + "fields": [ + { + "name": "persistNote", + "description": "Persists a note", + "args": [ + { + "name": "noteId", + "description": "", + "type": { "kind": "SCALAR", "name": "ID", "ofType": null }, + "defaultValue": null + }, + { + "name": "version", + "description": "", + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "defaultValue": null + }, + { + "name": "note", + "description": "", + "type": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "INPUT_OBJECT", "name": "NoteInput", "ofType": null } + }, + "defaultValue": null + } + ], + "type": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "OBJECT", "name": "ResponseNote", "ofType": null } + }, "isDeprecated": false, "deprecationReason": null }, { - "name": "entity_id", + "name": "deleteNote", "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "args": [ + { + "name": "id", + "description": "", + "type": { + "kind": "NON_NULL", + "name": null, + "ofType": { + "kind": "LIST", + "name": null, + "ofType": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "SCALAR", "name": "ID", "ofType": null } + } + } + }, + "defaultValue": null + } + ], + "type": { "kind": "SCALAR", "name": "Boolean", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "executable", + "name": "deleteNoteByTimelineId", "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "args": [ + { + "name": "timelineId", + "description": "", + "type": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "SCALAR", "name": "ID", "ofType": null } + }, + "defaultValue": null + }, + { + "name": "version", + "description": "", + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "defaultValue": null + } + ], + "type": { "kind": "SCALAR", "name": "Boolean", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "title", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "name": "persistPinnedEventOnTimeline", + "description": "Persists a pinned event in a timeline", + "args": [ + { + "name": "pinnedEventId", + "description": "", + "type": { "kind": "SCALAR", "name": "ID", "ofType": null }, + "defaultValue": null + }, + { + "name": "eventId", + "description": "", + "type": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "SCALAR", "name": "ID", "ofType": null } + }, + "defaultValue": null + }, + { + "name": "timelineId", + "description": "", + "type": { "kind": "SCALAR", "name": "ID", "ofType": null }, + "defaultValue": null + } + ], + "type": { "kind": "OBJECT", "name": "PinnedEvent", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "thread", - "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "Thread", "ofType": null }, + "name": "deletePinnedEventOnTimeline", + "description": "Remove a pinned events in a timeline", + "args": [ + { + "name": "id", + "description": "", + "type": { + "kind": "NON_NULL", + "name": null, + "ofType": { + "kind": "LIST", + "name": null, + "ofType": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "SCALAR", "name": "ID", "ofType": null } + } + } + }, + "defaultValue": null + } + ], + "type": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "SCALAR", "name": "Boolean", "ofType": null } + }, "isDeprecated": false, "deprecationReason": null }, { - "name": "working_directory", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "name": "deleteAllPinnedEventsOnTimeline", + "description": "Remove all pinned events in a timeline", + "args": [ + { + "name": "timelineId", + "description": "", + "type": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "SCALAR", "name": "ID", "ofType": null } + }, + "defaultValue": null + } + ], + "type": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "SCALAR", "name": "Boolean", "ofType": null } + }, "isDeprecated": false, "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "ProcessHashData", - "description": "", - "fields": [ + }, { - "name": "md5", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "name": "persistTimeline", + "description": "Persists a timeline", + "args": [ + { + "name": "id", + "description": "", + "type": { "kind": "SCALAR", "name": "ID", "ofType": null }, + "defaultValue": null + }, + { + "name": "version", + "description": "", + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "defaultValue": null + }, + { + "name": "timeline", + "description": "", + "type": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "INPUT_OBJECT", "name": "TimelineInput", "ofType": null } + }, + "defaultValue": null + } + ], + "type": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "OBJECT", "name": "ResponseTimeline", "ofType": null } + }, "isDeprecated": false, "deprecationReason": null }, { - "name": "sha1", + "name": "persistFavorite", "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "args": [ + { + "name": "timelineId", + "description": "", + "type": { "kind": "SCALAR", "name": "ID", "ofType": null }, + "defaultValue": null + } + ], + "type": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "OBJECT", "name": "ResponseFavoriteTimeline", "ofType": null } + }, "isDeprecated": false, "deprecationReason": null }, { - "name": "sha256", + "name": "deleteTimeline", "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "args": [ + { + "name": "id", + "description": "", + "type": { + "kind": "NON_NULL", + "name": null, + "ofType": { + "kind": "LIST", + "name": null, + "ofType": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "SCALAR", "name": "ID", "ofType": null } + } + } + }, + "defaultValue": null + } + ], + "type": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "SCALAR", "name": "Boolean", "ofType": null } + }, "isDeprecated": false, "deprecationReason": null } @@ -5543,524 +3407,416 @@ "possibleTypes": null }, { - "kind": "OBJECT", - "name": "Thread", + "kind": "INPUT_OBJECT", + "name": "NoteInput", "description": "", - "fields": [ + "fields": null, + "inputFields": [ { - "name": "id", + "name": "eventId", "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "defaultValue": null }, { - "name": "start", + "name": "note", "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "defaultValue": null + }, + { + "name": "timelineId", + "description": "", + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "defaultValue": null } ], - "inputFields": null, - "interfaces": [], + "interfaces": null, "enumValues": null, "possibleTypes": null }, { "kind": "OBJECT", - "name": "FileFields", + "name": "ResponseNote", "description": "", "fields": [ { - "name": "name", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "path", + "name": "code", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "target_path", + "name": "message", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "extension", + "name": "note", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "type": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "OBJECT", "name": "NoteResult", "ofType": null } + }, "isDeprecated": false, "deprecationReason": null - }, + } + ], + "inputFields": null, + "interfaces": [], + "enumValues": null, + "possibleTypes": null + }, + { + "kind": "INPUT_OBJECT", + "name": "TimelineInput", + "description": "", + "fields": null, + "inputFields": [ { - "name": "type", + "name": "columns", "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null + "type": { + "kind": "LIST", + "name": null, + "ofType": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "INPUT_OBJECT", "name": "ColumnHeaderInput", "ofType": null } + } + }, + "defaultValue": null }, { - "name": "device", + "name": "dataProviders", "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null + "type": { + "kind": "LIST", + "name": null, + "ofType": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "INPUT_OBJECT", "name": "DataProviderInput", "ofType": null } + } + }, + "defaultValue": null }, { - "name": "inode", + "name": "description", "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "defaultValue": null }, { - "name": "uid", + "name": "eventType", "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "defaultValue": null }, { - "name": "owner", + "name": "excludedRowRendererIds", "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null + "type": { + "kind": "LIST", + "name": null, + "ofType": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "ENUM", "name": "RowRendererId", "ofType": null } + } + }, + "defaultValue": null }, { - "name": "gid", + "name": "filters", "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null + "type": { + "kind": "LIST", + "name": null, + "ofType": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "INPUT_OBJECT", "name": "FilterTimelineInput", "ofType": null } + } + }, + "defaultValue": null }, { - "name": "group", + "name": "kqlMode", "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "defaultValue": null }, { - "name": "mode", + "name": "kqlQuery", "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null + "type": { + "kind": "INPUT_OBJECT", + "name": "SerializedFilterQueryInput", + "ofType": null + }, + "defaultValue": null }, { - "name": "size", + "name": "indexNames", "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null + "type": { + "kind": "LIST", + "name": null, + "ofType": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } + } + }, + "defaultValue": null }, { - "name": "mtime", + "name": "title", "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToDateArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "defaultValue": null }, { - "name": "ctime", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToDateArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "SystemEcsField", - "description": "", - "fields": [ - { - "name": "audit", + "name": "templateTimelineId", "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "AuditEcsFields", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "defaultValue": null }, { - "name": "auth", - "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "AuthEcsFields", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "AuditEcsFields", - "description": "", - "fields": [ - { - "name": "package", - "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "PackageEcsFields", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "PackageEcsFields", - "description": "", - "fields": [ - { - "name": "arch", + "name": "templateTimelineVersion", "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null + "type": { "kind": "SCALAR", "name": "Int", "ofType": null }, + "defaultValue": null }, { - "name": "entity_id", + "name": "timelineType", "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null + "type": { "kind": "ENUM", "name": "TimelineType", "ofType": null }, + "defaultValue": null }, { - "name": "name", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null + "name": "dateRange", + "description": "", + "type": { "kind": "INPUT_OBJECT", "name": "DateRangePickerInput", "ofType": null }, + "defaultValue": null }, { - "name": "size", + "name": "savedQueryId", "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "defaultValue": null }, { - "name": "summary", + "name": "sort", "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null + "type": { "kind": "INPUT_OBJECT", "name": "SortTimelineInput", "ofType": null }, + "defaultValue": null }, { - "name": "version", + "name": "status", "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null + "type": { "kind": "ENUM", "name": "TimelineStatus", "ofType": null }, + "defaultValue": null } ], - "inputFields": null, - "interfaces": [], + "interfaces": null, "enumValues": null, "possibleTypes": null }, { - "kind": "OBJECT", - "name": "AuthEcsFields", + "kind": "INPUT_OBJECT", + "name": "ColumnHeaderInput", "description": "", - "fields": [ + "fields": null, + "inputFields": [ { - "name": "ssh", + "name": "aggregatable", "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "SshEcsFields", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "SshEcsFields", - "description": "", - "fields": [ + "type": { "kind": "SCALAR", "name": "Boolean", "ofType": null }, + "defaultValue": null + }, { - "name": "method", + "name": "category", "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "defaultValue": null }, { - "name": "signature", + "name": "columnHeaderType", "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "PageInfo", - "description": "", - "fields": [ + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "defaultValue": null + }, { - "name": "endCursor", + "name": "description", "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "CursorType", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "defaultValue": null }, { - "name": "hasNextPage", + "name": "example", "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "Boolean", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "TimelineDetailsData", - "description": "", - "fields": [ + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "defaultValue": null + }, { - "name": "data", + "name": "indexes", "description": "", - "args": [], "type": { "kind": "LIST", "name": null, "ofType": { "kind": "NON_NULL", "name": null, - "ofType": { "kind": "OBJECT", "name": "DetailItem", "ofType": null } + "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } } }, - "isDeprecated": false, - "deprecationReason": null + "defaultValue": null }, { - "name": "inspect", + "name": "id", "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "Inspect", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "DetailItem", - "description": "", - "fields": [ + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "defaultValue": null + }, { - "name": "field", + "name": "name", "description": "", - "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } - }, - "isDeprecated": false, - "deprecationReason": null + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "defaultValue": null }, { - "name": "values", + "name": "placeholder", "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "defaultValue": null }, { - "name": "originalValue", + "name": "searchable", "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "EsValue", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null + "type": { "kind": "SCALAR", "name": "Boolean", "ofType": null }, + "defaultValue": null + }, + { + "name": "type", + "description": "", + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "defaultValue": null } ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "SCALAR", - "name": "EsValue", - "description": "", - "fields": null, - "inputFields": null, "interfaces": null, "enumValues": null, "possibleTypes": null }, { - "kind": "ENUM", - "name": "LastEventIndexKey", + "kind": "INPUT_OBJECT", + "name": "DataProviderInput", "description": "", "fields": null, - "inputFields": null, - "interfaces": null, - "enumValues": [ + "inputFields": [ { - "name": "hostDetails", + "name": "id", "description": "", - "isDeprecated": false, - "deprecationReason": null + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "defaultValue": null }, - { "name": "hosts", "description": "", "isDeprecated": false, "deprecationReason": null }, { - "name": "ipDetails", + "name": "name", "description": "", - "isDeprecated": false, - "deprecationReason": null + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "defaultValue": null }, - { "name": "network", "description": "", "isDeprecated": false, "deprecationReason": null } - ], - "possibleTypes": null - }, - { - "kind": "INPUT_OBJECT", - "name": "LastTimeDetails", - "description": "", - "fields": null, - "inputFields": [ { - "name": "hostName", + "name": "enabled", "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "type": { "kind": "SCALAR", "name": "Boolean", "ofType": null }, "defaultValue": null }, { - "name": "ip", + "name": "excluded", + "description": "", + "type": { "kind": "SCALAR", "name": "Boolean", "ofType": null }, + "defaultValue": null + }, + { + "name": "kqlQuery", "description": "", "type": { "kind": "SCALAR", "name": "String", "ofType": null }, "defaultValue": null - } - ], - "interfaces": null, - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "LastEventTimeData", - "description": "", - "fields": [ + }, { - "name": "lastSeen", + "name": "queryMatch", "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "Date", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null + "type": { "kind": "INPUT_OBJECT", "name": "QueryMatchInput", "ofType": null }, + "defaultValue": null }, { - "name": "inspect", + "name": "and", "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "Inspect", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null + "type": { + "kind": "LIST", + "name": null, + "ofType": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "INPUT_OBJECT", "name": "DataProviderInput", "ofType": null } + } + }, + "defaultValue": null + }, + { + "name": "type", + "description": "", + "type": { "kind": "ENUM", "name": "DataProviderType", "ofType": null }, + "defaultValue": null } ], - "inputFields": null, - "interfaces": [], + "interfaces": null, "enumValues": null, "possibleTypes": null }, { "kind": "INPUT_OBJECT", - "name": "HostsSortField", + "name": "QueryMatchInput", "description": "", "fields": null, "inputFields": [ { "name": "field", "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "ENUM", "name": "HostsFields", "ofType": null } - }, + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, "defaultValue": null }, { - "name": "direction", + "name": "displayField", "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "ENUM", "name": "Direction", "ofType": null } - }, + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "defaultValue": null + }, + { + "name": "value", + "description": "", + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "defaultValue": null + }, + { + "name": "displayValue", + "description": "", + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "defaultValue": null + }, + { + "name": "operator", + "description": "", + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, "defaultValue": null } ], @@ -6069,399 +3825,251 @@ "possibleTypes": null }, { - "kind": "ENUM", - "name": "HostsFields", + "kind": "INPUT_OBJECT", + "name": "FilterTimelineInput", "description": "", "fields": null, - "inputFields": null, - "interfaces": null, - "enumValues": [ + "inputFields": [ { - "name": "hostName", + "name": "exists", "description": "", - "isDeprecated": false, - "deprecationReason": null + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "defaultValue": null }, { - "name": "lastSeen", - "description": "", - "isDeprecated": false, - "deprecationReason": null - } - ], - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "HostsData", - "description": "", - "fields": [ - { - "name": "edges", + "name": "meta", "description": "", - "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "HostsEdges", "ofType": null } - } - } - }, - "isDeprecated": false, - "deprecationReason": null + "type": { "kind": "INPUT_OBJECT", "name": "FilterMetaTimelineInput", "ofType": null }, + "defaultValue": null }, { - "name": "totalCount", + "name": "match_all", "description": "", - "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "Float", "ofType": null } - }, - "isDeprecated": false, - "deprecationReason": null + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "defaultValue": null }, { - "name": "pageInfo", + "name": "missing", "description": "", - "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "PageInfoPaginated", "ofType": null } - }, - "isDeprecated": false, - "deprecationReason": null + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "defaultValue": null }, { - "name": "inspect", + "name": "query", "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "Inspect", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "HostsEdges", - "description": "", - "fields": [ + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "defaultValue": null + }, { - "name": "node", + "name": "range", "description": "", - "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "HostItem", "ofType": null } - }, - "isDeprecated": false, - "deprecationReason": null + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "defaultValue": null }, { - "name": "cursor", + "name": "script", "description": "", - "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "CursorType", "ofType": null } - }, - "isDeprecated": false, - "deprecationReason": null + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "defaultValue": null } ], - "inputFields": null, - "interfaces": [], + "interfaces": null, "enumValues": null, "possibleTypes": null }, { - "kind": "OBJECT", - "name": "HostItem", + "kind": "INPUT_OBJECT", + "name": "FilterMetaTimelineInput", "description": "", - "fields": [ + "fields": null, + "inputFields": [ { - "name": "_id", + "name": "alias", "description": "", - "args": [], "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null + "defaultValue": null }, { - "name": "cloud", + "name": "controlledBy", "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "CloudFields", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "defaultValue": null }, { - "name": "endpoint", + "name": "disabled", "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "EndpointFields", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null + "type": { "kind": "SCALAR", "name": "Boolean", "ofType": null }, + "defaultValue": null }, { - "name": "host", + "name": "field", "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "HostEcsFields", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "defaultValue": null }, { - "name": "inspect", + "name": "formattedValue", "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "Inspect", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "defaultValue": null }, { - "name": "lastSeen", + "name": "index", "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "Date", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "CloudFields", - "description": "", - "fields": [ + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "defaultValue": null + }, { - "name": "instance", + "name": "key", "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "CloudInstance", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "defaultValue": null }, { - "name": "machine", + "name": "negate", "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "CloudMachine", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null + "type": { "kind": "SCALAR", "name": "Boolean", "ofType": null }, + "defaultValue": null }, { - "name": "provider", + "name": "params", "description": "", - "args": [], - "type": { - "kind": "LIST", - "name": null, - "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } - }, - "isDeprecated": false, - "deprecationReason": null + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "defaultValue": null }, { - "name": "region", + "name": "type", "description": "", - "args": [], - "type": { - "kind": "LIST", - "name": null, - "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } - }, - "isDeprecated": false, - "deprecationReason": null + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "defaultValue": null + }, + { + "name": "value", + "description": "", + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "defaultValue": null } ], - "inputFields": null, - "interfaces": [], + "interfaces": null, "enumValues": null, "possibleTypes": null }, { - "kind": "OBJECT", - "name": "CloudInstance", + "kind": "INPUT_OBJECT", + "name": "SerializedFilterQueryInput", "description": "", - "fields": [ + "fields": null, + "inputFields": [ { - "name": "id", + "name": "filterQuery", "description": "", - "args": [], - "type": { - "kind": "LIST", - "name": null, - "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } - }, - "isDeprecated": false, - "deprecationReason": null + "type": { "kind": "INPUT_OBJECT", "name": "SerializedKueryQueryInput", "ofType": null }, + "defaultValue": null } ], - "inputFields": null, - "interfaces": [], + "interfaces": null, "enumValues": null, "possibleTypes": null }, { - "kind": "OBJECT", - "name": "CloudMachine", + "kind": "INPUT_OBJECT", + "name": "SerializedKueryQueryInput", "description": "", - "fields": [ + "fields": null, + "inputFields": [ { - "name": "type", + "name": "kuery", "description": "", - "args": [], - "type": { - "kind": "LIST", - "name": null, - "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } - }, - "isDeprecated": false, - "deprecationReason": null + "type": { "kind": "INPUT_OBJECT", "name": "KueryFilterQueryInput", "ofType": null }, + "defaultValue": null + }, + { + "name": "serializedQuery", + "description": "", + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "defaultValue": null } ], - "inputFields": null, - "interfaces": [], + "interfaces": null, "enumValues": null, "possibleTypes": null }, { - "kind": "OBJECT", - "name": "EndpointFields", + "kind": "INPUT_OBJECT", + "name": "KueryFilterQueryInput", "description": "", - "fields": [ + "fields": null, + "inputFields": [ { - "name": "endpointPolicy", + "name": "kind", "description": "", - "args": [], "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null + "defaultValue": null }, { - "name": "sensorVersion", + "name": "expression", "description": "", - "args": [], "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "policyStatus", - "description": "", - "args": [], - "type": { "kind": "ENUM", "name": "HostPolicyResponseActionStatus", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null + "defaultValue": null } ], - "inputFields": null, - "interfaces": [], + "interfaces": null, "enumValues": null, "possibleTypes": null }, { - "kind": "ENUM", - "name": "HostPolicyResponseActionStatus", + "kind": "INPUT_OBJECT", + "name": "DateRangePickerInput", "description": "", "fields": null, - "inputFields": null, - "interfaces": null, - "enumValues": [ + "inputFields": [ { - "name": "success", + "name": "start", "description": "", - "isDeprecated": false, - "deprecationReason": null + "type": { "kind": "SCALAR", "name": "ToAny", "ofType": null }, + "defaultValue": null }, { - "name": "failure", + "name": "end", "description": "", - "isDeprecated": false, - "deprecationReason": null - }, - { "name": "warning", "description": "", "isDeprecated": false, "deprecationReason": null } + "type": { "kind": "SCALAR", "name": "ToAny", "ofType": null }, + "defaultValue": null + } ], + "interfaces": null, + "enumValues": null, "possibleTypes": null }, { - "kind": "OBJECT", - "name": "FirstLastSeenHost", + "kind": "INPUT_OBJECT", + "name": "SortTimelineInput", "description": "", - "fields": [ - { - "name": "inspect", - "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "Inspect", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, + "fields": null, + "inputFields": [ { - "name": "firstSeen", + "name": "columnId", "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "Date", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "defaultValue": null }, { - "name": "lastSeen", + "name": "sortDirection", "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "Date", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "defaultValue": null } ], - "inputFields": null, - "interfaces": [], + "interfaces": null, "enumValues": null, "possibleTypes": null }, { "kind": "OBJECT", - "name": "KpiNetworkData", + "name": "ResponseTimeline", "description": "", "fields": [ { - "name": "networkEvents", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "uniqueFlowId", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "uniqueSourcePrivateIps", + "name": "code", "description": "", "args": [], "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, @@ -6469,95 +4077,24 @@ "deprecationReason": null }, { - "name": "uniqueSourcePrivateIpsHistogram", - "description": "", - "args": [], - "type": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "KpiNetworkHistogramData", "ofType": null } - } - }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "uniqueDestinationPrivateIps", + "name": "message", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "uniqueDestinationPrivateIpsHistogram", + "name": "timeline", "description": "", "args": [], "type": { - "kind": "LIST", + "kind": "NON_NULL", "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "KpiNetworkHistogramData", "ofType": null } - } + "ofType": { "kind": "OBJECT", "name": "TimelineResult", "ofType": null } }, "isDeprecated": false, "deprecationReason": null - }, - { - "name": "dnsQueries", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "tlsHandshakes", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "inspect", - "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "Inspect", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "KpiNetworkHistogramData", - "description": "", - "fields": [ - { - "name": "x", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "y", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null } ], "inputFields": null, @@ -6567,67 +4104,51 @@ }, { "kind": "OBJECT", - "name": "KpiHostsData", - "description": "", - "fields": [ - { - "name": "hosts", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, + "name": "ResponseFavoriteTimeline", + "description": "", + "fields": [ { - "name": "hostsHistogram", + "name": "code", "description": "", "args": [], - "type": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "KpiHostHistogramData", "ofType": null } - } - }, + "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "authSuccess", + "name": "message", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "authSuccessHistogram", + "name": "savedObjectId", "description": "", "args": [], "type": { - "kind": "LIST", + "kind": "NON_NULL", "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "KpiHostHistogramData", "ofType": null } - } + "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } }, "isDeprecated": false, "deprecationReason": null }, { - "name": "authFailure", + "name": "version", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, + "type": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } + }, "isDeprecated": false, "deprecationReason": null }, { - "name": "authFailureHistogram", + "name": "favorite", "description": "", "args": [], "type": { @@ -6636,92 +4157,88 @@ "ofType": { "kind": "NON_NULL", "name": null, - "ofType": { "kind": "OBJECT", "name": "KpiHostHistogramData", "ofType": null } + "ofType": { "kind": "OBJECT", "name": "FavoriteTimelineResult", "ofType": null } } }, "isDeprecated": false, "deprecationReason": null - }, - { - "name": "uniqueSourceIps", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, + } + ], + "inputFields": null, + "interfaces": [], + "enumValues": null, + "possibleTypes": null + }, + { + "kind": "OBJECT", + "name": "__Schema", + "description": "A GraphQL Schema defines the capabilities of a GraphQL server. It exposes all available types and directives on the server, as well as the entry points for query, mutation, and subscription operations.", + "fields": [ { - "name": "uniqueSourceIpsHistogram", - "description": "", + "name": "types", + "description": "A list of all types supported by this server.", "args": [], "type": { - "kind": "LIST", + "kind": "NON_NULL", "name": null, "ofType": { - "kind": "NON_NULL", + "kind": "LIST", "name": null, - "ofType": { "kind": "OBJECT", "name": "KpiHostHistogramData", "ofType": null } + "ofType": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "OBJECT", "name": "__Type", "ofType": null } + } } }, "isDeprecated": false, "deprecationReason": null }, { - "name": "uniqueDestinationIps", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "uniqueDestinationIpsHistogram", - "description": "", + "name": "queryType", + "description": "The type that query operations will be rooted at.", "args": [], "type": { - "kind": "LIST", + "kind": "NON_NULL", "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "KpiHostHistogramData", "ofType": null } - } + "ofType": { "kind": "OBJECT", "name": "__Type", "ofType": null } }, "isDeprecated": false, "deprecationReason": null }, { - "name": "inspect", - "description": "", + "name": "mutationType", + "description": "If this server supports mutation, the type that mutation operations will be rooted at.", "args": [], - "type": { "kind": "OBJECT", "name": "Inspect", "ofType": null }, + "type": { "kind": "OBJECT", "name": "__Type", "ofType": null }, "isDeprecated": false, "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "KpiHostHistogramData", - "description": "", - "fields": [ + }, { - "name": "x", - "description": "", + "name": "subscriptionType", + "description": "If this server support subscription, the type that subscription operations will be rooted at.", "args": [], - "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, + "type": { "kind": "OBJECT", "name": "__Type", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "y", - "description": "", + "name": "directives", + "description": "A list of all directives supported by this server.", "args": [], - "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, + "type": { + "kind": "NON_NULL", + "name": null, + "ofType": { + "kind": "LIST", + "name": null, + "ofType": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "OBJECT", "name": "__Directive", "ofType": null } + } + } + }, "isDeprecated": false, "deprecationReason": null } @@ -6733,68 +4250,63 @@ }, { "kind": "OBJECT", - "name": "KpiHostDetailsData", - "description": "", + "name": "__Type", + "description": "The fundamental unit of any GraphQL Schema is the type. There are many kinds of types in GraphQL as represented by the `__TypeKind` enum.\n\nDepending on the kind of a type, certain fields describe information about that type. Scalar types provide no information beyond a name and description, while Enum types provide their values. Object and Interface types provide the fields they describe. Abstract types, Union and Interface, provide the Object types possible at runtime. List and NonNull types compose other types.", "fields": [ { - "name": "authSuccess", - "description": "", + "name": "kind", + "description": null, "args": [], - "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, + "type": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "ENUM", "name": "__TypeKind", "ofType": null } + }, "isDeprecated": false, "deprecationReason": null }, { - "name": "authSuccessHistogram", - "description": "", + "name": "name", + "description": null, "args": [], - "type": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "KpiHostHistogramData", "ofType": null } - } - }, + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "authFailure", - "description": "", + "name": "description", + "description": null, "args": [], - "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "authFailureHistogram", - "description": "", - "args": [], + "name": "fields", + "description": null, + "args": [ + { + "name": "includeDeprecated", + "description": null, + "type": { "kind": "SCALAR", "name": "Boolean", "ofType": null }, + "defaultValue": "false" + } + ], "type": { "kind": "LIST", "name": null, "ofType": { "kind": "NON_NULL", "name": null, - "ofType": { "kind": "OBJECT", "name": "KpiHostHistogramData", "ofType": null } + "ofType": { "kind": "OBJECT", "name": "__Field", "ofType": null } } }, "isDeprecated": false, "deprecationReason": null }, { - "name": "uniqueSourceIps", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "uniqueSourceIpsHistogram", - "description": "", + "name": "interfaces", + "description": null, "args": [], "type": { "kind": "LIST", @@ -6802,23 +4314,15 @@ "ofType": { "kind": "NON_NULL", "name": null, - "ofType": { "kind": "OBJECT", "name": "KpiHostHistogramData", "ofType": null } + "ofType": { "kind": "OBJECT", "name": "__Type", "ofType": null } } }, "isDeprecated": false, "deprecationReason": null }, { - "name": "uniqueDestinationIps", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "uniqueDestinationIpsHistogram", - "description": "", + "name": "possibleTypes", + "description": null, "args": [], "type": { "kind": "LIST", @@ -6826,133 +4330,56 @@ "ofType": { "kind": "NON_NULL", "name": null, - "ofType": { "kind": "OBJECT", "name": "KpiHostHistogramData", "ofType": null } + "ofType": { "kind": "OBJECT", "name": "__Type", "ofType": null } } }, "isDeprecated": false, "deprecationReason": null }, { - "name": "inspect", - "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "Inspect", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "ENUM", - "name": "HistogramType", - "description": "", - "fields": null, - "inputFields": null, - "interfaces": null, - "enumValues": [ - { - "name": "authentications", - "description": "", - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "anomalies", - "description": "", - "isDeprecated": false, - "deprecationReason": null - }, - { "name": "events", "description": "", "isDeprecated": false, "deprecationReason": null }, - { "name": "alerts", "description": "", "isDeprecated": false, "deprecationReason": null }, - { "name": "dns", "description": "", "isDeprecated": false, "deprecationReason": null } - ], - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "MatrixHistogramOverTimeData", - "description": "", - "fields": [ - { - "name": "inspect", - "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "Inspect", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "matrixHistogramData", - "description": "", - "args": [], + "name": "enumValues", + "description": null, + "args": [ + { + "name": "includeDeprecated", + "description": null, + "type": { "kind": "SCALAR", "name": "Boolean", "ofType": null }, + "defaultValue": "false" + } + ], "type": { - "kind": "NON_NULL", + "kind": "LIST", "name": null, "ofType": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { - "kind": "OBJECT", - "name": "MatrixOverTimeHistogramData", - "ofType": null - } - } + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "OBJECT", "name": "__EnumValue", "ofType": null } } }, "isDeprecated": false, "deprecationReason": null }, { - "name": "totalCount", - "description": "", + "name": "inputFields", + "description": null, "args": [], "type": { - "kind": "NON_NULL", + "kind": "LIST", "name": null, - "ofType": { "kind": "SCALAR", "name": "Float", "ofType": null } + "ofType": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "OBJECT", "name": "__InputValue", "ofType": null } + } }, "isDeprecated": false, "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "MatrixOverTimeHistogramData", - "description": "", - "fields": [ - { - "name": "x", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "y", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null }, { - "name": "g", - "description": "", + "name": "ofType", + "description": null, "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "type": { "kind": "OBJECT", "name": "__Type", "ofType": null }, "isDeprecated": false, "deprecationReason": null } @@ -6964,83 +4391,57 @@ }, { "kind": "ENUM", - "name": "FlowTargetSourceDest", - "description": "", + "name": "__TypeKind", + "description": "An enum describing what kind of type a given `__Type` is.", "fields": null, "inputFields": null, "interfaces": null, "enumValues": [ { - "name": "destination", - "description": "", + "name": "SCALAR", + "description": "Indicates this type is a scalar.", "isDeprecated": false, "deprecationReason": null }, - { "name": "source", "description": "", "isDeprecated": false, "deprecationReason": null } - ], - "possibleTypes": null - }, - { - "kind": "INPUT_OBJECT", - "name": "NetworkTopTablesSortField", - "description": "", - "fields": null, - "inputFields": [ { - "name": "field", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "ENUM", "name": "NetworkTopTablesFields", "ofType": null } - }, - "defaultValue": null + "name": "OBJECT", + "description": "Indicates this type is an object. `fields` and `interfaces` are valid fields.", + "isDeprecated": false, + "deprecationReason": null }, { - "name": "direction", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "ENUM", "name": "Direction", "ofType": null } - }, - "defaultValue": null - } - ], - "interfaces": null, - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "ENUM", - "name": "NetworkTopTablesFields", - "description": "", - "fields": null, - "inputFields": null, - "interfaces": null, - "enumValues": [ + "name": "INTERFACE", + "description": "Indicates this type is an interface. `fields` and `possibleTypes` are valid fields.", + "isDeprecated": false, + "deprecationReason": null + }, { - "name": "bytes_in", - "description": "", + "name": "UNION", + "description": "Indicates this type is a union. `possibleTypes` is a valid field.", "isDeprecated": false, "deprecationReason": null }, { - "name": "bytes_out", - "description": "", + "name": "ENUM", + "description": "Indicates this type is an enum. `enumValues` is a valid field.", "isDeprecated": false, "deprecationReason": null }, - { "name": "flows", "description": "", "isDeprecated": false, "deprecationReason": null }, { - "name": "destination_ips", - "description": "", + "name": "INPUT_OBJECT", + "description": "Indicates this type is an input object. `inputFields` is a valid field.", "isDeprecated": false, "deprecationReason": null }, { - "name": "source_ips", - "description": "", + "name": "LIST", + "description": "Indicates this type is a list. `ofType` is a valid field.", + "isDeprecated": false, + "deprecationReason": null + }, + { + "name": "NON_NULL", + "description": "Indicates this type is a non-null. `ofType` is a valid field.", "isDeprecated": false, "deprecationReason": null } @@ -7049,136 +4450,78 @@ }, { "kind": "OBJECT", - "name": "NetworkTopCountriesData", - "description": "", + "name": "__Field", + "description": "Object and Interface types are described by a list of Fields, each of which has a name, potentially a list of arguments, and a return type.", "fields": [ { - "name": "edges", - "description": "", + "name": "name", + "description": null, "args": [], "type": { "kind": "NON_NULL", "name": null, - "ofType": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "NetworkTopCountriesEdges", "ofType": null } - } - } + "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } }, "isDeprecated": false, "deprecationReason": null }, { - "name": "totalCount", - "description": "", + "name": "description", + "description": null, "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "Float", "ofType": null } - }, + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "pageInfo", - "description": "", + "name": "args", + "description": null, "args": [], "type": { "kind": "NON_NULL", "name": null, - "ofType": { "kind": "OBJECT", "name": "PageInfoPaginated", "ofType": null } + "ofType": { + "kind": "LIST", + "name": null, + "ofType": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "OBJECT", "name": "__InputValue", "ofType": null } + } + } }, "isDeprecated": false, "deprecationReason": null }, { - "name": "inspect", - "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "Inspect", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "NetworkTopCountriesEdges", - "description": "", - "fields": [ - { - "name": "node", - "description": "", + "name": "type", + "description": null, "args": [], "type": { "kind": "NON_NULL", "name": null, - "ofType": { "kind": "OBJECT", "name": "NetworkTopCountriesItem", "ofType": null } + "ofType": { "kind": "OBJECT", "name": "__Type", "ofType": null } }, "isDeprecated": false, "deprecationReason": null }, { - "name": "cursor", - "description": "", + "name": "isDeprecated", + "description": null, "args": [], "type": { "kind": "NON_NULL", "name": null, - "ofType": { "kind": "OBJECT", "name": "CursorType", "ofType": null } + "ofType": { "kind": "SCALAR", "name": "Boolean", "ofType": null } }, "isDeprecated": false, "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "NetworkTopCountriesItem", - "description": "", - "fields": [ - { - "name": "_id", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "source", - "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "TopCountriesItemSource", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "destination", - "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "TopCountriesItemDestination", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null }, { - "name": "network", - "description": "", + "name": "deprecationReason", + "description": null, "args": [], - "type": { "kind": "OBJECT", "name": "TopNetworkTablesEcsField", "ofType": null }, + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, "isDeprecated": false, "deprecationReason": null } @@ -7190,73 +4533,46 @@ }, { "kind": "OBJECT", - "name": "TopCountriesItemSource", - "description": "", + "name": "__InputValue", + "description": "Arguments provided to Fields or Directives and the input fields of an InputObject are represented as Input Values which describe their type and optionally a default value.", "fields": [ { - "name": "country", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "destination_ips", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "flows", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "location", - "description": "", + "name": "name", + "description": null, "args": [], - "type": { "kind": "OBJECT", "name": "GeoItem", "ofType": null }, + "type": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } + }, "isDeprecated": false, "deprecationReason": null }, { - "name": "source_ips", - "description": "", + "name": "description", + "description": null, "args": [], - "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, "isDeprecated": false, "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "GeoItem", - "description": "", - "fields": [ + }, { - "name": "geo", - "description": "", + "name": "type", + "description": null, "args": [], - "type": { "kind": "OBJECT", "name": "GeoEcsFields", "ofType": null }, + "type": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "OBJECT", "name": "__Type", "ofType": null } + }, "isDeprecated": false, "deprecationReason": null }, { - "name": "flowTarget", - "description": "", + "name": "defaultValue", + "description": "A GraphQL-formatted string representing the default value for this input value.", "args": [], - "type": { "kind": "ENUM", "name": "FlowTargetSourceDest", "ofType": null }, + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, "isDeprecated": false, "deprecationReason": null } @@ -7268,46 +4584,46 @@ }, { "kind": "OBJECT", - "name": "TopCountriesItemDestination", - "description": "", + "name": "__EnumValue", + "description": "One possible value for a given Enum. Enum values are unique values, not a placeholder for a string or numeric value. However an Enum value is returned in a JSON response as a string.", "fields": [ { - "name": "country", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "destination_ips", - "description": "", + "name": "name", + "description": null, "args": [], - "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, + "type": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } + }, "isDeprecated": false, "deprecationReason": null }, { - "name": "flows", - "description": "", + "name": "description", + "description": null, "args": [], - "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "location", - "description": "", + "name": "isDeprecated", + "description": null, "args": [], - "type": { "kind": "OBJECT", "name": "GeoItem", "ofType": null }, + "type": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "SCALAR", "name": "Boolean", "ofType": null } + }, "isDeprecated": false, "deprecationReason": null }, { - "name": "source_ips", - "description": "", + "name": "deprecationReason", + "description": null, "args": [], - "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, "isDeprecated": false, "deprecationReason": null } @@ -7319,39 +4635,32 @@ }, { "kind": "OBJECT", - "name": "TopNetworkTablesEcsField", - "description": "", + "name": "__Directive", + "description": "A Directive provides a way to describe alternate runtime execution and type validation behavior in a GraphQL document.\n\nIn some cases, you need to provide options to alter GraphQL's execution behavior in ways field arguments will not suffice, such as conditionally including or skipping a field. Directives provide this by describing additional information to the executor.", "fields": [ { - "name": "bytes_in", - "description": "", + "name": "name", + "description": null, "args": [], - "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, + "type": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } + }, "isDeprecated": false, "deprecationReason": null }, { - "name": "bytes_out", - "description": "", + "name": "description", + "description": null, "args": [], - "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, "isDeprecated": false, "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "NetworkTopNFlowData", - "description": "", - "fields": [ + }, { - "name": "edges", - "description": "", + "name": "locations", + "description": null, "args": [], "type": { "kind": "NON_NULL", @@ -7362,7 +4671,7 @@ "ofType": { "kind": "NON_NULL", "name": null, - "ofType": { "kind": "OBJECT", "name": "NetworkTopNFlowEdges", "ofType": null } + "ofType": { "kind": "ENUM", "name": "__DirectiveLocation", "ofType": null } } } }, @@ -7370,71 +4679,60 @@ "deprecationReason": null }, { - "name": "totalCount", - "description": "", + "name": "args", + "description": null, "args": [], "type": { "kind": "NON_NULL", "name": null, - "ofType": { "kind": "SCALAR", "name": "Float", "ofType": null } + "ofType": { + "kind": "LIST", + "name": null, + "ofType": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "OBJECT", "name": "__InputValue", "ofType": null } + } + } }, "isDeprecated": false, "deprecationReason": null }, { - "name": "pageInfo", - "description": "", + "name": "onOperation", + "description": null, "args": [], "type": { "kind": "NON_NULL", "name": null, - "ofType": { "kind": "OBJECT", "name": "PageInfoPaginated", "ofType": null } + "ofType": { "kind": "SCALAR", "name": "Boolean", "ofType": null } }, - "isDeprecated": false, - "deprecationReason": null + "isDeprecated": true, + "deprecationReason": "Use `locations`." }, { - "name": "inspect", - "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "Inspect", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "NetworkTopNFlowEdges", - "description": "", - "fields": [ - { - "name": "node", - "description": "", + "name": "onFragment", + "description": null, "args": [], "type": { "kind": "NON_NULL", "name": null, - "ofType": { "kind": "OBJECT", "name": "NetworkTopNFlowItem", "ofType": null } + "ofType": { "kind": "SCALAR", "name": "Boolean", "ofType": null } }, - "isDeprecated": false, - "deprecationReason": null + "isDeprecated": true, + "deprecationReason": "Use `locations`." }, { - "name": "cursor", - "description": "", + "name": "onField", + "description": null, "args": [], "type": { "kind": "NON_NULL", "name": null, - "ofType": { "kind": "OBJECT", "name": "CursorType", "ofType": null } + "ofType": { "kind": "SCALAR", "name": "Boolean", "ofType": null } }, - "isDeprecated": false, - "deprecationReason": null + "isDeprecated": true, + "deprecationReason": "Use `locations`." } ], "inputFields": null, @@ -7443,496 +4741,288 @@ "possibleTypes": null }, { - "kind": "OBJECT", - "name": "NetworkTopNFlowItem", - "description": "", - "fields": [ + "kind": "ENUM", + "name": "__DirectiveLocation", + "description": "A Directive can be adjacent to many parts of the GraphQL language, a __DirectiveLocation describes one such possible adjacencies.", + "fields": null, + "inputFields": null, + "interfaces": null, + "enumValues": [ { - "name": "_id", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "name": "QUERY", + "description": "Location adjacent to a query operation.", "isDeprecated": false, "deprecationReason": null }, { - "name": "source", - "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "TopNFlowItemSource", "ofType": null }, + "name": "MUTATION", + "description": "Location adjacent to a mutation operation.", "isDeprecated": false, "deprecationReason": null }, { - "name": "destination", - "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "TopNFlowItemDestination", "ofType": null }, + "name": "SUBSCRIPTION", + "description": "Location adjacent to a subscription operation.", "isDeprecated": false, "deprecationReason": null }, { - "name": "network", - "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "TopNetworkTablesEcsField", "ofType": null }, + "name": "FIELD", + "description": "Location adjacent to a field.", "isDeprecated": false, "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "TopNFlowItemSource", - "description": "", - "fields": [ + }, { - "name": "autonomous_system", - "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "AutonomousSystemItem", "ofType": null }, + "name": "FRAGMENT_DEFINITION", + "description": "Location adjacent to a fragment definition.", "isDeprecated": false, "deprecationReason": null }, { - "name": "domain", - "description": "", - "args": [], - "type": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } - } - }, + "name": "FRAGMENT_SPREAD", + "description": "Location adjacent to a fragment spread.", "isDeprecated": false, "deprecationReason": null }, { - "name": "ip", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "name": "INLINE_FRAGMENT", + "description": "Location adjacent to an inline fragment.", "isDeprecated": false, "deprecationReason": null }, { - "name": "location", - "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "GeoItem", "ofType": null }, + "name": "SCHEMA", + "description": "Location adjacent to a schema definition.", "isDeprecated": false, "deprecationReason": null }, { - "name": "flows", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, + "name": "SCALAR", + "description": "Location adjacent to a scalar definition.", "isDeprecated": false, "deprecationReason": null }, { - "name": "destination_ips", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, + "name": "OBJECT", + "description": "Location adjacent to an object type definition.", "isDeprecated": false, - "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "AutonomousSystemItem", - "description": "", - "fields": [ + "deprecationReason": null + }, { - "name": "name", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "name": "FIELD_DEFINITION", + "description": "Location adjacent to a field definition.", "isDeprecated": false, "deprecationReason": null }, { - "name": "number", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, + "name": "ARGUMENT_DEFINITION", + "description": "Location adjacent to an argument definition.", "isDeprecated": false, "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "TopNFlowItemDestination", - "description": "", - "fields": [ + }, { - "name": "autonomous_system", - "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "AutonomousSystemItem", "ofType": null }, + "name": "INTERFACE", + "description": "Location adjacent to an interface definition.", "isDeprecated": false, "deprecationReason": null }, { - "name": "domain", - "description": "", - "args": [], - "type": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } - } - }, + "name": "UNION", + "description": "Location adjacent to a union definition.", "isDeprecated": false, "deprecationReason": null }, { - "name": "ip", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "name": "ENUM", + "description": "Location adjacent to an enum definition.", "isDeprecated": false, "deprecationReason": null }, { - "name": "location", - "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "GeoItem", "ofType": null }, + "name": "ENUM_VALUE", + "description": "Location adjacent to an enum value definition.", "isDeprecated": false, "deprecationReason": null }, { - "name": "flows", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, + "name": "INPUT_OBJECT", + "description": "Location adjacent to an input object type definition.", "isDeprecated": false, "deprecationReason": null }, { - "name": "source_ips", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, + "name": "INPUT_FIELD_DEFINITION", + "description": "Location adjacent to an input object field definition.", "isDeprecated": false, "deprecationReason": null } ], - "inputFields": null, - "interfaces": [], - "enumValues": null, "possibleTypes": null }, { - "kind": "INPUT_OBJECT", - "name": "NetworkDnsSortField", + "kind": "SCALAR", + "name": "ToStringArrayNoNullable", "description": "", "fields": null, - "inputFields": [ - { - "name": "field", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "ENUM", "name": "NetworkDnsFields", "ofType": null } - }, - "defaultValue": null - }, - { - "name": "direction", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "ENUM", "name": "Direction", "ofType": null } - }, - "defaultValue": null - } - ], + "inputFields": null, "interfaces": null, "enumValues": null, "possibleTypes": null }, { - "kind": "ENUM", - "name": "NetworkDnsFields", + "kind": "OBJECT", + "name": "EventEcsFields", "description": "", - "fields": null, - "inputFields": null, - "interfaces": null, - "enumValues": [ - { - "name": "dnsName", - "description": "", - "isDeprecated": false, - "deprecationReason": null - }, + "fields": [ { - "name": "queryCount", + "name": "action", "description": "", + "args": [], + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "uniqueDomains", + "name": "category", "description": "", + "args": [], + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "dnsBytesIn", + "name": "code", "description": "", + "args": [], + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "dnsBytesOut", - "description": "", - "isDeprecated": false, - "deprecationReason": null - } - ], - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "NetworkDnsData", - "description": "", - "fields": [ - { - "name": "edges", + "name": "created", "description": "", "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "NetworkDnsEdges", "ofType": null } - } - } - }, + "type": { "kind": "SCALAR", "name": "ToDateArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "totalCount", + "name": "dataset", "description": "", "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "Float", "ofType": null } - }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "pageInfo", + "name": "duration", "description": "", "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "PageInfoPaginated", "ofType": null } - }, + "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "inspect", + "name": "end", "description": "", "args": [], - "type": { "kind": "OBJECT", "name": "Inspect", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToDateArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "histogram", + "name": "hash", "description": "", "args": [], - "type": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { - "kind": "OBJECT", - "name": "MatrixOverOrdinalHistogramData", - "ofType": null - } - } - }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "NetworkDnsEdges", - "description": "", - "fields": [ + }, { - "name": "node", + "name": "id", "description": "", "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "NetworkDnsItem", "ofType": null } - }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "cursor", + "name": "kind", "description": "", "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "CursorType", "ofType": null } - }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "NetworkDnsItem", - "description": "", - "fields": [ + }, { - "name": "_id", + "name": "module", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "dnsBytesIn", + "name": "original", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "dnsBytesOut", + "name": "outcome", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "dnsName", + "name": "risk_score", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "queryCount", + "name": "risk_score_norm", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "uniqueDomains", + "name": "severity", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "MatrixOverOrdinalHistogramData", - "description": "", - "fields": [ + }, { - "name": "x", + "name": "start", "description": "", "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } - }, + "type": { "kind": "SCALAR", "name": "ToDateArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "y", + "name": "timezone", "description": "", "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "Float", "ofType": null } - }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "g", + "name": "type", "description": "", "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } - }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null } @@ -7942,52 +5032,44 @@ "enumValues": null, "possibleTypes": null }, + { + "kind": "SCALAR", + "name": "ToDateArray", + "description": "", + "fields": null, + "inputFields": null, + "interfaces": null, + "enumValues": null, + "possibleTypes": null + }, + { + "kind": "SCALAR", + "name": "ToNumberArray", + "description": "", + "fields": null, + "inputFields": null, + "interfaces": null, + "enumValues": null, + "possibleTypes": null + }, { "kind": "OBJECT", - "name": "NetworkDsOverTimeData", + "name": "Location", "description": "", "fields": [ { - "name": "inspect", - "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "Inspect", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "matrixHistogramData", + "name": "lon", "description": "", "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { - "kind": "OBJECT", - "name": "MatrixOverTimeHistogramData", - "ofType": null - } - } - } - }, + "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "totalCount", + "name": "lat", "description": "", "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "Float", "ofType": null } - }, + "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null } @@ -7997,116 +5079,64 @@ "enumValues": null, "possibleTypes": null }, - { - "kind": "INPUT_OBJECT", - "name": "NetworkHttpSortField", - "description": "", - "fields": null, - "inputFields": [ - { - "name": "direction", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "ENUM", "name": "Direction", "ofType": null } - }, - "defaultValue": null - } - ], - "interfaces": null, - "enumValues": null, - "possibleTypes": null - }, { "kind": "OBJECT", - "name": "NetworkHttpData", + "name": "GeoEcsFields", "description": "", "fields": [ { - "name": "edges", + "name": "city_name", "description": "", "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "NetworkHttpEdges", "ofType": null } - } - } - }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "totalCount", + "name": "continent_name", "description": "", "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "Float", "ofType": null } - }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "pageInfo", + "name": "country_iso_code", "description": "", "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "PageInfoPaginated", "ofType": null } - }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "inspect", + "name": "country_name", "description": "", "args": [], - "type": { "kind": "OBJECT", "name": "Inspect", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "NetworkHttpEdges", - "description": "", - "fields": [ + }, { - "name": "node", + "name": "location", "description": "", "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "NetworkHttpItem", "ofType": null } - }, + "type": { "kind": "OBJECT", "name": "Location", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "cursor", + "name": "region_iso_code", "description": "", "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "CursorType", "ofType": null } - }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null + }, + { + "name": "region_name", + "description": "", + "args": [], + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null } @@ -8118,106 +5148,81 @@ }, { "kind": "OBJECT", - "name": "NetworkHttpItem", + "name": "PrimarySecondary", "description": "", "fields": [ { - "name": "_id", + "name": "primary", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "domains", + "name": "secondary", "description": "", "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } - } - } - }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "lastHost", + "name": "type", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null - }, + } + ], + "inputFields": null, + "interfaces": [], + "enumValues": null, + "possibleTypes": null + }, + { + "kind": "OBJECT", + "name": "Summary", + "description": "", + "fields": [ { - "name": "lastSourceIp", + "name": "actor", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "type": { "kind": "OBJECT", "name": "PrimarySecondary", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "methods", + "name": "object", "description": "", "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } - } - } - }, + "type": { "kind": "OBJECT", "name": "PrimarySecondary", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "path", + "name": "how", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "requestCount", + "name": "message_type", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "statuses", + "name": "sequence", "description": "", "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } - } - } - }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null } @@ -8229,18 +5234,14 @@ }, { "kind": "OBJECT", - "name": "SayMyName", + "name": "AgentEcsField", "description": "", "fields": [ { - "name": "appName", - "description": "The id of the source", + "name": "type", + "description": "", "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } - }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null } @@ -8251,335 +5252,294 @@ "possibleTypes": null }, { - "kind": "OBJECT", - "name": "TimelineResult", - "description": "", - "fields": [ - { - "name": "columns", - "description": "", - "args": [], - "type": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "ColumnHeaderResult", "ofType": null } - } - }, + "kind": "OBJECT", + "name": "AuditdData", + "description": "", + "fields": [ + { + "name": "acct", + "description": "", + "args": [], + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "created", + "name": "terminal", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "createdBy", + "name": "op", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null - }, + } + ], + "inputFields": null, + "interfaces": [], + "enumValues": null, + "possibleTypes": null + }, + { + "kind": "OBJECT", + "name": "AuditdEcsFields", + "description": "", + "fields": [ { - "name": "dataProviders", + "name": "result", "description": "", "args": [], - "type": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "DataProviderResult", "ofType": null } - } - }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "dateRange", + "name": "session", "description": "", "args": [], - "type": { "kind": "OBJECT", "name": "DateRangePickerResult", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "description", + "name": "data", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "type": { "kind": "OBJECT", "name": "AuditdData", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "eventIdToNoteIds", + "name": "summary", "description": "", "args": [], - "type": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "NoteResult", "ofType": null } - } - }, + "type": { "kind": "OBJECT", "name": "Summary", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "eventType", + "name": "sequence", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null - }, + } + ], + "inputFields": null, + "interfaces": [], + "enumValues": null, + "possibleTypes": null + }, + { + "kind": "OBJECT", + "name": "Thread", + "description": "", + "fields": [ { - "name": "excludedRowRendererIds", + "name": "id", "description": "", "args": [], - "type": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "ENUM", "name": "RowRendererId", "ofType": null } - } - }, + "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "favorite", + "name": "start", "description": "", "args": [], - "type": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "FavoriteTimelineResult", "ofType": null } - } - }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null - }, + } + ], + "inputFields": null, + "interfaces": [], + "enumValues": null, + "possibleTypes": null + }, + { + "kind": "OBJECT", + "name": "ProcessHashData", + "description": "", + "fields": [ { - "name": "filters", + "name": "md5", "description": "", "args": [], - "type": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "FilterTimelineResult", "ofType": null } - } - }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "kqlMode", + "name": "sha1", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "kqlQuery", + "name": "sha256", "description": "", "args": [], - "type": { "kind": "OBJECT", "name": "SerializedFilterQueryResult", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null - }, + } + ], + "inputFields": null, + "interfaces": [], + "enumValues": null, + "possibleTypes": null + }, + { + "kind": "OBJECT", + "name": "ProcessEcsFields", + "description": "", + "fields": [ { - "name": "indexNames", + "name": "hash", "description": "", "args": [], - "type": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } - } - }, + "type": { "kind": "OBJECT", "name": "ProcessHashData", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "notes", + "name": "pid", "description": "", "args": [], - "type": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "NoteResult", "ofType": null } - } - }, + "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "noteIds", + "name": "name", "description": "", "args": [], - "type": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } - } - }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "pinnedEventIds", + "name": "ppid", "description": "", "args": [], - "type": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } - } - }, + "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "pinnedEventsSaveObject", + "name": "args", "description": "", "args": [], - "type": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "PinnedEvent", "ofType": null } - } - }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "savedQueryId", + "name": "entity_id", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "savedObjectId", + "name": "executable", "description": "", "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } - }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "sort", + "name": "title", "description": "", "args": [], - "type": { "kind": "OBJECT", "name": "SortTimelineResult", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "status", + "name": "thread", "description": "", "args": [], - "type": { "kind": "ENUM", "name": "TimelineStatus", "ofType": null }, + "type": { "kind": "OBJECT", "name": "Thread", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "title", + "name": "working_directory", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null - }, + } + ], + "inputFields": null, + "interfaces": [], + "enumValues": null, + "possibleTypes": null + }, + { + "kind": "OBJECT", + "name": "SourceEcsFields", + "description": "", + "fields": [ { - "name": "templateTimelineId", + "name": "bytes", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "templateTimelineVersion", + "name": "ip", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "Int", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "timelineType", + "name": "port", "description": "", "args": [], - "type": { "kind": "ENUM", "name": "TimelineType", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "updated", + "name": "domain", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "updatedBy", + "name": "geo", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "type": { "kind": "OBJECT", "name": "GeoEcsFields", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "version", + "name": "packets", "description": "", "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } - }, + "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null } @@ -8591,102 +5551,116 @@ }, { "kind": "OBJECT", - "name": "ColumnHeaderResult", + "name": "DestinationEcsFields", "description": "", "fields": [ { - "name": "aggregatable", + "name": "bytes", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "Boolean", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "category", + "name": "ip", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "columnHeaderType", + "name": "port", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "description", + "name": "domain", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "example", + "name": "geo", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "type": { "kind": "OBJECT", "name": "GeoEcsFields", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "indexes", + "name": "packets", "description": "", "args": [], - "type": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } - } - }, + "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null - }, + } + ], + "inputFields": null, + "interfaces": [], + "enumValues": null, + "possibleTypes": null + }, + { + "kind": "OBJECT", + "name": "DnsQuestionData", + "description": "", + "fields": [ { - "name": "id", + "name": "name", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "name", + "name": "type", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null - }, + } + ], + "inputFields": null, + "interfaces": [], + "enumValues": null, + "possibleTypes": null + }, + { + "kind": "OBJECT", + "name": "DnsEcsFields", + "description": "", + "fields": [ { - "name": "placeholder", + "name": "question", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "type": { "kind": "OBJECT", "name": "DnsQuestionData", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "searchable", + "name": "resolved_ip", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "Boolean", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "type", + "name": "response_code", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null } @@ -8698,129 +5672,110 @@ }, { "kind": "OBJECT", - "name": "DataProviderResult", + "name": "EndgameEcsFields", "description": "", "fields": [ { - "name": "id", + "name": "exit_code", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "name", + "name": "file_name", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "enabled", + "name": "file_path", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "Boolean", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "excluded", + "name": "logon_type", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "Boolean", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "kqlQuery", + "name": "parent_process_name", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "queryMatch", + "name": "pid", "description": "", "args": [], - "type": { "kind": "OBJECT", "name": "QueryMatchResult", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "type", + "name": "process_name", "description": "", "args": [], - "type": { "kind": "ENUM", "name": "DataProviderType", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "and", + "name": "subject_domain_name", "description": "", "args": [], - "type": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "DataProviderResult", "ofType": null } - } - }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "QueryMatchResult", - "description": "", - "fields": [ + }, { - "name": "field", + "name": "subject_logon_id", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "displayField", + "name": "subject_user_name", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "value", + "name": "target_domain_name", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "displayValue", + "name": "target_logon_id", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "operator", + "name": "target_user_name", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null } @@ -8830,151 +5785,97 @@ "enumValues": null, "possibleTypes": null }, - { - "kind": "ENUM", - "name": "DataProviderType", - "description": "", - "fields": null, - "inputFields": null, - "interfaces": null, - "enumValues": [ - { - "name": "default", - "description": "", - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "template", - "description": "", - "isDeprecated": false, - "deprecationReason": null - } - ], - "possibleTypes": null - }, { "kind": "OBJECT", - "name": "DateRangePickerResult", + "name": "SuricataAlertData", "description": "", "fields": [ { - "name": "start", + "name": "signature", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToAny", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "end", + "name": "signature_id", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToAny", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null } ], "inputFields": null, "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "ENUM", - "name": "RowRendererId", - "description": "", - "fields": null, - "inputFields": null, - "interfaces": null, - "enumValues": [ - { "name": "auditd", "description": "", "isDeprecated": false, "deprecationReason": null }, - { - "name": "auditd_file", - "description": "", - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "netflow", - "description": "", - "isDeprecated": false, - "deprecationReason": null - }, - { "name": "plain", "description": "", "isDeprecated": false, "deprecationReason": null }, - { - "name": "suricata", - "description": "", - "isDeprecated": false, - "deprecationReason": null - }, - { "name": "system", "description": "", "isDeprecated": false, "deprecationReason": null }, - { - "name": "system_dns", - "description": "", - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "system_endgame_process", - "description": "", - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "system_file", - "description": "", - "isDeprecated": false, - "deprecationReason": null - }, + "enumValues": null, + "possibleTypes": null + }, + { + "kind": "OBJECT", + "name": "SuricataEveData", + "description": "", + "fields": [ { - "name": "system_fim", + "name": "alert", "description": "", + "args": [], + "type": { "kind": "OBJECT", "name": "SuricataAlertData", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "system_security_event", + "name": "flow_id", "description": "", + "args": [], + "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "system_socket", + "name": "proto", "description": "", + "args": [], + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null - }, - { "name": "zeek", "description": "", "isDeprecated": false, "deprecationReason": null } + } ], + "inputFields": null, + "interfaces": [], + "enumValues": null, "possibleTypes": null }, { "kind": "OBJECT", - "name": "FavoriteTimelineResult", + "name": "SuricataEcsFields", "description": "", "fields": [ { - "name": "fullName", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "userName", + "name": "eve", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "type": { "kind": "OBJECT", "name": "SuricataEveData", "ofType": null }, "isDeprecated": false, "deprecationReason": null - }, + } + ], + "inputFields": null, + "interfaces": [], + "enumValues": null, + "possibleTypes": null + }, + { + "kind": "OBJECT", + "name": "TlsJa3Data", + "description": "", + "fields": [ { - "name": "favoriteDate", + "name": "hash", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null } @@ -8986,62 +5887,106 @@ }, { "kind": "OBJECT", - "name": "FilterTimelineResult", + "name": "FingerprintData", "description": "", "fields": [ { - "name": "exists", + "name": "sha1", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null - }, + } + ], + "inputFields": null, + "interfaces": [], + "enumValues": null, + "possibleTypes": null + }, + { + "kind": "OBJECT", + "name": "TlsClientCertificateData", + "description": "", + "fields": [ { - "name": "meta", + "name": "fingerprint", "description": "", "args": [], - "type": { "kind": "OBJECT", "name": "FilterMetaTimelineResult", "ofType": null }, + "type": { "kind": "OBJECT", "name": "FingerprintData", "ofType": null }, "isDeprecated": false, "deprecationReason": null - }, + } + ], + "inputFields": null, + "interfaces": [], + "enumValues": null, + "possibleTypes": null + }, + { + "kind": "OBJECT", + "name": "TlsServerCertificateData", + "description": "", + "fields": [ { - "name": "match_all", + "name": "fingerprint", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "type": { "kind": "OBJECT", "name": "FingerprintData", "ofType": null }, "isDeprecated": false, "deprecationReason": null - }, + } + ], + "inputFields": null, + "interfaces": [], + "enumValues": null, + "possibleTypes": null + }, + { + "kind": "OBJECT", + "name": "TlsFingerprintsData", + "description": "", + "fields": [ { - "name": "missing", + "name": "ja3", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "type": { "kind": "OBJECT", "name": "TlsJa3Data", "ofType": null }, "isDeprecated": false, "deprecationReason": null - }, + } + ], + "inputFields": null, + "interfaces": [], + "enumValues": null, + "possibleTypes": null + }, + { + "kind": "OBJECT", + "name": "TlsEcsFields", + "description": "", + "fields": [ { - "name": "query", + "name": "client_certificate", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "type": { "kind": "OBJECT", "name": "TlsClientCertificateData", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "range", + "name": "fingerprints", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "type": { "kind": "OBJECT", "name": "TlsFingerprintsData", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "script", + "name": "server_certificate", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "type": { "kind": "OBJECT", "name": "TlsServerCertificateData", "ofType": null }, "isDeprecated": false, "deprecationReason": null } @@ -9053,94 +5998,123 @@ }, { "kind": "OBJECT", - "name": "FilterMetaTimelineResult", + "name": "ZeekConnectionData", "description": "", "fields": [ { - "name": "alias", + "name": "local_resp", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToBooleanArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "controlledBy", + "name": "local_orig", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToBooleanArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "disabled", + "name": "missed_bytes", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "Boolean", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "field", + "name": "state", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "formattedValue", + "name": "history", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null + } + ], + "inputFields": null, + "interfaces": [], + "enumValues": null, + "possibleTypes": null + }, + { + "kind": "SCALAR", + "name": "ToBooleanArray", + "description": "", + "fields": null, + "inputFields": null, + "interfaces": null, + "enumValues": null, + "possibleTypes": null + }, + { + "kind": "OBJECT", + "name": "ZeekNoticeData", + "description": "", + "fields": [ + { + "name": "suppress_for", + "description": "", + "args": [], + "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "index", + "name": "msg", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "key", + "name": "note", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "negate", + "name": "sub", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "Boolean", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "params", + "name": "dst", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "type", + "name": "dropped", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToBooleanArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "value", + "name": "peer_descr", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null } @@ -9152,577 +6126,303 @@ }, { "kind": "OBJECT", - "name": "SerializedFilterQueryResult", + "name": "ZeekDnsData", "description": "", "fields": [ { - "name": "filterQuery", + "name": "AA", "description": "", "args": [], - "type": { "kind": "OBJECT", "name": "SerializedKueryQueryResult", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToBooleanArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "SerializedKueryQueryResult", - "description": "", - "fields": [ + }, { - "name": "kuery", + "name": "qclass_name", "description": "", "args": [], - "type": { "kind": "OBJECT", "name": "KueryFilterQueryResult", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "serializedQuery", + "name": "RD", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToBooleanArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "KueryFilterQueryResult", - "description": "", - "fields": [ + }, { - "name": "kind", + "name": "qtype_name", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "expression", + "name": "rejected", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToBooleanArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "SortTimelineResult", - "description": "", - "fields": [ + }, { - "name": "columnId", + "name": "qtype", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "sortDirection", + "name": "query", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "ENUM", - "name": "TimelineStatus", - "description": "", - "fields": null, - "inputFields": null, - "interfaces": null, - "enumValues": [ - { "name": "active", "description": "", "isDeprecated": false, "deprecationReason": null }, - { "name": "draft", "description": "", "isDeprecated": false, "deprecationReason": null }, + }, { - "name": "immutable", + "name": "trans_id", "description": "", + "args": [], + "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null - } - ], - "possibleTypes": null - }, - { - "kind": "SCALAR", - "name": "Int", - "description": "The `Int` scalar type represents non-fractional signed whole numeric values. Int can represent values between -(2^31) and 2^31 - 1. ", - "fields": null, - "inputFields": null, - "interfaces": null, - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "ENUM", - "name": "TimelineType", - "description": "", - "fields": null, - "inputFields": null, - "interfaces": null, - "enumValues": [ + }, { - "name": "default", + "name": "qclass", "description": "", + "args": [], + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "template", + "name": "RA", "description": "", + "args": [], + "type": { "kind": "SCALAR", "name": "ToBooleanArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null - } - ], - "possibleTypes": null - }, - { - "kind": "INPUT_OBJECT", - "name": "PageInfoTimeline", - "description": "", - "fields": null, - "inputFields": [ - { - "name": "pageIndex", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "Float", "ofType": null } - }, - "defaultValue": null }, { - "name": "pageSize", + "name": "TC", "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "Float", "ofType": null } - }, - "defaultValue": null + "args": [], + "type": { "kind": "SCALAR", "name": "ToBooleanArray", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null } ], - "interfaces": null, + "inputFields": null, + "interfaces": [], "enumValues": null, "possibleTypes": null }, { - "kind": "INPUT_OBJECT", - "name": "SortTimeline", + "kind": "OBJECT", + "name": "FileFields", "description": "", - "fields": null, - "inputFields": [ + "fields": [ { - "name": "sortField", + "name": "name", "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "ENUM", "name": "SortFieldTimeline", "ofType": null } - }, - "defaultValue": null + "args": [], + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null }, { - "name": "sortOrder", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "ENUM", "name": "Direction", "ofType": null } - }, - "defaultValue": null - } - ], - "interfaces": null, - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "ENUM", - "name": "SortFieldTimeline", - "description": "", - "fields": null, - "inputFields": null, - "interfaces": null, - "enumValues": [ - { "name": "title", "description": "", "isDeprecated": false, "deprecationReason": null }, - { - "name": "description", + "name": "path", "description": "", + "args": [], + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "updated", + "name": "target_path", "description": "", + "args": [], + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, - { "name": "created", "description": "", "isDeprecated": false, "deprecationReason": null } - ], - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "ResponseTimelines", - "description": "", - "fields": [ { - "name": "timeline", + "name": "extension", "description": "", "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { - "kind": "LIST", - "name": null, - "ofType": { "kind": "OBJECT", "name": "TimelineResult", "ofType": null } - } - }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "totalCount", + "name": "type", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "defaultTimelineCount", + "name": "device", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "templateTimelineCount", + "name": "inode", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "elasticTemplateTimelineCount", + "name": "uid", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "customTemplateTimelineCount", + "name": "owner", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "favoriteCount", + "name": "gid", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "Mutation", - "description": "", - "fields": [ + }, { - "name": "persistNote", - "description": "Persists a note", - "args": [ - { - "name": "noteId", - "description": "", - "type": { "kind": "SCALAR", "name": "ID", "ofType": null }, - "defaultValue": null - }, - { - "name": "version", - "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null - }, - { - "name": "note", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "INPUT_OBJECT", "name": "NoteInput", "ofType": null } - }, - "defaultValue": null - } - ], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "ResponseNote", "ofType": null } - }, + "name": "group", + "description": "", + "args": [], + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "deleteNote", + "name": "mode", "description": "", - "args": [ - { - "name": "id", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "ID", "ofType": null } - } - } - }, - "defaultValue": null - } - ], - "type": { "kind": "SCALAR", "name": "Boolean", "ofType": null }, + "args": [], + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "deleteNoteByTimelineId", + "name": "size", "description": "", - "args": [ - { - "name": "timelineId", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "ID", "ofType": null } - }, - "defaultValue": null - }, - { - "name": "version", - "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null - } - ], - "type": { "kind": "SCALAR", "name": "Boolean", "ofType": null }, + "args": [], + "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "persistPinnedEventOnTimeline", - "description": "Persists a pinned event in a timeline", - "args": [ - { - "name": "pinnedEventId", - "description": "", - "type": { "kind": "SCALAR", "name": "ID", "ofType": null }, - "defaultValue": null - }, - { - "name": "eventId", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "ID", "ofType": null } - }, - "defaultValue": null - }, - { - "name": "timelineId", - "description": "", - "type": { "kind": "SCALAR", "name": "ID", "ofType": null }, - "defaultValue": null - } - ], - "type": { "kind": "OBJECT", "name": "PinnedEvent", "ofType": null }, + "name": "mtime", + "description": "", + "args": [], + "type": { "kind": "SCALAR", "name": "ToDateArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "deletePinnedEventOnTimeline", - "description": "Remove a pinned events in a timeline", - "args": [ - { - "name": "id", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "ID", "ofType": null } - } - } - }, - "defaultValue": null - } - ], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "Boolean", "ofType": null } - }, + "name": "ctime", + "description": "", + "args": [], + "type": { "kind": "SCALAR", "name": "ToDateArray", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null + } + ], + "inputFields": null, + "interfaces": [], + "enumValues": null, + "possibleTypes": null + }, + { + "kind": "OBJECT", + "name": "ZeekHttpData", + "description": "", + "fields": [ + { + "name": "resp_mime_types", + "description": "", + "args": [], + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "deleteAllPinnedEventsOnTimeline", - "description": "Remove all pinned events in a timeline", - "args": [ - { - "name": "timelineId", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "ID", "ofType": null } - }, - "defaultValue": null - } - ], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "Boolean", "ofType": null } - }, + "name": "trans_depth", + "description": "", + "args": [], + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "persistTimeline", - "description": "Persists a timeline", - "args": [ - { - "name": "id", - "description": "", - "type": { "kind": "SCALAR", "name": "ID", "ofType": null }, - "defaultValue": null - }, - { - "name": "version", - "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null - }, - { - "name": "timeline", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "INPUT_OBJECT", "name": "TimelineInput", "ofType": null } - }, - "defaultValue": null - } - ], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "ResponseTimeline", "ofType": null } - }, + "name": "status_msg", + "description": "", + "args": [], + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "persistFavorite", + "name": "resp_fuids", "description": "", - "args": [ - { - "name": "timelineId", - "description": "", - "type": { "kind": "SCALAR", "name": "ID", "ofType": null }, - "defaultValue": null - } - ], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "ResponseFavoriteTimeline", "ofType": null } - }, + "args": [], + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "deleteTimeline", + "name": "tags", "description": "", - "args": [ - { - "name": "id", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "ID", "ofType": null } - } - } - }, - "defaultValue": null - } - ], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "Boolean", "ofType": null } - }, + "args": [], + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null + } + ], + "inputFields": null, + "interfaces": [], + "enumValues": null, + "possibleTypes": null + }, + { + "kind": "OBJECT", + "name": "HttpBodyData", + "description": "", + "fields": [ + { + "name": "content", + "description": "", + "args": [], + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null + }, + { + "name": "bytes", + "description": "", + "args": [], + "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null } @@ -9733,64 +6433,74 @@ "possibleTypes": null }, { - "kind": "INPUT_OBJECT", - "name": "NoteInput", + "kind": "OBJECT", + "name": "HttpRequestData", "description": "", - "fields": null, - "inputFields": [ + "fields": [ { - "name": "eventId", + "name": "method", "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null + "args": [], + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null }, { - "name": "note", + "name": "body", "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null + "args": [], + "type": { "kind": "OBJECT", "name": "HttpBodyData", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null }, { - "name": "timelineId", + "name": "referrer", "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null + "args": [], + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null + }, + { + "name": "bytes", + "description": "", + "args": [], + "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null } ], - "interfaces": null, + "inputFields": null, + "interfaces": [], "enumValues": null, "possibleTypes": null }, { "kind": "OBJECT", - "name": "ResponseNote", + "name": "HttpResponseData", "description": "", "fields": [ { - "name": "code", + "name": "status_code", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "message", + "name": "body", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "type": { "kind": "OBJECT", "name": "HttpBodyData", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "note", + "name": "bytes", "description": "", "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "NoteResult", "ofType": null } - }, + "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null } @@ -9801,624 +6511,608 @@ "possibleTypes": null }, { - "kind": "INPUT_OBJECT", - "name": "TimelineInput", + "kind": "OBJECT", + "name": "HttpEcsFields", "description": "", - "fields": null, - "inputFields": [ - { - "name": "columns", - "description": "", - "type": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "INPUT_OBJECT", "name": "ColumnHeaderInput", "ofType": null } - } - }, - "defaultValue": null - }, - { - "name": "dataProviders", - "description": "", - "type": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "INPUT_OBJECT", "name": "DataProviderInput", "ofType": null } - } - }, - "defaultValue": null - }, - { - "name": "description", - "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null - }, - { - "name": "eventType", - "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null - }, - { - "name": "excludedRowRendererIds", - "description": "", - "type": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "ENUM", "name": "RowRendererId", "ofType": null } - } - }, - "defaultValue": null - }, - { - "name": "filters", - "description": "", - "type": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "INPUT_OBJECT", "name": "FilterTimelineInput", "ofType": null } - } - }, - "defaultValue": null - }, - { - "name": "kqlMode", - "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null - }, - { - "name": "kqlQuery", - "description": "", - "type": { - "kind": "INPUT_OBJECT", - "name": "SerializedFilterQueryInput", - "ofType": null - }, - "defaultValue": null - }, - { - "name": "indexNames", - "description": "", - "type": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } - } - }, - "defaultValue": null - }, - { - "name": "title", - "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null - }, + "fields": [ { - "name": "templateTimelineId", + "name": "version", "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null + "args": [], + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null }, { - "name": "templateTimelineVersion", + "name": "request", "description": "", - "type": { "kind": "SCALAR", "name": "Int", "ofType": null }, - "defaultValue": null + "args": [], + "type": { "kind": "OBJECT", "name": "HttpRequestData", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null }, { - "name": "timelineType", + "name": "response", "description": "", - "type": { "kind": "ENUM", "name": "TimelineType", "ofType": null }, - "defaultValue": null - }, + "args": [], + "type": { "kind": "OBJECT", "name": "HttpResponseData", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null + } + ], + "inputFields": null, + "interfaces": [], + "enumValues": null, + "possibleTypes": null + }, + { + "kind": "OBJECT", + "name": "UrlEcsFields", + "description": "", + "fields": [ { - "name": "dateRange", + "name": "domain", "description": "", - "type": { "kind": "INPUT_OBJECT", "name": "DateRangePickerInput", "ofType": null }, - "defaultValue": null + "args": [], + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null }, { - "name": "savedQueryId", + "name": "original", "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null + "args": [], + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null }, { - "name": "sort", + "name": "username", "description": "", - "type": { "kind": "INPUT_OBJECT", "name": "SortTimelineInput", "ofType": null }, - "defaultValue": null + "args": [], + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null }, { - "name": "status", + "name": "password", "description": "", - "type": { "kind": "ENUM", "name": "TimelineStatus", "ofType": null }, - "defaultValue": null + "args": [], + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null } ], - "interfaces": null, + "inputFields": null, + "interfaces": [], "enumValues": null, "possibleTypes": null }, { - "kind": "INPUT_OBJECT", - "name": "ColumnHeaderInput", + "kind": "OBJECT", + "name": "ZeekFileData", "description": "", - "fields": null, - "inputFields": [ + "fields": [ { - "name": "aggregatable", + "name": "session_ids", "description": "", - "type": { "kind": "SCALAR", "name": "Boolean", "ofType": null }, - "defaultValue": null + "args": [], + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null }, { - "name": "category", + "name": "timedout", "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null + "args": [], + "type": { "kind": "SCALAR", "name": "ToBooleanArray", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null }, { - "name": "columnHeaderType", + "name": "local_orig", "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null + "args": [], + "type": { "kind": "SCALAR", "name": "ToBooleanArray", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null }, { - "name": "description", + "name": "tx_host", "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null + "args": [], + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null }, { - "name": "example", + "name": "source", "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null + "args": [], + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null }, { - "name": "indexes", + "name": "is_orig", "description": "", - "type": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } - } - }, - "defaultValue": null + "args": [], + "type": { "kind": "SCALAR", "name": "ToBooleanArray", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null }, { - "name": "id", + "name": "overflow_bytes", "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null + "args": [], + "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null }, { - "name": "name", + "name": "sha1", "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null + "args": [], + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null }, { - "name": "placeholder", + "name": "duration", "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null + "args": [], + "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null }, { - "name": "searchable", + "name": "depth", "description": "", - "type": { "kind": "SCALAR", "name": "Boolean", "ofType": null }, - "defaultValue": null + "args": [], + "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null }, { - "name": "type", - "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null - } - ], - "interfaces": null, - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "INPUT_OBJECT", - "name": "DataProviderInput", - "description": "", - "fields": null, - "inputFields": [ - { - "name": "id", + "name": "analyzers", "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null + "args": [], + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null }, { - "name": "name", + "name": "mime_type", "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null + "args": [], + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null }, { - "name": "enabled", + "name": "rx_host", "description": "", - "type": { "kind": "SCALAR", "name": "Boolean", "ofType": null }, - "defaultValue": null + "args": [], + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null }, { - "name": "excluded", + "name": "total_bytes", "description": "", - "type": { "kind": "SCALAR", "name": "Boolean", "ofType": null }, - "defaultValue": null + "args": [], + "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null }, { - "name": "kqlQuery", + "name": "fuid", "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null + "args": [], + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null }, { - "name": "queryMatch", + "name": "seen_bytes", "description": "", - "type": { "kind": "INPUT_OBJECT", "name": "QueryMatchInput", "ofType": null }, - "defaultValue": null + "args": [], + "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null }, { - "name": "and", + "name": "missing_bytes", "description": "", - "type": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "INPUT_OBJECT", "name": "DataProviderInput", "ofType": null } - } - }, - "defaultValue": null + "args": [], + "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null }, { - "name": "type", + "name": "md5", "description": "", - "type": { "kind": "ENUM", "name": "DataProviderType", "ofType": null }, - "defaultValue": null + "args": [], + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null } ], - "interfaces": null, + "inputFields": null, + "interfaces": [], "enumValues": null, "possibleTypes": null }, { - "kind": "INPUT_OBJECT", - "name": "QueryMatchInput", + "kind": "OBJECT", + "name": "ZeekSslData", "description": "", - "fields": null, - "inputFields": [ - { - "name": "field", - "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null - }, + "fields": [ { - "name": "displayField", + "name": "cipher", "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null + "args": [], + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null }, { - "name": "value", + "name": "established", "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null + "args": [], + "type": { "kind": "SCALAR", "name": "ToBooleanArray", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null }, { - "name": "displayValue", + "name": "resumed", "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null + "args": [], + "type": { "kind": "SCALAR", "name": "ToBooleanArray", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null }, { - "name": "operator", + "name": "version", "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null + "args": [], + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null } ], - "interfaces": null, + "inputFields": null, + "interfaces": [], "enumValues": null, "possibleTypes": null }, { - "kind": "INPUT_OBJECT", - "name": "FilterTimelineInput", + "kind": "OBJECT", + "name": "ZeekEcsFields", "description": "", - "fields": null, - "inputFields": [ + "fields": [ { - "name": "exists", + "name": "session_id", "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null + "args": [], + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null }, { - "name": "meta", + "name": "connection", "description": "", - "type": { "kind": "INPUT_OBJECT", "name": "FilterMetaTimelineInput", "ofType": null }, - "defaultValue": null + "args": [], + "type": { "kind": "OBJECT", "name": "ZeekConnectionData", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null }, { - "name": "match_all", - "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null + "name": "notice", + "description": "", + "args": [], + "type": { "kind": "OBJECT", "name": "ZeekNoticeData", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null }, { - "name": "missing", + "name": "dns", "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null + "args": [], + "type": { "kind": "OBJECT", "name": "ZeekDnsData", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null }, { - "name": "query", + "name": "http", "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null + "args": [], + "type": { "kind": "OBJECT", "name": "ZeekHttpData", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null }, { - "name": "range", + "name": "files", "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null + "args": [], + "type": { "kind": "OBJECT", "name": "ZeekFileData", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null }, { - "name": "script", + "name": "ssl", "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null + "args": [], + "type": { "kind": "OBJECT", "name": "ZeekSslData", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null } ], - "interfaces": null, + "inputFields": null, + "interfaces": [], "enumValues": null, "possibleTypes": null }, { - "kind": "INPUT_OBJECT", - "name": "FilterMetaTimelineInput", + "kind": "OBJECT", + "name": "UserEcsFields", "description": "", - "fields": null, - "inputFields": [ - { - "name": "alias", - "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null - }, - { - "name": "controlledBy", - "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null - }, - { - "name": "disabled", - "description": "", - "type": { "kind": "SCALAR", "name": "Boolean", "ofType": null }, - "defaultValue": null - }, - { - "name": "field", - "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null - }, + "fields": [ { - "name": "formattedValue", + "name": "domain", "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null + "args": [], + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null }, { - "name": "index", + "name": "id", "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null + "args": [], + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null }, { - "name": "key", + "name": "name", "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null + "args": [], + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null }, { - "name": "negate", + "name": "full_name", "description": "", - "type": { "kind": "SCALAR", "name": "Boolean", "ofType": null }, - "defaultValue": null + "args": [], + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null }, { - "name": "params", + "name": "email", "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null + "args": [], + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null }, { - "name": "type", + "name": "hash", "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null + "args": [], + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null }, { - "name": "value", + "name": "group", "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null + "args": [], + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null } ], - "interfaces": null, + "inputFields": null, + "interfaces": [], "enumValues": null, "possibleTypes": null }, { - "kind": "INPUT_OBJECT", - "name": "SerializedFilterQueryInput", + "kind": "OBJECT", + "name": "WinlogEcsFields", "description": "", - "fields": null, - "inputFields": [ + "fields": [ { - "name": "filterQuery", + "name": "event_id", "description": "", - "type": { "kind": "INPUT_OBJECT", "name": "SerializedKueryQueryInput", "ofType": null }, - "defaultValue": null + "args": [], + "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null } ], - "interfaces": null, + "inputFields": null, + "interfaces": [], "enumValues": null, "possibleTypes": null }, { - "kind": "INPUT_OBJECT", - "name": "SerializedKueryQueryInput", + "kind": "OBJECT", + "name": "NetworkEcsField", "description": "", - "fields": null, - "inputFields": [ + "fields": [ { - "name": "kuery", + "name": "bytes", "description": "", - "type": { "kind": "INPUT_OBJECT", "name": "KueryFilterQueryInput", "ofType": null }, - "defaultValue": null + "args": [], + "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null }, { - "name": "serializedQuery", + "name": "community_id", "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null - } - ], - "interfaces": null, - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "INPUT_OBJECT", - "name": "KueryFilterQueryInput", - "description": "", - "fields": null, - "inputFields": [ + "args": [], + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null + }, { - "name": "kind", + "name": "direction", "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null + "args": [], + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null }, { - "name": "expression", + "name": "packets", "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null + "args": [], + "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null + }, + { + "name": "protocol", + "description": "", + "args": [], + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null + }, + { + "name": "transport", + "description": "", + "args": [], + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null } ], - "interfaces": null, + "inputFields": null, + "interfaces": [], "enumValues": null, "possibleTypes": null }, { - "kind": "INPUT_OBJECT", - "name": "DateRangePickerInput", + "kind": "OBJECT", + "name": "PackageEcsFields", "description": "", - "fields": null, - "inputFields": [ + "fields": [ + { + "name": "arch", + "description": "", + "args": [], + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null + }, + { + "name": "entity_id", + "description": "", + "args": [], + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null + }, + { + "name": "name", + "description": "", + "args": [], + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null + }, + { + "name": "size", + "description": "", + "args": [], + "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null + }, { - "name": "start", + "name": "summary", "description": "", - "type": { "kind": "SCALAR", "name": "ToAny", "ofType": null }, - "defaultValue": null + "args": [], + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null }, { - "name": "end", + "name": "version", "description": "", - "type": { "kind": "SCALAR", "name": "ToAny", "ofType": null }, - "defaultValue": null + "args": [], + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null } ], - "interfaces": null, + "inputFields": null, + "interfaces": [], "enumValues": null, "possibleTypes": null }, { - "kind": "INPUT_OBJECT", - "name": "SortTimelineInput", + "kind": "OBJECT", + "name": "AuditEcsFields", "description": "", - "fields": null, - "inputFields": [ - { - "name": "columnId", - "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null - }, + "fields": [ { - "name": "sortDirection", + "name": "package", "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null + "args": [], + "type": { "kind": "OBJECT", "name": "PackageEcsFields", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null } ], - "interfaces": null, + "inputFields": null, + "interfaces": [], "enumValues": null, "possibleTypes": null }, { "kind": "OBJECT", - "name": "ResponseTimeline", + "name": "SshEcsFields", "description": "", "fields": [ { - "name": "code", + "name": "method", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "message", + "name": "signature", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null - }, + } + ], + "inputFields": null, + "interfaces": [], + "enumValues": null, + "possibleTypes": null + }, + { + "kind": "OBJECT", + "name": "AuthEcsFields", + "description": "", + "fields": [ { - "name": "timeline", + "name": "ssh", "description": "", "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "TimelineResult", "ofType": null } - }, + "type": { "kind": "OBJECT", "name": "SshEcsFields", "ofType": null }, "isDeprecated": false, "deprecationReason": null } @@ -10430,80 +7124,56 @@ }, { "kind": "OBJECT", - "name": "ResponseFavoriteTimeline", + "name": "SystemEcsField", "description": "", "fields": [ { - "name": "code", + "name": "audit", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, + "type": { "kind": "OBJECT", "name": "AuditEcsFields", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "message", + "name": "auth", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "type": { "kind": "OBJECT", "name": "AuthEcsFields", "ofType": null }, "isDeprecated": false, "deprecationReason": null - }, + } + ], + "inputFields": null, + "interfaces": [], + "enumValues": null, + "possibleTypes": null + }, + { + "kind": "OBJECT", + "name": "RuleField", + "description": "", + "fields": [ { - "name": "savedObjectId", + "name": "id", "description": "", "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } - }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "version", + "name": "rule_id", "description": "", "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } - }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "favorite", + "name": "false_positives", "description": "", "args": [], - "type": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "FavoriteTimelineResult", "ofType": null } - } - }, - "isDeprecated": false, - "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "__Schema", - "description": "A GraphQL Schema defines the capabilities of a GraphQL server. It exposes all available types and directives on the server, as well as the entry points for query, mutation, and subscription operations.", - "fields": [ - { - "name": "types", - "description": "A list of all types supported by this server.", - "args": [], "type": { "kind": "NON_NULL", "name": null, @@ -10513,7 +7183,7 @@ "ofType": { "kind": "NON_NULL", "name": null, - "ofType": { "kind": "OBJECT", "name": "__Type", "ofType": null } + "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } } } }, @@ -10521,384 +7191,242 @@ "deprecationReason": null }, { - "name": "queryType", - "description": "The type that query operations will be rooted at.", + "name": "saved_id", + "description": "", "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "__Type", "ofType": null } - }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "mutationType", - "description": "If this server supports mutation, the type that mutation operations will be rooted at.", + "name": "timeline_id", + "description": "", "args": [], - "type": { "kind": "OBJECT", "name": "__Type", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "subscriptionType", - "description": "If this server support subscription, the type that subscription operations will be rooted at.", + "name": "timeline_title", + "description": "", "args": [], - "type": { "kind": "OBJECT", "name": "__Type", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "directives", - "description": "A list of all directives supported by this server.", + "name": "max_signals", + "description": "", "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "__Directive", "ofType": null } - } - } - }, + "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "__Type", - "description": "The fundamental unit of any GraphQL Schema is the type. There are many kinds of types in GraphQL as represented by the `__TypeKind` enum.\n\nDepending on the kind of a type, certain fields describe information about that type. Scalar types provide no information beyond a name and description, while Enum types provide their values. Object and Interface types provide the fields they describe. Abstract types, Union and Interface, provide the Object types possible at runtime. List and NonNull types compose other types.", - "fields": [ + }, { - "name": "kind", - "description": null, + "name": "risk_score", + "description": "", "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "ENUM", "name": "__TypeKind", "ofType": null } - }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "name", - "description": null, + "name": "output_index", + "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { "name": "description", - "description": null, + "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "fields", - "description": null, - "args": [ - { - "name": "includeDeprecated", - "description": null, - "type": { "kind": "SCALAR", "name": "Boolean", "ofType": null }, - "defaultValue": "false" - } - ], - "type": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "__Field", "ofType": null } - } - }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "interfaces", - "description": null, + "name": "from", + "description": "", "args": [], - "type": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "__Type", "ofType": null } - } - }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "possibleTypes", - "description": null, + "name": "immutable", + "description": "", "args": [], - "type": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "__Type", "ofType": null } - } - }, + "type": { "kind": "SCALAR", "name": "ToBooleanArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "enumValues", - "description": null, - "args": [ - { - "name": "includeDeprecated", - "description": null, - "type": { "kind": "SCALAR", "name": "Boolean", "ofType": null }, - "defaultValue": "false" - } - ], - "type": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "__EnumValue", "ofType": null } - } - }, + "name": "index", + "description": "", + "args": [], + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "inputFields", - "description": null, + "name": "interval", + "description": "", "args": [], - "type": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "__InputValue", "ofType": null } - } - }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "ofType", - "description": null, + "name": "language", + "description": "", "args": [], - "type": { "kind": "OBJECT", "name": "__Type", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "ENUM", - "name": "__TypeKind", - "description": "An enum describing what kind of type a given `__Type` is.", - "fields": null, - "inputFields": null, - "interfaces": null, - "enumValues": [ + }, { - "name": "SCALAR", - "description": "Indicates this type is a scalar.", + "name": "query", + "description": "", + "args": [], + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "OBJECT", - "description": "Indicates this type is an object. `fields` and `interfaces` are valid fields.", + "name": "references", + "description": "", + "args": [], + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "INTERFACE", - "description": "Indicates this type is an interface. `fields` and `possibleTypes` are valid fields.", + "name": "severity", + "description": "", + "args": [], + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "UNION", - "description": "Indicates this type is a union. `possibleTypes` is a valid field.", + "name": "tags", + "description": "", + "args": [], + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "ENUM", - "description": "Indicates this type is an enum. `enumValues` is a valid field.", + "name": "threat", + "description": "", + "args": [], + "type": { "kind": "SCALAR", "name": "ToAny", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "INPUT_OBJECT", - "description": "Indicates this type is an input object. `inputFields` is a valid field.", + "name": "type", + "description": "", + "args": [], + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "LIST", - "description": "Indicates this type is a list. `ofType` is a valid field.", + "name": "size", + "description": "", + "args": [], + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "NON_NULL", - "description": "Indicates this type is a non-null. `ofType` is a valid field.", + "name": "to", + "description": "", + "args": [], + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null - } - ], - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "__Field", - "description": "Object and Interface types are described by a list of Fields, each of which has a name, potentially a list of arguments, and a return type.", - "fields": [ + }, { - "name": "name", - "description": null, + "name": "enabled", + "description": "", "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } - }, + "type": { "kind": "SCALAR", "name": "ToBooleanArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "description", - "description": null, + "name": "filters", + "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToAny", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "args", - "description": null, + "name": "created_at", + "description": "", "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "__InputValue", "ofType": null } - } - } - }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "type", - "description": null, + "name": "updated_at", + "description": "", "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "__Type", "ofType": null } - }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "isDeprecated", - "description": null, + "name": "created_by", + "description": "", "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "Boolean", "ofType": null } - }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "deprecationReason", - "description": null, + "name": "updated_by", + "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "__InputValue", - "description": "Arguments provided to Fields or Directives and the input fields of an InputObject are represented as Input Values which describe their type and optionally a default value.", - "fields": [ + }, { - "name": "name", - "description": null, + "name": "version", + "description": "", "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } - }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "description", - "description": null, + "name": "note", + "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "type", - "description": null, + "name": "threshold", + "description": "", "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "__Type", "ofType": null } - }, + "type": { "kind": "SCALAR", "name": "ToAny", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "defaultValue", - "description": "A GraphQL-formatted string representing the default value for this input value.", + "name": "exceptions_list", + "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToAny", "ofType": null }, "isDeprecated": false, "deprecationReason": null } @@ -10910,46 +7438,49 @@ }, { "kind": "OBJECT", - "name": "__EnumValue", - "description": "One possible value for a given Enum. Enum values are unique values, not a placeholder for a string or numeric value. However an Enum value is returned in a JSON response as a string.", + "name": "SignalField", + "description": "", "fields": [ { - "name": "name", - "description": null, + "name": "rule", + "description": "", "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } - }, + "type": { "kind": "OBJECT", "name": "RuleField", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "description", - "description": null, + "name": "original_time", + "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "isDeprecated", - "description": null, + "name": "status", + "description": "", "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "Boolean", "ofType": null } - }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null - }, + } + ], + "inputFields": null, + "interfaces": [], + "enumValues": null, + "possibleTypes": null + }, + { + "kind": "OBJECT", + "name": "RuleEcsField", + "description": "", + "fields": [ { - "name": "deprecationReason", - "description": null, + "name": "reference", + "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null } @@ -10961,12 +7492,12 @@ }, { "kind": "OBJECT", - "name": "__Directive", - "description": "A Directive provides a way to describe alternate runtime execution and type validation behavior in a GraphQL document.\n\nIn some cases, you need to provide options to alter GraphQL's execution behavior in ways field arguments will not suffice, such as conditionally including or skipping a field. Directives provide this by describing additional information to the executor.", + "name": "ECS", + "description": "", "fields": [ { - "name": "name", - "description": null, + "name": "_id", + "description": "", "args": [], "type": { "kind": "NON_NULL", @@ -10977,250 +7508,202 @@ "deprecationReason": null }, { - "name": "description", - "description": null, + "name": "_index", + "description": "", "args": [], "type": { "kind": "SCALAR", "name": "String", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "locations", - "description": null, + "name": "agent", + "description": "", "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "ENUM", "name": "__DirectiveLocation", "ofType": null } - } - } - }, + "type": { "kind": "OBJECT", "name": "AgentEcsField", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "args", - "description": null, + "name": "auditd", + "description": "", "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "__InputValue", "ofType": null } - } - } - }, + "type": { "kind": "OBJECT", "name": "AuditdEcsFields", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "onOperation", - "description": null, - "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "Boolean", "ofType": null } - }, - "isDeprecated": true, - "deprecationReason": "Use `locations`." - }, - { - "name": "onFragment", - "description": null, + "name": "destination", + "description": "", "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "Boolean", "ofType": null } - }, - "isDeprecated": true, - "deprecationReason": "Use `locations`." + "type": { "kind": "OBJECT", "name": "DestinationEcsFields", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null }, { - "name": "onField", - "description": null, + "name": "dns", + "description": "", "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "Boolean", "ofType": null } - }, - "isDeprecated": true, - "deprecationReason": "Use `locations`." - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "ENUM", - "name": "__DirectiveLocation", - "description": "A Directive can be adjacent to many parts of the GraphQL language, a __DirectiveLocation describes one such possible adjacencies.", - "fields": null, - "inputFields": null, - "interfaces": null, - "enumValues": [ - { - "name": "QUERY", - "description": "Location adjacent to a query operation.", + "type": { "kind": "OBJECT", "name": "DnsEcsFields", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "MUTATION", - "description": "Location adjacent to a mutation operation.", + "name": "endgame", + "description": "", + "args": [], + "type": { "kind": "OBJECT", "name": "EndgameEcsFields", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "SUBSCRIPTION", - "description": "Location adjacent to a subscription operation.", + "name": "event", + "description": "", + "args": [], + "type": { "kind": "OBJECT", "name": "EventEcsFields", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "FIELD", - "description": "Location adjacent to a field.", + "name": "geo", + "description": "", + "args": [], + "type": { "kind": "OBJECT", "name": "GeoEcsFields", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "FRAGMENT_DEFINITION", - "description": "Location adjacent to a fragment definition.", + "name": "host", + "description": "", + "args": [], + "type": { "kind": "OBJECT", "name": "HostEcsFields", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "FRAGMENT_SPREAD", - "description": "Location adjacent to a fragment spread.", + "name": "network", + "description": "", + "args": [], + "type": { "kind": "OBJECT", "name": "NetworkEcsField", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "INLINE_FRAGMENT", - "description": "Location adjacent to an inline fragment.", + "name": "rule", + "description": "", + "args": [], + "type": { "kind": "OBJECT", "name": "RuleEcsField", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "SCHEMA", - "description": "Location adjacent to a schema definition.", + "name": "signal", + "description": "", + "args": [], + "type": { "kind": "OBJECT", "name": "SignalField", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "SCALAR", - "description": "Location adjacent to a scalar definition.", + "name": "source", + "description": "", + "args": [], + "type": { "kind": "OBJECT", "name": "SourceEcsFields", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "OBJECT", - "description": "Location adjacent to an object type definition.", + "name": "suricata", + "description": "", + "args": [], + "type": { "kind": "OBJECT", "name": "SuricataEcsFields", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "FIELD_DEFINITION", - "description": "Location adjacent to a field definition.", + "name": "tls", + "description": "", + "args": [], + "type": { "kind": "OBJECT", "name": "TlsEcsFields", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "ARGUMENT_DEFINITION", - "description": "Location adjacent to an argument definition.", + "name": "zeek", + "description": "", + "args": [], + "type": { "kind": "OBJECT", "name": "ZeekEcsFields", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "INTERFACE", - "description": "Location adjacent to an interface definition.", + "name": "http", + "description": "", + "args": [], + "type": { "kind": "OBJECT", "name": "HttpEcsFields", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "UNION", - "description": "Location adjacent to a union definition.", + "name": "url", + "description": "", + "args": [], + "type": { "kind": "OBJECT", "name": "UrlEcsFields", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "ENUM", - "description": "Location adjacent to an enum definition.", + "name": "timestamp", + "description": "", + "args": [], + "type": { "kind": "SCALAR", "name": "Date", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "ENUM_VALUE", - "description": "Location adjacent to an enum value definition.", + "name": "message", + "description": "", + "args": [], + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "INPUT_OBJECT", - "description": "Location adjacent to an input object type definition.", + "name": "user", + "description": "", + "args": [], + "type": { "kind": "OBJECT", "name": "UserEcsFields", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "INPUT_FIELD_DEFINITION", - "description": "Location adjacent to an input object field definition.", - "isDeprecated": false, - "deprecationReason": null - } - ], - "possibleTypes": null - }, - { - "kind": "SCALAR", - "name": "ToStringArrayNoNullable", - "description": "", - "fields": null, - "inputFields": null, - "interfaces": null, - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "EcsEdges", - "description": "", - "fields": [ + "name": "winlog", + "description": "", + "args": [], + "type": { "kind": "OBJECT", "name": "WinlogEcsFields", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null + }, { - "name": "node", + "name": "process", "description": "", "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "ECS", "ofType": null } - }, + "type": { "kind": "OBJECT", "name": "ProcessEcsFields", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "cursor", + "name": "file", "description": "", "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "CursorType", "ofType": null } - }, + "type": { "kind": "OBJECT", "name": "FileFields", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null + }, + { + "name": "system", + "description": "", + "args": [], + "type": { "kind": "OBJECT", "name": "SystemEcsField", "ofType": null }, "isDeprecated": false, "deprecationReason": null } @@ -11232,60 +7715,32 @@ }, { "kind": "OBJECT", - "name": "EventsTimelineData", + "name": "EcsEdges", "description": "", "fields": [ { - "name": "edges", - "description": "", - "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "EcsEdges", "ofType": null } - } - } - }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "totalCount", + "name": "node", "description": "", "args": [], "type": { "kind": "NON_NULL", "name": null, - "ofType": { "kind": "SCALAR", "name": "Float", "ofType": null } + "ofType": { "kind": "OBJECT", "name": "ECS", "ofType": null } }, "isDeprecated": false, "deprecationReason": null }, { - "name": "pageInfo", + "name": "cursor", "description": "", "args": [], "type": { "kind": "NON_NULL", "name": null, - "ofType": { "kind": "OBJECT", "name": "PageInfo", "ofType": null } + "ofType": { "kind": "OBJECT", "name": "CursorType", "ofType": null } }, "isDeprecated": false, "deprecationReason": null - }, - { - "name": "inspect", - "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "Inspect", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null } ], "inputFields": null, @@ -11427,108 +7882,6 @@ "enumValues": null, "possibleTypes": null }, - { - "kind": "ENUM", - "name": "NetworkDirectionEcs", - "description": "", - "fields": null, - "inputFields": null, - "interfaces": null, - "enumValues": [ - { - "name": "inbound", - "description": "", - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "outbound", - "description": "", - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "internal", - "description": "", - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "external", - "description": "", - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "incoming", - "description": "", - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "outgoing", - "description": "", - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "listening", - "description": "", - "isDeprecated": false, - "deprecationReason": null - }, - { "name": "unknown", "description": "", "isDeprecated": false, "deprecationReason": null } - ], - "possibleTypes": null - }, - { - "kind": "ENUM", - "name": "NetworkHttpFields", - "description": "", - "fields": null, - "inputFields": null, - "interfaces": null, - "enumValues": [ - { - "name": "domains", - "description": "", - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "lastHost", - "description": "", - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "lastSourceIp", - "description": "", - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "methods", - "description": "", - "isDeprecated": false, - "deprecationReason": null - }, - { "name": "path", "description": "", "isDeprecated": false, "deprecationReason": null }, - { - "name": "requestCount", - "description": "", - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "statuses", - "description": "", - "isDeprecated": false, - "deprecationReason": null - } - ], - "possibleTypes": null - }, { "kind": "SCALAR", "name": "ToIFieldSubTypeNonNullable", @@ -11666,6 +8019,39 @@ "enumValues": null, "possibleTypes": null }, + { + "kind": "INPUT_OBJECT", + "name": "PaginationInput", + "description": "", + "fields": null, + "inputFields": [ + { + "name": "limit", + "description": "The limit parameter allows you to configure the maximum amount of items to be returned", + "type": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "SCALAR", "name": "Float", "ofType": null } + }, + "defaultValue": null + }, + { + "name": "cursor", + "description": "The cursor parameter defines the next result you want to fetch", + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "defaultValue": null + }, + { + "name": "tiebreaker", + "description": "The tiebreaker parameter allow to be more precise to fetch the next item", + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "defaultValue": null + } + ], + "interfaces": null, + "enumValues": null, + "possibleTypes": null + }, { "kind": "ENUM", "name": "FlowTarget", @@ -11686,6 +8072,24 @@ ], "possibleTypes": null }, + { + "kind": "ENUM", + "name": "FlowTargetSourceDest", + "description": "", + "fields": null, + "inputFields": null, + "interfaces": null, + "enumValues": [ + { + "name": "destination", + "description": "", + "isDeprecated": false, + "deprecationReason": null + }, + { "name": "source", "description": "", "isDeprecated": false, "deprecationReason": null } + ], + "possibleTypes": null + }, { "kind": "ENUM", "name": "FlowDirection", @@ -11709,6 +8113,64 @@ ], "possibleTypes": null }, + { + "kind": "INPUT_OBJECT", + "name": "SortField", + "description": "", + "fields": null, + "inputFields": [ + { + "name": "sortFieldId", + "description": "", + "type": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } + }, + "defaultValue": null + }, + { + "name": "direction", + "description": "", + "type": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "ENUM", "name": "Direction", "ofType": null } + }, + "defaultValue": null + } + ], + "interfaces": null, + "enumValues": null, + "possibleTypes": null + }, + { + "kind": "OBJECT", + "name": "PageInfo", + "description": "", + "fields": [ + { + "name": "endCursor", + "description": "", + "args": [], + "type": { "kind": "OBJECT", "name": "CursorType", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null + }, + { + "name": "hasNextPage", + "description": "", + "args": [], + "type": { "kind": "SCALAR", "name": "Boolean", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null + } + ], + "inputFields": null, + "interfaces": [], + "enumValues": null, + "possibleTypes": null + }, { "kind": "INPUT_OBJECT", "name": "FavoriteTimelineInput", diff --git a/x-pack/plugins/security_solution/public/graphql/types.ts b/x-pack/plugins/security_solution/public/graphql/types.ts index 1083583cb133c..df8333ea63055 100644 --- a/x-pack/plugins/security_solution/public/graphql/types.ts +++ b/x-pack/plugins/security_solution/public/graphql/types.ts @@ -40,53 +40,16 @@ export interface PaginationInputPaginated { querySize: number; } -export interface DocValueFieldsInput { - field: string; - - format: string; -} - -export interface PaginationInput { - /** The limit parameter allows you to configure the maximum amount of items to be returned */ - limit: number; - /** The cursor parameter defines the next result you want to fetch */ - cursor?: Maybe; - /** The tiebreaker parameter allow to be more precise to fetch the next item */ - tiebreaker?: Maybe; -} - -export interface SortField { - sortFieldId: string; - - direction: Direction; -} - -export interface LastTimeDetails { - hostName?: Maybe; - - ip?: Maybe; -} - export interface HostsSortField { field: HostsFields; direction: Direction; } -export interface NetworkTopTablesSortField { - field: NetworkTopTablesFields; - - direction: Direction; -} - -export interface NetworkDnsSortField { - field: NetworkDnsFields; - - direction: Direction; -} +export interface DocValueFieldsInput { + field: string; -export interface NetworkHttpSortField { - direction: Direction; + format: string; } export interface PageInfoTimeline { @@ -267,6 +230,21 @@ export interface SortTimelineInput { sortDirection?: Maybe; } +export interface PaginationInput { + /** The limit parameter allows you to configure the maximum amount of items to be returned */ + limit: number; + /** The cursor parameter defines the next result you want to fetch */ + cursor?: Maybe; + /** The tiebreaker parameter allow to be more precise to fetch the next item */ + tiebreaker?: Maybe; +} + +export interface SortField { + sortFieldId: string; + + direction: Direction; +} + export interface FavoriteTimelineInput { fullName?: Maybe; @@ -285,13 +263,6 @@ export enum Direction { desc = 'desc', } -export enum LastEventIndexKey { - hostDetails = 'hostDetails', - hosts = 'hosts', - ipDetails = 'ipDetails', - network = 'network', -} - export enum HostsFields { hostName = 'hostName', lastSeen = 'lastSeen', @@ -303,35 +274,6 @@ export enum HostPolicyResponseActionStatus { warning = 'warning', } -export enum HistogramType { - authentications = 'authentications', - anomalies = 'anomalies', - events = 'events', - alerts = 'alerts', - dns = 'dns', -} - -export enum FlowTargetSourceDest { - destination = 'destination', - source = 'source', -} - -export enum NetworkTopTablesFields { - bytes_in = 'bytes_in', - bytes_out = 'bytes_out', - flows = 'flows', - destination_ips = 'destination_ips', - source_ips = 'source_ips', -} - -export enum NetworkDnsFields { - dnsName = 'dnsName', - queryCount = 'queryCount', - uniqueDomains = 'uniqueDomains', - dnsBytesIn = 'dnsBytesIn', - dnsBytesOut = 'dnsBytesOut', -} - export enum DataProviderType { default = 'default', template = 'template', @@ -371,27 +313,6 @@ export enum SortFieldTimeline { created = 'created', } -export enum NetworkDirectionEcs { - inbound = 'inbound', - outbound = 'outbound', - internal = 'internal', - external = 'external', - incoming = 'incoming', - outgoing = 'outgoing', - listening = 'listening', - unknown = 'unknown', -} - -export enum NetworkHttpFields { - domains = 'domains', - lastHost = 'lastHost', - lastSourceIp = 'lastSourceIp', - methods = 'methods', - path = 'path', - requestCount = 'requestCount', - statuses = 'statuses', -} - export enum FlowTarget { client = 'client', destination = 'destination', @@ -399,6 +320,11 @@ export enum FlowTarget { source = 'source', } +export enum FlowTargetSourceDest { + destination = 'destination', + source = 'source', +} + export enum FlowDirection { uniDirectional = 'uniDirectional', biDirectional = 'biDirectional', @@ -408,17 +334,15 @@ export type ToStringArray = string[]; export type Date = string; -export type ToNumberArray = number[]; - -export type ToDateArray = string[]; +export type ToAny = any; -export type ToBooleanArray = boolean[]; +export type ToStringArrayNoNullable = any; -export type ToAny = any; +export type ToDateArray = string[]; -export type EsValue = any; +export type ToNumberArray = number[]; -export type ToStringArrayNoNullable = any; +export type ToBooleanArray = boolean[]; export type ToIFieldSubTypeNonNullable = any; @@ -509,40 +433,12 @@ export interface Source { configuration: SourceConfiguration; /** The status of the source */ status: SourceStatus; - /** Gets Authentication success and failures based on a timerange */ - Authentications: AuthenticationsData; - - Timeline: TimelineData; - - TimelineDetails: TimelineDetailsData; - - LastEventTime: LastEventTimeData; /** Gets Hosts based on timerange and specified criteria, or all events in the timerange if no criteria is specified */ Hosts: HostsData; HostOverview: HostItem; HostFirstLastSeen: FirstLastSeenHost; - - KpiNetwork?: Maybe; - - KpiHosts: KpiHostsData; - - KpiHostDetails: KpiHostDetailsData; - - MatrixHistogram: MatrixHistogramOverTimeData; - - NetworkTopCountries: NetworkTopCountriesData; - - NetworkTopNFlow: NetworkTopNFlowData; - - NetworkDns: NetworkDnsData; - - NetworkDnsHistogram: NetworkDsOverTimeData; - - NetworkHttp: NetworkHttpData; - /** Just a simple example to get the app name */ - whoAmI?: Maybe; } /** A set of configuration options for a security data source */ @@ -575,8 +471,8 @@ export interface SourceStatus { indexFields: string[]; } -export interface AuthenticationsData { - edges: AuthenticationsEdges[]; +export interface HostsData { + edges: HostsEdges[]; totalCount: number; @@ -585,84 +481,50 @@ export interface AuthenticationsData { inspect?: Maybe; } -export interface AuthenticationsEdges { - node: AuthenticationItem; +export interface HostsEdges { + node: HostItem; cursor: CursorType; } -export interface AuthenticationItem { - _id: string; +export interface HostItem { + _id?: Maybe; - failures: number; + cloud?: Maybe; - successes: number; + endpoint?: Maybe; - user: UserEcsFields; + host?: Maybe; - lastSuccess?: Maybe; + inspect?: Maybe; - lastFailure?: Maybe; + lastSeen?: Maybe; } -export interface UserEcsFields { - domain?: Maybe; - - id?: Maybe; - - name?: Maybe; - - full_name?: Maybe; +export interface CloudFields { + instance?: Maybe; - email?: Maybe; + machine?: Maybe; - hash?: Maybe; + provider?: Maybe<(Maybe)[]>; - group?: Maybe; + region?: Maybe<(Maybe)[]>; } -export interface LastSourceHost { - timestamp?: Maybe; - - source?: Maybe; - - host?: Maybe; +export interface CloudInstance { + id?: Maybe<(Maybe)[]>; } -export interface SourceEcsFields { - bytes?: Maybe; - - ip?: Maybe; - - port?: Maybe; - - domain?: Maybe; - - geo?: Maybe; - - packets?: Maybe; +export interface CloudMachine { + type?: Maybe<(Maybe)[]>; } -export interface GeoEcsFields { - city_name?: Maybe; - - continent_name?: Maybe; - - country_iso_code?: Maybe; - - country_name?: Maybe; - - location?: Maybe; - - region_iso_code?: Maybe; - - region_name?: Maybe; -} +export interface EndpointFields { + endpointPolicy?: Maybe; -export interface Location { - lon?: Maybe; + sensorVersion?: Maybe; - lat?: Maybe; + policyStatus?: Maybe; } export interface HostEcsFields { @@ -695,6 +557,12 @@ export interface OsEcsFields { kernel?: Maybe; } +export interface Inspect { + dsl: string[]; + + response: string[]; +} + export interface CursorType { value?: Maybe; @@ -709,196 +577,267 @@ export interface PageInfoPaginated { showMorePagesIndicator: boolean; } -export interface Inspect { - dsl: string[]; +export interface FirstLastSeenHost { + inspect?: Maybe; - response: string[]; + firstSeen?: Maybe; + + lastSeen?: Maybe; } -export interface TimelineData { - edges: TimelineEdges[]; +export interface TimelineResult { + columns?: Maybe; - totalCount: number; + created?: Maybe; - pageInfo: PageInfo; + createdBy?: Maybe; - inspect?: Maybe; -} + dataProviders?: Maybe; -export interface TimelineEdges { - node: TimelineItem; + dateRange?: Maybe; - cursor: CursorType; -} + description?: Maybe; -export interface TimelineItem { - _id: string; + eventIdToNoteIds?: Maybe; - _index?: Maybe; + eventType?: Maybe; - data: TimelineNonEcsData[]; + excludedRowRendererIds?: Maybe; - ecs: Ecs; -} + favorite?: Maybe; -export interface TimelineNonEcsData { - field: string; + filters?: Maybe; - value?: Maybe; -} + kqlMode?: Maybe; -export interface Ecs { - _id: string; + kqlQuery?: Maybe; - _index?: Maybe; + indexNames?: Maybe; - agent?: Maybe; + notes?: Maybe; - auditd?: Maybe; + noteIds?: Maybe; - destination?: Maybe; + pinnedEventIds?: Maybe; - dns?: Maybe; + pinnedEventsSaveObject?: Maybe; - endgame?: Maybe; + savedQueryId?: Maybe; - event?: Maybe; + savedObjectId: string; - geo?: Maybe; + sort?: Maybe; - host?: Maybe; + status?: Maybe; - network?: Maybe; + title?: Maybe; - rule?: Maybe; + templateTimelineId?: Maybe; - signal?: Maybe; + templateTimelineVersion?: Maybe; - source?: Maybe; + timelineType?: Maybe; - suricata?: Maybe; + updated?: Maybe; - tls?: Maybe; + updatedBy?: Maybe; - zeek?: Maybe; + version: string; +} - http?: Maybe; +export interface ColumnHeaderResult { + aggregatable?: Maybe; - url?: Maybe; + category?: Maybe; - timestamp?: Maybe; + columnHeaderType?: Maybe; - message?: Maybe; + description?: Maybe; - user?: Maybe; + example?: Maybe; - winlog?: Maybe; + indexes?: Maybe; - process?: Maybe; + id?: Maybe; - file?: Maybe; + name?: Maybe; - system?: Maybe; -} + placeholder?: Maybe; -export interface AgentEcsField { - type?: Maybe; + searchable?: Maybe; + + type?: Maybe; } -export interface AuditdEcsFields { - result?: Maybe; +export interface DataProviderResult { + id?: Maybe; - session?: Maybe; + name?: Maybe; - data?: Maybe; + enabled?: Maybe; - summary?: Maybe; + excluded?: Maybe; - sequence?: Maybe; + kqlQuery?: Maybe; + + queryMatch?: Maybe; + + type?: Maybe; + + and?: Maybe; } -export interface AuditdData { - acct?: Maybe; +export interface QueryMatchResult { + field?: Maybe; - terminal?: Maybe; + displayField?: Maybe; - op?: Maybe; + value?: Maybe; + + displayValue?: Maybe; + + operator?: Maybe; } -export interface Summary { - actor?: Maybe; +export interface DateRangePickerResult { + start?: Maybe; - object?: Maybe; + end?: Maybe; +} - how?: Maybe; +export interface FavoriteTimelineResult { + fullName?: Maybe; - message_type?: Maybe; + userName?: Maybe; - sequence?: Maybe; + favoriteDate?: Maybe; } -export interface PrimarySecondary { - primary?: Maybe; +export interface FilterTimelineResult { + exists?: Maybe; - secondary?: Maybe; + meta?: Maybe; - type?: Maybe; + match_all?: Maybe; + + missing?: Maybe; + + query?: Maybe; + + range?: Maybe; + + script?: Maybe; } -export interface DestinationEcsFields { - bytes?: Maybe; +export interface FilterMetaTimelineResult { + alias?: Maybe; - ip?: Maybe; + controlledBy?: Maybe; - port?: Maybe; + disabled?: Maybe; - domain?: Maybe; + field?: Maybe; - geo?: Maybe; + formattedValue?: Maybe; - packets?: Maybe; + index?: Maybe; + + key?: Maybe; + + negate?: Maybe; + + params?: Maybe; + + type?: Maybe; + + value?: Maybe; } -export interface DnsEcsFields { - question?: Maybe; +export interface SerializedFilterQueryResult { + filterQuery?: Maybe; +} - resolved_ip?: Maybe; +export interface SerializedKueryQueryResult { + kuery?: Maybe; - response_code?: Maybe; + serializedQuery?: Maybe; } -export interface DnsQuestionData { - name?: Maybe; +export interface KueryFilterQueryResult { + kind?: Maybe; - type?: Maybe; + expression?: Maybe; } -export interface EndgameEcsFields { - exit_code?: Maybe; +export interface SortTimelineResult { + columnId?: Maybe; - file_name?: Maybe; + sortDirection?: Maybe; +} - file_path?: Maybe; +export interface ResponseTimelines { + timeline: (Maybe)[]; - logon_type?: Maybe; + totalCount?: Maybe; - parent_process_name?: Maybe; + defaultTimelineCount?: Maybe; - pid?: Maybe; + templateTimelineCount?: Maybe; - process_name?: Maybe; + elasticTemplateTimelineCount?: Maybe; - subject_domain_name?: Maybe; + customTemplateTimelineCount?: Maybe; - subject_logon_id?: Maybe; + favoriteCount?: Maybe; +} - subject_user_name?: Maybe; +export interface Mutation { + /** Persists a note */ + persistNote: ResponseNote; - target_domain_name?: Maybe; + deleteNote?: Maybe; - target_logon_id?: Maybe; + deleteNoteByTimelineId?: Maybe; + /** Persists a pinned event in a timeline */ + persistPinnedEventOnTimeline?: Maybe; + /** Remove a pinned events in a timeline */ + deletePinnedEventOnTimeline: boolean; + /** Remove all pinned events in a timeline */ + deleteAllPinnedEventsOnTimeline: boolean; + /** Persists a timeline */ + persistTimeline: ResponseTimeline; - target_user_name?: Maybe; + persistFavorite: ResponseFavoriteTimeline; + + deleteTimeline: boolean; +} + +export interface ResponseNote { + code?: Maybe; + + message?: Maybe; + + note: NoteResult; +} + +export interface ResponseTimeline { + code?: Maybe; + + message?: Maybe; + + timeline: TimelineResult; +} + +export interface ResponseFavoriteTimeline { + code?: Maybe; + + message?: Maybe; + + savedObjectId: string; + + version: string; + + favorite?: Maybe; } export interface EventEcsFields { @@ -941,110 +880,176 @@ export interface EventEcsFields { type?: Maybe; } -export interface NetworkEcsField { - bytes?: Maybe; - - community_id?: Maybe; +export interface Location { + lon?: Maybe; - direction?: Maybe; + lat?: Maybe; +} - packets?: Maybe; +export interface GeoEcsFields { + city_name?: Maybe; - protocol?: Maybe; + continent_name?: Maybe; - transport?: Maybe; -} + country_iso_code?: Maybe; -export interface RuleEcsField { - reference?: Maybe; -} + country_name?: Maybe; -export interface SignalField { - rule?: Maybe; + location?: Maybe; - original_time?: Maybe; + region_iso_code?: Maybe; - status?: Maybe; + region_name?: Maybe; } -export interface RuleField { - id?: Maybe; +export interface PrimarySecondary { + primary?: Maybe; - rule_id?: Maybe; + secondary?: Maybe; - false_positives: string[]; + type?: Maybe; +} - saved_id?: Maybe; +export interface Summary { + actor?: Maybe; - timeline_id?: Maybe; + object?: Maybe; - timeline_title?: Maybe; + how?: Maybe; - max_signals?: Maybe; + message_type?: Maybe; - risk_score?: Maybe; + sequence?: Maybe; +} - output_index?: Maybe; +export interface AgentEcsField { + type?: Maybe; +} - description?: Maybe; +export interface AuditdData { + acct?: Maybe; - from?: Maybe; + terminal?: Maybe; - immutable?: Maybe; + op?: Maybe; +} - index?: Maybe; +export interface AuditdEcsFields { + result?: Maybe; - interval?: Maybe; + session?: Maybe; - language?: Maybe; + data?: Maybe; - query?: Maybe; + summary?: Maybe; - references?: Maybe; + sequence?: Maybe; +} - severity?: Maybe; +export interface Thread { + id?: Maybe; - tags?: Maybe; + start?: Maybe; +} - threat?: Maybe; +export interface ProcessHashData { + md5?: Maybe; - type?: Maybe; + sha1?: Maybe; - size?: Maybe; + sha256?: Maybe; +} - to?: Maybe; +export interface ProcessEcsFields { + hash?: Maybe; - enabled?: Maybe; + pid?: Maybe; - filters?: Maybe; + name?: Maybe; - created_at?: Maybe; + ppid?: Maybe; - updated_at?: Maybe; + args?: Maybe; - created_by?: Maybe; + entity_id?: Maybe; - updated_by?: Maybe; + executable?: Maybe; - version?: Maybe; + title?: Maybe; - note?: Maybe; + thread?: Maybe; - threshold?: Maybe; + working_directory?: Maybe; +} - exceptions_list?: Maybe; +export interface SourceEcsFields { + bytes?: Maybe; + + ip?: Maybe; + + port?: Maybe; + + domain?: Maybe; + + geo?: Maybe; + + packets?: Maybe; } -export interface SuricataEcsFields { - eve?: Maybe; +export interface DestinationEcsFields { + bytes?: Maybe; + + ip?: Maybe; + + port?: Maybe; + + domain?: Maybe; + + geo?: Maybe; + + packets?: Maybe; } -export interface SuricataEveData { - alert?: Maybe; +export interface DnsQuestionData { + name?: Maybe; - flow_id?: Maybe; + type?: Maybe; +} - proto?: Maybe; +export interface DnsEcsFields { + question?: Maybe; + + resolved_ip?: Maybe; + + response_code?: Maybe; +} + +export interface EndgameEcsFields { + exit_code?: Maybe; + + file_name?: Maybe; + + file_path?: Maybe; + + logon_type?: Maybe; + + parent_process_name?: Maybe; + + pid?: Maybe; + + process_name?: Maybe; + + subject_domain_name?: Maybe; + + subject_logon_id?: Maybe; + + subject_user_name?: Maybe; + + target_domain_name?: Maybe; + + target_logon_id?: Maybe; + + target_user_name?: Maybe; } export interface SuricataAlertData { @@ -1053,48 +1058,44 @@ export interface SuricataAlertData { signature_id?: Maybe; } -export interface TlsEcsFields { - client_certificate?: Maybe; +export interface SuricataEveData { + alert?: Maybe; - fingerprints?: Maybe; + flow_id?: Maybe; - server_certificate?: Maybe; + proto?: Maybe; } -export interface TlsClientCertificateData { - fingerprint?: Maybe; +export interface SuricataEcsFields { + eve?: Maybe; } -export interface FingerprintData { - sha1?: Maybe; +export interface TlsJa3Data { + hash?: Maybe; } -export interface TlsFingerprintsData { - ja3?: Maybe; +export interface FingerprintData { + sha1?: Maybe; } -export interface TlsJa3Data { - hash?: Maybe; +export interface TlsClientCertificateData { + fingerprint?: Maybe; } export interface TlsServerCertificateData { fingerprint?: Maybe; } -export interface ZeekEcsFields { - session_id?: Maybe; - - connection?: Maybe; - - notice?: Maybe; - - dns?: Maybe; +export interface TlsFingerprintsData { + ja3?: Maybe; +} - http?: Maybe; +export interface TlsEcsFields { + client_certificate?: Maybe; - files?: Maybe; + fingerprints?: Maybe; - ssl?: Maybe; + server_certificate?: Maybe; } export interface ZeekConnectionData { @@ -1149,6 +1150,38 @@ export interface ZeekDnsData { TC?: Maybe; } +export interface FileFields { + name?: Maybe; + + path?: Maybe; + + target_path?: Maybe; + + extension?: Maybe; + + type?: Maybe; + + device?: Maybe; + + inode?: Maybe; + + uid?: Maybe; + + owner?: Maybe; + + gid?: Maybe; + + group?: Maybe; + + mode?: Maybe; + + size?: Maybe; + + mtime?: Maybe; + + ctime?: Maybe; +} + export interface ZeekHttpData { resp_mime_types?: Maybe; @@ -1161,6 +1194,48 @@ export interface ZeekHttpData { tags?: Maybe; } +export interface HttpBodyData { + content?: Maybe; + + bytes?: Maybe; +} + +export interface HttpRequestData { + method?: Maybe; + + body?: Maybe; + + referrer?: Maybe; + + bytes?: Maybe; +} + +export interface HttpResponseData { + status_code?: Maybe; + + body?: Maybe; + + bytes?: Maybe; +} + +export interface HttpEcsFields { + version?: Maybe; + + request?: Maybe; + + response?: Maybe; +} + +export interface UrlEcsFields { + domain?: Maybe; + + original?: Maybe; + + username?: Maybe; + + password?: Maybe; +} + export interface ZeekFileData { session_ids?: Maybe; @@ -1209,128 +1284,54 @@ export interface ZeekSslData { version?: Maybe; } -export interface HttpEcsFields { - version?: Maybe; +export interface ZeekEcsFields { + session_id?: Maybe; - request?: Maybe; + connection?: Maybe; - response?: Maybe; -} + notice?: Maybe; -export interface HttpRequestData { - method?: Maybe; + dns?: Maybe; - body?: Maybe; + http?: Maybe; - referrer?: Maybe; + files?: Maybe; - bytes?: Maybe; + ssl?: Maybe; } -export interface HttpBodyData { - content?: Maybe; +export interface UserEcsFields { + domain?: Maybe; - bytes?: Maybe; -} + id?: Maybe; -export interface HttpResponseData { - status_code?: Maybe; + name?: Maybe; - body?: Maybe; + full_name?: Maybe; - bytes?: Maybe; -} + email?: Maybe; -export interface UrlEcsFields { - domain?: Maybe; + hash?: Maybe; - original?: Maybe; - - username?: Maybe; - - password?: Maybe; -} + group?: Maybe; +} export interface WinlogEcsFields { event_id?: Maybe; } -export interface ProcessEcsFields { - hash?: Maybe; - - pid?: Maybe; - - name?: Maybe; - - ppid?: Maybe; - - args?: Maybe; - - entity_id?: Maybe; - - executable?: Maybe; - - title?: Maybe; - - thread?: Maybe; - - working_directory?: Maybe; -} - -export interface ProcessHashData { - md5?: Maybe; - - sha1?: Maybe; - - sha256?: Maybe; -} - -export interface Thread { - id?: Maybe; - - start?: Maybe; -} - -export interface FileFields { - name?: Maybe; - - path?: Maybe; - - target_path?: Maybe; - - extension?: Maybe; - - type?: Maybe; - - device?: Maybe; - - inode?: Maybe; - - uid?: Maybe; - - owner?: Maybe; - - gid?: Maybe; - - group?: Maybe; - - mode?: Maybe; - - size?: Maybe; +export interface NetworkEcsField { + bytes?: Maybe; - mtime?: Maybe; + community_id?: Maybe; - ctime?: Maybe; -} + direction?: Maybe; -export interface SystemEcsField { - audit?: Maybe; + packets?: Maybe; - auth?: Maybe; -} + protocol?: Maybe; -export interface AuditEcsFields { - package?: Maybe; + transport?: Maybe; } export interface PackageEcsFields { @@ -1347,8 +1348,8 @@ export interface PackageEcsFields { version?: Maybe; } -export interface AuthEcsFields { - ssh?: Maybe; +export interface AuditEcsFields { + package?: Maybe; } export interface SshEcsFields { @@ -1357,3188 +1358,760 @@ export interface SshEcsFields { signature?: Maybe; } -export interface PageInfo { - endCursor?: Maybe; - - hasNextPage?: Maybe; +export interface AuthEcsFields { + ssh?: Maybe; } -export interface TimelineDetailsData { - data?: Maybe; +export interface SystemEcsField { + audit?: Maybe; - inspect?: Maybe; + auth?: Maybe; } -export interface DetailItem { - field: string; - - values?: Maybe; - - originalValue?: Maybe; -} +export interface RuleField { + id?: Maybe; -export interface LastEventTimeData { - lastSeen?: Maybe; + rule_id?: Maybe; - inspect?: Maybe; -} + false_positives: string[]; -export interface HostsData { - edges: HostsEdges[]; + saved_id?: Maybe; - totalCount: number; + timeline_id?: Maybe; - pageInfo: PageInfoPaginated; + timeline_title?: Maybe; - inspect?: Maybe; -} + max_signals?: Maybe; -export interface HostsEdges { - node: HostItem; + risk_score?: Maybe; - cursor: CursorType; -} + output_index?: Maybe; -export interface HostItem { - _id?: Maybe; + description?: Maybe; - cloud?: Maybe; + from?: Maybe; - endpoint?: Maybe; + immutable?: Maybe; - host?: Maybe; + index?: Maybe; - inspect?: Maybe; + interval?: Maybe; - lastSeen?: Maybe; -} + language?: Maybe; -export interface CloudFields { - instance?: Maybe; + query?: Maybe; - machine?: Maybe; + references?: Maybe; - provider?: Maybe<(Maybe)[]>; + severity?: Maybe; - region?: Maybe<(Maybe)[]>; -} + tags?: Maybe; -export interface CloudInstance { - id?: Maybe<(Maybe)[]>; -} + threat?: Maybe; -export interface CloudMachine { - type?: Maybe<(Maybe)[]>; -} + type?: Maybe; -export interface EndpointFields { - endpointPolicy?: Maybe; + size?: Maybe; - sensorVersion?: Maybe; + to?: Maybe; - policyStatus?: Maybe; -} + enabled?: Maybe; -export interface FirstLastSeenHost { - inspect?: Maybe; + filters?: Maybe; - firstSeen?: Maybe; + created_at?: Maybe; - lastSeen?: Maybe; -} + updated_at?: Maybe; -export interface KpiNetworkData { - networkEvents?: Maybe; + created_by?: Maybe; - uniqueFlowId?: Maybe; + updated_by?: Maybe; - uniqueSourcePrivateIps?: Maybe; + version?: Maybe; - uniqueSourcePrivateIpsHistogram?: Maybe; + note?: Maybe; - uniqueDestinationPrivateIps?: Maybe; + threshold?: Maybe; - uniqueDestinationPrivateIpsHistogram?: Maybe; + exceptions_list?: Maybe; +} - dnsQueries?: Maybe; +export interface SignalField { + rule?: Maybe; - tlsHandshakes?: Maybe; + original_time?: Maybe; - inspect?: Maybe; + status?: Maybe; } -export interface KpiNetworkHistogramData { - x?: Maybe; - - y?: Maybe; +export interface RuleEcsField { + reference?: Maybe; } -export interface KpiHostsData { - hosts?: Maybe; - - hostsHistogram?: Maybe; - - authSuccess?: Maybe; - - authSuccessHistogram?: Maybe; - - authFailure?: Maybe; - - authFailureHistogram?: Maybe; - - uniqueSourceIps?: Maybe; +export interface Ecs { + _id: string; - uniqueSourceIpsHistogram?: Maybe; + _index?: Maybe; - uniqueDestinationIps?: Maybe; + agent?: Maybe; - uniqueDestinationIpsHistogram?: Maybe; + auditd?: Maybe; - inspect?: Maybe; -} + destination?: Maybe; -export interface KpiHostHistogramData { - x?: Maybe; + dns?: Maybe; - y?: Maybe; -} + endgame?: Maybe; -export interface KpiHostDetailsData { - authSuccess?: Maybe; + event?: Maybe; - authSuccessHistogram?: Maybe; + geo?: Maybe; - authFailure?: Maybe; + host?: Maybe; - authFailureHistogram?: Maybe; + network?: Maybe; - uniqueSourceIps?: Maybe; + rule?: Maybe; - uniqueSourceIpsHistogram?: Maybe; + signal?: Maybe; - uniqueDestinationIps?: Maybe; + source?: Maybe; - uniqueDestinationIpsHistogram?: Maybe; + suricata?: Maybe; - inspect?: Maybe; -} + tls?: Maybe; -export interface MatrixHistogramOverTimeData { - inspect?: Maybe; + zeek?: Maybe; - matrixHistogramData: MatrixOverTimeHistogramData[]; + http?: Maybe; - totalCount: number; -} + url?: Maybe; -export interface MatrixOverTimeHistogramData { - x?: Maybe; + timestamp?: Maybe; - y?: Maybe; + message?: Maybe; - g?: Maybe; -} + user?: Maybe; -export interface NetworkTopCountriesData { - edges: NetworkTopCountriesEdges[]; + winlog?: Maybe; - totalCount: number; + process?: Maybe; - pageInfo: PageInfoPaginated; + file?: Maybe; - inspect?: Maybe; + system?: Maybe; } -export interface NetworkTopCountriesEdges { - node: NetworkTopCountriesItem; +export interface EcsEdges { + node: Ecs; cursor: CursorType; } -export interface NetworkTopCountriesItem { - _id?: Maybe; - - source?: Maybe; - - destination?: Maybe; - - network?: Maybe; -} +export interface OsFields { + platform?: Maybe; -export interface TopCountriesItemSource { - country?: Maybe; + name?: Maybe; - destination_ips?: Maybe; + full?: Maybe; - flows?: Maybe; + family?: Maybe; - location?: Maybe; + version?: Maybe; - source_ips?: Maybe; + kernel?: Maybe; } -export interface GeoItem { - geo?: Maybe; +export interface HostFields { + architecture?: Maybe; - flowTarget?: Maybe; -} + id?: Maybe; -export interface TopCountriesItemDestination { - country?: Maybe; + ip?: Maybe<(Maybe)[]>; - destination_ips?: Maybe; + mac?: Maybe<(Maybe)[]>; - flows?: Maybe; + name?: Maybe; - location?: Maybe; + os?: Maybe; - source_ips?: Maybe; + type?: Maybe; } -export interface TopNetworkTablesEcsField { - bytes_in?: Maybe; - - bytes_out?: Maybe; -} - -export interface NetworkTopNFlowData { - edges: NetworkTopNFlowEdges[]; - - totalCount: number; +/** A descriptor of a field in an index */ +export interface IndexField { + /** Where the field belong */ + category: string; + /** Example of field's value */ + example?: Maybe; + /** whether the field's belong to an alias index */ + indexes: (Maybe)[]; + /** The name of the field */ + name: string; + /** The type of the field's values as recognized by Kibana */ + type: string; + /** Whether the field's values can be efficiently searched for */ + searchable: boolean; + /** Whether the field's values can be aggregated */ + aggregatable: boolean; + /** Description of the field */ + description?: Maybe; - pageInfo: PageInfoPaginated; + format?: Maybe; + /** the elastic type as mapped in the index */ + esTypes?: Maybe; - inspect?: Maybe; + subType?: Maybe; } -export interface NetworkTopNFlowEdges { - node: NetworkTopNFlowItem; +export interface PageInfo { + endCursor?: Maybe; - cursor: CursorType; + hasNextPage?: Maybe; } -export interface NetworkTopNFlowItem { - _id?: Maybe; - - source?: Maybe; - - destination?: Maybe; +// ==================================================== +// Arguments +// ==================================================== - network?: Maybe; +export interface GetNoteQueryArgs { + id: string; } - -export interface TopNFlowItemSource { - autonomous_system?: Maybe; - - domain?: Maybe; - - ip?: Maybe; - - location?: Maybe; - - flows?: Maybe; - - destination_ips?: Maybe; +export interface GetNotesByTimelineIdQueryArgs { + timelineId: string; } - -export interface AutonomousSystemItem { - name?: Maybe; - - number?: Maybe; +export interface GetNotesByEventIdQueryArgs { + eventId: string; } +export interface GetAllNotesQueryArgs { + pageInfo?: Maybe; -export interface TopNFlowItemDestination { - autonomous_system?: Maybe; - - domain?: Maybe; - - ip?: Maybe; - - location?: Maybe; - - flows?: Maybe; + search?: Maybe; - source_ips?: Maybe; + sort?: Maybe; } +export interface GetAllPinnedEventsByTimelineIdQueryArgs { + timelineId: string; +} +export interface SourceQueryArgs { + /** The id of the source */ + id: string; +} +export interface GetOneTimelineQueryArgs { + id: string; +} +export interface GetAllTimelineQueryArgs { + pageInfo: PageInfoTimeline; -export interface NetworkDnsData { - edges: NetworkDnsEdges[]; - - totalCount: number; - - pageInfo: PageInfoPaginated; + search?: Maybe; - inspect?: Maybe; + sort?: Maybe; - histogram?: Maybe; -} + onlyUserFavorite?: Maybe; -export interface NetworkDnsEdges { - node: NetworkDnsItem; + timelineType?: Maybe; - cursor: CursorType; + status?: Maybe; } +export interface HostsSourceArgs { + id?: Maybe; -export interface NetworkDnsItem { - _id?: Maybe; + timerange: TimerangeInput; - dnsBytesIn?: Maybe; + pagination: PaginationInputPaginated; - dnsBytesOut?: Maybe; + sort: HostsSortField; - dnsName?: Maybe; + filterQuery?: Maybe; - queryCount?: Maybe; + defaultIndex: string[]; - uniqueDomains?: Maybe; + docValueFields: DocValueFieldsInput[]; } +export interface HostOverviewSourceArgs { + id?: Maybe; -export interface MatrixOverOrdinalHistogramData { - x: string; + hostName: string; - y: number; + timerange: TimerangeInput; - g: string; + defaultIndex: string[]; } +export interface HostFirstLastSeenSourceArgs { + id?: Maybe; -export interface NetworkDsOverTimeData { - inspect?: Maybe; + hostName: string; - matrixHistogramData: MatrixOverTimeHistogramData[]; + defaultIndex: string[]; - totalCount: number; + docValueFields: DocValueFieldsInput[]; } - -export interface NetworkHttpData { - edges: NetworkHttpEdges[]; - - totalCount: number; - - pageInfo: PageInfoPaginated; - - inspect?: Maybe; +export interface IndicesExistSourceStatusArgs { + defaultIndex: string[]; } - -export interface NetworkHttpEdges { - node: NetworkHttpItem; - - cursor: CursorType; +export interface IndexFieldsSourceStatusArgs { + defaultIndex: string[]; } +export interface PersistNoteMutationArgs { + noteId?: Maybe; -export interface NetworkHttpItem { - _id?: Maybe; - - domains: string[]; - - lastHost?: Maybe; - - lastSourceIp?: Maybe; - - methods: string[]; - - path?: Maybe; - - requestCount?: Maybe; + version?: Maybe; - statuses: string[]; + note: NoteInput; } - -export interface SayMyName { - /** The id of the source */ - appName: string; +export interface DeleteNoteMutationArgs { + id: string[]; } +export interface DeleteNoteByTimelineIdMutationArgs { + timelineId: string; -export interface TimelineResult { - columns?: Maybe; - - created?: Maybe; - - createdBy?: Maybe; - - dataProviders?: Maybe; - - dateRange?: Maybe; - - description?: Maybe; - - eventIdToNoteIds?: Maybe; - - eventType?: Maybe; - - excludedRowRendererIds?: Maybe; - - favorite?: Maybe; - - filters?: Maybe; - - kqlMode?: Maybe; - - kqlQuery?: Maybe; - - indexNames?: Maybe; - - notes?: Maybe; - - noteIds?: Maybe; - - pinnedEventIds?: Maybe; - - pinnedEventsSaveObject?: Maybe; - - savedQueryId?: Maybe; - - savedObjectId: string; - - sort?: Maybe; + version?: Maybe; +} +export interface PersistPinnedEventOnTimelineMutationArgs { + pinnedEventId?: Maybe; - status?: Maybe; + eventId: string; - title?: Maybe; + timelineId?: Maybe; +} +export interface DeletePinnedEventOnTimelineMutationArgs { + id: string[]; +} +export interface DeleteAllPinnedEventsOnTimelineMutationArgs { + timelineId: string; +} +export interface PersistTimelineMutationArgs { + id?: Maybe; - templateTimelineId?: Maybe; + version?: Maybe; - templateTimelineVersion?: Maybe; + timeline: TimelineInput; +} +export interface PersistFavoriteMutationArgs { + timelineId?: Maybe; +} +export interface DeleteTimelineMutationArgs { + id: string[]; +} - timelineType?: Maybe; +// ==================================================== +// Documents +// ==================================================== - updated?: Maybe; +export namespace GetHostOverviewQuery { + export type Variables = { + sourceId: string; + hostName: string; + timerange: TimerangeInput; + defaultIndex: string[]; + inspect: boolean; + }; - updatedBy?: Maybe; + export type Query = { + __typename?: 'Query'; - version: string; -} + source: Source; + }; -export interface ColumnHeaderResult { - aggregatable?: Maybe; + export type Source = { + __typename?: 'Source'; - category?: Maybe; + id: string; - columnHeaderType?: Maybe; + HostOverview: HostOverview; + }; - description?: Maybe; + export type HostOverview = { + __typename?: 'HostItem'; - example?: Maybe; + _id: Maybe; - indexes?: Maybe; + host: Maybe; - id?: Maybe; + cloud: Maybe; - name?: Maybe; + inspect: Maybe; - placeholder?: Maybe; + endpoint: Maybe; + }; - searchable?: Maybe; + export type Host = { + __typename?: 'HostEcsFields'; - type?: Maybe; -} - -export interface DataProviderResult { - id?: Maybe; - - name?: Maybe; - - enabled?: Maybe; - - excluded?: Maybe; - - kqlQuery?: Maybe; - - queryMatch?: Maybe; - - type?: Maybe; - - and?: Maybe; -} - -export interface QueryMatchResult { - field?: Maybe; - - displayField?: Maybe; - - value?: Maybe; - - displayValue?: Maybe; - - operator?: Maybe; -} - -export interface DateRangePickerResult { - start?: Maybe; - - end?: Maybe; -} - -export interface FavoriteTimelineResult { - fullName?: Maybe; - - userName?: Maybe; - - favoriteDate?: Maybe; -} - -export interface FilterTimelineResult { - exists?: Maybe; - - meta?: Maybe; - - match_all?: Maybe; - - missing?: Maybe; - - query?: Maybe; - - range?: Maybe; - - script?: Maybe; -} - -export interface FilterMetaTimelineResult { - alias?: Maybe; - - controlledBy?: Maybe; - - disabled?: Maybe; - - field?: Maybe; - - formattedValue?: Maybe; - - index?: Maybe; - - key?: Maybe; - - negate?: Maybe; - - params?: Maybe; - - type?: Maybe; - - value?: Maybe; -} - -export interface SerializedFilterQueryResult { - filterQuery?: Maybe; -} - -export interface SerializedKueryQueryResult { - kuery?: Maybe; - - serializedQuery?: Maybe; -} - -export interface KueryFilterQueryResult { - kind?: Maybe; - - expression?: Maybe; -} - -export interface SortTimelineResult { - columnId?: Maybe; - - sortDirection?: Maybe; -} - -export interface ResponseTimelines { - timeline: (Maybe)[]; - - totalCount?: Maybe; - - defaultTimelineCount?: Maybe; - - templateTimelineCount?: Maybe; - - elasticTemplateTimelineCount?: Maybe; - - customTemplateTimelineCount?: Maybe; - - favoriteCount?: Maybe; -} - -export interface Mutation { - /** Persists a note */ - persistNote: ResponseNote; - - deleteNote?: Maybe; - - deleteNoteByTimelineId?: Maybe; - /** Persists a pinned event in a timeline */ - persistPinnedEventOnTimeline?: Maybe; - /** Remove a pinned events in a timeline */ - deletePinnedEventOnTimeline: boolean; - /** Remove all pinned events in a timeline */ - deleteAllPinnedEventsOnTimeline: boolean; - /** Persists a timeline */ - persistTimeline: ResponseTimeline; - - persistFavorite: ResponseFavoriteTimeline; - - deleteTimeline: boolean; -} - -export interface ResponseNote { - code?: Maybe; - - message?: Maybe; - - note: NoteResult; -} - -export interface ResponseTimeline { - code?: Maybe; - - message?: Maybe; - - timeline: TimelineResult; -} - -export interface ResponseFavoriteTimeline { - code?: Maybe; - - message?: Maybe; - - savedObjectId: string; - - version: string; - - favorite?: Maybe; -} - -export interface EcsEdges { - node: Ecs; - - cursor: CursorType; -} - -export interface EventsTimelineData { - edges: EcsEdges[]; - - totalCount: number; - - pageInfo: PageInfo; - - inspect?: Maybe; -} - -export interface OsFields { - platform?: Maybe; - - name?: Maybe; - - full?: Maybe; - - family?: Maybe; - - version?: Maybe; - - kernel?: Maybe; -} - -export interface HostFields { - architecture?: Maybe; - - id?: Maybe; - - ip?: Maybe<(Maybe)[]>; - - mac?: Maybe<(Maybe)[]>; - - name?: Maybe; - - os?: Maybe; - - type?: Maybe; -} - -/** A descriptor of a field in an index */ -export interface IndexField { - /** Where the field belong */ - category: string; - /** Example of field's value */ - example?: Maybe; - /** whether the field's belong to an alias index */ - indexes: (Maybe)[]; - /** The name of the field */ - name: string; - /** The type of the field's values as recognized by Kibana */ - type: string; - /** Whether the field's values can be efficiently searched for */ - searchable: boolean; - /** Whether the field's values can be aggregated */ - aggregatable: boolean; - /** Description of the field */ - description?: Maybe; - - format?: Maybe; - /** the elastic type as mapped in the index */ - esTypes?: Maybe; - - subType?: Maybe; -} - -// ==================================================== -// Arguments -// ==================================================== - -export interface GetNoteQueryArgs { - id: string; -} -export interface GetNotesByTimelineIdQueryArgs { - timelineId: string; -} -export interface GetNotesByEventIdQueryArgs { - eventId: string; -} -export interface GetAllNotesQueryArgs { - pageInfo?: Maybe; - - search?: Maybe; - - sort?: Maybe; -} -export interface GetAllPinnedEventsByTimelineIdQueryArgs { - timelineId: string; -} -export interface SourceQueryArgs { - /** The id of the source */ - id: string; -} -export interface GetOneTimelineQueryArgs { - id: string; -} -export interface GetAllTimelineQueryArgs { - pageInfo: PageInfoTimeline; - - search?: Maybe; - - sort?: Maybe; - - onlyUserFavorite?: Maybe; - - timelineType?: Maybe; - - status?: Maybe; -} -export interface AuthenticationsSourceArgs { - timerange: TimerangeInput; - - pagination: PaginationInputPaginated; - - filterQuery?: Maybe; - - defaultIndex: string[]; - - docValueFields: DocValueFieldsInput[]; -} -export interface TimelineSourceArgs { - pagination: PaginationInput; - - sortField: SortField; - - fieldRequested: string[]; - - timerange?: Maybe; - - filterQuery?: Maybe; - - defaultIndex: string[]; - - docValueFields: DocValueFieldsInput[]; -} -export interface TimelineDetailsSourceArgs { - eventId: string; - - indexName: string; - - defaultIndex: string[]; - - docValueFields: DocValueFieldsInput[]; -} -export interface LastEventTimeSourceArgs { - id?: Maybe; - - indexKey: LastEventIndexKey; - - details: LastTimeDetails; - - defaultIndex: string[]; - - docValueFields: DocValueFieldsInput[]; -} -export interface HostsSourceArgs { - id?: Maybe; - - timerange: TimerangeInput; - - pagination: PaginationInputPaginated; - - sort: HostsSortField; - - filterQuery?: Maybe; - - defaultIndex: string[]; - - docValueFields: DocValueFieldsInput[]; -} -export interface HostOverviewSourceArgs { - id?: Maybe; - - hostName: string; - - timerange: TimerangeInput; - - defaultIndex: string[]; -} -export interface HostFirstLastSeenSourceArgs { - id?: Maybe; - - hostName: string; - - defaultIndex: string[]; - - docValueFields: DocValueFieldsInput[]; -} -export interface KpiNetworkSourceArgs { - id?: Maybe; - - timerange: TimerangeInput; - - filterQuery?: Maybe; - - defaultIndex: string[]; -} -export interface KpiHostsSourceArgs { - id?: Maybe; - - timerange: TimerangeInput; - - filterQuery?: Maybe; - - defaultIndex: string[]; -} -export interface KpiHostDetailsSourceArgs { - id?: Maybe; - - timerange: TimerangeInput; - - filterQuery?: Maybe; - - defaultIndex: string[]; -} -export interface MatrixHistogramSourceArgs { - filterQuery?: Maybe; - - defaultIndex: string[]; - - timerange: TimerangeInput; - - stackByField: string; - - histogramType: HistogramType; -} -export interface NetworkTopCountriesSourceArgs { - id?: Maybe; - - filterQuery?: Maybe; - - ip?: Maybe; - - flowTarget: FlowTargetSourceDest; - - pagination: PaginationInputPaginated; - - sort: NetworkTopTablesSortField; - - timerange: TimerangeInput; - - defaultIndex: string[]; -} -export interface NetworkTopNFlowSourceArgs { - id?: Maybe; - - filterQuery?: Maybe; - - ip?: Maybe; - - flowTarget: FlowTargetSourceDest; - - pagination: PaginationInputPaginated; - - sort: NetworkTopTablesSortField; - - timerange: TimerangeInput; - - defaultIndex: string[]; -} -export interface NetworkDnsSourceArgs { - filterQuery?: Maybe; - - id?: Maybe; - - isPtrIncluded: boolean; - - pagination: PaginationInputPaginated; - - sort: NetworkDnsSortField; - - stackByField?: Maybe; - - timerange: TimerangeInput; - - defaultIndex: string[]; -} -export interface NetworkDnsHistogramSourceArgs { - filterQuery?: Maybe; - - defaultIndex: string[]; - - timerange: TimerangeInput; - - stackByField?: Maybe; - - docValueFields: DocValueFieldsInput[]; -} -export interface NetworkHttpSourceArgs { - id?: Maybe; - - filterQuery?: Maybe; - - ip?: Maybe; - - pagination: PaginationInputPaginated; - - sort: NetworkHttpSortField; - - timerange: TimerangeInput; - - defaultIndex: string[]; -} -export interface IndicesExistSourceStatusArgs { - defaultIndex: string[]; -} -export interface IndexFieldsSourceStatusArgs { - defaultIndex: string[]; -} -export interface PersistNoteMutationArgs { - noteId?: Maybe; - - version?: Maybe; - - note: NoteInput; -} -export interface DeleteNoteMutationArgs { - id: string[]; -} -export interface DeleteNoteByTimelineIdMutationArgs { - timelineId: string; - - version?: Maybe; -} -export interface PersistPinnedEventOnTimelineMutationArgs { - pinnedEventId?: Maybe; - - eventId: string; - - timelineId?: Maybe; -} -export interface DeletePinnedEventOnTimelineMutationArgs { - id: string[]; -} -export interface DeleteAllPinnedEventsOnTimelineMutationArgs { - timelineId: string; -} -export interface PersistTimelineMutationArgs { - id?: Maybe; - - version?: Maybe; - - timeline: TimelineInput; -} -export interface PersistFavoriteMutationArgs { - timelineId?: Maybe; -} -export interface DeleteTimelineMutationArgs { - id: string[]; -} - -// ==================================================== -// Documents -// ==================================================== - -export namespace GetLastEventTimeQuery { - export type Variables = { - sourceId: string; - indexKey: LastEventIndexKey; - details: LastTimeDetails; - defaultIndex: string[]; - docValueFields: DocValueFieldsInput[]; - }; - - export type Query = { - __typename?: 'Query'; - - source: Source; - }; - - export type Source = { - __typename?: 'Source'; - - id: string; - - LastEventTime: LastEventTime; - }; - - export type LastEventTime = { - __typename?: 'LastEventTimeData'; - - lastSeen: Maybe; - }; -} - -export namespace GetMatrixHistogramQuery { - export type Variables = { - defaultIndex: string[]; - filterQuery?: Maybe; - histogramType: HistogramType; - inspect: boolean; - sourceId: string; - stackByField: string; - timerange: TimerangeInput; - }; - - export type Query = { - __typename?: 'Query'; - - source: Source; - }; - - export type Source = { - __typename?: 'Source'; - - id: string; - - MatrixHistogram: MatrixHistogram; - }; - - export type MatrixHistogram = { - __typename?: 'MatrixHistogramOverTimeData'; - - matrixHistogramData: MatrixHistogramData[]; - - totalCount: number; - - inspect: Maybe; - }; - - export type MatrixHistogramData = { - __typename?: 'MatrixOverTimeHistogramData'; - - x: Maybe; - - y: Maybe; - - g: Maybe; - }; - - export type Inspect = { - __typename?: 'Inspect'; - - dsl: string[]; - - response: string[]; - }; -} - -export namespace GetAuthenticationsQuery { - export type Variables = { - sourceId: string; - timerange: TimerangeInput; - pagination: PaginationInputPaginated; - filterQuery?: Maybe; - defaultIndex: string[]; - inspect: boolean; - docValueFields: DocValueFieldsInput[]; - }; - - export type Query = { - __typename?: 'Query'; - - source: Source; - }; - - export type Source = { - __typename?: 'Source'; - - id: string; - - Authentications: Authentications; - }; - - export type Authentications = { - __typename?: 'AuthenticationsData'; - - totalCount: number; - - edges: Edges[]; - - pageInfo: PageInfo; - - inspect: Maybe; - }; - - export type Edges = { - __typename?: 'AuthenticationsEdges'; - - node: Node; - - cursor: Cursor; - }; - - export type Node = { - __typename?: 'AuthenticationItem'; - - _id: string; - - failures: number; - - successes: number; - - user: User; - - lastSuccess: Maybe; - - lastFailure: Maybe; - }; - - export type User = { - __typename?: 'UserEcsFields'; - - name: Maybe; - }; - - export type LastSuccess = { - __typename?: 'LastSourceHost'; - - timestamp: Maybe; - - source: Maybe<_Source>; - - host: Maybe; - }; - - export type _Source = { - __typename?: 'SourceEcsFields'; - - ip: Maybe; - }; - - export type Host = { - __typename?: 'HostEcsFields'; - - id: Maybe; - - name: Maybe; - }; - - export type LastFailure = { - __typename?: 'LastSourceHost'; - - timestamp: Maybe; - - source: Maybe<__Source>; - - host: Maybe<_Host>; - }; - - export type __Source = { - __typename?: 'SourceEcsFields'; - - ip: Maybe; - }; - - export type _Host = { - __typename?: 'HostEcsFields'; - - id: Maybe; - - name: Maybe; - }; - - export type Cursor = { - __typename?: 'CursorType'; - - value: Maybe; - }; - - export type PageInfo = { - __typename?: 'PageInfoPaginated'; - - activePage: number; - - fakeTotalCount: number; - - showMorePagesIndicator: boolean; - }; - - export type Inspect = { - __typename?: 'Inspect'; - - dsl: string[]; - - response: string[]; - }; -} - -export namespace GetHostOverviewQuery { - export type Variables = { - sourceId: string; - hostName: string; - timerange: TimerangeInput; - defaultIndex: string[]; - inspect: boolean; - }; - - export type Query = { - __typename?: 'Query'; - - source: Source; - }; - - export type Source = { - __typename?: 'Source'; - - id: string; - - HostOverview: HostOverview; - }; - - export type HostOverview = { - __typename?: 'HostItem'; - - _id: Maybe; - - host: Maybe; - - cloud: Maybe; - - inspect: Maybe; - - endpoint: Maybe; - }; - - export type Host = { - __typename?: 'HostEcsFields'; - - architecture: Maybe; - - id: Maybe; - - ip: Maybe; - - mac: Maybe; - - name: Maybe; - - os: Maybe; - - type: Maybe; - }; - - export type Os = { - __typename?: 'OsEcsFields'; - - family: Maybe; - - name: Maybe; - - platform: Maybe; - - version: Maybe; - }; - - export type Cloud = { - __typename?: 'CloudFields'; - - instance: Maybe; - - machine: Maybe; - - provider: Maybe<(Maybe)[]>; - - region: Maybe<(Maybe)[]>; - }; - - export type Instance = { - __typename?: 'CloudInstance'; - - id: Maybe<(Maybe)[]>; - }; - - export type Machine = { - __typename?: 'CloudMachine'; - - type: Maybe<(Maybe)[]>; - }; - - export type Inspect = { - __typename?: 'Inspect'; - - dsl: string[]; - - response: string[]; - }; - - export type Endpoint = { - __typename?: 'EndpointFields'; - - endpointPolicy: Maybe; - - policyStatus: Maybe; - - sensorVersion: Maybe; - }; -} - -export namespace GetHostFirstLastSeenQuery { - export type Variables = { - sourceId: string; - hostName: string; - defaultIndex: string[]; - docValueFields: DocValueFieldsInput[]; - }; - - export type Query = { - __typename?: 'Query'; - - source: Source; - }; - - export type Source = { - __typename?: 'Source'; - - id: string; - - HostFirstLastSeen: HostFirstLastSeen; - }; - - export type HostFirstLastSeen = { - __typename?: 'FirstLastSeenHost'; - - firstSeen: Maybe; - - lastSeen: Maybe; - }; -} - -export namespace GetHostsTableQuery { - export type Variables = { - sourceId: string; - timerange: TimerangeInput; - pagination: PaginationInputPaginated; - sort: HostsSortField; - filterQuery?: Maybe; - defaultIndex: string[]; - inspect: boolean; - docValueFields: DocValueFieldsInput[]; - }; - - export type Query = { - __typename?: 'Query'; - - source: Source; - }; - - export type Source = { - __typename?: 'Source'; - - id: string; - - Hosts: Hosts; - }; - - export type Hosts = { - __typename?: 'HostsData'; - - totalCount: number; - - edges: Edges[]; - - pageInfo: PageInfo; - - inspect: Maybe; - }; - - export type Edges = { - __typename?: 'HostsEdges'; - - node: Node; - - cursor: Cursor; - }; - - export type Node = { - __typename?: 'HostItem'; - - _id: Maybe; - - lastSeen: Maybe; - - host: Maybe; - }; - - export type Host = { - __typename?: 'HostEcsFields'; - - id: Maybe; - - name: Maybe; - - os: Maybe; - }; - - export type Os = { - __typename?: 'OsEcsFields'; - - name: Maybe; - - version: Maybe; - }; - - export type Cursor = { - __typename?: 'CursorType'; - - value: Maybe; - }; - - export type PageInfo = { - __typename?: 'PageInfoPaginated'; - - activePage: number; - - fakeTotalCount: number; - - showMorePagesIndicator: boolean; - }; - - export type Inspect = { - __typename?: 'Inspect'; - - dsl: string[]; - - response: string[]; - }; -} - -export namespace GetKpiHostDetailsQuery { - export type Variables = { - sourceId: string; - timerange: TimerangeInput; - filterQuery?: Maybe; - defaultIndex: string[]; - inspect: boolean; - }; - - export type Query = { - __typename?: 'Query'; - - source: Source; - }; - - export type Source = { - __typename?: 'Source'; - - id: string; - - KpiHostDetails: KpiHostDetails; - }; - - export type KpiHostDetails = { - __typename?: 'KpiHostDetailsData'; - - authSuccess: Maybe; - - authSuccessHistogram: Maybe; - - authFailure: Maybe; - - authFailureHistogram: Maybe; - - uniqueSourceIps: Maybe; - - uniqueSourceIpsHistogram: Maybe; - - uniqueDestinationIps: Maybe; - - uniqueDestinationIpsHistogram: Maybe; - - inspect: Maybe; - }; - - export type AuthSuccessHistogram = KpiHostDetailsChartFields.Fragment; - - export type AuthFailureHistogram = KpiHostDetailsChartFields.Fragment; - - export type UniqueSourceIpsHistogram = KpiHostDetailsChartFields.Fragment; - - export type UniqueDestinationIpsHistogram = KpiHostDetailsChartFields.Fragment; - - export type Inspect = { - __typename?: 'Inspect'; - - dsl: string[]; - - response: string[]; - }; -} - -export namespace GetKpiHostsQuery { - export type Variables = { - sourceId: string; - timerange: TimerangeInput; - filterQuery?: Maybe; - defaultIndex: string[]; - inspect: boolean; - }; - - export type Query = { - __typename?: 'Query'; - - source: Source; - }; - - export type Source = { - __typename?: 'Source'; - - id: string; - - KpiHosts: KpiHosts; - }; - - export type KpiHosts = { - __typename?: 'KpiHostsData'; - - hosts: Maybe; - - hostsHistogram: Maybe; - - authSuccess: Maybe; - - authSuccessHistogram: Maybe; - - authFailure: Maybe; - - authFailureHistogram: Maybe; - - uniqueSourceIps: Maybe; - - uniqueSourceIpsHistogram: Maybe; - - uniqueDestinationIps: Maybe; - - uniqueDestinationIpsHistogram: Maybe; - - inspect: Maybe; - }; - - export type HostsHistogram = KpiHostChartFields.Fragment; - - export type AuthSuccessHistogram = KpiHostChartFields.Fragment; - - export type AuthFailureHistogram = KpiHostChartFields.Fragment; - - export type UniqueSourceIpsHistogram = KpiHostChartFields.Fragment; - - export type UniqueDestinationIpsHistogram = KpiHostChartFields.Fragment; - - export type Inspect = { - __typename?: 'Inspect'; - - dsl: string[]; - - response: string[]; - }; -} - -export namespace GetKpiNetworkQuery { - export type Variables = { - sourceId: string; - timerange: TimerangeInput; - filterQuery?: Maybe; - defaultIndex: string[]; - inspect: boolean; - }; - - export type Query = { - __typename?: 'Query'; - - source: Source; - }; - - export type Source = { - __typename?: 'Source'; - - id: string; - - KpiNetwork: Maybe; - }; - - export type KpiNetwork = { - __typename?: 'KpiNetworkData'; - - networkEvents: Maybe; - - uniqueFlowId: Maybe; - - uniqueSourcePrivateIps: Maybe; - - uniqueSourcePrivateIpsHistogram: Maybe; - - uniqueDestinationPrivateIps: Maybe; - - uniqueDestinationPrivateIpsHistogram: Maybe; - - dnsQueries: Maybe; - - tlsHandshakes: Maybe; - - inspect: Maybe; - }; - - export type UniqueSourcePrivateIpsHistogram = KpiNetworkChartFields.Fragment; - - export type UniqueDestinationPrivateIpsHistogram = KpiNetworkChartFields.Fragment; - - export type Inspect = { - __typename?: 'Inspect'; - - dsl: string[]; - - response: string[]; - }; -} - -export namespace GetNetworkDnsQuery { - export type Variables = { - defaultIndex: string[]; - filterQuery?: Maybe; - inspect: boolean; - isPtrIncluded: boolean; - pagination: PaginationInputPaginated; - sort: NetworkDnsSortField; - sourceId: string; - stackByField?: Maybe; - timerange: TimerangeInput; - }; - - export type Query = { - __typename?: 'Query'; - - source: Source; - }; - - export type Source = { - __typename?: 'Source'; - - id: string; - - NetworkDns: NetworkDns; - }; - - export type NetworkDns = { - __typename?: 'NetworkDnsData'; - - totalCount: number; - - edges: Edges[]; - - pageInfo: PageInfo; - - inspect: Maybe; - }; - - export type Edges = { - __typename?: 'NetworkDnsEdges'; - - node: Node; - - cursor: Cursor; - }; - - export type Node = { - __typename?: 'NetworkDnsItem'; - - _id: Maybe; - - dnsBytesIn: Maybe; - - dnsBytesOut: Maybe; - - dnsName: Maybe; - - queryCount: Maybe; - - uniqueDomains: Maybe; - }; - - export type Cursor = { - __typename?: 'CursorType'; - - value: Maybe; - }; - - export type PageInfo = { - __typename?: 'PageInfoPaginated'; - - activePage: number; - - fakeTotalCount: number; - - showMorePagesIndicator: boolean; - }; - - export type Inspect = { - __typename?: 'Inspect'; - - dsl: string[]; - - response: string[]; - }; -} - -export namespace GetNetworkHttpQuery { - export type Variables = { - sourceId: string; - ip?: Maybe; - filterQuery?: Maybe; - pagination: PaginationInputPaginated; - sort: NetworkHttpSortField; - timerange: TimerangeInput; - defaultIndex: string[]; - inspect: boolean; - }; - - export type Query = { - __typename?: 'Query'; - - source: Source; - }; - - export type Source = { - __typename?: 'Source'; - - id: string; - - NetworkHttp: NetworkHttp; - }; - - export type NetworkHttp = { - __typename?: 'NetworkHttpData'; - - totalCount: number; - - edges: Edges[]; - - pageInfo: PageInfo; - - inspect: Maybe; - }; - - export type Edges = { - __typename?: 'NetworkHttpEdges'; - - node: Node; - - cursor: Cursor; - }; - - export type Node = { - __typename?: 'NetworkHttpItem'; - - domains: string[]; - - lastHost: Maybe; - - lastSourceIp: Maybe; - - methods: string[]; - - path: Maybe; - - requestCount: Maybe; - - statuses: string[]; - }; - - export type Cursor = { - __typename?: 'CursorType'; - - value: Maybe; - }; - - export type PageInfo = { - __typename?: 'PageInfoPaginated'; - - activePage: number; - - fakeTotalCount: number; - - showMorePagesIndicator: boolean; - }; - - export type Inspect = { - __typename?: 'Inspect'; - - dsl: string[]; - - response: string[]; - }; -} - -export namespace GetNetworkTopCountriesQuery { - export type Variables = { - sourceId: string; - ip?: Maybe; - filterQuery?: Maybe; - pagination: PaginationInputPaginated; - sort: NetworkTopTablesSortField; - flowTarget: FlowTargetSourceDest; - timerange: TimerangeInput; - defaultIndex: string[]; - inspect: boolean; - }; - - export type Query = { - __typename?: 'Query'; - - source: Source; - }; - - export type Source = { - __typename?: 'Source'; - - id: string; - - NetworkTopCountries: NetworkTopCountries; - }; - - export type NetworkTopCountries = { - __typename?: 'NetworkTopCountriesData'; - - totalCount: number; - - edges: Edges[]; - - pageInfo: PageInfo; - - inspect: Maybe; - }; - - export type Edges = { - __typename?: 'NetworkTopCountriesEdges'; - - node: Node; - - cursor: Cursor; - }; - - export type Node = { - __typename?: 'NetworkTopCountriesItem'; - - source: Maybe<_Source>; - - destination: Maybe; - - network: Maybe; - }; - - export type _Source = { - __typename?: 'TopCountriesItemSource'; - - country: Maybe; - - destination_ips: Maybe; - - flows: Maybe; - - source_ips: Maybe; - }; - - export type Destination = { - __typename?: 'TopCountriesItemDestination'; - - country: Maybe; - - destination_ips: Maybe; - - flows: Maybe; - - source_ips: Maybe; - }; - - export type Network = { - __typename?: 'TopNetworkTablesEcsField'; - - bytes_in: Maybe; - - bytes_out: Maybe; - }; - - export type Cursor = { - __typename?: 'CursorType'; - - value: Maybe; - }; - - export type PageInfo = { - __typename?: 'PageInfoPaginated'; - - activePage: number; - - fakeTotalCount: number; - - showMorePagesIndicator: boolean; - }; - - export type Inspect = { - __typename?: 'Inspect'; - - dsl: string[]; - - response: string[]; - }; -} - -export namespace GetNetworkTopNFlowQuery { - export type Variables = { - sourceId: string; - ip?: Maybe; - filterQuery?: Maybe; - pagination: PaginationInputPaginated; - sort: NetworkTopTablesSortField; - flowTarget: FlowTargetSourceDest; - timerange: TimerangeInput; - defaultIndex: string[]; - inspect: boolean; - }; - - export type Query = { - __typename?: 'Query'; - - source: Source; - }; - - export type Source = { - __typename?: 'Source'; - - id: string; - - NetworkTopNFlow: NetworkTopNFlow; - }; - - export type NetworkTopNFlow = { - __typename?: 'NetworkTopNFlowData'; - - totalCount: number; - - edges: Edges[]; - - pageInfo: PageInfo; - - inspect: Maybe; - }; - - export type Edges = { - __typename?: 'NetworkTopNFlowEdges'; - - node: Node; - - cursor: Cursor; - }; - - export type Node = { - __typename?: 'NetworkTopNFlowItem'; - - source: Maybe<_Source>; - - destination: Maybe; - - network: Maybe; - }; - - export type _Source = { - __typename?: 'TopNFlowItemSource'; - - autonomous_system: Maybe; - - domain: Maybe; - - ip: Maybe; - - location: Maybe; - - flows: Maybe; - - destination_ips: Maybe; - }; - - export type AutonomousSystem = { - __typename?: 'AutonomousSystemItem'; - - name: Maybe; - - number: Maybe; - }; - - export type Location = { - __typename?: 'GeoItem'; - - geo: Maybe; - - flowTarget: Maybe; - }; - - export type Geo = { - __typename?: 'GeoEcsFields'; - - continent_name: Maybe; - - country_name: Maybe; - - country_iso_code: Maybe; - - city_name: Maybe; - - region_iso_code: Maybe; - - region_name: Maybe; - }; - - export type Destination = { - __typename?: 'TopNFlowItemDestination'; - - autonomous_system: Maybe<_AutonomousSystem>; - - domain: Maybe; - - ip: Maybe; - - location: Maybe<_Location>; - - flows: Maybe; - - source_ips: Maybe; - }; - - export type _AutonomousSystem = { - __typename?: 'AutonomousSystemItem'; - - name: Maybe; - - number: Maybe; - }; - - export type _Location = { - __typename?: 'GeoItem'; - - geo: Maybe<_Geo>; - - flowTarget: Maybe; - }; - - export type _Geo = { - __typename?: 'GeoEcsFields'; - - continent_name: Maybe; - - country_name: Maybe; - - country_iso_code: Maybe; - - city_name: Maybe; - - region_iso_code: Maybe; - - region_name: Maybe; - }; - - export type Network = { - __typename?: 'TopNetworkTablesEcsField'; - - bytes_in: Maybe; - - bytes_out: Maybe; - }; - - export type Cursor = { - __typename?: 'CursorType'; - - value: Maybe; - }; - - export type PageInfo = { - __typename?: 'PageInfoPaginated'; - - activePage: number; - - fakeTotalCount: number; - - showMorePagesIndicator: boolean; - }; - - export type Inspect = { - __typename?: 'Inspect'; - - dsl: string[]; - - response: string[]; - }; -} - -export namespace GetAllTimeline { - export type Variables = { - pageInfo: PageInfoTimeline; - search?: Maybe; - sort?: Maybe; - onlyUserFavorite?: Maybe; - timelineType?: Maybe; - status?: Maybe; - }; - - export type Query = { - __typename?: 'Query'; - - getAllTimeline: GetAllTimeline; - }; - - export type GetAllTimeline = { - __typename?: 'ResponseTimelines'; - - totalCount: Maybe; - - defaultTimelineCount: Maybe; - - templateTimelineCount: Maybe; - - elasticTemplateTimelineCount: Maybe; - - customTemplateTimelineCount: Maybe; - - favoriteCount: Maybe; - - timeline: (Maybe)[]; - }; - - export type Timeline = { - __typename?: 'TimelineResult'; - - savedObjectId: string; - - description: Maybe; - - favorite: Maybe; - - eventIdToNoteIds: Maybe; - - excludedRowRendererIds: Maybe; - - notes: Maybe; - - noteIds: Maybe; - - pinnedEventIds: Maybe; - - status: Maybe; - - title: Maybe; - - timelineType: Maybe; - - templateTimelineId: Maybe; - - templateTimelineVersion: Maybe; - - created: Maybe; - - createdBy: Maybe; - - updated: Maybe; - - updatedBy: Maybe; - - version: string; - }; - - export type Favorite = { - __typename?: 'FavoriteTimelineResult'; - - fullName: Maybe; - - userName: Maybe; - - favoriteDate: Maybe; - }; - - export type EventIdToNoteIds = { - __typename?: 'NoteResult'; - - eventId: Maybe; - - note: Maybe; - - timelineId: Maybe; - - noteId: string; - - created: Maybe; - - createdBy: Maybe; - - timelineVersion: Maybe; - - updated: Maybe; - - updatedBy: Maybe; - - version: Maybe; - }; - - export type Notes = { - __typename?: 'NoteResult'; - - eventId: Maybe; - - note: Maybe; - - timelineId: Maybe; - - timelineVersion: Maybe; - - noteId: string; - - created: Maybe; - - createdBy: Maybe; - - updated: Maybe; - - updatedBy: Maybe; - - version: Maybe; - }; -} - -export namespace DeleteTimelineMutation { - export type Variables = { - id: string[]; - }; - - export type Mutation = { - __typename?: 'Mutation'; - - deleteTimeline: boolean; - }; -} - -export namespace GetTimelineDetailsQuery { - export type Variables = { - sourceId: string; - eventId: string; - indexName: string; - defaultIndex: string[]; - docValueFields: DocValueFieldsInput[]; - }; - - export type Query = { - __typename?: 'Query'; - - source: Source; - }; - - export type Source = { - __typename?: 'Source'; - - id: string; - - TimelineDetails: TimelineDetails; - }; - - export type TimelineDetails = { - __typename?: 'TimelineDetailsData'; - - data: Maybe; - }; - - export type Data = { - __typename?: 'DetailItem'; - - field: string; - - values: Maybe; - - originalValue: Maybe; - }; -} - -export namespace PersistTimelineFavoriteMutation { - export type Variables = { - timelineId?: Maybe; - }; - - export type Mutation = { - __typename?: 'Mutation'; - - persistFavorite: PersistFavorite; - }; - - export type PersistFavorite = { - __typename?: 'ResponseFavoriteTimeline'; - - savedObjectId: string; - - version: string; - - favorite: Maybe; - }; - - export type Favorite = { - __typename?: 'FavoriteTimelineResult'; - - fullName: Maybe; - - userName: Maybe; - - favoriteDate: Maybe; - }; -} - -export namespace GetTimelineQuery { - export type Variables = { - sourceId: string; - fieldRequested: string[]; - pagination: PaginationInput; - sortField: SortField; - filterQuery?: Maybe; - defaultIndex: string[]; - inspect: boolean; - docValueFields: DocValueFieldsInput[]; - timerange: TimerangeInput; - }; - - export type Query = { - __typename?: 'Query'; - - source: Source; - }; - - export type Source = { - __typename?: 'Source'; - - id: string; - - Timeline: Timeline; - }; - - export type Timeline = { - __typename?: 'TimelineData'; - - totalCount: number; - - inspect: Maybe; - - pageInfo: PageInfo; - - edges: Edges[]; - }; - - export type Inspect = { - __typename?: 'Inspect'; - - dsl: string[]; - - response: string[]; - }; - - export type PageInfo = { - __typename?: 'PageInfo'; - - endCursor: Maybe; - - hasNextPage: Maybe; - }; - - export type EndCursor = { - __typename?: 'CursorType'; - - value: Maybe; - - tiebreaker: Maybe; - }; - - export type Edges = { - __typename?: 'TimelineEdges'; - - node: Node; - }; - - export type Node = { - __typename?: 'TimelineItem'; - - _id: string; - - _index: Maybe; - - data: Data[]; - - ecs: Ecs; - }; - - export type Data = { - __typename?: 'TimelineNonEcsData'; - - field: string; - - value: Maybe; - }; - - export type Ecs = { - __typename?: 'ECS'; - - _id: string; - - _index: Maybe; - - timestamp: Maybe; - - message: Maybe; - - system: Maybe; - - event: Maybe; - - agent: Maybe; - - auditd: Maybe; - - file: Maybe; - - host: Maybe; - - rule: Maybe; - - source: Maybe<_Source>; - - destination: Maybe; - - dns: Maybe; - - endgame: Maybe; - - geo: Maybe<__Geo>; - - signal: Maybe; - - suricata: Maybe; - - network: Maybe; - - http: Maybe; - - tls: Maybe; - - url: Maybe; - - user: Maybe; - - winlog: Maybe; - - process: Maybe; - - zeek: Maybe; - }; - - export type System = { - __typename?: 'SystemEcsField'; - - auth: Maybe; - - audit: Maybe; - }; - - export type Auth = { - __typename?: 'AuthEcsFields'; - - ssh: Maybe; - }; - - export type Ssh = { - __typename?: 'SshEcsFields'; - - signature: Maybe; - - method: Maybe; - }; - - export type Audit = { - __typename?: 'AuditEcsFields'; - - package: Maybe; - }; - - export type Package = { - __typename?: 'PackageEcsFields'; - - arch: Maybe; - - entity_id: Maybe; - - name: Maybe; - - size: Maybe; - - summary: Maybe; - - version: Maybe; - }; - - export type Event = { - __typename?: 'EventEcsFields'; - - action: Maybe; - - category: Maybe; - - code: Maybe; - - created: Maybe; - - dataset: Maybe; - - duration: Maybe; - - end: Maybe; - - hash: Maybe; - - id: Maybe; - - kind: Maybe; - - module: Maybe; - - original: Maybe; - - outcome: Maybe; - - risk_score: Maybe; - - risk_score_norm: Maybe; - - severity: Maybe; - - start: Maybe; - - timezone: Maybe; - - type: Maybe; - }; - - export type Agent = { - __typename?: 'AgentEcsField'; - - type: Maybe; - }; - - export type Auditd = { - __typename?: 'AuditdEcsFields'; - - result: Maybe; - - session: Maybe; - - data: Maybe<_Data>; - - summary: Maybe; - }; - - export type _Data = { - __typename?: 'AuditdData'; - - acct: Maybe; - - terminal: Maybe; - - op: Maybe; - }; - - export type Summary = { - __typename?: 'Summary'; - - actor: Maybe; - - object: Maybe; - - how: Maybe; - - message_type: Maybe; - - sequence: Maybe; - }; - - export type Actor = { - __typename?: 'PrimarySecondary'; - - primary: Maybe; - - secondary: Maybe; - }; - - export type Object = { - __typename?: 'PrimarySecondary'; - - primary: Maybe; - - secondary: Maybe; - - type: Maybe; - }; - - export type File = { - __typename?: 'FileFields'; - - name: Maybe; - - path: Maybe; - - target_path: Maybe; - - extension: Maybe; - - type: Maybe; - - device: Maybe; - - inode: Maybe; - - uid: Maybe; - - owner: Maybe; - - gid: Maybe; - - group: Maybe; - - mode: Maybe; - - size: Maybe; - - mtime: Maybe; - - ctime: Maybe; - }; - - export type Host = { - __typename?: 'HostEcsFields'; - - id: Maybe; - - name: Maybe; - - ip: Maybe; - }; - - export type Rule = { - __typename?: 'RuleEcsField'; - - reference: Maybe; - }; - - export type _Source = { - __typename?: 'SourceEcsFields'; - - bytes: Maybe; - - ip: Maybe; - - packets: Maybe; - - port: Maybe; - - geo: Maybe; - }; - - export type Geo = { - __typename?: 'GeoEcsFields'; - - continent_name: Maybe; - - country_name: Maybe; - - country_iso_code: Maybe; - - city_name: Maybe; - - region_iso_code: Maybe; - - region_name: Maybe; - }; - - export type Destination = { - __typename?: 'DestinationEcsFields'; - - bytes: Maybe; - - ip: Maybe; - - packets: Maybe; - - port: Maybe; - - geo: Maybe<_Geo>; - }; - - export type _Geo = { - __typename?: 'GeoEcsFields'; - - continent_name: Maybe; - - country_name: Maybe; - - country_iso_code: Maybe; - - city_name: Maybe; - - region_iso_code: Maybe; - - region_name: Maybe; - }; - - export type Dns = { - __typename?: 'DnsEcsFields'; - - question: Maybe; - - resolved_ip: Maybe; - - response_code: Maybe; - }; - - export type Question = { - __typename?: 'DnsQuestionData'; - - name: Maybe; - - type: Maybe; - }; - - export type Endgame = { - __typename?: 'EndgameEcsFields'; - - exit_code: Maybe; - - file_name: Maybe; - - file_path: Maybe; - - logon_type: Maybe; - - parent_process_name: Maybe; - - pid: Maybe; - - process_name: Maybe; - - subject_domain_name: Maybe; - - subject_logon_id: Maybe; - - subject_user_name: Maybe; - - target_domain_name: Maybe; - - target_logon_id: Maybe; - - target_user_name: Maybe; - }; - - export type __Geo = { - __typename?: 'GeoEcsFields'; - - region_name: Maybe; - - country_iso_code: Maybe; - }; - - export type Signal = { - __typename?: 'SignalField'; - - status: Maybe; - - original_time: Maybe; - - rule: Maybe<_Rule>; - }; - - export type _Rule = { - __typename?: 'RuleField'; + architecture: Maybe; id: Maybe; - saved_id: Maybe; - - timeline_id: Maybe; + ip: Maybe; - timeline_title: Maybe; + mac: Maybe; - output_index: Maybe; + name: Maybe; - from: Maybe; + os: Maybe; - index: Maybe; + type: Maybe; + }; - language: Maybe; + export type Os = { + __typename?: 'OsEcsFields'; - query: Maybe; + family: Maybe; - to: Maybe; + name: Maybe; - filters: Maybe; + platform: Maybe; - note: Maybe; + version: Maybe; + }; - type: Maybe; + export type Cloud = { + __typename?: 'CloudFields'; - threshold: Maybe; + instance: Maybe; - exceptions_list: Maybe; - }; + machine: Maybe; - export type Suricata = { - __typename?: 'SuricataEcsFields'; + provider: Maybe<(Maybe)[]>; - eve: Maybe; + region: Maybe<(Maybe)[]>; }; - export type Eve = { - __typename?: 'SuricataEveData'; + export type Instance = { + __typename?: 'CloudInstance'; - proto: Maybe; + id: Maybe<(Maybe)[]>; + }; - flow_id: Maybe; + export type Machine = { + __typename?: 'CloudMachine'; - alert: Maybe; + type: Maybe<(Maybe)[]>; }; - export type Alert = { - __typename?: 'SuricataAlertData'; + export type Inspect = { + __typename?: 'Inspect'; - signature: Maybe; + dsl: string[]; - signature_id: Maybe; + response: string[]; }; - export type Network = { - __typename?: 'NetworkEcsField'; + export type Endpoint = { + __typename?: 'EndpointFields'; - bytes: Maybe; + endpointPolicy: Maybe; - community_id: Maybe; + policyStatus: Maybe; - direction: Maybe; + sensorVersion: Maybe; + }; +} - packets: Maybe; +export namespace GetHostFirstLastSeenQuery { + export type Variables = { + sourceId: string; + hostName: string; + defaultIndex: string[]; + docValueFields: DocValueFieldsInput[]; + }; - protocol: Maybe; + export type Query = { + __typename?: 'Query'; - transport: Maybe; + source: Source; }; - export type Http = { - __typename?: 'HttpEcsFields'; - - version: Maybe; + export type Source = { + __typename?: 'Source'; - request: Maybe; + id: string; - response: Maybe; + HostFirstLastSeen: HostFirstLastSeen; }; - export type Request = { - __typename?: 'HttpRequestData'; - - method: Maybe; + export type HostFirstLastSeen = { + __typename?: 'FirstLastSeenHost'; - body: Maybe; + firstSeen: Maybe; - referrer: Maybe; + lastSeen: Maybe; }; +} - export type Body = { - __typename?: 'HttpBodyData'; +export namespace GetHostsTableQuery { + export type Variables = { + sourceId: string; + timerange: TimerangeInput; + pagination: PaginationInputPaginated; + sort: HostsSortField; + filterQuery?: Maybe; + defaultIndex: string[]; + inspect: boolean; + docValueFields: DocValueFieldsInput[]; + }; - bytes: Maybe; + export type Query = { + __typename?: 'Query'; - content: Maybe; + source: Source; }; - export type Response = { - __typename?: 'HttpResponseData'; + export type Source = { + __typename?: 'Source'; - status_code: Maybe; + id: string; - body: Maybe<_Body>; + Hosts: Hosts; }; - export type _Body = { - __typename?: 'HttpBodyData'; + export type Hosts = { + __typename?: 'HostsData'; - bytes: Maybe; + totalCount: number; - content: Maybe; - }; + edges: Edges[]; + + pageInfo: PageInfo; - export type Tls = { - __typename?: 'TlsEcsFields'; + inspect: Maybe; + }; - client_certificate: Maybe; + export type Edges = { + __typename?: 'HostsEdges'; - fingerprints: Maybe; + node: Node; - server_certificate: Maybe; + cursor: Cursor; }; - export type ClientCertificate = { - __typename?: 'TlsClientCertificateData'; + export type Node = { + __typename?: 'HostItem'; - fingerprint: Maybe; - }; + _id: Maybe; - export type Fingerprint = { - __typename?: 'FingerprintData'; + lastSeen: Maybe; - sha1: Maybe; + host: Maybe; }; - export type Fingerprints = { - __typename?: 'TlsFingerprintsData'; + export type Host = { + __typename?: 'HostEcsFields'; - ja3: Maybe; - }; + id: Maybe; - export type Ja3 = { - __typename?: 'TlsJa3Data'; + name: Maybe; - hash: Maybe; + os: Maybe; }; - export type ServerCertificate = { - __typename?: 'TlsServerCertificateData'; + export type Os = { + __typename?: 'OsEcsFields'; + + name: Maybe; - fingerprint: Maybe<_Fingerprint>; + version: Maybe; }; - export type _Fingerprint = { - __typename?: 'FingerprintData'; + export type Cursor = { + __typename?: 'CursorType'; - sha1: Maybe; + value: Maybe; }; - export type Url = { - __typename?: 'UrlEcsFields'; - - original: Maybe; + export type PageInfo = { + __typename?: 'PageInfoPaginated'; - domain: Maybe; + activePage: number; - username: Maybe; + fakeTotalCount: number; - password: Maybe; + showMorePagesIndicator: boolean; }; - export type User = { - __typename?: 'UserEcsFields'; + export type Inspect = { + __typename?: 'Inspect'; - domain: Maybe; + dsl: string[]; - name: Maybe; + response: string[]; }; +} - export type Winlog = { - __typename?: 'WinlogEcsFields'; - - event_id: Maybe; +export namespace GetAllTimeline { + export type Variables = { + pageInfo: PageInfoTimeline; + search?: Maybe; + sort?: Maybe; + onlyUserFavorite?: Maybe; + timelineType?: Maybe; + status?: Maybe; }; - export type Process = { - __typename?: 'ProcessEcsFields'; + export type Query = { + __typename?: 'Query'; - hash: Maybe; + getAllTimeline: GetAllTimeline; + }; - pid: Maybe; + export type GetAllTimeline = { + __typename?: 'ResponseTimelines'; - name: Maybe; + totalCount: Maybe; - ppid: Maybe; + defaultTimelineCount: Maybe; - args: Maybe; + templateTimelineCount: Maybe; - entity_id: Maybe; + elasticTemplateTimelineCount: Maybe; - executable: Maybe; + customTemplateTimelineCount: Maybe; - title: Maybe; + favoriteCount: Maybe; - working_directory: Maybe; + timeline: (Maybe)[]; }; - export type Hash = { - __typename?: 'ProcessHashData'; - - md5: Maybe; - - sha1: Maybe; - - sha256: Maybe; - }; + export type Timeline = { + __typename?: 'TimelineResult'; - export type Zeek = { - __typename?: 'ZeekEcsFields'; + savedObjectId: string; - session_id: Maybe; + description: Maybe; - connection: Maybe; + favorite: Maybe; - notice: Maybe; + eventIdToNoteIds: Maybe; - dns: Maybe<_Dns>; + excludedRowRendererIds: Maybe; - http: Maybe<_Http>; + notes: Maybe; - files: Maybe; + noteIds: Maybe; - ssl: Maybe; - }; + pinnedEventIds: Maybe; - export type Connection = { - __typename?: 'ZeekConnectionData'; + status: Maybe; - local_resp: Maybe; + title: Maybe; - local_orig: Maybe; + timelineType: Maybe; - missed_bytes: Maybe; + templateTimelineId: Maybe; - state: Maybe; + templateTimelineVersion: Maybe; - history: Maybe; - }; + created: Maybe; - export type Notice = { - __typename?: 'ZeekNoticeData'; + createdBy: Maybe; - suppress_for: Maybe; + updated: Maybe; - msg: Maybe; + updatedBy: Maybe; - note: Maybe; + version: string; + }; - sub: Maybe; + export type Favorite = { + __typename?: 'FavoriteTimelineResult'; - dst: Maybe; + fullName: Maybe; - dropped: Maybe; + userName: Maybe; - peer_descr: Maybe; + favoriteDate: Maybe; }; - export type _Dns = { - __typename?: 'ZeekDnsData'; - - AA: Maybe; + export type EventIdToNoteIds = { + __typename?: 'NoteResult'; - qclass_name: Maybe; + eventId: Maybe; - RD: Maybe; + note: Maybe; - qtype_name: Maybe; + timelineId: Maybe; - rejected: Maybe; + noteId: string; - qtype: Maybe; + created: Maybe; - query: Maybe; + createdBy: Maybe; - trans_id: Maybe; + timelineVersion: Maybe; - qclass: Maybe; + updated: Maybe; - RA: Maybe; + updatedBy: Maybe; - TC: Maybe; + version: Maybe; }; - export type _Http = { - __typename?: 'ZeekHttpData'; - - resp_mime_types: Maybe; - - trans_depth: Maybe; - - status_msg: Maybe; - - resp_fuids: Maybe; + export type Notes = { + __typename?: 'NoteResult'; - tags: Maybe; - }; + eventId: Maybe; - export type Files = { - __typename?: 'ZeekFileData'; + note: Maybe; - session_ids: Maybe; + timelineId: Maybe; - timedout: Maybe; + timelineVersion: Maybe; - local_orig: Maybe; + noteId: string; - tx_host: Maybe; + created: Maybe; - source: Maybe; + createdBy: Maybe; - is_orig: Maybe; + updated: Maybe; - overflow_bytes: Maybe; + updatedBy: Maybe; - sha1: Maybe; + version: Maybe; + }; +} - duration: Maybe; +export namespace DeleteTimelineMutation { + export type Variables = { + id: string[]; + }; - depth: Maybe; + export type Mutation = { + __typename?: 'Mutation'; - analyzers: Maybe; + deleteTimeline: boolean; + }; +} - mime_type: Maybe; +export namespace PersistTimelineFavoriteMutation { + export type Variables = { + timelineId?: Maybe; + }; - rx_host: Maybe; + export type Mutation = { + __typename?: 'Mutation'; - total_bytes: Maybe; + persistFavorite: PersistFavorite; + }; - fuid: Maybe; + export type PersistFavorite = { + __typename?: 'ResponseFavoriteTimeline'; - seen_bytes: Maybe; + savedObjectId: string; - missing_bytes: Maybe; + version: string; - md5: Maybe; + favorite: Maybe; }; - export type Ssl = { - __typename?: 'ZeekSslData'; - - cipher: Maybe; + export type Favorite = { + __typename?: 'FavoriteTimelineResult'; - established: Maybe; + fullName: Maybe; - resumed: Maybe; + userName: Maybe; - version: Maybe; + favoriteDate: Maybe; }; } @@ -5199,33 +2772,3 @@ export namespace PersistTimelinePinnedEventMutation { version: Maybe; }; } - -export namespace KpiHostDetailsChartFields { - export type Fragment = { - __typename?: 'KpiHostHistogramData'; - - x: Maybe; - - y: Maybe; - }; -} - -export namespace KpiHostChartFields { - export type Fragment = { - __typename?: 'KpiHostHistogramData'; - - x: Maybe; - - y: Maybe; - }; -} - -export namespace KpiNetworkChartFields { - export type Fragment = { - __typename?: 'KpiNetworkHistogramData'; - - x: Maybe; - - y: Maybe; - }; -} diff --git a/x-pack/plugins/security_solution/public/hosts/containers/authentications/index.gql_query.ts b/x-pack/plugins/security_solution/public/hosts/containers/authentications/index.gql_query.ts deleted file mode 100644 index c68816b34c175..0000000000000 --- a/x-pack/plugins/security_solution/public/hosts/containers/authentications/index.gql_query.ts +++ /dev/null @@ -1,74 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import gql from 'graphql-tag'; - -export const authenticationsQuery = gql` - query GetAuthenticationsQuery( - $sourceId: ID! - $timerange: TimerangeInput! - $pagination: PaginationInputPaginated! - $filterQuery: String - $defaultIndex: [String!]! - $inspect: Boolean! - $docValueFields: [docValueFieldsInput!]! - ) { - source(id: $sourceId) { - id - Authentications( - timerange: $timerange - pagination: $pagination - filterQuery: $filterQuery - defaultIndex: $defaultIndex - docValueFields: $docValueFields - ) { - totalCount - edges { - node { - _id - failures - successes - user { - name - } - lastSuccess { - timestamp - source { - ip - } - host { - id - name - } - } - lastFailure { - timestamp - source { - ip - } - host { - id - name - } - } - } - cursor { - value - } - } - pageInfo { - activePage - fakeTotalCount - showMorePagesIndicator - } - inspect @include(if: $inspect) { - dsl - response - } - } - } - } -`; diff --git a/x-pack/plugins/security_solution/public/hosts/containers/kpi_host_details/index.gql_query.tsx b/x-pack/plugins/security_solution/public/hosts/containers/kpi_host_details/index.gql_query.tsx deleted file mode 100644 index 077f49c4bdfa6..0000000000000 --- a/x-pack/plugins/security_solution/public/hosts/containers/kpi_host_details/index.gql_query.tsx +++ /dev/null @@ -1,52 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import gql from 'graphql-tag'; - -export const kpiHostDetailsQuery = gql` - fragment KpiHostDetailsChartFields on KpiHostHistogramData { - x - y - } - - query GetKpiHostDetailsQuery( - $sourceId: ID! - $timerange: TimerangeInput! - $filterQuery: String - $defaultIndex: [String!]! - $inspect: Boolean! - ) { - source(id: $sourceId) { - id - KpiHostDetails( - timerange: $timerange - filterQuery: $filterQuery - defaultIndex: $defaultIndex - ) { - authSuccess - authSuccessHistogram { - ...KpiHostDetailsChartFields - } - authFailure - authFailureHistogram { - ...KpiHostDetailsChartFields - } - uniqueSourceIps - uniqueSourceIpsHistogram { - ...KpiHostDetailsChartFields - } - uniqueDestinationIps - uniqueDestinationIpsHistogram { - ...KpiHostDetailsChartFields - } - inspect @include(if: $inspect) { - dsl - response - } - } - } - } -`; diff --git a/x-pack/plugins/security_solution/public/hosts/containers/kpi_host_details/index.tsx b/x-pack/plugins/security_solution/public/hosts/containers/kpi_host_details/index.tsx deleted file mode 100644 index 26e4eaf9ea82e..0000000000000 --- a/x-pack/plugins/security_solution/public/hosts/containers/kpi_host_details/index.tsx +++ /dev/null @@ -1,93 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import { getOr } from 'lodash/fp'; -import React from 'react'; -import { Query } from 'react-apollo'; -import { connect, ConnectedProps } from 'react-redux'; - -import { KpiHostDetailsData, GetKpiHostDetailsQuery } from '../../../graphql/types'; -import { inputsModel, inputsSelectors, State } from '../../../common/store'; -import { createFilter, getDefaultFetchPolicy } from '../../../common/containers/helpers'; -import { QueryTemplateProps } from '../../../common/containers/query_template'; - -import { kpiHostDetailsQuery } from './index.gql_query'; - -const ID = 'kpiHostDetailsQuery'; - -export interface KpiHostDetailsArgs { - id: string; - inspect: inputsModel.InspectQuery; - kpiHostDetails: KpiHostDetailsData; - loading: boolean; - refetch: inputsModel.Refetch; -} - -export interface QueryKpiHostDetailsProps extends QueryTemplateProps { - children: (args: KpiHostDetailsArgs) => React.ReactNode; -} - -const KpiHostDetailsComponentQuery = React.memo( - ({ - id = ID, - children, - endDate, - filterQuery, - indexNames, - isInspected, - skip, - sourceId, - startDate, - }) => ( - - query={kpiHostDetailsQuery} - fetchPolicy={getDefaultFetchPolicy()} - notifyOnNetworkStatusChange - skip={skip} - variables={{ - sourceId, - timerange: { - interval: '12h', - from: startDate!, - to: endDate!, - }, - filterQuery: createFilter(filterQuery), - defaultIndex: indexNames ?? [], - inspect: isInspected, - }} - > - {({ data, loading, refetch }) => { - const kpiHostDetails = getOr({}, `source.KpiHostDetails`, data); - return children({ - id, - inspect: getOr(null, 'source.KpiHostDetails.inspect', data), - kpiHostDetails, - loading, - refetch, - }); - }} - - ) -); - -KpiHostDetailsComponentQuery.displayName = 'KpiHostDetailsComponentQuery'; - -const makeMapStateToProps = () => { - const getQuery = inputsSelectors.globalQueryByIdSelector(); - const mapStateToProps = (state: State, { id = ID }: QueryKpiHostDetailsProps) => { - const { isInspected } = getQuery(state, id); - return { - isInspected, - }; - }; - return mapStateToProps; -}; - -const connector = connect(makeMapStateToProps); - -type PropsFromRedux = ConnectedProps; - -export const KpiHostDetailsQuery = connector(KpiHostDetailsComponentQuery); diff --git a/x-pack/plugins/security_solution/public/hosts/containers/kpi_hosts/index.gql_query.ts b/x-pack/plugins/security_solution/public/hosts/containers/kpi_hosts/index.gql_query.ts deleted file mode 100644 index 37d54455db1fd..0000000000000 --- a/x-pack/plugins/security_solution/public/hosts/containers/kpi_hosts/index.gql_query.ts +++ /dev/null @@ -1,52 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import gql from 'graphql-tag'; - -export const kpiHostsQuery = gql` - fragment KpiHostChartFields on KpiHostHistogramData { - x - y - } - - query GetKpiHostsQuery( - $sourceId: ID! - $timerange: TimerangeInput! - $filterQuery: String - $defaultIndex: [String!]! - $inspect: Boolean! - ) { - source(id: $sourceId) { - id - KpiHosts(timerange: $timerange, filterQuery: $filterQuery, defaultIndex: $defaultIndex) { - hosts - hostsHistogram { - ...KpiHostChartFields - } - authSuccess - authSuccessHistogram { - ...KpiHostChartFields - } - authFailure - authFailureHistogram { - ...KpiHostChartFields - } - uniqueSourceIps - uniqueSourceIpsHistogram { - ...KpiHostChartFields - } - uniqueDestinationIps - uniqueDestinationIpsHistogram { - ...KpiHostChartFields - } - inspect @include(if: $inspect) { - dsl - response - } - } - } - } -`; diff --git a/x-pack/plugins/security_solution/public/hosts/pages/details/index.tsx b/x-pack/plugins/security_solution/public/hosts/pages/details/index.tsx index 55b2b529000be..a8b46769b7363 100644 --- a/x-pack/plugins/security_solution/public/hosts/pages/details/index.tsx +++ b/x-pack/plugins/security_solution/public/hosts/pages/details/index.tsx @@ -9,7 +9,7 @@ import { noop } from 'lodash/fp'; import React, { useEffect, useCallback, useMemo } from 'react'; import { connect, ConnectedProps } from 'react-redux'; -import { HostItem } from '../../../../common/search_strategy'; +import { HostItem, LastEventIndexKey } from '../../../../common/search_strategy'; import { SecurityPageName } from '../../../app/types'; import { UpdateDateRange } from '../../../common/components/charts/common'; import { FiltersGlobal } from '../../../common/components/filters_global'; @@ -28,7 +28,6 @@ import { SiemSearchBar } from '../../../common/components/search_bar'; import { WrapperPage } from '../../../common/components/wrapper_page'; import { HostOverviewByNameQuery } from '../../containers/hosts/details'; import { useGlobalTime } from '../../../common/containers/use_global_time'; -import { LastEventIndexKey } from '../../../graphql/types'; import { useKibana } from '../../../common/lib/kibana'; import { convertToBuildEsQuery } from '../../../common/lib/keury'; import { inputsSelectors, State } from '../../../common/store'; diff --git a/x-pack/plugins/security_solution/public/hosts/pages/hosts.tsx b/x-pack/plugins/security_solution/public/hosts/pages/hosts.tsx index ea8cf11e7595a..4835f7eff5b6f 100644 --- a/x-pack/plugins/security_solution/public/hosts/pages/hosts.tsx +++ b/x-pack/plugins/security_solution/public/hosts/pages/hosts.tsx @@ -23,7 +23,7 @@ import { WrapperPage } from '../../common/components/wrapper_page'; import { useFullScreen } from '../../common/containers/use_full_screen'; import { useGlobalTime } from '../../common/containers/use_global_time'; import { TimelineId } from '../../../common/types/timeline'; -import { LastEventIndexKey } from '../../graphql/types'; +import { LastEventIndexKey } from '../../../common/search_strategy'; import { useKibana } from '../../common/lib/kibana'; import { convertToBuildEsQuery } from '../../common/lib/keury'; import { inputsSelectors, State } from '../../common/store'; diff --git a/x-pack/plugins/security_solution/public/network/components/direction/index.tsx b/x-pack/plugins/security_solution/public/network/components/direction/index.tsx index c8e8f009339c1..7fbc4c5e3c6df 100644 --- a/x-pack/plugins/security_solution/public/network/components/direction/index.tsx +++ b/x-pack/plugins/security_solution/public/network/components/direction/index.tsx @@ -6,7 +6,7 @@ import React from 'react'; -import { NetworkDirectionEcs } from '../../../graphql/types'; +import { NetworkDirectionEcs } from '../../../../common/search_strategy'; import { DraggableBadge } from '../../../common/components/draggables'; import { NETWORK_DIRECTION_FIELD_NAME } from '../source_destination/field_names'; diff --git a/x-pack/plugins/security_solution/public/network/components/network_dns_table/__snapshots__/index.test.tsx.snap b/x-pack/plugins/security_solution/public/network/components/network_dns_table/__snapshots__/index.test.tsx.snap index a70ee66a5552e..0119859d37672 100644 --- a/x-pack/plugins/security_solution/public/network/components/network_dns_table/__snapshots__/index.test.tsx.snap +++ b/x-pack/plugins/security_solution/public/network/components/network_dns_table/__snapshots__/index.test.tsx.snap @@ -1,7 +1,7 @@ // Jest Snapshot v1, https://goo.gl/fbAQLP exports[`NetworkTopNFlow Table Component rendering it renders the default NetworkTopNFlow table 1`] = ` - { const wrapper = shallow( ); - expect(wrapper.find('Connect(NetworkDnsTableComponent)')).toMatchSnapshot(); + expect(wrapper.find('Memo(NetworkDnsTableComponent)')).toMatchSnapshot(); }); }); @@ -81,18 +77,14 @@ describe('NetworkTopNFlow Table Component', () => { diff --git a/x-pack/plugins/security_solution/public/network/components/network_dns_table/index.tsx b/x-pack/plugins/security_solution/public/network/components/network_dns_table/index.tsx index ce5c05db34c5e..fa7690e9eeaff 100644 --- a/x-pack/plugins/security_solution/public/network/components/network_dns_table/index.tsx +++ b/x-pack/plugins/security_solution/public/network/components/network_dns_table/index.tsx @@ -5,17 +5,16 @@ */ import React, { useCallback, useMemo } from 'react'; -import { connect, ConnectedProps } from 'react-redux'; +import { useDispatch, useSelector, shallowEqual } from 'react-redux'; import deepEqual from 'fast-deep-equal'; import { networkActions, networkModel, networkSelectors } from '../../store'; import { Direction, + SortField, NetworkDnsEdges, NetworkDnsFields, - NetworkDnsSortField, -} from '../../../graphql/types'; -import { State } from '../../../common/store'; +} from '../../../../common/search_strategy'; import { Criteria, ItemsPerRow, PaginatedTable } from '../../../common/components/paginated_table'; import { getNetworkDnsColumns } from './columns'; @@ -24,7 +23,7 @@ import * as i18n from './translations'; const tableType = networkModel.NetworkTableType.dns; -interface OwnProps { +interface NetworkDnsTableProps { data: NetworkDnsEdges[]; fakeTotalCount: number; id: string; @@ -36,8 +35,6 @@ interface OwnProps { type: networkModel.NetworkType; } -type NetworkDnsTableProps = OwnProps & PropsFromRedux; - const rowItems: ItemsPerRow[] = [ { text: i18n.ROWS_5, @@ -49,121 +46,122 @@ const rowItems: ItemsPerRow[] = [ }, ]; -export const NetworkDnsTableComponent = React.memo( - ({ - activePage, - data, - fakeTotalCount, - id, - isInspect, - isPtrIncluded, - limit, - loading, - loadPage, - showMorePagesIndicator, - sort, - totalCount, - type, - updateNetworkTable, - }) => { - const updateLimitPagination = useCallback( - (newLimit) => - updateNetworkTable({ +const NetworkDnsTableComponent: React.FC = ({ + data, + fakeTotalCount, + id, + isInspect, + loading, + loadPage, + showMorePagesIndicator, + totalCount, + type, +}) => { + const dispatch = useDispatch(); + const getNetworkDnsSelector = networkSelectors.dnsSelector(); + const { activePage, isPtrIncluded, limit, sort } = useSelector( + getNetworkDnsSelector, + shallowEqual + ); + const updateLimitPagination = useCallback( + (newLimit) => + dispatch( + networkActions.updateNetworkTable({ networkType: type, tableType, updates: { limit: newLimit }, - }), - [type, updateNetworkTable] - ); - - const updateActivePage = useCallback( - (newPage) => - updateNetworkTable({ + }) + ), + [type, dispatch] + ); + + const updateActivePage = useCallback( + (newPage) => + dispatch( + networkActions.updateNetworkTable({ networkType: type, tableType, updates: { activePage: newPage }, - }), - [type, updateNetworkTable] - ); - - const onChange = useCallback( - (criteria: Criteria) => { - if (criteria.sort != null) { - const newDnsSortField: NetworkDnsSortField = { - field: criteria.sort.field.split('.')[1] as NetworkDnsFields, - direction: criteria.sort.direction as Direction, - }; - if (!deepEqual(newDnsSortField, sort)) { - updateNetworkTable({ + }) + ), + [dispatch, type] + ); + + const onChange = useCallback( + (criteria: Criteria) => { + if (criteria.sort != null) { + const newDnsSortField: SortField = { + field: criteria.sort.field.split('.')[1] as NetworkDnsFields, + direction: criteria.sort.direction as Direction, + }; + if (!deepEqual(newDnsSortField, sort)) { + dispatch( + networkActions.updateNetworkTable({ networkType: type, tableType, updates: { sort: newDnsSortField }, - }); - } + }) + ); } - }, - [sort, type, updateNetworkTable] - ); - - const onChangePtrIncluded = useCallback( - () => - updateNetworkTable({ + } + }, + [sort, type, dispatch] + ); + + const onChangePtrIncluded = useCallback( + () => + dispatch( + networkActions.updateNetworkTable({ networkType: type, tableType, updates: { isPtrIncluded: !isPtrIncluded }, - }), - [type, updateNetworkTable, isPtrIncluded] - ); - - const columns = useMemo(() => getNetworkDnsColumns(), []); - - return ( - - } - headerTitle={i18n.TOP_DNS_DOMAINS} - headerTooltip={i18n.TOOLTIP} - headerUnit={i18n.UNIT(totalCount)} - id={id} - itemsPerRow={rowItems} - isInspect={isInspect} - limit={limit} - loading={loading} - loadPage={loadPage} - onChange={onChange} - pageOfItems={data} - showMorePagesIndicator={showMorePagesIndicator} - sorting={{ - field: `node.${sort.field}`, - direction: sort.direction, - }} - totalCount={fakeTotalCount} - updateActivePage={updateActivePage} - updateLimitPagination={updateLimitPagination} - /> - ); - } -); - -NetworkDnsTableComponent.displayName = 'NetworkDnsTableComponent'; - -const makeMapStateToProps = () => { - const getNetworkDnsSelector = networkSelectors.dnsSelector(); - const mapStateToProps = (state: State) => getNetworkDnsSelector(state); - return mapStateToProps; -}; - -const mapDispatchToProps = { - updateNetworkTable: networkActions.updateNetworkTable, + }) + ), + [dispatch, type, isPtrIncluded] + ); + + const columns = useMemo(() => getNetworkDnsColumns(), []); + + const sorting = useMemo( + () => ({ + field: `node.${sort.field}`, + direction: sort.direction, + }), + [sort.direction, sort.field] + ); + + const HeaderSupplement = useMemo( + () => , + [isPtrIncluded, onChangePtrIncluded] + ); + + return ( + + ); }; -const connector = connect(makeMapStateToProps, mapDispatchToProps); - -type PropsFromRedux = ConnectedProps; +NetworkDnsTableComponent.displayName = 'NetworkDnsTableComponent'; -export const NetworkDnsTable = connector(NetworkDnsTableComponent); +export const NetworkDnsTable = React.memo(NetworkDnsTableComponent); diff --git a/x-pack/plugins/security_solution/public/network/components/network_dns_table/mock.ts b/x-pack/plugins/security_solution/public/network/components/network_dns_table/mock.ts index d094256fa4026..faeee4800d8a8 100644 --- a/x-pack/plugins/security_solution/public/network/components/network_dns_table/mock.ts +++ b/x-pack/plugins/security_solution/public/network/components/network_dns_table/mock.ts @@ -4,179 +4,178 @@ * you may not use this file except in compliance with the Elastic License. */ -import { NetworkDnsData } from '../../../graphql/types'; +import { NetworkDnsStrategyResponse } from '../../../../common/search_strategy'; -export const mockData: { NetworkDns: NetworkDnsData } = { - NetworkDns: { - totalCount: 80, - edges: [ - { - node: { - _id: 'nflxvideo.net', - dnsBytesIn: 2964, - dnsBytesOut: 12546, - dnsName: 'nflxvideo.net', - queryCount: 52, - uniqueDomains: 21, - }, - cursor: { value: 'nflxvideo.net' }, - }, - { - node: { - _id: 'apple.com', - dnsBytesIn: 2680, - dnsBytesOut: 31687, - dnsName: 'apple.com', - queryCount: 75, - uniqueDomains: 20, - }, - cursor: { value: 'apple.com' }, - }, - { - node: { - _id: 'googlevideo.com', - dnsBytesIn: 1890, - dnsBytesOut: 16292, - dnsName: 'googlevideo.com', - queryCount: 38, - uniqueDomains: 19, - }, - cursor: { value: 'googlevideo.com' }, - }, - { - node: { - _id: 'netflix.com', - dnsBytesIn: 60525, - dnsBytesOut: 218193, - dnsName: 'netflix.com', - queryCount: 1532, - uniqueDomains: 12, - }, - cursor: { value: 'netflix.com' }, - }, - { - node: { - _id: 'samsungcloudsolution.com', - dnsBytesIn: 1480, - dnsBytesOut: 11702, - dnsName: 'samsungcloudsolution.com', - queryCount: 31, - uniqueDomains: 8, - }, - cursor: { value: 'samsungcloudsolution.com' }, - }, - { - node: { - _id: 'doubleclick.net', - dnsBytesIn: 1505, - dnsBytesOut: 14372, - dnsName: 'doubleclick.net', - queryCount: 35, - uniqueDomains: 7, - }, - cursor: { value: 'doubleclick.net' }, - }, - { - node: { - _id: 'digitalocean.com', - dnsBytesIn: 2035, - dnsBytesOut: 4111, - dnsName: 'digitalocean.com', - queryCount: 35, - uniqueDomains: 6, - }, - cursor: { value: 'digitalocean.com' }, - }, - { - node: { - _id: 'samsungelectronics.com', - dnsBytesIn: 3916, - dnsBytesOut: 36592, - dnsName: 'samsungelectronics.com', - queryCount: 89, - uniqueDomains: 6, - }, - cursor: { value: 'samsungelectronics.com' }, - }, - { - node: { - _id: 'google.com', - dnsBytesIn: 896, - dnsBytesOut: 8072, - dnsName: 'google.com', - queryCount: 23, - uniqueDomains: 5, - }, - cursor: { value: 'google.com' }, - }, - { - node: { - _id: 'samsungcloudsolution.net', - dnsBytesIn: 1490, - dnsBytesOut: 11518, - dnsName: 'samsungcloudsolution.net', - queryCount: 30, - uniqueDomains: 5, - }, - cursor: { value: 'samsungcloudsolution.net' }, - }, - ], - pageInfo: { - activePage: 1, - fakeTotalCount: 50, - showMorePagesIndicator: true, - }, - histogram: [ - { - x: 'nflxvideo.net', - g: 'nflxvideo.net', - y: 12546, - }, - { - x: 'apple.com', - g: 'apple.com', - y: 31687, - }, - { - x: 'googlevideo.com', - g: 'googlevideo.com', - y: 16292, - }, - { - x: 'netflix.com', - g: 'netflix.com', - y: 218193, - }, - { - x: 'samsungcloudsolution.com', - g: 'samsungcloudsolution.com', - y: 11702, - }, - { - x: 'doubleclick.net', - g: 'doubleclick.net', - y: 14372, - }, - { - x: 'digitalocean.com', - g: 'digitalocean.com', - y: 4111, - }, - { - x: 'samsungelectronics.com', - g: 'samsungelectronics.com', - y: 36592, - }, - { - x: 'google.com', - g: 'google.com', - y: 8072, - }, - { - x: 'samsungcloudsolution.net', - g: 'samsungcloudsolution.net', - y: 11518, - }, - ], +export const mockData: NetworkDnsStrategyResponse = { + totalCount: 80, + edges: [ + { + node: { + _id: 'nflxvideo.net', + dnsBytesIn: 2964, + dnsBytesOut: 12546, + dnsName: 'nflxvideo.net', + queryCount: 52, + uniqueDomains: 21, + }, + cursor: { value: 'nflxvideo.net' }, + }, + { + node: { + _id: 'apple.com', + dnsBytesIn: 2680, + dnsBytesOut: 31687, + dnsName: 'apple.com', + queryCount: 75, + uniqueDomains: 20, + }, + cursor: { value: 'apple.com' }, + }, + { + node: { + _id: 'googlevideo.com', + dnsBytesIn: 1890, + dnsBytesOut: 16292, + dnsName: 'googlevideo.com', + queryCount: 38, + uniqueDomains: 19, + }, + cursor: { value: 'googlevideo.com' }, + }, + { + node: { + _id: 'netflix.com', + dnsBytesIn: 60525, + dnsBytesOut: 218193, + dnsName: 'netflix.com', + queryCount: 1532, + uniqueDomains: 12, + }, + cursor: { value: 'netflix.com' }, + }, + { + node: { + _id: 'samsungcloudsolution.com', + dnsBytesIn: 1480, + dnsBytesOut: 11702, + dnsName: 'samsungcloudsolution.com', + queryCount: 31, + uniqueDomains: 8, + }, + cursor: { value: 'samsungcloudsolution.com' }, + }, + { + node: { + _id: 'doubleclick.net', + dnsBytesIn: 1505, + dnsBytesOut: 14372, + dnsName: 'doubleclick.net', + queryCount: 35, + uniqueDomains: 7, + }, + cursor: { value: 'doubleclick.net' }, + }, + { + node: { + _id: 'digitalocean.com', + dnsBytesIn: 2035, + dnsBytesOut: 4111, + dnsName: 'digitalocean.com', + queryCount: 35, + uniqueDomains: 6, + }, + cursor: { value: 'digitalocean.com' }, + }, + { + node: { + _id: 'samsungelectronics.com', + dnsBytesIn: 3916, + dnsBytesOut: 36592, + dnsName: 'samsungelectronics.com', + queryCount: 89, + uniqueDomains: 6, + }, + cursor: { value: 'samsungelectronics.com' }, + }, + { + node: { + _id: 'google.com', + dnsBytesIn: 896, + dnsBytesOut: 8072, + dnsName: 'google.com', + queryCount: 23, + uniqueDomains: 5, + }, + cursor: { value: 'google.com' }, + }, + { + node: { + _id: 'samsungcloudsolution.net', + dnsBytesIn: 1490, + dnsBytesOut: 11518, + dnsName: 'samsungcloudsolution.net', + queryCount: 30, + uniqueDomains: 5, + }, + cursor: { value: 'samsungcloudsolution.net' }, + }, + ], + pageInfo: { + activePage: 1, + fakeTotalCount: 50, + showMorePagesIndicator: true, }, + histogram: [ + { + x: 'nflxvideo.net', + g: 'nflxvideo.net', + y: 12546, + }, + { + x: 'apple.com', + g: 'apple.com', + y: 31687, + }, + { + x: 'googlevideo.com', + g: 'googlevideo.com', + y: 16292, + }, + { + x: 'netflix.com', + g: 'netflix.com', + y: 218193, + }, + { + x: 'samsungcloudsolution.com', + g: 'samsungcloudsolution.com', + y: 11702, + }, + { + x: 'doubleclick.net', + g: 'doubleclick.net', + y: 14372, + }, + { + x: 'digitalocean.com', + g: 'digitalocean.com', + y: 4111, + }, + { + x: 'samsungelectronics.com', + g: 'samsungelectronics.com', + y: 36592, + }, + { + x: 'google.com', + g: 'google.com', + y: 8072, + }, + { + x: 'samsungcloudsolution.net', + g: 'samsungcloudsolution.net', + y: 11518, + }, + ], + rawResponse: {} as NetworkDnsStrategyResponse['rawResponse'], }; diff --git a/x-pack/plugins/security_solution/public/network/components/network_http_table/__snapshots__/index.test.tsx.snap b/x-pack/plugins/security_solution/public/network/components/network_http_table/__snapshots__/index.test.tsx.snap index 7adee9531b1f3..c5df0f6603fbf 100644 --- a/x-pack/plugins/security_solution/public/network/components/network_http_table/__snapshots__/index.test.tsx.snap +++ b/x-pack/plugins/security_solution/public/network/components/network_http_table/__snapshots__/index.test.tsx.snap @@ -1,3 +1,102 @@ // Jest Snapshot v1, https://goo.gl/fbAQLP -exports[`NetworkHttp Table Component rendering it renders the default NetworkHttp table 1`] = `null`; +exports[`NetworkHttp Table Component rendering it renders the default NetworkHttp table 1`] = ` + +`; diff --git a/x-pack/plugins/security_solution/public/network/components/network_http_table/index.test.tsx b/x-pack/plugins/security_solution/public/network/components/network_http_table/index.test.tsx index 2e0e278d8242d..5bd9b0f79f903 100644 --- a/x-pack/plugins/security_solution/public/network/components/network_http_table/index.test.tsx +++ b/x-pack/plugins/security_solution/public/network/components/network_http_table/index.test.tsx @@ -57,24 +57,20 @@ describe('NetworkHttp Table Component', () => { const wrapper = shallow( ); - expect(wrapper.find('Connect(Component)')).toMatchSnapshot(); + expect(wrapper.find('Memo(NetworkHttpTableComponent)')).toMatchSnapshot(); }); }); @@ -84,18 +80,14 @@ describe('NetworkHttp Table Component', () => { diff --git a/x-pack/plugins/security_solution/public/network/components/network_http_table/mock.ts b/x-pack/plugins/security_solution/public/network/components/network_http_table/mock.ts index f82f911d601ff..592feb6b73cde 100644 --- a/x-pack/plugins/security_solution/public/network/components/network_http_table/mock.ts +++ b/x-pack/plugins/security_solution/public/network/components/network_http_table/mock.ts @@ -4,85 +4,83 @@ * you may not use this file except in compliance with the Elastic License. */ -import { NetworkHttpData } from '../../../graphql/types'; +import { NetworkHttpStrategyResponse } from '../../../../common/search_strategy'; -export const mockData: { NetworkHttp: NetworkHttpData } = { - NetworkHttp: { - edges: [ - { - node: { - _id: '/computeMetadata/v1/instance/virtual-clock/drift-token', - domains: ['metadata.google.internal'], - methods: ['get'], - statuses: [], - lastHost: 'suricata-iowa', - lastSourceIp: '10.128.0.21', - path: '/computeMetadata/v1/instance/virtual-clock/drift-token', - requestCount: 1440, - }, - cursor: { - value: '/computeMetadata/v1/instance/virtual-clock/drift-token', - tiebreaker: null, - }, +export const mockData: NetworkHttpStrategyResponse = { + edges: [ + { + node: { + _id: '/computeMetadata/v1/instance/virtual-clock/drift-token', + domains: ['metadata.google.internal'], + methods: ['get'], + statuses: [], + lastHost: 'suricata-iowa', + lastSourceIp: '10.128.0.21', + path: '/computeMetadata/v1/instance/virtual-clock/drift-token', + requestCount: 1440, }, - { - node: { - _id: '/computeMetadata/v1/', - domains: ['metadata.google.internal'], - methods: ['get'], - statuses: ['200'], - lastHost: 'suricata-iowa', - lastSourceIp: '10.128.0.21', - path: '/computeMetadata/v1/', - requestCount: 1020, - }, - cursor: { - value: '/computeMetadata/v1/', - tiebreaker: null, - }, + cursor: { + value: '/computeMetadata/v1/instance/virtual-clock/drift-token', + tiebreaker: null, }, - { - node: { - _id: '/computeMetadata/v1/instance/network-interfaces/', - domains: ['metadata.google.internal'], - methods: ['get'], - statuses: [], - lastHost: 'suricata-iowa', - lastSourceIp: '10.128.0.21', - path: '/computeMetadata/v1/instance/network-interfaces/', - requestCount: 960, - }, - cursor: { - value: '/computeMetadata/v1/instance/network-interfaces/', - tiebreaker: null, - }, + }, + { + node: { + _id: '/computeMetadata/v1/', + domains: ['metadata.google.internal'], + methods: ['get'], + statuses: ['200'], + lastHost: 'suricata-iowa', + lastSourceIp: '10.128.0.21', + path: '/computeMetadata/v1/', + requestCount: 1020, }, - { - node: { - _id: '/downloads/ca_setup.exe', - domains: ['www.oxid.it'], - methods: ['get'], - statuses: ['200'], - lastHost: 'jessie', - lastSourceIp: '10.0.2.15', - path: '/downloads/ca_setup.exe', - requestCount: 3, - }, - cursor: { - value: '/downloads/ca_setup.exe', - tiebreaker: null, - }, + cursor: { + value: '/computeMetadata/v1/', + tiebreaker: null, }, - ], - inspect: { - dsl: [''], - response: [''], }, - pageInfo: { - activePage: 0, - fakeTotalCount: 4, - showMorePagesIndicator: false, + { + node: { + _id: '/computeMetadata/v1/instance/network-interfaces/', + domains: ['metadata.google.internal'], + methods: ['get'], + statuses: [], + lastHost: 'suricata-iowa', + lastSourceIp: '10.128.0.21', + path: '/computeMetadata/v1/instance/network-interfaces/', + requestCount: 960, + }, + cursor: { + value: '/computeMetadata/v1/instance/network-interfaces/', + tiebreaker: null, + }, }, - totalCount: 4, + { + node: { + _id: '/downloads/ca_setup.exe', + domains: ['www.oxid.it'], + methods: ['get'], + statuses: ['200'], + lastHost: 'jessie', + lastSourceIp: '10.0.2.15', + path: '/downloads/ca_setup.exe', + requestCount: 3, + }, + cursor: { + value: '/downloads/ca_setup.exe', + tiebreaker: null, + }, + }, + ], + inspect: { + dsl: [''], + }, + pageInfo: { + activePage: 0, + fakeTotalCount: 4, + showMorePagesIndicator: false, }, + totalCount: 4, + rawResponse: {} as NetworkHttpStrategyResponse['rawResponse'], }; diff --git a/x-pack/plugins/security_solution/public/network/components/network_top_n_flow_table/__snapshots__/index.test.tsx.snap b/x-pack/plugins/security_solution/public/network/components/network_top_n_flow_table/__snapshots__/index.test.tsx.snap index 3d47e398ed395..07874f9f39f0b 100644 --- a/x-pack/plugins/security_solution/public/network/components/network_top_n_flow_table/__snapshots__/index.test.tsx.snap +++ b/x-pack/plugins/security_solution/public/network/components/network_top_n_flow_table/__snapshots__/index.test.tsx.snap @@ -1,7 +1,7 @@ // Jest Snapshot v1, https://goo.gl/fbAQLP exports[`NetworkTopNFlow Table Component rendering it renders the default NetworkTopNFlow table on the IP Details page 1`] = ` - { const wrapper = shallow( ); - expect(wrapper.find('Connect(Component)')).toMatchSnapshot(); + expect(wrapper.find('Memo(NetworkTopNFlowTableComponent)')).toMatchSnapshot(); }); test('it renders the default NetworkTopNFlow table on the IP Details page', () => { const wrapper = shallow( ); - expect(wrapper.find('Connect(Component)')).toMatchSnapshot(); + expect(wrapper.find('Memo(NetworkTopNFlowTableComponent)')).toMatchSnapshot(); }); }); @@ -110,19 +102,15 @@ describe('NetworkTopNFlow Table Component', () => { diff --git a/x-pack/plugins/security_solution/public/network/components/network_top_n_flow_table/index.tsx b/x-pack/plugins/security_solution/public/network/components/network_top_n_flow_table/index.tsx index 757b178431d90..9824ac602bb43 100644 --- a/x-pack/plugins/security_solution/public/network/components/network_top_n_flow_table/index.tsx +++ b/x-pack/plugins/security_solution/public/network/components/network_top_n_flow_table/index.tsx @@ -5,23 +5,23 @@ */ import { last } from 'lodash/fp'; import React, { useCallback, useMemo } from 'react'; -import { connect, ConnectedProps } from 'react-redux'; +import { useDispatch, useSelector, shallowEqual } from 'react-redux'; import deepEqual from 'fast-deep-equal'; import { Direction, + SortField, FlowTargetSourceDest, NetworkTopNFlowEdges, NetworkTopTablesFields, - NetworkTopTablesSortField, -} from '../../../graphql/types'; +} from '../../../../common/search_strategy'; import { State } from '../../../common/store'; import { Criteria, ItemsPerRow, PaginatedTable } from '../../../common/components/paginated_table'; import { networkActions, networkModel, networkSelectors } from '../../store'; import { getNFlowColumnsCurated } from './columns'; import * as i18n from './translations'; -interface OwnProps { +interface NetworkTopNFlowTableProps { data: NetworkTopNFlowEdges[]; fakeTotalCount: number; flowTargeted: FlowTargetSourceDest; @@ -34,8 +34,6 @@ interface OwnProps { type: networkModel.NetworkType; } -type NetworkTopNFlowTableProps = OwnProps & PropsFromRedux; - const rowItems: ItemsPerRow[] = [ { text: i18n.ROWS_5, @@ -50,21 +48,24 @@ const rowItems: ItemsPerRow[] = [ export const NetworkTopNFlowTableId = 'networkTopSourceFlow-top-talkers'; const NetworkTopNFlowTableComponent: React.FC = ({ - activePage, data, fakeTotalCount, flowTargeted, id, isInspect, - limit, loading, loadPage, showMorePagesIndicator, - sort, totalCount, type, - updateNetworkTable, }) => { + const dispatch = useDispatch(); + const getTopNFlowSelector = networkSelectors.topNFlowSelector(); + const { activePage, limit, sort } = useSelector( + (state: State) => getTopNFlowSelector(state, type, flowTargeted), + shallowEqual + ); + const columns = useMemo( () => getNFlowColumnsCurated(flowTargeted, type, NetworkTopNFlowTableId), [flowTargeted, type] @@ -92,22 +93,24 @@ const NetworkTopNFlowTableComponent: React.FC = ({ const splitField = criteria.sort.field.split('.'); const field = last(splitField); const newSortDirection = field !== sort.field ? Direction.desc : criteria.sort.direction; // sort by desc on init click - const newTopNFlowSort: NetworkTopTablesSortField = { + const newTopNFlowSort: SortField = { field: field as NetworkTopTablesFields, - direction: newSortDirection as Direction, + direction: newSortDirection, }; if (!deepEqual(newTopNFlowSort, sort)) { - updateNetworkTable({ - networkType: type, - tableType, - updates: { - sort: newTopNFlowSort, - }, - }); + dispatch( + networkActions.updateNetworkTable({ + networkType: type, + tableType, + updates: { + sort: newTopNFlowSort, + }, + }) + ); } } }, - [sort, type, tableType, updateNetworkTable] + [sort, dispatch, type, tableType] ); const field = @@ -118,18 +121,26 @@ const NetworkTopNFlowTableComponent: React.FC = ({ const updateActivePage = useCallback( (newPage) => - updateNetworkTable({ - networkType: type, - tableType, - updates: { activePage: newPage }, - }), - [updateNetworkTable, type, tableType] + dispatch( + networkActions.updateNetworkTable({ + networkType: type, + tableType, + updates: { activePage: newPage }, + }) + ), + [dispatch, type, tableType] ); const updateLimitPagination = useCallback( (newLimit) => - updateNetworkTable({ networkType: type, tableType, updates: { limit: newLimit } }), - [updateNetworkTable, type, tableType] + dispatch( + networkActions.updateNetworkTable({ + networkType: type, + tableType, + updates: { limit: newLimit }, + }) + ), + [dispatch, type, tableType] ); return ( @@ -157,18 +168,4 @@ const NetworkTopNFlowTableComponent: React.FC = ({ ); }; -const makeMapStateToProps = () => { - const getTopNFlowSelector = networkSelectors.topNFlowSelector(); - return (state: State, { type, flowTargeted }: OwnProps) => - getTopNFlowSelector(state, type, flowTargeted); -}; - -const mapDispatchToProps = { - updateNetworkTable: networkActions.updateNetworkTable, -}; - -const connector = connect(makeMapStateToProps, mapDispatchToProps); - -type PropsFromRedux = ConnectedProps; - -export const NetworkTopNFlowTable = connector(React.memo(NetworkTopNFlowTableComponent)); +export const NetworkTopNFlowTable = React.memo(NetworkTopNFlowTableComponent); diff --git a/x-pack/plugins/security_solution/public/network/components/network_top_n_flow_table/mock.ts b/x-pack/plugins/security_solution/public/network/components/network_top_n_flow_table/mock.ts index bd21d78ba77c5..cf7d6974fc739 100644 --- a/x-pack/plugins/security_solution/public/network/components/network_top_n_flow_table/mock.ts +++ b/x-pack/plugins/security_solution/public/network/components/network_top_n_flow_table/mock.ts @@ -4,83 +4,81 @@ * you may not use this file except in compliance with the Elastic License. */ -import { NetworkTopNFlowData, FlowTargetSourceDest } from '../../../graphql/types'; +import { + NetworkTopNFlowStrategyResponse, + FlowTargetSourceDest, +} from '../../../../common/search_strategy'; -export const mockData: { NetworkTopNFlow: NetworkTopNFlowData } = { - NetworkTopNFlow: { - totalCount: 524, - edges: [ - { - node: { - source: { - autonomous_system: { - name: 'Google, Inc', - number: 15169, - }, - domain: ['test.domain.com'], - flows: 12345, - destination_ips: 12, - ip: '8.8.8.8', - location: { - geo: { - continent_name: ['North America'], - country_name: null, - country_iso_code: ['US'], - city_name: ['Mountain View'], - region_iso_code: ['US-CA'], - region_name: ['California'], - }, - flowTarget: FlowTargetSourceDest.source, - }, +export const mockData: NetworkTopNFlowStrategyResponse = { + totalCount: 524, + edges: [ + { + node: { + source: { + autonomous_system: { + name: 'Google, Inc', + number: 15169, }, - destination: null, - network: { - bytes_in: 3826633497, - bytes_out: 1083495734, + domain: ['test.domain.com'], + flows: 12345, + destination_ips: 12, + ip: '8.8.8.8', + location: { + geo: { + continent_name: ['North America'], + country_iso_code: ['US'], + city_name: ['Mountain View'], + region_iso_code: ['US-CA'], + region_name: ['California'], + }, + flowTarget: FlowTargetSourceDest.source, }, }, - cursor: { - value: '8.8.8.8', + network: { + bytes_in: 3826633497, + bytes_out: 1083495734, }, }, - { - node: { - source: { - autonomous_system: { - name: 'TM Net, Internet Service Provider', - number: 4788, - }, - domain: ['test.domain.net', 'test.old.domain.net'], - flows: 12345, - destination_ips: 12, - ip: '9.9.9.9', - location: { - geo: { - continent_name: ['Asia'], - country_name: null, - country_iso_code: ['MY'], - city_name: ['Petaling Jaya'], - region_iso_code: ['MY-10'], - region_name: ['Selangor'], - }, - flowTarget: FlowTargetSourceDest.source, - }, + cursor: { + value: '8.8.8.8', + }, + }, + { + node: { + source: { + autonomous_system: { + name: 'TM Net, Internet Service Provider', + number: 4788, }, - destination: null, - network: { - bytes_in: 3826633497, - bytes_out: 1083495734, + domain: ['test.domain.net', 'test.old.domain.net'], + flows: 12345, + destination_ips: 12, + ip: '9.9.9.9', + location: { + geo: { + continent_name: ['Asia'], + country_iso_code: ['MY'], + city_name: ['Petaling Jaya'], + region_iso_code: ['MY-10'], + region_name: ['Selangor'], + }, + flowTarget: FlowTargetSourceDest.source, }, }, - cursor: { - value: '9.9.9.9', + network: { + bytes_in: 3826633497, + bytes_out: 1083495734, }, }, - ], - pageInfo: { - activePage: 1, - fakeTotalCount: 50, - showMorePagesIndicator: true, + cursor: { + value: '9.9.9.9', + }, }, + ], + pageInfo: { + activePage: 1, + fakeTotalCount: 50, + showMorePagesIndicator: true, }, + rawResponse: {} as NetworkTopNFlowStrategyResponse['rawResponse'], }; diff --git a/x-pack/plugins/security_solution/public/network/containers/kpi_network/index.gql_query.ts b/x-pack/plugins/security_solution/public/network/containers/kpi_network/index.gql_query.ts deleted file mode 100644 index 3c693f08b45f2..0000000000000 --- a/x-pack/plugins/security_solution/public/network/containers/kpi_network/index.gql_query.ts +++ /dev/null @@ -1,44 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import gql from 'graphql-tag'; - -export const kpiNetworkQuery = gql` - fragment KpiNetworkChartFields on KpiNetworkHistogramData { - x - y - } - - query GetKpiNetworkQuery( - $sourceId: ID! - $timerange: TimerangeInput! - $filterQuery: String - $defaultIndex: [String!]! - $inspect: Boolean! - ) { - source(id: $sourceId) { - id - KpiNetwork(timerange: $timerange, filterQuery: $filterQuery, defaultIndex: $defaultIndex) { - networkEvents - uniqueFlowId - uniqueSourcePrivateIps - uniqueSourcePrivateIpsHistogram { - ...KpiNetworkChartFields - } - uniqueDestinationPrivateIps - uniqueDestinationPrivateIpsHistogram { - ...KpiNetworkChartFields - } - dnsQueries - tlsHandshakes - inspect @include(if: $inspect) { - dsl - response - } - } - } - } -`; diff --git a/x-pack/plugins/security_solution/public/network/containers/network_dns/index.gql_query.ts b/x-pack/plugins/security_solution/public/network/containers/network_dns/index.gql_query.ts deleted file mode 100644 index a81d112fa4c50..0000000000000 --- a/x-pack/plugins/security_solution/public/network/containers/network_dns/index.gql_query.ts +++ /dev/null @@ -1,58 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import gql from 'graphql-tag'; - -export const networkDnsQuery = gql` - query GetNetworkDnsQuery( - $defaultIndex: [String!]! - $filterQuery: String - $inspect: Boolean! - $isPtrIncluded: Boolean! - $pagination: PaginationInputPaginated! - $sort: NetworkDnsSortField! - $sourceId: ID! - $stackByField: String - $timerange: TimerangeInput! - ) { - source(id: $sourceId) { - id - NetworkDns( - isPtrIncluded: $isPtrIncluded - sort: $sort - timerange: $timerange - pagination: $pagination - filterQuery: $filterQuery - defaultIndex: $defaultIndex - stackByField: $stackByField - ) { - totalCount - edges { - node { - _id - dnsBytesIn - dnsBytesOut - dnsName - queryCount - uniqueDomains - } - cursor { - value - } - } - pageInfo { - activePage - fakeTotalCount - showMorePagesIndicator - } - inspect @include(if: $inspect) { - dsl - response - } - } - } - } -`; diff --git a/x-pack/plugins/security_solution/public/network/containers/network_dns/index.tsx b/x-pack/plugins/security_solution/public/network/containers/network_dns/index.tsx index 334373c4a551a..1f199ba4f9acd 100644 --- a/x-pack/plugins/security_solution/public/network/containers/network_dns/index.tsx +++ b/x-pack/plugins/security_solution/public/network/containers/network_dns/index.tsx @@ -13,7 +13,7 @@ import { ESTermQuery } from '../../../../common/typed_json'; import { inputsModel, State } from '../../../common/store'; import { useKibana } from '../../../common/lib/kibana'; import { createFilter } from '../../../common/containers/helpers'; -import { NetworkDnsEdges, PageInfoPaginated } from '../../../graphql/types'; +import { NetworkDnsEdges, PageInfoPaginated } from '../../../../common/search_strategy'; import { generateTablePaginationOptions } from '../../../common/components/paginated_table/helpers'; import { networkModel, networkSelectors } from '../../store'; import { diff --git a/x-pack/plugins/security_solution/public/network/containers/network_http/index.gql_query.ts b/x-pack/plugins/security_solution/public/network/containers/network_http/index.gql_query.ts deleted file mode 100644 index bedf13dfa9849..0000000000000 --- a/x-pack/plugins/security_solution/public/network/containers/network_http/index.gql_query.ts +++ /dev/null @@ -1,57 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import gql from 'graphql-tag'; - -export const networkHttpQuery = gql` - query GetNetworkHttpQuery( - $sourceId: ID! - $ip: String - $filterQuery: String - $pagination: PaginationInputPaginated! - $sort: NetworkHttpSortField! - $timerange: TimerangeInput! - $defaultIndex: [String!]! - $inspect: Boolean! - ) { - source(id: $sourceId) { - id - NetworkHttp( - filterQuery: $filterQuery - ip: $ip - pagination: $pagination - sort: $sort - timerange: $timerange - defaultIndex: $defaultIndex - ) { - totalCount - edges { - node { - domains - lastHost - lastSourceIp - methods - path - requestCount - statuses - } - cursor { - value - } - } - pageInfo { - activePage - fakeTotalCount - showMorePagesIndicator - } - inspect @include(if: $inspect) { - dsl - response - } - } - } - } -`; diff --git a/x-pack/plugins/security_solution/public/network/containers/network_http/index.tsx b/x-pack/plugins/security_solution/public/network/containers/network_http/index.tsx index 221b693818c50..98202f6b42be6 100644 --- a/x-pack/plugins/security_solution/public/network/containers/network_http/index.tsx +++ b/x-pack/plugins/security_solution/public/network/containers/network_http/index.tsx @@ -13,11 +13,12 @@ import { ESTermQuery } from '../../../../common/typed_json'; import { inputsModel, State } from '../../../common/store'; import { useKibana } from '../../../common/lib/kibana'; import { createFilter } from '../../../common/containers/helpers'; -import { NetworkHttpEdges, PageInfoPaginated } from '../../../graphql/types'; import { generateTablePaginationOptions } from '../../../common/components/paginated_table/helpers'; import { networkModel, networkSelectors } from '../../store'; import { NetworkQueries, + NetworkHttpEdges, + PageInfoPaginated, NetworkHttpRequestOptions, NetworkHttpStrategyResponse, SortField, diff --git a/x-pack/plugins/security_solution/public/network/containers/network_top_countries/index.gql_query.ts b/x-pack/plugins/security_solution/public/network/containers/network_top_countries/index.gql_query.ts deleted file mode 100644 index 5850246ceecec..0000000000000 --- a/x-pack/plugins/security_solution/public/network/containers/network_top_countries/index.gql_query.ts +++ /dev/null @@ -1,68 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import gql from 'graphql-tag'; - -export const networkTopCountriesQuery = gql` - query GetNetworkTopCountriesQuery( - $sourceId: ID! - $ip: String - $filterQuery: String - $pagination: PaginationInputPaginated! - $sort: NetworkTopTablesSortField! - $flowTarget: FlowTargetSourceDest! - $timerange: TimerangeInput! - $defaultIndex: [String!]! - $inspect: Boolean! - ) { - source(id: $sourceId) { - id - NetworkTopCountries( - filterQuery: $filterQuery - flowTarget: $flowTarget - ip: $ip - pagination: $pagination - sort: $sort - timerange: $timerange - defaultIndex: $defaultIndex - ) { - totalCount - edges { - node { - source { - country - destination_ips - flows - source_ips - } - destination { - country - destination_ips - flows - source_ips - } - network { - bytes_in - bytes_out - } - } - cursor { - value - } - } - pageInfo { - activePage - fakeTotalCount - showMorePagesIndicator - } - inspect @include(if: $inspect) { - dsl - response - } - } - } - } -`; diff --git a/x-pack/plugins/security_solution/public/network/containers/network_top_n_flow/index.gql_query.ts b/x-pack/plugins/security_solution/public/network/containers/network_top_n_flow/index.gql_query.ts deleted file mode 100644 index a73f9ff9256ff..0000000000000 --- a/x-pack/plugins/security_solution/public/network/containers/network_top_n_flow/index.gql_query.ts +++ /dev/null @@ -1,98 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import gql from 'graphql-tag'; - -export const networkTopNFlowQuery = gql` - query GetNetworkTopNFlowQuery( - $sourceId: ID! - $ip: String - $filterQuery: String - $pagination: PaginationInputPaginated! - $sort: NetworkTopTablesSortField! - $flowTarget: FlowTargetSourceDest! - $timerange: TimerangeInput! - $defaultIndex: [String!]! - $inspect: Boolean! - ) { - source(id: $sourceId) { - id - NetworkTopNFlow( - filterQuery: $filterQuery - flowTarget: $flowTarget - ip: $ip - pagination: $pagination - sort: $sort - timerange: $timerange - defaultIndex: $defaultIndex - ) { - totalCount - edges { - node { - source { - autonomous_system { - name - number - } - domain - ip - location { - geo { - continent_name - country_name - country_iso_code - city_name - region_iso_code - region_name - } - flowTarget - } - flows - destination_ips - } - destination { - autonomous_system { - name - number - } - domain - ip - location { - geo { - continent_name - country_name - country_iso_code - city_name - region_iso_code - region_name - } - flowTarget - } - flows - source_ips - } - network { - bytes_in - bytes_out - } - } - cursor { - value - } - } - pageInfo { - activePage - fakeTotalCount - showMorePagesIndicator - } - inspect @include(if: $inspect) { - dsl - response - } - } - } - } -`; diff --git a/x-pack/plugins/security_solution/public/network/pages/details/index.tsx b/x-pack/plugins/security_solution/public/network/pages/details/index.tsx index eaeb31c020473..a227dec410915 100644 --- a/x-pack/plugins/security_solution/public/network/pages/details/index.tsx +++ b/x-pack/plugins/security_solution/public/network/pages/details/index.tsx @@ -9,7 +9,7 @@ import React, { useCallback, useEffect, useMemo } from 'react'; import { useDispatch, useSelector, shallowEqual } from 'react-redux'; import { useParams } from 'react-router-dom'; -import { FlowTarget } from '../../../../common/search_strategy'; +import { FlowTarget, LastEventIndexKey } from '../../../../common/search_strategy'; import { useGlobalTime } from '../../../common/containers/use_global_time'; import { FiltersGlobal } from '../../../common/components/filters_global'; import { HeaderPage } from '../../../common/components/header_page'; @@ -24,7 +24,7 @@ import { IpOverview } from '../../components/details'; import { SiemSearchBar } from '../../../common/components/search_bar'; import { WrapperPage } from '../../../common/components/wrapper_page'; import { useNetworkDetails } from '../../containers/details'; -import { FlowTargetSourceDest, LastEventIndexKey } from '../../../graphql/types'; +import { FlowTargetSourceDest } from '../../../graphql/types'; import { useKibana } from '../../../common/lib/kibana'; import { decodeIpv6 } from '../../../common/lib/helpers'; import { convertToBuildEsQuery } from '../../../common/lib/keury'; diff --git a/x-pack/plugins/security_solution/public/network/pages/network.tsx b/x-pack/plugins/security_solution/public/network/pages/network.tsx index 6aea771e49499..243ea8626582f 100644 --- a/x-pack/plugins/security_solution/public/network/pages/network.tsx +++ b/x-pack/plugins/security_solution/public/network/pages/network.tsx @@ -24,7 +24,7 @@ import { SiemSearchBar } from '../../common/components/search_bar'; import { WrapperPage } from '../../common/components/wrapper_page'; import { useFullScreen } from '../../common/containers/use_full_screen'; import { useGlobalTime } from '../../common/containers/use_global_time'; -import { LastEventIndexKey } from '../../graphql/types'; +import { LastEventIndexKey } from '../../../common/search_strategy'; import { useKibana } from '../../common/lib/kibana'; import { convertToBuildEsQuery } from '../../common/lib/keury'; import { State, inputsSelectors } from '../../common/store'; diff --git a/x-pack/plugins/security_solution/public/timelines/components/timeline/footer/index.test.tsx b/x-pack/plugins/security_solution/public/timelines/components/timeline/footer/index.test.tsx index 01e5202d03332..f823b717e7f4c 100644 --- a/x-pack/plugins/security_solution/public/timelines/components/timeline/footer/index.test.tsx +++ b/x-pack/plugins/security_solution/public/timelines/components/timeline/footer/index.test.tsx @@ -10,12 +10,13 @@ import React from 'react'; import { TestProviders } from '../../../../common/mock/test_providers'; import { FooterComponent, PagingControlComponent } from './index'; -import { mockData } from './mock'; describe('Footer Timeline Component', () => { const loadMore = jest.fn(); const onChangeItemsPerPage = jest.fn(); const updatedAt = 1546878704036; + const totalCount = 15546; + const itemsCount = 2; describe('rendering', () => { test('it renders the default timeline footer', () => { @@ -27,12 +28,12 @@ describe('Footer Timeline Component', () => { id={'timeline-id'} isLive={false} isLoading={false} - itemsCount={mockData.Events.edges.length} + itemsCount={itemsCount} itemsPerPage={2} itemsPerPageOptions={[1, 5, 10, 20]} onChangeItemsPerPage={onChangeItemsPerPage} onChangePage={loadMore} - serverSideEventCount={mockData.Events.totalCount} + serverSideEventCount={totalCount} totalPages={2} /> ); @@ -49,12 +50,12 @@ describe('Footer Timeline Component', () => { id={'timeline-id'} isLive={false} isLoading={true} - itemsCount={mockData.Events.edges.length} + itemsCount={itemsCount} itemsPerPage={2} itemsPerPageOptions={[1, 5, 10, 20]} onChangeItemsPerPage={onChangeItemsPerPage} onChangePage={loadMore} - serverSideEventCount={mockData.Events.totalCount} + serverSideEventCount={totalCount} totalPages={2} /> ); @@ -72,12 +73,12 @@ describe('Footer Timeline Component', () => { id={'timeline-id'} isLive={false} isLoading={false} - itemsCount={mockData.Events.edges.length} + itemsCount={itemsCount} itemsPerPage={2} itemsPerPageOptions={[1, 5, 10, 20]} onChangeItemsPerPage={onChangeItemsPerPage} onChangePage={loadMore} - serverSideEventCount={mockData.Events.totalCount} + serverSideEventCount={totalCount} totalPages={2} /> @@ -123,12 +124,12 @@ describe('Footer Timeline Component', () => { id={'timeline-id'} isLive={false} isLoading={true} - itemsCount={mockData.Events.edges.length} + itemsCount={itemsCount} itemsPerPage={2} itemsPerPageOptions={[1, 5, 10, 20]} onChangeItemsPerPage={onChangeItemsPerPage} onChangePage={loadMore} - serverSideEventCount={mockData.Events.totalCount} + serverSideEventCount={totalCount} totalPages={2} /> ); @@ -146,12 +147,12 @@ describe('Footer Timeline Component', () => { id={'timeline-id'} isLive={false} isLoading={false} - itemsCount={mockData.Events.edges.length} + itemsCount={itemsCount} itemsPerPage={1} itemsPerPageOptions={[1, 5, 10, 20]} onChangeItemsPerPage={onChangeItemsPerPage} onChangePage={loadMore} - serverSideEventCount={mockData.Events.totalCount} + serverSideEventCount={totalCount} totalPages={2} /> @@ -173,12 +174,12 @@ describe('Footer Timeline Component', () => { id={'timeline-id'} isLive={false} isLoading={false} - itemsCount={mockData.Events.edges.length} + itemsCount={itemsCount} itemsPerPage={2} itemsPerPageOptions={[1, 5, 10, 20]} onChangeItemsPerPage={onChangeItemsPerPage} onChangePage={loadMore} - serverSideEventCount={mockData.Events.totalCount} + serverSideEventCount={totalCount} totalPages={2} /> @@ -198,12 +199,12 @@ describe('Footer Timeline Component', () => { id={'timeline-id'} isLive={false} isLoading={false} - itemsCount={mockData.Events.edges.length} + itemsCount={itemsCount} itemsPerPage={1} itemsPerPageOptions={[1, 5, 10, 20]} onChangeItemsPerPage={onChangeItemsPerPage} onChangePage={loadMore} - serverSideEventCount={mockData.Events.totalCount} + serverSideEventCount={totalCount} totalPages={2} /> @@ -225,12 +226,12 @@ describe('Footer Timeline Component', () => { id={'timeline-id'} isLive={true} isLoading={false} - itemsCount={mockData.Events.edges.length} + itemsCount={itemsCount} itemsPerPage={2} itemsPerPageOptions={[1, 5, 10, 20]} onChangeItemsPerPage={onChangeItemsPerPage} onChangePage={loadMore} - serverSideEventCount={mockData.Events.totalCount} + serverSideEventCount={totalCount} totalPages={2} /> @@ -250,12 +251,12 @@ describe('Footer Timeline Component', () => { id={'timeline-id'} isLive={false} isLoading={false} - itemsCount={mockData.Events.edges.length} + itemsCount={itemsCount} itemsPerPage={2} itemsPerPageOptions={[1, 5, 10, 20]} onChangeItemsPerPage={onChangeItemsPerPage} onChangePage={loadMore} - serverSideEventCount={mockData.Events.totalCount} + serverSideEventCount={totalCount} totalPages={2} /> diff --git a/x-pack/plugins/security_solution/public/timelines/components/timeline/footer/mock.ts b/x-pack/plugins/security_solution/public/timelines/components/timeline/footer/mock.ts deleted file mode 100644 index fcd30ee2b8500..0000000000000 --- a/x-pack/plugins/security_solution/public/timelines/components/timeline/footer/mock.ts +++ /dev/null @@ -1,86 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import { EventsTimelineData } from '../../../../graphql/types'; - -export const mockData: { Events: EventsTimelineData } = { - Events: { - totalCount: 15546, - pageInfo: { - hasNextPage: true, - endCursor: { - value: '1546878704036', - tiebreaker: '10624', - }, - }, - edges: [ - { - cursor: { - value: '1546878704036', - tiebreaker: '10656', - }, - node: { - _id: 'Fo8nKWgBiyhPd5Zo3cib', - timestamp: '2019-01-07T16:31:44.036Z', - _index: 'auditbeat-7.0.0-2019.01.07', - destination: { - ip: ['24.168.54.169'], - port: [62123], - }, - event: { - category: null, - id: null, - module: ['system'], - severity: null, - type: null, - }, - geo: null, - host: { - name: ['siem-general'], - ip: null, - }, - source: { - ip: ['10.142.0.6'], - port: [9200], - }, - suricata: null, - }, - }, - { - cursor: { - value: '1546878704036', - tiebreaker: '10624', - }, - node: { - _id: 'F48nKWgBiyhPd5Zo3cib', - timestamp: '2019-01-07T16:31:44.036Z', - _index: 'auditbeat-7.0.0-2019.01.07', - destination: { - ip: ['24.168.54.169'], - port: [62145], - }, - event: { - category: null, - id: null, - module: ['system'], - severity: null, - type: null, - }, - geo: null, - host: { - name: ['siem-general'], - ip: null, - }, - source: { - ip: ['10.142.0.6'], - port: [9200], - }, - suricata: null, - }, - }, - ], - }, -}; diff --git a/x-pack/plugins/security_solution/public/timelines/containers/details/index.gql_query.ts b/x-pack/plugins/security_solution/public/timelines/containers/details/index.gql_query.ts deleted file mode 100644 index eff58725edb29..0000000000000 --- a/x-pack/plugins/security_solution/public/timelines/containers/details/index.gql_query.ts +++ /dev/null @@ -1,33 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import gql from 'graphql-tag'; - -export const timelineDetailsQuery = gql` - query GetTimelineDetailsQuery( - $sourceId: ID! - $eventId: String! - $indexName: String! - $defaultIndex: [String!]! - $docValueFields: [docValueFieldsInput!]! - ) { - source(id: $sourceId) { - id - TimelineDetails( - eventId: $eventId - indexName: $indexName - defaultIndex: $defaultIndex - docValueFields: $docValueFields - ) { - data { - field - values - originalValue - } - } - } - } -`; diff --git a/x-pack/plugins/security_solution/public/timelines/containers/index.gql_query.ts b/x-pack/plugins/security_solution/public/timelines/containers/index.gql_query.ts deleted file mode 100644 index c67ad45bede94..0000000000000 --- a/x-pack/plugins/security_solution/public/timelines/containers/index.gql_query.ts +++ /dev/null @@ -1,375 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import gql from 'graphql-tag'; - -export const timelineQuery = gql` - query GetTimelineQuery( - $sourceId: ID! - $fieldRequested: [String!]! - $pagination: PaginationInput! - $sortField: SortField! - $filterQuery: String - $defaultIndex: [String!]! - $inspect: Boolean! - $docValueFields: [docValueFieldsInput!]! - $timerange: TimerangeInput! - ) { - source(id: $sourceId) { - id - Timeline( - fieldRequested: $fieldRequested - pagination: $pagination - sortField: $sortField - filterQuery: $filterQuery - defaultIndex: $defaultIndex - docValueFields: $docValueFields - timerange: $timerange - ) { - totalCount - inspect @include(if: $inspect) { - dsl - response - } - pageInfo { - endCursor { - value - tiebreaker - } - hasNextPage - } - edges { - node { - _id - _index - data { - field - value - } - ecs { - _id - _index - timestamp - message - system { - auth { - ssh { - signature - method - } - } - audit { - package { - arch - entity_id - name - size - summary - version - } - } - } - event { - action - category - code - created - dataset - duration - end - hash - id - kind - module - original - outcome - risk_score - risk_score_norm - severity - start - timezone - type - } - agent { - type - } - auditd { - result - session - data { - acct - terminal - op - } - summary { - actor { - primary - secondary - } - object { - primary - secondary - type - } - how - message_type - sequence - } - } - file { - name - path - target_path - extension - type - device - inode - uid - owner - gid - group - mode - size - mtime - ctime - } - host { - id - name - ip - } - rule { - reference - } - source { - bytes - ip - packets - port - geo { - continent_name - country_name - country_iso_code - city_name - region_iso_code - region_name - } - } - destination { - bytes - ip - packets - port - geo { - continent_name - country_name - country_iso_code - city_name - region_iso_code - region_name - } - } - dns { - question { - name - type - } - resolved_ip - response_code - } - endgame { - exit_code - file_name - file_path - logon_type - parent_process_name - pid - process_name - subject_domain_name - subject_logon_id - subject_user_name - target_domain_name - target_logon_id - target_user_name - } - geo { - region_name - country_iso_code - } - signal { - status - original_time - rule { - id - saved_id - timeline_id - timeline_title - output_index - from - index - language - query - to - filters - note - type - threshold - exceptions_list - } - } - suricata { - eve { - proto - flow_id - alert { - signature - signature_id - } - } - } - network { - bytes - community_id - direction - packets - protocol - transport - } - http { - version - request { - method - body { - bytes - content - } - referrer - } - response { - status_code - body { - bytes - content - } - } - } - tls { - client_certificate { - fingerprint { - sha1 - } - } - fingerprints { - ja3 { - hash - } - } - server_certificate { - fingerprint { - sha1 - } - } - } - url { - original - domain - username - password - } - user { - domain - name - } - winlog { - event_id - } - process { - hash { - md5 - sha1 - sha256 - } - pid - name - ppid - args - entity_id - executable - title - working_directory - } - zeek { - session_id - connection { - local_resp - local_orig - missed_bytes - state - history - } - notice { - suppress_for - msg - note - sub - dst - dropped - peer_descr - } - dns { - AA - qclass_name - RD - qtype_name - rejected - qtype - query - trans_id - qclass - RA - TC - } - http { - resp_mime_types - trans_depth - status_msg - resp_fuids - tags - } - files { - session_ids - timedout - local_orig - tx_host - source - is_orig - overflow_bytes - sha1 - duration - depth - analyzers - mime_type - rx_host - total_bytes - fuid - seen_bytes - missing_bytes - md5 - } - ssl { - cipher - established - resumed - version - } - } - } - } - } - } - } - } -`; diff --git a/x-pack/plugins/security_solution/server/graphql/authentications/index.ts b/x-pack/plugins/security_solution/server/graphql/authentications/index.ts deleted file mode 100644 index 8c16518590ad7..0000000000000 --- a/x-pack/plugins/security_solution/server/graphql/authentications/index.ts +++ /dev/null @@ -1,8 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -export { createAuthenticationsResolvers } from './resolvers'; -export { authenticationsSchema } from './schema.gql'; diff --git a/x-pack/plugins/security_solution/server/graphql/authentications/resolvers.ts b/x-pack/plugins/security_solution/server/graphql/authentications/resolvers.ts deleted file mode 100644 index b66ccd9a111b7..0000000000000 --- a/x-pack/plugins/security_solution/server/graphql/authentications/resolvers.ts +++ /dev/null @@ -1,35 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import { SourceResolvers } from '../../graphql/types'; -import { Authentications } from '../../lib/authentications'; -import { AppResolverOf, ChildResolverOf } from '../../lib/framework'; -import { createOptionsPaginated } from '../../utils/build_query/create_options'; -import { QuerySourceResolver } from '../sources/resolvers'; - -type QueryAuthenticationsResolver = ChildResolverOf< - AppResolverOf, - QuerySourceResolver ->; - -export interface AuthenticationsResolversDeps { - authentications: Authentications; -} - -export const createAuthenticationsResolvers = ( - libs: AuthenticationsResolversDeps -): { - Source: { - Authentications: QueryAuthenticationsResolver; - }; -} => ({ - Source: { - async Authentications(source, args, { req }, info) { - const options = createOptionsPaginated(source, args, info); - return libs.authentications.getAuthentications(req, options); - }, - }, -}); diff --git a/x-pack/plugins/security_solution/server/graphql/authentications/schema.gql.ts b/x-pack/plugins/security_solution/server/graphql/authentications/schema.gql.ts deleted file mode 100644 index 648a65fa24682..0000000000000 --- a/x-pack/plugins/security_solution/server/graphql/authentications/schema.gql.ts +++ /dev/null @@ -1,47 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import gql from 'graphql-tag'; - -export const authenticationsSchema = gql` - type LastSourceHost { - timestamp: Date - source: SourceEcsFields - host: HostEcsFields - } - - type AuthenticationItem { - _id: String! - failures: Float! - successes: Float! - user: UserEcsFields! - lastSuccess: LastSourceHost - lastFailure: LastSourceHost - } - - type AuthenticationsEdges { - node: AuthenticationItem! - cursor: CursorType! - } - - type AuthenticationsData { - edges: [AuthenticationsEdges!]! - totalCount: Float! - pageInfo: PageInfoPaginated! - inspect: Inspect - } - - extend type Source { - "Gets Authentication success and failures based on a timerange" - Authentications( - timerange: TimerangeInput! - pagination: PaginationInputPaginated! - filterQuery: String - defaultIndex: [String!]! - docValueFields: [docValueFieldsInput!]! - ): AuthenticationsData! - } -`; diff --git a/x-pack/plugins/security_solution/server/graphql/events/index.ts b/x-pack/plugins/security_solution/server/graphql/events/index.ts deleted file mode 100644 index c794dfa7170f2..0000000000000 --- a/x-pack/plugins/security_solution/server/graphql/events/index.ts +++ /dev/null @@ -1,8 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -export { createEsValueResolvers, createEventsResolvers } from './resolvers'; -export { eventsSchema } from './schema.gql'; diff --git a/x-pack/plugins/security_solution/server/graphql/events/resolvers.ts b/x-pack/plugins/security_solution/server/graphql/events/resolvers.ts deleted file mode 100644 index ef28ac523ff85..0000000000000 --- a/x-pack/plugins/security_solution/server/graphql/events/resolvers.ts +++ /dev/null @@ -1,105 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import { GraphQLScalarType, Kind } from 'graphql'; - -import { Events } from '../../lib/events'; -import { AppResolverOf, ChildResolverOf } from '../../lib/framework'; -import { createOptions } from '../../utils/build_query/create_options'; -import { QuerySourceResolver } from '../sources/resolvers'; -import { SourceResolvers } from '../types'; -import { LastEventTimeRequestOptions } from '../../lib/events/types'; - -type QueryTimelineResolver = ChildResolverOf< - AppResolverOf, - QuerySourceResolver ->; - -type QueryTimelineDetailsResolver = ChildResolverOf< - AppResolverOf, - QuerySourceResolver ->; - -type QueryLastEventTimeResolver = ChildResolverOf< - AppResolverOf, - QuerySourceResolver ->; - -export interface EventsResolversDeps { - events: Events; -} -export const createEventsResolvers = ( - libs: EventsResolversDeps -): { - Source: { - Timeline: QueryTimelineResolver; - TimelineDetails: QueryTimelineDetailsResolver; - LastEventTime: QueryLastEventTimeResolver; - }; -} => ({ - Source: { - async Timeline(source, args, { req }, info) { - const options = createOptions(source, args, info, 'edges.node.ecs.'); - return libs.events.getTimelineData(req, { - ...options, - fieldRequested: args.fieldRequested, - }); - }, - async TimelineDetails(source, args, { req }) { - return libs.events.getTimelineDetails(req, { - indexName: args.indexName, - eventId: args.eventId, - defaultIndex: args.defaultIndex, - }); - }, - async LastEventTime(source, args, { req }) { - const options: LastEventTimeRequestOptions = { - defaultIndex: args.defaultIndex, - docValueFields: args.docValueFields, - sourceConfiguration: source.configuration, - indexKey: args.indexKey, - details: args.details, - }; - return libs.events.getLastEventTimeData(req, options); - }, - }, -}); - -/* - * serialize: gets invoked when serializing the result to send it back to a client. - * - * parseValue: gets invoked to parse client input that was passed through variables. - * - * parseLiteral: gets invoked to parse client input that was passed inline in the query. - */ - -const esValueScalar = new GraphQLScalarType({ - name: 'DetailItemValue', - description: 'Represents value in detail item from the timeline who wants to more than one type', - serialize(value): string { - return value; - }, - parseValue(value) { - return value; - }, - parseLiteral(ast) { - switch (ast.kind) { - case Kind.INT: - return parseInt(ast.value, 10); - case Kind.FLOAT: - return parseFloat(ast.value); - case Kind.STRING: - return ast.value; - case Kind.LIST: - return ast.values; - case Kind.OBJECT: - return ast.fields; - } - return null; - }, -}); - -export const createEsValueResolvers = () => ({ EsValue: esValueScalar }); diff --git a/x-pack/plugins/security_solution/server/graphql/events/schema.gql.ts b/x-pack/plugins/security_solution/server/graphql/events/schema.gql.ts deleted file mode 100644 index eee4bc3e3a33f..0000000000000 --- a/x-pack/plugins/security_solution/server/graphql/events/schema.gql.ts +++ /dev/null @@ -1,95 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import gql from 'graphql-tag'; - -export const eventsSchema = gql` - scalar EsValue - - type EventsTimelineData { - edges: [EcsEdges!]! - totalCount: Float! - pageInfo: PageInfo! - inspect: Inspect - } - - type TimelineNonEcsData { - field: String! - value: ToStringArray - } - - type TimelineItem { - _id: String! - _index: String - data: [TimelineNonEcsData!]! - ecs: ECS! - } - - type TimelineEdges { - node: TimelineItem! - cursor: CursorType! - } - - type TimelineData { - edges: [TimelineEdges!]! - totalCount: Float! - pageInfo: PageInfo! - inspect: Inspect - } - - type DetailItem { - field: String! - values: ToStringArray - originalValue: EsValue - } - - input LastTimeDetails { - hostName: String - ip: String - } - - type TimelineDetailsData { - data: [DetailItem!] - inspect: Inspect - } - - type LastEventTimeData { - lastSeen: Date - inspect: Inspect - } - - enum LastEventIndexKey { - hostDetails - hosts - ipDetails - network - } - - extend type Source { - Timeline( - pagination: PaginationInput! - sortField: SortField! - fieldRequested: [String!]! - timerange: TimerangeInput - filterQuery: String - defaultIndex: [String!]! - docValueFields: [docValueFieldsInput!]! - ): TimelineData! - TimelineDetails( - eventId: String! - indexName: String! - defaultIndex: [String!]! - docValueFields: [docValueFieldsInput!]! - ): TimelineDetailsData! - LastEventTime( - id: String - indexKey: LastEventIndexKey! - details: LastTimeDetails! - defaultIndex: [String!]! - docValueFields: [docValueFieldsInput!]! - ): LastEventTimeData! - } -`; diff --git a/x-pack/plugins/security_solution/server/graphql/index.ts b/x-pack/plugins/security_solution/server/graphql/index.ts index d23494e0eeaa6..5eed9919825c3 100644 --- a/x-pack/plugins/security_solution/server/graphql/index.ts +++ b/x-pack/plugins/security_solution/server/graphql/index.ts @@ -7,13 +7,8 @@ import { rootSchema } from '../../common/graphql/root'; import { sharedSchema } from '../../common/graphql/shared'; -import { authenticationsSchema } from './authentications'; import { ecsSchema } from './ecs'; -import { eventsSchema } from './events'; import { hostsSchema } from './hosts'; -import { kpiHostsSchema } from './kpi_hosts'; -import { kpiNetworkSchema } from './kpi_network'; -import { networkSchema } from './network'; import { dateSchema } from './scalar_date'; import { noteSchema } from './note'; import { pinnedEventSchema } from './pinned_event'; @@ -24,22 +19,14 @@ import { toNumberSchema } from './scalar_to_number_array'; import { sourceStatusSchema } from './source_status'; import { sourcesSchema } from './sources'; import { timelineSchema } from './timeline'; -import { whoAmISchema } from './who_am_i'; -import { matrixHistogramSchema } from './matrix_histogram'; export const schemas = [ - authenticationsSchema, ecsSchema, - eventsSchema, dateSchema, toAnySchema, toNumberSchema, toDateSchema, toBooleanSchema, hostsSchema, - kpiNetworkSchema, - kpiHostsSchema, - matrixHistogramSchema, - networkSchema, noteSchema, pinnedEventSchema, rootSchema, @@ -47,5 +34,4 @@ export const schemas = [ sourceStatusSchema, sharedSchema, timelineSchema, - whoAmISchema, ]; diff --git a/x-pack/plugins/security_solution/server/graphql/kpi_hosts/index.ts b/x-pack/plugins/security_solution/server/graphql/kpi_hosts/index.ts deleted file mode 100644 index cb0f2be52adc7..0000000000000 --- a/x-pack/plugins/security_solution/server/graphql/kpi_hosts/index.ts +++ /dev/null @@ -1,8 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -export { createKpiHostsResolvers } from './resolvers'; -export { kpiHostsSchema } from './schema.gql'; diff --git a/x-pack/plugins/security_solution/server/graphql/kpi_hosts/resolvers.ts b/x-pack/plugins/security_solution/server/graphql/kpi_hosts/resolvers.ts deleted file mode 100644 index 6708bdcd55d62..0000000000000 --- a/x-pack/plugins/security_solution/server/graphql/kpi_hosts/resolvers.ts +++ /dev/null @@ -1,45 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import { SourceResolvers } from '../../graphql/types'; -import { AppResolverOf, ChildResolverOf } from '../../lib/framework'; -import { KpiHosts } from '../../lib/kpi_hosts'; -import { createOptions } from '../../utils/build_query/create_options'; -import { QuerySourceResolver } from '../sources/resolvers'; - -export type QueryKpiHostsResolver = ChildResolverOf< - AppResolverOf, - QuerySourceResolver ->; - -export type QueryKpiHostDetailsResolver = ChildResolverOf< - AppResolverOf, - QuerySourceResolver ->; - -export interface KpiHostsResolversDeps { - kpiHosts: KpiHosts; -} - -export const createKpiHostsResolvers = ( - libs: KpiHostsResolversDeps -): { - Source: { - KpiHosts: QueryKpiHostsResolver; - KpiHostDetails: QueryKpiHostDetailsResolver; - }; -} => ({ - Source: { - async KpiHosts(source, args, { req }, info) { - const options = { ...createOptions(source, args, info) }; - return libs.kpiHosts.getKpiHosts(req, options); - }, - async KpiHostDetails(source, args, { req }, info) { - const options = { ...createOptions(source, args, info) }; - return libs.kpiHosts.getKpiHostDetails(req, options); - }, - }, -}); diff --git a/x-pack/plugins/security_solution/server/graphql/kpi_hosts/schema.gql.ts b/x-pack/plugins/security_solution/server/graphql/kpi_hosts/schema.gql.ts deleted file mode 100644 index 49c988436e977..0000000000000 --- a/x-pack/plugins/security_solution/server/graphql/kpi_hosts/schema.gql.ts +++ /dev/null @@ -1,56 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import gql from 'graphql-tag'; - -export const kpiHostsSchema = gql` - type KpiHostHistogramData { - x: Float - y: Float - } - - type KpiHostsData { - hosts: Float - hostsHistogram: [KpiHostHistogramData!] - authSuccess: Float - authSuccessHistogram: [KpiHostHistogramData!] - authFailure: Float - authFailureHistogram: [KpiHostHistogramData!] - uniqueSourceIps: Float - uniqueSourceIpsHistogram: [KpiHostHistogramData!] - uniqueDestinationIps: Float - uniqueDestinationIpsHistogram: [KpiHostHistogramData!] - inspect: Inspect - } - - type KpiHostDetailsData { - authSuccess: Float - authSuccessHistogram: [KpiHostHistogramData!] - authFailure: Float - authFailureHistogram: [KpiHostHistogramData!] - uniqueSourceIps: Float - uniqueSourceIpsHistogram: [KpiHostHistogramData!] - uniqueDestinationIps: Float - uniqueDestinationIpsHistogram: [KpiHostHistogramData!] - inspect: Inspect - } - - extend type Source { - KpiHosts( - id: String - timerange: TimerangeInput! - filterQuery: String - defaultIndex: [String!]! - ): KpiHostsData! - - KpiHostDetails( - id: String - timerange: TimerangeInput! - filterQuery: String - defaultIndex: [String!]! - ): KpiHostDetailsData! - } -`; diff --git a/x-pack/plugins/security_solution/server/graphql/kpi_network/index.ts b/x-pack/plugins/security_solution/server/graphql/kpi_network/index.ts deleted file mode 100644 index bd9da6374d868..0000000000000 --- a/x-pack/plugins/security_solution/server/graphql/kpi_network/index.ts +++ /dev/null @@ -1,8 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -export { createKpiNetworkResolvers } from './resolvers'; -export { kpiNetworkSchema } from './schema.gql'; diff --git a/x-pack/plugins/security_solution/server/graphql/kpi_network/resolvers.ts b/x-pack/plugins/security_solution/server/graphql/kpi_network/resolvers.ts deleted file mode 100644 index b587d8c4ac726..0000000000000 --- a/x-pack/plugins/security_solution/server/graphql/kpi_network/resolvers.ts +++ /dev/null @@ -1,35 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import { SourceResolvers } from '../../graphql/types'; -import { AppResolverOf, ChildResolverOf } from '../../lib/framework'; -import { KpiNetwork } from '../../lib/kpi_network'; -import { createOptions } from '../../utils/build_query/create_options'; -import { QuerySourceResolver } from '../sources/resolvers'; - -export type QueryKipNetworkResolver = ChildResolverOf< - AppResolverOf, - QuerySourceResolver ->; - -export interface KpiNetworkResolversDeps { - kpiNetwork: KpiNetwork; -} - -export const createKpiNetworkResolvers = ( - libs: KpiNetworkResolversDeps -): { - Source: { - KpiNetwork: QueryKipNetworkResolver; - }; -} => ({ - Source: { - async KpiNetwork(source, args, { req }, info) { - const options = { ...createOptions(source, args, info) }; - return libs.kpiNetwork.getKpiNetwork(req, options); - }, - }, -}); diff --git a/x-pack/plugins/security_solution/server/graphql/kpi_network/schema.gql.ts b/x-pack/plugins/security_solution/server/graphql/kpi_network/schema.gql.ts deleted file mode 100644 index 830240a83bd91..0000000000000 --- a/x-pack/plugins/security_solution/server/graphql/kpi_network/schema.gql.ts +++ /dev/null @@ -1,35 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import gql from 'graphql-tag'; - -export const kpiNetworkSchema = gql` - type KpiNetworkHistogramData { - x: Float - y: Float - } - - type KpiNetworkData { - networkEvents: Float - uniqueFlowId: Float - uniqueSourcePrivateIps: Float - uniqueSourcePrivateIpsHistogram: [KpiNetworkHistogramData!] - uniqueDestinationPrivateIps: Float - uniqueDestinationPrivateIpsHistogram: [KpiNetworkHistogramData!] - dnsQueries: Float - tlsHandshakes: Float - inspect: Inspect - } - - extend type Source { - KpiNetwork( - id: String - timerange: TimerangeInput! - filterQuery: String - defaultIndex: [String!]! - ): KpiNetworkData - } -`; diff --git a/x-pack/plugins/security_solution/server/graphql/matrix_histogram/index.ts b/x-pack/plugins/security_solution/server/graphql/matrix_histogram/index.ts deleted file mode 100644 index 1460b6022bb13..0000000000000 --- a/x-pack/plugins/security_solution/server/graphql/matrix_histogram/index.ts +++ /dev/null @@ -1,8 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -export { createMatrixHistogramResolvers } from './resolvers'; -export { matrixHistogramSchema } from './schema.gql'; diff --git a/x-pack/plugins/security_solution/server/graphql/matrix_histogram/resolvers.ts b/x-pack/plugins/security_solution/server/graphql/matrix_histogram/resolvers.ts deleted file mode 100644 index 35cebe4777dcf..0000000000000 --- a/x-pack/plugins/security_solution/server/graphql/matrix_histogram/resolvers.ts +++ /dev/null @@ -1,39 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import { MatrixHistogram } from '../../lib/matrix_histogram'; -import { AppResolverOf, ChildResolverOf } from '../../lib/framework'; -import { createOptions } from '../../utils/build_query/create_options'; -import { QuerySourceResolver } from '../sources/resolvers'; -import { SourceResolvers } from '../types'; - -export interface MatrixHistogramResolversDeps { - matrixHistogram: MatrixHistogram; -} - -type QueryMatrixHistogramResolver = ChildResolverOf< - AppResolverOf, - QuerySourceResolver ->; - -export const createMatrixHistogramResolvers = ( - libs: MatrixHistogramResolversDeps -): { - Source: { - MatrixHistogram: QueryMatrixHistogramResolver; - }; -} => ({ - Source: { - async MatrixHistogram(source, args, { req }, info) { - const options = { - ...createOptions(source, args, info), - stackByField: args.stackByField, - histogramType: args.histogramType, - }; - return libs.matrixHistogram.getMatrixHistogramData(req, options); - }, - }, -}); diff --git a/x-pack/plugins/security_solution/server/graphql/matrix_histogram/schema.gql.ts b/x-pack/plugins/security_solution/server/graphql/matrix_histogram/schema.gql.ts deleted file mode 100644 index deda6dc6e5c1a..0000000000000 --- a/x-pack/plugins/security_solution/server/graphql/matrix_histogram/schema.gql.ts +++ /dev/null @@ -1,39 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import gql from 'graphql-tag'; - -export const matrixHistogramSchema = gql` - type MatrixOverTimeHistogramData { - x: Float - y: Float - g: String - } - - type MatrixHistogramOverTimeData { - inspect: Inspect - matrixHistogramData: [MatrixOverTimeHistogramData!]! - totalCount: Float! - } - - enum HistogramType { - authentications - anomalies - events - alerts - dns - } - - extend type Source { - MatrixHistogram( - filterQuery: String - defaultIndex: [String!]! - timerange: TimerangeInput! - stackByField: String! - histogramType: HistogramType! - ): MatrixHistogramOverTimeData! - } -`; diff --git a/x-pack/plugins/security_solution/server/graphql/network/index.ts b/x-pack/plugins/security_solution/server/graphql/network/index.ts deleted file mode 100644 index 5dba3b21c1108..0000000000000 --- a/x-pack/plugins/security_solution/server/graphql/network/index.ts +++ /dev/null @@ -1,8 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -export { createNetworkResolvers } from './resolvers'; -export { networkSchema } from './schema.gql'; diff --git a/x-pack/plugins/security_solution/server/graphql/network/resolvers.ts b/x-pack/plugins/security_solution/server/graphql/network/resolvers.ts deleted file mode 100644 index db15babc42a72..0000000000000 --- a/x-pack/plugins/security_solution/server/graphql/network/resolvers.ts +++ /dev/null @@ -1,83 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import { SourceResolvers } from '../../graphql/types'; -import { AppResolverOf, ChildResolverOf } from '../../lib/framework'; -import { Network } from '../../lib/network'; -import { createOptionsPaginated } from '../../utils/build_query/create_options'; -import { QuerySourceResolver } from '../sources/resolvers'; - -type QueryNetworkTopCountriesResolver = ChildResolverOf< - AppResolverOf, - QuerySourceResolver ->; - -type QueryNetworkTopNFlowResolver = ChildResolverOf< - AppResolverOf, - QuerySourceResolver ->; - -type QueryNetworkHttpResolver = ChildResolverOf< - AppResolverOf, - QuerySourceResolver ->; - -type QueryDnsResolver = ChildResolverOf< - AppResolverOf, - QuerySourceResolver ->; - -export interface NetworkResolversDeps { - network: Network; -} - -export const createNetworkResolvers = ( - libs: NetworkResolversDeps -): { - Source: { - NetworkHttp: QueryNetworkHttpResolver; - NetworkTopCountries: QueryNetworkTopCountriesResolver; - NetworkTopNFlow: QueryNetworkTopNFlowResolver; - NetworkDns: QueryDnsResolver; - }; -} => ({ - Source: { - async NetworkTopCountries(source, args, { req }, info) { - const options = { - ...createOptionsPaginated(source, args, info), - flowTarget: args.flowTarget, - networkTopCountriesSort: args.sort, - ip: args.ip, - }; - return libs.network.getNetworkTopCountries(req, options); - }, - async NetworkTopNFlow(source, args, { req }, info) { - const options = { - ...createOptionsPaginated(source, args, info), - flowTarget: args.flowTarget, - networkTopNFlowSort: args.sort, - ip: args.ip, - }; - return libs.network.getNetworkTopNFlow(req, options); - }, - async NetworkHttp(source, args, { req }, info) { - const options = { - ...createOptionsPaginated(source, args, info), - networkHttpSort: args.sort, - ip: args.ip, - }; - return libs.network.getNetworkHttp(req, options); - }, - async NetworkDns(source, args, { req }, info) { - const options = { - ...createOptionsPaginated(source, args, info), - networkDnsSortField: args.sort, - isPtrIncluded: args.isPtrIncluded, - }; - return libs.network.getNetworkDns(req, options); - }, - }, -}); diff --git a/x-pack/plugins/security_solution/server/graphql/network/schema.gql.ts b/x-pack/plugins/security_solution/server/graphql/network/schema.gql.ts deleted file mode 100644 index 9bb8a48c12f0d..0000000000000 --- a/x-pack/plugins/security_solution/server/graphql/network/schema.gql.ts +++ /dev/null @@ -1,253 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import gql from 'graphql-tag'; - -export const networkSchema = gql` - enum NetworkDirectionEcs { - inbound - outbound - internal - external - incoming - outgoing - listening - unknown - } - - type TopNetworkTablesEcsField { - bytes_in: Float - bytes_out: Float - } - - type GeoItem { - geo: GeoEcsFields - flowTarget: FlowTargetSourceDest - } - - type AutonomousSystemItem { - name: String - number: Float - } - - type TopCountriesItemSource { - country: String - destination_ips: Float - flows: Float - location: GeoItem - source_ips: Float - } - - type TopCountriesItemDestination { - country: String - destination_ips: Float - flows: Float - location: GeoItem - source_ips: Float - } - - type NetworkTopCountriesItem { - _id: String - source: TopCountriesItemSource - destination: TopCountriesItemDestination - network: TopNetworkTablesEcsField - } - - type NetworkTopCountriesEdges { - node: NetworkTopCountriesItem! - cursor: CursorType! - } - - type NetworkTopCountriesData { - edges: [NetworkTopCountriesEdges!]! - totalCount: Float! - pageInfo: PageInfoPaginated! - inspect: Inspect - } - - type TopNFlowItemSource { - autonomous_system: AutonomousSystemItem - domain: [String!] - ip: String - location: GeoItem - flows: Float - destination_ips: Float - } - - type TopNFlowItemDestination { - autonomous_system: AutonomousSystemItem - domain: [String!] - ip: String - location: GeoItem - flows: Float - source_ips: Float - } - - enum NetworkTopTablesFields { - bytes_in - bytes_out - flows - destination_ips - source_ips - } - - input NetworkTopTablesSortField { - field: NetworkTopTablesFields! - direction: Direction! - } - - type NetworkTopNFlowItem { - _id: String - source: TopNFlowItemSource - destination: TopNFlowItemDestination - network: TopNetworkTablesEcsField - } - - type NetworkTopNFlowEdges { - node: NetworkTopNFlowItem! - cursor: CursorType! - } - - type NetworkTopNFlowData { - edges: [NetworkTopNFlowEdges!]! - totalCount: Float! - pageInfo: PageInfoPaginated! - inspect: Inspect - } - - enum NetworkDnsFields { - dnsName - queryCount - uniqueDomains - dnsBytesIn - dnsBytesOut - } - - input NetworkDnsSortField { - field: NetworkDnsFields! - direction: Direction! - } - - type NetworkDnsItem { - _id: String - dnsBytesIn: Float - dnsBytesOut: Float - dnsName: String - queryCount: Float - uniqueDomains: Float - } - - type NetworkDnsEdges { - node: NetworkDnsItem! - cursor: CursorType! - } - - type MatrixOverOrdinalHistogramData { - x: String! - y: Float! - g: String! - } - - type NetworkDnsData { - edges: [NetworkDnsEdges!]! - totalCount: Float! - pageInfo: PageInfoPaginated! - inspect: Inspect - histogram: [MatrixOverOrdinalHistogramData!] - } - - enum NetworkHttpFields { - domains - lastHost - lastSourceIp - methods - path - requestCount - statuses - } - - input NetworkHttpSortField { - direction: Direction! - } - - type NetworkHttpItem { - _id: String - domains: [String!]! - lastHost: String - lastSourceIp: String - methods: [String!]! - path: String - requestCount: Float - statuses: [String!]! - } - - type NetworkHttpEdges { - node: NetworkHttpItem! - cursor: CursorType! - } - - type NetworkHttpData { - edges: [NetworkHttpEdges!]! - totalCount: Float! - pageInfo: PageInfoPaginated! - inspect: Inspect - } - - type NetworkDsOverTimeData { - inspect: Inspect - matrixHistogramData: [MatrixOverTimeHistogramData!]! - totalCount: Float! - } - - extend type Source { - NetworkTopCountries( - id: String - filterQuery: String - ip: String - flowTarget: FlowTargetSourceDest! - pagination: PaginationInputPaginated! - sort: NetworkTopTablesSortField! - timerange: TimerangeInput! - defaultIndex: [String!]! - ): NetworkTopCountriesData! - NetworkTopNFlow( - id: String - filterQuery: String - ip: String - flowTarget: FlowTargetSourceDest! - pagination: PaginationInputPaginated! - sort: NetworkTopTablesSortField! - timerange: TimerangeInput! - defaultIndex: [String!]! - ): NetworkTopNFlowData! - NetworkDns( - filterQuery: String - id: String - isPtrIncluded: Boolean! - pagination: PaginationInputPaginated! - sort: NetworkDnsSortField! - stackByField: String - timerange: TimerangeInput! - defaultIndex: [String!]! - ): NetworkDnsData! - NetworkDnsHistogram( - filterQuery: String - defaultIndex: [String!]! - timerange: TimerangeInput! - stackByField: String - docValueFields: [docValueFieldsInput!]! - ): NetworkDsOverTimeData! - NetworkHttp( - id: String - filterQuery: String - ip: String - pagination: PaginationInputPaginated! - sort: NetworkHttpSortField! - timerange: TimerangeInput! - defaultIndex: [String!]! - ): NetworkHttpData! - } -`; diff --git a/x-pack/plugins/security_solution/server/graphql/types.ts b/x-pack/plugins/security_solution/server/graphql/types.ts index 5f370ab1b8c9f..7d2ce8a284994 100644 --- a/x-pack/plugins/security_solution/server/graphql/types.ts +++ b/x-pack/plugins/security_solution/server/graphql/types.ts @@ -42,53 +42,16 @@ export interface PaginationInputPaginated { querySize: number; } -export interface DocValueFieldsInput { - field: string; - - format: string; -} - -export interface PaginationInput { - /** The limit parameter allows you to configure the maximum amount of items to be returned */ - limit: number; - /** The cursor parameter defines the next result you want to fetch */ - cursor?: Maybe; - /** The tiebreaker parameter allow to be more precise to fetch the next item */ - tiebreaker?: Maybe; -} - -export interface SortField { - sortFieldId: string; - - direction: Direction; -} - -export interface LastTimeDetails { - hostName?: Maybe; - - ip?: Maybe; -} - export interface HostsSortField { field: HostsFields; direction: Direction; } -export interface NetworkTopTablesSortField { - field: NetworkTopTablesFields; - - direction: Direction; -} - -export interface NetworkDnsSortField { - field: NetworkDnsFields; - - direction: Direction; -} +export interface DocValueFieldsInput { + field: string; -export interface NetworkHttpSortField { - direction: Direction; + format: string; } export interface PageInfoTimeline { @@ -269,6 +232,21 @@ export interface SortTimelineInput { sortDirection?: Maybe; } +export interface PaginationInput { + /** The limit parameter allows you to configure the maximum amount of items to be returned */ + limit: number; + /** The cursor parameter defines the next result you want to fetch */ + cursor?: Maybe; + /** The tiebreaker parameter allow to be more precise to fetch the next item */ + tiebreaker?: Maybe; +} + +export interface SortField { + sortFieldId: string; + + direction: Direction; +} + export interface FavoriteTimelineInput { fullName?: Maybe; @@ -287,13 +265,6 @@ export enum Direction { desc = 'desc', } -export enum LastEventIndexKey { - hostDetails = 'hostDetails', - hosts = 'hosts', - ipDetails = 'ipDetails', - network = 'network', -} - export enum HostsFields { hostName = 'hostName', lastSeen = 'lastSeen', @@ -305,35 +276,6 @@ export enum HostPolicyResponseActionStatus { warning = 'warning', } -export enum HistogramType { - authentications = 'authentications', - anomalies = 'anomalies', - events = 'events', - alerts = 'alerts', - dns = 'dns', -} - -export enum FlowTargetSourceDest { - destination = 'destination', - source = 'source', -} - -export enum NetworkTopTablesFields { - bytes_in = 'bytes_in', - bytes_out = 'bytes_out', - flows = 'flows', - destination_ips = 'destination_ips', - source_ips = 'source_ips', -} - -export enum NetworkDnsFields { - dnsName = 'dnsName', - queryCount = 'queryCount', - uniqueDomains = 'uniqueDomains', - dnsBytesIn = 'dnsBytesIn', - dnsBytesOut = 'dnsBytesOut', -} - export enum DataProviderType { default = 'default', template = 'template', @@ -373,27 +315,6 @@ export enum SortFieldTimeline { created = 'created', } -export enum NetworkDirectionEcs { - inbound = 'inbound', - outbound = 'outbound', - internal = 'internal', - external = 'external', - incoming = 'incoming', - outgoing = 'outgoing', - listening = 'listening', - unknown = 'unknown', -} - -export enum NetworkHttpFields { - domains = 'domains', - lastHost = 'lastHost', - lastSourceIp = 'lastSourceIp', - methods = 'methods', - path = 'path', - requestCount = 'requestCount', - statuses = 'statuses', -} - export enum FlowTarget { client = 'client', destination = 'destination', @@ -401,6 +322,11 @@ export enum FlowTarget { source = 'source', } +export enum FlowTargetSourceDest { + destination = 'destination', + source = 'source', +} + export enum FlowDirection { uniDirectional = 'uniDirectional', biDirectional = 'biDirectional', @@ -410,17 +336,15 @@ export type ToStringArray = string[] | string; export type Date = string; -export type ToNumberArray = number[] | number; - -export type ToDateArray = string[] | string; +export type ToAny = any; -export type ToBooleanArray = boolean[] | boolean; +export type ToStringArrayNoNullable = any; -export type ToAny = any; +export type ToDateArray = string[] | string; -export type EsValue = any; +export type ToNumberArray = number[] | number; -export type ToStringArrayNoNullable = any; +export type ToBooleanArray = boolean[] | boolean; export type ToIFieldSubTypeNonNullable = any; @@ -511,40 +435,12 @@ export interface Source { configuration: SourceConfiguration; /** The status of the source */ status: SourceStatus; - /** Gets Authentication success and failures based on a timerange */ - Authentications: AuthenticationsData; - - Timeline: TimelineData; - - TimelineDetails: TimelineDetailsData; - - LastEventTime: LastEventTimeData; /** Gets Hosts based on timerange and specified criteria, or all events in the timerange if no criteria is specified */ Hosts: HostsData; HostOverview: HostItem; HostFirstLastSeen: FirstLastSeenHost; - - KpiNetwork?: Maybe; - - KpiHosts: KpiHostsData; - - KpiHostDetails: KpiHostDetailsData; - - MatrixHistogram: MatrixHistogramOverTimeData; - - NetworkTopCountries: NetworkTopCountriesData; - - NetworkTopNFlow: NetworkTopNFlowData; - - NetworkDns: NetworkDnsData; - - NetworkDnsHistogram: NetworkDsOverTimeData; - - NetworkHttp: NetworkHttpData; - /** Just a simple example to get the app name */ - whoAmI?: Maybe; } /** A set of configuration options for a security data source */ @@ -577,8 +473,8 @@ export interface SourceStatus { indexFields: string[]; } -export interface AuthenticationsData { - edges: AuthenticationsEdges[]; +export interface HostsData { + edges: HostsEdges[]; totalCount: number; @@ -587,84 +483,50 @@ export interface AuthenticationsData { inspect?: Maybe; } -export interface AuthenticationsEdges { - node: AuthenticationItem; +export interface HostsEdges { + node: HostItem; cursor: CursorType; } -export interface AuthenticationItem { - _id: string; +export interface HostItem { + _id?: Maybe; - failures: number; + cloud?: Maybe; - successes: number; + endpoint?: Maybe; - user: UserEcsFields; + host?: Maybe; - lastSuccess?: Maybe; + inspect?: Maybe; - lastFailure?: Maybe; + lastSeen?: Maybe; } -export interface UserEcsFields { - domain?: Maybe; - - id?: Maybe; - - name?: Maybe; - - full_name?: Maybe; +export interface CloudFields { + instance?: Maybe; - email?: Maybe; + machine?: Maybe; - hash?: Maybe; + provider?: Maybe<(Maybe)[]>; - group?: Maybe; + region?: Maybe<(Maybe)[]>; } -export interface LastSourceHost { - timestamp?: Maybe; - - source?: Maybe; - - host?: Maybe; +export interface CloudInstance { + id?: Maybe<(Maybe)[]>; } -export interface SourceEcsFields { - bytes?: Maybe; - - ip?: Maybe; - - port?: Maybe; - - domain?: Maybe; - - geo?: Maybe; - - packets?: Maybe; +export interface CloudMachine { + type?: Maybe<(Maybe)[]>; } -export interface GeoEcsFields { - city_name?: Maybe; - - continent_name?: Maybe; - - country_iso_code?: Maybe; - - country_name?: Maybe; - - location?: Maybe; - - region_iso_code?: Maybe; - - region_name?: Maybe; -} +export interface EndpointFields { + endpointPolicy?: Maybe; -export interface Location { - lon?: Maybe; + sensorVersion?: Maybe; - lat?: Maybe; + policyStatus?: Maybe; } export interface HostEcsFields { @@ -697,6 +559,12 @@ export interface OsEcsFields { kernel?: Maybe; } +export interface Inspect { + dsl: string[]; + + response: string[]; +} + export interface CursorType { value?: Maybe; @@ -711,196 +579,267 @@ export interface PageInfoPaginated { showMorePagesIndicator: boolean; } -export interface Inspect { - dsl: string[]; +export interface FirstLastSeenHost { + inspect?: Maybe; - response: string[]; + firstSeen?: Maybe; + + lastSeen?: Maybe; } -export interface TimelineData { - edges: TimelineEdges[]; +export interface TimelineResult { + columns?: Maybe; - totalCount: number; + created?: Maybe; - pageInfo: PageInfo; + createdBy?: Maybe; - inspect?: Maybe; -} + dataProviders?: Maybe; -export interface TimelineEdges { - node: TimelineItem; + dateRange?: Maybe; - cursor: CursorType; -} + description?: Maybe; -export interface TimelineItem { - _id: string; + eventIdToNoteIds?: Maybe; - _index?: Maybe; + eventType?: Maybe; - data: TimelineNonEcsData[]; + excludedRowRendererIds?: Maybe; - ecs: Ecs; -} + favorite?: Maybe; -export interface TimelineNonEcsData { - field: string; + filters?: Maybe; - value?: Maybe; -} + kqlMode?: Maybe; -export interface Ecs { - _id: string; + kqlQuery?: Maybe; - _index?: Maybe; + indexNames?: Maybe; - agent?: Maybe; + notes?: Maybe; - auditd?: Maybe; + noteIds?: Maybe; - destination?: Maybe; + pinnedEventIds?: Maybe; - dns?: Maybe; + pinnedEventsSaveObject?: Maybe; - endgame?: Maybe; + savedQueryId?: Maybe; - event?: Maybe; + savedObjectId: string; - geo?: Maybe; + sort?: Maybe; - host?: Maybe; + status?: Maybe; - network?: Maybe; + title?: Maybe; - rule?: Maybe; + templateTimelineId?: Maybe; - signal?: Maybe; + templateTimelineVersion?: Maybe; - source?: Maybe; + timelineType?: Maybe; - suricata?: Maybe; + updated?: Maybe; - tls?: Maybe; + updatedBy?: Maybe; - zeek?: Maybe; + version: string; +} - http?: Maybe; +export interface ColumnHeaderResult { + aggregatable?: Maybe; - url?: Maybe; + category?: Maybe; - timestamp?: Maybe; + columnHeaderType?: Maybe; - message?: Maybe; + description?: Maybe; - user?: Maybe; + example?: Maybe; - winlog?: Maybe; + indexes?: Maybe; - process?: Maybe; + id?: Maybe; - file?: Maybe; + name?: Maybe; - system?: Maybe; -} + placeholder?: Maybe; -export interface AgentEcsField { - type?: Maybe; + searchable?: Maybe; + + type?: Maybe; } -export interface AuditdEcsFields { - result?: Maybe; +export interface DataProviderResult { + id?: Maybe; - session?: Maybe; + name?: Maybe; - data?: Maybe; + enabled?: Maybe; - summary?: Maybe; + excluded?: Maybe; - sequence?: Maybe; + kqlQuery?: Maybe; + + queryMatch?: Maybe; + + type?: Maybe; + + and?: Maybe; } -export interface AuditdData { - acct?: Maybe; +export interface QueryMatchResult { + field?: Maybe; - terminal?: Maybe; + displayField?: Maybe; - op?: Maybe; + value?: Maybe; + + displayValue?: Maybe; + + operator?: Maybe; } -export interface Summary { - actor?: Maybe; +export interface DateRangePickerResult { + start?: Maybe; - object?: Maybe; + end?: Maybe; +} - how?: Maybe; +export interface FavoriteTimelineResult { + fullName?: Maybe; - message_type?: Maybe; + userName?: Maybe; - sequence?: Maybe; + favoriteDate?: Maybe; } -export interface PrimarySecondary { - primary?: Maybe; +export interface FilterTimelineResult { + exists?: Maybe; - secondary?: Maybe; + meta?: Maybe; - type?: Maybe; + match_all?: Maybe; + + missing?: Maybe; + + query?: Maybe; + + range?: Maybe; + + script?: Maybe; } -export interface DestinationEcsFields { - bytes?: Maybe; +export interface FilterMetaTimelineResult { + alias?: Maybe; - ip?: Maybe; + controlledBy?: Maybe; - port?: Maybe; + disabled?: Maybe; - domain?: Maybe; + field?: Maybe; - geo?: Maybe; + formattedValue?: Maybe; - packets?: Maybe; + index?: Maybe; + + key?: Maybe; + + negate?: Maybe; + + params?: Maybe; + + type?: Maybe; + + value?: Maybe; } -export interface DnsEcsFields { - question?: Maybe; +export interface SerializedFilterQueryResult { + filterQuery?: Maybe; +} - resolved_ip?: Maybe; +export interface SerializedKueryQueryResult { + kuery?: Maybe; - response_code?: Maybe; + serializedQuery?: Maybe; } -export interface DnsQuestionData { - name?: Maybe; +export interface KueryFilterQueryResult { + kind?: Maybe; - type?: Maybe; + expression?: Maybe; } -export interface EndgameEcsFields { - exit_code?: Maybe; +export interface SortTimelineResult { + columnId?: Maybe; - file_name?: Maybe; + sortDirection?: Maybe; +} - file_path?: Maybe; +export interface ResponseTimelines { + timeline: (Maybe)[]; - logon_type?: Maybe; + totalCount?: Maybe; - parent_process_name?: Maybe; + defaultTimelineCount?: Maybe; - pid?: Maybe; + templateTimelineCount?: Maybe; - process_name?: Maybe; + elasticTemplateTimelineCount?: Maybe; - subject_domain_name?: Maybe; + customTemplateTimelineCount?: Maybe; - subject_logon_id?: Maybe; + favoriteCount?: Maybe; +} - subject_user_name?: Maybe; +export interface Mutation { + /** Persists a note */ + persistNote: ResponseNote; - target_domain_name?: Maybe; + deleteNote?: Maybe; - target_logon_id?: Maybe; + deleteNoteByTimelineId?: Maybe; + /** Persists a pinned event in a timeline */ + persistPinnedEventOnTimeline?: Maybe; + /** Remove a pinned events in a timeline */ + deletePinnedEventOnTimeline: boolean; + /** Remove all pinned events in a timeline */ + deleteAllPinnedEventsOnTimeline: boolean; + /** Persists a timeline */ + persistTimeline: ResponseTimeline; - target_user_name?: Maybe; + persistFavorite: ResponseFavoriteTimeline; + + deleteTimeline: boolean; +} + +export interface ResponseNote { + code?: Maybe; + + message?: Maybe; + + note: NoteResult; +} + +export interface ResponseTimeline { + code?: Maybe; + + message?: Maybe; + + timeline: TimelineResult; +} + +export interface ResponseFavoriteTimeline { + code?: Maybe; + + message?: Maybe; + + savedObjectId: string; + + version: string; + + favorite?: Maybe; } export interface EventEcsFields { @@ -943,110 +882,176 @@ export interface EventEcsFields { type?: Maybe; } -export interface NetworkEcsField { - bytes?: Maybe; - - community_id?: Maybe; +export interface Location { + lon?: Maybe; - direction?: Maybe; + lat?: Maybe; +} - packets?: Maybe; +export interface GeoEcsFields { + city_name?: Maybe; - protocol?: Maybe; + continent_name?: Maybe; - transport?: Maybe; -} + country_iso_code?: Maybe; -export interface RuleEcsField { - reference?: Maybe; -} + country_name?: Maybe; -export interface SignalField { - rule?: Maybe; + location?: Maybe; - original_time?: Maybe; + region_iso_code?: Maybe; - status?: Maybe; + region_name?: Maybe; } -export interface RuleField { - id?: Maybe; +export interface PrimarySecondary { + primary?: Maybe; - rule_id?: Maybe; + secondary?: Maybe; - false_positives: string[]; + type?: Maybe; +} - saved_id?: Maybe; +export interface Summary { + actor?: Maybe; - timeline_id?: Maybe; + object?: Maybe; - timeline_title?: Maybe; + how?: Maybe; - max_signals?: Maybe; + message_type?: Maybe; - risk_score?: Maybe; + sequence?: Maybe; +} - output_index?: Maybe; +export interface AgentEcsField { + type?: Maybe; +} - description?: Maybe; +export interface AuditdData { + acct?: Maybe; - from?: Maybe; + terminal?: Maybe; - immutable?: Maybe; + op?: Maybe; +} - index?: Maybe; +export interface AuditdEcsFields { + result?: Maybe; - interval?: Maybe; + session?: Maybe; - language?: Maybe; + data?: Maybe; - query?: Maybe; + summary?: Maybe; - references?: Maybe; + sequence?: Maybe; +} - severity?: Maybe; +export interface Thread { + id?: Maybe; - tags?: Maybe; + start?: Maybe; +} - threat?: Maybe; +export interface ProcessHashData { + md5?: Maybe; - type?: Maybe; + sha1?: Maybe; - size?: Maybe; + sha256?: Maybe; +} - to?: Maybe; +export interface ProcessEcsFields { + hash?: Maybe; - enabled?: Maybe; + pid?: Maybe; - filters?: Maybe; + name?: Maybe; - created_at?: Maybe; + ppid?: Maybe; - updated_at?: Maybe; + args?: Maybe; - created_by?: Maybe; + entity_id?: Maybe; - updated_by?: Maybe; + executable?: Maybe; - version?: Maybe; + title?: Maybe; - note?: Maybe; + thread?: Maybe; - threshold?: Maybe; + working_directory?: Maybe; +} - exceptions_list?: Maybe; +export interface SourceEcsFields { + bytes?: Maybe; + + ip?: Maybe; + + port?: Maybe; + + domain?: Maybe; + + geo?: Maybe; + + packets?: Maybe; } -export interface SuricataEcsFields { - eve?: Maybe; +export interface DestinationEcsFields { + bytes?: Maybe; + + ip?: Maybe; + + port?: Maybe; + + domain?: Maybe; + + geo?: Maybe; + + packets?: Maybe; } -export interface SuricataEveData { - alert?: Maybe; +export interface DnsQuestionData { + name?: Maybe; - flow_id?: Maybe; + type?: Maybe; +} - proto?: Maybe; +export interface DnsEcsFields { + question?: Maybe; + + resolved_ip?: Maybe; + + response_code?: Maybe; +} + +export interface EndgameEcsFields { + exit_code?: Maybe; + + file_name?: Maybe; + + file_path?: Maybe; + + logon_type?: Maybe; + + parent_process_name?: Maybe; + + pid?: Maybe; + + process_name?: Maybe; + + subject_domain_name?: Maybe; + + subject_logon_id?: Maybe; + + subject_user_name?: Maybe; + + target_domain_name?: Maybe; + + target_logon_id?: Maybe; + + target_user_name?: Maybe; } export interface SuricataAlertData { @@ -1055,48 +1060,44 @@ export interface SuricataAlertData { signature_id?: Maybe; } -export interface TlsEcsFields { - client_certificate?: Maybe; +export interface SuricataEveData { + alert?: Maybe; - fingerprints?: Maybe; + flow_id?: Maybe; - server_certificate?: Maybe; + proto?: Maybe; } -export interface TlsClientCertificateData { - fingerprint?: Maybe; +export interface SuricataEcsFields { + eve?: Maybe; } -export interface FingerprintData { - sha1?: Maybe; +export interface TlsJa3Data { + hash?: Maybe; } -export interface TlsFingerprintsData { - ja3?: Maybe; +export interface FingerprintData { + sha1?: Maybe; } -export interface TlsJa3Data { - hash?: Maybe; +export interface TlsClientCertificateData { + fingerprint?: Maybe; } export interface TlsServerCertificateData { fingerprint?: Maybe; } -export interface ZeekEcsFields { - session_id?: Maybe; - - connection?: Maybe; - - notice?: Maybe; - - dns?: Maybe; +export interface TlsFingerprintsData { + ja3?: Maybe; +} - http?: Maybe; +export interface TlsEcsFields { + client_certificate?: Maybe; - files?: Maybe; + fingerprints?: Maybe; - ssl?: Maybe; + server_certificate?: Maybe; } export interface ZeekConnectionData { @@ -1151,6 +1152,38 @@ export interface ZeekDnsData { TC?: Maybe; } +export interface FileFields { + name?: Maybe; + + path?: Maybe; + + target_path?: Maybe; + + extension?: Maybe; + + type?: Maybe; + + device?: Maybe; + + inode?: Maybe; + + uid?: Maybe; + + owner?: Maybe; + + gid?: Maybe; + + group?: Maybe; + + mode?: Maybe; + + size?: Maybe; + + mtime?: Maybe; + + ctime?: Maybe; +} + export interface ZeekHttpData { resp_mime_types?: Maybe; @@ -1163,6 +1196,48 @@ export interface ZeekHttpData { tags?: Maybe; } +export interface HttpBodyData { + content?: Maybe; + + bytes?: Maybe; +} + +export interface HttpRequestData { + method?: Maybe; + + body?: Maybe; + + referrer?: Maybe; + + bytes?: Maybe; +} + +export interface HttpResponseData { + status_code?: Maybe; + + body?: Maybe; + + bytes?: Maybe; +} + +export interface HttpEcsFields { + version?: Maybe; + + request?: Maybe; + + response?: Maybe; +} + +export interface UrlEcsFields { + domain?: Maybe; + + original?: Maybe; + + username?: Maybe; + + password?: Maybe; +} + export interface ZeekFileData { session_ids?: Maybe; @@ -1211,128 +1286,54 @@ export interface ZeekSslData { version?: Maybe; } -export interface HttpEcsFields { - version?: Maybe; +export interface ZeekEcsFields { + session_id?: Maybe; - request?: Maybe; + connection?: Maybe; - response?: Maybe; -} + notice?: Maybe; -export interface HttpRequestData { - method?: Maybe; + dns?: Maybe; - body?: Maybe; + http?: Maybe; - referrer?: Maybe; + files?: Maybe; - bytes?: Maybe; + ssl?: Maybe; } -export interface HttpBodyData { - content?: Maybe; +export interface UserEcsFields { + domain?: Maybe; - bytes?: Maybe; -} + id?: Maybe; -export interface HttpResponseData { - status_code?: Maybe; + name?: Maybe; - body?: Maybe; + full_name?: Maybe; - bytes?: Maybe; -} + email?: Maybe; -export interface UrlEcsFields { - domain?: Maybe; + hash?: Maybe; - original?: Maybe; - - username?: Maybe; - - password?: Maybe; -} + group?: Maybe; +} export interface WinlogEcsFields { event_id?: Maybe; } -export interface ProcessEcsFields { - hash?: Maybe; - - pid?: Maybe; - - name?: Maybe; - - ppid?: Maybe; - - args?: Maybe; - - entity_id?: Maybe; - - executable?: Maybe; - - title?: Maybe; - - thread?: Maybe; - - working_directory?: Maybe; -} - -export interface ProcessHashData { - md5?: Maybe; - - sha1?: Maybe; - - sha256?: Maybe; -} - -export interface Thread { - id?: Maybe; - - start?: Maybe; -} - -export interface FileFields { - name?: Maybe; - - path?: Maybe; - - target_path?: Maybe; - - extension?: Maybe; - - type?: Maybe; - - device?: Maybe; - - inode?: Maybe; - - uid?: Maybe; - - owner?: Maybe; - - gid?: Maybe; - - group?: Maybe; - - mode?: Maybe; - - size?: Maybe; +export interface NetworkEcsField { + bytes?: Maybe; - mtime?: Maybe; + community_id?: Maybe; - ctime?: Maybe; -} + direction?: Maybe; -export interface SystemEcsField { - audit?: Maybe; + packets?: Maybe; - auth?: Maybe; -} + protocol?: Maybe; -export interface AuditEcsFields { - package?: Maybe; + transport?: Maybe; } export interface PackageEcsFields { @@ -1349,8 +1350,8 @@ export interface PackageEcsFields { version?: Maybe; } -export interface AuthEcsFields { - ssh?: Maybe; +export interface AuditEcsFields { + package?: Maybe; } export interface SshEcsFields { @@ -1359,6688 +1360,4387 @@ export interface SshEcsFields { signature?: Maybe; } -export interface PageInfo { - endCursor?: Maybe; - - hasNextPage?: Maybe; +export interface AuthEcsFields { + ssh?: Maybe; } -export interface TimelineDetailsData { - data?: Maybe; +export interface SystemEcsField { + audit?: Maybe; - inspect?: Maybe; + auth?: Maybe; } -export interface DetailItem { - field: string; - - values?: Maybe; - - originalValue?: Maybe; -} +export interface RuleField { + id?: Maybe; -export interface LastEventTimeData { - lastSeen?: Maybe; + rule_id?: Maybe; - inspect?: Maybe; -} + false_positives: string[]; -export interface HostsData { - edges: HostsEdges[]; + saved_id?: Maybe; - totalCount: number; + timeline_id?: Maybe; - pageInfo: PageInfoPaginated; + timeline_title?: Maybe; - inspect?: Maybe; -} + max_signals?: Maybe; -export interface HostsEdges { - node: HostItem; + risk_score?: Maybe; - cursor: CursorType; -} + output_index?: Maybe; -export interface HostItem { - _id?: Maybe; + description?: Maybe; - cloud?: Maybe; + from?: Maybe; - endpoint?: Maybe; + immutable?: Maybe; - host?: Maybe; + index?: Maybe; - inspect?: Maybe; + interval?: Maybe; - lastSeen?: Maybe; -} + language?: Maybe; -export interface CloudFields { - instance?: Maybe; + query?: Maybe; - machine?: Maybe; + references?: Maybe; - provider?: Maybe<(Maybe)[]>; + severity?: Maybe; - region?: Maybe<(Maybe)[]>; -} + tags?: Maybe; -export interface CloudInstance { - id?: Maybe<(Maybe)[]>; -} + threat?: Maybe; -export interface CloudMachine { - type?: Maybe<(Maybe)[]>; -} + type?: Maybe; -export interface EndpointFields { - endpointPolicy?: Maybe; + size?: Maybe; - sensorVersion?: Maybe; + to?: Maybe; - policyStatus?: Maybe; -} + enabled?: Maybe; -export interface FirstLastSeenHost { - inspect?: Maybe; + filters?: Maybe; - firstSeen?: Maybe; + created_at?: Maybe; - lastSeen?: Maybe; -} + updated_at?: Maybe; -export interface KpiNetworkData { - networkEvents?: Maybe; + created_by?: Maybe; - uniqueFlowId?: Maybe; + updated_by?: Maybe; - uniqueSourcePrivateIps?: Maybe; + version?: Maybe; - uniqueSourcePrivateIpsHistogram?: Maybe; + note?: Maybe; - uniqueDestinationPrivateIps?: Maybe; + threshold?: Maybe; - uniqueDestinationPrivateIpsHistogram?: Maybe; + exceptions_list?: Maybe; +} - dnsQueries?: Maybe; +export interface SignalField { + rule?: Maybe; - tlsHandshakes?: Maybe; + original_time?: Maybe; - inspect?: Maybe; + status?: Maybe; } -export interface KpiNetworkHistogramData { - x?: Maybe; - - y?: Maybe; +export interface RuleEcsField { + reference?: Maybe; } -export interface KpiHostsData { - hosts?: Maybe; - - hostsHistogram?: Maybe; - - authSuccess?: Maybe; - - authSuccessHistogram?: Maybe; - - authFailure?: Maybe; - - authFailureHistogram?: Maybe; - - uniqueSourceIps?: Maybe; +export interface Ecs { + _id: string; - uniqueSourceIpsHistogram?: Maybe; + _index?: Maybe; - uniqueDestinationIps?: Maybe; + agent?: Maybe; - uniqueDestinationIpsHistogram?: Maybe; + auditd?: Maybe; - inspect?: Maybe; -} + destination?: Maybe; -export interface KpiHostHistogramData { - x?: Maybe; + dns?: Maybe; - y?: Maybe; -} + endgame?: Maybe; -export interface KpiHostDetailsData { - authSuccess?: Maybe; + event?: Maybe; - authSuccessHistogram?: Maybe; + geo?: Maybe; - authFailure?: Maybe; + host?: Maybe; - authFailureHistogram?: Maybe; + network?: Maybe; - uniqueSourceIps?: Maybe; + rule?: Maybe; - uniqueSourceIpsHistogram?: Maybe; + signal?: Maybe; - uniqueDestinationIps?: Maybe; + source?: Maybe; - uniqueDestinationIpsHistogram?: Maybe; + suricata?: Maybe; - inspect?: Maybe; -} + tls?: Maybe; -export interface MatrixHistogramOverTimeData { - inspect?: Maybe; + zeek?: Maybe; - matrixHistogramData: MatrixOverTimeHistogramData[]; + http?: Maybe; - totalCount: number; -} + url?: Maybe; -export interface MatrixOverTimeHistogramData { - x?: Maybe; + timestamp?: Maybe; - y?: Maybe; + message?: Maybe; - g?: Maybe; -} + user?: Maybe; -export interface NetworkTopCountriesData { - edges: NetworkTopCountriesEdges[]; + winlog?: Maybe; - totalCount: number; + process?: Maybe; - pageInfo: PageInfoPaginated; + file?: Maybe; - inspect?: Maybe; + system?: Maybe; } -export interface NetworkTopCountriesEdges { - node: NetworkTopCountriesItem; +export interface EcsEdges { + node: Ecs; cursor: CursorType; } -export interface NetworkTopCountriesItem { - _id?: Maybe; - - source?: Maybe; - - destination?: Maybe; - - network?: Maybe; -} +export interface OsFields { + platform?: Maybe; -export interface TopCountriesItemSource { - country?: Maybe; + name?: Maybe; - destination_ips?: Maybe; + full?: Maybe; - flows?: Maybe; + family?: Maybe; - location?: Maybe; + version?: Maybe; - source_ips?: Maybe; + kernel?: Maybe; } -export interface GeoItem { - geo?: Maybe; +export interface HostFields { + architecture?: Maybe; - flowTarget?: Maybe; -} + id?: Maybe; -export interface TopCountriesItemDestination { - country?: Maybe; + ip?: Maybe<(Maybe)[]>; - destination_ips?: Maybe; + mac?: Maybe<(Maybe)[]>; - flows?: Maybe; + name?: Maybe; - location?: Maybe; + os?: Maybe; - source_ips?: Maybe; + type?: Maybe; } -export interface TopNetworkTablesEcsField { - bytes_in?: Maybe; - - bytes_out?: Maybe; -} - -export interface NetworkTopNFlowData { - edges: NetworkTopNFlowEdges[]; - - totalCount: number; +/** A descriptor of a field in an index */ +export interface IndexField { + /** Where the field belong */ + category: string; + /** Example of field's value */ + example?: Maybe; + /** whether the field's belong to an alias index */ + indexes: (Maybe)[]; + /** The name of the field */ + name: string; + /** The type of the field's values as recognized by Kibana */ + type: string; + /** Whether the field's values can be efficiently searched for */ + searchable: boolean; + /** Whether the field's values can be aggregated */ + aggregatable: boolean; + /** Description of the field */ + description?: Maybe; - pageInfo: PageInfoPaginated; + format?: Maybe; + /** the elastic type as mapped in the index */ + esTypes?: Maybe; - inspect?: Maybe; + subType?: Maybe; } -export interface NetworkTopNFlowEdges { - node: NetworkTopNFlowItem; +export interface PageInfo { + endCursor?: Maybe; - cursor: CursorType; + hasNextPage?: Maybe; } -export interface NetworkTopNFlowItem { - _id?: Maybe; - - source?: Maybe; - - destination?: Maybe; +// ==================================================== +// Arguments +// ==================================================== - network?: Maybe; +export interface GetNoteQueryArgs { + id: string; } - -export interface TopNFlowItemSource { - autonomous_system?: Maybe; - - domain?: Maybe; - - ip?: Maybe; - - location?: Maybe; - - flows?: Maybe; - - destination_ips?: Maybe; +export interface GetNotesByTimelineIdQueryArgs { + timelineId: string; +} +export interface GetNotesByEventIdQueryArgs { + eventId: string; } +export interface GetAllNotesQueryArgs { + pageInfo?: Maybe; -export interface AutonomousSystemItem { - name?: Maybe; + search?: Maybe; - number?: Maybe; + sort?: Maybe; } +export interface GetAllPinnedEventsByTimelineIdQueryArgs { + timelineId: string; +} +export interface SourceQueryArgs { + /** The id of the source */ + id: string; +} +export interface GetOneTimelineQueryArgs { + id: string; +} +export interface GetAllTimelineQueryArgs { + pageInfo: PageInfoTimeline; -export interface TopNFlowItemDestination { - autonomous_system?: Maybe; - - domain?: Maybe; + search?: Maybe; - ip?: Maybe; + sort?: Maybe; - location?: Maybe; + onlyUserFavorite?: Maybe; - flows?: Maybe; + timelineType?: Maybe; - source_ips?: Maybe; + status?: Maybe; } +export interface HostsSourceArgs { + id?: Maybe; -export interface NetworkDnsData { - edges: NetworkDnsEdges[]; - - totalCount: number; + timerange: TimerangeInput; - pageInfo: PageInfoPaginated; + pagination: PaginationInputPaginated; - inspect?: Maybe; + sort: HostsSortField; - histogram?: Maybe; -} + filterQuery?: Maybe; -export interface NetworkDnsEdges { - node: NetworkDnsItem; + defaultIndex: string[]; - cursor: CursorType; + docValueFields: DocValueFieldsInput[]; } +export interface HostOverviewSourceArgs { + id?: Maybe; -export interface NetworkDnsItem { - _id?: Maybe; - - dnsBytesIn?: Maybe; - - dnsBytesOut?: Maybe; - - dnsName?: Maybe; + hostName: string; - queryCount?: Maybe; + timerange: TimerangeInput; - uniqueDomains?: Maybe; + defaultIndex: string[]; } +export interface HostFirstLastSeenSourceArgs { + id?: Maybe; -export interface MatrixOverOrdinalHistogramData { - x: string; + hostName: string; - y: number; + defaultIndex: string[]; - g: string; + docValueFields: DocValueFieldsInput[]; } +export interface IndicesExistSourceStatusArgs { + defaultIndex: string[]; +} +export interface IndexFieldsSourceStatusArgs { + defaultIndex: string[]; +} +export interface PersistNoteMutationArgs { + noteId?: Maybe; -export interface NetworkDsOverTimeData { - inspect?: Maybe; - - matrixHistogramData: MatrixOverTimeHistogramData[]; + version?: Maybe; - totalCount: number; + note: NoteInput; } +export interface DeleteNoteMutationArgs { + id: string[]; +} +export interface DeleteNoteByTimelineIdMutationArgs { + timelineId: string; -export interface NetworkHttpData { - edges: NetworkHttpEdges[]; - - totalCount: number; + version?: Maybe; +} +export interface PersistPinnedEventOnTimelineMutationArgs { + pinnedEventId?: Maybe; - pageInfo: PageInfoPaginated; + eventId: string; - inspect?: Maybe; + timelineId?: Maybe; +} +export interface DeletePinnedEventOnTimelineMutationArgs { + id: string[]; +} +export interface DeleteAllPinnedEventsOnTimelineMutationArgs { + timelineId: string; } +export interface PersistTimelineMutationArgs { + id?: Maybe; -export interface NetworkHttpEdges { - node: NetworkHttpItem; + version?: Maybe; - cursor: CursorType; + timeline: TimelineInput; +} +export interface PersistFavoriteMutationArgs { + timelineId?: Maybe; +} +export interface DeleteTimelineMutationArgs { + id: string[]; } -export interface NetworkHttpItem { - _id?: Maybe; - - domains: string[]; +import { GraphQLResolveInfo, GraphQLScalarType, GraphQLScalarTypeConfig } from 'graphql'; - lastHost?: Maybe; +export type Resolver = ( + parent: Parent, + args: Args, + context: TContext, + info: GraphQLResolveInfo +) => Promise | Result; - lastSourceIp?: Maybe; +export interface ISubscriptionResolverObject { + subscribe( + parent: P, + args: Args, + context: TContext, + info: GraphQLResolveInfo + ): AsyncIterator | Promise>; + resolve?( + parent: P, + args: Args, + context: TContext, + info: GraphQLResolveInfo + ): R | Result | Promise; +} - methods: string[]; +export type SubscriptionResolver = + | ((...args: any[]) => ISubscriptionResolverObject) + | ISubscriptionResolverObject; - path?: Maybe; +export type TypeResolveFn = ( + parent: Parent, + context: TContext, + info: GraphQLResolveInfo +) => Maybe; - requestCount?: Maybe; +export type NextResolverFn = () => Promise; - statuses: string[]; -} +export type DirectiveResolverFn = ( + next: NextResolverFn, + source: any, + args: TArgs, + context: TContext, + info: GraphQLResolveInfo +) => TResult | Promise; -export interface SayMyName { - /** The id of the source */ - appName: string; -} +export namespace QueryResolvers { + export interface Resolvers { + getNote?: GetNoteResolver; -export interface TimelineResult { - columns?: Maybe; + getNotesByTimelineId?: GetNotesByTimelineIdResolver; - created?: Maybe; + getNotesByEventId?: GetNotesByEventIdResolver; - createdBy?: Maybe; + getAllNotes?: GetAllNotesResolver; - dataProviders?: Maybe; + getAllPinnedEventsByTimelineId?: GetAllPinnedEventsByTimelineIdResolver< + PinnedEvent[], + TypeParent, + TContext + >; + /** Get a security data source by id */ + source?: SourceResolver; + /** Get a list of all security data sources */ + allSources?: AllSourcesResolver; - dateRange?: Maybe; + getOneTimeline?: GetOneTimelineResolver; - description?: Maybe; + getAllTimeline?: GetAllTimelineResolver; + } - eventIdToNoteIds?: Maybe; + export type GetNoteResolver = Resolver< + R, + Parent, + TContext, + GetNoteArgs + >; + export interface GetNoteArgs { + id: string; + } - eventType?: Maybe; + export type GetNotesByTimelineIdResolver< + R = NoteResult[], + Parent = {}, + TContext = SiemContext + > = Resolver; + export interface GetNotesByTimelineIdArgs { + timelineId: string; + } - excludedRowRendererIds?: Maybe; + export type GetNotesByEventIdResolver< + R = NoteResult[], + Parent = {}, + TContext = SiemContext + > = Resolver; + export interface GetNotesByEventIdArgs { + eventId: string; + } - favorite?: Maybe; + export type GetAllNotesResolver< + R = ResponseNotes, + Parent = {}, + TContext = SiemContext + > = Resolver; + export interface GetAllNotesArgs { + pageInfo?: Maybe; - filters?: Maybe; + search?: Maybe; - kqlMode?: Maybe; + sort?: Maybe; + } - kqlQuery?: Maybe; - - indexNames?: Maybe; - - notes?: Maybe; - - noteIds?: Maybe; - - pinnedEventIds?: Maybe; - - pinnedEventsSaveObject?: Maybe; - - savedQueryId?: Maybe; - - savedObjectId: string; - - sort?: Maybe; - - status?: Maybe; - - title?: Maybe; - - templateTimelineId?: Maybe; - - templateTimelineVersion?: Maybe; - - timelineType?: Maybe; - - updated?: Maybe; - - updatedBy?: Maybe; - - version: string; -} - -export interface ColumnHeaderResult { - aggregatable?: Maybe; - - category?: Maybe; - - columnHeaderType?: Maybe; - - description?: Maybe; - - example?: Maybe; - - indexes?: Maybe; - - id?: Maybe; - - name?: Maybe; - - placeholder?: Maybe; - - searchable?: Maybe; - - type?: Maybe; -} - -export interface DataProviderResult { - id?: Maybe; - - name?: Maybe; - - enabled?: Maybe; - - excluded?: Maybe; - - kqlQuery?: Maybe; - - queryMatch?: Maybe; - - type?: Maybe; - - and?: Maybe; -} - -export interface QueryMatchResult { - field?: Maybe; - - displayField?: Maybe; - - value?: Maybe; - - displayValue?: Maybe; - - operator?: Maybe; -} - -export interface DateRangePickerResult { - start?: Maybe; - - end?: Maybe; -} - -export interface FavoriteTimelineResult { - fullName?: Maybe; - - userName?: Maybe; - - favoriteDate?: Maybe; -} - -export interface FilterTimelineResult { - exists?: Maybe; - - meta?: Maybe; - - match_all?: Maybe; - - missing?: Maybe; - - query?: Maybe; - - range?: Maybe; - - script?: Maybe; -} - -export interface FilterMetaTimelineResult { - alias?: Maybe; - - controlledBy?: Maybe; - - disabled?: Maybe; - - field?: Maybe; - - formattedValue?: Maybe; - - index?: Maybe; - - key?: Maybe; - - negate?: Maybe; - - params?: Maybe; - - type?: Maybe; - - value?: Maybe; -} - -export interface SerializedFilterQueryResult { - filterQuery?: Maybe; -} - -export interface SerializedKueryQueryResult { - kuery?: Maybe; - - serializedQuery?: Maybe; -} - -export interface KueryFilterQueryResult { - kind?: Maybe; - - expression?: Maybe; -} - -export interface SortTimelineResult { - columnId?: Maybe; - - sortDirection?: Maybe; -} - -export interface ResponseTimelines { - timeline: (Maybe)[]; - - totalCount?: Maybe; - - defaultTimelineCount?: Maybe; - - templateTimelineCount?: Maybe; - - elasticTemplateTimelineCount?: Maybe; - - customTemplateTimelineCount?: Maybe; - - favoriteCount?: Maybe; -} - -export interface Mutation { - /** Persists a note */ - persistNote: ResponseNote; - - deleteNote?: Maybe; - - deleteNoteByTimelineId?: Maybe; - /** Persists a pinned event in a timeline */ - persistPinnedEventOnTimeline?: Maybe; - /** Remove a pinned events in a timeline */ - deletePinnedEventOnTimeline: boolean; - /** Remove all pinned events in a timeline */ - deleteAllPinnedEventsOnTimeline: boolean; - /** Persists a timeline */ - persistTimeline: ResponseTimeline; - - persistFavorite: ResponseFavoriteTimeline; - - deleteTimeline: boolean; -} - -export interface ResponseNote { - code?: Maybe; - - message?: Maybe; - - note: NoteResult; -} - -export interface ResponseTimeline { - code?: Maybe; - - message?: Maybe; - - timeline: TimelineResult; -} - -export interface ResponseFavoriteTimeline { - code?: Maybe; - - message?: Maybe; - - savedObjectId: string; - - version: string; - - favorite?: Maybe; -} - -export interface EcsEdges { - node: Ecs; - - cursor: CursorType; -} - -export interface EventsTimelineData { - edges: EcsEdges[]; - - totalCount: number; - - pageInfo: PageInfo; - - inspect?: Maybe; -} - -export interface OsFields { - platform?: Maybe; - - name?: Maybe; - - full?: Maybe; - - family?: Maybe; - - version?: Maybe; - - kernel?: Maybe; -} - -export interface HostFields { - architecture?: Maybe; - - id?: Maybe; - - ip?: Maybe<(Maybe)[]>; - - mac?: Maybe<(Maybe)[]>; - - name?: Maybe; - - os?: Maybe; - - type?: Maybe; -} - -/** A descriptor of a field in an index */ -export interface IndexField { - /** Where the field belong */ - category: string; - /** Example of field's value */ - example?: Maybe; - /** whether the field's belong to an alias index */ - indexes: (Maybe)[]; - /** The name of the field */ - name: string; - /** The type of the field's values as recognized by Kibana */ - type: string; - /** Whether the field's values can be efficiently searched for */ - searchable: boolean; - /** Whether the field's values can be aggregated */ - aggregatable: boolean; - /** Description of the field */ - description?: Maybe; - - format?: Maybe; - /** the elastic type as mapped in the index */ - esTypes?: Maybe; - - subType?: Maybe; -} - -// ==================================================== -// Arguments -// ==================================================== - -export interface GetNoteQueryArgs { - id: string; -} -export interface GetNotesByTimelineIdQueryArgs { - timelineId: string; -} -export interface GetNotesByEventIdQueryArgs { - eventId: string; -} -export interface GetAllNotesQueryArgs { - pageInfo?: Maybe; - - search?: Maybe; - - sort?: Maybe; -} -export interface GetAllPinnedEventsByTimelineIdQueryArgs { - timelineId: string; -} -export interface SourceQueryArgs { - /** The id of the source */ - id: string; -} -export interface GetOneTimelineQueryArgs { - id: string; -} -export interface GetAllTimelineQueryArgs { - pageInfo: PageInfoTimeline; - - search?: Maybe; - - sort?: Maybe; - - onlyUserFavorite?: Maybe; - - timelineType?: Maybe; - - status?: Maybe; -} -export interface AuthenticationsSourceArgs { - timerange: TimerangeInput; - - pagination: PaginationInputPaginated; - - filterQuery?: Maybe; - - defaultIndex: string[]; - - docValueFields: DocValueFieldsInput[]; -} -export interface TimelineSourceArgs { - pagination: PaginationInput; - - sortField: SortField; - - fieldRequested: string[]; - - timerange?: Maybe; - - filterQuery?: Maybe; - - defaultIndex: string[]; - - docValueFields: DocValueFieldsInput[]; -} -export interface TimelineDetailsSourceArgs { - eventId: string; - - indexName: string; - - defaultIndex: string[]; - - docValueFields: DocValueFieldsInput[]; -} -export interface LastEventTimeSourceArgs { - id?: Maybe; - - indexKey: LastEventIndexKey; - - details: LastTimeDetails; - - defaultIndex: string[]; - - docValueFields: DocValueFieldsInput[]; -} -export interface HostsSourceArgs { - id?: Maybe; - - timerange: TimerangeInput; - - pagination: PaginationInputPaginated; - - sort: HostsSortField; - - filterQuery?: Maybe; - - defaultIndex: string[]; - - docValueFields: DocValueFieldsInput[]; -} -export interface HostOverviewSourceArgs { - id?: Maybe; - - hostName: string; - - timerange: TimerangeInput; - - defaultIndex: string[]; -} -export interface HostFirstLastSeenSourceArgs { - id?: Maybe; - - hostName: string; - - defaultIndex: string[]; - - docValueFields: DocValueFieldsInput[]; -} -export interface KpiNetworkSourceArgs { - id?: Maybe; - - timerange: TimerangeInput; - - filterQuery?: Maybe; - - defaultIndex: string[]; -} -export interface KpiHostsSourceArgs { - id?: Maybe; - - timerange: TimerangeInput; - - filterQuery?: Maybe; - - defaultIndex: string[]; -} -export interface KpiHostDetailsSourceArgs { - id?: Maybe; - - timerange: TimerangeInput; - - filterQuery?: Maybe; - - defaultIndex: string[]; -} -export interface MatrixHistogramSourceArgs { - filterQuery?: Maybe; - - defaultIndex: string[]; - - timerange: TimerangeInput; - - stackByField: string; - - histogramType: HistogramType; -} -export interface NetworkTopCountriesSourceArgs { - id?: Maybe; - - filterQuery?: Maybe; - - ip?: Maybe; - - flowTarget: FlowTargetSourceDest; - - pagination: PaginationInputPaginated; - - sort: NetworkTopTablesSortField; - - timerange: TimerangeInput; - - defaultIndex: string[]; -} -export interface NetworkTopNFlowSourceArgs { - id?: Maybe; - - filterQuery?: Maybe; - - ip?: Maybe; - - flowTarget: FlowTargetSourceDest; - - pagination: PaginationInputPaginated; - - sort: NetworkTopTablesSortField; - - timerange: TimerangeInput; - - defaultIndex: string[]; -} -export interface NetworkDnsSourceArgs { - filterQuery?: Maybe; - - id?: Maybe; - - isPtrIncluded: boolean; - - pagination: PaginationInputPaginated; - - sort: NetworkDnsSortField; - - stackByField?: Maybe; - - timerange: TimerangeInput; - - defaultIndex: string[]; -} -export interface NetworkDnsHistogramSourceArgs { - filterQuery?: Maybe; - - defaultIndex: string[]; - - timerange: TimerangeInput; - - stackByField?: Maybe; - - docValueFields: DocValueFieldsInput[]; -} -export interface NetworkHttpSourceArgs { - id?: Maybe; - - filterQuery?: Maybe; - - ip?: Maybe; - - pagination: PaginationInputPaginated; - - sort: NetworkHttpSortField; - - timerange: TimerangeInput; - - defaultIndex: string[]; -} -export interface IndicesExistSourceStatusArgs { - defaultIndex: string[]; -} -export interface IndexFieldsSourceStatusArgs { - defaultIndex: string[]; -} -export interface PersistNoteMutationArgs { - noteId?: Maybe; - - version?: Maybe; - - note: NoteInput; -} -export interface DeleteNoteMutationArgs { - id: string[]; -} -export interface DeleteNoteByTimelineIdMutationArgs { - timelineId: string; - - version?: Maybe; -} -export interface PersistPinnedEventOnTimelineMutationArgs { - pinnedEventId?: Maybe; - - eventId: string; - - timelineId?: Maybe; -} -export interface DeletePinnedEventOnTimelineMutationArgs { - id: string[]; -} -export interface DeleteAllPinnedEventsOnTimelineMutationArgs { - timelineId: string; -} -export interface PersistTimelineMutationArgs { - id?: Maybe; - - version?: Maybe; - - timeline: TimelineInput; -} -export interface PersistFavoriteMutationArgs { - timelineId?: Maybe; -} -export interface DeleteTimelineMutationArgs { - id: string[]; -} - -import { GraphQLResolveInfo, GraphQLScalarType, GraphQLScalarTypeConfig } from 'graphql'; - -export type Resolver = ( - parent: Parent, - args: Args, - context: TContext, - info: GraphQLResolveInfo -) => Promise | Result; - -export interface ISubscriptionResolverObject { - subscribe( - parent: P, - args: Args, - context: TContext, - info: GraphQLResolveInfo - ): AsyncIterator | Promise>; - resolve?( - parent: P, - args: Args, - context: TContext, - info: GraphQLResolveInfo - ): R | Result | Promise; -} - -export type SubscriptionResolver = - | ((...args: any[]) => ISubscriptionResolverObject) - | ISubscriptionResolverObject; - -export type TypeResolveFn = ( - parent: Parent, - context: TContext, - info: GraphQLResolveInfo -) => Maybe; - -export type NextResolverFn = () => Promise; - -export type DirectiveResolverFn = ( - next: NextResolverFn, - source: any, - args: TArgs, - context: TContext, - info: GraphQLResolveInfo -) => TResult | Promise; - -export namespace QueryResolvers { - export interface Resolvers { - getNote?: GetNoteResolver; - - getNotesByTimelineId?: GetNotesByTimelineIdResolver; - - getNotesByEventId?: GetNotesByEventIdResolver; - - getAllNotes?: GetAllNotesResolver; - - getAllPinnedEventsByTimelineId?: GetAllPinnedEventsByTimelineIdResolver< - PinnedEvent[], - TypeParent, - TContext - >; - /** Get a security data source by id */ - source?: SourceResolver; - /** Get a list of all security data sources */ - allSources?: AllSourcesResolver; - - getOneTimeline?: GetOneTimelineResolver; - - getAllTimeline?: GetAllTimelineResolver; - } - - export type GetNoteResolver = Resolver< - R, - Parent, - TContext, - GetNoteArgs - >; - export interface GetNoteArgs { - id: string; - } - - export type GetNotesByTimelineIdResolver< - R = NoteResult[], - Parent = {}, - TContext = SiemContext - > = Resolver; - export interface GetNotesByTimelineIdArgs { - timelineId: string; - } - - export type GetNotesByEventIdResolver< - R = NoteResult[], - Parent = {}, - TContext = SiemContext - > = Resolver; - export interface GetNotesByEventIdArgs { - eventId: string; - } - - export type GetAllNotesResolver< - R = ResponseNotes, - Parent = {}, - TContext = SiemContext - > = Resolver; - export interface GetAllNotesArgs { - pageInfo?: Maybe; - - search?: Maybe; - - sort?: Maybe; - } - - export type GetAllPinnedEventsByTimelineIdResolver< - R = PinnedEvent[], - Parent = {}, - TContext = SiemContext - > = Resolver; - export interface GetAllPinnedEventsByTimelineIdArgs { - timelineId: string; - } - - export type SourceResolver = Resolver< - R, - Parent, - TContext, - SourceArgs - >; - export interface SourceArgs { - /** The id of the source */ - id: string; - } - - export type AllSourcesResolver = Resolver< - R, - Parent, - TContext - >; - export type GetOneTimelineResolver< - R = TimelineResult, - Parent = {}, - TContext = SiemContext - > = Resolver; - export interface GetOneTimelineArgs { - id: string; - } - - export type GetAllTimelineResolver< - R = ResponseTimelines, - Parent = {}, - TContext = SiemContext - > = Resolver; - export interface GetAllTimelineArgs { - pageInfo: PageInfoTimeline; - - search?: Maybe; - - sort?: Maybe; - - onlyUserFavorite?: Maybe; - - timelineType?: Maybe; - - status?: Maybe; - } -} - -export namespace NoteResultResolvers { - export interface Resolvers { - eventId?: EventIdResolver, TypeParent, TContext>; - - note?: NoteResolver, TypeParent, TContext>; - - timelineId?: TimelineIdResolver, TypeParent, TContext>; - - noteId?: NoteIdResolver; - - created?: CreatedResolver, TypeParent, TContext>; - - createdBy?: CreatedByResolver, TypeParent, TContext>; - - timelineVersion?: TimelineVersionResolver, TypeParent, TContext>; - - updated?: UpdatedResolver, TypeParent, TContext>; - - updatedBy?: UpdatedByResolver, TypeParent, TContext>; - - version?: VersionResolver, TypeParent, TContext>; - } - - export type EventIdResolver< - R = Maybe, - Parent = NoteResult, - TContext = SiemContext - > = Resolver; - export type NoteResolver< - R = Maybe, - Parent = NoteResult, - TContext = SiemContext - > = Resolver; - export type TimelineIdResolver< - R = Maybe, - Parent = NoteResult, - TContext = SiemContext - > = Resolver; - export type NoteIdResolver = Resolver< - R, - Parent, - TContext - >; - export type CreatedResolver< - R = Maybe, - Parent = NoteResult, - TContext = SiemContext - > = Resolver; - export type CreatedByResolver< - R = Maybe, - Parent = NoteResult, - TContext = SiemContext - > = Resolver; - export type TimelineVersionResolver< - R = Maybe, - Parent = NoteResult, - TContext = SiemContext - > = Resolver; - export type UpdatedResolver< - R = Maybe, - Parent = NoteResult, - TContext = SiemContext - > = Resolver; - export type UpdatedByResolver< - R = Maybe, - Parent = NoteResult, - TContext = SiemContext - > = Resolver; - export type VersionResolver< - R = Maybe, - Parent = NoteResult, - TContext = SiemContext - > = Resolver; -} - -export namespace ResponseNotesResolvers { - export interface Resolvers { - notes?: NotesResolver; - - totalCount?: TotalCountResolver, TypeParent, TContext>; - } - - export type NotesResolver< - R = NoteResult[], - Parent = ResponseNotes, - TContext = SiemContext - > = Resolver; - export type TotalCountResolver< - R = Maybe, - Parent = ResponseNotes, - TContext = SiemContext - > = Resolver; -} - -export namespace PinnedEventResolvers { - export interface Resolvers { - code?: CodeResolver, TypeParent, TContext>; - - message?: MessageResolver, TypeParent, TContext>; - - pinnedEventId?: PinnedEventIdResolver; - - eventId?: EventIdResolver, TypeParent, TContext>; - - timelineId?: TimelineIdResolver, TypeParent, TContext>; - - timelineVersion?: TimelineVersionResolver, TypeParent, TContext>; - - created?: CreatedResolver, TypeParent, TContext>; - - createdBy?: CreatedByResolver, TypeParent, TContext>; - - updated?: UpdatedResolver, TypeParent, TContext>; - - updatedBy?: UpdatedByResolver, TypeParent, TContext>; - - version?: VersionResolver, TypeParent, TContext>; - } - - export type CodeResolver< - R = Maybe, - Parent = PinnedEvent, - TContext = SiemContext - > = Resolver; - export type MessageResolver< - R = Maybe, - Parent = PinnedEvent, - TContext = SiemContext - > = Resolver; - export type PinnedEventIdResolver< - R = string, - Parent = PinnedEvent, - TContext = SiemContext - > = Resolver; - export type EventIdResolver< - R = Maybe, - Parent = PinnedEvent, - TContext = SiemContext - > = Resolver; - export type TimelineIdResolver< - R = Maybe, - Parent = PinnedEvent, - TContext = SiemContext - > = Resolver; - export type TimelineVersionResolver< - R = Maybe, - Parent = PinnedEvent, - TContext = SiemContext - > = Resolver; - export type CreatedResolver< - R = Maybe, - Parent = PinnedEvent, - TContext = SiemContext - > = Resolver; - export type CreatedByResolver< - R = Maybe, - Parent = PinnedEvent, - TContext = SiemContext - > = Resolver; - export type UpdatedResolver< - R = Maybe, - Parent = PinnedEvent, - TContext = SiemContext - > = Resolver; - export type UpdatedByResolver< - R = Maybe, - Parent = PinnedEvent, - TContext = SiemContext - > = Resolver; - export type VersionResolver< - R = Maybe, - Parent = PinnedEvent, - TContext = SiemContext - > = Resolver; -} - -export namespace SourceResolvers { - export interface Resolvers { - /** The id of the source */ - id?: IdResolver; - /** The raw configuration of the source */ - configuration?: ConfigurationResolver; - /** The status of the source */ - status?: StatusResolver; - /** Gets Authentication success and failures based on a timerange */ - Authentications?: AuthenticationsResolver; - - Timeline?: TimelineResolver; - - TimelineDetails?: TimelineDetailsResolver; - - LastEventTime?: LastEventTimeResolver; - /** Gets Hosts based on timerange and specified criteria, or all events in the timerange if no criteria is specified */ - Hosts?: HostsResolver; - - HostOverview?: HostOverviewResolver; - - HostFirstLastSeen?: HostFirstLastSeenResolver; - - KpiNetwork?: KpiNetworkResolver, TypeParent, TContext>; - - KpiHosts?: KpiHostsResolver; - - KpiHostDetails?: KpiHostDetailsResolver; - - MatrixHistogram?: MatrixHistogramResolver; - - NetworkTopCountries?: NetworkTopCountriesResolver< - NetworkTopCountriesData, - TypeParent, - TContext - >; - - NetworkTopNFlow?: NetworkTopNFlowResolver; - - NetworkDns?: NetworkDnsResolver; - - NetworkDnsHistogram?: NetworkDnsHistogramResolver; - - NetworkHttp?: NetworkHttpResolver; - /** Just a simple example to get the app name */ - whoAmI?: WhoAmIResolver, TypeParent, TContext>; - } - - export type IdResolver = Resolver< - R, - Parent, - TContext - >; - export type ConfigurationResolver< - R = SourceConfiguration, - Parent = Source, - TContext = SiemContext - > = Resolver; - export type StatusResolver = Resolver< - R, - Parent, - TContext - >; - export type AuthenticationsResolver< - R = AuthenticationsData, - Parent = Source, - TContext = SiemContext - > = Resolver; - export interface AuthenticationsArgs { - timerange: TimerangeInput; - - pagination: PaginationInputPaginated; - - filterQuery?: Maybe; - - defaultIndex: string[]; - - docValueFields: DocValueFieldsInput[]; - } - - export type TimelineResolver< - R = TimelineData, - Parent = Source, - TContext = SiemContext - > = Resolver; - export interface TimelineArgs { - pagination: PaginationInput; - - sortField: SortField; - - fieldRequested: string[]; - - timerange?: Maybe; - - filterQuery?: Maybe; - - defaultIndex: string[]; - - docValueFields: DocValueFieldsInput[]; - } - - export type TimelineDetailsResolver< - R = TimelineDetailsData, - Parent = Source, - TContext = SiemContext - > = Resolver; - export interface TimelineDetailsArgs { - eventId: string; - - indexName: string; - - defaultIndex: string[]; - - docValueFields: DocValueFieldsInput[]; - } - - export type LastEventTimeResolver< - R = LastEventTimeData, - Parent = Source, - TContext = SiemContext - > = Resolver; - export interface LastEventTimeArgs { - id?: Maybe; - - indexKey: LastEventIndexKey; - - details: LastTimeDetails; - - defaultIndex: string[]; - - docValueFields: DocValueFieldsInput[]; - } - - export type HostsResolver = Resolver< - R, - Parent, - TContext, - HostsArgs - >; - export interface HostsArgs { - id?: Maybe; - - timerange: TimerangeInput; - - pagination: PaginationInputPaginated; - - sort: HostsSortField; - - filterQuery?: Maybe; - - defaultIndex: string[]; - - docValueFields: DocValueFieldsInput[]; - } - - export type HostOverviewResolver< - R = HostItem, - Parent = Source, - TContext = SiemContext - > = Resolver; - export interface HostOverviewArgs { - id?: Maybe; - - hostName: string; - - timerange: TimerangeInput; - - defaultIndex: string[]; - } - - export type HostFirstLastSeenResolver< - R = FirstLastSeenHost, - Parent = Source, - TContext = SiemContext - > = Resolver; - export interface HostFirstLastSeenArgs { - id?: Maybe; - - hostName: string; - - defaultIndex: string[]; - - docValueFields: DocValueFieldsInput[]; - } - - export type KpiNetworkResolver< - R = Maybe, - Parent = Source, - TContext = SiemContext - > = Resolver; - export interface KpiNetworkArgs { - id?: Maybe; - - timerange: TimerangeInput; - - filterQuery?: Maybe; - - defaultIndex: string[]; - } - - export type KpiHostsResolver< - R = KpiHostsData, - Parent = Source, - TContext = SiemContext - > = Resolver; - export interface KpiHostsArgs { - id?: Maybe; - - timerange: TimerangeInput; - - filterQuery?: Maybe; - - defaultIndex: string[]; - } - - export type KpiHostDetailsResolver< - R = KpiHostDetailsData, - Parent = Source, - TContext = SiemContext - > = Resolver; - export interface KpiHostDetailsArgs { - id?: Maybe; - - timerange: TimerangeInput; - - filterQuery?: Maybe; - - defaultIndex: string[]; - } - - export type MatrixHistogramResolver< - R = MatrixHistogramOverTimeData, - Parent = Source, - TContext = SiemContext - > = Resolver; - export interface MatrixHistogramArgs { - filterQuery?: Maybe; - - defaultIndex: string[]; - - timerange: TimerangeInput; - - stackByField: string; - - histogramType: HistogramType; - } - - export type NetworkTopCountriesResolver< - R = NetworkTopCountriesData, - Parent = Source, - TContext = SiemContext - > = Resolver; - export interface NetworkTopCountriesArgs { - id?: Maybe; - - filterQuery?: Maybe; - - ip?: Maybe; - - flowTarget: FlowTargetSourceDest; - - pagination: PaginationInputPaginated; - - sort: NetworkTopTablesSortField; - - timerange: TimerangeInput; - - defaultIndex: string[]; - } - - export type NetworkTopNFlowResolver< - R = NetworkTopNFlowData, - Parent = Source, - TContext = SiemContext - > = Resolver; - export interface NetworkTopNFlowArgs { - id?: Maybe; - - filterQuery?: Maybe; - - ip?: Maybe; - - flowTarget: FlowTargetSourceDest; - - pagination: PaginationInputPaginated; - - sort: NetworkTopTablesSortField; - - timerange: TimerangeInput; - - defaultIndex: string[]; - } - - export type NetworkDnsResolver< - R = NetworkDnsData, - Parent = Source, - TContext = SiemContext - > = Resolver; - export interface NetworkDnsArgs { - filterQuery?: Maybe; - - id?: Maybe; - - isPtrIncluded: boolean; - - pagination: PaginationInputPaginated; - - sort: NetworkDnsSortField; - - stackByField?: Maybe; - - timerange: TimerangeInput; - - defaultIndex: string[]; - } - - export type NetworkDnsHistogramResolver< - R = NetworkDsOverTimeData, - Parent = Source, - TContext = SiemContext - > = Resolver; - export interface NetworkDnsHistogramArgs { - filterQuery?: Maybe; - - defaultIndex: string[]; - - timerange: TimerangeInput; - - stackByField?: Maybe; - - docValueFields: DocValueFieldsInput[]; - } - - export type NetworkHttpResolver< - R = NetworkHttpData, - Parent = Source, - TContext = SiemContext - > = Resolver; - export interface NetworkHttpArgs { - id?: Maybe; - - filterQuery?: Maybe; - - ip?: Maybe; - - pagination: PaginationInputPaginated; - - sort: NetworkHttpSortField; - - timerange: TimerangeInput; - - defaultIndex: string[]; - } - - export type WhoAmIResolver< - R = Maybe, - Parent = Source, - TContext = SiemContext - > = Resolver; -} -/** A set of configuration options for a security data source */ -export namespace SourceConfigurationResolvers { - export interface Resolvers { - /** The field mapping to use for this source */ - fields?: FieldsResolver; - } - - export type FieldsResolver< - R = SourceFields, - Parent = SourceConfiguration, - TContext = SiemContext - > = Resolver; -} -/** A mapping of semantic fields to their document counterparts */ -export namespace SourceFieldsResolvers { - export interface Resolvers { - /** The field to identify a container by */ - container?: ContainerResolver; - /** The fields to identify a host by */ - host?: HostResolver; - /** The fields that may contain the log event message. The first field found win. */ - message?: MessageResolver; - /** The field to identify a pod by */ - pod?: PodResolver; - /** The field to use as a tiebreaker for log events that have identical timestamps */ - tiebreaker?: TiebreakerResolver; - /** The field to use as a timestamp for metrics and logs */ - timestamp?: TimestampResolver; - } - - export type ContainerResolver< - R = string, - Parent = SourceFields, - TContext = SiemContext - > = Resolver; - export type HostResolver = Resolver< - R, - Parent, - TContext - >; - export type MessageResolver< - R = string[], - Parent = SourceFields, - TContext = SiemContext - > = Resolver; - export type PodResolver = Resolver< - R, - Parent, - TContext - >; - export type TiebreakerResolver< - R = string, - Parent = SourceFields, - TContext = SiemContext - > = Resolver; - export type TimestampResolver< - R = string, - Parent = SourceFields, - TContext = SiemContext - > = Resolver; -} -/** The status of an infrastructure data source */ -export namespace SourceStatusResolvers { - export interface Resolvers { - /** Whether the configured alias or wildcard pattern resolve to any auditbeat indices */ - indicesExist?: IndicesExistResolver; - /** The list of fields defined in the index mappings */ - indexFields?: IndexFieldsResolver; - } - - export type IndicesExistResolver< - R = boolean, - Parent = SourceStatus, - TContext = SiemContext - > = Resolver; - export interface IndicesExistArgs { - defaultIndex: string[]; - } - - export type IndexFieldsResolver< - R = string[], - Parent = SourceStatus, - TContext = SiemContext - > = Resolver; - export interface IndexFieldsArgs { - defaultIndex: string[]; - } -} - -export namespace AuthenticationsDataResolvers { - export interface Resolvers { - edges?: EdgesResolver; - - totalCount?: TotalCountResolver; - - pageInfo?: PageInfoResolver; - - inspect?: InspectResolver, TypeParent, TContext>; - } - - export type EdgesResolver< - R = AuthenticationsEdges[], - Parent = AuthenticationsData, - TContext = SiemContext - > = Resolver; - export type TotalCountResolver< - R = number, - Parent = AuthenticationsData, - TContext = SiemContext - > = Resolver; - export type PageInfoResolver< - R = PageInfoPaginated, - Parent = AuthenticationsData, - TContext = SiemContext - > = Resolver; - export type InspectResolver< - R = Maybe, - Parent = AuthenticationsData, - TContext = SiemContext - > = Resolver; -} - -export namespace AuthenticationsEdgesResolvers { - export interface Resolvers { - node?: NodeResolver; - - cursor?: CursorResolver; - } - - export type NodeResolver< - R = AuthenticationItem, - Parent = AuthenticationsEdges, - TContext = SiemContext - > = Resolver; - export type CursorResolver< - R = CursorType, - Parent = AuthenticationsEdges, - TContext = SiemContext - > = Resolver; -} - -export namespace AuthenticationItemResolvers { - export interface Resolvers { - _id?: _IdResolver; - - failures?: FailuresResolver; - - successes?: SuccessesResolver; - - user?: UserResolver; - - lastSuccess?: LastSuccessResolver, TypeParent, TContext>; - - lastFailure?: LastFailureResolver, TypeParent, TContext>; - } - - export type _IdResolver< - R = string, - Parent = AuthenticationItem, - TContext = SiemContext - > = Resolver; - export type FailuresResolver< - R = number, - Parent = AuthenticationItem, - TContext = SiemContext - > = Resolver; - export type SuccessesResolver< - R = number, - Parent = AuthenticationItem, - TContext = SiemContext - > = Resolver; - export type UserResolver< - R = UserEcsFields, - Parent = AuthenticationItem, - TContext = SiemContext - > = Resolver; - export type LastSuccessResolver< - R = Maybe, - Parent = AuthenticationItem, - TContext = SiemContext - > = Resolver; - export type LastFailureResolver< - R = Maybe, - Parent = AuthenticationItem, - TContext = SiemContext - > = Resolver; -} - -export namespace UserEcsFieldsResolvers { - export interface Resolvers { - domain?: DomainResolver, TypeParent, TContext>; - - id?: IdResolver, TypeParent, TContext>; - - name?: NameResolver, TypeParent, TContext>; - - full_name?: FullNameResolver, TypeParent, TContext>; - - email?: EmailResolver, TypeParent, TContext>; - - hash?: HashResolver, TypeParent, TContext>; - - group?: GroupResolver, TypeParent, TContext>; - } - - export type DomainResolver< - R = Maybe, - Parent = UserEcsFields, - TContext = SiemContext - > = Resolver; - export type IdResolver< - R = Maybe, - Parent = UserEcsFields, - TContext = SiemContext - > = Resolver; - export type NameResolver< - R = Maybe, - Parent = UserEcsFields, - TContext = SiemContext - > = Resolver; - export type FullNameResolver< - R = Maybe, - Parent = UserEcsFields, - TContext = SiemContext - > = Resolver; - export type EmailResolver< - R = Maybe, - Parent = UserEcsFields, - TContext = SiemContext - > = Resolver; - export type HashResolver< - R = Maybe, - Parent = UserEcsFields, - TContext = SiemContext - > = Resolver; - export type GroupResolver< - R = Maybe, - Parent = UserEcsFields, - TContext = SiemContext - > = Resolver; -} - -export namespace LastSourceHostResolvers { - export interface Resolvers { - timestamp?: TimestampResolver, TypeParent, TContext>; - - source?: SourceResolver, TypeParent, TContext>; - - host?: HostResolver, TypeParent, TContext>; - } - - export type TimestampResolver< - R = Maybe, - Parent = LastSourceHost, - TContext = SiemContext - > = Resolver; - export type SourceResolver< - R = Maybe, - Parent = LastSourceHost, - TContext = SiemContext - > = Resolver; - export type HostResolver< - R = Maybe, - Parent = LastSourceHost, - TContext = SiemContext - > = Resolver; -} - -export namespace SourceEcsFieldsResolvers { - export interface Resolvers { - bytes?: BytesResolver, TypeParent, TContext>; - - ip?: IpResolver, TypeParent, TContext>; - - port?: PortResolver, TypeParent, TContext>; - - domain?: DomainResolver, TypeParent, TContext>; - - geo?: GeoResolver, TypeParent, TContext>; - - packets?: PacketsResolver, TypeParent, TContext>; - } - - export type BytesResolver< - R = Maybe, - Parent = SourceEcsFields, - TContext = SiemContext - > = Resolver; - export type IpResolver< - R = Maybe, - Parent = SourceEcsFields, - TContext = SiemContext - > = Resolver; - export type PortResolver< - R = Maybe, - Parent = SourceEcsFields, - TContext = SiemContext - > = Resolver; - export type DomainResolver< - R = Maybe, - Parent = SourceEcsFields, - TContext = SiemContext - > = Resolver; - export type GeoResolver< - R = Maybe, - Parent = SourceEcsFields, - TContext = SiemContext - > = Resolver; - export type PacketsResolver< - R = Maybe, - Parent = SourceEcsFields, - TContext = SiemContext - > = Resolver; -} - -export namespace GeoEcsFieldsResolvers { - export interface Resolvers { - city_name?: CityNameResolver, TypeParent, TContext>; - - continent_name?: ContinentNameResolver, TypeParent, TContext>; - - country_iso_code?: CountryIsoCodeResolver, TypeParent, TContext>; - - country_name?: CountryNameResolver, TypeParent, TContext>; - - location?: LocationResolver, TypeParent, TContext>; - - region_iso_code?: RegionIsoCodeResolver, TypeParent, TContext>; - - region_name?: RegionNameResolver, TypeParent, TContext>; - } - - export type CityNameResolver< - R = Maybe, - Parent = GeoEcsFields, - TContext = SiemContext - > = Resolver; - export type ContinentNameResolver< - R = Maybe, - Parent = GeoEcsFields, - TContext = SiemContext - > = Resolver; - export type CountryIsoCodeResolver< - R = Maybe, - Parent = GeoEcsFields, - TContext = SiemContext - > = Resolver; - export type CountryNameResolver< - R = Maybe, - Parent = GeoEcsFields, - TContext = SiemContext - > = Resolver; - export type LocationResolver< - R = Maybe, - Parent = GeoEcsFields, - TContext = SiemContext - > = Resolver; - export type RegionIsoCodeResolver< - R = Maybe, - Parent = GeoEcsFields, - TContext = SiemContext - > = Resolver; - export type RegionNameResolver< - R = Maybe, - Parent = GeoEcsFields, - TContext = SiemContext - > = Resolver; -} - -export namespace LocationResolvers { - export interface Resolvers { - lon?: LonResolver, TypeParent, TContext>; - - lat?: LatResolver, TypeParent, TContext>; - } - - export type LonResolver< - R = Maybe, - Parent = Location, - TContext = SiemContext - > = Resolver; - export type LatResolver< - R = Maybe, - Parent = Location, - TContext = SiemContext - > = Resolver; -} - -export namespace HostEcsFieldsResolvers { - export interface Resolvers { - architecture?: ArchitectureResolver, TypeParent, TContext>; - - id?: IdResolver, TypeParent, TContext>; - - ip?: IpResolver, TypeParent, TContext>; - - mac?: MacResolver, TypeParent, TContext>; - - name?: NameResolver, TypeParent, TContext>; - - os?: OsResolver, TypeParent, TContext>; - - type?: TypeResolver, TypeParent, TContext>; - } - - export type ArchitectureResolver< - R = Maybe, - Parent = HostEcsFields, - TContext = SiemContext - > = Resolver; - export type IdResolver< - R = Maybe, - Parent = HostEcsFields, - TContext = SiemContext - > = Resolver; - export type IpResolver< - R = Maybe, - Parent = HostEcsFields, - TContext = SiemContext - > = Resolver; - export type MacResolver< - R = Maybe, - Parent = HostEcsFields, - TContext = SiemContext - > = Resolver; - export type NameResolver< - R = Maybe, - Parent = HostEcsFields, - TContext = SiemContext - > = Resolver; - export type OsResolver< - R = Maybe, - Parent = HostEcsFields, - TContext = SiemContext - > = Resolver; - export type TypeResolver< - R = Maybe, - Parent = HostEcsFields, - TContext = SiemContext - > = Resolver; -} - -export namespace OsEcsFieldsResolvers { - export interface Resolvers { - platform?: PlatformResolver, TypeParent, TContext>; - - name?: NameResolver, TypeParent, TContext>; - - full?: FullResolver, TypeParent, TContext>; - - family?: FamilyResolver, TypeParent, TContext>; - - version?: VersionResolver, TypeParent, TContext>; - - kernel?: KernelResolver, TypeParent, TContext>; - } - - export type PlatformResolver< - R = Maybe, - Parent = OsEcsFields, - TContext = SiemContext - > = Resolver; - export type NameResolver< - R = Maybe, - Parent = OsEcsFields, - TContext = SiemContext - > = Resolver; - export type FullResolver< - R = Maybe, - Parent = OsEcsFields, - TContext = SiemContext - > = Resolver; - export type FamilyResolver< - R = Maybe, - Parent = OsEcsFields, - TContext = SiemContext - > = Resolver; - export type VersionResolver< - R = Maybe, - Parent = OsEcsFields, - TContext = SiemContext - > = Resolver; - export type KernelResolver< - R = Maybe, - Parent = OsEcsFields, - TContext = SiemContext - > = Resolver; -} - -export namespace CursorTypeResolvers { - export interface Resolvers { - value?: ValueResolver, TypeParent, TContext>; - - tiebreaker?: TiebreakerResolver, TypeParent, TContext>; - } - - export type ValueResolver< - R = Maybe, - Parent = CursorType, - TContext = SiemContext - > = Resolver; - export type TiebreakerResolver< - R = Maybe, - Parent = CursorType, - TContext = SiemContext - > = Resolver; -} - -export namespace PageInfoPaginatedResolvers { - export interface Resolvers { - activePage?: ActivePageResolver; - - fakeTotalCount?: FakeTotalCountResolver; - - showMorePagesIndicator?: ShowMorePagesIndicatorResolver; - } - - export type ActivePageResolver< - R = number, - Parent = PageInfoPaginated, - TContext = SiemContext - > = Resolver; - export type FakeTotalCountResolver< - R = number, - Parent = PageInfoPaginated, - TContext = SiemContext - > = Resolver; - export type ShowMorePagesIndicatorResolver< - R = boolean, - Parent = PageInfoPaginated, - TContext = SiemContext - > = Resolver; -} - -export namespace InspectResolvers { - export interface Resolvers { - dsl?: DslResolver; - - response?: ResponseResolver; - } - - export type DslResolver = Resolver< - R, - Parent, - TContext - >; - export type ResponseResolver = Resolver< - R, - Parent, - TContext - >; -} - -export namespace TimelineDataResolvers { - export interface Resolvers { - edges?: EdgesResolver; - - totalCount?: TotalCountResolver; - - pageInfo?: PageInfoResolver; - - inspect?: InspectResolver, TypeParent, TContext>; - } - - export type EdgesResolver< - R = TimelineEdges[], - Parent = TimelineData, - TContext = SiemContext - > = Resolver; - export type TotalCountResolver< - R = number, - Parent = TimelineData, - TContext = SiemContext - > = Resolver; - export type PageInfoResolver< - R = PageInfo, - Parent = TimelineData, - TContext = SiemContext - > = Resolver; - export type InspectResolver< - R = Maybe, - Parent = TimelineData, - TContext = SiemContext - > = Resolver; -} - -export namespace TimelineEdgesResolvers { - export interface Resolvers { - node?: NodeResolver; - - cursor?: CursorResolver; - } - - export type NodeResolver< - R = TimelineItem, - Parent = TimelineEdges, - TContext = SiemContext - > = Resolver; - export type CursorResolver< - R = CursorType, - Parent = TimelineEdges, - TContext = SiemContext - > = Resolver; -} - -export namespace TimelineItemResolvers { - export interface Resolvers { - _id?: _IdResolver; - - _index?: _IndexResolver, TypeParent, TContext>; - - data?: DataResolver; - - ecs?: EcsResolver; - } - - export type _IdResolver = Resolver< - R, - Parent, - TContext - >; - export type _IndexResolver< - R = Maybe, - Parent = TimelineItem, - TContext = SiemContext - > = Resolver; - export type DataResolver< - R = TimelineNonEcsData[], - Parent = TimelineItem, - TContext = SiemContext - > = Resolver; - export type EcsResolver = Resolver< - R, - Parent, - TContext - >; -} - -export namespace TimelineNonEcsDataResolvers { - export interface Resolvers { - field?: FieldResolver; - - value?: ValueResolver, TypeParent, TContext>; - } - - export type FieldResolver< - R = string, - Parent = TimelineNonEcsData, - TContext = SiemContext - > = Resolver; - export type ValueResolver< - R = Maybe, - Parent = TimelineNonEcsData, - TContext = SiemContext - > = Resolver; -} - -export namespace EcsResolvers { - export interface Resolvers { - _id?: _IdResolver; - - _index?: _IndexResolver, TypeParent, TContext>; - - agent?: AgentResolver, TypeParent, TContext>; - - auditd?: AuditdResolver, TypeParent, TContext>; - - destination?: DestinationResolver, TypeParent, TContext>; - - dns?: DnsResolver, TypeParent, TContext>; - - endgame?: EndgameResolver, TypeParent, TContext>; - - event?: EventResolver, TypeParent, TContext>; - - geo?: GeoResolver, TypeParent, TContext>; - - host?: HostResolver, TypeParent, TContext>; - - network?: NetworkResolver, TypeParent, TContext>; - - rule?: RuleResolver, TypeParent, TContext>; - - signal?: SignalResolver, TypeParent, TContext>; - - source?: SourceResolver, TypeParent, TContext>; - - suricata?: SuricataResolver, TypeParent, TContext>; - - tls?: TlsResolver, TypeParent, TContext>; - - zeek?: ZeekResolver, TypeParent, TContext>; - - http?: HttpResolver, TypeParent, TContext>; - - url?: UrlResolver, TypeParent, TContext>; - - timestamp?: TimestampResolver, TypeParent, TContext>; - - message?: MessageResolver, TypeParent, TContext>; - - user?: UserResolver, TypeParent, TContext>; - - winlog?: WinlogResolver, TypeParent, TContext>; - - process?: ProcessResolver, TypeParent, TContext>; - - file?: FileResolver, TypeParent, TContext>; - - system?: SystemResolver, TypeParent, TContext>; - } - - export type _IdResolver = Resolver< - R, - Parent, - TContext - >; - export type _IndexResolver, Parent = Ecs, TContext = SiemContext> = Resolver< - R, - Parent, - TContext - >; - export type AgentResolver< - R = Maybe, - Parent = Ecs, - TContext = SiemContext - > = Resolver; - export type AuditdResolver< - R = Maybe, - Parent = Ecs, - TContext = SiemContext - > = Resolver; - export type DestinationResolver< - R = Maybe, - Parent = Ecs, - TContext = SiemContext - > = Resolver; - export type DnsResolver, Parent = Ecs, TContext = SiemContext> = Resolver< - R, - Parent, - TContext - >; - export type EndgameResolver< - R = Maybe, - Parent = Ecs, - TContext = SiemContext - > = Resolver; - export type EventResolver< - R = Maybe, - Parent = Ecs, - TContext = SiemContext - > = Resolver; - export type GeoResolver, Parent = Ecs, TContext = SiemContext> = Resolver< - R, - Parent, - TContext - >; - export type HostResolver< - R = Maybe, - Parent = Ecs, - TContext = SiemContext - > = Resolver; - export type NetworkResolver< - R = Maybe, - Parent = Ecs, - TContext = SiemContext - > = Resolver; - export type RuleResolver< - R = Maybe, - Parent = Ecs, - TContext = SiemContext - > = Resolver; - export type SignalResolver< - R = Maybe, - Parent = Ecs, - TContext = SiemContext - > = Resolver; - export type SourceResolver< - R = Maybe, - Parent = Ecs, - TContext = SiemContext - > = Resolver; - export type SuricataResolver< - R = Maybe, - Parent = Ecs, - TContext = SiemContext - > = Resolver; - export type TlsResolver, Parent = Ecs, TContext = SiemContext> = Resolver< - R, - Parent, - TContext - >; - export type ZeekResolver< - R = Maybe, - Parent = Ecs, - TContext = SiemContext - > = Resolver; - export type HttpResolver< - R = Maybe, - Parent = Ecs, - TContext = SiemContext - > = Resolver; - export type UrlResolver, Parent = Ecs, TContext = SiemContext> = Resolver< - R, - Parent, - TContext - >; - export type TimestampResolver, Parent = Ecs, TContext = SiemContext> = Resolver< - R, - Parent, - TContext - >; - export type MessageResolver< - R = Maybe, - Parent = Ecs, - TContext = SiemContext - > = Resolver; - export type UserResolver< - R = Maybe, - Parent = Ecs, - TContext = SiemContext - > = Resolver; - export type WinlogResolver< - R = Maybe, - Parent = Ecs, - TContext = SiemContext - > = Resolver; - export type ProcessResolver< - R = Maybe, - Parent = Ecs, - TContext = SiemContext - > = Resolver; - export type FileResolver, Parent = Ecs, TContext = SiemContext> = Resolver< - R, - Parent, - TContext - >; - export type SystemResolver< - R = Maybe, - Parent = Ecs, - TContext = SiemContext - > = Resolver; -} - -export namespace AgentEcsFieldResolvers { - export interface Resolvers { - type?: TypeResolver, TypeParent, TContext>; - } - - export type TypeResolver< - R = Maybe, - Parent = AgentEcsField, - TContext = SiemContext - > = Resolver; -} - -export namespace AuditdEcsFieldsResolvers { - export interface Resolvers { - result?: ResultResolver, TypeParent, TContext>; - - session?: SessionResolver, TypeParent, TContext>; - - data?: DataResolver, TypeParent, TContext>; - - summary?: SummaryResolver, TypeParent, TContext>; - - sequence?: SequenceResolver, TypeParent, TContext>; - } - - export type ResultResolver< - R = Maybe, - Parent = AuditdEcsFields, - TContext = SiemContext - > = Resolver; - export type SessionResolver< - R = Maybe, - Parent = AuditdEcsFields, - TContext = SiemContext - > = Resolver; - export type DataResolver< - R = Maybe, - Parent = AuditdEcsFields, - TContext = SiemContext - > = Resolver; - export type SummaryResolver< - R = Maybe, - Parent = AuditdEcsFields, - TContext = SiemContext - > = Resolver; - export type SequenceResolver< - R = Maybe, - Parent = AuditdEcsFields, - TContext = SiemContext - > = Resolver; -} - -export namespace AuditdDataResolvers { - export interface Resolvers { - acct?: AcctResolver, TypeParent, TContext>; - - terminal?: TerminalResolver, TypeParent, TContext>; - - op?: OpResolver, TypeParent, TContext>; - } - - export type AcctResolver< - R = Maybe, - Parent = AuditdData, - TContext = SiemContext - > = Resolver; - export type TerminalResolver< - R = Maybe, - Parent = AuditdData, - TContext = SiemContext - > = Resolver; - export type OpResolver< - R = Maybe, - Parent = AuditdData, - TContext = SiemContext - > = Resolver; -} - -export namespace SummaryResolvers { - export interface Resolvers { - actor?: ActorResolver, TypeParent, TContext>; - - object?: ObjectResolver, TypeParent, TContext>; - - how?: HowResolver, TypeParent, TContext>; - - message_type?: MessageTypeResolver, TypeParent, TContext>; - - sequence?: SequenceResolver, TypeParent, TContext>; - } - - export type ActorResolver< - R = Maybe, - Parent = Summary, - TContext = SiemContext - > = Resolver; - export type ObjectResolver< - R = Maybe, - Parent = Summary, - TContext = SiemContext - > = Resolver; - export type HowResolver< - R = Maybe, - Parent = Summary, - TContext = SiemContext - > = Resolver; - export type MessageTypeResolver< - R = Maybe, - Parent = Summary, - TContext = SiemContext - > = Resolver; - export type SequenceResolver< - R = Maybe, - Parent = Summary, - TContext = SiemContext - > = Resolver; -} - -export namespace PrimarySecondaryResolvers { - export interface Resolvers { - primary?: PrimaryResolver, TypeParent, TContext>; - - secondary?: SecondaryResolver, TypeParent, TContext>; - - type?: TypeResolver, TypeParent, TContext>; - } - - export type PrimaryResolver< - R = Maybe, - Parent = PrimarySecondary, - TContext = SiemContext - > = Resolver; - export type SecondaryResolver< - R = Maybe, - Parent = PrimarySecondary, - TContext = SiemContext - > = Resolver; - export type TypeResolver< - R = Maybe, - Parent = PrimarySecondary, - TContext = SiemContext - > = Resolver; -} - -export namespace DestinationEcsFieldsResolvers { - export interface Resolvers { - bytes?: BytesResolver, TypeParent, TContext>; - - ip?: IpResolver, TypeParent, TContext>; - - port?: PortResolver, TypeParent, TContext>; - - domain?: DomainResolver, TypeParent, TContext>; - - geo?: GeoResolver, TypeParent, TContext>; + export type GetAllPinnedEventsByTimelineIdResolver< + R = PinnedEvent[], + Parent = {}, + TContext = SiemContext + > = Resolver; + export interface GetAllPinnedEventsByTimelineIdArgs { + timelineId: string; + } - packets?: PacketsResolver, TypeParent, TContext>; + export type SourceResolver = Resolver< + R, + Parent, + TContext, + SourceArgs + >; + export interface SourceArgs { + /** The id of the source */ + id: string; } - export type BytesResolver< - R = Maybe, - Parent = DestinationEcsFields, - TContext = SiemContext - > = Resolver; - export type IpResolver< - R = Maybe, - Parent = DestinationEcsFields, - TContext = SiemContext - > = Resolver; - export type PortResolver< - R = Maybe, - Parent = DestinationEcsFields, - TContext = SiemContext - > = Resolver; - export type DomainResolver< - R = Maybe, - Parent = DestinationEcsFields, - TContext = SiemContext - > = Resolver; - export type GeoResolver< - R = Maybe, - Parent = DestinationEcsFields, - TContext = SiemContext - > = Resolver; - export type PacketsResolver< - R = Maybe, - Parent = DestinationEcsFields, + export type AllSourcesResolver = Resolver< + R, + Parent, + TContext + >; + export type GetOneTimelineResolver< + R = TimelineResult, + Parent = {}, TContext = SiemContext - > = Resolver; -} - -export namespace DnsEcsFieldsResolvers { - export interface Resolvers { - question?: QuestionResolver, TypeParent, TContext>; - - resolved_ip?: ResolvedIpResolver, TypeParent, TContext>; - - response_code?: ResponseCodeResolver, TypeParent, TContext>; + > = Resolver; + export interface GetOneTimelineArgs { + id: string; } - export type QuestionResolver< - R = Maybe, - Parent = DnsEcsFields, - TContext = SiemContext - > = Resolver; - export type ResolvedIpResolver< - R = Maybe, - Parent = DnsEcsFields, - TContext = SiemContext - > = Resolver; - export type ResponseCodeResolver< - R = Maybe, - Parent = DnsEcsFields, + export type GetAllTimelineResolver< + R = ResponseTimelines, + Parent = {}, TContext = SiemContext - > = Resolver; -} - -export namespace DnsQuestionDataResolvers { - export interface Resolvers { - name?: NameResolver, TypeParent, TContext>; + > = Resolver; + export interface GetAllTimelineArgs { + pageInfo: PageInfoTimeline; - type?: TypeResolver, TypeParent, TContext>; - } + search?: Maybe; - export type NameResolver< - R = Maybe, - Parent = DnsQuestionData, - TContext = SiemContext - > = Resolver; - export type TypeResolver< - R = Maybe, - Parent = DnsQuestionData, - TContext = SiemContext - > = Resolver; -} + sort?: Maybe; -export namespace EndgameEcsFieldsResolvers { - export interface Resolvers { - exit_code?: ExitCodeResolver, TypeParent, TContext>; + onlyUserFavorite?: Maybe; - file_name?: FileNameResolver, TypeParent, TContext>; + timelineType?: Maybe; - file_path?: FilePathResolver, TypeParent, TContext>; + status?: Maybe; + } +} - logon_type?: LogonTypeResolver, TypeParent, TContext>; +export namespace NoteResultResolvers { + export interface Resolvers { + eventId?: EventIdResolver, TypeParent, TContext>; - parent_process_name?: ParentProcessNameResolver, TypeParent, TContext>; + note?: NoteResolver, TypeParent, TContext>; - pid?: PidResolver, TypeParent, TContext>; + timelineId?: TimelineIdResolver, TypeParent, TContext>; - process_name?: ProcessNameResolver, TypeParent, TContext>; + noteId?: NoteIdResolver; - subject_domain_name?: SubjectDomainNameResolver, TypeParent, TContext>; + created?: CreatedResolver, TypeParent, TContext>; - subject_logon_id?: SubjectLogonIdResolver, TypeParent, TContext>; + createdBy?: CreatedByResolver, TypeParent, TContext>; - subject_user_name?: SubjectUserNameResolver, TypeParent, TContext>; + timelineVersion?: TimelineVersionResolver, TypeParent, TContext>; - target_domain_name?: TargetDomainNameResolver, TypeParent, TContext>; + updated?: UpdatedResolver, TypeParent, TContext>; - target_logon_id?: TargetLogonIdResolver, TypeParent, TContext>; + updatedBy?: UpdatedByResolver, TypeParent, TContext>; - target_user_name?: TargetUserNameResolver, TypeParent, TContext>; + version?: VersionResolver, TypeParent, TContext>; } - export type ExitCodeResolver< - R = Maybe, - Parent = EndgameEcsFields, - TContext = SiemContext - > = Resolver; - export type FileNameResolver< - R = Maybe, - Parent = EndgameEcsFields, - TContext = SiemContext - > = Resolver; - export type FilePathResolver< - R = Maybe, - Parent = EndgameEcsFields, + export type EventIdResolver< + R = Maybe, + Parent = NoteResult, TContext = SiemContext > = Resolver; - export type LogonTypeResolver< - R = Maybe, - Parent = EndgameEcsFields, + export type NoteResolver< + R = Maybe, + Parent = NoteResult, TContext = SiemContext > = Resolver; - export type ParentProcessNameResolver< - R = Maybe, - Parent = EndgameEcsFields, + export type TimelineIdResolver< + R = Maybe, + Parent = NoteResult, TContext = SiemContext > = Resolver; - export type PidResolver< - R = Maybe, - Parent = EndgameEcsFields, + export type NoteIdResolver = Resolver< + R, + Parent, + TContext + >; + export type CreatedResolver< + R = Maybe, + Parent = NoteResult, TContext = SiemContext > = Resolver; - export type ProcessNameResolver< - R = Maybe, - Parent = EndgameEcsFields, + export type CreatedByResolver< + R = Maybe, + Parent = NoteResult, TContext = SiemContext > = Resolver; - export type SubjectDomainNameResolver< - R = Maybe, - Parent = EndgameEcsFields, + export type TimelineVersionResolver< + R = Maybe, + Parent = NoteResult, TContext = SiemContext > = Resolver; - export type SubjectLogonIdResolver< - R = Maybe, - Parent = EndgameEcsFields, + export type UpdatedResolver< + R = Maybe, + Parent = NoteResult, TContext = SiemContext > = Resolver; - export type SubjectUserNameResolver< - R = Maybe, - Parent = EndgameEcsFields, + export type UpdatedByResolver< + R = Maybe, + Parent = NoteResult, TContext = SiemContext > = Resolver; - export type TargetDomainNameResolver< - R = Maybe, - Parent = EndgameEcsFields, + export type VersionResolver< + R = Maybe, + Parent = NoteResult, TContext = SiemContext > = Resolver; - export type TargetLogonIdResolver< - R = Maybe, - Parent = EndgameEcsFields, +} + +export namespace ResponseNotesResolvers { + export interface Resolvers { + notes?: NotesResolver; + + totalCount?: TotalCountResolver, TypeParent, TContext>; + } + + export type NotesResolver< + R = NoteResult[], + Parent = ResponseNotes, TContext = SiemContext > = Resolver; - export type TargetUserNameResolver< - R = Maybe, - Parent = EndgameEcsFields, + export type TotalCountResolver< + R = Maybe, + Parent = ResponseNotes, TContext = SiemContext > = Resolver; } -export namespace EventEcsFieldsResolvers { - export interface Resolvers { - action?: ActionResolver, TypeParent, TContext>; - - category?: CategoryResolver, TypeParent, TContext>; - - code?: CodeResolver, TypeParent, TContext>; - - created?: CreatedResolver, TypeParent, TContext>; - - dataset?: DatasetResolver, TypeParent, TContext>; - - duration?: DurationResolver, TypeParent, TContext>; - - end?: EndResolver, TypeParent, TContext>; - - hash?: HashResolver, TypeParent, TContext>; - - id?: IdResolver, TypeParent, TContext>; +export namespace PinnedEventResolvers { + export interface Resolvers { + code?: CodeResolver, TypeParent, TContext>; - kind?: KindResolver, TypeParent, TContext>; + message?: MessageResolver, TypeParent, TContext>; - module?: ModuleResolver, TypeParent, TContext>; + pinnedEventId?: PinnedEventIdResolver; - original?: OriginalResolver, TypeParent, TContext>; + eventId?: EventIdResolver, TypeParent, TContext>; - outcome?: OutcomeResolver, TypeParent, TContext>; + timelineId?: TimelineIdResolver, TypeParent, TContext>; - risk_score?: RiskScoreResolver, TypeParent, TContext>; + timelineVersion?: TimelineVersionResolver, TypeParent, TContext>; - risk_score_norm?: RiskScoreNormResolver, TypeParent, TContext>; + created?: CreatedResolver, TypeParent, TContext>; - severity?: SeverityResolver, TypeParent, TContext>; + createdBy?: CreatedByResolver, TypeParent, TContext>; - start?: StartResolver, TypeParent, TContext>; + updated?: UpdatedResolver, TypeParent, TContext>; - timezone?: TimezoneResolver, TypeParent, TContext>; + updatedBy?: UpdatedByResolver, TypeParent, TContext>; - type?: TypeResolver, TypeParent, TContext>; + version?: VersionResolver, TypeParent, TContext>; } - export type ActionResolver< - R = Maybe, - Parent = EventEcsFields, - TContext = SiemContext - > = Resolver; - export type CategoryResolver< - R = Maybe, - Parent = EventEcsFields, - TContext = SiemContext - > = Resolver; export type CodeResolver< - R = Maybe, - Parent = EventEcsFields, - TContext = SiemContext - > = Resolver; - export type CreatedResolver< - R = Maybe, - Parent = EventEcsFields, - TContext = SiemContext - > = Resolver; - export type DatasetResolver< - R = Maybe, - Parent = EventEcsFields, - TContext = SiemContext - > = Resolver; - export type DurationResolver< - R = Maybe, - Parent = EventEcsFields, - TContext = SiemContext - > = Resolver; - export type EndResolver< - R = Maybe, - Parent = EventEcsFields, - TContext = SiemContext - > = Resolver; - export type HashResolver< - R = Maybe, - Parent = EventEcsFields, + R = Maybe, + Parent = PinnedEvent, TContext = SiemContext > = Resolver; - export type IdResolver< - R = Maybe, - Parent = EventEcsFields, + export type MessageResolver< + R = Maybe, + Parent = PinnedEvent, TContext = SiemContext > = Resolver; - export type KindResolver< - R = Maybe, - Parent = EventEcsFields, + export type PinnedEventIdResolver< + R = string, + Parent = PinnedEvent, TContext = SiemContext > = Resolver; - export type ModuleResolver< - R = Maybe, - Parent = EventEcsFields, + export type EventIdResolver< + R = Maybe, + Parent = PinnedEvent, TContext = SiemContext > = Resolver; - export type OriginalResolver< - R = Maybe, - Parent = EventEcsFields, + export type TimelineIdResolver< + R = Maybe, + Parent = PinnedEvent, TContext = SiemContext > = Resolver; - export type OutcomeResolver< - R = Maybe, - Parent = EventEcsFields, + export type TimelineVersionResolver< + R = Maybe, + Parent = PinnedEvent, TContext = SiemContext > = Resolver; - export type RiskScoreResolver< - R = Maybe, - Parent = EventEcsFields, + export type CreatedResolver< + R = Maybe, + Parent = PinnedEvent, TContext = SiemContext > = Resolver; - export type RiskScoreNormResolver< - R = Maybe, - Parent = EventEcsFields, + export type CreatedByResolver< + R = Maybe, + Parent = PinnedEvent, TContext = SiemContext > = Resolver; - export type SeverityResolver< - R = Maybe, - Parent = EventEcsFields, + export type UpdatedResolver< + R = Maybe, + Parent = PinnedEvent, TContext = SiemContext > = Resolver; - export type StartResolver< - R = Maybe, - Parent = EventEcsFields, + export type UpdatedByResolver< + R = Maybe, + Parent = PinnedEvent, TContext = SiemContext > = Resolver; - export type TimezoneResolver< - R = Maybe, - Parent = EventEcsFields, + export type VersionResolver< + R = Maybe, + Parent = PinnedEvent, TContext = SiemContext > = Resolver; - export type TypeResolver< - R = Maybe, - Parent = EventEcsFields, +} + +export namespace SourceResolvers { + export interface Resolvers { + /** The id of the source */ + id?: IdResolver; + /** The raw configuration of the source */ + configuration?: ConfigurationResolver; + /** The status of the source */ + status?: StatusResolver; + /** Gets Hosts based on timerange and specified criteria, or all events in the timerange if no criteria is specified */ + Hosts?: HostsResolver; + + HostOverview?: HostOverviewResolver; + + HostFirstLastSeen?: HostFirstLastSeenResolver; + } + + export type IdResolver = Resolver< + R, + Parent, + TContext + >; + export type ConfigurationResolver< + R = SourceConfiguration, + Parent = Source, TContext = SiemContext > = Resolver; -} + export type StatusResolver = Resolver< + R, + Parent, + TContext + >; + export type HostsResolver = Resolver< + R, + Parent, + TContext, + HostsArgs + >; + export interface HostsArgs { + id?: Maybe; -export namespace NetworkEcsFieldResolvers { - export interface Resolvers { - bytes?: BytesResolver, TypeParent, TContext>; + timerange: TimerangeInput; - community_id?: CommunityIdResolver, TypeParent, TContext>; + pagination: PaginationInputPaginated; - direction?: DirectionResolver, TypeParent, TContext>; + sort: HostsSortField; - packets?: PacketsResolver, TypeParent, TContext>; + filterQuery?: Maybe; - protocol?: ProtocolResolver, TypeParent, TContext>; + defaultIndex: string[]; - transport?: TransportResolver, TypeParent, TContext>; + docValueFields: DocValueFieldsInput[]; } - export type BytesResolver< - R = Maybe, - Parent = NetworkEcsField, + export type HostOverviewResolver< + R = HostItem, + Parent = Source, TContext = SiemContext - > = Resolver; - export type CommunityIdResolver< - R = Maybe, - Parent = NetworkEcsField, + > = Resolver; + export interface HostOverviewArgs { + id?: Maybe; + + hostName: string; + + timerange: TimerangeInput; + + defaultIndex: string[]; + } + + export type HostFirstLastSeenResolver< + R = FirstLastSeenHost, + Parent = Source, + TContext = SiemContext + > = Resolver; + export interface HostFirstLastSeenArgs { + id?: Maybe; + + hostName: string; + + defaultIndex: string[]; + + docValueFields: DocValueFieldsInput[]; + } +} +/** A set of configuration options for a security data source */ +export namespace SourceConfigurationResolvers { + export interface Resolvers { + /** The field mapping to use for this source */ + fields?: FieldsResolver; + } + + export type FieldsResolver< + R = SourceFields, + Parent = SourceConfiguration, TContext = SiemContext > = Resolver; - export type DirectionResolver< - R = Maybe, - Parent = NetworkEcsField, +} +/** A mapping of semantic fields to their document counterparts */ +export namespace SourceFieldsResolvers { + export interface Resolvers { + /** The field to identify a container by */ + container?: ContainerResolver; + /** The fields to identify a host by */ + host?: HostResolver; + /** The fields that may contain the log event message. The first field found win. */ + message?: MessageResolver; + /** The field to identify a pod by */ + pod?: PodResolver; + /** The field to use as a tiebreaker for log events that have identical timestamps */ + tiebreaker?: TiebreakerResolver; + /** The field to use as a timestamp for metrics and logs */ + timestamp?: TimestampResolver; + } + + export type ContainerResolver< + R = string, + Parent = SourceFields, TContext = SiemContext > = Resolver; - export type PacketsResolver< - R = Maybe, - Parent = NetworkEcsField, + export type HostResolver = Resolver< + R, + Parent, + TContext + >; + export type MessageResolver< + R = string[], + Parent = SourceFields, TContext = SiemContext > = Resolver; - export type ProtocolResolver< - R = Maybe, - Parent = NetworkEcsField, + export type PodResolver = Resolver< + R, + Parent, + TContext + >; + export type TiebreakerResolver< + R = string, + Parent = SourceFields, TContext = SiemContext > = Resolver; - export type TransportResolver< - R = Maybe, - Parent = NetworkEcsField, + export type TimestampResolver< + R = string, + Parent = SourceFields, TContext = SiemContext > = Resolver; } +/** The status of an infrastructure data source */ +export namespace SourceStatusResolvers { + export interface Resolvers { + /** Whether the configured alias or wildcard pattern resolve to any auditbeat indices */ + indicesExist?: IndicesExistResolver; + /** The list of fields defined in the index mappings */ + indexFields?: IndexFieldsResolver; + } -export namespace RuleEcsFieldResolvers { - export interface Resolvers { - reference?: ReferenceResolver, TypeParent, TContext>; + export type IndicesExistResolver< + R = boolean, + Parent = SourceStatus, + TContext = SiemContext + > = Resolver; + export interface IndicesExistArgs { + defaultIndex: string[]; } - export type ReferenceResolver< - R = Maybe, - Parent = RuleEcsField, + export type IndexFieldsResolver< + R = string[], + Parent = SourceStatus, TContext = SiemContext - > = Resolver; + > = Resolver; + export interface IndexFieldsArgs { + defaultIndex: string[]; + } } -export namespace SignalFieldResolvers { - export interface Resolvers { - rule?: RuleResolver, TypeParent, TContext>; +export namespace HostsDataResolvers { + export interface Resolvers { + edges?: EdgesResolver; - original_time?: OriginalTimeResolver, TypeParent, TContext>; + totalCount?: TotalCountResolver; - status?: StatusResolver, TypeParent, TContext>; + pageInfo?: PageInfoResolver; + + inspect?: InspectResolver, TypeParent, TContext>; } - export type RuleResolver< - R = Maybe, - Parent = SignalField, + export type EdgesResolver< + R = HostsEdges[], + Parent = HostsData, TContext = SiemContext > = Resolver; - export type OriginalTimeResolver< - R = Maybe, - Parent = SignalField, + export type TotalCountResolver = Resolver< + R, + Parent, + TContext + >; + export type PageInfoResolver< + R = PageInfoPaginated, + Parent = HostsData, TContext = SiemContext > = Resolver; - export type StatusResolver< - R = Maybe, - Parent = SignalField, + export type InspectResolver< + R = Maybe, + Parent = HostsData, TContext = SiemContext > = Resolver; } -export namespace RuleFieldResolvers { - export interface Resolvers { - id?: IdResolver, TypeParent, TContext>; - - rule_id?: RuleIdResolver, TypeParent, TContext>; - - false_positives?: FalsePositivesResolver; - - saved_id?: SavedIdResolver, TypeParent, TContext>; - - timeline_id?: TimelineIdResolver, TypeParent, TContext>; - - timeline_title?: TimelineTitleResolver, TypeParent, TContext>; - - max_signals?: MaxSignalsResolver, TypeParent, TContext>; - - risk_score?: RiskScoreResolver, TypeParent, TContext>; - - output_index?: OutputIndexResolver, TypeParent, TContext>; - - description?: DescriptionResolver, TypeParent, TContext>; - - from?: FromResolver, TypeParent, TContext>; - - immutable?: ImmutableResolver, TypeParent, TContext>; - - index?: IndexResolver, TypeParent, TContext>; - - interval?: IntervalResolver, TypeParent, TContext>; - - language?: LanguageResolver, TypeParent, TContext>; - - query?: QueryResolver, TypeParent, TContext>; - - references?: ReferencesResolver, TypeParent, TContext>; - - severity?: SeverityResolver, TypeParent, TContext>; - - tags?: TagsResolver, TypeParent, TContext>; - - threat?: ThreatResolver, TypeParent, TContext>; - - type?: TypeResolver, TypeParent, TContext>; - - size?: SizeResolver, TypeParent, TContext>; - - to?: ToResolver, TypeParent, TContext>; - - enabled?: EnabledResolver, TypeParent, TContext>; - - filters?: FiltersResolver, TypeParent, TContext>; +export namespace HostsEdgesResolvers { + export interface Resolvers { + node?: NodeResolver; - created_at?: CreatedAtResolver, TypeParent, TContext>; + cursor?: CursorResolver; + } - updated_at?: UpdatedAtResolver, TypeParent, TContext>; + export type NodeResolver = Resolver< + R, + Parent, + TContext + >; + export type CursorResolver< + R = CursorType, + Parent = HostsEdges, + TContext = SiemContext + > = Resolver; +} - created_by?: CreatedByResolver, TypeParent, TContext>; +export namespace HostItemResolvers { + export interface Resolvers { + _id?: _IdResolver, TypeParent, TContext>; - updated_by?: UpdatedByResolver, TypeParent, TContext>; + cloud?: CloudResolver, TypeParent, TContext>; - version?: VersionResolver, TypeParent, TContext>; + endpoint?: EndpointResolver, TypeParent, TContext>; - note?: NoteResolver, TypeParent, TContext>; + host?: HostResolver, TypeParent, TContext>; - threshold?: ThresholdResolver, TypeParent, TContext>; + inspect?: InspectResolver, TypeParent, TContext>; - exceptions_list?: ExceptionsListResolver, TypeParent, TContext>; + lastSeen?: LastSeenResolver, TypeParent, TContext>; } - export type IdResolver< - R = Maybe, - Parent = RuleField, - TContext = SiemContext - > = Resolver; - export type RuleIdResolver< - R = Maybe, - Parent = RuleField, - TContext = SiemContext - > = Resolver; - export type FalsePositivesResolver< - R = string[], - Parent = RuleField, - TContext = SiemContext - > = Resolver; - export type SavedIdResolver< - R = Maybe, - Parent = RuleField, + export type _IdResolver, Parent = HostItem, TContext = SiemContext> = Resolver< + R, + Parent, + TContext + >; + export type CloudResolver< + R = Maybe, + Parent = HostItem, TContext = SiemContext > = Resolver; - export type TimelineIdResolver< - R = Maybe, - Parent = RuleField, + export type EndpointResolver< + R = Maybe, + Parent = HostItem, TContext = SiemContext > = Resolver; - export type TimelineTitleResolver< - R = Maybe, - Parent = RuleField, + export type HostResolver< + R = Maybe, + Parent = HostItem, TContext = SiemContext > = Resolver; - export type MaxSignalsResolver< - R = Maybe, - Parent = RuleField, + export type InspectResolver< + R = Maybe, + Parent = HostItem, TContext = SiemContext > = Resolver; - export type RiskScoreResolver< - R = Maybe, - Parent = RuleField, + export type LastSeenResolver< + R = Maybe, + Parent = HostItem, TContext = SiemContext > = Resolver; - export type OutputIndexResolver< - R = Maybe, - Parent = RuleField, +} + +export namespace CloudFieldsResolvers { + export interface Resolvers { + instance?: InstanceResolver, TypeParent, TContext>; + + machine?: MachineResolver, TypeParent, TContext>; + + provider?: ProviderResolver)[]>, TypeParent, TContext>; + + region?: RegionResolver)[]>, TypeParent, TContext>; + } + + export type InstanceResolver< + R = Maybe, + Parent = CloudFields, TContext = SiemContext > = Resolver; - export type DescriptionResolver< - R = Maybe, - Parent = RuleField, + export type MachineResolver< + R = Maybe, + Parent = CloudFields, TContext = SiemContext > = Resolver; - export type FromResolver< - R = Maybe, - Parent = RuleField, + export type ProviderResolver< + R = Maybe<(Maybe)[]>, + Parent = CloudFields, TContext = SiemContext > = Resolver; - export type ImmutableResolver< - R = Maybe, - Parent = RuleField, + export type RegionResolver< + R = Maybe<(Maybe)[]>, + Parent = CloudFields, TContext = SiemContext > = Resolver; - export type IndexResolver< - R = Maybe, - Parent = RuleField, +} + +export namespace CloudInstanceResolvers { + export interface Resolvers { + id?: IdResolver)[]>, TypeParent, TContext>; + } + + export type IdResolver< + R = Maybe<(Maybe)[]>, + Parent = CloudInstance, TContext = SiemContext > = Resolver; - export type IntervalResolver< - R = Maybe, - Parent = RuleField, +} + +export namespace CloudMachineResolvers { + export interface Resolvers { + type?: TypeResolver)[]>, TypeParent, TContext>; + } + + export type TypeResolver< + R = Maybe<(Maybe)[]>, + Parent = CloudMachine, TContext = SiemContext > = Resolver; - export type LanguageResolver< - R = Maybe, - Parent = RuleField, +} + +export namespace EndpointFieldsResolvers { + export interface Resolvers { + endpointPolicy?: EndpointPolicyResolver, TypeParent, TContext>; + + sensorVersion?: SensorVersionResolver, TypeParent, TContext>; + + policyStatus?: PolicyStatusResolver< + Maybe, + TypeParent, + TContext + >; + } + + export type EndpointPolicyResolver< + R = Maybe, + Parent = EndpointFields, TContext = SiemContext > = Resolver; - export type QueryResolver< - R = Maybe, - Parent = RuleField, + export type SensorVersionResolver< + R = Maybe, + Parent = EndpointFields, TContext = SiemContext > = Resolver; - export type ReferencesResolver< - R = Maybe, - Parent = RuleField, + export type PolicyStatusResolver< + R = Maybe, + Parent = EndpointFields, TContext = SiemContext > = Resolver; - export type SeverityResolver< +} + +export namespace HostEcsFieldsResolvers { + export interface Resolvers { + architecture?: ArchitectureResolver, TypeParent, TContext>; + + id?: IdResolver, TypeParent, TContext>; + + ip?: IpResolver, TypeParent, TContext>; + + mac?: MacResolver, TypeParent, TContext>; + + name?: NameResolver, TypeParent, TContext>; + + os?: OsResolver, TypeParent, TContext>; + + type?: TypeResolver, TypeParent, TContext>; + } + + export type ArchitectureResolver< R = Maybe, - Parent = RuleField, + Parent = HostEcsFields, TContext = SiemContext > = Resolver; - export type TagsResolver< + export type IdResolver< R = Maybe, - Parent = RuleField, - TContext = SiemContext - > = Resolver; - export type ThreatResolver< - R = Maybe, - Parent = RuleField, + Parent = HostEcsFields, TContext = SiemContext > = Resolver; - export type TypeResolver< + export type IpResolver< R = Maybe, - Parent = RuleField, + Parent = HostEcsFields, TContext = SiemContext > = Resolver; - export type SizeResolver< + export type MacResolver< R = Maybe, - Parent = RuleField, + Parent = HostEcsFields, TContext = SiemContext > = Resolver; - export type ToResolver< + export type NameResolver< R = Maybe, - Parent = RuleField, + Parent = HostEcsFields, TContext = SiemContext > = Resolver; - export type EnabledResolver< - R = Maybe, - Parent = RuleField, + export type OsResolver< + R = Maybe, + Parent = HostEcsFields, TContext = SiemContext > = Resolver; - export type FiltersResolver< - R = Maybe, - Parent = RuleField, + export type TypeResolver< + R = Maybe, + Parent = HostEcsFields, TContext = SiemContext > = Resolver; - export type CreatedAtResolver< +} + +export namespace OsEcsFieldsResolvers { + export interface Resolvers { + platform?: PlatformResolver, TypeParent, TContext>; + + name?: NameResolver, TypeParent, TContext>; + + full?: FullResolver, TypeParent, TContext>; + + family?: FamilyResolver, TypeParent, TContext>; + + version?: VersionResolver, TypeParent, TContext>; + + kernel?: KernelResolver, TypeParent, TContext>; + } + + export type PlatformResolver< R = Maybe, - Parent = RuleField, + Parent = OsEcsFields, TContext = SiemContext > = Resolver; - export type UpdatedAtResolver< + export type NameResolver< R = Maybe, - Parent = RuleField, + Parent = OsEcsFields, TContext = SiemContext > = Resolver; - export type CreatedByResolver< + export type FullResolver< R = Maybe, - Parent = RuleField, + Parent = OsEcsFields, TContext = SiemContext > = Resolver; - export type UpdatedByResolver< + export type FamilyResolver< R = Maybe, - Parent = RuleField, + Parent = OsEcsFields, TContext = SiemContext > = Resolver; export type VersionResolver< R = Maybe, - Parent = RuleField, + Parent = OsEcsFields, TContext = SiemContext > = Resolver; - export type NoteResolver< + export type KernelResolver< R = Maybe, - Parent = RuleField, + Parent = OsEcsFields, TContext = SiemContext > = Resolver; - export type ThresholdResolver< - R = Maybe, - Parent = RuleField, +} + +export namespace InspectResolvers { + export interface Resolvers { + dsl?: DslResolver; + + response?: ResponseResolver; + } + + export type DslResolver = Resolver< + R, + Parent, + TContext + >; + export type ResponseResolver = Resolver< + R, + Parent, + TContext + >; +} + +export namespace CursorTypeResolvers { + export interface Resolvers { + value?: ValueResolver, TypeParent, TContext>; + + tiebreaker?: TiebreakerResolver, TypeParent, TContext>; + } + + export type ValueResolver< + R = Maybe, + Parent = CursorType, TContext = SiemContext > = Resolver; - export type ExceptionsListResolver< - R = Maybe, - Parent = RuleField, + export type TiebreakerResolver< + R = Maybe, + Parent = CursorType, TContext = SiemContext > = Resolver; } -export namespace SuricataEcsFieldsResolvers { - export interface Resolvers { - eve?: EveResolver, TypeParent, TContext>; +export namespace PageInfoPaginatedResolvers { + export interface Resolvers { + activePage?: ActivePageResolver; + + fakeTotalCount?: FakeTotalCountResolver; + + showMorePagesIndicator?: ShowMorePagesIndicatorResolver; } - export type EveResolver< - R = Maybe, - Parent = SuricataEcsFields, + export type ActivePageResolver< + R = number, + Parent = PageInfoPaginated, + TContext = SiemContext + > = Resolver; + export type FakeTotalCountResolver< + R = number, + Parent = PageInfoPaginated, + TContext = SiemContext + > = Resolver; + export type ShowMorePagesIndicatorResolver< + R = boolean, + Parent = PageInfoPaginated, TContext = SiemContext > = Resolver; } -export namespace SuricataEveDataResolvers { - export interface Resolvers { - alert?: AlertResolver, TypeParent, TContext>; +export namespace FirstLastSeenHostResolvers { + export interface Resolvers { + inspect?: InspectResolver, TypeParent, TContext>; - flow_id?: FlowIdResolver, TypeParent, TContext>; + firstSeen?: FirstSeenResolver, TypeParent, TContext>; - proto?: ProtoResolver, TypeParent, TContext>; + lastSeen?: LastSeenResolver, TypeParent, TContext>; } - export type AlertResolver< - R = Maybe, - Parent = SuricataEveData, + export type InspectResolver< + R = Maybe, + Parent = FirstLastSeenHost, TContext = SiemContext > = Resolver; - export type FlowIdResolver< - R = Maybe, - Parent = SuricataEveData, + export type FirstSeenResolver< + R = Maybe, + Parent = FirstLastSeenHost, TContext = SiemContext > = Resolver; - export type ProtoResolver< - R = Maybe, - Parent = SuricataEveData, + export type LastSeenResolver< + R = Maybe, + Parent = FirstLastSeenHost, TContext = SiemContext > = Resolver; } -export namespace SuricataAlertDataResolvers { - export interface Resolvers { - signature?: SignatureResolver, TypeParent, TContext>; +export namespace TimelineResultResolvers { + export interface Resolvers { + columns?: ColumnsResolver, TypeParent, TContext>; + + created?: CreatedResolver, TypeParent, TContext>; + + createdBy?: CreatedByResolver, TypeParent, TContext>; + + dataProviders?: DataProvidersResolver, TypeParent, TContext>; + + dateRange?: DateRangeResolver, TypeParent, TContext>; + + description?: DescriptionResolver, TypeParent, TContext>; - signature_id?: SignatureIdResolver, TypeParent, TContext>; - } + eventIdToNoteIds?: EventIdToNoteIdsResolver, TypeParent, TContext>; - export type SignatureResolver< - R = Maybe, - Parent = SuricataAlertData, - TContext = SiemContext - > = Resolver; - export type SignatureIdResolver< - R = Maybe, - Parent = SuricataAlertData, - TContext = SiemContext - > = Resolver; -} + eventType?: EventTypeResolver, TypeParent, TContext>; -export namespace TlsEcsFieldsResolvers { - export interface Resolvers { - client_certificate?: ClientCertificateResolver< - Maybe, + excludedRowRendererIds?: ExcludedRowRendererIdsResolver< + Maybe, TypeParent, TContext >; - fingerprints?: FingerprintsResolver, TypeParent, TContext>; + favorite?: FavoriteResolver, TypeParent, TContext>; - server_certificate?: ServerCertificateResolver< - Maybe, + filters?: FiltersResolver, TypeParent, TContext>; + + kqlMode?: KqlModeResolver, TypeParent, TContext>; + + kqlQuery?: KqlQueryResolver, TypeParent, TContext>; + + indexNames?: IndexNamesResolver, TypeParent, TContext>; + + notes?: NotesResolver, TypeParent, TContext>; + + noteIds?: NoteIdsResolver, TypeParent, TContext>; + + pinnedEventIds?: PinnedEventIdsResolver, TypeParent, TContext>; + + pinnedEventsSaveObject?: PinnedEventsSaveObjectResolver< + Maybe, TypeParent, TContext >; + + savedQueryId?: SavedQueryIdResolver, TypeParent, TContext>; + + savedObjectId?: SavedObjectIdResolver; + + sort?: SortResolver, TypeParent, TContext>; + + status?: StatusResolver, TypeParent, TContext>; + + title?: TitleResolver, TypeParent, TContext>; + + templateTimelineId?: TemplateTimelineIdResolver, TypeParent, TContext>; + + templateTimelineVersion?: TemplateTimelineVersionResolver, TypeParent, TContext>; + + timelineType?: TimelineTypeResolver, TypeParent, TContext>; + + updated?: UpdatedResolver, TypeParent, TContext>; + + updatedBy?: UpdatedByResolver, TypeParent, TContext>; + + version?: VersionResolver; } - export type ClientCertificateResolver< - R = Maybe, - Parent = TlsEcsFields, + export type ColumnsResolver< + R = Maybe, + Parent = TimelineResult, TContext = SiemContext > = Resolver; - export type FingerprintsResolver< - R = Maybe, - Parent = TlsEcsFields, + export type CreatedResolver< + R = Maybe, + Parent = TimelineResult, TContext = SiemContext > = Resolver; - export type ServerCertificateResolver< - R = Maybe, - Parent = TlsEcsFields, + export type CreatedByResolver< + R = Maybe, + Parent = TimelineResult, TContext = SiemContext > = Resolver; -} - -export namespace TlsClientCertificateDataResolvers { - export interface Resolvers { - fingerprint?: FingerprintResolver, TypeParent, TContext>; - } - - export type FingerprintResolver< - R = Maybe, - Parent = TlsClientCertificateData, + export type DataProvidersResolver< + R = Maybe, + Parent = TimelineResult, TContext = SiemContext > = Resolver; -} - -export namespace FingerprintDataResolvers { - export interface Resolvers { - sha1?: Sha1Resolver, TypeParent, TContext>; - } - - export type Sha1Resolver< - R = Maybe, - Parent = FingerprintData, + export type DateRangeResolver< + R = Maybe, + Parent = TimelineResult, TContext = SiemContext > = Resolver; -} - -export namespace TlsFingerprintsDataResolvers { - export interface Resolvers { - ja3?: Ja3Resolver, TypeParent, TContext>; - } - - export type Ja3Resolver< - R = Maybe, - Parent = TlsFingerprintsData, + export type DescriptionResolver< + R = Maybe, + Parent = TimelineResult, TContext = SiemContext > = Resolver; -} - -export namespace TlsJa3DataResolvers { - export interface Resolvers { - hash?: HashResolver, TypeParent, TContext>; - } - - export type HashResolver< - R = Maybe, - Parent = TlsJa3Data, + export type EventIdToNoteIdsResolver< + R = Maybe, + Parent = TimelineResult, TContext = SiemContext > = Resolver; -} - -export namespace TlsServerCertificateDataResolvers { - export interface Resolvers { - fingerprint?: FingerprintResolver, TypeParent, TContext>; - } - - export type FingerprintResolver< - R = Maybe, - Parent = TlsServerCertificateData, + export type EventTypeResolver< + R = Maybe, + Parent = TimelineResult, TContext = SiemContext > = Resolver; -} - -export namespace ZeekEcsFieldsResolvers { - export interface Resolvers { - session_id?: SessionIdResolver, TypeParent, TContext>; - - connection?: ConnectionResolver, TypeParent, TContext>; - - notice?: NoticeResolver, TypeParent, TContext>; - - dns?: DnsResolver, TypeParent, TContext>; - - http?: HttpResolver, TypeParent, TContext>; - - files?: FilesResolver, TypeParent, TContext>; - - ssl?: SslResolver, TypeParent, TContext>; - } - - export type SessionIdResolver< - R = Maybe, - Parent = ZeekEcsFields, + export type ExcludedRowRendererIdsResolver< + R = Maybe, + Parent = TimelineResult, TContext = SiemContext > = Resolver; - export type ConnectionResolver< - R = Maybe, - Parent = ZeekEcsFields, + export type FavoriteResolver< + R = Maybe, + Parent = TimelineResult, TContext = SiemContext > = Resolver; - export type NoticeResolver< - R = Maybe, - Parent = ZeekEcsFields, + export type FiltersResolver< + R = Maybe, + Parent = TimelineResult, TContext = SiemContext > = Resolver; - export type DnsResolver< - R = Maybe, - Parent = ZeekEcsFields, + export type KqlModeResolver< + R = Maybe, + Parent = TimelineResult, TContext = SiemContext > = Resolver; - export type HttpResolver< - R = Maybe, - Parent = ZeekEcsFields, + export type KqlQueryResolver< + R = Maybe, + Parent = TimelineResult, TContext = SiemContext > = Resolver; - export type FilesResolver< - R = Maybe, - Parent = ZeekEcsFields, + export type IndexNamesResolver< + R = Maybe, + Parent = TimelineResult, TContext = SiemContext > = Resolver; - export type SslResolver< - R = Maybe, - Parent = ZeekEcsFields, + export type NotesResolver< + R = Maybe, + Parent = TimelineResult, TContext = SiemContext > = Resolver; -} - -export namespace ZeekConnectionDataResolvers { - export interface Resolvers { - local_resp?: LocalRespResolver, TypeParent, TContext>; - - local_orig?: LocalOrigResolver, TypeParent, TContext>; - - missed_bytes?: MissedBytesResolver, TypeParent, TContext>; - - state?: StateResolver, TypeParent, TContext>; - - history?: HistoryResolver, TypeParent, TContext>; - } - - export type LocalRespResolver< - R = Maybe, - Parent = ZeekConnectionData, + export type NoteIdsResolver< + R = Maybe, + Parent = TimelineResult, TContext = SiemContext > = Resolver; - export type LocalOrigResolver< - R = Maybe, - Parent = ZeekConnectionData, + export type PinnedEventIdsResolver< + R = Maybe, + Parent = TimelineResult, TContext = SiemContext > = Resolver; - export type MissedBytesResolver< - R = Maybe, - Parent = ZeekConnectionData, + export type PinnedEventsSaveObjectResolver< + R = Maybe, + Parent = TimelineResult, TContext = SiemContext > = Resolver; - export type StateResolver< - R = Maybe, - Parent = ZeekConnectionData, + export type SavedQueryIdResolver< + R = Maybe, + Parent = TimelineResult, + TContext = SiemContext + > = Resolver; + export type SavedObjectIdResolver< + R = string, + Parent = TimelineResult, + TContext = SiemContext + > = Resolver; + export type SortResolver< + R = Maybe, + Parent = TimelineResult, TContext = SiemContext > = Resolver; - export type HistoryResolver< - R = Maybe, - Parent = ZeekConnectionData, + export type StatusResolver< + R = Maybe, + Parent = TimelineResult, TContext = SiemContext > = Resolver; -} - -export namespace ZeekNoticeDataResolvers { - export interface Resolvers { - suppress_for?: SuppressForResolver, TypeParent, TContext>; - - msg?: MsgResolver, TypeParent, TContext>; - - note?: NoteResolver, TypeParent, TContext>; - - sub?: SubResolver, TypeParent, TContext>; - - dst?: DstResolver, TypeParent, TContext>; - - dropped?: DroppedResolver, TypeParent, TContext>; - - peer_descr?: PeerDescrResolver, TypeParent, TContext>; - } - - export type SuppressForResolver< - R = Maybe, - Parent = ZeekNoticeData, + export type TitleResolver< + R = Maybe, + Parent = TimelineResult, TContext = SiemContext > = Resolver; - export type MsgResolver< - R = Maybe, - Parent = ZeekNoticeData, + export type TemplateTimelineIdResolver< + R = Maybe, + Parent = TimelineResult, TContext = SiemContext > = Resolver; - export type NoteResolver< - R = Maybe, - Parent = ZeekNoticeData, + export type TemplateTimelineVersionResolver< + R = Maybe, + Parent = TimelineResult, TContext = SiemContext > = Resolver; - export type SubResolver< - R = Maybe, - Parent = ZeekNoticeData, + export type TimelineTypeResolver< + R = Maybe, + Parent = TimelineResult, TContext = SiemContext > = Resolver; - export type DstResolver< - R = Maybe, - Parent = ZeekNoticeData, + export type UpdatedResolver< + R = Maybe, + Parent = TimelineResult, TContext = SiemContext > = Resolver; - export type DroppedResolver< - R = Maybe, - Parent = ZeekNoticeData, + export type UpdatedByResolver< + R = Maybe, + Parent = TimelineResult, TContext = SiemContext > = Resolver; - export type PeerDescrResolver< - R = Maybe, - Parent = ZeekNoticeData, + export type VersionResolver< + R = string, + Parent = TimelineResult, TContext = SiemContext > = Resolver; } -export namespace ZeekDnsDataResolvers { - export interface Resolvers { - AA?: AaResolver, TypeParent, TContext>; +export namespace ColumnHeaderResultResolvers { + export interface Resolvers { + aggregatable?: AggregatableResolver, TypeParent, TContext>; - qclass_name?: QclassNameResolver, TypeParent, TContext>; + category?: CategoryResolver, TypeParent, TContext>; - RD?: RdResolver, TypeParent, TContext>; + columnHeaderType?: ColumnHeaderTypeResolver, TypeParent, TContext>; - qtype_name?: QtypeNameResolver, TypeParent, TContext>; + description?: DescriptionResolver, TypeParent, TContext>; - rejected?: RejectedResolver, TypeParent, TContext>; + example?: ExampleResolver, TypeParent, TContext>; - qtype?: QtypeResolver, TypeParent, TContext>; + indexes?: IndexesResolver, TypeParent, TContext>; - query?: QueryResolver, TypeParent, TContext>; + id?: IdResolver, TypeParent, TContext>; - trans_id?: TransIdResolver, TypeParent, TContext>; + name?: NameResolver, TypeParent, TContext>; - qclass?: QclassResolver, TypeParent, TContext>; + placeholder?: PlaceholderResolver, TypeParent, TContext>; - RA?: RaResolver, TypeParent, TContext>; + searchable?: SearchableResolver, TypeParent, TContext>; - TC?: TcResolver, TypeParent, TContext>; + type?: TypeResolver, TypeParent, TContext>; } - export type AaResolver< - R = Maybe, - Parent = ZeekDnsData, + export type AggregatableResolver< + R = Maybe, + Parent = ColumnHeaderResult, TContext = SiemContext > = Resolver; - export type QclassNameResolver< - R = Maybe, - Parent = ZeekDnsData, + export type CategoryResolver< + R = Maybe, + Parent = ColumnHeaderResult, TContext = SiemContext > = Resolver; - export type RdResolver< - R = Maybe, - Parent = ZeekDnsData, + export type ColumnHeaderTypeResolver< + R = Maybe, + Parent = ColumnHeaderResult, TContext = SiemContext > = Resolver; - export type QtypeNameResolver< - R = Maybe, - Parent = ZeekDnsData, + export type DescriptionResolver< + R = Maybe, + Parent = ColumnHeaderResult, TContext = SiemContext > = Resolver; - export type RejectedResolver< - R = Maybe, - Parent = ZeekDnsData, + export type ExampleResolver< + R = Maybe, + Parent = ColumnHeaderResult, TContext = SiemContext > = Resolver; - export type QtypeResolver< - R = Maybe, - Parent = ZeekDnsData, + export type IndexesResolver< + R = Maybe, + Parent = ColumnHeaderResult, TContext = SiemContext > = Resolver; - export type QueryResolver< - R = Maybe, - Parent = ZeekDnsData, + export type IdResolver< + R = Maybe, + Parent = ColumnHeaderResult, TContext = SiemContext > = Resolver; - export type TransIdResolver< - R = Maybe, - Parent = ZeekDnsData, + export type NameResolver< + R = Maybe, + Parent = ColumnHeaderResult, TContext = SiemContext > = Resolver; - export type QclassResolver< - R = Maybe, - Parent = ZeekDnsData, + export type PlaceholderResolver< + R = Maybe, + Parent = ColumnHeaderResult, TContext = SiemContext > = Resolver; - export type RaResolver< - R = Maybe, - Parent = ZeekDnsData, + export type SearchableResolver< + R = Maybe, + Parent = ColumnHeaderResult, TContext = SiemContext > = Resolver; - export type TcResolver< - R = Maybe, - Parent = ZeekDnsData, + export type TypeResolver< + R = Maybe, + Parent = ColumnHeaderResult, TContext = SiemContext > = Resolver; } -export namespace ZeekHttpDataResolvers { - export interface Resolvers { - resp_mime_types?: RespMimeTypesResolver, TypeParent, TContext>; +export namespace DataProviderResultResolvers { + export interface Resolvers { + id?: IdResolver, TypeParent, TContext>; - trans_depth?: TransDepthResolver, TypeParent, TContext>; + name?: NameResolver, TypeParent, TContext>; - status_msg?: StatusMsgResolver, TypeParent, TContext>; + enabled?: EnabledResolver, TypeParent, TContext>; - resp_fuids?: RespFuidsResolver, TypeParent, TContext>; + excluded?: ExcludedResolver, TypeParent, TContext>; - tags?: TagsResolver, TypeParent, TContext>; + kqlQuery?: KqlQueryResolver, TypeParent, TContext>; + + queryMatch?: QueryMatchResolver, TypeParent, TContext>; + + type?: TypeResolver, TypeParent, TContext>; + + and?: AndResolver, TypeParent, TContext>; } - export type RespMimeTypesResolver< - R = Maybe, - Parent = ZeekHttpData, + export type IdResolver< + R = Maybe, + Parent = DataProviderResult, TContext = SiemContext > = Resolver; - export type TransDepthResolver< - R = Maybe, - Parent = ZeekHttpData, + export type NameResolver< + R = Maybe, + Parent = DataProviderResult, TContext = SiemContext > = Resolver; - export type StatusMsgResolver< - R = Maybe, - Parent = ZeekHttpData, + export type EnabledResolver< + R = Maybe, + Parent = DataProviderResult, TContext = SiemContext > = Resolver; - export type RespFuidsResolver< - R = Maybe, - Parent = ZeekHttpData, + export type ExcludedResolver< + R = Maybe, + Parent = DataProviderResult, TContext = SiemContext > = Resolver; - export type TagsResolver< - R = Maybe, - Parent = ZeekHttpData, + export type KqlQueryResolver< + R = Maybe, + Parent = DataProviderResult, + TContext = SiemContext + > = Resolver; + export type QueryMatchResolver< + R = Maybe, + Parent = DataProviderResult, + TContext = SiemContext + > = Resolver; + export type TypeResolver< + R = Maybe, + Parent = DataProviderResult, + TContext = SiemContext + > = Resolver; + export type AndResolver< + R = Maybe, + Parent = DataProviderResult, TContext = SiemContext > = Resolver; } -export namespace ZeekFileDataResolvers { - export interface Resolvers { - session_ids?: SessionIdsResolver, TypeParent, TContext>; - - timedout?: TimedoutResolver, TypeParent, TContext>; - - local_orig?: LocalOrigResolver, TypeParent, TContext>; - - tx_host?: TxHostResolver, TypeParent, TContext>; - - source?: SourceResolver, TypeParent, TContext>; - - is_orig?: IsOrigResolver, TypeParent, TContext>; - - overflow_bytes?: OverflowBytesResolver, TypeParent, TContext>; - - sha1?: Sha1Resolver, TypeParent, TContext>; - - duration?: DurationResolver, TypeParent, TContext>; - - depth?: DepthResolver, TypeParent, TContext>; - - analyzers?: AnalyzersResolver, TypeParent, TContext>; - - mime_type?: MimeTypeResolver, TypeParent, TContext>; - - rx_host?: RxHostResolver, TypeParent, TContext>; - - total_bytes?: TotalBytesResolver, TypeParent, TContext>; +export namespace QueryMatchResultResolvers { + export interface Resolvers { + field?: FieldResolver, TypeParent, TContext>; - fuid?: FuidResolver, TypeParent, TContext>; + displayField?: DisplayFieldResolver, TypeParent, TContext>; - seen_bytes?: SeenBytesResolver, TypeParent, TContext>; + value?: ValueResolver, TypeParent, TContext>; - missing_bytes?: MissingBytesResolver, TypeParent, TContext>; + displayValue?: DisplayValueResolver, TypeParent, TContext>; - md5?: Md5Resolver, TypeParent, TContext>; + operator?: OperatorResolver, TypeParent, TContext>; } - export type SessionIdsResolver< - R = Maybe, - Parent = ZeekFileData, - TContext = SiemContext - > = Resolver; - export type TimedoutResolver< - R = Maybe, - Parent = ZeekFileData, + export type FieldResolver< + R = Maybe, + Parent = QueryMatchResult, TContext = SiemContext > = Resolver; - export type LocalOrigResolver< - R = Maybe, - Parent = ZeekFileData, + export type DisplayFieldResolver< + R = Maybe, + Parent = QueryMatchResult, TContext = SiemContext > = Resolver; - export type TxHostResolver< - R = Maybe, - Parent = ZeekFileData, + export type ValueResolver< + R = Maybe, + Parent = QueryMatchResult, TContext = SiemContext > = Resolver; - export type SourceResolver< - R = Maybe, - Parent = ZeekFileData, + export type DisplayValueResolver< + R = Maybe, + Parent = QueryMatchResult, TContext = SiemContext > = Resolver; - export type IsOrigResolver< - R = Maybe, - Parent = ZeekFileData, + export type OperatorResolver< + R = Maybe, + Parent = QueryMatchResult, TContext = SiemContext > = Resolver; - export type OverflowBytesResolver< - R = Maybe, - Parent = ZeekFileData, +} + +export namespace DateRangePickerResultResolvers { + export interface Resolvers { + start?: StartResolver, TypeParent, TContext>; + + end?: EndResolver, TypeParent, TContext>; + } + + export type StartResolver< + R = Maybe, + Parent = DateRangePickerResult, TContext = SiemContext > = Resolver; - export type Sha1Resolver< - R = Maybe, - Parent = ZeekFileData, + export type EndResolver< + R = Maybe, + Parent = DateRangePickerResult, TContext = SiemContext > = Resolver; - export type DurationResolver< - R = Maybe, - Parent = ZeekFileData, +} + +export namespace FavoriteTimelineResultResolvers { + export interface Resolvers { + fullName?: FullNameResolver, TypeParent, TContext>; + + userName?: UserNameResolver, TypeParent, TContext>; + + favoriteDate?: FavoriteDateResolver, TypeParent, TContext>; + } + + export type FullNameResolver< + R = Maybe, + Parent = FavoriteTimelineResult, TContext = SiemContext > = Resolver; - export type DepthResolver< - R = Maybe, - Parent = ZeekFileData, + export type UserNameResolver< + R = Maybe, + Parent = FavoriteTimelineResult, TContext = SiemContext > = Resolver; - export type AnalyzersResolver< - R = Maybe, - Parent = ZeekFileData, + export type FavoriteDateResolver< + R = Maybe, + Parent = FavoriteTimelineResult, TContext = SiemContext > = Resolver; - export type MimeTypeResolver< - R = Maybe, - Parent = ZeekFileData, +} + +export namespace FilterTimelineResultResolvers { + export interface Resolvers { + exists?: ExistsResolver, TypeParent, TContext>; + + meta?: MetaResolver, TypeParent, TContext>; + + match_all?: MatchAllResolver, TypeParent, TContext>; + + missing?: MissingResolver, TypeParent, TContext>; + + query?: QueryResolver, TypeParent, TContext>; + + range?: RangeResolver, TypeParent, TContext>; + + script?: ScriptResolver, TypeParent, TContext>; + } + + export type ExistsResolver< + R = Maybe, + Parent = FilterTimelineResult, TContext = SiemContext > = Resolver; - export type RxHostResolver< - R = Maybe, - Parent = ZeekFileData, + export type MetaResolver< + R = Maybe, + Parent = FilterTimelineResult, TContext = SiemContext > = Resolver; - export type TotalBytesResolver< - R = Maybe, - Parent = ZeekFileData, + export type MatchAllResolver< + R = Maybe, + Parent = FilterTimelineResult, TContext = SiemContext > = Resolver; - export type FuidResolver< - R = Maybe, - Parent = ZeekFileData, + export type MissingResolver< + R = Maybe, + Parent = FilterTimelineResult, TContext = SiemContext > = Resolver; - export type SeenBytesResolver< - R = Maybe, - Parent = ZeekFileData, + export type QueryResolver< + R = Maybe, + Parent = FilterTimelineResult, TContext = SiemContext > = Resolver; - export type MissingBytesResolver< - R = Maybe, - Parent = ZeekFileData, + export type RangeResolver< + R = Maybe, + Parent = FilterTimelineResult, TContext = SiemContext > = Resolver; - export type Md5Resolver< - R = Maybe, - Parent = ZeekFileData, + export type ScriptResolver< + R = Maybe, + Parent = FilterTimelineResult, TContext = SiemContext > = Resolver; } -export namespace ZeekSslDataResolvers { - export interface Resolvers { - cipher?: CipherResolver, TypeParent, TContext>; +export namespace FilterMetaTimelineResultResolvers { + export interface Resolvers { + alias?: AliasResolver, TypeParent, TContext>; - established?: EstablishedResolver, TypeParent, TContext>; + controlledBy?: ControlledByResolver, TypeParent, TContext>; - resumed?: ResumedResolver, TypeParent, TContext>; + disabled?: DisabledResolver, TypeParent, TContext>; - version?: VersionResolver, TypeParent, TContext>; + field?: FieldResolver, TypeParent, TContext>; + + formattedValue?: FormattedValueResolver, TypeParent, TContext>; + + index?: IndexResolver, TypeParent, TContext>; + + key?: KeyResolver, TypeParent, TContext>; + + negate?: NegateResolver, TypeParent, TContext>; + + params?: ParamsResolver, TypeParent, TContext>; + + type?: TypeResolver, TypeParent, TContext>; + + value?: ValueResolver, TypeParent, TContext>; } - export type CipherResolver< - R = Maybe, - Parent = ZeekSslData, + export type AliasResolver< + R = Maybe, + Parent = FilterMetaTimelineResult, TContext = SiemContext > = Resolver; - export type EstablishedResolver< - R = Maybe, - Parent = ZeekSslData, + export type ControlledByResolver< + R = Maybe, + Parent = FilterMetaTimelineResult, TContext = SiemContext > = Resolver; - export type ResumedResolver< - R = Maybe, - Parent = ZeekSslData, + export type DisabledResolver< + R = Maybe, + Parent = FilterMetaTimelineResult, TContext = SiemContext > = Resolver; - export type VersionResolver< - R = Maybe, - Parent = ZeekSslData, + export type FieldResolver< + R = Maybe, + Parent = FilterMetaTimelineResult, TContext = SiemContext > = Resolver; -} - -export namespace HttpEcsFieldsResolvers { - export interface Resolvers { - version?: VersionResolver, TypeParent, TContext>; - - request?: RequestResolver, TypeParent, TContext>; - - response?: ResponseResolver, TypeParent, TContext>; - } - - export type VersionResolver< - R = Maybe, - Parent = HttpEcsFields, + export type FormattedValueResolver< + R = Maybe, + Parent = FilterMetaTimelineResult, TContext = SiemContext > = Resolver; - export type RequestResolver< - R = Maybe, - Parent = HttpEcsFields, + export type IndexResolver< + R = Maybe, + Parent = FilterMetaTimelineResult, TContext = SiemContext > = Resolver; - export type ResponseResolver< - R = Maybe, - Parent = HttpEcsFields, + export type KeyResolver< + R = Maybe, + Parent = FilterMetaTimelineResult, TContext = SiemContext > = Resolver; -} - -export namespace HttpRequestDataResolvers { - export interface Resolvers { - method?: MethodResolver, TypeParent, TContext>; - - body?: BodyResolver, TypeParent, TContext>; - - referrer?: ReferrerResolver, TypeParent, TContext>; - - bytes?: BytesResolver, TypeParent, TContext>; - } - - export type MethodResolver< - R = Maybe, - Parent = HttpRequestData, + export type NegateResolver< + R = Maybe, + Parent = FilterMetaTimelineResult, TContext = SiemContext > = Resolver; - export type BodyResolver< - R = Maybe, - Parent = HttpRequestData, + export type ParamsResolver< + R = Maybe, + Parent = FilterMetaTimelineResult, TContext = SiemContext > = Resolver; - export type ReferrerResolver< - R = Maybe, - Parent = HttpRequestData, + export type TypeResolver< + R = Maybe, + Parent = FilterMetaTimelineResult, TContext = SiemContext > = Resolver; - export type BytesResolver< - R = Maybe, - Parent = HttpRequestData, + export type ValueResolver< + R = Maybe, + Parent = FilterMetaTimelineResult, TContext = SiemContext > = Resolver; } -export namespace HttpBodyDataResolvers { - export interface Resolvers { - content?: ContentResolver, TypeParent, TContext>; - - bytes?: BytesResolver, TypeParent, TContext>; +export namespace SerializedFilterQueryResultResolvers { + export interface Resolvers { + filterQuery?: FilterQueryResolver, TypeParent, TContext>; } - export type ContentResolver< - R = Maybe, - Parent = HttpBodyData, - TContext = SiemContext - > = Resolver; - export type BytesResolver< - R = Maybe, - Parent = HttpBodyData, + export type FilterQueryResolver< + R = Maybe, + Parent = SerializedFilterQueryResult, TContext = SiemContext > = Resolver; } -export namespace HttpResponseDataResolvers { - export interface Resolvers { - status_code?: StatusCodeResolver, TypeParent, TContext>; - - body?: BodyResolver, TypeParent, TContext>; +export namespace SerializedKueryQueryResultResolvers { + export interface Resolvers { + kuery?: KueryResolver, TypeParent, TContext>; - bytes?: BytesResolver, TypeParent, TContext>; + serializedQuery?: SerializedQueryResolver, TypeParent, TContext>; } - export type StatusCodeResolver< - R = Maybe, - Parent = HttpResponseData, - TContext = SiemContext - > = Resolver; - export type BodyResolver< - R = Maybe, - Parent = HttpResponseData, + export type KueryResolver< + R = Maybe, + Parent = SerializedKueryQueryResult, TContext = SiemContext > = Resolver; - export type BytesResolver< - R = Maybe, - Parent = HttpResponseData, + export type SerializedQueryResolver< + R = Maybe, + Parent = SerializedKueryQueryResult, TContext = SiemContext > = Resolver; } -export namespace UrlEcsFieldsResolvers { - export interface Resolvers { - domain?: DomainResolver, TypeParent, TContext>; - - original?: OriginalResolver, TypeParent, TContext>; - - username?: UsernameResolver, TypeParent, TContext>; +export namespace KueryFilterQueryResultResolvers { + export interface Resolvers { + kind?: KindResolver, TypeParent, TContext>; - password?: PasswordResolver, TypeParent, TContext>; + expression?: ExpressionResolver, TypeParent, TContext>; } - export type DomainResolver< - R = Maybe, - Parent = UrlEcsFields, - TContext = SiemContext - > = Resolver; - export type OriginalResolver< - R = Maybe, - Parent = UrlEcsFields, - TContext = SiemContext - > = Resolver; - export type UsernameResolver< - R = Maybe, - Parent = UrlEcsFields, + export type KindResolver< + R = Maybe, + Parent = KueryFilterQueryResult, TContext = SiemContext > = Resolver; - export type PasswordResolver< - R = Maybe, - Parent = UrlEcsFields, + export type ExpressionResolver< + R = Maybe, + Parent = KueryFilterQueryResult, TContext = SiemContext > = Resolver; } -export namespace WinlogEcsFieldsResolvers { - export interface Resolvers { - event_id?: EventIdResolver, TypeParent, TContext>; +export namespace SortTimelineResultResolvers { + export interface Resolvers { + columnId?: ColumnIdResolver, TypeParent, TContext>; + + sortDirection?: SortDirectionResolver, TypeParent, TContext>; } - export type EventIdResolver< - R = Maybe, - Parent = WinlogEcsFields, + export type ColumnIdResolver< + R = Maybe, + Parent = SortTimelineResult, + TContext = SiemContext + > = Resolver; + export type SortDirectionResolver< + R = Maybe, + Parent = SortTimelineResult, TContext = SiemContext > = Resolver; } -export namespace ProcessEcsFieldsResolvers { - export interface Resolvers { - hash?: HashResolver, TypeParent, TContext>; - - pid?: PidResolver, TypeParent, TContext>; - - name?: NameResolver, TypeParent, TContext>; - - ppid?: PpidResolver, TypeParent, TContext>; +export namespace ResponseTimelinesResolvers { + export interface Resolvers { + timeline?: TimelineResolver<(Maybe)[], TypeParent, TContext>; - args?: ArgsResolver, TypeParent, TContext>; + totalCount?: TotalCountResolver, TypeParent, TContext>; - entity_id?: EntityIdResolver, TypeParent, TContext>; + defaultTimelineCount?: DefaultTimelineCountResolver, TypeParent, TContext>; - executable?: ExecutableResolver, TypeParent, TContext>; + templateTimelineCount?: TemplateTimelineCountResolver, TypeParent, TContext>; - title?: TitleResolver, TypeParent, TContext>; + elasticTemplateTimelineCount?: ElasticTemplateTimelineCountResolver< + Maybe, + TypeParent, + TContext + >; - thread?: ThreadResolver, TypeParent, TContext>; + customTemplateTimelineCount?: CustomTemplateTimelineCountResolver< + Maybe, + TypeParent, + TContext + >; - working_directory?: WorkingDirectoryResolver, TypeParent, TContext>; + favoriteCount?: FavoriteCountResolver, TypeParent, TContext>; } - export type HashResolver< - R = Maybe, - Parent = ProcessEcsFields, - TContext = SiemContext - > = Resolver; - export type PidResolver< - R = Maybe, - Parent = ProcessEcsFields, - TContext = SiemContext - > = Resolver; - export type NameResolver< - R = Maybe, - Parent = ProcessEcsFields, - TContext = SiemContext - > = Resolver; - export type PpidResolver< - R = Maybe, - Parent = ProcessEcsFields, + export type TimelineResolver< + R = (Maybe)[], + Parent = ResponseTimelines, TContext = SiemContext > = Resolver; - export type ArgsResolver< - R = Maybe, - Parent = ProcessEcsFields, + export type TotalCountResolver< + R = Maybe, + Parent = ResponseTimelines, TContext = SiemContext > = Resolver; - export type EntityIdResolver< - R = Maybe, - Parent = ProcessEcsFields, + export type DefaultTimelineCountResolver< + R = Maybe, + Parent = ResponseTimelines, TContext = SiemContext > = Resolver; - export type ExecutableResolver< - R = Maybe, - Parent = ProcessEcsFields, + export type TemplateTimelineCountResolver< + R = Maybe, + Parent = ResponseTimelines, TContext = SiemContext > = Resolver; - export type TitleResolver< - R = Maybe, - Parent = ProcessEcsFields, + export type ElasticTemplateTimelineCountResolver< + R = Maybe, + Parent = ResponseTimelines, TContext = SiemContext > = Resolver; - export type ThreadResolver< - R = Maybe, - Parent = ProcessEcsFields, + export type CustomTemplateTimelineCountResolver< + R = Maybe, + Parent = ResponseTimelines, TContext = SiemContext > = Resolver; - export type WorkingDirectoryResolver< - R = Maybe, - Parent = ProcessEcsFields, + export type FavoriteCountResolver< + R = Maybe, + Parent = ResponseTimelines, TContext = SiemContext > = Resolver; } -export namespace ProcessHashDataResolvers { - export interface Resolvers { - md5?: Md5Resolver, TypeParent, TContext>; +export namespace MutationResolvers { + export interface Resolvers { + /** Persists a note */ + persistNote?: PersistNoteResolver; - sha1?: Sha1Resolver, TypeParent, TContext>; + deleteNote?: DeleteNoteResolver, TypeParent, TContext>; - sha256?: Sha256Resolver, TypeParent, TContext>; + deleteNoteByTimelineId?: DeleteNoteByTimelineIdResolver, TypeParent, TContext>; + /** Persists a pinned event in a timeline */ + persistPinnedEventOnTimeline?: PersistPinnedEventOnTimelineResolver< + Maybe, + TypeParent, + TContext + >; + /** Remove a pinned events in a timeline */ + deletePinnedEventOnTimeline?: DeletePinnedEventOnTimelineResolver< + boolean, + TypeParent, + TContext + >; + /** Remove all pinned events in a timeline */ + deleteAllPinnedEventsOnTimeline?: DeleteAllPinnedEventsOnTimelineResolver< + boolean, + TypeParent, + TContext + >; + /** Persists a timeline */ + persistTimeline?: PersistTimelineResolver; + + persistFavorite?: PersistFavoriteResolver; + + deleteTimeline?: DeleteTimelineResolver; } - export type Md5Resolver< - R = Maybe, - Parent = ProcessHashData, - TContext = SiemContext - > = Resolver; - export type Sha1Resolver< - R = Maybe, - Parent = ProcessHashData, - TContext = SiemContext - > = Resolver; - export type Sha256Resolver< - R = Maybe, - Parent = ProcessHashData, - TContext = SiemContext - > = Resolver; -} + export type PersistNoteResolver = Resolver< + R, + Parent, + TContext, + PersistNoteArgs + >; + export interface PersistNoteArgs { + noteId?: Maybe; -export namespace ThreadResolvers { - export interface Resolvers { - id?: IdResolver, TypeParent, TContext>; + version?: Maybe; - start?: StartResolver, TypeParent, TContext>; + note: NoteInput; } - export type IdResolver< - R = Maybe, - Parent = Thread, - TContext = SiemContext - > = Resolver; - export type StartResolver< - R = Maybe, - Parent = Thread, + export type DeleteNoteResolver< + R = Maybe, + Parent = {}, TContext = SiemContext - > = Resolver; -} + > = Resolver; + export interface DeleteNoteArgs { + id: string[]; + } -export namespace FileFieldsResolvers { - export interface Resolvers { - name?: NameResolver, TypeParent, TContext>; + export type DeleteNoteByTimelineIdResolver< + R = Maybe, + Parent = {}, + TContext = SiemContext + > = Resolver; + export interface DeleteNoteByTimelineIdArgs { + timelineId: string; - path?: PathResolver, TypeParent, TContext>; + version?: Maybe; + } - target_path?: TargetPathResolver, TypeParent, TContext>; + export type PersistPinnedEventOnTimelineResolver< + R = Maybe, + Parent = {}, + TContext = SiemContext + > = Resolver; + export interface PersistPinnedEventOnTimelineArgs { + pinnedEventId?: Maybe; - extension?: ExtensionResolver, TypeParent, TContext>; + eventId: string; - type?: TypeResolver, TypeParent, TContext>; + timelineId?: Maybe; + } - device?: DeviceResolver, TypeParent, TContext>; + export type DeletePinnedEventOnTimelineResolver< + R = boolean, + Parent = {}, + TContext = SiemContext + > = Resolver; + export interface DeletePinnedEventOnTimelineArgs { + id: string[]; + } - inode?: InodeResolver, TypeParent, TContext>; + export type DeleteAllPinnedEventsOnTimelineResolver< + R = boolean, + Parent = {}, + TContext = SiemContext + > = Resolver; + export interface DeleteAllPinnedEventsOnTimelineArgs { + timelineId: string; + } - uid?: UidResolver, TypeParent, TContext>; + export type PersistTimelineResolver< + R = ResponseTimeline, + Parent = {}, + TContext = SiemContext + > = Resolver; + export interface PersistTimelineArgs { + id?: Maybe; - owner?: OwnerResolver, TypeParent, TContext>; + version?: Maybe; - gid?: GidResolver, TypeParent, TContext>; + timeline: TimelineInput; + } - group?: GroupResolver, TypeParent, TContext>; + export type PersistFavoriteResolver< + R = ResponseFavoriteTimeline, + Parent = {}, + TContext = SiemContext + > = Resolver; + export interface PersistFavoriteArgs { + timelineId?: Maybe; + } - mode?: ModeResolver, TypeParent, TContext>; + export type DeleteTimelineResolver = Resolver< + R, + Parent, + TContext, + DeleteTimelineArgs + >; + export interface DeleteTimelineArgs { + id: string[]; + } +} - size?: SizeResolver, TypeParent, TContext>; +export namespace ResponseNoteResolvers { + export interface Resolvers { + code?: CodeResolver, TypeParent, TContext>; - mtime?: MtimeResolver, TypeParent, TContext>; + message?: MessageResolver, TypeParent, TContext>; - ctime?: CtimeResolver, TypeParent, TContext>; + note?: NoteResolver; } - export type NameResolver< - R = Maybe, - Parent = FileFields, - TContext = SiemContext - > = Resolver; - export type PathResolver< - R = Maybe, - Parent = FileFields, - TContext = SiemContext - > = Resolver; - export type TargetPathResolver< - R = Maybe, - Parent = FileFields, - TContext = SiemContext - > = Resolver; - export type ExtensionResolver< - R = Maybe, - Parent = FileFields, - TContext = SiemContext - > = Resolver; - export type TypeResolver< - R = Maybe, - Parent = FileFields, + export type CodeResolver< + R = Maybe, + Parent = ResponseNote, TContext = SiemContext > = Resolver; - export type DeviceResolver< - R = Maybe, - Parent = FileFields, + export type MessageResolver< + R = Maybe, + Parent = ResponseNote, TContext = SiemContext > = Resolver; - export type InodeResolver< - R = Maybe, - Parent = FileFields, + export type NoteResolver< + R = NoteResult, + Parent = ResponseNote, TContext = SiemContext > = Resolver; - export type UidResolver< - R = Maybe, - Parent = FileFields, +} + +export namespace ResponseTimelineResolvers { + export interface Resolvers { + code?: CodeResolver, TypeParent, TContext>; + + message?: MessageResolver, TypeParent, TContext>; + + timeline?: TimelineResolver; + } + + export type CodeResolver< + R = Maybe, + Parent = ResponseTimeline, TContext = SiemContext > = Resolver; - export type OwnerResolver< - R = Maybe, - Parent = FileFields, + export type MessageResolver< + R = Maybe, + Parent = ResponseTimeline, TContext = SiemContext > = Resolver; - export type GidResolver< - R = Maybe, - Parent = FileFields, + export type TimelineResolver< + R = TimelineResult, + Parent = ResponseTimeline, TContext = SiemContext > = Resolver; - export type GroupResolver< - R = Maybe, - Parent = FileFields, +} + +export namespace ResponseFavoriteTimelineResolvers { + export interface Resolvers { + code?: CodeResolver, TypeParent, TContext>; + + message?: MessageResolver, TypeParent, TContext>; + + savedObjectId?: SavedObjectIdResolver; + + version?: VersionResolver; + + favorite?: FavoriteResolver, TypeParent, TContext>; + } + + export type CodeResolver< + R = Maybe, + Parent = ResponseFavoriteTimeline, TContext = SiemContext > = Resolver; - export type ModeResolver< - R = Maybe, - Parent = FileFields, + export type MessageResolver< + R = Maybe, + Parent = ResponseFavoriteTimeline, TContext = SiemContext > = Resolver; - export type SizeResolver< - R = Maybe, - Parent = FileFields, + export type SavedObjectIdResolver< + R = string, + Parent = ResponseFavoriteTimeline, TContext = SiemContext > = Resolver; - export type MtimeResolver< - R = Maybe, - Parent = FileFields, + export type VersionResolver< + R = string, + Parent = ResponseFavoriteTimeline, TContext = SiemContext > = Resolver; - export type CtimeResolver< - R = Maybe, - Parent = FileFields, + export type FavoriteResolver< + R = Maybe, + Parent = ResponseFavoriteTimeline, TContext = SiemContext > = Resolver; } -export namespace SystemEcsFieldResolvers { - export interface Resolvers { - audit?: AuditResolver, TypeParent, TContext>; +export namespace EventEcsFieldsResolvers { + export interface Resolvers { + action?: ActionResolver, TypeParent, TContext>; - auth?: AuthResolver, TypeParent, TContext>; - } + category?: CategoryResolver, TypeParent, TContext>; - export type AuditResolver< - R = Maybe, - Parent = SystemEcsField, - TContext = SiemContext - > = Resolver; - export type AuthResolver< - R = Maybe, - Parent = SystemEcsField, - TContext = SiemContext - > = Resolver; -} + code?: CodeResolver, TypeParent, TContext>; + + created?: CreatedResolver, TypeParent, TContext>; + + dataset?: DatasetResolver, TypeParent, TContext>; + + duration?: DurationResolver, TypeParent, TContext>; + + end?: EndResolver, TypeParent, TContext>; + + hash?: HashResolver, TypeParent, TContext>; -export namespace AuditEcsFieldsResolvers { - export interface Resolvers { - package?: PackageResolver, TypeParent, TContext>; - } + id?: IdResolver, TypeParent, TContext>; - export type PackageResolver< - R = Maybe, - Parent = AuditEcsFields, - TContext = SiemContext - > = Resolver; -} + kind?: KindResolver, TypeParent, TContext>; -export namespace PackageEcsFieldsResolvers { - export interface Resolvers { - arch?: ArchResolver, TypeParent, TContext>; + module?: ModuleResolver, TypeParent, TContext>; - entity_id?: EntityIdResolver, TypeParent, TContext>; + original?: OriginalResolver, TypeParent, TContext>; - name?: NameResolver, TypeParent, TContext>; + outcome?: OutcomeResolver, TypeParent, TContext>; - size?: SizeResolver, TypeParent, TContext>; + risk_score?: RiskScoreResolver, TypeParent, TContext>; - summary?: SummaryResolver, TypeParent, TContext>; + risk_score_norm?: RiskScoreNormResolver, TypeParent, TContext>; - version?: VersionResolver, TypeParent, TContext>; + severity?: SeverityResolver, TypeParent, TContext>; + + start?: StartResolver, TypeParent, TContext>; + + timezone?: TimezoneResolver, TypeParent, TContext>; + + type?: TypeResolver, TypeParent, TContext>; } - export type ArchResolver< + export type ActionResolver< R = Maybe, - Parent = PackageEcsFields, + Parent = EventEcsFields, TContext = SiemContext > = Resolver; - export type EntityIdResolver< + export type CategoryResolver< R = Maybe, - Parent = PackageEcsFields, + Parent = EventEcsFields, TContext = SiemContext > = Resolver; - export type NameResolver< + export type CodeResolver< R = Maybe, - Parent = PackageEcsFields, + Parent = EventEcsFields, TContext = SiemContext > = Resolver; - export type SizeResolver< + export type CreatedResolver< + R = Maybe, + Parent = EventEcsFields, + TContext = SiemContext + > = Resolver; + export type DatasetResolver< + R = Maybe, + Parent = EventEcsFields, + TContext = SiemContext + > = Resolver; + export type DurationResolver< R = Maybe, - Parent = PackageEcsFields, + Parent = EventEcsFields, TContext = SiemContext > = Resolver; - export type SummaryResolver< + export type EndResolver< R = Maybe, - Parent = PackageEcsFields, + Parent = EventEcsFields, TContext = SiemContext > = Resolver; - export type VersionResolver< + export type HashResolver< R = Maybe, - Parent = PackageEcsFields, + Parent = EventEcsFields, TContext = SiemContext > = Resolver; -} - -export namespace AuthEcsFieldsResolvers { - export interface Resolvers { - ssh?: SshResolver, TypeParent, TContext>; - } - - export type SshResolver< - R = Maybe, - Parent = AuthEcsFields, + export type IdResolver< + R = Maybe, + Parent = EventEcsFields, TContext = SiemContext > = Resolver; -} - -export namespace SshEcsFieldsResolvers { - export interface Resolvers { - method?: MethodResolver, TypeParent, TContext>; - - signature?: SignatureResolver, TypeParent, TContext>; - } - - export type MethodResolver< + export type KindResolver< R = Maybe, - Parent = SshEcsFields, + Parent = EventEcsFields, TContext = SiemContext > = Resolver; - export type SignatureResolver< + export type ModuleResolver< R = Maybe, - Parent = SshEcsFields, + Parent = EventEcsFields, TContext = SiemContext > = Resolver; -} - -export namespace PageInfoResolvers { - export interface Resolvers { - endCursor?: EndCursorResolver, TypeParent, TContext>; - - hasNextPage?: HasNextPageResolver, TypeParent, TContext>; - } - - export type EndCursorResolver< - R = Maybe, - Parent = PageInfo, + export type OriginalResolver< + R = Maybe, + Parent = EventEcsFields, TContext = SiemContext > = Resolver; - export type HasNextPageResolver< - R = Maybe, - Parent = PageInfo, + export type OutcomeResolver< + R = Maybe, + Parent = EventEcsFields, TContext = SiemContext > = Resolver; -} - -export namespace TimelineDetailsDataResolvers { - export interface Resolvers { - data?: DataResolver, TypeParent, TContext>; - - inspect?: InspectResolver, TypeParent, TContext>; - } - - export type DataResolver< - R = Maybe, - Parent = TimelineDetailsData, + export type RiskScoreResolver< + R = Maybe, + Parent = EventEcsFields, TContext = SiemContext > = Resolver; - export type InspectResolver< - R = Maybe, - Parent = TimelineDetailsData, + export type RiskScoreNormResolver< + R = Maybe, + Parent = EventEcsFields, TContext = SiemContext > = Resolver; -} - -export namespace DetailItemResolvers { - export interface Resolvers { - field?: FieldResolver; - - values?: ValuesResolver, TypeParent, TContext>; - - originalValue?: OriginalValueResolver, TypeParent, TContext>; - } - - export type FieldResolver = Resolver< - R, - Parent, - TContext - >; - export type ValuesResolver< + export type SeverityResolver< + R = Maybe, + Parent = EventEcsFields, + TContext = SiemContext + > = Resolver; + export type StartResolver< + R = Maybe, + Parent = EventEcsFields, + TContext = SiemContext + > = Resolver; + export type TimezoneResolver< R = Maybe, - Parent = DetailItem, + Parent = EventEcsFields, TContext = SiemContext > = Resolver; - export type OriginalValueResolver< - R = Maybe, - Parent = DetailItem, + export type TypeResolver< + R = Maybe, + Parent = EventEcsFields, TContext = SiemContext > = Resolver; } -export namespace LastEventTimeDataResolvers { - export interface Resolvers { - lastSeen?: LastSeenResolver, TypeParent, TContext>; +export namespace LocationResolvers { + export interface Resolvers { + lon?: LonResolver, TypeParent, TContext>; - inspect?: InspectResolver, TypeParent, TContext>; + lat?: LatResolver, TypeParent, TContext>; } - export type LastSeenResolver< - R = Maybe, - Parent = LastEventTimeData, + export type LonResolver< + R = Maybe, + Parent = Location, TContext = SiemContext > = Resolver; - export type InspectResolver< - R = Maybe, - Parent = LastEventTimeData, + export type LatResolver< + R = Maybe, + Parent = Location, TContext = SiemContext > = Resolver; } -export namespace HostsDataResolvers { - export interface Resolvers { - edges?: EdgesResolver; +export namespace GeoEcsFieldsResolvers { + export interface Resolvers { + city_name?: CityNameResolver, TypeParent, TContext>; - totalCount?: TotalCountResolver; + continent_name?: ContinentNameResolver, TypeParent, TContext>; - pageInfo?: PageInfoResolver; + country_iso_code?: CountryIsoCodeResolver, TypeParent, TContext>; - inspect?: InspectResolver, TypeParent, TContext>; + country_name?: CountryNameResolver, TypeParent, TContext>; + + location?: LocationResolver, TypeParent, TContext>; + + region_iso_code?: RegionIsoCodeResolver, TypeParent, TContext>; + + region_name?: RegionNameResolver, TypeParent, TContext>; } - export type EdgesResolver< - R = HostsEdges[], - Parent = HostsData, + export type CityNameResolver< + R = Maybe, + Parent = GeoEcsFields, TContext = SiemContext > = Resolver; - export type TotalCountResolver = Resolver< - R, - Parent, - TContext - >; - export type PageInfoResolver< - R = PageInfoPaginated, - Parent = HostsData, + export type ContinentNameResolver< + R = Maybe, + Parent = GeoEcsFields, TContext = SiemContext > = Resolver; - export type InspectResolver< - R = Maybe, - Parent = HostsData, + export type CountryIsoCodeResolver< + R = Maybe, + Parent = GeoEcsFields, TContext = SiemContext > = Resolver; -} - -export namespace HostsEdgesResolvers { - export interface Resolvers { - node?: NodeResolver; - - cursor?: CursorResolver; - } - - export type NodeResolver = Resolver< - R, - Parent, - TContext - >; - export type CursorResolver< - R = CursorType, - Parent = HostsEdges, + export type CountryNameResolver< + R = Maybe, + Parent = GeoEcsFields, TContext = SiemContext > = Resolver; -} - -export namespace HostItemResolvers { - export interface Resolvers { - _id?: _IdResolver, TypeParent, TContext>; - - cloud?: CloudResolver, TypeParent, TContext>; - - endpoint?: EndpointResolver, TypeParent, TContext>; + export type LocationResolver< + R = Maybe, + Parent = GeoEcsFields, + TContext = SiemContext + > = Resolver; + export type RegionIsoCodeResolver< + R = Maybe, + Parent = GeoEcsFields, + TContext = SiemContext + > = Resolver; + export type RegionNameResolver< + R = Maybe, + Parent = GeoEcsFields, + TContext = SiemContext + > = Resolver; +} - host?: HostResolver, TypeParent, TContext>; +export namespace PrimarySecondaryResolvers { + export interface Resolvers { + primary?: PrimaryResolver, TypeParent, TContext>; - inspect?: InspectResolver, TypeParent, TContext>; + secondary?: SecondaryResolver, TypeParent, TContext>; - lastSeen?: LastSeenResolver, TypeParent, TContext>; + type?: TypeResolver, TypeParent, TContext>; } - export type _IdResolver, Parent = HostItem, TContext = SiemContext> = Resolver< - R, - Parent, - TContext - >; - export type CloudResolver< - R = Maybe, - Parent = HostItem, - TContext = SiemContext - > = Resolver; - export type EndpointResolver< - R = Maybe, - Parent = HostItem, - TContext = SiemContext - > = Resolver; - export type HostResolver< - R = Maybe, - Parent = HostItem, + export type PrimaryResolver< + R = Maybe, + Parent = PrimarySecondary, TContext = SiemContext > = Resolver; - export type InspectResolver< - R = Maybe, - Parent = HostItem, + export type SecondaryResolver< + R = Maybe, + Parent = PrimarySecondary, TContext = SiemContext > = Resolver; - export type LastSeenResolver< - R = Maybe, - Parent = HostItem, + export type TypeResolver< + R = Maybe, + Parent = PrimarySecondary, TContext = SiemContext > = Resolver; } -export namespace CloudFieldsResolvers { - export interface Resolvers { - instance?: InstanceResolver, TypeParent, TContext>; +export namespace SummaryResolvers { + export interface Resolvers { + actor?: ActorResolver, TypeParent, TContext>; - machine?: MachineResolver, TypeParent, TContext>; + object?: ObjectResolver, TypeParent, TContext>; - provider?: ProviderResolver)[]>, TypeParent, TContext>; + how?: HowResolver, TypeParent, TContext>; - region?: RegionResolver)[]>, TypeParent, TContext>; + message_type?: MessageTypeResolver, TypeParent, TContext>; + + sequence?: SequenceResolver, TypeParent, TContext>; } - export type InstanceResolver< - R = Maybe, - Parent = CloudFields, + export type ActorResolver< + R = Maybe, + Parent = Summary, TContext = SiemContext > = Resolver; - export type MachineResolver< - R = Maybe, - Parent = CloudFields, + export type ObjectResolver< + R = Maybe, + Parent = Summary, TContext = SiemContext > = Resolver; - export type ProviderResolver< - R = Maybe<(Maybe)[]>, - Parent = CloudFields, + export type HowResolver< + R = Maybe, + Parent = Summary, TContext = SiemContext > = Resolver; - export type RegionResolver< - R = Maybe<(Maybe)[]>, - Parent = CloudFields, + export type MessageTypeResolver< + R = Maybe, + Parent = Summary, TContext = SiemContext > = Resolver; -} - -export namespace CloudInstanceResolvers { - export interface Resolvers { - id?: IdResolver)[]>, TypeParent, TContext>; - } - - export type IdResolver< - R = Maybe<(Maybe)[]>, - Parent = CloudInstance, + export type SequenceResolver< + R = Maybe, + Parent = Summary, TContext = SiemContext > = Resolver; } -export namespace CloudMachineResolvers { - export interface Resolvers { - type?: TypeResolver)[]>, TypeParent, TContext>; +export namespace AgentEcsFieldResolvers { + export interface Resolvers { + type?: TypeResolver, TypeParent, TContext>; } export type TypeResolver< - R = Maybe<(Maybe)[]>, - Parent = CloudMachine, - TContext = SiemContext - > = Resolver; -} - -export namespace EndpointFieldsResolvers { - export interface Resolvers { - endpointPolicy?: EndpointPolicyResolver, TypeParent, TContext>; - - sensorVersion?: SensorVersionResolver, TypeParent, TContext>; - - policyStatus?: PolicyStatusResolver< - Maybe, - TypeParent, - TContext - >; - } - - export type EndpointPolicyResolver< - R = Maybe, - Parent = EndpointFields, - TContext = SiemContext - > = Resolver; - export type SensorVersionResolver< - R = Maybe, - Parent = EndpointFields, - TContext = SiemContext - > = Resolver; - export type PolicyStatusResolver< - R = Maybe, - Parent = EndpointFields, + R = Maybe, + Parent = AgentEcsField, TContext = SiemContext > = Resolver; } -export namespace FirstLastSeenHostResolvers { - export interface Resolvers { - inspect?: InspectResolver, TypeParent, TContext>; +export namespace AuditdDataResolvers { + export interface Resolvers { + acct?: AcctResolver, TypeParent, TContext>; - firstSeen?: FirstSeenResolver, TypeParent, TContext>; + terminal?: TerminalResolver, TypeParent, TContext>; - lastSeen?: LastSeenResolver, TypeParent, TContext>; + op?: OpResolver, TypeParent, TContext>; } - export type InspectResolver< - R = Maybe, - Parent = FirstLastSeenHost, + export type AcctResolver< + R = Maybe, + Parent = AuditdData, TContext = SiemContext > = Resolver; - export type FirstSeenResolver< - R = Maybe, - Parent = FirstLastSeenHost, + export type TerminalResolver< + R = Maybe, + Parent = AuditdData, TContext = SiemContext > = Resolver; - export type LastSeenResolver< - R = Maybe, - Parent = FirstLastSeenHost, + export type OpResolver< + R = Maybe, + Parent = AuditdData, TContext = SiemContext > = Resolver; } -export namespace KpiNetworkDataResolvers { - export interface Resolvers { - networkEvents?: NetworkEventsResolver, TypeParent, TContext>; - - uniqueFlowId?: UniqueFlowIdResolver, TypeParent, TContext>; - - uniqueSourcePrivateIps?: UniqueSourcePrivateIpsResolver, TypeParent, TContext>; - - uniqueSourcePrivateIpsHistogram?: UniqueSourcePrivateIpsHistogramResolver< - Maybe, - TypeParent, - TContext - >; - - uniqueDestinationPrivateIps?: UniqueDestinationPrivateIpsResolver< - Maybe, - TypeParent, - TContext - >; +export namespace AuditdEcsFieldsResolvers { + export interface Resolvers { + result?: ResultResolver, TypeParent, TContext>; - uniqueDestinationPrivateIpsHistogram?: UniqueDestinationPrivateIpsHistogramResolver< - Maybe, - TypeParent, - TContext - >; + session?: SessionResolver, TypeParent, TContext>; - dnsQueries?: DnsQueriesResolver, TypeParent, TContext>; + data?: DataResolver, TypeParent, TContext>; - tlsHandshakes?: TlsHandshakesResolver, TypeParent, TContext>; + summary?: SummaryResolver, TypeParent, TContext>; - inspect?: InspectResolver, TypeParent, TContext>; + sequence?: SequenceResolver, TypeParent, TContext>; } - export type NetworkEventsResolver< - R = Maybe, - Parent = KpiNetworkData, - TContext = SiemContext - > = Resolver; - export type UniqueFlowIdResolver< - R = Maybe, - Parent = KpiNetworkData, - TContext = SiemContext - > = Resolver; - export type UniqueSourcePrivateIpsResolver< - R = Maybe, - Parent = KpiNetworkData, + export type ResultResolver< + R = Maybe, + Parent = AuditdEcsFields, TContext = SiemContext > = Resolver; - export type UniqueSourcePrivateIpsHistogramResolver< - R = Maybe, - Parent = KpiNetworkData, + export type SessionResolver< + R = Maybe, + Parent = AuditdEcsFields, TContext = SiemContext > = Resolver; - export type UniqueDestinationPrivateIpsResolver< - R = Maybe, - Parent = KpiNetworkData, + export type DataResolver< + R = Maybe, + Parent = AuditdEcsFields, TContext = SiemContext > = Resolver; - export type UniqueDestinationPrivateIpsHistogramResolver< - R = Maybe, - Parent = KpiNetworkData, + export type SummaryResolver< + R = Maybe, + Parent = AuditdEcsFields, TContext = SiemContext > = Resolver; - export type DnsQueriesResolver< - R = Maybe, - Parent = KpiNetworkData, + export type SequenceResolver< + R = Maybe, + Parent = AuditdEcsFields, TContext = SiemContext > = Resolver; - export type TlsHandshakesResolver< - R = Maybe, - Parent = KpiNetworkData, +} + +export namespace ThreadResolvers { + export interface Resolvers { + id?: IdResolver, TypeParent, TContext>; + + start?: StartResolver, TypeParent, TContext>; + } + + export type IdResolver< + R = Maybe, + Parent = Thread, TContext = SiemContext > = Resolver; - export type InspectResolver< - R = Maybe, - Parent = KpiNetworkData, + export type StartResolver< + R = Maybe, + Parent = Thread, TContext = SiemContext > = Resolver; } -export namespace KpiNetworkHistogramDataResolvers { - export interface Resolvers { - x?: XResolver, TypeParent, TContext>; +export namespace ProcessHashDataResolvers { + export interface Resolvers { + md5?: Md5Resolver, TypeParent, TContext>; + + sha1?: Sha1Resolver, TypeParent, TContext>; - y?: YResolver, TypeParent, TContext>; + sha256?: Sha256Resolver, TypeParent, TContext>; } - export type XResolver< - R = Maybe, - Parent = KpiNetworkHistogramData, + export type Md5Resolver< + R = Maybe, + Parent = ProcessHashData, TContext = SiemContext > = Resolver; - export type YResolver< - R = Maybe, - Parent = KpiNetworkHistogramData, + export type Sha1Resolver< + R = Maybe, + Parent = ProcessHashData, + TContext = SiemContext + > = Resolver; + export type Sha256Resolver< + R = Maybe, + Parent = ProcessHashData, TContext = SiemContext > = Resolver; } -export namespace KpiHostsDataResolvers { - export interface Resolvers { - hosts?: HostsResolver, TypeParent, TContext>; - - hostsHistogram?: HostsHistogramResolver, TypeParent, TContext>; +export namespace ProcessEcsFieldsResolvers { + export interface Resolvers { + hash?: HashResolver, TypeParent, TContext>; - authSuccess?: AuthSuccessResolver, TypeParent, TContext>; + pid?: PidResolver, TypeParent, TContext>; - authSuccessHistogram?: AuthSuccessHistogramResolver< - Maybe, - TypeParent, - TContext - >; + name?: NameResolver, TypeParent, TContext>; - authFailure?: AuthFailureResolver, TypeParent, TContext>; + ppid?: PpidResolver, TypeParent, TContext>; - authFailureHistogram?: AuthFailureHistogramResolver< - Maybe, - TypeParent, - TContext - >; + args?: ArgsResolver, TypeParent, TContext>; - uniqueSourceIps?: UniqueSourceIpsResolver, TypeParent, TContext>; + entity_id?: EntityIdResolver, TypeParent, TContext>; - uniqueSourceIpsHistogram?: UniqueSourceIpsHistogramResolver< - Maybe, - TypeParent, - TContext - >; + executable?: ExecutableResolver, TypeParent, TContext>; - uniqueDestinationIps?: UniqueDestinationIpsResolver, TypeParent, TContext>; + title?: TitleResolver, TypeParent, TContext>; - uniqueDestinationIpsHistogram?: UniqueDestinationIpsHistogramResolver< - Maybe, - TypeParent, - TContext - >; + thread?: ThreadResolver, TypeParent, TContext>; - inspect?: InspectResolver, TypeParent, TContext>; + working_directory?: WorkingDirectoryResolver, TypeParent, TContext>; } - export type HostsResolver< - R = Maybe, - Parent = KpiHostsData, - TContext = SiemContext - > = Resolver; - export type HostsHistogramResolver< - R = Maybe, - Parent = KpiHostsData, + export type HashResolver< + R = Maybe, + Parent = ProcessEcsFields, TContext = SiemContext > = Resolver; - export type AuthSuccessResolver< - R = Maybe, - Parent = KpiHostsData, + export type PidResolver< + R = Maybe, + Parent = ProcessEcsFields, TContext = SiemContext > = Resolver; - export type AuthSuccessHistogramResolver< - R = Maybe, - Parent = KpiHostsData, + export type NameResolver< + R = Maybe, + Parent = ProcessEcsFields, TContext = SiemContext > = Resolver; - export type AuthFailureResolver< - R = Maybe, - Parent = KpiHostsData, + export type PpidResolver< + R = Maybe, + Parent = ProcessEcsFields, TContext = SiemContext > = Resolver; - export type AuthFailureHistogramResolver< - R = Maybe, - Parent = KpiHostsData, + export type ArgsResolver< + R = Maybe, + Parent = ProcessEcsFields, TContext = SiemContext > = Resolver; - export type UniqueSourceIpsResolver< - R = Maybe, - Parent = KpiHostsData, + export type EntityIdResolver< + R = Maybe, + Parent = ProcessEcsFields, TContext = SiemContext > = Resolver; - export type UniqueSourceIpsHistogramResolver< - R = Maybe, - Parent = KpiHostsData, + export type ExecutableResolver< + R = Maybe, + Parent = ProcessEcsFields, TContext = SiemContext > = Resolver; - export type UniqueDestinationIpsResolver< - R = Maybe, - Parent = KpiHostsData, + export type TitleResolver< + R = Maybe, + Parent = ProcessEcsFields, TContext = SiemContext > = Resolver; - export type UniqueDestinationIpsHistogramResolver< - R = Maybe, - Parent = KpiHostsData, + export type ThreadResolver< + R = Maybe, + Parent = ProcessEcsFields, TContext = SiemContext > = Resolver; - export type InspectResolver< - R = Maybe, - Parent = KpiHostsData, + export type WorkingDirectoryResolver< + R = Maybe, + Parent = ProcessEcsFields, TContext = SiemContext > = Resolver; } -export namespace KpiHostHistogramDataResolvers { - export interface Resolvers { - x?: XResolver, TypeParent, TContext>; +export namespace SourceEcsFieldsResolvers { + export interface Resolvers { + bytes?: BytesResolver, TypeParent, TContext>; + + ip?: IpResolver, TypeParent, TContext>; + + port?: PortResolver, TypeParent, TContext>; + + domain?: DomainResolver, TypeParent, TContext>; + + geo?: GeoResolver, TypeParent, TContext>; - y?: YResolver, TypeParent, TContext>; + packets?: PacketsResolver, TypeParent, TContext>; } - export type XResolver< - R = Maybe, - Parent = KpiHostHistogramData, + export type BytesResolver< + R = Maybe, + Parent = SourceEcsFields, TContext = SiemContext > = Resolver; - export type YResolver< - R = Maybe, - Parent = KpiHostHistogramData, + export type IpResolver< + R = Maybe, + Parent = SourceEcsFields, + TContext = SiemContext + > = Resolver; + export type PortResolver< + R = Maybe, + Parent = SourceEcsFields, + TContext = SiemContext + > = Resolver; + export type DomainResolver< + R = Maybe, + Parent = SourceEcsFields, + TContext = SiemContext + > = Resolver; + export type GeoResolver< + R = Maybe, + Parent = SourceEcsFields, + TContext = SiemContext + > = Resolver; + export type PacketsResolver< + R = Maybe, + Parent = SourceEcsFields, TContext = SiemContext > = Resolver; } -export namespace KpiHostDetailsDataResolvers { - export interface Resolvers { - authSuccess?: AuthSuccessResolver, TypeParent, TContext>; - - authSuccessHistogram?: AuthSuccessHistogramResolver< - Maybe, - TypeParent, - TContext - >; - - authFailure?: AuthFailureResolver, TypeParent, TContext>; - - authFailureHistogram?: AuthFailureHistogramResolver< - Maybe, - TypeParent, - TContext - >; +export namespace DestinationEcsFieldsResolvers { + export interface Resolvers { + bytes?: BytesResolver, TypeParent, TContext>; - uniqueSourceIps?: UniqueSourceIpsResolver, TypeParent, TContext>; + ip?: IpResolver, TypeParent, TContext>; - uniqueSourceIpsHistogram?: UniqueSourceIpsHistogramResolver< - Maybe, - TypeParent, - TContext - >; + port?: PortResolver, TypeParent, TContext>; - uniqueDestinationIps?: UniqueDestinationIpsResolver, TypeParent, TContext>; + domain?: DomainResolver, TypeParent, TContext>; - uniqueDestinationIpsHistogram?: UniqueDestinationIpsHistogramResolver< - Maybe, - TypeParent, - TContext - >; + geo?: GeoResolver, TypeParent, TContext>; - inspect?: InspectResolver, TypeParent, TContext>; + packets?: PacketsResolver, TypeParent, TContext>; } - export type AuthSuccessResolver< - R = Maybe, - Parent = KpiHostDetailsData, - TContext = SiemContext - > = Resolver; - export type AuthSuccessHistogramResolver< - R = Maybe, - Parent = KpiHostDetailsData, - TContext = SiemContext - > = Resolver; - export type AuthFailureResolver< - R = Maybe, - Parent = KpiHostDetailsData, - TContext = SiemContext - > = Resolver; - export type AuthFailureHistogramResolver< - R = Maybe, - Parent = KpiHostDetailsData, + export type BytesResolver< + R = Maybe, + Parent = DestinationEcsFields, TContext = SiemContext > = Resolver; - export type UniqueSourceIpsResolver< - R = Maybe, - Parent = KpiHostDetailsData, + export type IpResolver< + R = Maybe, + Parent = DestinationEcsFields, TContext = SiemContext > = Resolver; - export type UniqueSourceIpsHistogramResolver< - R = Maybe, - Parent = KpiHostDetailsData, + export type PortResolver< + R = Maybe, + Parent = DestinationEcsFields, TContext = SiemContext > = Resolver; - export type UniqueDestinationIpsResolver< - R = Maybe, - Parent = KpiHostDetailsData, + export type DomainResolver< + R = Maybe, + Parent = DestinationEcsFields, TContext = SiemContext > = Resolver; - export type UniqueDestinationIpsHistogramResolver< - R = Maybe, - Parent = KpiHostDetailsData, + export type GeoResolver< + R = Maybe, + Parent = DestinationEcsFields, TContext = SiemContext > = Resolver; - export type InspectResolver< - R = Maybe, - Parent = KpiHostDetailsData, + export type PacketsResolver< + R = Maybe, + Parent = DestinationEcsFields, TContext = SiemContext > = Resolver; } -export namespace MatrixHistogramOverTimeDataResolvers { - export interface Resolvers { - inspect?: InspectResolver, TypeParent, TContext>; - - matrixHistogramData?: MatrixHistogramDataResolver< - MatrixOverTimeHistogramData[], - TypeParent, - TContext - >; +export namespace DnsQuestionDataResolvers { + export interface Resolvers { + name?: NameResolver, TypeParent, TContext>; - totalCount?: TotalCountResolver; + type?: TypeResolver, TypeParent, TContext>; } - export type InspectResolver< - R = Maybe, - Parent = MatrixHistogramOverTimeData, - TContext = SiemContext - > = Resolver; - export type MatrixHistogramDataResolver< - R = MatrixOverTimeHistogramData[], - Parent = MatrixHistogramOverTimeData, + export type NameResolver< + R = Maybe, + Parent = DnsQuestionData, TContext = SiemContext > = Resolver; - export type TotalCountResolver< - R = number, - Parent = MatrixHistogramOverTimeData, + export type TypeResolver< + R = Maybe, + Parent = DnsQuestionData, TContext = SiemContext > = Resolver; } -export namespace MatrixOverTimeHistogramDataResolvers { - export interface Resolvers { - x?: XResolver, TypeParent, TContext>; +export namespace DnsEcsFieldsResolvers { + export interface Resolvers { + question?: QuestionResolver, TypeParent, TContext>; - y?: YResolver, TypeParent, TContext>; + resolved_ip?: ResolvedIpResolver, TypeParent, TContext>; - g?: GResolver, TypeParent, TContext>; + response_code?: ResponseCodeResolver, TypeParent, TContext>; } - export type XResolver< - R = Maybe, - Parent = MatrixOverTimeHistogramData, + export type QuestionResolver< + R = Maybe, + Parent = DnsEcsFields, TContext = SiemContext > = Resolver; - export type YResolver< - R = Maybe, - Parent = MatrixOverTimeHistogramData, + export type ResolvedIpResolver< + R = Maybe, + Parent = DnsEcsFields, TContext = SiemContext > = Resolver; - export type GResolver< - R = Maybe, - Parent = MatrixOverTimeHistogramData, + export type ResponseCodeResolver< + R = Maybe, + Parent = DnsEcsFields, TContext = SiemContext > = Resolver; } -export namespace NetworkTopCountriesDataResolvers { - export interface Resolvers { - edges?: EdgesResolver; +export namespace EndgameEcsFieldsResolvers { + export interface Resolvers { + exit_code?: ExitCodeResolver, TypeParent, TContext>; - totalCount?: TotalCountResolver; + file_name?: FileNameResolver, TypeParent, TContext>; - pageInfo?: PageInfoResolver; + file_path?: FilePathResolver, TypeParent, TContext>; - inspect?: InspectResolver, TypeParent, TContext>; + logon_type?: LogonTypeResolver, TypeParent, TContext>; + + parent_process_name?: ParentProcessNameResolver, TypeParent, TContext>; + + pid?: PidResolver, TypeParent, TContext>; + + process_name?: ProcessNameResolver, TypeParent, TContext>; + + subject_domain_name?: SubjectDomainNameResolver, TypeParent, TContext>; + + subject_logon_id?: SubjectLogonIdResolver, TypeParent, TContext>; + + subject_user_name?: SubjectUserNameResolver, TypeParent, TContext>; + + target_domain_name?: TargetDomainNameResolver, TypeParent, TContext>; + + target_logon_id?: TargetLogonIdResolver, TypeParent, TContext>; + + target_user_name?: TargetUserNameResolver, TypeParent, TContext>; } - export type EdgesResolver< - R = NetworkTopCountriesEdges[], - Parent = NetworkTopCountriesData, + export type ExitCodeResolver< + R = Maybe, + Parent = EndgameEcsFields, + TContext = SiemContext + > = Resolver; + export type FileNameResolver< + R = Maybe, + Parent = EndgameEcsFields, + TContext = SiemContext + > = Resolver; + export type FilePathResolver< + R = Maybe, + Parent = EndgameEcsFields, + TContext = SiemContext + > = Resolver; + export type LogonTypeResolver< + R = Maybe, + Parent = EndgameEcsFields, + TContext = SiemContext + > = Resolver; + export type ParentProcessNameResolver< + R = Maybe, + Parent = EndgameEcsFields, + TContext = SiemContext + > = Resolver; + export type PidResolver< + R = Maybe, + Parent = EndgameEcsFields, + TContext = SiemContext + > = Resolver; + export type ProcessNameResolver< + R = Maybe, + Parent = EndgameEcsFields, + TContext = SiemContext + > = Resolver; + export type SubjectDomainNameResolver< + R = Maybe, + Parent = EndgameEcsFields, + TContext = SiemContext + > = Resolver; + export type SubjectLogonIdResolver< + R = Maybe, + Parent = EndgameEcsFields, TContext = SiemContext > = Resolver; - export type TotalCountResolver< - R = number, - Parent = NetworkTopCountriesData, + export type SubjectUserNameResolver< + R = Maybe, + Parent = EndgameEcsFields, TContext = SiemContext > = Resolver; - export type PageInfoResolver< - R = PageInfoPaginated, - Parent = NetworkTopCountriesData, + export type TargetDomainNameResolver< + R = Maybe, + Parent = EndgameEcsFields, TContext = SiemContext > = Resolver; - export type InspectResolver< - R = Maybe, - Parent = NetworkTopCountriesData, + export type TargetLogonIdResolver< + R = Maybe, + Parent = EndgameEcsFields, + TContext = SiemContext + > = Resolver; + export type TargetUserNameResolver< + R = Maybe, + Parent = EndgameEcsFields, TContext = SiemContext > = Resolver; } -export namespace NetworkTopCountriesEdgesResolvers { - export interface Resolvers { - node?: NodeResolver; +export namespace SuricataAlertDataResolvers { + export interface Resolvers { + signature?: SignatureResolver, TypeParent, TContext>; - cursor?: CursorResolver; + signature_id?: SignatureIdResolver, TypeParent, TContext>; } - export type NodeResolver< - R = NetworkTopCountriesItem, - Parent = NetworkTopCountriesEdges, + export type SignatureResolver< + R = Maybe, + Parent = SuricataAlertData, TContext = SiemContext > = Resolver; - export type CursorResolver< - R = CursorType, - Parent = NetworkTopCountriesEdges, + export type SignatureIdResolver< + R = Maybe, + Parent = SuricataAlertData, TContext = SiemContext > = Resolver; } -export namespace NetworkTopCountriesItemResolvers { - export interface Resolvers { - _id?: _IdResolver, TypeParent, TContext>; - - source?: SourceResolver, TypeParent, TContext>; +export namespace SuricataEveDataResolvers { + export interface Resolvers { + alert?: AlertResolver, TypeParent, TContext>; - destination?: DestinationResolver, TypeParent, TContext>; + flow_id?: FlowIdResolver, TypeParent, TContext>; - network?: NetworkResolver, TypeParent, TContext>; + proto?: ProtoResolver, TypeParent, TContext>; } - export type _IdResolver< - R = Maybe, - Parent = NetworkTopCountriesItem, - TContext = SiemContext - > = Resolver; - export type SourceResolver< - R = Maybe, - Parent = NetworkTopCountriesItem, + export type AlertResolver< + R = Maybe, + Parent = SuricataEveData, TContext = SiemContext > = Resolver; - export type DestinationResolver< - R = Maybe, - Parent = NetworkTopCountriesItem, + export type FlowIdResolver< + R = Maybe, + Parent = SuricataEveData, TContext = SiemContext > = Resolver; - export type NetworkResolver< - R = Maybe, - Parent = NetworkTopCountriesItem, + export type ProtoResolver< + R = Maybe, + Parent = SuricataEveData, TContext = SiemContext > = Resolver; } -export namespace TopCountriesItemSourceResolvers { - export interface Resolvers { - country?: CountryResolver, TypeParent, TContext>; - - destination_ips?: DestinationIpsResolver, TypeParent, TContext>; - - flows?: FlowsResolver, TypeParent, TContext>; +export namespace SuricataEcsFieldsResolvers { + export interface Resolvers { + eve?: EveResolver, TypeParent, TContext>; + } - location?: LocationResolver, TypeParent, TContext>; + export type EveResolver< + R = Maybe, + Parent = SuricataEcsFields, + TContext = SiemContext + > = Resolver; +} - source_ips?: SourceIpsResolver, TypeParent, TContext>; +export namespace TlsJa3DataResolvers { + export interface Resolvers { + hash?: HashResolver, TypeParent, TContext>; } - export type CountryResolver< - R = Maybe, - Parent = TopCountriesItemSource, + export type HashResolver< + R = Maybe, + Parent = TlsJa3Data, TContext = SiemContext > = Resolver; - export type DestinationIpsResolver< - R = Maybe, - Parent = TopCountriesItemSource, +} + +export namespace FingerprintDataResolvers { + export interface Resolvers { + sha1?: Sha1Resolver, TypeParent, TContext>; + } + + export type Sha1Resolver< + R = Maybe, + Parent = FingerprintData, TContext = SiemContext > = Resolver; - export type FlowsResolver< - R = Maybe, - Parent = TopCountriesItemSource, +} + +export namespace TlsClientCertificateDataResolvers { + export interface Resolvers { + fingerprint?: FingerprintResolver, TypeParent, TContext>; + } + + export type FingerprintResolver< + R = Maybe, + Parent = TlsClientCertificateData, TContext = SiemContext > = Resolver; - export type LocationResolver< - R = Maybe, - Parent = TopCountriesItemSource, +} + +export namespace TlsServerCertificateDataResolvers { + export interface Resolvers { + fingerprint?: FingerprintResolver, TypeParent, TContext>; + } + + export type FingerprintResolver< + R = Maybe, + Parent = TlsServerCertificateData, TContext = SiemContext > = Resolver; - export type SourceIpsResolver< - R = Maybe, - Parent = TopCountriesItemSource, +} + +export namespace TlsFingerprintsDataResolvers { + export interface Resolvers { + ja3?: Ja3Resolver, TypeParent, TContext>; + } + + export type Ja3Resolver< + R = Maybe, + Parent = TlsFingerprintsData, TContext = SiemContext > = Resolver; } -export namespace GeoItemResolvers { - export interface Resolvers { - geo?: GeoResolver, TypeParent, TContext>; +export namespace TlsEcsFieldsResolvers { + export interface Resolvers { + client_certificate?: ClientCertificateResolver< + Maybe, + TypeParent, + TContext + >; + + fingerprints?: FingerprintsResolver, TypeParent, TContext>; - flowTarget?: FlowTargetResolver, TypeParent, TContext>; + server_certificate?: ServerCertificateResolver< + Maybe, + TypeParent, + TContext + >; } - export type GeoResolver< - R = Maybe, - Parent = GeoItem, + export type ClientCertificateResolver< + R = Maybe, + Parent = TlsEcsFields, + TContext = SiemContext + > = Resolver; + export type FingerprintsResolver< + R = Maybe, + Parent = TlsEcsFields, TContext = SiemContext > = Resolver; - export type FlowTargetResolver< - R = Maybe, - Parent = GeoItem, + export type ServerCertificateResolver< + R = Maybe, + Parent = TlsEcsFields, TContext = SiemContext > = Resolver; } -export namespace TopCountriesItemDestinationResolvers { - export interface Resolvers { - country?: CountryResolver, TypeParent, TContext>; +export namespace ZeekConnectionDataResolvers { + export interface Resolvers { + local_resp?: LocalRespResolver, TypeParent, TContext>; - destination_ips?: DestinationIpsResolver, TypeParent, TContext>; + local_orig?: LocalOrigResolver, TypeParent, TContext>; - flows?: FlowsResolver, TypeParent, TContext>; + missed_bytes?: MissedBytesResolver, TypeParent, TContext>; - location?: LocationResolver, TypeParent, TContext>; + state?: StateResolver, TypeParent, TContext>; - source_ips?: SourceIpsResolver, TypeParent, TContext>; + history?: HistoryResolver, TypeParent, TContext>; } - export type CountryResolver< - R = Maybe, - Parent = TopCountriesItemDestination, + export type LocalRespResolver< + R = Maybe, + Parent = ZeekConnectionData, TContext = SiemContext > = Resolver; - export type DestinationIpsResolver< - R = Maybe, - Parent = TopCountriesItemDestination, + export type LocalOrigResolver< + R = Maybe, + Parent = ZeekConnectionData, TContext = SiemContext > = Resolver; - export type FlowsResolver< - R = Maybe, - Parent = TopCountriesItemDestination, + export type MissedBytesResolver< + R = Maybe, + Parent = ZeekConnectionData, TContext = SiemContext > = Resolver; - export type LocationResolver< - R = Maybe, - Parent = TopCountriesItemDestination, + export type StateResolver< + R = Maybe, + Parent = ZeekConnectionData, TContext = SiemContext > = Resolver; - export type SourceIpsResolver< - R = Maybe, - Parent = TopCountriesItemDestination, + export type HistoryResolver< + R = Maybe, + Parent = ZeekConnectionData, TContext = SiemContext > = Resolver; } -export namespace TopNetworkTablesEcsFieldResolvers { - export interface Resolvers { - bytes_in?: BytesInResolver, TypeParent, TContext>; +export namespace ZeekNoticeDataResolvers { + export interface Resolvers { + suppress_for?: SuppressForResolver, TypeParent, TContext>; - bytes_out?: BytesOutResolver, TypeParent, TContext>; - } + msg?: MsgResolver, TypeParent, TContext>; - export type BytesInResolver< - R = Maybe, - Parent = TopNetworkTablesEcsField, - TContext = SiemContext - > = Resolver; - export type BytesOutResolver< - R = Maybe, - Parent = TopNetworkTablesEcsField, - TContext = SiemContext - > = Resolver; -} + note?: NoteResolver, TypeParent, TContext>; -export namespace NetworkTopNFlowDataResolvers { - export interface Resolvers { - edges?: EdgesResolver; + sub?: SubResolver, TypeParent, TContext>; - totalCount?: TotalCountResolver; + dst?: DstResolver, TypeParent, TContext>; - pageInfo?: PageInfoResolver; + dropped?: DroppedResolver, TypeParent, TContext>; - inspect?: InspectResolver, TypeParent, TContext>; + peer_descr?: PeerDescrResolver, TypeParent, TContext>; } - export type EdgesResolver< - R = NetworkTopNFlowEdges[], - Parent = NetworkTopNFlowData, + export type SuppressForResolver< + R = Maybe, + Parent = ZeekNoticeData, TContext = SiemContext > = Resolver; - export type TotalCountResolver< - R = number, - Parent = NetworkTopNFlowData, + export type MsgResolver< + R = Maybe, + Parent = ZeekNoticeData, TContext = SiemContext > = Resolver; - export type PageInfoResolver< - R = PageInfoPaginated, - Parent = NetworkTopNFlowData, + export type NoteResolver< + R = Maybe, + Parent = ZeekNoticeData, TContext = SiemContext > = Resolver; - export type InspectResolver< - R = Maybe, - Parent = NetworkTopNFlowData, + export type SubResolver< + R = Maybe, + Parent = ZeekNoticeData, TContext = SiemContext > = Resolver; -} - -export namespace NetworkTopNFlowEdgesResolvers { - export interface Resolvers { - node?: NodeResolver; - - cursor?: CursorResolver; - } - - export type NodeResolver< - R = NetworkTopNFlowItem, - Parent = NetworkTopNFlowEdges, + export type DstResolver< + R = Maybe, + Parent = ZeekNoticeData, TContext = SiemContext > = Resolver; - export type CursorResolver< - R = CursorType, - Parent = NetworkTopNFlowEdges, + export type DroppedResolver< + R = Maybe, + Parent = ZeekNoticeData, + TContext = SiemContext + > = Resolver; + export type PeerDescrResolver< + R = Maybe, + Parent = ZeekNoticeData, TContext = SiemContext > = Resolver; } -export namespace NetworkTopNFlowItemResolvers { - export interface Resolvers { - _id?: _IdResolver, TypeParent, TContext>; +export namespace ZeekDnsDataResolvers { + export interface Resolvers { + AA?: AaResolver, TypeParent, TContext>; - source?: SourceResolver, TypeParent, TContext>; + qclass_name?: QclassNameResolver, TypeParent, TContext>; - destination?: DestinationResolver, TypeParent, TContext>; + RD?: RdResolver, TypeParent, TContext>; - network?: NetworkResolver, TypeParent, TContext>; - } + qtype_name?: QtypeNameResolver, TypeParent, TContext>; - export type _IdResolver< - R = Maybe, - Parent = NetworkTopNFlowItem, - TContext = SiemContext - > = Resolver; - export type SourceResolver< - R = Maybe, - Parent = NetworkTopNFlowItem, - TContext = SiemContext - > = Resolver; - export type DestinationResolver< - R = Maybe, - Parent = NetworkTopNFlowItem, - TContext = SiemContext - > = Resolver; - export type NetworkResolver< - R = Maybe, - Parent = NetworkTopNFlowItem, - TContext = SiemContext - > = Resolver; -} + rejected?: RejectedResolver, TypeParent, TContext>; -export namespace TopNFlowItemSourceResolvers { - export interface Resolvers { - autonomous_system?: AutonomousSystemResolver, TypeParent, TContext>; + qtype?: QtypeResolver, TypeParent, TContext>; - domain?: DomainResolver, TypeParent, TContext>; + query?: QueryResolver, TypeParent, TContext>; - ip?: IpResolver, TypeParent, TContext>; + trans_id?: TransIdResolver, TypeParent, TContext>; - location?: LocationResolver, TypeParent, TContext>; + qclass?: QclassResolver, TypeParent, TContext>; - flows?: FlowsResolver, TypeParent, TContext>; + RA?: RaResolver, TypeParent, TContext>; - destination_ips?: DestinationIpsResolver, TypeParent, TContext>; + TC?: TcResolver, TypeParent, TContext>; } - export type AutonomousSystemResolver< - R = Maybe, - Parent = TopNFlowItemSource, + export type AaResolver< + R = Maybe, + Parent = ZeekDnsData, TContext = SiemContext > = Resolver; - export type DomainResolver< - R = Maybe, - Parent = TopNFlowItemSource, + export type QclassNameResolver< + R = Maybe, + Parent = ZeekDnsData, TContext = SiemContext > = Resolver; - export type IpResolver< - R = Maybe, - Parent = TopNFlowItemSource, + export type RdResolver< + R = Maybe, + Parent = ZeekDnsData, TContext = SiemContext > = Resolver; - export type LocationResolver< - R = Maybe, - Parent = TopNFlowItemSource, + export type QtypeNameResolver< + R = Maybe, + Parent = ZeekDnsData, TContext = SiemContext > = Resolver; - export type FlowsResolver< - R = Maybe, - Parent = TopNFlowItemSource, + export type RejectedResolver< + R = Maybe, + Parent = ZeekDnsData, TContext = SiemContext > = Resolver; - export type DestinationIpsResolver< - R = Maybe, - Parent = TopNFlowItemSource, + export type QtypeResolver< + R = Maybe, + Parent = ZeekDnsData, TContext = SiemContext > = Resolver; -} - -export namespace AutonomousSystemItemResolvers { - export interface Resolvers { - name?: NameResolver, TypeParent, TContext>; - - number?: NumberResolver, TypeParent, TContext>; - } - - export type NameResolver< - R = Maybe, - Parent = AutonomousSystemItem, + export type QueryResolver< + R = Maybe, + Parent = ZeekDnsData, TContext = SiemContext > = Resolver; - export type NumberResolver< - R = Maybe, - Parent = AutonomousSystemItem, + export type TransIdResolver< + R = Maybe, + Parent = ZeekDnsData, + TContext = SiemContext + > = Resolver; + export type QclassResolver< + R = Maybe, + Parent = ZeekDnsData, + TContext = SiemContext + > = Resolver; + export type RaResolver< + R = Maybe, + Parent = ZeekDnsData, + TContext = SiemContext + > = Resolver; + export type TcResolver< + R = Maybe, + Parent = ZeekDnsData, TContext = SiemContext > = Resolver; } -export namespace TopNFlowItemDestinationResolvers { - export interface Resolvers { - autonomous_system?: AutonomousSystemResolver, TypeParent, TContext>; +export namespace FileFieldsResolvers { + export interface Resolvers { + name?: NameResolver, TypeParent, TContext>; + + path?: PathResolver, TypeParent, TContext>; + + target_path?: TargetPathResolver, TypeParent, TContext>; + + extension?: ExtensionResolver, TypeParent, TContext>; + + type?: TypeResolver, TypeParent, TContext>; + + device?: DeviceResolver, TypeParent, TContext>; + + inode?: InodeResolver, TypeParent, TContext>; + + uid?: UidResolver, TypeParent, TContext>; + + owner?: OwnerResolver, TypeParent, TContext>; + + gid?: GidResolver, TypeParent, TContext>; - domain?: DomainResolver, TypeParent, TContext>; + group?: GroupResolver, TypeParent, TContext>; - ip?: IpResolver, TypeParent, TContext>; + mode?: ModeResolver, TypeParent, TContext>; - location?: LocationResolver, TypeParent, TContext>; + size?: SizeResolver, TypeParent, TContext>; - flows?: FlowsResolver, TypeParent, TContext>; + mtime?: MtimeResolver, TypeParent, TContext>; - source_ips?: SourceIpsResolver, TypeParent, TContext>; + ctime?: CtimeResolver, TypeParent, TContext>; } - export type AutonomousSystemResolver< - R = Maybe, - Parent = TopNFlowItemDestination, + export type NameResolver< + R = Maybe, + Parent = FileFields, TContext = SiemContext > = Resolver; - export type DomainResolver< - R = Maybe, - Parent = TopNFlowItemDestination, + export type PathResolver< + R = Maybe, + Parent = FileFields, TContext = SiemContext > = Resolver; - export type IpResolver< - R = Maybe, - Parent = TopNFlowItemDestination, + export type TargetPathResolver< + R = Maybe, + Parent = FileFields, TContext = SiemContext > = Resolver; - export type LocationResolver< - R = Maybe, - Parent = TopNFlowItemDestination, + export type ExtensionResolver< + R = Maybe, + Parent = FileFields, TContext = SiemContext > = Resolver; - export type FlowsResolver< - R = Maybe, - Parent = TopNFlowItemDestination, + export type TypeResolver< + R = Maybe, + Parent = FileFields, TContext = SiemContext > = Resolver; - export type SourceIpsResolver< - R = Maybe, - Parent = TopNFlowItemDestination, + export type DeviceResolver< + R = Maybe, + Parent = FileFields, TContext = SiemContext > = Resolver; -} - -export namespace NetworkDnsDataResolvers { - export interface Resolvers { - edges?: EdgesResolver; - - totalCount?: TotalCountResolver; - - pageInfo?: PageInfoResolver; - - inspect?: InspectResolver, TypeParent, TContext>; - - histogram?: HistogramResolver, TypeParent, TContext>; - } - - export type EdgesResolver< - R = NetworkDnsEdges[], - Parent = NetworkDnsData, + export type InodeResolver< + R = Maybe, + Parent = FileFields, TContext = SiemContext > = Resolver; - export type TotalCountResolver< - R = number, - Parent = NetworkDnsData, + export type UidResolver< + R = Maybe, + Parent = FileFields, TContext = SiemContext > = Resolver; - export type PageInfoResolver< - R = PageInfoPaginated, - Parent = NetworkDnsData, + export type OwnerResolver< + R = Maybe, + Parent = FileFields, TContext = SiemContext > = Resolver; - export type InspectResolver< - R = Maybe, - Parent = NetworkDnsData, + export type GidResolver< + R = Maybe, + Parent = FileFields, TContext = SiemContext > = Resolver; - export type HistogramResolver< - R = Maybe, - Parent = NetworkDnsData, + export type GroupResolver< + R = Maybe, + Parent = FileFields, TContext = SiemContext > = Resolver; -} - -export namespace NetworkDnsEdgesResolvers { - export interface Resolvers { - node?: NodeResolver; - - cursor?: CursorResolver; - } - - export type NodeResolver< - R = NetworkDnsItem, - Parent = NetworkDnsEdges, + export type ModeResolver< + R = Maybe, + Parent = FileFields, TContext = SiemContext > = Resolver; - export type CursorResolver< - R = CursorType, - Parent = NetworkDnsEdges, + export type SizeResolver< + R = Maybe, + Parent = FileFields, + TContext = SiemContext + > = Resolver; + export type MtimeResolver< + R = Maybe, + Parent = FileFields, + TContext = SiemContext + > = Resolver; + export type CtimeResolver< + R = Maybe, + Parent = FileFields, TContext = SiemContext > = Resolver; } -export namespace NetworkDnsItemResolvers { - export interface Resolvers { - _id?: _IdResolver, TypeParent, TContext>; - - dnsBytesIn?: DnsBytesInResolver, TypeParent, TContext>; +export namespace ZeekHttpDataResolvers { + export interface Resolvers { + resp_mime_types?: RespMimeTypesResolver, TypeParent, TContext>; - dnsBytesOut?: DnsBytesOutResolver, TypeParent, TContext>; + trans_depth?: TransDepthResolver, TypeParent, TContext>; - dnsName?: DnsNameResolver, TypeParent, TContext>; + status_msg?: StatusMsgResolver, TypeParent, TContext>; - queryCount?: QueryCountResolver, TypeParent, TContext>; + resp_fuids?: RespFuidsResolver, TypeParent, TContext>; - uniqueDomains?: UniqueDomainsResolver, TypeParent, TContext>; + tags?: TagsResolver, TypeParent, TContext>; } - export type _IdResolver< - R = Maybe, - Parent = NetworkDnsItem, - TContext = SiemContext - > = Resolver; - export type DnsBytesInResolver< - R = Maybe, - Parent = NetworkDnsItem, + export type RespMimeTypesResolver< + R = Maybe, + Parent = ZeekHttpData, TContext = SiemContext > = Resolver; - export type DnsBytesOutResolver< - R = Maybe, - Parent = NetworkDnsItem, + export type TransDepthResolver< + R = Maybe, + Parent = ZeekHttpData, TContext = SiemContext > = Resolver; - export type DnsNameResolver< - R = Maybe, - Parent = NetworkDnsItem, + export type StatusMsgResolver< + R = Maybe, + Parent = ZeekHttpData, TContext = SiemContext > = Resolver; - export type QueryCountResolver< - R = Maybe, - Parent = NetworkDnsItem, + export type RespFuidsResolver< + R = Maybe, + Parent = ZeekHttpData, TContext = SiemContext > = Resolver; - export type UniqueDomainsResolver< - R = Maybe, - Parent = NetworkDnsItem, + export type TagsResolver< + R = Maybe, + Parent = ZeekHttpData, TContext = SiemContext > = Resolver; } -export namespace MatrixOverOrdinalHistogramDataResolvers { - export interface Resolvers { - x?: XResolver; - - y?: YResolver; +export namespace HttpBodyDataResolvers { + export interface Resolvers { + content?: ContentResolver, TypeParent, TContext>; - g?: GResolver; + bytes?: BytesResolver, TypeParent, TContext>; } - export type XResolver< - R = string, - Parent = MatrixOverOrdinalHistogramData, - TContext = SiemContext - > = Resolver; - export type YResolver< - R = number, - Parent = MatrixOverOrdinalHistogramData, + export type ContentResolver< + R = Maybe, + Parent = HttpBodyData, TContext = SiemContext > = Resolver; - export type GResolver< - R = string, - Parent = MatrixOverOrdinalHistogramData, + export type BytesResolver< + R = Maybe, + Parent = HttpBodyData, TContext = SiemContext > = Resolver; } -export namespace NetworkDsOverTimeDataResolvers { - export interface Resolvers { - inspect?: InspectResolver, TypeParent, TContext>; +export namespace HttpRequestDataResolvers { + export interface Resolvers { + method?: MethodResolver, TypeParent, TContext>; - matrixHistogramData?: MatrixHistogramDataResolver< - MatrixOverTimeHistogramData[], - TypeParent, - TContext - >; + body?: BodyResolver, TypeParent, TContext>; - totalCount?: TotalCountResolver; + referrer?: ReferrerResolver, TypeParent, TContext>; + + bytes?: BytesResolver, TypeParent, TContext>; } - export type InspectResolver< - R = Maybe, - Parent = NetworkDsOverTimeData, + export type MethodResolver< + R = Maybe, + Parent = HttpRequestData, TContext = SiemContext > = Resolver; - export type MatrixHistogramDataResolver< - R = MatrixOverTimeHistogramData[], - Parent = NetworkDsOverTimeData, + export type BodyResolver< + R = Maybe, + Parent = HttpRequestData, TContext = SiemContext > = Resolver; - export type TotalCountResolver< - R = number, - Parent = NetworkDsOverTimeData, + export type ReferrerResolver< + R = Maybe, + Parent = HttpRequestData, + TContext = SiemContext + > = Resolver; + export type BytesResolver< + R = Maybe, + Parent = HttpRequestData, TContext = SiemContext > = Resolver; } -export namespace NetworkHttpDataResolvers { - export interface Resolvers { - edges?: EdgesResolver; - - totalCount?: TotalCountResolver; +export namespace HttpResponseDataResolvers { + export interface Resolvers { + status_code?: StatusCodeResolver, TypeParent, TContext>; - pageInfo?: PageInfoResolver; + body?: BodyResolver, TypeParent, TContext>; - inspect?: InspectResolver, TypeParent, TContext>; + bytes?: BytesResolver, TypeParent, TContext>; } - export type EdgesResolver< - R = NetworkHttpEdges[], - Parent = NetworkHttpData, - TContext = SiemContext - > = Resolver; - export type TotalCountResolver< - R = number, - Parent = NetworkHttpData, + export type StatusCodeResolver< + R = Maybe, + Parent = HttpResponseData, TContext = SiemContext > = Resolver; - export type PageInfoResolver< - R = PageInfoPaginated, - Parent = NetworkHttpData, + export type BodyResolver< + R = Maybe, + Parent = HttpResponseData, TContext = SiemContext > = Resolver; - export type InspectResolver< - R = Maybe, - Parent = NetworkHttpData, + export type BytesResolver< + R = Maybe, + Parent = HttpResponseData, TContext = SiemContext > = Resolver; } -export namespace NetworkHttpEdgesResolvers { - export interface Resolvers { - node?: NodeResolver; +export namespace HttpEcsFieldsResolvers { + export interface Resolvers { + version?: VersionResolver, TypeParent, TContext>; + + request?: RequestResolver, TypeParent, TContext>; - cursor?: CursorResolver; + response?: ResponseResolver, TypeParent, TContext>; } - export type NodeResolver< - R = NetworkHttpItem, - Parent = NetworkHttpEdges, + export type VersionResolver< + R = Maybe, + Parent = HttpEcsFields, TContext = SiemContext > = Resolver; - export type CursorResolver< - R = CursorType, - Parent = NetworkHttpEdges, + export type RequestResolver< + R = Maybe, + Parent = HttpEcsFields, + TContext = SiemContext + > = Resolver; + export type ResponseResolver< + R = Maybe, + Parent = HttpEcsFields, TContext = SiemContext > = Resolver; } -export namespace NetworkHttpItemResolvers { - export interface Resolvers { - _id?: _IdResolver, TypeParent, TContext>; - - domains?: DomainsResolver; - - lastHost?: LastHostResolver, TypeParent, TContext>; - - lastSourceIp?: LastSourceIpResolver, TypeParent, TContext>; - - methods?: MethodsResolver; +export namespace UrlEcsFieldsResolvers { + export interface Resolvers { + domain?: DomainResolver, TypeParent, TContext>; - path?: PathResolver, TypeParent, TContext>; + original?: OriginalResolver, TypeParent, TContext>; - requestCount?: RequestCountResolver, TypeParent, TContext>; + username?: UsernameResolver, TypeParent, TContext>; - statuses?: StatusesResolver; + password?: PasswordResolver, TypeParent, TContext>; } - export type _IdResolver< - R = Maybe, - Parent = NetworkHttpItem, - TContext = SiemContext - > = Resolver; - export type DomainsResolver< - R = string[], - Parent = NetworkHttpItem, - TContext = SiemContext - > = Resolver; - export type LastHostResolver< - R = Maybe, - Parent = NetworkHttpItem, - TContext = SiemContext - > = Resolver; - export type LastSourceIpResolver< - R = Maybe, - Parent = NetworkHttpItem, - TContext = SiemContext - > = Resolver; - export type MethodsResolver< - R = string[], - Parent = NetworkHttpItem, + export type DomainResolver< + R = Maybe, + Parent = UrlEcsFields, TContext = SiemContext > = Resolver; - export type PathResolver< - R = Maybe, - Parent = NetworkHttpItem, + export type OriginalResolver< + R = Maybe, + Parent = UrlEcsFields, TContext = SiemContext > = Resolver; - export type RequestCountResolver< - R = Maybe, - Parent = NetworkHttpItem, + export type UsernameResolver< + R = Maybe, + Parent = UrlEcsFields, TContext = SiemContext > = Resolver; - export type StatusesResolver< - R = string[], - Parent = NetworkHttpItem, + export type PasswordResolver< + R = Maybe, + Parent = UrlEcsFields, TContext = SiemContext > = Resolver; } -export namespace SayMyNameResolvers { - export interface Resolvers { - /** The id of the source */ - appName?: AppNameResolver; - } - - export type AppNameResolver = Resolver< - R, - Parent, - TContext - >; -} - -export namespace TimelineResultResolvers { - export interface Resolvers { - columns?: ColumnsResolver, TypeParent, TContext>; - - created?: CreatedResolver, TypeParent, TContext>; - - createdBy?: CreatedByResolver, TypeParent, TContext>; - - dataProviders?: DataProvidersResolver, TypeParent, TContext>; - - dateRange?: DateRangeResolver, TypeParent, TContext>; - - description?: DescriptionResolver, TypeParent, TContext>; - - eventIdToNoteIds?: EventIdToNoteIdsResolver, TypeParent, TContext>; - - eventType?: EventTypeResolver, TypeParent, TContext>; - - excludedRowRendererIds?: ExcludedRowRendererIdsResolver< - Maybe, - TypeParent, - TContext - >; - - favorite?: FavoriteResolver, TypeParent, TContext>; - - filters?: FiltersResolver, TypeParent, TContext>; - - kqlMode?: KqlModeResolver, TypeParent, TContext>; +export namespace ZeekFileDataResolvers { + export interface Resolvers { + session_ids?: SessionIdsResolver, TypeParent, TContext>; - kqlQuery?: KqlQueryResolver, TypeParent, TContext>; + timedout?: TimedoutResolver, TypeParent, TContext>; - indexNames?: IndexNamesResolver, TypeParent, TContext>; + local_orig?: LocalOrigResolver, TypeParent, TContext>; - notes?: NotesResolver, TypeParent, TContext>; + tx_host?: TxHostResolver, TypeParent, TContext>; - noteIds?: NoteIdsResolver, TypeParent, TContext>; + source?: SourceResolver, TypeParent, TContext>; - pinnedEventIds?: PinnedEventIdsResolver, TypeParent, TContext>; + is_orig?: IsOrigResolver, TypeParent, TContext>; - pinnedEventsSaveObject?: PinnedEventsSaveObjectResolver< - Maybe, - TypeParent, - TContext - >; + overflow_bytes?: OverflowBytesResolver, TypeParent, TContext>; - savedQueryId?: SavedQueryIdResolver, TypeParent, TContext>; + sha1?: Sha1Resolver, TypeParent, TContext>; - savedObjectId?: SavedObjectIdResolver; + duration?: DurationResolver, TypeParent, TContext>; - sort?: SortResolver, TypeParent, TContext>; + depth?: DepthResolver, TypeParent, TContext>; - status?: StatusResolver, TypeParent, TContext>; + analyzers?: AnalyzersResolver, TypeParent, TContext>; - title?: TitleResolver, TypeParent, TContext>; + mime_type?: MimeTypeResolver, TypeParent, TContext>; - templateTimelineId?: TemplateTimelineIdResolver, TypeParent, TContext>; + rx_host?: RxHostResolver, TypeParent, TContext>; - templateTimelineVersion?: TemplateTimelineVersionResolver, TypeParent, TContext>; + total_bytes?: TotalBytesResolver, TypeParent, TContext>; - timelineType?: TimelineTypeResolver, TypeParent, TContext>; + fuid?: FuidResolver, TypeParent, TContext>; - updated?: UpdatedResolver, TypeParent, TContext>; + seen_bytes?: SeenBytesResolver, TypeParent, TContext>; - updatedBy?: UpdatedByResolver, TypeParent, TContext>; + missing_bytes?: MissingBytesResolver, TypeParent, TContext>; - version?: VersionResolver; + md5?: Md5Resolver, TypeParent, TContext>; } - export type ColumnsResolver< - R = Maybe, - Parent = TimelineResult, - TContext = SiemContext - > = Resolver; - export type CreatedResolver< - R = Maybe, - Parent = TimelineResult, - TContext = SiemContext - > = Resolver; - export type CreatedByResolver< - R = Maybe, - Parent = TimelineResult, - TContext = SiemContext - > = Resolver; - export type DataProvidersResolver< - R = Maybe, - Parent = TimelineResult, - TContext = SiemContext - > = Resolver; - export type DateRangeResolver< - R = Maybe, - Parent = TimelineResult, - TContext = SiemContext - > = Resolver; - export type DescriptionResolver< - R = Maybe, - Parent = TimelineResult, - TContext = SiemContext - > = Resolver; - export type EventIdToNoteIdsResolver< - R = Maybe, - Parent = TimelineResult, - TContext = SiemContext - > = Resolver; - export type EventTypeResolver< - R = Maybe, - Parent = TimelineResult, + export type SessionIdsResolver< + R = Maybe, + Parent = ZeekFileData, TContext = SiemContext > = Resolver; - export type ExcludedRowRendererIdsResolver< - R = Maybe, - Parent = TimelineResult, + export type TimedoutResolver< + R = Maybe, + Parent = ZeekFileData, TContext = SiemContext > = Resolver; - export type FavoriteResolver< - R = Maybe, - Parent = TimelineResult, + export type LocalOrigResolver< + R = Maybe, + Parent = ZeekFileData, TContext = SiemContext > = Resolver; - export type FiltersResolver< - R = Maybe, - Parent = TimelineResult, + export type TxHostResolver< + R = Maybe, + Parent = ZeekFileData, TContext = SiemContext > = Resolver; - export type KqlModeResolver< - R = Maybe, - Parent = TimelineResult, + export type SourceResolver< + R = Maybe, + Parent = ZeekFileData, TContext = SiemContext > = Resolver; - export type KqlQueryResolver< - R = Maybe, - Parent = TimelineResult, + export type IsOrigResolver< + R = Maybe, + Parent = ZeekFileData, TContext = SiemContext > = Resolver; - export type IndexNamesResolver< - R = Maybe, - Parent = TimelineResult, + export type OverflowBytesResolver< + R = Maybe, + Parent = ZeekFileData, TContext = SiemContext > = Resolver; - export type NotesResolver< - R = Maybe, - Parent = TimelineResult, + export type Sha1Resolver< + R = Maybe, + Parent = ZeekFileData, TContext = SiemContext > = Resolver; - export type NoteIdsResolver< - R = Maybe, - Parent = TimelineResult, + export type DurationResolver< + R = Maybe, + Parent = ZeekFileData, TContext = SiemContext > = Resolver; - export type PinnedEventIdsResolver< - R = Maybe, - Parent = TimelineResult, + export type DepthResolver< + R = Maybe, + Parent = ZeekFileData, TContext = SiemContext > = Resolver; - export type PinnedEventsSaveObjectResolver< - R = Maybe, - Parent = TimelineResult, + export type AnalyzersResolver< + R = Maybe, + Parent = ZeekFileData, TContext = SiemContext > = Resolver; - export type SavedQueryIdResolver< - R = Maybe, - Parent = TimelineResult, + export type MimeTypeResolver< + R = Maybe, + Parent = ZeekFileData, TContext = SiemContext > = Resolver; - export type SavedObjectIdResolver< - R = string, - Parent = TimelineResult, + export type RxHostResolver< + R = Maybe, + Parent = ZeekFileData, TContext = SiemContext > = Resolver; - export type SortResolver< - R = Maybe, - Parent = TimelineResult, + export type TotalBytesResolver< + R = Maybe, + Parent = ZeekFileData, TContext = SiemContext > = Resolver; - export type StatusResolver< - R = Maybe, - Parent = TimelineResult, + export type FuidResolver< + R = Maybe, + Parent = ZeekFileData, TContext = SiemContext > = Resolver; - export type TitleResolver< - R = Maybe, - Parent = TimelineResult, + export type SeenBytesResolver< + R = Maybe, + Parent = ZeekFileData, TContext = SiemContext > = Resolver; - export type TemplateTimelineIdResolver< - R = Maybe, - Parent = TimelineResult, + export type MissingBytesResolver< + R = Maybe, + Parent = ZeekFileData, TContext = SiemContext > = Resolver; - export type TemplateTimelineVersionResolver< - R = Maybe, - Parent = TimelineResult, + export type Md5Resolver< + R = Maybe, + Parent = ZeekFileData, TContext = SiemContext > = Resolver; - export type TimelineTypeResolver< - R = Maybe, - Parent = TimelineResult, +} + +export namespace ZeekSslDataResolvers { + export interface Resolvers { + cipher?: CipherResolver, TypeParent, TContext>; + + established?: EstablishedResolver, TypeParent, TContext>; + + resumed?: ResumedResolver, TypeParent, TContext>; + + version?: VersionResolver, TypeParent, TContext>; + } + + export type CipherResolver< + R = Maybe, + Parent = ZeekSslData, TContext = SiemContext > = Resolver; - export type UpdatedResolver< - R = Maybe, - Parent = TimelineResult, + export type EstablishedResolver< + R = Maybe, + Parent = ZeekSslData, TContext = SiemContext > = Resolver; - export type UpdatedByResolver< - R = Maybe, - Parent = TimelineResult, + export type ResumedResolver< + R = Maybe, + Parent = ZeekSslData, TContext = SiemContext > = Resolver; export type VersionResolver< - R = string, - Parent = TimelineResult, + R = Maybe, + Parent = ZeekSslData, TContext = SiemContext > = Resolver; } -export namespace ColumnHeaderResultResolvers { - export interface Resolvers { - aggregatable?: AggregatableResolver, TypeParent, TContext>; - - category?: CategoryResolver, TypeParent, TContext>; - - columnHeaderType?: ColumnHeaderTypeResolver, TypeParent, TContext>; - - description?: DescriptionResolver, TypeParent, TContext>; - - example?: ExampleResolver, TypeParent, TContext>; +export namespace ZeekEcsFieldsResolvers { + export interface Resolvers { + session_id?: SessionIdResolver, TypeParent, TContext>; - indexes?: IndexesResolver, TypeParent, TContext>; + connection?: ConnectionResolver, TypeParent, TContext>; - id?: IdResolver, TypeParent, TContext>; + notice?: NoticeResolver, TypeParent, TContext>; - name?: NameResolver, TypeParent, TContext>; + dns?: DnsResolver, TypeParent, TContext>; - placeholder?: PlaceholderResolver, TypeParent, TContext>; + http?: HttpResolver, TypeParent, TContext>; - searchable?: SearchableResolver, TypeParent, TContext>; + files?: FilesResolver, TypeParent, TContext>; - type?: TypeResolver, TypeParent, TContext>; + ssl?: SslResolver, TypeParent, TContext>; } - export type AggregatableResolver< - R = Maybe, - Parent = ColumnHeaderResult, + export type SessionIdResolver< + R = Maybe, + Parent = ZeekEcsFields, TContext = SiemContext > = Resolver; - export type CategoryResolver< - R = Maybe, - Parent = ColumnHeaderResult, + export type ConnectionResolver< + R = Maybe, + Parent = ZeekEcsFields, TContext = SiemContext > = Resolver; - export type ColumnHeaderTypeResolver< - R = Maybe, - Parent = ColumnHeaderResult, + export type NoticeResolver< + R = Maybe, + Parent = ZeekEcsFields, TContext = SiemContext > = Resolver; - export type DescriptionResolver< - R = Maybe, - Parent = ColumnHeaderResult, + export type DnsResolver< + R = Maybe, + Parent = ZeekEcsFields, TContext = SiemContext > = Resolver; - export type ExampleResolver< - R = Maybe, - Parent = ColumnHeaderResult, + export type HttpResolver< + R = Maybe, + Parent = ZeekEcsFields, TContext = SiemContext > = Resolver; - export type IndexesResolver< - R = Maybe, - Parent = ColumnHeaderResult, + export type FilesResolver< + R = Maybe, + Parent = ZeekEcsFields, + TContext = SiemContext + > = Resolver; + export type SslResolver< + R = Maybe, + Parent = ZeekEcsFields, + TContext = SiemContext + > = Resolver; +} + +export namespace UserEcsFieldsResolvers { + export interface Resolvers { + domain?: DomainResolver, TypeParent, TContext>; + + id?: IdResolver, TypeParent, TContext>; + + name?: NameResolver, TypeParent, TContext>; + + full_name?: FullNameResolver, TypeParent, TContext>; + + email?: EmailResolver, TypeParent, TContext>; + + hash?: HashResolver, TypeParent, TContext>; + + group?: GroupResolver, TypeParent, TContext>; + } + + export type DomainResolver< + R = Maybe, + Parent = UserEcsFields, TContext = SiemContext > = Resolver; export type IdResolver< - R = Maybe, - Parent = ColumnHeaderResult, + R = Maybe, + Parent = UserEcsFields, TContext = SiemContext > = Resolver; export type NameResolver< - R = Maybe, - Parent = ColumnHeaderResult, + R = Maybe, + Parent = UserEcsFields, TContext = SiemContext > = Resolver; - export type PlaceholderResolver< - R = Maybe, - Parent = ColumnHeaderResult, + export type FullNameResolver< + R = Maybe, + Parent = UserEcsFields, TContext = SiemContext > = Resolver; - export type SearchableResolver< - R = Maybe, - Parent = ColumnHeaderResult, + export type EmailResolver< + R = Maybe, + Parent = UserEcsFields, TContext = SiemContext > = Resolver; - export type TypeResolver< - R = Maybe, - Parent = ColumnHeaderResult, + export type HashResolver< + R = Maybe, + Parent = UserEcsFields, + TContext = SiemContext + > = Resolver; + export type GroupResolver< + R = Maybe, + Parent = UserEcsFields, TContext = SiemContext > = Resolver; } -export namespace DataProviderResultResolvers { - export interface Resolvers { - id?: IdResolver, TypeParent, TContext>; +export namespace WinlogEcsFieldsResolvers { + export interface Resolvers { + event_id?: EventIdResolver, TypeParent, TContext>; + } - name?: NameResolver, TypeParent, TContext>; + export type EventIdResolver< + R = Maybe, + Parent = WinlogEcsFields, + TContext = SiemContext + > = Resolver; +} - enabled?: EnabledResolver, TypeParent, TContext>; +export namespace NetworkEcsFieldResolvers { + export interface Resolvers { + bytes?: BytesResolver, TypeParent, TContext>; - excluded?: ExcludedResolver, TypeParent, TContext>; + community_id?: CommunityIdResolver, TypeParent, TContext>; - kqlQuery?: KqlQueryResolver, TypeParent, TContext>; + direction?: DirectionResolver, TypeParent, TContext>; - queryMatch?: QueryMatchResolver, TypeParent, TContext>; + packets?: PacketsResolver, TypeParent, TContext>; - type?: TypeResolver, TypeParent, TContext>; + protocol?: ProtocolResolver, TypeParent, TContext>; - and?: AndResolver, TypeParent, TContext>; + transport?: TransportResolver, TypeParent, TContext>; } - export type IdResolver< - R = Maybe, - Parent = DataProviderResult, - TContext = SiemContext - > = Resolver; - export type NameResolver< - R = Maybe, - Parent = DataProviderResult, - TContext = SiemContext - > = Resolver; - export type EnabledResolver< - R = Maybe, - Parent = DataProviderResult, + export type BytesResolver< + R = Maybe, + Parent = NetworkEcsField, TContext = SiemContext > = Resolver; - export type ExcludedResolver< - R = Maybe, - Parent = DataProviderResult, + export type CommunityIdResolver< + R = Maybe, + Parent = NetworkEcsField, TContext = SiemContext > = Resolver; - export type KqlQueryResolver< - R = Maybe, - Parent = DataProviderResult, + export type DirectionResolver< + R = Maybe, + Parent = NetworkEcsField, TContext = SiemContext > = Resolver; - export type QueryMatchResolver< - R = Maybe, - Parent = DataProviderResult, + export type PacketsResolver< + R = Maybe, + Parent = NetworkEcsField, TContext = SiemContext > = Resolver; - export type TypeResolver< - R = Maybe, - Parent = DataProviderResult, + export type ProtocolResolver< + R = Maybe, + Parent = NetworkEcsField, TContext = SiemContext > = Resolver; - export type AndResolver< - R = Maybe, - Parent = DataProviderResult, + export type TransportResolver< + R = Maybe, + Parent = NetworkEcsField, TContext = SiemContext > = Resolver; } -export namespace QueryMatchResultResolvers { - export interface Resolvers { - field?: FieldResolver, TypeParent, TContext>; +export namespace PackageEcsFieldsResolvers { + export interface Resolvers { + arch?: ArchResolver, TypeParent, TContext>; - displayField?: DisplayFieldResolver, TypeParent, TContext>; + entity_id?: EntityIdResolver, TypeParent, TContext>; - value?: ValueResolver, TypeParent, TContext>; + name?: NameResolver, TypeParent, TContext>; - displayValue?: DisplayValueResolver, TypeParent, TContext>; + size?: SizeResolver, TypeParent, TContext>; - operator?: OperatorResolver, TypeParent, TContext>; + summary?: SummaryResolver, TypeParent, TContext>; + + version?: VersionResolver, TypeParent, TContext>; } - export type FieldResolver< - R = Maybe, - Parent = QueryMatchResult, + export type ArchResolver< + R = Maybe, + Parent = PackageEcsFields, TContext = SiemContext > = Resolver; - export type DisplayFieldResolver< - R = Maybe, - Parent = QueryMatchResult, + export type EntityIdResolver< + R = Maybe, + Parent = PackageEcsFields, TContext = SiemContext > = Resolver; - export type ValueResolver< - R = Maybe, - Parent = QueryMatchResult, + export type NameResolver< + R = Maybe, + Parent = PackageEcsFields, TContext = SiemContext > = Resolver; - export type DisplayValueResolver< - R = Maybe, - Parent = QueryMatchResult, + export type SizeResolver< + R = Maybe, + Parent = PackageEcsFields, TContext = SiemContext > = Resolver; - export type OperatorResolver< - R = Maybe, - Parent = QueryMatchResult, + export type SummaryResolver< + R = Maybe, + Parent = PackageEcsFields, + TContext = SiemContext + > = Resolver; + export type VersionResolver< + R = Maybe, + Parent = PackageEcsFields, TContext = SiemContext > = Resolver; } -export namespace DateRangePickerResultResolvers { - export interface Resolvers { - start?: StartResolver, TypeParent, TContext>; +export namespace AuditEcsFieldsResolvers { + export interface Resolvers { + package?: PackageResolver, TypeParent, TContext>; + } - end?: EndResolver, TypeParent, TContext>; + export type PackageResolver< + R = Maybe, + Parent = AuditEcsFields, + TContext = SiemContext + > = Resolver; +} + +export namespace SshEcsFieldsResolvers { + export interface Resolvers { + method?: MethodResolver, TypeParent, TContext>; + + signature?: SignatureResolver, TypeParent, TContext>; } - export type StartResolver< - R = Maybe, - Parent = DateRangePickerResult, + export type MethodResolver< + R = Maybe, + Parent = SshEcsFields, TContext = SiemContext > = Resolver; - export type EndResolver< - R = Maybe, - Parent = DateRangePickerResult, + export type SignatureResolver< + R = Maybe, + Parent = SshEcsFields, TContext = SiemContext > = Resolver; } -export namespace FavoriteTimelineResultResolvers { - export interface Resolvers { - fullName?: FullNameResolver, TypeParent, TContext>; - - userName?: UserNameResolver, TypeParent, TContext>; - - favoriteDate?: FavoriteDateResolver, TypeParent, TContext>; +export namespace AuthEcsFieldsResolvers { + export interface Resolvers { + ssh?: SshResolver, TypeParent, TContext>; } - export type FullNameResolver< - R = Maybe, - Parent = FavoriteTimelineResult, + export type SshResolver< + R = Maybe, + Parent = AuthEcsFields, TContext = SiemContext > = Resolver; - export type UserNameResolver< - R = Maybe, - Parent = FavoriteTimelineResult, +} + +export namespace SystemEcsFieldResolvers { + export interface Resolvers { + audit?: AuditResolver, TypeParent, TContext>; + + auth?: AuthResolver, TypeParent, TContext>; + } + + export type AuditResolver< + R = Maybe, + Parent = SystemEcsField, TContext = SiemContext > = Resolver; - export type FavoriteDateResolver< - R = Maybe, - Parent = FavoriteTimelineResult, + export type AuthResolver< + R = Maybe, + Parent = SystemEcsField, TContext = SiemContext > = Resolver; } -export namespace FilterTimelineResultResolvers { - export interface Resolvers { - exists?: ExistsResolver, TypeParent, TContext>; +export namespace RuleFieldResolvers { + export interface Resolvers { + id?: IdResolver, TypeParent, TContext>; - meta?: MetaResolver, TypeParent, TContext>; + rule_id?: RuleIdResolver, TypeParent, TContext>; - match_all?: MatchAllResolver, TypeParent, TContext>; + false_positives?: FalsePositivesResolver; - missing?: MissingResolver, TypeParent, TContext>; + saved_id?: SavedIdResolver, TypeParent, TContext>; - query?: QueryResolver, TypeParent, TContext>; + timeline_id?: TimelineIdResolver, TypeParent, TContext>; - range?: RangeResolver, TypeParent, TContext>; + timeline_title?: TimelineTitleResolver, TypeParent, TContext>; - script?: ScriptResolver, TypeParent, TContext>; + max_signals?: MaxSignalsResolver, TypeParent, TContext>; + + risk_score?: RiskScoreResolver, TypeParent, TContext>; + + output_index?: OutputIndexResolver, TypeParent, TContext>; + + description?: DescriptionResolver, TypeParent, TContext>; + + from?: FromResolver, TypeParent, TContext>; + + immutable?: ImmutableResolver, TypeParent, TContext>; + + index?: IndexResolver, TypeParent, TContext>; + + interval?: IntervalResolver, TypeParent, TContext>; + + language?: LanguageResolver, TypeParent, TContext>; + + query?: QueryResolver, TypeParent, TContext>; + + references?: ReferencesResolver, TypeParent, TContext>; + + severity?: SeverityResolver, TypeParent, TContext>; + + tags?: TagsResolver, TypeParent, TContext>; + + threat?: ThreatResolver, TypeParent, TContext>; + + type?: TypeResolver, TypeParent, TContext>; + + size?: SizeResolver, TypeParent, TContext>; + + to?: ToResolver, TypeParent, TContext>; + + enabled?: EnabledResolver, TypeParent, TContext>; + + filters?: FiltersResolver, TypeParent, TContext>; + + created_at?: CreatedAtResolver, TypeParent, TContext>; + + updated_at?: UpdatedAtResolver, TypeParent, TContext>; + + created_by?: CreatedByResolver, TypeParent, TContext>; + + updated_by?: UpdatedByResolver, TypeParent, TContext>; + + version?: VersionResolver, TypeParent, TContext>; + + note?: NoteResolver, TypeParent, TContext>; + + threshold?: ThresholdResolver, TypeParent, TContext>; + + exceptions_list?: ExceptionsListResolver, TypeParent, TContext>; } - export type ExistsResolver< - R = Maybe, - Parent = FilterTimelineResult, + export type IdResolver< + R = Maybe, + Parent = RuleField, TContext = SiemContext > = Resolver; - export type MetaResolver< - R = Maybe, - Parent = FilterTimelineResult, + export type RuleIdResolver< + R = Maybe, + Parent = RuleField, + TContext = SiemContext + > = Resolver; + export type FalsePositivesResolver< + R = string[], + Parent = RuleField, + TContext = SiemContext + > = Resolver; + export type SavedIdResolver< + R = Maybe, + Parent = RuleField, + TContext = SiemContext + > = Resolver; + export type TimelineIdResolver< + R = Maybe, + Parent = RuleField, + TContext = SiemContext + > = Resolver; + export type TimelineTitleResolver< + R = Maybe, + Parent = RuleField, + TContext = SiemContext + > = Resolver; + export type MaxSignalsResolver< + R = Maybe, + Parent = RuleField, + TContext = SiemContext + > = Resolver; + export type RiskScoreResolver< + R = Maybe, + Parent = RuleField, + TContext = SiemContext + > = Resolver; + export type OutputIndexResolver< + R = Maybe, + Parent = RuleField, TContext = SiemContext > = Resolver; - export type MatchAllResolver< - R = Maybe, - Parent = FilterTimelineResult, + export type DescriptionResolver< + R = Maybe, + Parent = RuleField, TContext = SiemContext > = Resolver; - export type MissingResolver< - R = Maybe, - Parent = FilterTimelineResult, + export type FromResolver< + R = Maybe, + Parent = RuleField, TContext = SiemContext > = Resolver; - export type QueryResolver< - R = Maybe, - Parent = FilterTimelineResult, + export type ImmutableResolver< + R = Maybe, + Parent = RuleField, TContext = SiemContext > = Resolver; - export type RangeResolver< - R = Maybe, - Parent = FilterTimelineResult, + export type IndexResolver< + R = Maybe, + Parent = RuleField, TContext = SiemContext > = Resolver; - export type ScriptResolver< - R = Maybe, - Parent = FilterTimelineResult, + export type IntervalResolver< + R = Maybe, + Parent = RuleField, TContext = SiemContext > = Resolver; -} - -export namespace FilterMetaTimelineResultResolvers { - export interface Resolvers { - alias?: AliasResolver, TypeParent, TContext>; - - controlledBy?: ControlledByResolver, TypeParent, TContext>; - - disabled?: DisabledResolver, TypeParent, TContext>; - - field?: FieldResolver, TypeParent, TContext>; - - formattedValue?: FormattedValueResolver, TypeParent, TContext>; - - index?: IndexResolver, TypeParent, TContext>; - - key?: KeyResolver, TypeParent, TContext>; - - negate?: NegateResolver, TypeParent, TContext>; - - params?: ParamsResolver, TypeParent, TContext>; - - type?: TypeResolver, TypeParent, TContext>; - - value?: ValueResolver, TypeParent, TContext>; - } - - export type AliasResolver< - R = Maybe, - Parent = FilterMetaTimelineResult, + export type LanguageResolver< + R = Maybe, + Parent = RuleField, TContext = SiemContext > = Resolver; - export type ControlledByResolver< - R = Maybe, - Parent = FilterMetaTimelineResult, + export type QueryResolver< + R = Maybe, + Parent = RuleField, TContext = SiemContext > = Resolver; - export type DisabledResolver< - R = Maybe, - Parent = FilterMetaTimelineResult, + export type ReferencesResolver< + R = Maybe, + Parent = RuleField, TContext = SiemContext > = Resolver; - export type FieldResolver< - R = Maybe, - Parent = FilterMetaTimelineResult, + export type SeverityResolver< + R = Maybe, + Parent = RuleField, TContext = SiemContext > = Resolver; - export type FormattedValueResolver< - R = Maybe, - Parent = FilterMetaTimelineResult, + export type TagsResolver< + R = Maybe, + Parent = RuleField, TContext = SiemContext > = Resolver; - export type IndexResolver< - R = Maybe, - Parent = FilterMetaTimelineResult, + export type ThreatResolver< + R = Maybe, + Parent = RuleField, TContext = SiemContext > = Resolver; - export type KeyResolver< - R = Maybe, - Parent = FilterMetaTimelineResult, + export type TypeResolver< + R = Maybe, + Parent = RuleField, TContext = SiemContext > = Resolver; - export type NegateResolver< - R = Maybe, - Parent = FilterMetaTimelineResult, + export type SizeResolver< + R = Maybe, + Parent = RuleField, TContext = SiemContext > = Resolver; - export type ParamsResolver< - R = Maybe, - Parent = FilterMetaTimelineResult, + export type ToResolver< + R = Maybe, + Parent = RuleField, TContext = SiemContext > = Resolver; - export type TypeResolver< - R = Maybe, - Parent = FilterMetaTimelineResult, + export type EnabledResolver< + R = Maybe, + Parent = RuleField, TContext = SiemContext > = Resolver; - export type ValueResolver< - R = Maybe, - Parent = FilterMetaTimelineResult, + export type FiltersResolver< + R = Maybe, + Parent = RuleField, TContext = SiemContext > = Resolver; -} - -export namespace SerializedFilterQueryResultResolvers { - export interface Resolvers { - filterQuery?: FilterQueryResolver, TypeParent, TContext>; - } - - export type FilterQueryResolver< - R = Maybe, - Parent = SerializedFilterQueryResult, + export type CreatedAtResolver< + R = Maybe, + Parent = RuleField, TContext = SiemContext > = Resolver; -} - -export namespace SerializedKueryQueryResultResolvers { - export interface Resolvers { - kuery?: KueryResolver, TypeParent, TContext>; - - serializedQuery?: SerializedQueryResolver, TypeParent, TContext>; - } - - export type KueryResolver< - R = Maybe, - Parent = SerializedKueryQueryResult, + export type UpdatedAtResolver< + R = Maybe, + Parent = RuleField, TContext = SiemContext > = Resolver; - export type SerializedQueryResolver< - R = Maybe, - Parent = SerializedKueryQueryResult, + export type CreatedByResolver< + R = Maybe, + Parent = RuleField, TContext = SiemContext > = Resolver; -} - -export namespace KueryFilterQueryResultResolvers { - export interface Resolvers { - kind?: KindResolver, TypeParent, TContext>; - - expression?: ExpressionResolver, TypeParent, TContext>; - } - - export type KindResolver< - R = Maybe, - Parent = KueryFilterQueryResult, + export type UpdatedByResolver< + R = Maybe, + Parent = RuleField, TContext = SiemContext > = Resolver; - export type ExpressionResolver< - R = Maybe, - Parent = KueryFilterQueryResult, + export type VersionResolver< + R = Maybe, + Parent = RuleField, TContext = SiemContext > = Resolver; -} - -export namespace SortTimelineResultResolvers { - export interface Resolvers { - columnId?: ColumnIdResolver, TypeParent, TContext>; - - sortDirection?: SortDirectionResolver, TypeParent, TContext>; - } - - export type ColumnIdResolver< - R = Maybe, - Parent = SortTimelineResult, + export type NoteResolver< + R = Maybe, + Parent = RuleField, TContext = SiemContext > = Resolver; - export type SortDirectionResolver< - R = Maybe, - Parent = SortTimelineResult, + export type ThresholdResolver< + R = Maybe, + Parent = RuleField, + TContext = SiemContext + > = Resolver; + export type ExceptionsListResolver< + R = Maybe, + Parent = RuleField, TContext = SiemContext > = Resolver; } -export namespace ResponseTimelinesResolvers { - export interface Resolvers { - timeline?: TimelineResolver<(Maybe)[], TypeParent, TContext>; - - totalCount?: TotalCountResolver, TypeParent, TContext>; - - defaultTimelineCount?: DefaultTimelineCountResolver, TypeParent, TContext>; - - templateTimelineCount?: TemplateTimelineCountResolver, TypeParent, TContext>; - - elasticTemplateTimelineCount?: ElasticTemplateTimelineCountResolver< - Maybe, - TypeParent, - TContext - >; +export namespace SignalFieldResolvers { + export interface Resolvers { + rule?: RuleResolver, TypeParent, TContext>; - customTemplateTimelineCount?: CustomTemplateTimelineCountResolver< - Maybe, - TypeParent, - TContext - >; + original_time?: OriginalTimeResolver, TypeParent, TContext>; - favoriteCount?: FavoriteCountResolver, TypeParent, TContext>; + status?: StatusResolver, TypeParent, TContext>; } - export type TimelineResolver< - R = (Maybe)[], - Parent = ResponseTimelines, - TContext = SiemContext - > = Resolver; - export type TotalCountResolver< - R = Maybe, - Parent = ResponseTimelines, - TContext = SiemContext - > = Resolver; - export type DefaultTimelineCountResolver< - R = Maybe, - Parent = ResponseTimelines, - TContext = SiemContext - > = Resolver; - export type TemplateTimelineCountResolver< - R = Maybe, - Parent = ResponseTimelines, + export type RuleResolver< + R = Maybe, + Parent = SignalField, TContext = SiemContext > = Resolver; - export type ElasticTemplateTimelineCountResolver< - R = Maybe, - Parent = ResponseTimelines, + export type OriginalTimeResolver< + R = Maybe, + Parent = SignalField, TContext = SiemContext > = Resolver; - export type CustomTemplateTimelineCountResolver< - R = Maybe, - Parent = ResponseTimelines, + export type StatusResolver< + R = Maybe, + Parent = SignalField, TContext = SiemContext > = Resolver; - export type FavoriteCountResolver< - R = Maybe, - Parent = ResponseTimelines, +} + +export namespace RuleEcsFieldResolvers { + export interface Resolvers { + reference?: ReferenceResolver, TypeParent, TContext>; + } + + export type ReferenceResolver< + R = Maybe, + Parent = RuleEcsField, TContext = SiemContext > = Resolver; } -export namespace MutationResolvers { - export interface Resolvers { - /** Persists a note */ - persistNote?: PersistNoteResolver; +export namespace EcsResolvers { + export interface Resolvers { + _id?: _IdResolver; - deleteNote?: DeleteNoteResolver, TypeParent, TContext>; + _index?: _IndexResolver, TypeParent, TContext>; - deleteNoteByTimelineId?: DeleteNoteByTimelineIdResolver, TypeParent, TContext>; - /** Persists a pinned event in a timeline */ - persistPinnedEventOnTimeline?: PersistPinnedEventOnTimelineResolver< - Maybe, - TypeParent, - TContext - >; - /** Remove a pinned events in a timeline */ - deletePinnedEventOnTimeline?: DeletePinnedEventOnTimelineResolver< - boolean, - TypeParent, - TContext - >; - /** Remove all pinned events in a timeline */ - deleteAllPinnedEventsOnTimeline?: DeleteAllPinnedEventsOnTimelineResolver< - boolean, - TypeParent, - TContext - >; - /** Persists a timeline */ - persistTimeline?: PersistTimelineResolver; + agent?: AgentResolver, TypeParent, TContext>; - persistFavorite?: PersistFavoriteResolver; + auditd?: AuditdResolver, TypeParent, TContext>; - deleteTimeline?: DeleteTimelineResolver; - } + destination?: DestinationResolver, TypeParent, TContext>; - export type PersistNoteResolver = Resolver< - R, - Parent, - TContext, - PersistNoteArgs - >; - export interface PersistNoteArgs { - noteId?: Maybe; + dns?: DnsResolver, TypeParent, TContext>; - version?: Maybe; + endgame?: EndgameResolver, TypeParent, TContext>; - note: NoteInput; - } + event?: EventResolver, TypeParent, TContext>; - export type DeleteNoteResolver< - R = Maybe, - Parent = {}, - TContext = SiemContext - > = Resolver; - export interface DeleteNoteArgs { - id: string[]; - } + geo?: GeoResolver, TypeParent, TContext>; - export type DeleteNoteByTimelineIdResolver< - R = Maybe, - Parent = {}, - TContext = SiemContext - > = Resolver; - export interface DeleteNoteByTimelineIdArgs { - timelineId: string; + host?: HostResolver, TypeParent, TContext>; - version?: Maybe; - } + network?: NetworkResolver, TypeParent, TContext>; - export type PersistPinnedEventOnTimelineResolver< - R = Maybe, - Parent = {}, - TContext = SiemContext - > = Resolver; - export interface PersistPinnedEventOnTimelineArgs { - pinnedEventId?: Maybe; + rule?: RuleResolver, TypeParent, TContext>; - eventId: string; + signal?: SignalResolver, TypeParent, TContext>; - timelineId?: Maybe; - } + source?: SourceResolver, TypeParent, TContext>; - export type DeletePinnedEventOnTimelineResolver< - R = boolean, - Parent = {}, - TContext = SiemContext - > = Resolver; - export interface DeletePinnedEventOnTimelineArgs { - id: string[]; - } + suricata?: SuricataResolver, TypeParent, TContext>; - export type DeleteAllPinnedEventsOnTimelineResolver< - R = boolean, - Parent = {}, - TContext = SiemContext - > = Resolver; - export interface DeleteAllPinnedEventsOnTimelineArgs { - timelineId: string; - } + tls?: TlsResolver, TypeParent, TContext>; - export type PersistTimelineResolver< - R = ResponseTimeline, - Parent = {}, - TContext = SiemContext - > = Resolver; - export interface PersistTimelineArgs { - id?: Maybe; + zeek?: ZeekResolver, TypeParent, TContext>; - version?: Maybe; + http?: HttpResolver, TypeParent, TContext>; - timeline: TimelineInput; - } + url?: UrlResolver, TypeParent, TContext>; - export type PersistFavoriteResolver< - R = ResponseFavoriteTimeline, - Parent = {}, - TContext = SiemContext - > = Resolver; - export interface PersistFavoriteArgs { - timelineId?: Maybe; - } + timestamp?: TimestampResolver, TypeParent, TContext>; - export type DeleteTimelineResolver = Resolver< - R, - Parent, - TContext, - DeleteTimelineArgs - >; - export interface DeleteTimelineArgs { - id: string[]; - } -} + message?: MessageResolver, TypeParent, TContext>; -export namespace ResponseNoteResolvers { - export interface Resolvers { - code?: CodeResolver, TypeParent, TContext>; + user?: UserResolver, TypeParent, TContext>; - message?: MessageResolver, TypeParent, TContext>; + winlog?: WinlogResolver, TypeParent, TContext>; - note?: NoteResolver; + process?: ProcessResolver, TypeParent, TContext>; + + file?: FileResolver, TypeParent, TContext>; + + system?: SystemResolver, TypeParent, TContext>; } - export type CodeResolver< - R = Maybe, - Parent = ResponseNote, + export type _IdResolver = Resolver< + R, + Parent, + TContext + >; + export type _IndexResolver, Parent = Ecs, TContext = SiemContext> = Resolver< + R, + Parent, + TContext + >; + export type AgentResolver< + R = Maybe, + Parent = Ecs, TContext = SiemContext > = Resolver; - export type MessageResolver< - R = Maybe, - Parent = ResponseNote, + export type AuditdResolver< + R = Maybe, + Parent = Ecs, TContext = SiemContext > = Resolver; - export type NoteResolver< - R = NoteResult, - Parent = ResponseNote, + export type DestinationResolver< + R = Maybe, + Parent = Ecs, TContext = SiemContext > = Resolver; -} - -export namespace ResponseTimelineResolvers { - export interface Resolvers { - code?: CodeResolver, TypeParent, TContext>; - - message?: MessageResolver, TypeParent, TContext>; - - timeline?: TimelineResolver; - } - - export type CodeResolver< - R = Maybe, - Parent = ResponseTimeline, + export type DnsResolver, Parent = Ecs, TContext = SiemContext> = Resolver< + R, + Parent, + TContext + >; + export type EndgameResolver< + R = Maybe, + Parent = Ecs, + TContext = SiemContext + > = Resolver; + export type EventResolver< + R = Maybe, + Parent = Ecs, + TContext = SiemContext + > = Resolver; + export type GeoResolver, Parent = Ecs, TContext = SiemContext> = Resolver< + R, + Parent, + TContext + >; + export type HostResolver< + R = Maybe, + Parent = Ecs, + TContext = SiemContext + > = Resolver; + export type NetworkResolver< + R = Maybe, + Parent = Ecs, + TContext = SiemContext + > = Resolver; + export type RuleResolver< + R = Maybe, + Parent = Ecs, + TContext = SiemContext + > = Resolver; + export type SignalResolver< + R = Maybe, + Parent = Ecs, + TContext = SiemContext + > = Resolver; + export type SourceResolver< + R = Maybe, + Parent = Ecs, + TContext = SiemContext + > = Resolver; + export type SuricataResolver< + R = Maybe, + Parent = Ecs, TContext = SiemContext > = Resolver; - export type MessageResolver< - R = Maybe, - Parent = ResponseTimeline, + export type TlsResolver, Parent = Ecs, TContext = SiemContext> = Resolver< + R, + Parent, + TContext + >; + export type ZeekResolver< + R = Maybe, + Parent = Ecs, TContext = SiemContext > = Resolver; - export type TimelineResolver< - R = TimelineResult, - Parent = ResponseTimeline, + export type HttpResolver< + R = Maybe, + Parent = Ecs, TContext = SiemContext > = Resolver; -} - -export namespace ResponseFavoriteTimelineResolvers { - export interface Resolvers { - code?: CodeResolver, TypeParent, TContext>; - - message?: MessageResolver, TypeParent, TContext>; - - savedObjectId?: SavedObjectIdResolver; - - version?: VersionResolver; - - favorite?: FavoriteResolver, TypeParent, TContext>; - } - - export type CodeResolver< - R = Maybe, - Parent = ResponseFavoriteTimeline, + export type UrlResolver, Parent = Ecs, TContext = SiemContext> = Resolver< + R, + Parent, + TContext + >; + export type TimestampResolver, Parent = Ecs, TContext = SiemContext> = Resolver< + R, + Parent, + TContext + >; + export type MessageResolver< + R = Maybe, + Parent = Ecs, TContext = SiemContext > = Resolver; - export type MessageResolver< - R = Maybe, - Parent = ResponseFavoriteTimeline, + export type UserResolver< + R = Maybe, + Parent = Ecs, TContext = SiemContext > = Resolver; - export type SavedObjectIdResolver< - R = string, - Parent = ResponseFavoriteTimeline, + export type WinlogResolver< + R = Maybe, + Parent = Ecs, TContext = SiemContext > = Resolver; - export type VersionResolver< - R = string, - Parent = ResponseFavoriteTimeline, + export type ProcessResolver< + R = Maybe, + Parent = Ecs, TContext = SiemContext > = Resolver; - export type FavoriteResolver< - R = Maybe, - Parent = ResponseFavoriteTimeline, + export type FileResolver, Parent = Ecs, TContext = SiemContext> = Resolver< + R, + Parent, + TContext + >; + export type SystemResolver< + R = Maybe, + Parent = Ecs, TContext = SiemContext > = Resolver; } @@ -8064,39 +5764,6 @@ export namespace EcsEdgesResolvers { >; } -export namespace EventsTimelineDataResolvers { - export interface Resolvers { - edges?: EdgesResolver; - - totalCount?: TotalCountResolver; - - pageInfo?: PageInfoResolver; - - inspect?: InspectResolver, TypeParent, TContext>; - } - - export type EdgesResolver< - R = EcsEdges[], - Parent = EventsTimelineData, - TContext = SiemContext - > = Resolver; - export type TotalCountResolver< - R = number, - Parent = EventsTimelineData, - TContext = SiemContext - > = Resolver; - export type PageInfoResolver< - R = PageInfo, - Parent = EventsTimelineData, - TContext = SiemContext - > = Resolver; - export type InspectResolver< - R = Maybe, - Parent = EventsTimelineData, - TContext = SiemContext - > = Resolver; -} - export namespace OsFieldsResolvers { export interface Resolvers { platform?: PlatformResolver, TypeParent, TContext>; @@ -8281,6 +5948,25 @@ export namespace IndexFieldResolvers { > = Resolver; } +export namespace PageInfoResolvers { + export interface Resolvers { + endCursor?: EndCursorResolver, TypeParent, TContext>; + + hasNextPage?: HasNextPageResolver, TypeParent, TContext>; + } + + export type EndCursorResolver< + R = Maybe, + Parent = PageInfo, + TContext = SiemContext + > = Resolver; + export type HasNextPageResolver< + R = Maybe, + Parent = PageInfo, + TContext = SiemContext + > = Resolver; +} + /** Directs the executor to skip this field or fragment when the `if` argument is true. */ export type SkipDirectiveResolver = DirectiveResolverFn< Result, @@ -8320,25 +6006,22 @@ export interface ToStringArrayScalarConfig extends GraphQLScalarTypeConfig { name: 'Date'; } -export interface ToNumberArrayScalarConfig extends GraphQLScalarTypeConfig { - name: 'ToNumberArray'; -} -export interface ToDateArrayScalarConfig extends GraphQLScalarTypeConfig { - name: 'ToDateArray'; -} -export interface ToBooleanArrayScalarConfig extends GraphQLScalarTypeConfig { - name: 'ToBooleanArray'; -} export interface ToAnyScalarConfig extends GraphQLScalarTypeConfig { name: 'ToAny'; } -export interface EsValueScalarConfig extends GraphQLScalarTypeConfig { - name: 'EsValue'; -} export interface ToStringArrayNoNullableScalarConfig extends GraphQLScalarTypeConfig { name: 'ToStringArrayNoNullable'; } +export interface ToDateArrayScalarConfig extends GraphQLScalarTypeConfig { + name: 'ToDateArray'; +} +export interface ToNumberArrayScalarConfig extends GraphQLScalarTypeConfig { + name: 'ToNumberArray'; +} +export interface ToBooleanArrayScalarConfig extends GraphQLScalarTypeConfig { + name: 'ToBooleanArray'; +} export interface ToIFieldSubTypeNonNullableScalarConfig extends GraphQLScalarTypeConfig { name: 'ToIFieldSubTypeNonNullable'; @@ -8353,73 +6036,6 @@ export type IResolvers = { SourceConfiguration?: SourceConfigurationResolvers.Resolvers; SourceFields?: SourceFieldsResolvers.Resolvers; SourceStatus?: SourceStatusResolvers.Resolvers; - AuthenticationsData?: AuthenticationsDataResolvers.Resolvers; - AuthenticationsEdges?: AuthenticationsEdgesResolvers.Resolvers; - AuthenticationItem?: AuthenticationItemResolvers.Resolvers; - UserEcsFields?: UserEcsFieldsResolvers.Resolvers; - LastSourceHost?: LastSourceHostResolvers.Resolvers; - SourceEcsFields?: SourceEcsFieldsResolvers.Resolvers; - GeoEcsFields?: GeoEcsFieldsResolvers.Resolvers; - Location?: LocationResolvers.Resolvers; - HostEcsFields?: HostEcsFieldsResolvers.Resolvers; - OsEcsFields?: OsEcsFieldsResolvers.Resolvers; - CursorType?: CursorTypeResolvers.Resolvers; - PageInfoPaginated?: PageInfoPaginatedResolvers.Resolvers; - Inspect?: InspectResolvers.Resolvers; - TimelineData?: TimelineDataResolvers.Resolvers; - TimelineEdges?: TimelineEdgesResolvers.Resolvers; - TimelineItem?: TimelineItemResolvers.Resolvers; - TimelineNonEcsData?: TimelineNonEcsDataResolvers.Resolvers; - Ecs?: EcsResolvers.Resolvers; - AgentEcsField?: AgentEcsFieldResolvers.Resolvers; - AuditdEcsFields?: AuditdEcsFieldsResolvers.Resolvers; - AuditdData?: AuditdDataResolvers.Resolvers; - Summary?: SummaryResolvers.Resolvers; - PrimarySecondary?: PrimarySecondaryResolvers.Resolvers; - DestinationEcsFields?: DestinationEcsFieldsResolvers.Resolvers; - DnsEcsFields?: DnsEcsFieldsResolvers.Resolvers; - DnsQuestionData?: DnsQuestionDataResolvers.Resolvers; - EndgameEcsFields?: EndgameEcsFieldsResolvers.Resolvers; - EventEcsFields?: EventEcsFieldsResolvers.Resolvers; - NetworkEcsField?: NetworkEcsFieldResolvers.Resolvers; - RuleEcsField?: RuleEcsFieldResolvers.Resolvers; - SignalField?: SignalFieldResolvers.Resolvers; - RuleField?: RuleFieldResolvers.Resolvers; - SuricataEcsFields?: SuricataEcsFieldsResolvers.Resolvers; - SuricataEveData?: SuricataEveDataResolvers.Resolvers; - SuricataAlertData?: SuricataAlertDataResolvers.Resolvers; - TlsEcsFields?: TlsEcsFieldsResolvers.Resolvers; - TlsClientCertificateData?: TlsClientCertificateDataResolvers.Resolvers; - FingerprintData?: FingerprintDataResolvers.Resolvers; - TlsFingerprintsData?: TlsFingerprintsDataResolvers.Resolvers; - TlsJa3Data?: TlsJa3DataResolvers.Resolvers; - TlsServerCertificateData?: TlsServerCertificateDataResolvers.Resolvers; - ZeekEcsFields?: ZeekEcsFieldsResolvers.Resolvers; - ZeekConnectionData?: ZeekConnectionDataResolvers.Resolvers; - ZeekNoticeData?: ZeekNoticeDataResolvers.Resolvers; - ZeekDnsData?: ZeekDnsDataResolvers.Resolvers; - ZeekHttpData?: ZeekHttpDataResolvers.Resolvers; - ZeekFileData?: ZeekFileDataResolvers.Resolvers; - ZeekSslData?: ZeekSslDataResolvers.Resolvers; - HttpEcsFields?: HttpEcsFieldsResolvers.Resolvers; - HttpRequestData?: HttpRequestDataResolvers.Resolvers; - HttpBodyData?: HttpBodyDataResolvers.Resolvers; - HttpResponseData?: HttpResponseDataResolvers.Resolvers; - UrlEcsFields?: UrlEcsFieldsResolvers.Resolvers; - WinlogEcsFields?: WinlogEcsFieldsResolvers.Resolvers; - ProcessEcsFields?: ProcessEcsFieldsResolvers.Resolvers; - ProcessHashData?: ProcessHashDataResolvers.Resolvers; - Thread?: ThreadResolvers.Resolvers; - FileFields?: FileFieldsResolvers.Resolvers; - SystemEcsField?: SystemEcsFieldResolvers.Resolvers; - AuditEcsFields?: AuditEcsFieldsResolvers.Resolvers; - PackageEcsFields?: PackageEcsFieldsResolvers.Resolvers; - AuthEcsFields?: AuthEcsFieldsResolvers.Resolvers; - SshEcsFields?: SshEcsFieldsResolvers.Resolvers; - PageInfo?: PageInfoResolvers.Resolvers; - TimelineDetailsData?: TimelineDetailsDataResolvers.Resolvers; - DetailItem?: DetailItemResolvers.Resolvers; - LastEventTimeData?: LastEventTimeDataResolvers.Resolvers; HostsData?: HostsDataResolvers.Resolvers; HostsEdges?: HostsEdgesResolvers.Resolvers; HostItem?: HostItemResolvers.Resolvers; @@ -8427,36 +6043,12 @@ export type IResolvers = { CloudInstance?: CloudInstanceResolvers.Resolvers; CloudMachine?: CloudMachineResolvers.Resolvers; EndpointFields?: EndpointFieldsResolvers.Resolvers; + HostEcsFields?: HostEcsFieldsResolvers.Resolvers; + OsEcsFields?: OsEcsFieldsResolvers.Resolvers; + Inspect?: InspectResolvers.Resolvers; + CursorType?: CursorTypeResolvers.Resolvers; + PageInfoPaginated?: PageInfoPaginatedResolvers.Resolvers; FirstLastSeenHost?: FirstLastSeenHostResolvers.Resolvers; - KpiNetworkData?: KpiNetworkDataResolvers.Resolvers; - KpiNetworkHistogramData?: KpiNetworkHistogramDataResolvers.Resolvers; - KpiHostsData?: KpiHostsDataResolvers.Resolvers; - KpiHostHistogramData?: KpiHostHistogramDataResolvers.Resolvers; - KpiHostDetailsData?: KpiHostDetailsDataResolvers.Resolvers; - MatrixHistogramOverTimeData?: MatrixHistogramOverTimeDataResolvers.Resolvers; - MatrixOverTimeHistogramData?: MatrixOverTimeHistogramDataResolvers.Resolvers; - NetworkTopCountriesData?: NetworkTopCountriesDataResolvers.Resolvers; - NetworkTopCountriesEdges?: NetworkTopCountriesEdgesResolvers.Resolvers; - NetworkTopCountriesItem?: NetworkTopCountriesItemResolvers.Resolvers; - TopCountriesItemSource?: TopCountriesItemSourceResolvers.Resolvers; - GeoItem?: GeoItemResolvers.Resolvers; - TopCountriesItemDestination?: TopCountriesItemDestinationResolvers.Resolvers; - TopNetworkTablesEcsField?: TopNetworkTablesEcsFieldResolvers.Resolvers; - NetworkTopNFlowData?: NetworkTopNFlowDataResolvers.Resolvers; - NetworkTopNFlowEdges?: NetworkTopNFlowEdgesResolvers.Resolvers; - NetworkTopNFlowItem?: NetworkTopNFlowItemResolvers.Resolvers; - TopNFlowItemSource?: TopNFlowItemSourceResolvers.Resolvers; - AutonomousSystemItem?: AutonomousSystemItemResolvers.Resolvers; - TopNFlowItemDestination?: TopNFlowItemDestinationResolvers.Resolvers; - NetworkDnsData?: NetworkDnsDataResolvers.Resolvers; - NetworkDnsEdges?: NetworkDnsEdgesResolvers.Resolvers; - NetworkDnsItem?: NetworkDnsItemResolvers.Resolvers; - MatrixOverOrdinalHistogramData?: MatrixOverOrdinalHistogramDataResolvers.Resolvers; - NetworkDsOverTimeData?: NetworkDsOverTimeDataResolvers.Resolvers; - NetworkHttpData?: NetworkHttpDataResolvers.Resolvers; - NetworkHttpEdges?: NetworkHttpEdgesResolvers.Resolvers; - NetworkHttpItem?: NetworkHttpItemResolvers.Resolvers; - SayMyName?: SayMyNameResolvers.Resolvers; TimelineResult?: TimelineResultResolvers.Resolvers; ColumnHeaderResult?: ColumnHeaderResultResolvers.Resolvers; DataProviderResult?: DataProviderResultResolvers.Resolvers; @@ -8474,19 +6066,68 @@ export type IResolvers = { ResponseNote?: ResponseNoteResolvers.Resolvers; ResponseTimeline?: ResponseTimelineResolvers.Resolvers; ResponseFavoriteTimeline?: ResponseFavoriteTimelineResolvers.Resolvers; + EventEcsFields?: EventEcsFieldsResolvers.Resolvers; + Location?: LocationResolvers.Resolvers; + GeoEcsFields?: GeoEcsFieldsResolvers.Resolvers; + PrimarySecondary?: PrimarySecondaryResolvers.Resolvers; + Summary?: SummaryResolvers.Resolvers; + AgentEcsField?: AgentEcsFieldResolvers.Resolvers; + AuditdData?: AuditdDataResolvers.Resolvers; + AuditdEcsFields?: AuditdEcsFieldsResolvers.Resolvers; + Thread?: ThreadResolvers.Resolvers; + ProcessHashData?: ProcessHashDataResolvers.Resolvers; + ProcessEcsFields?: ProcessEcsFieldsResolvers.Resolvers; + SourceEcsFields?: SourceEcsFieldsResolvers.Resolvers; + DestinationEcsFields?: DestinationEcsFieldsResolvers.Resolvers; + DnsQuestionData?: DnsQuestionDataResolvers.Resolvers; + DnsEcsFields?: DnsEcsFieldsResolvers.Resolvers; + EndgameEcsFields?: EndgameEcsFieldsResolvers.Resolvers; + SuricataAlertData?: SuricataAlertDataResolvers.Resolvers; + SuricataEveData?: SuricataEveDataResolvers.Resolvers; + SuricataEcsFields?: SuricataEcsFieldsResolvers.Resolvers; + TlsJa3Data?: TlsJa3DataResolvers.Resolvers; + FingerprintData?: FingerprintDataResolvers.Resolvers; + TlsClientCertificateData?: TlsClientCertificateDataResolvers.Resolvers; + TlsServerCertificateData?: TlsServerCertificateDataResolvers.Resolvers; + TlsFingerprintsData?: TlsFingerprintsDataResolvers.Resolvers; + TlsEcsFields?: TlsEcsFieldsResolvers.Resolvers; + ZeekConnectionData?: ZeekConnectionDataResolvers.Resolvers; + ZeekNoticeData?: ZeekNoticeDataResolvers.Resolvers; + ZeekDnsData?: ZeekDnsDataResolvers.Resolvers; + FileFields?: FileFieldsResolvers.Resolvers; + ZeekHttpData?: ZeekHttpDataResolvers.Resolvers; + HttpBodyData?: HttpBodyDataResolvers.Resolvers; + HttpRequestData?: HttpRequestDataResolvers.Resolvers; + HttpResponseData?: HttpResponseDataResolvers.Resolvers; + HttpEcsFields?: HttpEcsFieldsResolvers.Resolvers; + UrlEcsFields?: UrlEcsFieldsResolvers.Resolvers; + ZeekFileData?: ZeekFileDataResolvers.Resolvers; + ZeekSslData?: ZeekSslDataResolvers.Resolvers; + ZeekEcsFields?: ZeekEcsFieldsResolvers.Resolvers; + UserEcsFields?: UserEcsFieldsResolvers.Resolvers; + WinlogEcsFields?: WinlogEcsFieldsResolvers.Resolvers; + NetworkEcsField?: NetworkEcsFieldResolvers.Resolvers; + PackageEcsFields?: PackageEcsFieldsResolvers.Resolvers; + AuditEcsFields?: AuditEcsFieldsResolvers.Resolvers; + SshEcsFields?: SshEcsFieldsResolvers.Resolvers; + AuthEcsFields?: AuthEcsFieldsResolvers.Resolvers; + SystemEcsField?: SystemEcsFieldResolvers.Resolvers; + RuleField?: RuleFieldResolvers.Resolvers; + SignalField?: SignalFieldResolvers.Resolvers; + RuleEcsField?: RuleEcsFieldResolvers.Resolvers; + Ecs?: EcsResolvers.Resolvers; EcsEdges?: EcsEdgesResolvers.Resolvers; - EventsTimelineData?: EventsTimelineDataResolvers.Resolvers; OsFields?: OsFieldsResolvers.Resolvers; HostFields?: HostFieldsResolvers.Resolvers; IndexField?: IndexFieldResolvers.Resolvers; + PageInfo?: PageInfoResolvers.Resolvers; ToStringArray?: GraphQLScalarType; Date?: GraphQLScalarType; - ToNumberArray?: GraphQLScalarType; - ToDateArray?: GraphQLScalarType; - ToBooleanArray?: GraphQLScalarType; ToAny?: GraphQLScalarType; - EsValue?: GraphQLScalarType; ToStringArrayNoNullable?: GraphQLScalarType; + ToDateArray?: GraphQLScalarType; + ToNumberArray?: GraphQLScalarType; + ToBooleanArray?: GraphQLScalarType; ToIFieldSubTypeNonNullable?: GraphQLScalarType; } & { [typeName: string]: never }; diff --git a/x-pack/plugins/security_solution/server/graphql/who_am_i/index.ts b/x-pack/plugins/security_solution/server/graphql/who_am_i/index.ts deleted file mode 100644 index 6ef7f1ae8a2eb..0000000000000 --- a/x-pack/plugins/security_solution/server/graphql/who_am_i/index.ts +++ /dev/null @@ -1,8 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -export { createWhoAmIResolvers } from './resolvers'; -export { whoAmISchema } from './schema.gql'; diff --git a/x-pack/plugins/security_solution/server/graphql/who_am_i/resolvers.ts b/x-pack/plugins/security_solution/server/graphql/who_am_i/resolvers.ts deleted file mode 100644 index 065edfb99ccea..0000000000000 --- a/x-pack/plugins/security_solution/server/graphql/who_am_i/resolvers.ts +++ /dev/null @@ -1,28 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import { SourceResolvers } from '../../graphql/types'; -import { AppResolverOf, ChildResolverOf } from '../../lib/framework'; -import { QuerySourceResolver } from '../sources/resolvers'; - -export type QueryWhoAmIResolver = ChildResolverOf< - AppResolverOf, - QuerySourceResolver ->; - -export const createWhoAmIResolvers = (): { - Source: { - whoAmI: QueryWhoAmIResolver; - }; -} => ({ - Source: { - async whoAmI(root, args) { - return { - appName: 'SIEM', - }; - }, - }, -}); diff --git a/x-pack/plugins/security_solution/server/graphql/who_am_i/schema.gql.ts b/x-pack/plugins/security_solution/server/graphql/who_am_i/schema.gql.ts deleted file mode 100644 index 0a264cd2988fe..0000000000000 --- a/x-pack/plugins/security_solution/server/graphql/who_am_i/schema.gql.ts +++ /dev/null @@ -1,19 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import gql from 'graphql-tag'; - -export const whoAmISchema = gql` - type SayMyName { - "The id of the source" - appName: String! - } - - extend type Source { - "Just a simple example to get the app name" - whoAmI: SayMyName - } -`; diff --git a/x-pack/plugins/security_solution/server/init_server.ts b/x-pack/plugins/security_solution/server/init_server.ts index 3d2833f1c6c60..997240a33ad22 100644 --- a/x-pack/plugins/security_solution/server/init_server.ts +++ b/x-pack/plugins/security_solution/server/init_server.ts @@ -6,13 +6,8 @@ import { IResolvers, makeExecutableSchema } from 'graphql-tools'; import { schemas } from './graphql'; -import { createAuthenticationsResolvers } from './graphql/authentications'; import { createScalarToStringArrayValueResolvers } from './graphql/ecs'; -import { createEsValueResolvers, createEventsResolvers } from './graphql/events'; import { createHostsResolvers } from './graphql/hosts'; -import { createKpiHostsResolvers } from './graphql/kpi_hosts'; -import { createKpiNetworkResolvers } from './graphql/kpi_network'; -import { createNetworkResolvers } from './graphql/network'; import { createNoteResolvers } from './graphql/note'; import { createPinnedEventResolvers } from './graphql/pinned_event'; import { createScalarDateResolvers } from './graphql/scalar_date'; @@ -23,24 +18,16 @@ import { createScalarToNumberArrayValueResolvers } from './graphql/scalar_to_num import { createSourceStatusResolvers } from './graphql/source_status'; import { createSourcesResolvers } from './graphql/sources'; import { createTimelineResolvers } from './graphql/timeline'; -import { createWhoAmIResolvers } from './graphql/who_am_i'; import { AppBackendLibs } from './lib/types'; -import { createMatrixHistogramResolvers } from './graphql/matrix_histogram'; export const initServer = (libs: AppBackendLibs) => { const schema = makeExecutableSchema({ resolvers: [ - createAuthenticationsResolvers(libs) as IResolvers, - createEsValueResolvers() as IResolvers, - createEventsResolvers(libs) as IResolvers, createHostsResolvers(libs) as IResolvers, - createKpiNetworkResolvers(libs) as IResolvers, - createMatrixHistogramResolvers(libs) as IResolvers, createNoteResolvers(libs) as IResolvers, createPinnedEventResolvers(libs) as IResolvers, createSourcesResolvers(libs) as IResolvers, createScalarToStringArrayValueResolvers() as IResolvers, - createNetworkResolvers(libs) as IResolvers, createScalarDateResolvers() as IResolvers, createScalarToDateArrayValueResolvers() as IResolvers, createScalarToAnyValueResolvers() as IResolvers, @@ -49,8 +36,6 @@ export const initServer = (libs: AppBackendLibs) => { createSourcesResolvers(libs) as IResolvers, createSourceStatusResolvers(libs) as IResolvers, createTimelineResolvers(libs) as IResolvers, - createWhoAmIResolvers() as IResolvers, - createKpiHostsResolvers(libs) as IResolvers, ], typeDefs: schemas, }); diff --git a/x-pack/plugins/security_solution/server/lib/authentications/elasticsearch_adapter.test.ts b/x-pack/plugins/security_solution/server/lib/authentications/elasticsearch_adapter.test.ts deleted file mode 100644 index d037164a34efb..0000000000000 --- a/x-pack/plugins/security_solution/server/lib/authentications/elasticsearch_adapter.test.ts +++ /dev/null @@ -1,135 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import { AuthenticationsEdges } from '../../graphql/types'; - -import { formatAuthenticationData } from './elasticsearch_adapter'; -import { auditdFieldsMap } from './query.dsl'; -import { AuthenticationHit } from './types'; - -describe('authentications elasticsearch_adapter', () => { - describe('#formatAuthenticationsData', () => { - const hit: AuthenticationHit = { - _index: 'index-123', - _type: 'type-123', - _id: 'id-123', - _score: 10, - _source: { - '@timestamp': 'time-1', - }, - cursor: 'cursor-1', - sort: [0], - user: 'Evan', - failures: 10, - successes: 20, - }; - - test('it formats a authentication with an empty set', () => { - const fields: readonly string[] = ['']; - const data = formatAuthenticationData(fields, hit, auditdFieldsMap); - const expected: AuthenticationsEdges = { - cursor: { - tiebreaker: null, - value: 'cursor-1', - }, - node: { - _id: 'id-123', - failures: 10, - successes: 20, - user: { - name: ['Evan'], - }, - }, - }; - - expect(data).toEqual(expected); - }); - - test('it formats a authentications with a source ip correctly', () => { - const fields: readonly string[] = ['lastSuccess.source.ip']; - const data = formatAuthenticationData(fields, hit, auditdFieldsMap); - const expected: AuthenticationsEdges = { - cursor: { - tiebreaker: null, - value: 'cursor-1', - }, - node: { - _id: 'id-123', - failures: 10, - successes: 20, - user: { - name: ['Evan'], - }, - }, - }; - - expect(data).toEqual(expected); - }); - - test('it formats a authentications with a host name only', () => { - const fields: readonly string[] = ['lastSuccess.host.name']; - const data = formatAuthenticationData(fields, hit, auditdFieldsMap); - const expected: AuthenticationsEdges = { - cursor: { - tiebreaker: null, - value: 'cursor-1', - }, - node: { - _id: 'id-123', - failures: 10, - successes: 20, - user: { - name: ['Evan'], - }, - }, - }; - - expect(data).toEqual(expected); - }); - - test('it formats a authentications with a host id only', () => { - const fields: readonly string[] = ['lastSuccess.host.id']; - const data = formatAuthenticationData(fields, hit, auditdFieldsMap); - const expected: AuthenticationsEdges = { - cursor: { - tiebreaker: null, - value: 'cursor-1', - }, - node: { - _id: 'id-123', - failures: 10, - successes: 20, - user: { - name: ['Evan'], - }, - }, - }; - - expect(data).toEqual(expected); - }); - - test('it formats a authentications with a host name and id correctly', () => { - const fields: readonly string[] = ['lastSuccess.host.name', 'lastSuccess.host.id']; - const data = formatAuthenticationData(fields, hit, auditdFieldsMap); - const expected: AuthenticationsEdges = { - cursor: { - tiebreaker: null, - value: 'cursor-1', - }, - node: { - _id: 'id-123', - failures: 10, - successes: 20, - user: { - name: ['Evan'], - }, - }, - }; - - expect(data).toEqual(expected); - }); - }); -}); diff --git a/x-pack/plugins/security_solution/server/lib/authentications/elasticsearch_adapter.ts b/x-pack/plugins/security_solution/server/lib/authentications/elasticsearch_adapter.ts deleted file mode 100644 index 724297fac7b67..0000000000000 --- a/x-pack/plugins/security_solution/server/lib/authentications/elasticsearch_adapter.ts +++ /dev/null @@ -1,119 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import { getOr } from 'lodash/fp'; - -import { AuthenticationsData, AuthenticationsEdges } from '../../graphql/types'; -import { mergeFieldsWithHit, inspectStringifyObject } from '../../utils/build_query'; -import { FrameworkAdapter, FrameworkRequest, RequestOptionsPaginated } from '../framework'; -import { TermAggregation } from '../types'; -import { DEFAULT_MAX_TABLE_QUERY_SIZE } from '../../../common/constants'; - -import { auditdFieldsMap, buildQuery } from './query.dsl'; -import { - AuthenticationBucket, - AuthenticationData, - AuthenticationHit, - AuthenticationsAdapter, -} from './types'; - -export class ElasticsearchAuthenticationAdapter implements AuthenticationsAdapter { - constructor(private readonly framework: FrameworkAdapter) {} - - public async getAuthentications( - request: FrameworkRequest, - options: RequestOptionsPaginated - ): Promise { - const dsl = buildQuery(options); - if (options.pagination && options.pagination.querySize >= DEFAULT_MAX_TABLE_QUERY_SIZE) { - throw new Error(`No query size above ${DEFAULT_MAX_TABLE_QUERY_SIZE}`); - } - const response = await this.framework.callWithRequest( - request, - 'search', - dsl - ); - const { activePage, cursorStart, fakePossibleCount, querySize } = options.pagination; - const totalCount = getOr(0, 'aggregations.user_count.value', response); - const fakeTotalCount = fakePossibleCount <= totalCount ? fakePossibleCount : totalCount; - const hits: AuthenticationHit[] = getOr( - [], - 'aggregations.group_by_users.buckets', - response - ).map((bucket: AuthenticationBucket) => ({ - _id: getOr( - `${bucket.key}+${bucket.doc_count}`, - 'failures.lastFailure.hits.hits[0].id', - bucket - ), - _source: { - lastSuccess: getOr(null, 'successes.lastSuccess.hits.hits[0]._source', bucket), - lastFailure: getOr(null, 'failures.lastFailure.hits.hits[0]._source', bucket), - }, - user: bucket.key, - failures: bucket.failures.doc_count, - successes: bucket.successes.doc_count, - })); - const authenticationEdges: AuthenticationsEdges[] = hits.map((hit) => - formatAuthenticationData(options.fields, hit, auditdFieldsMap) - ); - - const edges = authenticationEdges.splice(cursorStart, querySize - cursorStart); - const inspect = { - dsl: [inspectStringifyObject(dsl)], - response: [inspectStringifyObject(response)], - }; - const showMorePagesIndicator = totalCount > fakeTotalCount; - - return { - inspect, - edges, - totalCount, - pageInfo: { - activePage: activePage ? activePage : 0, - fakeTotalCount, - showMorePagesIndicator, - }, - }; - } -} - -export const formatAuthenticationData = ( - fields: readonly string[], - hit: AuthenticationHit, - fieldMap: Readonly> -): AuthenticationsEdges => - fields.reduce( - (flattenedFields, fieldName) => { - if (hit.cursor) { - flattenedFields.cursor.value = hit.cursor; - } - flattenedFields.node = { - ...flattenedFields.node, - ...{ - _id: hit._id, - user: { name: [hit.user] }, - failures: hit.failures, - successes: hit.successes, - }, - }; - return mergeFieldsWithHit(fieldName, flattenedFields, fieldMap, hit); - }, - { - node: { - failures: 0, - successes: 0, - _id: '', - user: { - name: [''], - }, - }, - cursor: { - value: '', - tiebreaker: null, - }, - } - ); diff --git a/x-pack/plugins/security_solution/server/lib/authentications/index.ts b/x-pack/plugins/security_solution/server/lib/authentications/index.ts deleted file mode 100644 index c1b93818943db..0000000000000 --- a/x-pack/plugins/security_solution/server/lib/authentications/index.ts +++ /dev/null @@ -1,21 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import { AuthenticationsData } from '../../graphql/types'; -import { FrameworkRequest, RequestOptionsPaginated } from '../framework'; - -import { AuthenticationsAdapter } from './types'; - -export class Authentications { - constructor(private readonly adapter: AuthenticationsAdapter) {} - - public async getAuthentications( - req: FrameworkRequest, - options: RequestOptionsPaginated - ): Promise { - return this.adapter.getAuthentications(req, options); - } -} diff --git a/x-pack/plugins/security_solution/server/lib/authentications/query.dsl.ts b/x-pack/plugins/security_solution/server/lib/authentications/query.dsl.ts deleted file mode 100644 index b6b72cd37efaa..0000000000000 --- a/x-pack/plugins/security_solution/server/lib/authentications/query.dsl.ts +++ /dev/null @@ -1,121 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import { isEmpty } from 'lodash/fp'; - -import { createQueryFilterClauses } from '../../utils/build_query'; -import { reduceFields } from '../../utils/build_query/reduce_fields'; -import { hostFieldsMap, sourceFieldsMap } from '../ecs_fields'; -import { extendMap } from '../ecs_fields/extend_map'; -import { RequestOptionsPaginated } from '../framework'; - -export const auditdFieldsMap: Readonly> = { - latest: '@timestamp', - 'lastSuccess.timestamp': 'lastSuccess.@timestamp', - 'lastFailure.timestamp': 'lastFailure.@timestamp', - ...{ ...extendMap('lastSuccess', sourceFieldsMap) }, - ...{ ...extendMap('lastSuccess', hostFieldsMap) }, - ...{ ...extendMap('lastFailure', sourceFieldsMap) }, - ...{ ...extendMap('lastFailure', hostFieldsMap) }, -}; - -export const buildQuery = ({ - fields, - filterQuery, - timerange: { from, to }, - pagination: { querySize }, - defaultIndex, - docValueFields, - sourceConfiguration: { - fields: { timestamp }, - }, -}: RequestOptionsPaginated) => { - const esFields = reduceFields(fields, { ...hostFieldsMap, ...sourceFieldsMap }); - - const filter = [ - ...createQueryFilterClauses(filterQuery), - { term: { 'event.category': 'authentication' } }, - { - range: { - [timestamp]: { - gte: from, - lte: to, - format: 'strict_date_optional_time', - }, - }, - }, - ]; - - const agg = { - user_count: { - cardinality: { - field: 'user.name', - }, - }, - }; - - const dslQuery = { - allowNoIndices: true, - index: defaultIndex, - ignoreUnavailable: true, - body: { - ...(isEmpty(docValueFields) ? { docvalue_fields: docValueFields } : {}), - aggregations: { - ...agg, - group_by_users: { - terms: { - size: querySize, - field: 'user.name', - order: [{ 'successes.doc_count': 'desc' }, { 'failures.doc_count': 'desc' }], - }, - aggs: { - failures: { - filter: { - term: { - 'event.outcome': 'failure', - }, - }, - aggs: { - lastFailure: { - top_hits: { - size: 1, - _source: esFields, - sort: [{ '@timestamp': { order: 'desc' } }], - }, - }, - }, - }, - successes: { - filter: { - term: { - 'event.outcome': 'success', - }, - }, - aggs: { - lastSuccess: { - top_hits: { - size: 1, - _source: esFields, - sort: [{ '@timestamp': { order: 'desc' } }], - }, - }, - }, - }, - }, - }, - }, - query: { - bool: { - filter, - }, - }, - size: 0, - }, - track_total_hits: false, - }; - - return dslQuery; -}; diff --git a/x-pack/plugins/security_solution/server/lib/authentications/types.ts b/x-pack/plugins/security_solution/server/lib/authentications/types.ts deleted file mode 100644 index 2d2c7ba547c09..0000000000000 --- a/x-pack/plugins/security_solution/server/lib/authentications/types.ts +++ /dev/null @@ -1,62 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import { AuthenticationsData, LastSourceHost } from '../../graphql/types'; -import { FrameworkRequest, RequestOptionsPaginated } from '../framework'; -import { Hit, SearchHit, TotalHit } from '../types'; - -export interface AuthenticationsAdapter { - getAuthentications( - req: FrameworkRequest, - options: RequestOptionsPaginated - ): Promise; -} - -type StringOrNumber = string | number; -export interface AuthenticationHit extends Hit { - _source: { - '@timestamp': string; - lastSuccess?: LastSourceHost; - lastFailure?: LastSourceHost; - }; - user: string; - failures: number; - successes: number; - cursor?: string; - sort: StringOrNumber[]; -} - -export interface AuthenticationBucket { - key: { - user_uid: string; - }; - doc_count: number; - failures: { - doc_count: number; - }; - successes: { - doc_count: number; - }; - authentication: { - hits: { - total: TotalHit; - hits: ArrayLike; - }; - }; -} - -export interface AuthenticationData extends SearchHit { - sort: string[]; - aggregations: { - process_count: { - value: number; - }; - group_by_process: { - after_key: string; - buckets: AuthenticationBucket[]; - }; - }; -} diff --git a/x-pack/plugins/security_solution/server/lib/compose/kibana.ts b/x-pack/plugins/security_solution/server/lib/compose/kibana.ts index 6348ee930a109..433ee4a5f99fa 100644 --- a/x-pack/plugins/security_solution/server/lib/compose/kibana.ts +++ b/x-pack/plugins/security_solution/server/lib/compose/kibana.ts @@ -7,26 +7,17 @@ import { CoreSetup } from '../../../../../../src/core/server'; import { SetupPlugins } from '../../plugin'; -import { Authentications } from '../authentications'; -import { ElasticsearchAuthenticationAdapter } from '../authentications/elasticsearch_adapter'; -import { ElasticsearchEventsAdapter, Events } from '../events'; import { KibanaBackendFrameworkAdapter } from '../framework/kibana_framework_adapter'; import { ElasticsearchHostsAdapter, Hosts } from '../hosts'; -import { KpiHosts } from '../kpi_hosts'; -import { ElasticsearchKpiHostsAdapter } from '../kpi_hosts/elasticsearch_adapter'; import { ElasticsearchIndexFieldAdapter, IndexFields } from '../index_fields'; -import { KpiNetwork } from '../kpi_network'; -import { ElasticsearchKpiNetworkAdapter } from '../kpi_network/elasticsearch_adapter'; -import { ElasticsearchNetworkAdapter, Network } from '../network'; import { ElasticsearchSourceStatusAdapter, SourceStatus } from '../source_status'; import { ConfigurationSourcesAdapter, Sources } from '../sources'; import { AppBackendLibs, AppDomainLibs } from '../types'; import * as note from '../note/saved_object'; import * as pinnedEvent from '../pinned_event/saved_object'; import * as timeline from '../timeline/saved_object'; -import { ElasticsearchMatrixHistogramAdapter, MatrixHistogram } from '../matrix_histogram'; import { EndpointAppContext } from '../../endpoint/types'; export function compose( @@ -40,14 +31,8 @@ export function compose( const sourceStatus = new SourceStatus(new ElasticsearchSourceStatusAdapter(framework)); const domainLibs: AppDomainLibs = { - authentications: new Authentications(new ElasticsearchAuthenticationAdapter(framework)), - events: new Events(new ElasticsearchEventsAdapter(framework)), fields: new IndexFields(new ElasticsearchIndexFieldAdapter()), hosts: new Hosts(new ElasticsearchHostsAdapter(framework, endpointContext)), - kpiHosts: new KpiHosts(new ElasticsearchKpiHostsAdapter(framework)), - kpiNetwork: new KpiNetwork(new ElasticsearchKpiNetworkAdapter(framework)), - matrixHistogram: new MatrixHistogram(new ElasticsearchMatrixHistogramAdapter(framework)), - network: new Network(new ElasticsearchNetworkAdapter(framework)), }; const libs: AppBackendLibs = { diff --git a/x-pack/plugins/security_solution/server/lib/events/elasticsearch_adapter.test.ts b/x-pack/plugins/security_solution/server/lib/events/elasticsearch_adapter.test.ts deleted file mode 100644 index 42dc13d84fd98..0000000000000 --- a/x-pack/plugins/security_solution/server/lib/events/elasticsearch_adapter.test.ts +++ /dev/null @@ -1,549 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ -import { EcsEdges, TimelineDetailsData } from '../../graphql/types'; -import { eventFieldsMap } from '../ecs_fields'; -import { FrameworkAdapter, FrameworkRequest } from '../framework'; - -import { - ElasticsearchEventsAdapter, - formatEventsData, - formatTimelineData, - getFieldCategory, -} from './elasticsearch_adapter'; -import { - mockDetailsQueryDsl, - mockOptions, - mockQueryDsl, - mockRequest, - mockResponseMap, - mockResponseSearchTimelineDetails, - mockTimelineDetailsResult, -} from './mock'; -import { EventHit } from './types'; - -jest.mock('./query.dsl', () => { - return { - buildQuery: jest.fn(() => mockQueryDsl), - buildDetailsQuery: jest.fn(() => mockDetailsQueryDsl), - }; -}); - -describe('events elasticsearch_adapter', () => { - const hit: EventHit = { - _index: 'index-123', - _type: 'type-123', - _id: 'id-123', - _score: 10, - aggregations: {}, - _source: { - '@timestamp': ['time-1'], - host: { - name: ['hostname-1'], - ip: ['hostip-1'], - }, - suricata: { - eve: { - alert: { - category: 'suricata-category-1', - signature: ['suricata-signature-1'], - signature_id: [5000], - severity: 1, - }, - flow_id: [100], - proto: ['suricata-proto-1'], - }, - }, - source: { - ip: ['source-ip-1'], - port: [100], - }, - destination: { - ip: ['destination-ip-1'], - port: [200], - geo: { - region_name: ['geo-region-1'], - country_iso_code: ['geo-iso-code-1'], - }, - }, - event: { - action: ['event-action-1'], - module: ['event-module-1'], - type: ['event-type-1'], - category: ['event-category-1'], - severity: [1], - id: ['event-id-1'], - }, - }, - sort: ['123567890', '1234'], - }; - - describe('#formatEventsData', () => { - test('it formats an event with a source of hostname correctly', () => { - const fields: readonly string[] = ['host.name']; - const data = formatEventsData(fields, hit, eventFieldsMap); - const expected: EcsEdges = { - cursor: { - tiebreaker: '1234', - value: '123567890', - }, - node: { - _id: 'id-123', - _index: 'index-123', - host: { - name: ['hostname-1'], - }, - }, - }; - expect(data).toEqual(expected); - }); - - test('it formats an event with a source of host ip correctly', () => { - const fields: readonly string[] = ['host.ip']; - const data = formatEventsData(fields, hit, eventFieldsMap); - const expected: EcsEdges = { - cursor: { - tiebreaker: '1234', - value: '123567890', - }, - node: { - _id: 'id-123', - _index: 'index-123', - host: { - ip: ['hostip-1'], - }, - }, - }; - expect(data).toEqual(expected); - }); - - test('it formats an event with a event category correctly', () => { - const fields: readonly string[] = ['event.category']; - const data = formatEventsData(fields, hit, eventFieldsMap); - const expected: EcsEdges = { - cursor: { - tiebreaker: '1234', - value: '123567890', - }, - node: { - _id: 'id-123', - _index: 'index-123', - event: { - category: ['event-category-1'], - }, - }, - }; - - expect(data).toEqual(expected); - }); - - test('it formats an event with a event id correctly', () => { - const fields: readonly string[] = ['event.id']; - const data = formatEventsData(fields, hit, eventFieldsMap); - const expected: EcsEdges = { - cursor: { - tiebreaker: '1234', - value: '123567890', - }, - node: { - _id: 'id-123', - _index: 'index-123', - event: { - id: ['event-id-1'], - }, - }, - }; - expect(data).toEqual(expected); - }); - - test('it formats an event with a event module correctly', () => { - const fields: readonly string[] = ['event.module']; - const data = formatEventsData(fields, hit, eventFieldsMap); - const expected: EcsEdges = { - cursor: { - tiebreaker: '1234', - value: '123567890', - }, - node: { - _id: 'id-123', - _index: 'index-123', - event: { - module: ['event-module-1'], - }, - }, - }; - expect(data).toEqual(expected); - }); - - test('it formats an event with a event action correctly', () => { - const fields: readonly string[] = ['event.action']; - const data = formatEventsData(fields, hit, eventFieldsMap); - const expected: EcsEdges = { - cursor: { - tiebreaker: '1234', - value: '123567890', - }, - node: { - _id: 'id-123', - _index: 'index-123', - event: { - action: ['event-action-1'], - }, - }, - }; - - expect(data).toEqual(expected); - }); - - test('it formats an event with a event severity correctly', () => { - const fields: readonly string[] = ['event.severity']; - const data = formatEventsData(fields, hit, eventFieldsMap); - const expected: EcsEdges = { - cursor: { - tiebreaker: '1234', - value: '123567890', - }, - node: { - _id: 'id-123', - _index: 'index-123', - event: { - severity: [1], - }, - }, - }; - - expect(data).toEqual(expected); - }); - - test('it formats an event with a suricata eve flow id correctly', () => { - const fields: readonly string[] = ['suricata.eve.flow_id']; - const data = formatEventsData(fields, hit, eventFieldsMap); - const expected: EcsEdges = { - cursor: { - tiebreaker: '1234', - value: '123567890', - }, - node: { - _id: 'id-123', - _index: 'index-123', - suricata: { - eve: { - flow_id: [100], - }, - }, - }, - }; - - expect(data).toEqual(expected); - }); - - test('it formats an event with a suricata eve proto correctly', () => { - const fields: readonly string[] = ['suricata.eve.proto']; - const data = formatEventsData(fields, hit, eventFieldsMap); - const expected: EcsEdges = { - cursor: { - tiebreaker: '1234', - value: '123567890', - }, - node: { - _id: 'id-123', - _index: 'index-123', - suricata: { - eve: { - proto: ['suricata-proto-1'], - }, - }, - }, - }; - - expect(data).toEqual(expected); - }); - - test('it formats an event with a suricata eve alert signature correctly', () => { - const fields: readonly string[] = ['suricata.eve.alert.signature']; - const data = formatEventsData(fields, hit, eventFieldsMap); - const expected: EcsEdges = { - cursor: { - tiebreaker: '1234', - value: '123567890', - }, - node: { - _id: 'id-123', - _index: 'index-123', - suricata: { - eve: { - alert: { - signature: ['suricata-signature-1'], - }, - }, - }, - }, - }; - - expect(data).toEqual(expected); - }); - - test('it formats an event with a suricata eve alert signature id correctly', () => { - const fields: readonly string[] = ['suricata.eve.alert.signature_id']; - const data = formatEventsData(fields, hit, eventFieldsMap); - const expected: EcsEdges = { - cursor: { - tiebreaker: '1234', - value: '123567890', - }, - node: { - _id: 'id-123', - _index: 'index-123', - suricata: { - eve: { - alert: { - signature_id: [5000], - }, - }, - }, - }, - }; - - expect(data).toEqual(expected); - }); - - test('it formats an event with a source ip correctly', () => { - const fields: readonly string[] = ['source.ip']; - const data = formatEventsData(fields, hit, eventFieldsMap); - const expected: EcsEdges = { - cursor: { - tiebreaker: '1234', - value: '123567890', - }, - node: { - _id: 'id-123', - _index: 'index-123', - source: { - ip: ['source-ip-1'], - }, - }, - }; - - expect(data).toEqual(expected); - }); - - test('it formats an event with a source port correctly', () => { - const fields: readonly string[] = ['source.port']; - const data = formatEventsData(fields, hit, eventFieldsMap); - const expected: EcsEdges = { - cursor: { - tiebreaker: '1234', - value: '123567890', - }, - node: { - _id: 'id-123', - _index: 'index-123', - source: { - port: [100], - }, - }, - }; - - expect(data).toEqual(expected); - }); - - test('it formats an event with a destination ip correctly', () => { - const fields: readonly string[] = ['destination.ip']; - const data = formatEventsData(fields, hit, eventFieldsMap); - const expected: EcsEdges = { - cursor: { - tiebreaker: '1234', - value: '123567890', - }, - node: { - _id: 'id-123', - _index: 'index-123', - destination: { - ip: ['destination-ip-1'], - }, - }, - }; - - expect(data).toEqual(expected); - }); - - test('it formats an event with a destination port correctly', () => { - const fields: readonly string[] = ['destination.port']; - const data = formatEventsData(fields, hit, eventFieldsMap); - const expected: EcsEdges = { - cursor: { - tiebreaker: '1234', - value: '123567890', - }, - node: { - _id: 'id-123', - _index: 'index-123', - destination: { - port: [200], - }, - }, - }; - - expect(data).toEqual(expected); - }); - - test('it formats an event with a geo region name correctly', () => { - const fields: readonly string[] = ['geo.region_name']; - const data = formatEventsData(fields, hit, eventFieldsMap); - const expected: EcsEdges = { - cursor: { - tiebreaker: '1234', - value: '123567890', - }, - node: { - _id: 'id-123', - _index: 'index-123', - geo: { - region_name: ['geo-region-1'], - }, - }, - }; - - expect(data).toEqual(expected); - }); - - test('it formats an event with a geo country iso code correctly', () => { - const fields: readonly string[] = ['geo.country_iso_code']; - const data = formatEventsData(fields, hit, eventFieldsMap); - const expected: EcsEdges = { - cursor: { - tiebreaker: '1234', - value: '123567890', - }, - node: { - _id: 'id-123', - _index: 'index-123', - geo: { - country_iso_code: ['geo-iso-code-1'], - }, - }, - }; - - expect(data).toEqual(expected); - }); - - test('it formats an event with a lot of fields correctly', () => { - const fields: readonly string[] = [ - 'host.name', - 'host.ip', - 'suricata.eve.proto', - 'suricata.eve.alert.signature_id', - 'geo.region_name', - ]; - const data = formatEventsData(fields, hit, eventFieldsMap); - const expected: EcsEdges = { - cursor: { - tiebreaker: '1234', - value: '123567890', - }, - node: { - _id: 'id-123', - _index: 'index-123', - host: { - name: ['hostname-1'], - ip: ['hostip-1'], - }, - geo: { - region_name: ['geo-region-1'], - }, - suricata: { - eve: { - proto: ['suricata-proto-1'], - alert: { - signature_id: [5000], - }, - }, - }, - }, - }; - - expect(data).toEqual(expected); - }); - - test('it formats a event data if fields are empty', () => { - const fields: readonly string[] = []; - const data = formatEventsData(fields, hit, eventFieldsMap); - const expected: EcsEdges = { cursor: { tiebreaker: null, value: '' }, node: { _id: '' } }; - - expect(data).toEqual(expected); - }); - }); - - describe('#formatTimelineData', () => { - test('it formats TimelineEdges from hit as expected ', () => { - const datafields: readonly string[] = [ - '@timestamp', - 'host.name', - 'suricata.eve.alert.signature_id', - ]; - const ecsfields: readonly string[] = ['host.name', 'suricata.eve.alert.signature_id']; - const data = formatTimelineData(datafields, ecsfields, hit, eventFieldsMap); - // TODO: Re-add TimelineEdges back once we settle on if data can contain numbers or not. - // otherwise delete this test. - const expected = { - cursor: { tiebreaker: '1234', value: '123567890' }, - node: { - _id: 'id-123', - _index: 'index-123', - data: [ - { field: 'host.name', value: ['hostname-1'] }, - { field: 'suricata.eve.alert.signature_id', value: [5000] }, - { field: '@timestamp', value: ['time-1'] }, - ], - ecs: { - _id: 'id-123', - _index: 'index-123', - host: { name: ['hostname-1'] }, - suricata: { eve: { alert: { signature_id: [5000] } } }, - }, - }, - }; - expect(data).toEqual(expected); - }); - }); - - describe('Timeline Details', () => { - test('Happy Path ', async () => { - const mockCallWithRequest = jest.fn(); - mockCallWithRequest.mockImplementation((req: FrameworkRequest, method: string) => { - if (method === 'search') { - return mockResponseSearchTimelineDetails; - } - return mockResponseMap; - }); - const mockFramework: FrameworkAdapter = { - callWithRequest: mockCallWithRequest, - registerGraphQLEndpoint: jest.fn(), - getIndexPatternsService: jest.fn(), - }; - jest.doMock('../framework', () => ({ - callWithRequest: mockCallWithRequest, - })); - - const EsNetworkTimelineDetail = new ElasticsearchEventsAdapter(mockFramework); - const data: TimelineDetailsData = await EsNetworkTimelineDetail.getTimelineDetails( - mockRequest as FrameworkRequest, - mockOptions - ); - - expect(data).toEqual(mockTimelineDetailsResult); - }); - describe('getFieldCategory', () => { - test('should return field category when passed field', () => { - const data = getFieldCategory('agent.id'); - expect(data).toEqual('agent'); - }); - test('should return "base" when passed a category of type "baseCategoryField"', () => { - const data = getFieldCategory('@timestamp'); - expect(data).toEqual('base'); - }); - }); - }); -}); diff --git a/x-pack/plugins/security_solution/server/lib/events/elasticsearch_adapter.ts b/x-pack/plugins/security_solution/server/lib/events/elasticsearch_adapter.ts deleted file mode 100644 index 8b656272ecc99..0000000000000 --- a/x-pack/plugins/security_solution/server/lib/events/elasticsearch_adapter.ts +++ /dev/null @@ -1,264 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import { - cloneDeep, - get, - getOr, - has, - isEmpty, - isNumber, - isObject, - isString, - last, - merge, - uniq, -} from 'lodash/fp'; - -import { - DetailItem, - EcsEdges, - LastEventTimeData, - TimelineData, - TimelineDetailsData, - TimelineEdges, -} from '../../graphql/types'; -import { reduceFields } from '../../utils/build_query/reduce_fields'; -import { mergeFieldsWithHit, inspectStringifyObject } from '../../utils/build_query'; -import { eventFieldsMap } from '../ecs_fields'; -import { FrameworkAdapter, FrameworkRequest } from '../framework'; -import { TermAggregation } from '../types'; - -import { buildDetailsQuery, buildTimelineQuery } from './query.dsl'; -import { buildLastEventTimeQuery } from './query.last_event_time.dsl'; -import { - EventHit, - EventsAdapter, - LastEventTimeHit, - LastEventTimeRequestOptions, - RequestDetailsOptions, - TimelineRequestOptions, -} from './types'; - -const baseCategoryFields = ['@timestamp', 'labels', 'message', 'tags']; - -export class ElasticsearchEventsAdapter implements EventsAdapter { - constructor(private readonly framework: FrameworkAdapter) {} - - public async getTimelineData( - request: FrameworkRequest, - options: TimelineRequestOptions - ): Promise { - const { fieldRequested, ...queryOptions } = cloneDeep(options); - queryOptions.fields = uniq([ - ...fieldRequested, - ...reduceFields(queryOptions.fields, eventFieldsMap), - ]); - const dsl = buildTimelineQuery(queryOptions); - const response = await this.framework.callWithRequest( - request, - 'search', - dsl - ); - const { limit } = options.pagination; - const totalCount = getOr(0, 'hits.total.value', response); - const hits = response.hits.hits; - const timelineEdges: TimelineEdges[] = hits.map((hit) => - formatTimelineData(options.fieldRequested, options.fields, hit, eventFieldsMap) - ); - const hasNextPage = timelineEdges.length === limit + 1; - const edges = hasNextPage ? timelineEdges.splice(0, limit) : timelineEdges; - const lastCursor = get('cursor', last(edges)); - const inspect = { - dsl: [inspectStringifyObject(dsl)], - response: [inspectStringifyObject(response)], - }; - - return { edges, inspect, pageInfo: { hasNextPage, endCursor: lastCursor }, totalCount }; - } - - public async getTimelineDetails( - request: FrameworkRequest, - options: RequestDetailsOptions - ): Promise { - const dsl = buildDetailsQuery(options.indexName, options.eventId, options.docValueFields ?? []); - const searchResponse = await this.framework.callWithRequest( - request, - 'search', - dsl - ); - - const sourceData = getOr({}, 'hits.hits.0._source', searchResponse); - const hitsData = getOr({}, 'hits.hits.0', searchResponse); - delete hitsData._source; - const inspect = { - dsl: [inspectStringifyObject(dsl)], - response: [inspectStringifyObject(searchResponse)], - }; - const data = getDataFromHits(merge(sourceData, hitsData)); - - return { - data, - inspect, - }; - } - - public async getLastEventTimeData( - request: FrameworkRequest, - options: LastEventTimeRequestOptions - ): Promise { - const dsl = buildLastEventTimeQuery(options); - const response = await this.framework.callWithRequest( - request, - 'search', - dsl - ); - const inspect = { - dsl: [inspectStringifyObject(dsl)], - response: [inspectStringifyObject(response)], - }; - return { - inspect, - lastSeen: getOr(null, 'aggregations.last_seen_event.value_as_string', response), - }; - } -} - -export const formatEventsData = ( - fields: readonly string[], - hit: EventHit, - fieldMap: Readonly> -) => - fields.reduce( - (flattenedFields, fieldName) => { - flattenedFields.node._id = hit._id; - flattenedFields.node._index = hit._index; - if (hit.sort && hit.sort.length > 1) { - flattenedFields.cursor.value = hit.sort[0]; - flattenedFields.cursor.tiebreaker = hit.sort[1]; - } - return mergeFieldsWithHit(fieldName, flattenedFields, fieldMap, hit); - }, - { - node: { _id: '' }, - cursor: { - value: '', - tiebreaker: null, - }, - } - ); - -export const formatTimelineData = ( - dataFields: readonly string[], - ecsFields: readonly string[], - hit: EventHit, - fieldMap: Readonly> -) => - uniq([...ecsFields, ...dataFields]).reduce( - (flattenedFields, fieldName) => { - flattenedFields.node._id = hit._id; - flattenedFields.node._index = hit._index; - flattenedFields.node.ecs._id = hit._id; - flattenedFields.node.ecs._index = hit._index; - if (hit.sort && hit.sort.length > 1) { - flattenedFields.cursor.value = hit.sort[0]; - flattenedFields.cursor.tiebreaker = hit.sort[1]; - } - return mergeTimelineFieldsWithHit( - fieldName, - flattenedFields, - fieldMap, - hit, - dataFields, - ecsFields - ); - }, - { - node: { ecs: { _id: '' }, data: [], _id: '', _index: '' }, - cursor: { - value: '', - tiebreaker: null, - }, - } - ); - -const specialFields = ['_id', '_index', '_type', '_score']; - -const mergeTimelineFieldsWithHit = ( - fieldName: string, - flattenedFields: T, - fieldMap: Readonly>, - hit: { _source: {} }, - dataFields: readonly string[], - ecsFields: readonly string[] -) => { - if (fieldMap[fieldName] != null || dataFields.includes(fieldName)) { - const esField = dataFields.includes(fieldName) ? fieldName : fieldMap[fieldName]; - if (has(esField, hit._source) || specialFields.includes(esField)) { - const objectWithProperty = { - node: { - ...get('node', flattenedFields), - data: dataFields.includes(fieldName) - ? [ - ...get('node.data', flattenedFields), - { - field: fieldName, - value: specialFields.includes(esField) - ? get(esField, hit) - : get(esField, hit._source), - }, - ] - : get('node.data', flattenedFields), - ecs: ecsFields.includes(fieldName) - ? { - ...get('node.ecs', flattenedFields), - ...fieldName - .split('.') - .reduceRight((obj, next) => ({ [next]: obj }), get(esField, hit._source)), - } - : get('node.ecs', flattenedFields), - }, - }; - return merge(flattenedFields, objectWithProperty); - } else { - return flattenedFields; - } - } else { - return flattenedFields; - } -}; - -export const getFieldCategory = (field: string): string => { - const fieldCategory = field.split('.')[0]; - if (!isEmpty(fieldCategory) && baseCategoryFields.includes(fieldCategory)) { - return 'base'; - } - return fieldCategory; -}; - -const getDataFromHits = (sources: EventSource, category?: string, path?: string): DetailItem[] => - Object.keys(sources).reduce((accumulator, source) => { - const item: EventSource = get(source, sources); - if (Array.isArray(item) || isString(item) || isNumber(item)) { - const field = path ? `${path}.${source}` : source; - const fieldCategory = getFieldCategory(field); - return [ - ...accumulator, - { - category: fieldCategory, - field, - values: item, - originalValue: item, - } as DetailItem, - ]; - } else if (isObject(item)) { - return [ - ...accumulator, - ...getDataFromHits(item, category || source, path ? `${path}.${source}` : source), - ]; - } - return accumulator; - }, []); diff --git a/x-pack/plugins/security_solution/server/lib/events/index.ts b/x-pack/plugins/security_solution/server/lib/events/index.ts deleted file mode 100644 index 9c1f87aa3d8bf..0000000000000 --- a/x-pack/plugins/security_solution/server/lib/events/index.ts +++ /dev/null @@ -1,40 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import { LastEventTimeData, TimelineData, TimelineDetailsData } from '../../graphql/types'; -import { FrameworkRequest } from '../framework'; -export * from './elasticsearch_adapter'; -import { - EventsAdapter, - TimelineRequestOptions, - LastEventTimeRequestOptions, - RequestDetailsOptions, -} from './types'; - -export class Events { - constructor(private readonly adapter: EventsAdapter) {} - - public async getTimelineData( - req: FrameworkRequest, - options: TimelineRequestOptions - ): Promise { - return this.adapter.getTimelineData(req, options); - } - - public async getTimelineDetails( - req: FrameworkRequest, - options: RequestDetailsOptions - ): Promise { - return this.adapter.getTimelineDetails(req, options); - } - - public async getLastEventTimeData( - req: FrameworkRequest, - options: LastEventTimeRequestOptions - ): Promise { - return this.adapter.getLastEventTimeData(req, options); - } -} diff --git a/x-pack/plugins/security_solution/server/lib/events/mock.ts b/x-pack/plugins/security_solution/server/lib/events/mock.ts deleted file mode 100644 index a3350a08c7d34..0000000000000 --- a/x-pack/plugins/security_solution/server/lib/events/mock.ts +++ /dev/null @@ -1,3412 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import { cloneDeep } from 'lodash/fp'; -import { DEFAULT_INDEX_PATTERN } from '../../../common/constants'; -import { RequestDetailsOptions } from './types'; - -export const mockResponseSearchTimelineDetails = { - took: 5, - timed_out: false, - _shards: { - total: 1, - successful: 1, - skipped: 0, - failed: 0, - }, - hits: { - total: { - value: 1, - relation: 'eq', - }, - max_score: 1, - hits: [ - { - _index: 'auditbeat-8.0.0-2019.03.29-000003', - _type: '_doc', - _id: 'TUfUymkBCQofM5eXGBYL', - _score: 1, - _source: { - '@timestamp': '2019-03-29T19:01:23.420Z', - service: { - type: 'auditd', - }, - user: { - audit: { - id: 'unset', - }, - group: { - id: '0', - name: 'root', - }, - effective: { - group: { - id: '0', - name: 'root', - }, - id: '0', - name: 'root', - }, - filesystem: { - group: { - name: 'root', - id: '0', - }, - name: 'root', - id: '0', - }, - saved: { - group: { - id: '0', - name: 'root', - }, - id: '0', - name: 'root', - }, - id: '0', - name: 'root', - }, - process: { - executable: '/root/go/src/github.com/elastic/beats/x-pack/auditbeat/auditbeat', - working_directory: '/root/go/src/github.com/elastic/beats/x-pack/auditbeat', - pid: 15990, - ppid: 1, - title: - '/root/go/src/github.com/elastic/beats/x-pack/auditbeat/auditbeat -e -c /root/go/src/github.com/elastic/beats/x-pack/auditbeat/au', - name: 'auditbeat', - }, - host: { - architecture: 'x86_64', - os: { - name: 'Ubuntu', - kernel: '4.15.0-45-generic', - codename: 'bionic', - platform: 'ubuntu', - version: '18.04.2 LTS (Bionic Beaver)', - family: 'debian', - }, - id: '7c21f5ed03b04d0299569d221fe18bbc', - containerized: false, - name: 'zeek-london', - ip: ['46.101.3.136', '10.16.0.5', 'fe80::4066:42ff:fe19:b3b9'], - mac: ['42:66:42:19:b3:b9'], - hostname: 'zeek-london', - }, - cloud: { - provider: 'digitalocean', - instance: { - id: '136398786', - }, - region: 'lon1', - }, - file: { - device: '00:00', - inode: '3926', - mode: '0644', - uid: '0', - gid: '0', - owner: 'root', - group: 'root', - path: '/etc/passwd', - }, - auditd: { - session: 'unset', - data: { - tty: '(none)', - a3: '0', - a2: '80000', - syscall: 'openat', - a1: '7fe0f63df220', - a0: 'ffffff9c', - arch: 'x86_64', - exit: '12', - }, - summary: { - actor: { - primary: 'unset', - secondary: 'root', - }, - object: { - primary: '/etc/passwd', - type: 'file', - }, - how: '/root/go/src/github.com/elastic/beats/x-pack/auditbeat/auditbeat', - }, - paths: [ - { - rdev: '00:00', - cap_fe: '0', - nametype: 'NORMAL', - ogid: '0', - ouid: '0', - inode: '3926', - item: '0', - mode: '0100644', - name: '/etc/passwd', - cap_fi: '0000000000000000', - cap_fp: '0000000000000000', - cap_fver: '0', - dev: 'fc:01', - }, - ], - message_type: 'syscall', - sequence: 8817905, - result: 'success', - }, - event: { - category: 'audit-rule', - action: 'opened-file', - original: [ - 'type=SYSCALL msg=audit(1553886083.420:8817905): arch=c000003e syscall=257 success=yes exit=12 a0=ffffff9c a1=7fe0f63df220 a2=80000 a3=0 items=1 ppid=1 pid=15990 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditbeat" exe="/root/go/src/github.com/elastic/beats/x-pack/auditbeat/auditbeat" key=(null)', - 'type=CWD msg=audit(1553886083.420:8817905): cwd="/root/go/src/github.com/elastic/beats/x-pack/auditbeat"', - 'type=PATH msg=audit(1553886083.420:8817905): item=0 name="/etc/passwd" inode=3926 dev=fc:01 mode=0100644 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0', - 'type=PROCTITLE msg=audit(1553886083.420:8817905): proctitle=2F726F6F742F676F2F7372632F6769746875622E636F6D2F656C61737469632F62656174732F782D7061636B2F6175646974626561742F617564697462656174002D65002D63002F726F6F742F676F2F7372632F6769746875622E636F6D2F656C61737469632F62656174732F782D7061636B2F6175646974626561742F6175', - ], - module: 'auditd', - }, - ecs: { - version: '1.0.0', - }, - agent: { - ephemeral_id: '6d541d59-52d0-4e70-b4d2-2660c0a99ff7', - hostname: 'zeek-london', - id: 'cc1f4183-36c6-45c4-b21b-7ce70c3572db', - version: '8.0.0', - type: 'auditbeat', - }, - }, - }, - ], - }, -}; -export const mockOptions: RequestDetailsOptions = { - indexName: 'auditbeat-8.0.0-2019.03.29-000003', - eventId: 'TUfUymkBCQofM5eXGBYL', - defaultIndex: DEFAULT_INDEX_PATTERN, -}; - -export const mockRequest = { - body: { - operationName: 'GetNetworkTopNFlowQuery', - variables: { - indexName: 'auditbeat-8.0.0-2019.03.29-000003', - eventId: 'TUfUymkBCQofM5eXGBYL', - }, - query: `query GetTimelineDetailsQuery($eventId: String!, $indexName: String!) { - source(id: "default") { - TimelineDetails(eventId: $eventId, indexName: $indexName) { - data { - category - description - example - field - type - values - originalValue - } - } - } - }`, - }, -}; - -export const mockResponseMap = { - 'auditbeat-8.0.0-2019.03.29-000003': { - mappings: { - _meta: { - beat: 'auditbeat', - version: '8.0.0', - }, - dynamic_templates: [ - { - 'container.labels': { - path_match: 'container.labels.*', - match_mapping_type: 'string', - mapping: { - type: 'keyword', - }, - }, - }, - { - fields: { - path_match: 'fields.*', - match_mapping_type: 'string', - mapping: { - type: 'keyword', - }, - }, - }, - { - 'docker.container.labels': { - path_match: 'docker.container.labels.*', - match_mapping_type: 'string', - mapping: { - type: 'keyword', - }, - }, - }, - { - strings_as_keyword: { - match_mapping_type: 'string', - mapping: { - ignore_above: 1024, - type: 'keyword', - }, - }, - }, - ], - date_detection: false, - properties: { - '@timestamp': { - type: 'date', - }, - agent: { - properties: { - ephemeral_id: { - type: 'keyword', - ignore_above: 1024, - }, - hostname: { - type: 'keyword', - ignore_above: 1024, - }, - id: { - type: 'keyword', - ignore_above: 1024, - }, - name: { - type: 'keyword', - ignore_above: 1024, - }, - type: { - type: 'keyword', - ignore_above: 1024, - }, - version: { - type: 'keyword', - ignore_above: 1024, - }, - }, - }, - auditd: { - properties: { - data: { - properties: { - a0: { - type: 'keyword', - ignore_above: 1024, - }, - a1: { - type: 'keyword', - ignore_above: 1024, - }, - a2: { - type: 'keyword', - ignore_above: 1024, - }, - a3: { - type: 'keyword', - ignore_above: 1024, - }, - 'a[0-3]': { - type: 'keyword', - ignore_above: 1024, - }, - acct: { - type: 'keyword', - ignore_above: 1024, - }, - acl: { - type: 'keyword', - ignore_above: 1024, - }, - action: { - type: 'keyword', - ignore_above: 1024, - }, - added: { - type: 'keyword', - ignore_above: 1024, - }, - addr: { - type: 'keyword', - ignore_above: 1024, - }, - apparmor: { - type: 'keyword', - ignore_above: 1024, - }, - arch: { - type: 'keyword', - ignore_above: 1024, - }, - argc: { - type: 'keyword', - ignore_above: 1024, - }, - audit_backlog_limit: { - type: 'keyword', - ignore_above: 1024, - }, - audit_backlog_wait_time: { - type: 'keyword', - ignore_above: 1024, - }, - audit_enabled: { - type: 'keyword', - ignore_above: 1024, - }, - audit_failure: { - type: 'keyword', - ignore_above: 1024, - }, - banners: { - type: 'keyword', - ignore_above: 1024, - }, - bool: { - type: 'keyword', - ignore_above: 1024, - }, - bus: { - type: 'keyword', - ignore_above: 1024, - }, - cap_fe: { - type: 'keyword', - ignore_above: 1024, - }, - cap_fi: { - type: 'keyword', - ignore_above: 1024, - }, - cap_fp: { - type: 'keyword', - ignore_above: 1024, - }, - cap_fver: { - type: 'keyword', - ignore_above: 1024, - }, - cap_pe: { - type: 'keyword', - ignore_above: 1024, - }, - cap_pi: { - type: 'keyword', - ignore_above: 1024, - }, - cap_pp: { - type: 'keyword', - ignore_above: 1024, - }, - capability: { - type: 'keyword', - ignore_above: 1024, - }, - cgroup: { - type: 'keyword', - ignore_above: 1024, - }, - changed: { - type: 'keyword', - ignore_above: 1024, - }, - cipher: { - type: 'keyword', - ignore_above: 1024, - }, - class: { - type: 'keyword', - ignore_above: 1024, - }, - cmd: { - type: 'keyword', - ignore_above: 1024, - }, - code: { - type: 'keyword', - ignore_above: 1024, - }, - compat: { - type: 'keyword', - ignore_above: 1024, - }, - daddr: { - type: 'keyword', - ignore_above: 1024, - }, - data: { - type: 'keyword', - ignore_above: 1024, - }, - 'default-context': { - type: 'keyword', - ignore_above: 1024, - }, - dev: { - type: 'keyword', - ignore_above: 1024, - }, - device: { - type: 'keyword', - ignore_above: 1024, - }, - dir: { - type: 'keyword', - ignore_above: 1024, - }, - direction: { - type: 'keyword', - ignore_above: 1024, - }, - dmac: { - type: 'keyword', - ignore_above: 1024, - }, - dport: { - type: 'keyword', - ignore_above: 1024, - }, - enforcing: { - type: 'keyword', - ignore_above: 1024, - }, - entries: { - type: 'keyword', - ignore_above: 1024, - }, - exit: { - type: 'keyword', - ignore_above: 1024, - }, - fam: { - type: 'keyword', - ignore_above: 1024, - }, - family: { - type: 'keyword', - ignore_above: 1024, - }, - fd: { - type: 'keyword', - ignore_above: 1024, - }, - fe: { - type: 'keyword', - ignore_above: 1024, - }, - feature: { - type: 'keyword', - ignore_above: 1024, - }, - fi: { - type: 'keyword', - ignore_above: 1024, - }, - file: { - type: 'keyword', - ignore_above: 1024, - }, - flags: { - type: 'keyword', - ignore_above: 1024, - }, - format: { - type: 'keyword', - ignore_above: 1024, - }, - fp: { - type: 'keyword', - ignore_above: 1024, - }, - fver: { - type: 'keyword', - ignore_above: 1024, - }, - grantors: { - type: 'keyword', - ignore_above: 1024, - }, - grp: { - type: 'keyword', - ignore_above: 1024, - }, - hook: { - type: 'keyword', - ignore_above: 1024, - }, - hostname: { - type: 'keyword', - ignore_above: 1024, - }, - icmp_type: { - type: 'keyword', - ignore_above: 1024, - }, - id: { - type: 'keyword', - ignore_above: 1024, - }, - igid: { - type: 'keyword', - ignore_above: 1024, - }, - 'img-ctx': { - type: 'keyword', - ignore_above: 1024, - }, - inif: { - type: 'keyword', - ignore_above: 1024, - }, - ino: { - type: 'keyword', - ignore_above: 1024, - }, - inode: { - type: 'keyword', - ignore_above: 1024, - }, - inode_gid: { - type: 'keyword', - ignore_above: 1024, - }, - inode_uid: { - type: 'keyword', - ignore_above: 1024, - }, - invalid_context: { - type: 'keyword', - ignore_above: 1024, - }, - ioctlcmd: { - type: 'keyword', - ignore_above: 1024, - }, - ip: { - type: 'keyword', - ignore_above: 1024, - }, - ipid: { - type: 'keyword', - ignore_above: 1024, - }, - 'ipx-net': { - type: 'keyword', - ignore_above: 1024, - }, - item: { - type: 'keyword', - ignore_above: 1024, - }, - items: { - type: 'keyword', - ignore_above: 1024, - }, - iuid: { - type: 'keyword', - ignore_above: 1024, - }, - kernel: { - type: 'keyword', - ignore_above: 1024, - }, - kind: { - type: 'keyword', - ignore_above: 1024, - }, - ksize: { - type: 'keyword', - ignore_above: 1024, - }, - laddr: { - type: 'keyword', - ignore_above: 1024, - }, - len: { - type: 'keyword', - ignore_above: 1024, - }, - list: { - type: 'keyword', - ignore_above: 1024, - }, - lport: { - type: 'keyword', - ignore_above: 1024, - }, - mac: { - type: 'keyword', - ignore_above: 1024, - }, - macproto: { - type: 'keyword', - ignore_above: 1024, - }, - maj: { - type: 'keyword', - ignore_above: 1024, - }, - major: { - type: 'keyword', - ignore_above: 1024, - }, - minor: { - type: 'keyword', - ignore_above: 1024, - }, - mode: { - type: 'keyword', - ignore_above: 1024, - }, - model: { - type: 'keyword', - ignore_above: 1024, - }, - msg: { - type: 'keyword', - ignore_above: 1024, - }, - name: { - type: 'keyword', - ignore_above: 1024, - }, - nametype: { - type: 'keyword', - ignore_above: 1024, - }, - nargs: { - type: 'keyword', - ignore_above: 1024, - }, - net: { - type: 'keyword', - ignore_above: 1024, - }, - new: { - type: 'keyword', - ignore_above: 1024, - }, - 'new-chardev': { - type: 'keyword', - ignore_above: 1024, - }, - 'new-disk': { - type: 'keyword', - ignore_above: 1024, - }, - 'new-enabled': { - type: 'keyword', - ignore_above: 1024, - }, - 'new-fs': { - type: 'keyword', - ignore_above: 1024, - }, - 'new-level': { - type: 'keyword', - ignore_above: 1024, - }, - 'new-log_passwd': { - type: 'keyword', - ignore_above: 1024, - }, - 'new-mem': { - type: 'keyword', - ignore_above: 1024, - }, - 'new-net': { - type: 'keyword', - ignore_above: 1024, - }, - 'new-range': { - type: 'keyword', - ignore_above: 1024, - }, - 'new-rng': { - type: 'keyword', - ignore_above: 1024, - }, - 'new-role': { - type: 'keyword', - ignore_above: 1024, - }, - 'new-seuser': { - type: 'keyword', - ignore_above: 1024, - }, - 'new-vcpu': { - type: 'keyword', - ignore_above: 1024, - }, - new_gid: { - type: 'keyword', - ignore_above: 1024, - }, - new_lock: { - type: 'keyword', - ignore_above: 1024, - }, - new_pe: { - type: 'keyword', - ignore_above: 1024, - }, - new_pi: { - type: 'keyword', - ignore_above: 1024, - }, - new_pp: { - type: 'keyword', - ignore_above: 1024, - }, - 'nlnk-fam': { - type: 'keyword', - ignore_above: 1024, - }, - 'nlnk-grp': { - type: 'keyword', - ignore_above: 1024, - }, - 'nlnk-pid': { - type: 'keyword', - ignore_above: 1024, - }, - oauid: { - type: 'keyword', - ignore_above: 1024, - }, - obj: { - type: 'keyword', - ignore_above: 1024, - }, - obj_gid: { - type: 'keyword', - ignore_above: 1024, - }, - obj_uid: { - type: 'keyword', - ignore_above: 1024, - }, - ocomm: { - type: 'keyword', - ignore_above: 1024, - }, - oflag: { - type: 'keyword', - ignore_above: 1024, - }, - old: { - type: 'keyword', - ignore_above: 1024, - }, - 'old-auid': { - type: 'keyword', - ignore_above: 1024, - }, - 'old-chardev': { - type: 'keyword', - ignore_above: 1024, - }, - 'old-disk': { - type: 'keyword', - ignore_above: 1024, - }, - 'old-enabled': { - type: 'keyword', - ignore_above: 1024, - }, - 'old-fs': { - type: 'keyword', - ignore_above: 1024, - }, - 'old-level': { - type: 'keyword', - ignore_above: 1024, - }, - 'old-log_passwd': { - type: 'keyword', - ignore_above: 1024, - }, - 'old-mem': { - type: 'keyword', - ignore_above: 1024, - }, - 'old-net': { - type: 'keyword', - ignore_above: 1024, - }, - 'old-range': { - type: 'keyword', - ignore_above: 1024, - }, - 'old-rng': { - type: 'keyword', - ignore_above: 1024, - }, - 'old-role': { - type: 'keyword', - ignore_above: 1024, - }, - 'old-ses': { - type: 'keyword', - ignore_above: 1024, - }, - 'old-seuser': { - type: 'keyword', - ignore_above: 1024, - }, - 'old-vcpu': { - type: 'keyword', - ignore_above: 1024, - }, - old_enforcing: { - type: 'keyword', - ignore_above: 1024, - }, - old_lock: { - type: 'keyword', - ignore_above: 1024, - }, - old_pe: { - type: 'keyword', - ignore_above: 1024, - }, - old_pi: { - type: 'keyword', - ignore_above: 1024, - }, - old_pp: { - type: 'keyword', - ignore_above: 1024, - }, - old_prom: { - type: 'keyword', - ignore_above: 1024, - }, - old_val: { - type: 'keyword', - ignore_above: 1024, - }, - op: { - type: 'keyword', - ignore_above: 1024, - }, - opid: { - type: 'keyword', - ignore_above: 1024, - }, - oses: { - type: 'keyword', - ignore_above: 1024, - }, - outif: { - type: 'keyword', - ignore_above: 1024, - }, - parent: { - type: 'keyword', - ignore_above: 1024, - }, - path: { - type: 'keyword', - ignore_above: 1024, - }, - per: { - type: 'keyword', - ignore_above: 1024, - }, - perm: { - type: 'keyword', - ignore_above: 1024, - }, - perm_mask: { - type: 'keyword', - ignore_above: 1024, - }, - permissive: { - type: 'keyword', - ignore_above: 1024, - }, - pfs: { - type: 'keyword', - ignore_above: 1024, - }, - printer: { - type: 'keyword', - ignore_above: 1024, - }, - prom: { - type: 'keyword', - ignore_above: 1024, - }, - proto: { - type: 'keyword', - ignore_above: 1024, - }, - qbytes: { - type: 'keyword', - ignore_above: 1024, - }, - range: { - type: 'keyword', - ignore_above: 1024, - }, - rdev: { - type: 'keyword', - ignore_above: 1024, - }, - reason: { - type: 'keyword', - ignore_above: 1024, - }, - removed: { - type: 'keyword', - ignore_above: 1024, - }, - res: { - type: 'keyword', - ignore_above: 1024, - }, - resrc: { - type: 'keyword', - ignore_above: 1024, - }, - rport: { - type: 'keyword', - ignore_above: 1024, - }, - sauid: { - type: 'keyword', - ignore_above: 1024, - }, - scontext: { - type: 'keyword', - ignore_above: 1024, - }, - 'selected-context': { - type: 'keyword', - ignore_above: 1024, - }, - seperm: { - type: 'keyword', - ignore_above: 1024, - }, - seperms: { - type: 'keyword', - ignore_above: 1024, - }, - seqno: { - type: 'keyword', - ignore_above: 1024, - }, - seresult: { - type: 'keyword', - ignore_above: 1024, - }, - ses: { - type: 'keyword', - ignore_above: 1024, - }, - seuser: { - type: 'keyword', - ignore_above: 1024, - }, - sig: { - type: 'keyword', - ignore_above: 1024, - }, - sigev_signo: { - type: 'keyword', - ignore_above: 1024, - }, - smac: { - type: 'keyword', - ignore_above: 1024, - }, - socket: { - properties: { - addr: { - type: 'keyword', - ignore_above: 1024, - }, - family: { - type: 'keyword', - ignore_above: 1024, - }, - path: { - type: 'keyword', - ignore_above: 1024, - }, - port: { - type: 'keyword', - ignore_above: 1024, - }, - saddr: { - type: 'keyword', - ignore_above: 1024, - }, - }, - }, - spid: { - type: 'keyword', - ignore_above: 1024, - }, - sport: { - type: 'keyword', - ignore_above: 1024, - }, - state: { - type: 'keyword', - ignore_above: 1024, - }, - subj: { - type: 'keyword', - ignore_above: 1024, - }, - success: { - type: 'keyword', - ignore_above: 1024, - }, - syscall: { - type: 'keyword', - ignore_above: 1024, - }, - table: { - type: 'keyword', - ignore_above: 1024, - }, - tclass: { - type: 'keyword', - ignore_above: 1024, - }, - tcontext: { - type: 'keyword', - ignore_above: 1024, - }, - terminal: { - type: 'keyword', - ignore_above: 1024, - }, - tty: { - type: 'keyword', - ignore_above: 1024, - }, - unit: { - type: 'keyword', - ignore_above: 1024, - }, - uri: { - type: 'keyword', - ignore_above: 1024, - }, - uuid: { - type: 'keyword', - ignore_above: 1024, - }, - val: { - type: 'keyword', - ignore_above: 1024, - }, - ver: { - type: 'keyword', - ignore_above: 1024, - }, - virt: { - type: 'keyword', - ignore_above: 1024, - }, - vm: { - type: 'keyword', - ignore_above: 1024, - }, - 'vm-ctx': { - type: 'keyword', - ignore_above: 1024, - }, - 'vm-pid': { - type: 'keyword', - ignore_above: 1024, - }, - watch: { - type: 'keyword', - ignore_above: 1024, - }, - }, - }, - message_type: { - type: 'keyword', - ignore_above: 1024, - }, - paths: { - properties: { - cap_fe: { - type: 'keyword', - ignore_above: 1024, - }, - cap_fi: { - type: 'keyword', - ignore_above: 1024, - }, - cap_fp: { - type: 'keyword', - ignore_above: 1024, - }, - cap_fver: { - type: 'keyword', - ignore_above: 1024, - }, - dev: { - type: 'keyword', - ignore_above: 1024, - }, - inode: { - type: 'keyword', - ignore_above: 1024, - }, - item: { - type: 'keyword', - ignore_above: 1024, - }, - mode: { - type: 'keyword', - ignore_above: 1024, - }, - name: { - type: 'keyword', - ignore_above: 1024, - }, - nametype: { - type: 'keyword', - ignore_above: 1024, - }, - obj_domain: { - type: 'keyword', - ignore_above: 1024, - }, - obj_level: { - type: 'keyword', - ignore_above: 1024, - }, - obj_role: { - type: 'keyword', - ignore_above: 1024, - }, - obj_user: { - type: 'keyword', - ignore_above: 1024, - }, - objtype: { - type: 'keyword', - ignore_above: 1024, - }, - ogid: { - type: 'keyword', - ignore_above: 1024, - }, - ouid: { - type: 'keyword', - ignore_above: 1024, - }, - rdev: { - type: 'keyword', - ignore_above: 1024, - }, - }, - }, - result: { - type: 'keyword', - ignore_above: 1024, - }, - sequence: { - type: 'long', - }, - session: { - type: 'keyword', - ignore_above: 1024, - }, - summary: { - properties: { - actor: { - properties: { - primary: { - type: 'keyword', - ignore_above: 1024, - }, - secondary: { - type: 'keyword', - ignore_above: 1024, - }, - }, - }, - how: { - type: 'keyword', - ignore_above: 1024, - }, - object: { - properties: { - primary: { - type: 'keyword', - ignore_above: 1024, - }, - secondary: { - type: 'keyword', - ignore_above: 1024, - }, - type: { - type: 'keyword', - ignore_above: 1024, - }, - }, - }, - }, - }, - }, - }, - client: { - properties: { - address: { - type: 'keyword', - ignore_above: 1024, - }, - bytes: { - type: 'long', - }, - domain: { - type: 'keyword', - ignore_above: 1024, - }, - geo: { - properties: { - city_name: { - type: 'keyword', - ignore_above: 1024, - }, - continent_name: { - type: 'keyword', - ignore_above: 1024, - }, - country_iso_code: { - type: 'keyword', - ignore_above: 1024, - }, - country_name: { - type: 'keyword', - ignore_above: 1024, - }, - location: { - type: 'geo_point', - }, - name: { - type: 'keyword', - ignore_above: 1024, - }, - region_iso_code: { - type: 'keyword', - ignore_above: 1024, - }, - region_name: { - type: 'keyword', - ignore_above: 1024, - }, - }, - }, - ip: { - type: 'ip', - }, - mac: { - type: 'keyword', - ignore_above: 1024, - }, - packets: { - type: 'long', - }, - port: { - type: 'long', - }, - }, - }, - cloud: { - properties: { - account: { - properties: { - id: { - type: 'keyword', - ignore_above: 1024, - }, - }, - }, - availability_zone: { - type: 'keyword', - ignore_above: 1024, - }, - instance: { - properties: { - id: { - type: 'keyword', - ignore_above: 1024, - }, - name: { - type: 'keyword', - ignore_above: 1024, - }, - }, - }, - machine: { - properties: { - type: { - type: 'keyword', - ignore_above: 1024, - }, - }, - }, - project: { - properties: { - id: { - type: 'keyword', - ignore_above: 1024, - }, - }, - }, - provider: { - type: 'keyword', - ignore_above: 1024, - }, - region: { - type: 'keyword', - ignore_above: 1024, - }, - }, - }, - container: { - properties: { - id: { - type: 'keyword', - ignore_above: 1024, - }, - image: { - properties: { - name: { - type: 'keyword', - ignore_above: 1024, - }, - tag: { - type: 'keyword', - ignore_above: 1024, - }, - }, - }, - labels: { - type: 'object', - }, - name: { - type: 'keyword', - ignore_above: 1024, - }, - runtime: { - type: 'keyword', - ignore_above: 1024, - }, - }, - }, - destination: { - properties: { - address: { - type: 'keyword', - ignore_above: 1024, - }, - bytes: { - type: 'long', - }, - domain: { - type: 'keyword', - ignore_above: 1024, - }, - geo: { - properties: { - city_name: { - type: 'keyword', - ignore_above: 1024, - }, - continent_name: { - type: 'keyword', - ignore_above: 1024, - }, - country_iso_code: { - type: 'keyword', - ignore_above: 1024, - }, - country_name: { - type: 'keyword', - ignore_above: 1024, - }, - location: { - type: 'geo_point', - }, - name: { - type: 'keyword', - ignore_above: 1024, - }, - region_iso_code: { - type: 'keyword', - ignore_above: 1024, - }, - region_name: { - type: 'keyword', - ignore_above: 1024, - }, - }, - }, - ip: { - type: 'ip', - }, - mac: { - type: 'keyword', - ignore_above: 1024, - }, - packets: { - type: 'long', - }, - path: { - type: 'keyword', - ignore_above: 1024, - }, - port: { - type: 'long', - }, - }, - }, - docker: { - properties: { - container: { - properties: { - labels: { - type: 'object', - }, - }, - }, - }, - }, - ecs: { - properties: { - version: { - type: 'keyword', - ignore_above: 1024, - }, - }, - }, - error: { - properties: { - code: { - type: 'keyword', - ignore_above: 1024, - }, - id: { - type: 'keyword', - ignore_above: 1024, - }, - message: { - type: 'text', - norms: false, - }, - type: { - type: 'keyword', - ignore_above: 1024, - }, - }, - }, - event: { - properties: { - action: { - type: 'keyword', - ignore_above: 1024, - }, - category: { - type: 'keyword', - ignore_above: 1024, - }, - created: { - type: 'date', - }, - dataset: { - type: 'keyword', - ignore_above: 1024, - }, - duration: { - type: 'long', - }, - end: { - type: 'date', - }, - hash: { - type: 'keyword', - ignore_above: 1024, - }, - id: { - type: 'keyword', - ignore_above: 1024, - }, - kind: { - type: 'keyword', - ignore_above: 1024, - }, - module: { - type: 'keyword', - ignore_above: 1024, - }, - origin: { - type: 'keyword', - ignore_above: 1024, - }, - original: { - type: 'keyword', - index: false, - doc_values: false, - ignore_above: 1024, - }, - outcome: { - type: 'keyword', - ignore_above: 1024, - }, - risk_score: { - type: 'float', - }, - risk_score_norm: { - type: 'float', - }, - severity: { - type: 'long', - }, - start: { - type: 'date', - }, - timezone: { - type: 'keyword', - ignore_above: 1024, - }, - type: { - type: 'keyword', - ignore_above: 1024, - }, - }, - }, - fields: { - type: 'object', - }, - file: { - properties: { - ctime: { - type: 'date', - }, - device: { - type: 'keyword', - ignore_above: 1024, - }, - extension: { - type: 'keyword', - ignore_above: 1024, - }, - gid: { - type: 'keyword', - ignore_above: 1024, - }, - group: { - type: 'keyword', - ignore_above: 1024, - }, - inode: { - type: 'keyword', - ignore_above: 1024, - }, - mode: { - type: 'keyword', - ignore_above: 1024, - }, - mtime: { - type: 'date', - }, - origin: { - type: 'keyword', - fields: { - raw: { - type: 'keyword', - ignore_above: 1024, - }, - }, - ignore_above: 1024, - }, - owner: { - type: 'keyword', - ignore_above: 1024, - }, - path: { - type: 'keyword', - ignore_above: 1024, - }, - selinux: { - properties: { - domain: { - type: 'keyword', - ignore_above: 1024, - }, - level: { - type: 'keyword', - ignore_above: 1024, - }, - role: { - type: 'keyword', - ignore_above: 1024, - }, - user: { - type: 'keyword', - ignore_above: 1024, - }, - }, - }, - setgid: { - type: 'boolean', - }, - setuid: { - type: 'boolean', - }, - size: { - type: 'long', - }, - target_path: { - type: 'keyword', - ignore_above: 1024, - }, - type: { - type: 'keyword', - ignore_above: 1024, - }, - uid: { - type: 'keyword', - ignore_above: 1024, - }, - }, - }, - geoip: { - properties: { - city_name: { - type: 'keyword', - ignore_above: 1024, - }, - continent_name: { - type: 'keyword', - ignore_above: 1024, - }, - country_iso_code: { - type: 'keyword', - ignore_above: 1024, - }, - location: { - type: 'geo_point', - }, - region_name: { - type: 'keyword', - ignore_above: 1024, - }, - }, - }, - group: { - properties: { - id: { - type: 'keyword', - ignore_above: 1024, - }, - name: { - type: 'keyword', - ignore_above: 1024, - }, - }, - }, - hash: { - properties: { - blake2b_256: { - type: 'keyword', - ignore_above: 1024, - }, - blake2b_384: { - type: 'keyword', - ignore_above: 1024, - }, - blake2b_512: { - type: 'keyword', - ignore_above: 1024, - }, - md5: { - type: 'keyword', - ignore_above: 1024, - }, - sha1: { - type: 'keyword', - ignore_above: 1024, - }, - sha224: { - type: 'keyword', - ignore_above: 1024, - }, - sha256: { - type: 'keyword', - ignore_above: 1024, - }, - sha384: { - type: 'keyword', - ignore_above: 1024, - }, - sha3_224: { - type: 'keyword', - ignore_above: 1024, - }, - sha3_256: { - type: 'keyword', - ignore_above: 1024, - }, - sha3_384: { - type: 'keyword', - ignore_above: 1024, - }, - sha3_512: { - type: 'keyword', - ignore_above: 1024, - }, - sha512: { - type: 'keyword', - ignore_above: 1024, - }, - sha512_224: { - type: 'keyword', - ignore_above: 1024, - }, - sha512_256: { - type: 'keyword', - ignore_above: 1024, - }, - xxh64: { - type: 'keyword', - ignore_above: 1024, - }, - }, - }, - host: { - properties: { - architecture: { - type: 'keyword', - ignore_above: 1024, - }, - containerized: { - type: 'boolean', - }, - geo: { - properties: { - city_name: { - type: 'keyword', - ignore_above: 1024, - }, - continent_name: { - type: 'keyword', - ignore_above: 1024, - }, - country_iso_code: { - type: 'keyword', - ignore_above: 1024, - }, - country_name: { - type: 'keyword', - ignore_above: 1024, - }, - location: { - type: 'geo_point', - }, - name: { - type: 'keyword', - ignore_above: 1024, - }, - region_iso_code: { - type: 'keyword', - ignore_above: 1024, - }, - region_name: { - type: 'keyword', - ignore_above: 1024, - }, - }, - }, - hostname: { - type: 'keyword', - ignore_above: 1024, - }, - id: { - type: 'keyword', - ignore_above: 1024, - }, - ip: { - type: 'ip', - }, - mac: { - type: 'keyword', - ignore_above: 1024, - }, - name: { - type: 'keyword', - ignore_above: 1024, - }, - os: { - properties: { - codename: { - type: 'keyword', - ignore_above: 1024, - }, - family: { - type: 'keyword', - ignore_above: 1024, - }, - full: { - type: 'keyword', - ignore_above: 1024, - }, - kernel: { - type: 'keyword', - ignore_above: 1024, - }, - name: { - type: 'keyword', - ignore_above: 1024, - }, - platform: { - type: 'keyword', - ignore_above: 1024, - }, - version: { - type: 'keyword', - ignore_above: 1024, - }, - }, - }, - type: { - type: 'keyword', - ignore_above: 1024, - }, - }, - }, - http: { - properties: { - request: { - properties: { - body: { - properties: { - bytes: { - type: 'long', - }, - content: { - type: 'keyword', - ignore_above: 1024, - }, - }, - }, - bytes: { - type: 'long', - }, - method: { - type: 'keyword', - ignore_above: 1024, - }, - referrer: { - type: 'keyword', - ignore_above: 1024, - }, - }, - }, - response: { - properties: { - body: { - properties: { - bytes: { - type: 'long', - }, - content: { - type: 'keyword', - ignore_above: 1024, - }, - }, - }, - bytes: { - type: 'long', - }, - status_code: { - type: 'long', - }, - }, - }, - version: { - type: 'keyword', - ignore_above: 1024, - }, - }, - }, - kubernetes: { - properties: { - annotations: { - type: 'object', - }, - container: { - properties: { - image: { - type: 'keyword', - ignore_above: 1024, - }, - name: { - type: 'keyword', - ignore_above: 1024, - }, - }, - }, - labels: { - type: 'object', - }, - namespace: { - type: 'keyword', - ignore_above: 1024, - }, - node: { - properties: { - name: { - type: 'keyword', - ignore_above: 1024, - }, - }, - }, - pod: { - properties: { - name: { - type: 'keyword', - ignore_above: 1024, - }, - uid: { - type: 'keyword', - ignore_above: 1024, - }, - }, - }, - }, - }, - labels: { - type: 'object', - }, - log: { - properties: { - level: { - type: 'keyword', - ignore_above: 1024, - }, - original: { - type: 'keyword', - index: false, - doc_values: false, - ignore_above: 1024, - }, - }, - }, - message: { - type: 'text', - norms: false, - }, - network: { - properties: { - application: { - type: 'keyword', - ignore_above: 1024, - }, - bytes: { - type: 'long', - }, - community_id: { - type: 'keyword', - ignore_above: 1024, - }, - direction: { - type: 'keyword', - ignore_above: 1024, - }, - forwarded_ip: { - type: 'ip', - }, - iana_number: { - type: 'keyword', - ignore_above: 1024, - }, - name: { - type: 'keyword', - ignore_above: 1024, - }, - packets: { - type: 'long', - }, - protocol: { - type: 'keyword', - ignore_above: 1024, - }, - transport: { - type: 'keyword', - ignore_above: 1024, - }, - type: { - type: 'keyword', - ignore_above: 1024, - }, - }, - }, - observer: { - properties: { - geo: { - properties: { - city_name: { - type: 'keyword', - ignore_above: 1024, - }, - continent_name: { - type: 'keyword', - ignore_above: 1024, - }, - country_iso_code: { - type: 'keyword', - ignore_above: 1024, - }, - country_name: { - type: 'keyword', - ignore_above: 1024, - }, - location: { - type: 'geo_point', - }, - name: { - type: 'keyword', - ignore_above: 1024, - }, - region_iso_code: { - type: 'keyword', - ignore_above: 1024, - }, - region_name: { - type: 'keyword', - ignore_above: 1024, - }, - }, - }, - hostname: { - type: 'keyword', - ignore_above: 1024, - }, - ip: { - type: 'ip', - }, - mac: { - type: 'keyword', - ignore_above: 1024, - }, - os: { - properties: { - family: { - type: 'keyword', - ignore_above: 1024, - }, - full: { - type: 'keyword', - ignore_above: 1024, - }, - kernel: { - type: 'keyword', - ignore_above: 1024, - }, - name: { - type: 'keyword', - ignore_above: 1024, - }, - platform: { - type: 'keyword', - ignore_above: 1024, - }, - version: { - type: 'keyword', - ignore_above: 1024, - }, - }, - }, - serial_number: { - type: 'keyword', - ignore_above: 1024, - }, - type: { - type: 'keyword', - ignore_above: 1024, - }, - vendor: { - type: 'keyword', - ignore_above: 1024, - }, - version: { - type: 'keyword', - ignore_above: 1024, - }, - }, - }, - organization: { - properties: { - id: { - type: 'keyword', - ignore_above: 1024, - }, - name: { - type: 'keyword', - ignore_above: 1024, - }, - }, - }, - os: { - properties: { - family: { - type: 'keyword', - ignore_above: 1024, - }, - full: { - type: 'keyword', - ignore_above: 1024, - }, - kernel: { - type: 'keyword', - ignore_above: 1024, - }, - name: { - type: 'keyword', - ignore_above: 1024, - }, - platform: { - type: 'keyword', - ignore_above: 1024, - }, - version: { - type: 'keyword', - ignore_above: 1024, - }, - }, - }, - process: { - properties: { - args: { - type: 'keyword', - ignore_above: 1024, - }, - entity_id: { - type: 'keyword', - ignore_above: 1024, - }, - executable: { - type: 'keyword', - ignore_above: 1024, - }, - name: { - type: 'keyword', - ignore_above: 1024, - }, - pid: { - type: 'long', - }, - ppid: { - type: 'long', - }, - start: { - type: 'date', - }, - thread: { - properties: { - id: { - type: 'long', - }, - }, - }, - title: { - type: 'keyword', - ignore_above: 1024, - }, - working_directory: { - type: 'keyword', - ignore_above: 1024, - }, - }, - }, - related: { - properties: { - ip: { - type: 'ip', - }, - }, - }, - server: { - properties: { - address: { - type: 'keyword', - ignore_above: 1024, - }, - bytes: { - type: 'long', - }, - domain: { - type: 'keyword', - ignore_above: 1024, - }, - geo: { - properties: { - city_name: { - type: 'keyword', - ignore_above: 1024, - }, - continent_name: { - type: 'keyword', - ignore_above: 1024, - }, - country_iso_code: { - type: 'keyword', - ignore_above: 1024, - }, - country_name: { - type: 'keyword', - ignore_above: 1024, - }, - location: { - type: 'geo_point', - }, - name: { - type: 'keyword', - ignore_above: 1024, - }, - region_iso_code: { - type: 'keyword', - ignore_above: 1024, - }, - region_name: { - type: 'keyword', - ignore_above: 1024, - }, - }, - }, - ip: { - type: 'ip', - }, - mac: { - type: 'keyword', - ignore_above: 1024, - }, - packets: { - type: 'long', - }, - port: { - type: 'long', - }, - }, - }, - service: { - properties: { - ephemeral_id: { - type: 'keyword', - ignore_above: 1024, - }, - id: { - type: 'keyword', - ignore_above: 1024, - }, - name: { - type: 'keyword', - ignore_above: 1024, - }, - state: { - type: 'keyword', - ignore_above: 1024, - }, - type: { - type: 'keyword', - ignore_above: 1024, - }, - version: { - type: 'keyword', - ignore_above: 1024, - }, - }, - }, - socket: { - properties: { - entity_id: { - type: 'keyword', - ignore_above: 1024, - }, - }, - }, - source: { - properties: { - address: { - type: 'keyword', - ignore_above: 1024, - }, - bytes: { - type: 'long', - }, - domain: { - type: 'keyword', - ignore_above: 1024, - }, - geo: { - properties: { - city_name: { - type: 'keyword', - ignore_above: 1024, - }, - continent_name: { - type: 'keyword', - ignore_above: 1024, - }, - country_iso_code: { - type: 'keyword', - ignore_above: 1024, - }, - country_name: { - type: 'keyword', - ignore_above: 1024, - }, - location: { - type: 'geo_point', - }, - name: { - type: 'keyword', - ignore_above: 1024, - }, - region_iso_code: { - type: 'keyword', - ignore_above: 1024, - }, - region_name: { - type: 'keyword', - ignore_above: 1024, - }, - }, - }, - ip: { - type: 'ip', - }, - mac: { - type: 'keyword', - ignore_above: 1024, - }, - packets: { - type: 'long', - }, - path: { - type: 'keyword', - ignore_above: 1024, - }, - port: { - type: 'long', - }, - }, - }, - system: { - properties: { - audit: { - properties: { - host: { - properties: { - architecture: { - type: 'keyword', - ignore_above: 1024, - }, - boottime: { - type: 'date', - }, - containerized: { - type: 'boolean', - }, - hostname: { - type: 'keyword', - ignore_above: 1024, - }, - id: { - type: 'keyword', - ignore_above: 1024, - }, - ip: { - type: 'ip', - }, - mac: { - type: 'keyword', - ignore_above: 1024, - }, - os: { - properties: { - family: { - type: 'keyword', - ignore_above: 1024, - }, - kernel: { - type: 'keyword', - ignore_above: 1024, - }, - name: { - type: 'keyword', - ignore_above: 1024, - }, - platform: { - type: 'keyword', - ignore_above: 1024, - }, - version: { - type: 'keyword', - ignore_above: 1024, - }, - }, - }, - timezone: { - properties: { - name: { - type: 'keyword', - ignore_above: 1024, - }, - offset: { - properties: { - sec: { - type: 'long', - }, - }, - }, - }, - }, - uptime: { - type: 'long', - }, - }, - }, - package: { - properties: { - arch: { - type: 'keyword', - ignore_above: 1024, - }, - entity_id: { - type: 'keyword', - ignore_above: 1024, - }, - installtime: { - type: 'date', - }, - license: { - type: 'keyword', - ignore_above: 1024, - }, - name: { - type: 'keyword', - ignore_above: 1024, - }, - release: { - type: 'keyword', - ignore_above: 1024, - }, - size: { - type: 'long', - }, - summary: { - type: 'keyword', - ignore_above: 1024, - }, - url: { - type: 'keyword', - ignore_above: 1024, - }, - version: { - type: 'keyword', - ignore_above: 1024, - }, - }, - }, - user: { - properties: { - dir: { - type: 'keyword', - ignore_above: 1024, - }, - gid: { - type: 'keyword', - ignore_above: 1024, - }, - group: { - properties: { - gid: { - type: 'keyword', - ignore_above: 1024, - }, - name: { - type: 'keyword', - ignore_above: 1024, - }, - }, - }, - name: { - type: 'keyword', - ignore_above: 1024, - }, - password: { - properties: { - last_changed: { - type: 'date', - }, - type: { - type: 'keyword', - ignore_above: 1024, - }, - }, - }, - shell: { - type: 'keyword', - ignore_above: 1024, - }, - uid: { - type: 'keyword', - ignore_above: 1024, - }, - user_information: { - type: 'keyword', - ignore_above: 1024, - }, - }, - }, - }, - }, - }, - }, - tags: { - type: 'keyword', - ignore_above: 1024, - }, - url: { - properties: { - domain: { - type: 'keyword', - ignore_above: 1024, - }, - fragment: { - type: 'keyword', - ignore_above: 1024, - }, - full: { - type: 'keyword', - ignore_above: 1024, - }, - original: { - type: 'keyword', - ignore_above: 1024, - }, - password: { - type: 'keyword', - ignore_above: 1024, - }, - path: { - type: 'keyword', - ignore_above: 1024, - }, - port: { - type: 'long', - }, - query: { - type: 'keyword', - ignore_above: 1024, - }, - scheme: { - type: 'keyword', - ignore_above: 1024, - }, - username: { - type: 'keyword', - ignore_above: 1024, - }, - }, - }, - user: { - properties: { - audit: { - properties: { - id: { - type: 'keyword', - ignore_above: 1024, - }, - name: { - type: 'keyword', - ignore_above: 1024, - }, - }, - }, - effective: { - properties: { - group: { - properties: { - id: { - type: 'keyword', - ignore_above: 1024, - }, - name: { - type: 'keyword', - ignore_above: 1024, - }, - }, - }, - id: { - type: 'keyword', - ignore_above: 1024, - }, - name: { - type: 'keyword', - ignore_above: 1024, - }, - }, - }, - email: { - type: 'keyword', - ignore_above: 1024, - }, - entity_id: { - type: 'keyword', - ignore_above: 1024, - }, - filesystem: { - properties: { - group: { - properties: { - id: { - type: 'keyword', - ignore_above: 1024, - }, - name: { - type: 'keyword', - ignore_above: 1024, - }, - }, - }, - id: { - type: 'keyword', - ignore_above: 1024, - }, - name: { - type: 'keyword', - ignore_above: 1024, - }, - }, - }, - full_name: { - type: 'keyword', - ignore_above: 1024, - }, - group: { - properties: { - id: { - type: 'keyword', - ignore_above: 1024, - }, - name: { - type: 'keyword', - ignore_above: 1024, - }, - }, - }, - hash: { - type: 'keyword', - ignore_above: 1024, - }, - id: { - type: 'keyword', - ignore_above: 1024, - }, - name: { - type: 'keyword', - ignore_above: 1024, - }, - name_map: { - type: 'object', - }, - ogid: { - properties: { - id: { - type: 'keyword', - ignore_above: 1024, - }, - name: { - type: 'keyword', - ignore_above: 1024, - }, - }, - }, - ouid: { - properties: { - id: { - type: 'keyword', - ignore_above: 1024, - }, - name: { - type: 'keyword', - ignore_above: 1024, - }, - }, - }, - saved: { - properties: { - group: { - properties: { - id: { - type: 'keyword', - ignore_above: 1024, - }, - name: { - type: 'keyword', - ignore_above: 1024, - }, - }, - }, - id: { - type: 'keyword', - ignore_above: 1024, - }, - name: { - type: 'keyword', - ignore_above: 1024, - }, - }, - }, - selinux: { - properties: { - category: { - type: 'keyword', - ignore_above: 1024, - }, - domain: { - type: 'keyword', - ignore_above: 1024, - }, - level: { - type: 'keyword', - ignore_above: 1024, - }, - role: { - type: 'keyword', - ignore_above: 1024, - }, - user: { - type: 'keyword', - ignore_above: 1024, - }, - }, - }, - terminal: { - type: 'keyword', - ignore_above: 1024, - }, - }, - }, - user_agent: { - properties: { - device: { - properties: { - name: { - type: 'keyword', - ignore_above: 1024, - }, - }, - }, - name: { - type: 'keyword', - ignore_above: 1024, - }, - original: { - type: 'keyword', - ignore_above: 1024, - }, - os: { - properties: { - family: { - type: 'keyword', - ignore_above: 1024, - }, - full: { - type: 'keyword', - ignore_above: 1024, - }, - kernel: { - type: 'keyword', - ignore_above: 1024, - }, - name: { - type: 'keyword', - ignore_above: 1024, - }, - platform: { - type: 'keyword', - ignore_above: 1024, - }, - version: { - type: 'keyword', - ignore_above: 1024, - }, - }, - }, - version: { - type: 'keyword', - ignore_above: 1024, - }, - }, - }, - }, - }, - }, -}; - -export const mockDetailsQueryDsl = { - mockDetailsQueryDsl: 'mockDetailsQueryDsl', -}; - -export const mockQueryDsl = { - mockQueryDsl: 'mockQueryDsl', -}; - -const mockTimelineDetailsInspectResponse = cloneDeep(mockResponseSearchTimelineDetails); -// @ts-expect-error -delete mockTimelineDetailsInspectResponse.hits.hits[0]._source; - -export const mockTimelineDetailsResult = { - inspect: { - dsl: [JSON.stringify(mockDetailsQueryDsl, null, 2)], - response: [JSON.stringify(mockTimelineDetailsInspectResponse, null, 2)], - }, - data: [ - { - category: 'base', - field: '@timestamp', - values: '2019-03-29T19:01:23.420Z', - originalValue: '2019-03-29T19:01:23.420Z', - }, - { - category: 'service', - field: 'service.type', - values: 'auditd', - originalValue: 'auditd', - }, - { - category: 'user', - field: 'user.audit.id', - values: 'unset', - originalValue: 'unset', - }, - { - category: 'user', - field: 'user.group.id', - values: '0', - originalValue: '0', - }, - { - category: 'user', - field: 'user.group.name', - values: 'root', - originalValue: 'root', - }, - { - category: 'user', - field: 'user.effective.group.id', - values: '0', - originalValue: '0', - }, - { - category: 'user', - field: 'user.effective.group.name', - values: 'root', - originalValue: 'root', - }, - { - category: 'user', - field: 'user.effective.id', - values: '0', - originalValue: '0', - }, - { - category: 'user', - field: 'user.effective.name', - values: 'root', - originalValue: 'root', - }, - { - category: 'user', - field: 'user.filesystem.group.name', - values: 'root', - originalValue: 'root', - }, - { - category: 'user', - field: 'user.filesystem.group.id', - values: '0', - originalValue: '0', - }, - { - category: 'user', - field: 'user.filesystem.name', - values: 'root', - originalValue: 'root', - }, - { - category: 'user', - field: 'user.filesystem.id', - values: '0', - originalValue: '0', - }, - { - category: 'user', - field: 'user.saved.group.id', - values: '0', - originalValue: '0', - }, - { - category: 'user', - field: 'user.saved.group.name', - values: 'root', - originalValue: 'root', - }, - { - category: 'user', - field: 'user.saved.id', - values: '0', - originalValue: '0', - }, - { - category: 'user', - field: 'user.saved.name', - values: 'root', - originalValue: 'root', - }, - { - category: 'user', - field: 'user.id', - values: '0', - originalValue: '0', - }, - { - category: 'user', - field: 'user.name', - values: 'root', - originalValue: 'root', - }, - { - category: 'process', - field: 'process.executable', - values: '/root/go/src/github.com/elastic/beats/x-pack/auditbeat/auditbeat', - originalValue: '/root/go/src/github.com/elastic/beats/x-pack/auditbeat/auditbeat', - }, - { - category: 'process', - field: 'process.working_directory', - values: '/root/go/src/github.com/elastic/beats/x-pack/auditbeat', - originalValue: '/root/go/src/github.com/elastic/beats/x-pack/auditbeat', - }, - { - category: 'process', - field: 'process.pid', - values: 15990, - originalValue: 15990, - }, - { - category: 'process', - field: 'process.ppid', - values: 1, - originalValue: 1, - }, - { - category: 'process', - field: 'process.title', - values: - '/root/go/src/github.com/elastic/beats/x-pack/auditbeat/auditbeat -e -c /root/go/src/github.com/elastic/beats/x-pack/auditbeat/au', - originalValue: - '/root/go/src/github.com/elastic/beats/x-pack/auditbeat/auditbeat -e -c /root/go/src/github.com/elastic/beats/x-pack/auditbeat/au', - }, - { - category: 'process', - field: 'process.name', - values: 'auditbeat', - originalValue: 'auditbeat', - }, - { - category: 'host', - field: 'host.architecture', - values: 'x86_64', - originalValue: 'x86_64', - }, - { - category: 'host', - field: 'host.os.name', - values: 'Ubuntu', - originalValue: 'Ubuntu', - }, - { - category: 'host', - field: 'host.os.kernel', - values: '4.15.0-45-generic', - originalValue: '4.15.0-45-generic', - }, - { - category: 'host', - field: 'host.os.codename', - values: 'bionic', - originalValue: 'bionic', - }, - { - category: 'host', - field: 'host.os.platform', - values: 'ubuntu', - originalValue: 'ubuntu', - }, - { - category: 'host', - field: 'host.os.version', - values: '18.04.2 LTS (Bionic Beaver)', - originalValue: '18.04.2 LTS (Bionic Beaver)', - }, - { - category: 'host', - field: 'host.os.family', - values: 'debian', - originalValue: 'debian', - }, - { - category: 'host', - field: 'host.id', - values: '7c21f5ed03b04d0299569d221fe18bbc', - originalValue: '7c21f5ed03b04d0299569d221fe18bbc', - }, - { - category: 'host', - field: 'host.name', - values: 'zeek-london', - originalValue: 'zeek-london', - }, - { - category: 'host', - field: 'host.ip', - values: ['46.101.3.136', '10.16.0.5', 'fe80::4066:42ff:fe19:b3b9'], - originalValue: ['46.101.3.136', '10.16.0.5', 'fe80::4066:42ff:fe19:b3b9'], - }, - { - category: 'host', - field: 'host.mac', - values: ['42:66:42:19:b3:b9'], - originalValue: ['42:66:42:19:b3:b9'], - }, - { - category: 'host', - field: 'host.hostname', - values: 'zeek-london', - originalValue: 'zeek-london', - }, - { - category: 'cloud', - field: 'cloud.provider', - values: 'digitalocean', - originalValue: 'digitalocean', - }, - { - category: 'cloud', - field: 'cloud.instance.id', - values: '136398786', - originalValue: '136398786', - }, - { - category: 'cloud', - field: 'cloud.region', - values: 'lon1', - originalValue: 'lon1', - }, - { - category: 'file', - field: 'file.device', - values: '00:00', - originalValue: '00:00', - }, - { - category: 'file', - field: 'file.inode', - values: '3926', - originalValue: '3926', - }, - { - category: 'file', - field: 'file.mode', - values: '0644', - originalValue: '0644', - }, - { - category: 'file', - field: 'file.uid', - values: '0', - originalValue: '0', - }, - { - category: 'file', - field: 'file.gid', - values: '0', - originalValue: '0', - }, - { - category: 'file', - field: 'file.owner', - values: 'root', - originalValue: 'root', - }, - { - category: 'file', - field: 'file.group', - values: 'root', - originalValue: 'root', - }, - { - category: 'file', - field: 'file.path', - values: '/etc/passwd', - originalValue: '/etc/passwd', - }, - { - category: 'auditd', - field: 'auditd.session', - values: 'unset', - originalValue: 'unset', - }, - { - category: 'auditd', - field: 'auditd.data.tty', - values: '(none)', - originalValue: '(none)', - }, - { - category: 'auditd', - field: 'auditd.data.a3', - values: '0', - originalValue: '0', - }, - { - category: 'auditd', - field: 'auditd.data.a2', - values: '80000', - originalValue: '80000', - }, - { - category: 'auditd', - field: 'auditd.data.syscall', - values: 'openat', - originalValue: 'openat', - }, - { - category: 'auditd', - field: 'auditd.data.a1', - values: '7fe0f63df220', - originalValue: '7fe0f63df220', - }, - { - category: 'auditd', - field: 'auditd.data.a0', - values: 'ffffff9c', - originalValue: 'ffffff9c', - }, - { - category: 'auditd', - field: 'auditd.data.arch', - values: 'x86_64', - originalValue: 'x86_64', - }, - { - category: 'auditd', - field: 'auditd.data.exit', - values: '12', - originalValue: '12', - }, - { - category: 'auditd', - field: 'auditd.summary.actor.primary', - values: 'unset', - originalValue: 'unset', - }, - { - category: 'auditd', - field: 'auditd.summary.actor.secondary', - values: 'root', - originalValue: 'root', - }, - { - category: 'auditd', - field: 'auditd.summary.object.primary', - values: '/etc/passwd', - originalValue: '/etc/passwd', - }, - { - category: 'auditd', - field: 'auditd.summary.object.type', - values: 'file', - originalValue: 'file', - }, - { - category: 'auditd', - field: 'auditd.summary.how', - values: '/root/go/src/github.com/elastic/beats/x-pack/auditbeat/auditbeat', - originalValue: '/root/go/src/github.com/elastic/beats/x-pack/auditbeat/auditbeat', - }, - { - category: 'auditd', - field: 'auditd.paths', - values: [ - { - rdev: '00:00', - cap_fe: '0', - nametype: 'NORMAL', - ogid: '0', - ouid: '0', - inode: '3926', - item: '0', - mode: '0100644', - name: '/etc/passwd', - cap_fi: '0000000000000000', - cap_fp: '0000000000000000', - cap_fver: '0', - dev: 'fc:01', - }, - ], - originalValue: [ - { - rdev: '00:00', - cap_fe: '0', - nametype: 'NORMAL', - ogid: '0', - ouid: '0', - inode: '3926', - item: '0', - mode: '0100644', - name: '/etc/passwd', - cap_fi: '0000000000000000', - cap_fp: '0000000000000000', - cap_fver: '0', - dev: 'fc:01', - }, - ], - }, - { - category: 'auditd', - field: 'auditd.message_type', - values: 'syscall', - originalValue: 'syscall', - }, - { - category: 'auditd', - field: 'auditd.sequence', - values: 8817905, - originalValue: 8817905, - }, - { - category: 'auditd', - field: 'auditd.result', - values: 'success', - originalValue: 'success', - }, - { - category: 'event', - field: 'event.category', - values: 'audit-rule', - originalValue: 'audit-rule', - }, - { - category: 'event', - field: 'event.action', - values: 'opened-file', - originalValue: 'opened-file', - }, - { - category: 'event', - field: 'event.original', - values: [ - 'type=SYSCALL msg=audit(1553886083.420:8817905): arch=c000003e syscall=257 success=yes exit=12 a0=ffffff9c a1=7fe0f63df220 a2=80000 a3=0 items=1 ppid=1 pid=15990 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditbeat" exe="/root/go/src/github.com/elastic/beats/x-pack/auditbeat/auditbeat" key=(null)', - 'type=CWD msg=audit(1553886083.420:8817905): cwd="/root/go/src/github.com/elastic/beats/x-pack/auditbeat"', - 'type=PATH msg=audit(1553886083.420:8817905): item=0 name="/etc/passwd" inode=3926 dev=fc:01 mode=0100644 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0', - 'type=PROCTITLE msg=audit(1553886083.420:8817905): proctitle=2F726F6F742F676F2F7372632F6769746875622E636F6D2F656C61737469632F62656174732F782D7061636B2F6175646974626561742F617564697462656174002D65002D63002F726F6F742F676F2F7372632F6769746875622E636F6D2F656C61737469632F62656174732F782D7061636B2F6175646974626561742F6175', - ], - originalValue: [ - 'type=SYSCALL msg=audit(1553886083.420:8817905): arch=c000003e syscall=257 success=yes exit=12 a0=ffffff9c a1=7fe0f63df220 a2=80000 a3=0 items=1 ppid=1 pid=15990 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditbeat" exe="/root/go/src/github.com/elastic/beats/x-pack/auditbeat/auditbeat" key=(null)', - 'type=CWD msg=audit(1553886083.420:8817905): cwd="/root/go/src/github.com/elastic/beats/x-pack/auditbeat"', - 'type=PATH msg=audit(1553886083.420:8817905): item=0 name="/etc/passwd" inode=3926 dev=fc:01 mode=0100644 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0', - 'type=PROCTITLE msg=audit(1553886083.420:8817905): proctitle=2F726F6F742F676F2F7372632F6769746875622E636F6D2F656C61737469632F62656174732F782D7061636B2F6175646974626561742F617564697462656174002D65002D63002F726F6F742F676F2F7372632F6769746875622E636F6D2F656C61737469632F62656174732F782D7061636B2F6175646974626561742F6175', - ], - }, - { - category: 'event', - field: 'event.module', - values: 'auditd', - originalValue: 'auditd', - }, - { - category: 'ecs', - field: 'ecs.version', - values: '1.0.0', - originalValue: '1.0.0', - }, - { - category: 'agent', - field: 'agent.ephemeral_id', - values: '6d541d59-52d0-4e70-b4d2-2660c0a99ff7', - originalValue: '6d541d59-52d0-4e70-b4d2-2660c0a99ff7', - }, - { - category: 'agent', - field: 'agent.hostname', - values: 'zeek-london', - originalValue: 'zeek-london', - }, - { - category: 'agent', - field: 'agent.id', - values: 'cc1f4183-36c6-45c4-b21b-7ce70c3572db', - originalValue: 'cc1f4183-36c6-45c4-b21b-7ce70c3572db', - }, - { - category: 'agent', - field: 'agent.version', - values: '8.0.0', - originalValue: '8.0.0', - }, - { - category: 'agent', - field: 'agent.type', - values: 'auditbeat', - originalValue: 'auditbeat', - }, - { - category: '_index', - field: '_index', - values: 'auditbeat-8.0.0-2019.03.29-000003', - originalValue: 'auditbeat-8.0.0-2019.03.29-000003', - }, - { - category: '_type', - field: '_type', - values: '_doc', - originalValue: '_doc', - }, - { - category: '_id', - field: '_id', - values: 'TUfUymkBCQofM5eXGBYL', - originalValue: 'TUfUymkBCQofM5eXGBYL', - }, - { - category: '_score', - field: '_score', - values: 1, - originalValue: 1, - }, - ], -}; diff --git a/x-pack/plugins/security_solution/server/lib/events/query.dsl.ts b/x-pack/plugins/security_solution/server/lib/events/query.dsl.ts deleted file mode 100644 index 143ef1e9d5bf0..0000000000000 --- a/x-pack/plugins/security_solution/server/lib/events/query.dsl.ts +++ /dev/null @@ -1,104 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ -import { isEmpty } from 'lodash/fp'; - -import { SortField, TimerangeInput, DocValueFieldsInput } from '../../graphql/types'; -import { createQueryFilterClauses } from '../../utils/build_query'; -import { RequestOptions } from '../framework'; -import { SortRequest } from '../types'; - -import { TimerangeFilter } from './types'; - -export const buildTimelineQuery = (options: RequestOptions) => { - const { limit, cursor, tiebreaker } = options.pagination; - const { fields, filterQuery } = options; - const filterClause = [...createQueryFilterClauses(filterQuery)]; - const defaultIndex = options.defaultIndex; - - const getTimerangeFilter = (timerange: TimerangeInput | undefined): TimerangeFilter[] => { - if (timerange) { - const { to, from } = timerange; - return [ - { - range: { - [options.sourceConfiguration.fields.timestamp]: { - gte: from, - lte: to, - format: 'strict_date_optional_time', - }, - }, - }, - ]; - } - return []; - }; - - const filter = [...filterClause, ...getTimerangeFilter(options.timerange), { match_all: {} }]; - - const getSortField = (sortField: SortField) => { - if (sortField.sortFieldId) { - const field: string = - sortField.sortFieldId === 'timestamp' ? '@timestamp' : sortField.sortFieldId; - - return [ - { [field]: sortField.direction }, - { [options.sourceConfiguration.fields.tiebreaker]: sortField.direction }, - ]; - } - return []; - }; - - const sort: SortRequest = getSortField(options.sortField!); - - const dslQuery = { - allowNoIndices: true, - index: defaultIndex, - ignoreUnavailable: true, - body: { - ...(isEmpty(options.docValueFields) ? { docvalue_fields: options.docValueFields } : {}), - query: { - bool: { - filter, - }, - }, - size: limit + 1, - track_total_hits: true, - sort, - _source: fields, - }, - }; - - if (cursor && tiebreaker) { - return { - ...dslQuery, - body: { - ...dslQuery.body, - search_after: [cursor, tiebreaker], - }, - }; - } - - return dslQuery; -}; - -export const buildDetailsQuery = ( - indexName: string, - id: string, - docValueFields: DocValueFieldsInput[] -) => ({ - allowNoIndices: true, - index: indexName, - ignoreUnavailable: true, - body: { - docvalue_fields: docValueFields, - query: { - terms: { - _id: [id], - }, - }, - }, - size: 1, -}); diff --git a/x-pack/plugins/security_solution/server/lib/events/query.last_event_time.dsl.ts b/x-pack/plugins/security_solution/server/lib/events/query.last_event_time.dsl.ts deleted file mode 100644 index 02badd3ccee8f..0000000000000 --- a/x-pack/plugins/security_solution/server/lib/events/query.last_event_time.dsl.ts +++ /dev/null @@ -1,91 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import { isEmpty } from 'lodash/fp'; - -import { assertUnreachable } from '../../../common/utility_types'; -import { LastEventTimeRequestOptions } from './types'; -import { LastEventIndexKey } from '../../graphql/types'; - -interface EventIndices { - [key: string]: string[]; -} - -export const buildLastEventTimeQuery = ({ - indexKey, - details, - defaultIndex, - docValueFields, -}: LastEventTimeRequestOptions) => { - const indicesToQuery: EventIndices = { - hosts: defaultIndex, - network: defaultIndex, - }; - const getHostDetailsFilter = (hostName: string) => [{ term: { 'host.name': hostName } }]; - const getIpDetailsFilter = (ip: string) => [ - { term: { 'source.ip': ip } }, - { term: { 'destination.ip': ip } }, - ]; - const getQuery = (eventIndexKey: LastEventIndexKey) => { - switch (eventIndexKey) { - case LastEventIndexKey.ipDetails: - if (details.ip) { - return { - allowNoIndices: true, - index: indicesToQuery.network, - ignoreUnavailable: true, - body: { - ...(isEmpty(docValueFields) ? { docvalue_fields: docValueFields } : {}), - aggregations: { - last_seen_event: { max: { field: '@timestamp' } }, - }, - query: { bool: { should: getIpDetailsFilter(details.ip) } }, - size: 0, - track_total_hits: false, - }, - }; - } - throw new Error('buildLastEventTimeQuery - no IP argument provided'); - case LastEventIndexKey.hostDetails: - if (details.hostName) { - return { - allowNoIndices: true, - index: indicesToQuery.hosts, - ignoreUnavailable: true, - body: { - ...(isEmpty(docValueFields) ? { docvalue_fields: docValueFields } : {}), - aggregations: { - last_seen_event: { max: { field: '@timestamp' } }, - }, - query: { bool: { filter: getHostDetailsFilter(details.hostName) } }, - size: 0, - track_total_hits: false, - }, - }; - } - throw new Error('buildLastEventTimeQuery - no hostName argument provided'); - case LastEventIndexKey.hosts: - case LastEventIndexKey.network: - return { - allowNoIndices: true, - index: indicesToQuery[indexKey], - ignoreUnavailable: true, - body: { - ...(isEmpty(docValueFields) ? { docvalue_fields: docValueFields } : {}), - aggregations: { - last_seen_event: { max: { field: '@timestamp' } }, - }, - query: { match_all: {} }, - size: 0, - track_total_hits: false, - }, - }; - default: - return assertUnreachable(eventIndexKey); - } - }; - return getQuery(indexKey); -}; diff --git a/x-pack/plugins/security_solution/server/lib/events/types.ts b/x-pack/plugins/security_solution/server/lib/events/types.ts deleted file mode 100644 index aae2360e42e65..0000000000000 --- a/x-pack/plugins/security_solution/server/lib/events/types.ts +++ /dev/null @@ -1,97 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import { - LastEventIndexKey, - LastEventTimeData, - LastTimeDetails, - SourceConfiguration, - TimelineData, - TimelineDetailsData, - DocValueFieldsInput, -} from '../../graphql/types'; -import { FrameworkRequest, RequestOptions, RequestOptionsPaginated } from '../framework'; -import { SearchHit } from '../types'; - -export interface EventsAdapter { - getTimelineData(req: FrameworkRequest, options: TimelineRequestOptions): Promise; - getTimelineDetails( - req: FrameworkRequest, - options: RequestDetailsOptions - ): Promise; - getLastEventTimeData( - req: FrameworkRequest, - options: LastEventTimeRequestOptions - ): Promise; -} - -export interface TimelineRequestOptions extends RequestOptions { - fieldRequested: string[]; -} - -export interface EventsRequestOptions extends RequestOptionsPaginated { - fieldRequested: string[]; -} - -export interface EventSource { - // eslint-disable-next-line @typescript-eslint/no-explicit-any - [field: string]: any; -} - -export interface EventHit extends SearchHit { - sort: string[]; - _source: EventSource; - aggregations: { - // eslint-disable-next-line @typescript-eslint/no-explicit-any - [agg: string]: any; - }; -} - -export interface LastEventTimeHit extends SearchHit { - aggregations: { - last_seen_event: { - value_as_string: string; - }; - }; -} -export interface LastEventTimeRequestOptions { - indexKey: LastEventIndexKey; - details: LastTimeDetails; - sourceConfiguration: SourceConfiguration; - defaultIndex: string[]; - docValueFields: DocValueFieldsInput[]; -} - -export interface TimerangeFilter { - range: { - [timestamp: string]: { - gte: string; - lte: string; - format: string; - }; - }; -} - -export interface RequestDetailsOptions { - indexName: string; - eventId: string; - defaultIndex: string[]; - docValueFields?: DocValueFieldsInput[]; -} - -interface EventsOverTimeHistogramData { - key_as_string: string; - key: number; - doc_count: number; -} - -export interface EventsActionGroupData { - key: number; - events: { - bucket: EventsOverTimeHistogramData[]; - }; - doc_count: number; -} diff --git a/x-pack/plugins/security_solution/server/lib/framework/types.ts b/x-pack/plugins/security_solution/server/lib/framework/types.ts index 68b40b72866b1..1f626d9fb2dc7 100644 --- a/x-pack/plugins/security_solution/server/lib/framework/types.ts +++ b/x-pack/plugins/security_solution/server/lib/framework/types.ts @@ -16,8 +16,6 @@ import { SortField, SourceConfiguration, TimerangeInput, - Maybe, - HistogramType, DocValueFieldsInput, } from '../../graphql/types'; @@ -119,11 +117,6 @@ export interface RequestBasicOptions { docValueFields?: DocValueFieldsInput[]; } -export interface MatrixHistogramRequestOptions extends RequestBasicOptions { - stackByField: Maybe; - histogramType: HistogramType; -} - export interface RequestOptions extends RequestBasicOptions { pagination: PaginationInput; fields: readonly string[]; diff --git a/x-pack/plugins/security_solution/server/lib/kpi_hosts/elasticsearch_adapter.test.ts b/x-pack/plugins/security_solution/server/lib/kpi_hosts/elasticsearch_adapter.test.ts deleted file mode 100644 index 059d15220b619..0000000000000 --- a/x-pack/plugins/security_solution/server/lib/kpi_hosts/elasticsearch_adapter.test.ts +++ /dev/null @@ -1,282 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import { FrameworkAdapter, FrameworkRequest } from '../framework'; - -import { ElasticsearchKpiHostsAdapter } from './elasticsearch_adapter'; -import { - mockKpiHostsAuthQuery, - mockKpiHostDetailsAuthQuery, - mockHostsQuery, - mockKpiHostsUniqueIpsQuery, - mockKpiHostDetailsUniqueIpsQuery, - mockKpiHostsMsearchOptions, - mockKpiHostsOptions, - mockKpiHostDetailsOptions, - mockKpiHostsRequest, - mockKpiHostDetailsRequest, - mockKpiHostsResponse, - mockKpiHostDetailsResponse, - mockKpiHostsResult, - mockKpiHostDetailsResult, - mockKpiHostDetailsDsl, - mockKpiHostsQueryDsl, - mockKpiHostDetailsMsearchOptions, - mockKpiHostsResponseNodata, - mockKpiHostDetailsResponseNoData, -} from './mock'; -import { buildAuthQuery } from './query_authentication.dsl'; -import { buildUniqueIpsQuery } from './query_unique_ips.dsl'; -import { buildHostsQuery } from './query_hosts.dsl'; -import { KpiHostsData, KpiHostDetailsData } from '../../graphql/types'; - -jest.mock('./query_authentication.dsl', () => { - return { - buildAuthQuery: jest.fn(), - }; -}); -jest.mock('./query_unique_ips.dsl', () => { - return { - buildUniqueIpsQuery: jest.fn(), - }; -}); -jest.mock('./query_hosts.dsl', () => { - return { - buildHostsQuery: jest.fn(), - }; -}); - -describe('getKpiHosts', () => { - let data: KpiHostsData; - const mockCallWithRequest = jest.fn(); - const mockFramework: FrameworkAdapter = { - callWithRequest: mockCallWithRequest, - registerGraphQLEndpoint: jest.fn(), - getIndexPatternsService: jest.fn(), - }; - let EsKpiHosts: ElasticsearchKpiHostsAdapter; - - describe('getKpiHosts - call stack', () => { - beforeAll(async () => { - (buildUniqueIpsQuery as jest.Mock).mockReset(); - (buildUniqueIpsQuery as jest.Mock).mockReturnValue(mockKpiHostsUniqueIpsQuery); - (buildAuthQuery as jest.Mock).mockReset(); - (buildAuthQuery as jest.Mock).mockReturnValue(mockKpiHostsAuthQuery); - (buildHostsQuery as jest.Mock).mockReset(); - (buildHostsQuery as jest.Mock).mockReturnValue(mockHostsQuery); - mockCallWithRequest.mockResolvedValue(mockKpiHostsResponse); - jest.doMock('../framework', () => ({ - callWithRequest: mockCallWithRequest, - })); - - EsKpiHosts = new ElasticsearchKpiHostsAdapter(mockFramework); - data = await EsKpiHosts.getKpiHosts( - mockKpiHostsRequest as FrameworkRequest, - mockKpiHostsOptions - ); - }); - - afterAll(() => { - mockCallWithRequest.mockRestore(); - (buildUniqueIpsQuery as jest.Mock).mockClear(); - (buildAuthQuery as jest.Mock).mockClear(); - (buildHostsQuery as jest.Mock).mockClear(); - }); - - test('should build general query with correct option', () => { - expect(buildUniqueIpsQuery).toHaveBeenCalledWith(mockKpiHostsOptions); - }); - - test('should build auth query with correct option', () => { - expect(buildAuthQuery).toHaveBeenCalledWith(mockKpiHostsOptions); - }); - - test('should build hosts query with correct option', () => { - expect(buildHostsQuery).toHaveBeenCalledWith(mockKpiHostsOptions); - }); - - test('should send msearch request', () => { - expect(mockCallWithRequest).toHaveBeenCalledWith( - mockKpiHostsRequest, - 'msearch', - mockKpiHostsMsearchOptions - ); - }); - - test('Happy Path - get Data', () => { - expect(data).toEqual(mockKpiHostsResult); - }); - }); - - describe('Unhappy Path - No data', () => { - beforeAll(async () => { - (buildUniqueIpsQuery as jest.Mock).mockReset(); - (buildUniqueIpsQuery as jest.Mock).mockReturnValue(mockKpiHostsUniqueIpsQuery); - (buildAuthQuery as jest.Mock).mockReset(); - (buildAuthQuery as jest.Mock).mockReturnValue(mockKpiHostsAuthQuery); - (buildHostsQuery as jest.Mock).mockReset(); - (buildHostsQuery as jest.Mock).mockReturnValue(mockHostsQuery); - mockCallWithRequest.mockResolvedValue(mockKpiHostsResponseNodata); - jest.doMock('../framework', () => ({ - callWithRequest: mockCallWithRequest, - })); - EsKpiHosts = new ElasticsearchKpiHostsAdapter(mockFramework); - data = await EsKpiHosts.getKpiHosts( - mockKpiHostsRequest as FrameworkRequest, - mockKpiHostsOptions - ); - }); - - afterAll(() => { - mockCallWithRequest.mockReset(); - (buildUniqueIpsQuery as jest.Mock).mockClear(); - (buildAuthQuery as jest.Mock).mockClear(); - (buildHostsQuery as jest.Mock).mockClear(); - }); - - test('getKpiHosts - response without data', async () => { - expect(data).toEqual({ - inspect: { - dsl: mockKpiHostsQueryDsl, - response: [ - JSON.stringify(mockKpiHostsResponseNodata.responses[0], null, 2), - JSON.stringify(mockKpiHostsResponseNodata.responses[1], null, 2), - JSON.stringify(mockKpiHostsResponseNodata.responses[2], null, 2), - ], - }, - hosts: null, - hostsHistogram: null, - authSuccess: null, - authSuccessHistogram: null, - authFailure: null, - authFailureHistogram: null, - uniqueSourceIps: null, - uniqueSourceIpsHistogram: null, - uniqueDestinationIps: null, - uniqueDestinationIpsHistogram: null, - }); - }); - }); -}); - -describe('getKpiHostDetails', () => { - let data: KpiHostDetailsData; - const mockCallWithRequest = jest.fn(); - const mockFramework: FrameworkAdapter = { - callWithRequest: mockCallWithRequest, - registerGraphQLEndpoint: jest.fn(), - getIndexPatternsService: jest.fn(), - }; - let EsKpiHosts: ElasticsearchKpiHostsAdapter; - - describe('getKpiHostDetails - call stack', () => { - beforeAll(async () => { - (buildUniqueIpsQuery as jest.Mock).mockReset(); - (buildUniqueIpsQuery as jest.Mock).mockReturnValue(mockKpiHostDetailsUniqueIpsQuery); - (buildAuthQuery as jest.Mock).mockReset(); - (buildAuthQuery as jest.Mock).mockReturnValue(mockKpiHostDetailsAuthQuery); - (buildHostsQuery as jest.Mock).mockReset(); - mockCallWithRequest.mockReset(); - mockCallWithRequest.mockResolvedValue(mockKpiHostDetailsResponse); - - jest.doMock('../framework', () => ({ - callWithRequest: mockCallWithRequest, - })); - EsKpiHosts = new ElasticsearchKpiHostsAdapter(mockFramework); - data = await EsKpiHosts.getKpiHostDetails( - mockKpiHostDetailsRequest as FrameworkRequest, - mockKpiHostDetailsOptions - ); - }); - - afterAll(() => { - mockCallWithRequest.mockRestore(); - (buildUniqueIpsQuery as jest.Mock).mockClear(); - (buildAuthQuery as jest.Mock).mockClear(); - (buildHostsQuery as jest.Mock).mockClear(); - }); - - test('should build unique Ip query with correct option', () => { - expect(buildUniqueIpsQuery).toHaveBeenCalledWith(mockKpiHostDetailsOptions); - }); - - test('should build auth query with correct option', () => { - expect(buildAuthQuery).toHaveBeenCalledWith(mockKpiHostDetailsOptions); - }); - - test('should not build hosts query', () => { - expect(buildHostsQuery).not.toHaveBeenCalled(); - }); - - test('should send msearch request', () => { - expect(mockCallWithRequest).toHaveBeenCalledWith( - mockKpiHostDetailsRequest, - 'msearch', - mockKpiHostDetailsMsearchOptions - ); - }); - }); - - describe('Happy Path - get Data', () => { - beforeAll(async () => { - mockCallWithRequest.mockResolvedValue(mockKpiHostDetailsResponse); - jest.doMock('../framework', () => ({ - callWithRequest: mockCallWithRequest, - })); - EsKpiHosts = new ElasticsearchKpiHostsAdapter(mockFramework); - data = await EsKpiHosts.getKpiHostDetails( - mockKpiHostDetailsRequest as FrameworkRequest, - mockKpiHostDetailsOptions - ); - }); - - afterAll(() => { - mockCallWithRequest.mockReset(); - }); - - test('getKpiHostDetails - response with data', () => { - expect(data).toEqual(mockKpiHostDetailsResult); - }); - }); - - describe('Unhappy Path - no Data', () => { - beforeEach(async () => { - mockCallWithRequest.mockResolvedValue(mockKpiHostDetailsResponseNoData); - jest.doMock('../framework', () => ({ - callWithRequest: mockCallWithRequest, - })); - EsKpiHosts = new ElasticsearchKpiHostsAdapter(mockFramework); - data = await EsKpiHosts.getKpiHostDetails( - mockKpiHostDetailsRequest as FrameworkRequest, - mockKpiHostDetailsOptions - ); - }); - - afterAll(() => { - mockCallWithRequest.mockRestore(); - }); - - test('getKpiHostDetails - response without data', async () => { - expect(data).toEqual({ - inspect: { - dsl: mockKpiHostDetailsDsl, - response: [ - JSON.stringify(mockKpiHostDetailsResponseNoData.responses[0]), - JSON.stringify(mockKpiHostDetailsResponseNoData.responses[1]), - ], - }, - authSuccess: null, - authSuccessHistogram: null, - authFailure: null, - authFailureHistogram: null, - uniqueSourceIps: null, - uniqueSourceIpsHistogram: null, - uniqueDestinationIps: null, - uniqueDestinationIpsHistogram: null, - }); - }); - }); -}); diff --git a/x-pack/plugins/security_solution/server/lib/kpi_hosts/elasticsearch_adapter.ts b/x-pack/plugins/security_solution/server/lib/kpi_hosts/elasticsearch_adapter.ts deleted file mode 100644 index 01d005be68010..0000000000000 --- a/x-pack/plugins/security_solution/server/lib/kpi_hosts/elasticsearch_adapter.ts +++ /dev/null @@ -1,205 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import { getOr } from 'lodash/fp'; - -import { FrameworkAdapter, FrameworkRequest, RequestBasicOptions } from '../framework'; -import { TermAggregation } from '../types'; -import { buildHostsQuery } from './query_hosts.dsl'; -import { buildAuthQuery } from './query_authentication.dsl'; -import { buildUniqueIpsQuery } from './query_unique_ips.dsl'; -import { - KpiHostsAdapter, - KpiHostsESMSearchBody, - KpiHostsAuthHit, - KpiHostHistogram, - KpiHostGeneralHistogramCount, - KpiHostAuthHistogramCount, - KpiHostsUniqueIpsHit, - KpiHostsHostsHit, -} from './types'; -import { KpiHostHistogramData, KpiHostsData, KpiHostDetailsData } from '../../graphql/types'; -import { inspectStringifyObject } from '../../utils/build_query'; - -const formatGeneralHistogramData = ( - data: Array> -): KpiHostHistogramData[] | null => { - return data && data.length > 0 - ? data.map(({ key, count }) => ({ - x: key, - y: count.value, - })) - : null; -}; - -const formatAuthHistogramData = ( - data: Array> -): KpiHostHistogramData[] | null => { - return data && data.length > 0 - ? data.map(({ key, count }) => ({ - x: key, - y: count.doc_count, - })) - : null; -}; - -export class ElasticsearchKpiHostsAdapter implements KpiHostsAdapter { - constructor(private readonly framework: FrameworkAdapter) {} - - public async getKpiHosts( - request: FrameworkRequest, - options: RequestBasicOptions - ): Promise { - const hostsQuery: KpiHostsESMSearchBody[] = buildHostsQuery(options); - const uniqueIpsQuery: KpiHostsESMSearchBody[] = buildUniqueIpsQuery(options); - const authQuery: KpiHostsESMSearchBody[] = buildAuthQuery(options); - const response = await this.framework.callWithRequest< - KpiHostsHostsHit | KpiHostsUniqueIpsHit | KpiHostsAuthHit, - TermAggregation - >(request, 'msearch', { - body: [...hostsQuery, ...authQuery, ...uniqueIpsQuery], - }); - - const hostsHistogram = getOr( - null, - 'responses.0.aggregations.hosts_histogram.buckets', - response - ); - const authSuccessHistogram = getOr( - null, - 'responses.1.aggregations.authentication_success_histogram.buckets', - response - ); - const authFailureHistogram = getOr( - null, - 'responses.1.aggregations.authentication_failure_histogram.buckets', - response - ); - const uniqueSourceIpsHistogram = getOr( - null, - 'responses.2.aggregations.unique_source_ips_histogram.buckets', - response - ); - const uniqueDestinationIpsHistogram = getOr( - null, - 'responses.2.aggregations.unique_destination_ips_histogram.buckets', - response - ); - - const inspect = { - dsl: [ - inspectStringifyObject({ ...hostsQuery[0], body: hostsQuery[1] }), - inspectStringifyObject({ - ...authQuery[0], - body: authQuery[1], - }), - inspectStringifyObject({ - ...uniqueIpsQuery[0], - body: uniqueIpsQuery[1], - }), - ], - response: [ - inspectStringifyObject(response.responses[0]), - inspectStringifyObject(response.responses[1]), - inspectStringifyObject(response.responses[2]), - ], - }; - return { - inspect, - hosts: getOr(null, 'responses.0.aggregations.hosts.value', response), - hostsHistogram: formatGeneralHistogramData(hostsHistogram), - authSuccess: getOr( - null, - 'responses.1.aggregations.authentication_success.doc_count', - response - ), - authSuccessHistogram: formatAuthHistogramData(authSuccessHistogram), - authFailure: getOr( - null, - 'responses.1.aggregations.authentication_failure.doc_count', - response - ), - authFailureHistogram: formatAuthHistogramData(authFailureHistogram), - uniqueSourceIps: getOr(null, 'responses.2.aggregations.unique_source_ips.value', response), - uniqueSourceIpsHistogram: formatGeneralHistogramData(uniqueSourceIpsHistogram), - uniqueDestinationIps: getOr( - null, - 'responses.2.aggregations.unique_destination_ips.value', - response - ), - uniqueDestinationIpsHistogram: formatGeneralHistogramData(uniqueDestinationIpsHistogram), - }; - } - - public async getKpiHostDetails( - request: FrameworkRequest, - options: RequestBasicOptions - ): Promise { - const uniqueIpsQuery: KpiHostsESMSearchBody[] = buildUniqueIpsQuery(options); - const authQuery: KpiHostsESMSearchBody[] = buildAuthQuery(options); - const response = await this.framework.callWithRequest< - KpiHostsUniqueIpsHit | KpiHostsAuthHit, - TermAggregation - >(request, 'msearch', { - body: [...authQuery, ...uniqueIpsQuery], - }); - - const authSuccessHistogram = getOr( - null, - 'responses.0.aggregations.authentication_success_histogram.buckets', - response - ); - const authFailureHistogram = getOr( - null, - 'responses.0.aggregations.authentication_failure_histogram.buckets', - response - ); - const uniqueSourceIpsHistogram = getOr( - null, - 'responses.1.aggregations.unique_source_ips_histogram.buckets', - response - ); - const uniqueDestinationIpsHistogram = getOr( - null, - 'responses.1.aggregations.unique_destination_ips_histogram.buckets', - response - ); - const inspect = { - dsl: [ - inspectStringifyObject({ ...authQuery[0], body: authQuery[1] }), - inspectStringifyObject({ ...uniqueIpsQuery[0], body: uniqueIpsQuery[1] }), - ], - response: [ - inspectStringifyObject(response.responses[0]), - inspectStringifyObject(response.responses[1]), - ], - }; - - return { - inspect, - authSuccess: getOr( - null, - 'responses.0.aggregations.authentication_success.doc_count', - response - ), - authSuccessHistogram: formatAuthHistogramData(authSuccessHistogram), - authFailure: getOr( - null, - 'responses.0.aggregations.authentication_failure.doc_count', - response - ), - authFailureHistogram: formatAuthHistogramData(authFailureHistogram), - uniqueSourceIps: getOr(null, 'responses.1.aggregations.unique_source_ips.value', response), - uniqueSourceIpsHistogram: formatGeneralHistogramData(uniqueSourceIpsHistogram), - uniqueDestinationIps: getOr( - null, - 'responses.1.aggregations.unique_destination_ips.value', - response - ), - uniqueDestinationIpsHistogram: formatGeneralHistogramData(uniqueDestinationIpsHistogram), - }; - } -} diff --git a/x-pack/plugins/security_solution/server/lib/kpi_hosts/helpers.test.ts b/x-pack/plugins/security_solution/server/lib/kpi_hosts/helpers.test.ts deleted file mode 100644 index 838eb5d9bcef9..0000000000000 --- a/x-pack/plugins/security_solution/server/lib/kpi_hosts/helpers.test.ts +++ /dev/null @@ -1,21 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import { isKpiHostDetailsQuery } from './helpers'; -import { mockKpiHostsOptions, mockKpiHostDetailsOptions } from './mock'; - -describe('helpers', () => { - const table: Array<[typeof mockKpiHostDetailsOptions, boolean]> = [ - [mockKpiHostsOptions, false], - [mockKpiHostDetailsOptions, true], - ]; - - describe.each(table)('isHostDetails', (option, expected) => { - test(`it should tell if it is kpiHostDetails option`, () => { - expect(isKpiHostDetailsQuery(option)).toBe(expected); - }); - }); -}); diff --git a/x-pack/plugins/security_solution/server/lib/kpi_hosts/helpers.ts b/x-pack/plugins/security_solution/server/lib/kpi_hosts/helpers.ts deleted file mode 100644 index 189921a18bc53..0000000000000 --- a/x-pack/plugins/security_solution/server/lib/kpi_hosts/helpers.ts +++ /dev/null @@ -1,11 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import { RequestBasicOptions } from '../framework'; - -export const isKpiHostDetailsQuery = (options: RequestBasicOptions): boolean => { - return options.filterQuery !== undefined && Object.keys(options.filterQuery).length > 0; -}; diff --git a/x-pack/plugins/security_solution/server/lib/kpi_hosts/index.ts b/x-pack/plugins/security_solution/server/lib/kpi_hosts/index.ts deleted file mode 100644 index 6d1e88d54171a..0000000000000 --- a/x-pack/plugins/security_solution/server/lib/kpi_hosts/index.ts +++ /dev/null @@ -1,28 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import { FrameworkRequest, RequestBasicOptions } from '../framework'; - -import { KpiHostsAdapter } from './types'; -import { KpiHostsData, KpiHostDetailsData } from '../../graphql/types'; - -export class KpiHosts { - constructor(private readonly adapter: KpiHostsAdapter) {} - - public async getKpiHosts( - req: FrameworkRequest, - options: RequestBasicOptions - ): Promise { - return this.adapter.getKpiHosts(req, options); - } - - public async getKpiHostDetails( - req: FrameworkRequest, - options: RequestBasicOptions - ): Promise { - return this.adapter.getKpiHostDetails(req, options); - } -} diff --git a/x-pack/plugins/security_solution/server/lib/kpi_hosts/mock.ts b/x-pack/plugins/security_solution/server/lib/kpi_hosts/mock.ts deleted file mode 100644 index 876d2f9c16bed..0000000000000 --- a/x-pack/plugins/security_solution/server/lib/kpi_hosts/mock.ts +++ /dev/null @@ -1,606 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import { DEFAULT_INDEX_PATTERN } from '../../../common/constants'; -import { RequestBasicOptions } from '../framework/types'; - -const FROM = '2019-05-03T13:24:00.660Z'; -const TO = '2019-05-04T13:24:00.660Z'; - -export const mockKpiHostsOptions: RequestBasicOptions = { - defaultIndex: DEFAULT_INDEX_PATTERN, - sourceConfiguration: { - fields: { - container: 'docker.container.name', - host: 'beat.hostname', - message: ['message', '@message'], - pod: 'kubernetes.pod.name', - tiebreaker: '_doc', - timestamp: '@timestamp', - }, - }, - timerange: { interval: '12h', to: TO, from: FROM }, - filterQuery: undefined, -}; - -export const mockKpiHostDetailsOptions: RequestBasicOptions = { - defaultIndex: DEFAULT_INDEX_PATTERN, - sourceConfiguration: { - fields: { - container: 'docker.container.name', - host: 'beat.hostname', - message: ['message', '@message'], - pod: 'kubernetes.pod.name', - tiebreaker: '_doc', - timestamp: '@timestamp', - }, - }, - timerange: { interval: '12h', to: TO, from: FROM }, - filterQuery: { term: { 'host.name': 'beats-ci-immutable-ubuntu-1604-1560970771368235343' } }, -}; - -export const mockKpiHostsRequest = { - body: { - operationName: 'GetKpiHostsQuery', - variables: { - sourceId: 'default', - timerange: { interval: '12h', from: FROM, to: TO }, - filterQuery: '', - }, - query: - 'fragment KpiHostChartFields on KpiHostHistogramData {\n x\n y\n __typename\n}\n\nquery GetKpiHostsQuery($sourceId: ID!, $timerange: TimerangeInput!, $filterQuery: String, $defaultIndex: [String!]!) {\n source(id: $sourceId) {\n id\n KpiHosts(timerange: $timerange, filterQuery: $filterQuery, defaultIndex: $defaultIndex) {\n hosts\n hostsHistogram {\n ...KpiHostChartFields\n __typename\n }\n authSuccess\n authSuccessHistogram {\n ...KpiHostChartFields\n __typename\n }\n authFailure\n authFailureHistogram {\n ...KpiHostChartFields\n __typename\n }\n uniqueSourceIps\n uniqueSourceIpsHistogram {\n ...KpiHostChartFields\n __typename\n }\n uniqueDestinationIps\n uniqueDestinationIpsHistogram {\n ...KpiHostChartFields\n __typename\n }\n __typename\n }\n __typename\n }\n}\n', - }, -}; - -export const mockKpiHostDetailsRequest = { - body: { - operationName: 'GetKpiHostDetailsQuery', - variables: { - sourceId: 'default', - timerange: { interval: '12h', from: FROM, to: TO }, - filterQuery: { term: { 'host.name': 'beats-ci-immutable-ubuntu-1604-1560970771368235343' } }, - }, - query: - 'fragment KpiHostDetailsChartFields on KpiHostHistogramData {\n x\n y\n __typename\n}\n\nquery GetKpiHostDetailsQuery($sourceId: ID!, $timerange: TimerangeInput!, $filterQuery: String, $defaultIndex: [String!]!, $hostName: String!) {\n source(id: $sourceId) {\n id\n KpiHostDetails(timerange: $timerange, filterQuery: $filterQuery, defaultIndex: $defaultIndex, hostName: $hostName) {\n authSuccess\n authSuccessHistogram {\n ...KpiHostDetailsChartFields\n __typename\n }\n authFailure\n authFailureHistogram {\n ...KpiHostDetailsChartFields\n __typename\n }\n uniqueSourceIps\n uniqueSourceIpsHistogram {\n ...KpiHostDetailsChartFields\n __typename\n }\n uniqueDestinationIps\n uniqueDestinationIpsHistogram {\n ...KpiHostDetailsChartFields\n __typename\n }\n __typename\n }\n __typename\n }\n}\n', - }, -}; - -const mockUniqueIpsResponse = { - took: 1234, - timed_out: false, - _shards: { - total: 71, - successful: 71, - skipped: 65, - failed: 0, - }, - hits: { - max_score: null, - hits: [], - }, - aggregations: { - unique_destination_ips: { - value: 1954, - }, - unique_destination_ips_histogram: { - buckets: [ - { - key_as_string: '2019-05-03T13:00:00.000Z', - key: 1556888400000, - doc_count: 3158515, - count: { - value: 1809, - }, - }, - { - key_as_string: '2019-05-04T01:00:00.000Z', - key: 1556931600000, - doc_count: 703032, - count: { - value: 407, - }, - }, - { - key_as_string: '2019-05-04T13:00:00.000Z', - key: 1556974800000, - doc_count: 1780, - count: { - value: 64, - }, - }, - ], - interval: '12h', - }, - unique_source_ips: { - value: 1407, - }, - unique_source_ips_histogram: { - buckets: [ - { - key_as_string: '2019-05-03T13:00:00.000Z', - key: 1556888400000, - doc_count: 3158515, - count: { - value: 1182, - }, - }, - { - key_as_string: '2019-05-04T01:00:00.000Z', - key: 1556931600000, - doc_count: 703032, - count: { - value: 364, - }, - }, - { - key_as_string: '2019-05-04T13:00:00.000Z', - key: 1556974800000, - doc_count: 1780, - count: { - value: 63, - }, - }, - ], - interval: '12h', - }, - }, - status: 200, -}; - -const mockAuthResponse = { - took: 320, - timed_out: false, - _shards: { - total: 71, - successful: 71, - skipped: 65, - failed: 0, - }, - hits: { - max_score: null, - hits: [], - }, - aggregations: { - authentication_success: { - doc_count: 61, - }, - authentication_failure: { - doc_count: 15722, - }, - authentication_failure_histogram: { - buckets: [ - { - key_as_string: '2019-05-03T13:00:00.000Z', - key: 1556888400000, - doc_count: 11739, - count: { - doc_count: 11731, - }, - }, - { - key_as_string: '2019-05-04T01:00:00.000Z', - key: 1556931600000, - doc_count: 4031, - count: { - doc_count: 3979, - }, - }, - { - key_as_string: '2019-05-04T13:00:00.000Z', - key: 1556974800000, - doc_count: 13, - count: { - doc_count: 12, - }, - }, - ], - interval: '12h', - }, - authentication_success_histogram: { - buckets: [ - { - key_as_string: '2019-05-03T13:00:00.000Z', - key: 1556888400000, - doc_count: 11739, - count: { - doc_count: 8, - }, - }, - { - key_as_string: '2019-05-04T01:00:00.000Z', - key: 1556931600000, - doc_count: 4031, - count: { - doc_count: 52, - }, - }, - { - key_as_string: '2019-05-04T13:00:00.000Z', - key: 1556974800000, - doc_count: 13, - count: { - doc_count: 1, - }, - }, - ], - interval: '12h', - }, - }, - status: 200, -}; - -const mockHostsReponse = { - took: 1234, - timed_out: false, - _shards: { - total: 71, - successful: 71, - skipped: 65, - failed: 0, - }, - hits: { - max_score: null, - hits: [], - }, - aggregations: { - hosts: { - value: 986, - }, - hosts_histogram: { - buckets: [ - { - key_as_string: '2019-05-03T13:00:00.000Z', - key: 1556888400000, - doc_count: 3158515, - count: { - value: 919, - }, - }, - { - key_as_string: '2019-05-04T01:00:00.000Z', - key: 1556931600000, - doc_count: 703032, - count: { - value: 82, - }, - }, - { - key_as_string: '2019-05-04T13:00:00.000Z', - key: 1556974800000, - doc_count: 1780, - count: { - value: 4, - }, - }, - ], - interval: '12h', - }, - }, - status: 200, -}; - -export const mockKpiHostsResponse = { - took: 4405, - responses: [mockHostsReponse, mockAuthResponse, mockUniqueIpsResponse], -}; - -export const mockKpiHostsResponseNodata = { responses: [null, null, null] }; - -const mockMsearchHeader = { - index: DEFAULT_INDEX_PATTERN, - allowNoIndices: true, - ignoreUnavailable: true, -}; - -const mockHostNameFilter = { - term: { 'host.name': 'beats-ci-immutable-ubuntu-1604-1560970771368235343' }, -}; -const mockTimerangeFilter = { range: { '@timestamp': { gte: FROM, lte: TO } } }; - -export const mockHostsQuery = [ - mockMsearchHeader, - { - aggregations: { - hosts: { cardinality: { field: 'host.name' } }, - hosts_histogram: { - auto_date_histogram: { field: '@timestamp', buckets: '6' }, - aggs: { count: { cardinality: { field: 'host.name' } } }, - }, - }, - query: { - bool: { filter: [{ range: { '@timestamp': mockTimerangeFilter } }] }, - }, - size: 0, - track_total_hits: false, - }, -]; - -const mockUniqueIpsAggs = { - unique_source_ips: { cardinality: { field: 'source.ip' } }, - unique_source_ips_histogram: { - auto_date_histogram: { field: '@timestamp', buckets: '6' }, - aggs: { count: { cardinality: { field: 'source.ip' } } }, - }, - unique_destination_ips: { cardinality: { field: 'destination.ip' } }, - unique_destination_ips_histogram: { - auto_date_histogram: { field: '@timestamp', buckets: '6' }, - aggs: { count: { cardinality: { field: 'destination.ip' } } }, - }, -}; - -export const mockKpiHostsUniqueIpsQuery = [ - mockMsearchHeader, - { - aggregations: mockUniqueIpsAggs, - query: { - bool: { filter: [mockTimerangeFilter] }, - }, - size: 0, - track_total_hits: false, - }, -]; - -export const mockKpiHostDetailsUniqueIpsQuery = [ - mockMsearchHeader, - { - aggregations: mockUniqueIpsAggs, - query: { - bool: { filter: [mockHostNameFilter, mockTimerangeFilter] }, - }, - size: 0, - track_total_hits: false, - }, -]; - -const mockAuthAggs = { - authentication_success: { filter: { term: { 'event.outcome': 'success' } } }, - authentication_success_histogram: { - auto_date_histogram: { field: '@timestamp', buckets: '6' }, - aggs: { count: { filter: { term: { 'event.outcome': 'success' } } } }, - }, - authentication_failure: { filter: { term: { 'event.outcome': 'failure' } } }, - authentication_failure_histogram: { - auto_date_histogram: { field: '@timestamp', buckets: '6' }, - aggs: { count: { filter: { term: { 'event.outcome': 'failure' } } } }, - }, -}; - -const mockAuthFilter = { - bool: { - filter: [ - { - term: { - 'event.category': 'authentication', - }, - }, - ], - }, -}; - -export const mockKpiHostsAuthQuery = [ - mockMsearchHeader, - { - aggs: mockAuthAggs, - query: { - bool: { - filter: [mockAuthFilter, mockTimerangeFilter], - }, - }, - size: 0, - track_total_hits: false, - }, -]; - -export const mockKpiHostDetailsAuthQuery = [ - mockMsearchHeader, - { - aggs: mockAuthAggs, - query: { - bool: { - filter: [mockHostNameFilter, mockAuthFilter, mockTimerangeFilter], - }, - }, - size: 0, - track_total_hits: false, - }, -]; - -export const mockKpiHostsMsearchOptions = { - body: [...mockHostsQuery, ...mockKpiHostsAuthQuery, ...mockKpiHostsUniqueIpsQuery], -}; - -export const mockKpiHostDetailsMsearchOptions = { - body: [...mockKpiHostDetailsAuthQuery, ...mockKpiHostDetailsUniqueIpsQuery], -}; - -export const mockKpiHostsQueryDsl = [ - JSON.stringify({ ...mockHostsQuery[0], body: mockHostsQuery[1] }, null, 2), - JSON.stringify({ ...mockKpiHostsAuthQuery[0], body: mockKpiHostsAuthQuery[1] }, null, 2), - JSON.stringify( - { ...mockKpiHostsUniqueIpsQuery[0], body: mockKpiHostsUniqueIpsQuery[1] }, - null, - 2 - ), -]; - -export const mockKpiHostsResult = { - inspect: { - dsl: mockKpiHostsQueryDsl, - response: [ - JSON.stringify(mockKpiHostsResponse.responses[0], null, 2), - JSON.stringify(mockKpiHostsResponse.responses[1], null, 2), - JSON.stringify(mockKpiHostsResponse.responses[2], null, 2), - ], - }, - hosts: 986, - hostsHistogram: [ - { - x: new Date('2019-05-03T13:00:00.000Z').valueOf(), - y: 919, - }, - { - x: new Date('2019-05-04T01:00:00.000Z').valueOf(), - y: 82, - }, - { - x: new Date('2019-05-04T13:00:00.000Z').valueOf(), - y: 4, - }, - ], - authSuccess: 61, - authSuccessHistogram: [ - { - x: new Date('2019-05-03T13:00:00.000Z').valueOf(), - y: 8, - }, - { - x: new Date('2019-05-04T01:00:00.000Z').valueOf(), - y: 52, - }, - { - x: new Date('2019-05-04T13:00:00.000Z').valueOf(), - y: 1, - }, - ], - authFailure: 15722, - authFailureHistogram: [ - { - x: new Date('2019-05-03T13:00:00.000Z').valueOf(), - y: 11731, - }, - { - x: new Date('2019-05-04T01:00:00.000Z').valueOf(), - y: 3979, - }, - { - x: new Date('2019-05-04T13:00:00.000Z').valueOf(), - y: 12, - }, - ], - uniqueSourceIps: 1407, - uniqueSourceIpsHistogram: [ - { - x: new Date('2019-05-03T13:00:00.000Z').valueOf(), - y: 1182, - }, - { - x: new Date('2019-05-04T01:00:00.000Z').valueOf(), - y: 364, - }, - { - x: new Date('2019-05-04T13:00:00.000Z').valueOf(), - y: 63, - }, - ], - uniqueDestinationIps: 1954, - uniqueDestinationIpsHistogram: [ - { - x: new Date('2019-05-03T13:00:00.000Z').valueOf(), - y: 1809, - }, - { - x: new Date('2019-05-04T01:00:00.000Z').valueOf(), - y: 407, - }, - { - x: new Date('2019-05-04T13:00:00.000Z').valueOf(), - y: 64, - }, - ], -}; - -export const mockKpiHostDetailsResponse = { - took: 4405, - responses: [mockAuthResponse, mockUniqueIpsResponse], -}; - -export const mockKpiHostDetailsResponseNoData = { - took: 4405, - responses: [null, null], -}; - -export const mockKpiHostDetailsDsl = [ - JSON.stringify( - { ...mockKpiHostDetailsAuthQuery[0], body: mockKpiHostDetailsAuthQuery[1] }, - null, - 2 - ), - JSON.stringify( - { ...mockKpiHostDetailsUniqueIpsQuery[0], body: mockKpiHostDetailsUniqueIpsQuery[1] }, - null, - 2 - ), -]; - -export const mockKpiHostDetailsResult = { - inspect: { - dsl: mockKpiHostDetailsDsl, - response: [ - JSON.stringify(mockKpiHostDetailsResponse.responses[0], null, 2), - JSON.stringify(mockKpiHostDetailsResponse.responses[1], null, 2), - ], - }, - authSuccess: 61, - authSuccessHistogram: [ - { - x: new Date('2019-05-03T13:00:00.000Z').valueOf(), - y: 8, - }, - { - x: new Date('2019-05-04T01:00:00.000Z').valueOf(), - y: 52, - }, - { - x: new Date('2019-05-04T13:00:00.000Z').valueOf(), - y: 1, - }, - ], - authFailure: 15722, - authFailureHistogram: [ - { - x: new Date('2019-05-03T13:00:00.000Z').valueOf(), - y: 11731, - }, - { - x: new Date('2019-05-04T01:00:00.000Z').valueOf(), - y: 3979, - }, - { - x: new Date('2019-05-04T13:00:00.000Z').valueOf(), - y: 12, - }, - ], - uniqueSourceIps: 1407, - uniqueSourceIpsHistogram: [ - { - x: new Date('2019-05-03T13:00:00.000Z').valueOf(), - y: 1182, - }, - { - x: new Date('2019-05-04T01:00:00.000Z').valueOf(), - y: 364, - }, - { - x: new Date('2019-05-04T13:00:00.000Z').valueOf(), - y: 63, - }, - ], - uniqueDestinationIps: 1954, - uniqueDestinationIpsHistogram: [ - { - x: new Date('2019-05-03T13:00:00.000Z').valueOf(), - y: 1809, - }, - { - x: new Date('2019-05-04T01:00:00.000Z').valueOf(), - y: 407, - }, - { - x: new Date('2019-05-04T13:00:00.000Z').valueOf(), - y: 64, - }, - ], -}; diff --git a/x-pack/plugins/security_solution/server/lib/kpi_hosts/query_authentication.dsl.test.ts b/x-pack/plugins/security_solution/server/lib/kpi_hosts/query_authentication.dsl.test.ts deleted file mode 100644 index b6da35f75b16a..0000000000000 --- a/x-pack/plugins/security_solution/server/lib/kpi_hosts/query_authentication.dsl.test.ts +++ /dev/null @@ -1,30 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import { - mockKpiHostsOptions, - mockKpiHostsAuthQuery, - mockKpiHostDetailsOptions, - mockKpiHostDetailsAuthQuery, -} from './mock'; -import { buildAuthQuery } from './query_authentication.dsl'; - -const table = [ - [mockKpiHostsOptions, mockKpiHostsAuthQuery] as [ - typeof mockKpiHostsOptions, - typeof mockKpiHostsAuthQuery - ], - [mockKpiHostDetailsOptions, mockKpiHostDetailsAuthQuery] as [ - typeof mockKpiHostDetailsOptions, - typeof mockKpiHostDetailsAuthQuery - ], -]; - -describe.each(table)('buildAuthQuery', (option, expected) => { - test(`returns correct query by option type`, () => { - expect(buildAuthQuery(option)).toMatchObject(expected); - }); -}); diff --git a/x-pack/plugins/security_solution/server/lib/kpi_hosts/query_authentication.dsl.ts b/x-pack/plugins/security_solution/server/lib/kpi_hosts/query_authentication.dsl.ts deleted file mode 100644 index ee9e6cd5a66c5..0000000000000 --- a/x-pack/plugins/security_solution/server/lib/kpi_hosts/query_authentication.dsl.ts +++ /dev/null @@ -1,105 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ -import { createQueryFilterClauses } from '../../utils/build_query'; -import { KpiHostsESMSearchBody } from './types'; -import { RequestBasicOptions } from '../framework'; - -export const buildAuthQuery = ({ - filterQuery, - timerange: { from, to }, - defaultIndex, - sourceConfiguration: { - fields: { timestamp }, - }, -}: RequestBasicOptions): KpiHostsESMSearchBody[] => { - const filter = [ - ...createQueryFilterClauses(filterQuery), - { - bool: { - filter: [ - { - term: { - 'event.category': 'authentication', - }, - }, - ], - }, - }, - { - range: { - [timestamp]: { - gte: from, - lte: to, - format: 'strict_date_optional_time', - }, - }, - }, - ]; - - const dslQuery = [ - { - index: defaultIndex, - allowNoIndices: true, - ignoreUnavailable: true, - }, - { - aggs: { - authentication_success: { - filter: { - term: { - 'event.outcome': 'success', - }, - }, - }, - authentication_success_histogram: { - auto_date_histogram: { - field: '@timestamp', - buckets: '6', - }, - aggs: { - count: { - filter: { - term: { - 'event.outcome': 'success', - }, - }, - }, - }, - }, - authentication_failure: { - filter: { - term: { - 'event.outcome': 'failure', - }, - }, - }, - authentication_failure_histogram: { - auto_date_histogram: { - field: '@timestamp', - buckets: '6', - }, - aggs: { - count: { - filter: { - term: { - 'event.outcome': 'failure', - }, - }, - }, - }, - }, - }, - query: { - bool: { - filter, - }, - }, - size: 0, - track_total_hits: false, - }, - ]; - return dslQuery; -}; diff --git a/x-pack/plugins/security_solution/server/lib/kpi_hosts/query_hosts.dsl.ts b/x-pack/plugins/security_solution/server/lib/kpi_hosts/query_hosts.dsl.ts deleted file mode 100644 index 0c1d7d4ae9de7..0000000000000 --- a/x-pack/plugins/security_solution/server/lib/kpi_hosts/query_hosts.dsl.ts +++ /dev/null @@ -1,69 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ -import { createQueryFilterClauses } from '../../utils/build_query'; -import { KpiHostsESMSearchBody } from './types'; -import { RequestBasicOptions } from '../framework'; - -export const buildHostsQuery = ({ - filterQuery, - timerange: { from, to }, - defaultIndex, - sourceConfiguration: { - fields: { timestamp }, - }, -}: RequestBasicOptions): KpiHostsESMSearchBody[] => { - const filter = [ - ...createQueryFilterClauses(filterQuery), - { - range: { - [timestamp]: { - gte: from, - lte: to, - format: 'strict_date_optional_time', - }, - }, - }, - ]; - - const dslQuery = [ - { - index: defaultIndex, - allowNoIndices: true, - ignoreUnavailable: true, - }, - { - aggregations: { - hosts: { - cardinality: { - field: 'host.name', - }, - }, - hosts_histogram: { - auto_date_histogram: { - field: '@timestamp', - buckets: '6', - }, - aggs: { - count: { - cardinality: { - field: 'host.name', - }, - }, - }, - }, - }, - query: { - bool: { - filter, - }, - }, - size: 0, - track_total_hits: false, - }, - ]; - - return dslQuery; -}; diff --git a/x-pack/plugins/security_solution/server/lib/kpi_hosts/query_unique_ips.dsl.test.ts b/x-pack/plugins/security_solution/server/lib/kpi_hosts/query_unique_ips.dsl.test.ts deleted file mode 100644 index 2309bc029d861..0000000000000 --- a/x-pack/plugins/security_solution/server/lib/kpi_hosts/query_unique_ips.dsl.test.ts +++ /dev/null @@ -1,24 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import { - mockKpiHostsOptions, - mockKpiHostsUniqueIpsQuery, - mockKpiHostDetailsOptions, - mockKpiHostDetailsUniqueIpsQuery, -} from './mock'; -import { buildUniqueIpsQuery } from './query_unique_ips.dsl'; - -const table: Array<[typeof mockKpiHostDetailsOptions, typeof mockKpiHostDetailsUniqueIpsQuery]> = [ - [mockKpiHostsOptions, mockKpiHostsUniqueIpsQuery], - [mockKpiHostDetailsOptions, mockKpiHostDetailsUniqueIpsQuery], -]; - -describe.each(table)('buildUniqueIpsQuery', (option, expected) => { - test(`returns correct query by option type`, () => { - expect(buildUniqueIpsQuery(option)).toMatchObject(expected); - }); -}); diff --git a/x-pack/plugins/security_solution/server/lib/kpi_hosts/query_unique_ips.dsl.ts b/x-pack/plugins/security_solution/server/lib/kpi_hosts/query_unique_ips.dsl.ts deleted file mode 100644 index 9813f73101235..0000000000000 --- a/x-pack/plugins/security_solution/server/lib/kpi_hosts/query_unique_ips.dsl.ts +++ /dev/null @@ -1,87 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ -import { createQueryFilterClauses } from '../../utils/build_query'; -import { KpiHostsESMSearchBody } from './types'; -import { RequestBasicOptions } from '../framework'; - -export const buildUniqueIpsQuery = ({ - filterQuery, - timerange: { from, to }, - defaultIndex, - sourceConfiguration: { - fields: { timestamp }, - }, -}: RequestBasicOptions): KpiHostsESMSearchBody[] => { - const filter = [ - ...createQueryFilterClauses(filterQuery), - { - range: { - [timestamp]: { - gte: from, - lte: to, - format: 'strict_date_optional_time', - }, - }, - }, - ]; - - const dslQuery = [ - { - index: defaultIndex, - allowNoIndices: true, - ignoreUnavailable: true, - }, - { - aggregations: { - unique_source_ips: { - cardinality: { - field: 'source.ip', - }, - }, - unique_source_ips_histogram: { - auto_date_histogram: { - field: '@timestamp', - buckets: '6', - }, - aggs: { - count: { - cardinality: { - field: 'source.ip', - }, - }, - }, - }, - unique_destination_ips: { - cardinality: { - field: 'destination.ip', - }, - }, - unique_destination_ips_histogram: { - auto_date_histogram: { - field: '@timestamp', - buckets: '6', - }, - aggs: { - count: { - cardinality: { - field: 'destination.ip', - }, - }, - }, - }, - }, - query: { - bool: { - filter, - }, - }, - size: 0, - track_total_hits: false, - }, - ]; - - return dslQuery; -}; diff --git a/x-pack/plugins/security_solution/server/lib/kpi_hosts/types.ts b/x-pack/plugins/security_solution/server/lib/kpi_hosts/types.ts deleted file mode 100644 index acc6ae5a340fa..0000000000000 --- a/x-pack/plugins/security_solution/server/lib/kpi_hosts/types.ts +++ /dev/null @@ -1,126 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ -import { FrameworkRequest, RequestBasicOptions } from '../framework'; -import { MSearchHeader, SearchHit } from '../types'; -import { KpiHostsData, KpiHostDetailsData } from '../../graphql/types'; - -export interface KpiHostsAdapter { - getKpiHosts(request: FrameworkRequest, options: RequestBasicOptions): Promise; - getKpiHostDetails( - request: FrameworkRequest, - options: RequestBasicOptions - ): Promise; -} - -export interface KpiHostHistogram { - key_as_string: string; - key: number; - doc_count: number; - count: T; -} - -export interface KpiHostGeneralHistogramCount { - value: number; -} - -export interface KpiHostAuthHistogramCount { - doc_count: number; -} - -export interface KpiHostsHostsHit extends SearchHit { - aggregations: { - hosts: { - value: number; - }; - hosts_histogram: { - buckets: Array>; - }; - }; - _shards: { - total: number; - successful: number; - skipped: number; - failed: number; - }; - hits: { - max_score: number | null; - hits: []; - }; - took: number; - timeout: number; -} - -export interface KpiHostsUniqueIpsHit extends SearchHit { - aggregations: { - unique_source_ips: { - value: number; - }; - unique_source_ips_histogram: { - buckets: Array>; - }; - unique_destination_ips: { - value: number; - }; - unique_destination_ips_histogram: { - buckets: Array>; - }; - }; - _shards: { - total: number; - successful: number; - skipped: number; - failed: number; - }; - hits: { - max_score: number | null; - hits: []; - }; - took: number; - timeout: number; -} - -export interface KpiHostsAuthHit extends SearchHit { - aggregations: { - authentication_success: { - doc_count: number; - }; - authentication_success_histogram: { - buckets: Array>; - }; - authentication_failure: { - doc_count: number; - }; - authentication_failure_histogram: { - buckets: Array>; - }; - }; - _shards: { - total: number; - successful: number; - skipped: number; - failed: number; - }; - hits: { - max_score: number | null; - hits: []; - }; - took: number; - timeout: number; -} - -export interface KpiHostsBody { - query?: object; - aggregations?: object; - size?: number; - track_total_hits?: boolean; -} - -export type KpiHostsESMSearchBody = KpiHostsBody | MSearchHeader; - -export interface EventModuleAttributeQuery { - agentType: 'auditbeat' | 'winlogbeat' | 'filebeat'; - eventModule?: 'file_integrity' | 'auditd'; -} diff --git a/x-pack/plugins/security_solution/server/lib/kpi_network/elastic_adapter.test.ts b/x-pack/plugins/security_solution/server/lib/kpi_network/elastic_adapter.test.ts deleted file mode 100644 index 58ee7c9aa1cf8..0000000000000 --- a/x-pack/plugins/security_solution/server/lib/kpi_network/elastic_adapter.test.ts +++ /dev/null @@ -1,147 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import { - mockMsearchOptions, - mockOptions, - mockRequest, - mockResponse, - mockResult, - mockNetworkEventsQueryDsl, - mockUniqueFlowIdsQueryDsl, - mockUniquePrvateIpsQueryDsl, - mockDnsQueryDsl, - mockTlsHandshakesQueryDsl, - mockResultNoData, - mockResponseNoData, -} from './mock'; -import { buildNetworkEventsQuery } from './query_network_events'; -import { buildUniqueFlowIdsQuery } from './query_unique_flow'; -import { buildDnsQuery } from './query_dns.dsl'; -import { buildTlsHandshakeQuery } from './query_tls_handshakes.dsl'; -import { buildUniquePrvateIpQuery } from './query_unique_private_ips.dsl'; -import { KpiNetworkData } from '../../graphql/types'; -import { ElasticsearchKpiNetworkAdapter } from './elasticsearch_adapter'; -import { FrameworkRequest, FrameworkAdapter } from '../framework'; - -jest.mock('./query_network_events', () => { - return { buildNetworkEventsQuery: jest.fn() }; -}); -jest.mock('./query_unique_flow', () => { - return { buildUniqueFlowIdsQuery: jest.fn() }; -}); -jest.mock('./query_dns.dsl', () => { - return { buildDnsQuery: jest.fn() }; -}); -jest.mock('./query_tls_handshakes.dsl', () => { - return { buildTlsHandshakeQuery: jest.fn() }; -}); -jest.mock('./query_unique_private_ips.dsl', () => { - return { buildUniquePrvateIpQuery: jest.fn() }; -}); - -describe('Network Kpi elasticsearch_adapter', () => { - let data: KpiNetworkData; - - const mockCallWithRequest = jest.fn(); - const mockFramework: FrameworkAdapter = { - callWithRequest: mockCallWithRequest, - registerGraphQLEndpoint: jest.fn(), - getIndexPatternsService: jest.fn(), - }; - - let EsKpiNetwork: ElasticsearchKpiNetworkAdapter; - - describe('getKpiNetwork - call stack', () => { - beforeAll(async () => { - (buildNetworkEventsQuery as jest.Mock).mockReset(); - (buildNetworkEventsQuery as jest.Mock).mockReturnValue(mockNetworkEventsQueryDsl); - (buildUniqueFlowIdsQuery as jest.Mock).mockReset(); - (buildUniqueFlowIdsQuery as jest.Mock).mockReturnValue(mockUniqueFlowIdsQueryDsl); - (buildDnsQuery as jest.Mock).mockReset(); - (buildDnsQuery as jest.Mock).mockReturnValue(mockDnsQueryDsl); - (buildUniquePrvateIpQuery as jest.Mock).mockReset(); - (buildUniquePrvateIpQuery as jest.Mock).mockReturnValue(mockUniquePrvateIpsQueryDsl); - (buildTlsHandshakeQuery as jest.Mock).mockReset(); - (buildTlsHandshakeQuery as jest.Mock).mockReturnValue(mockTlsHandshakesQueryDsl); - - mockCallWithRequest.mockResolvedValue(mockResponse); - jest.doMock('../framework', () => ({ - callWithRequest: mockCallWithRequest, - })); - EsKpiNetwork = new ElasticsearchKpiNetworkAdapter(mockFramework); - data = await EsKpiNetwork.getKpiNetwork(mockRequest as FrameworkRequest, mockOptions); - }); - - afterAll(() => { - mockCallWithRequest.mockReset(); - (buildNetworkEventsQuery as jest.Mock).mockClear(); - (buildUniqueFlowIdsQuery as jest.Mock).mockClear(); - (buildDnsQuery as jest.Mock).mockClear(); - (buildUniquePrvateIpQuery as jest.Mock).mockClear(); - (buildTlsHandshakeQuery as jest.Mock).mockClear(); - }); - - test('should build query for network events with correct option', () => { - expect(buildNetworkEventsQuery).toHaveBeenCalledWith(mockOptions); - }); - - test('should build query for unique flow IDs with correct option', () => { - expect(buildUniqueFlowIdsQuery).toHaveBeenCalledWith(mockOptions); - }); - - test('should build query for unique private ip with correct option', () => { - expect(buildUniquePrvateIpQuery).toHaveBeenCalledWith(mockOptions); - }); - - test('should build query for dns with correct option', () => { - expect(buildDnsQuery).toHaveBeenCalledWith(mockOptions); - }); - - test('should build query for tls handshakes with correct option', () => { - expect(buildTlsHandshakeQuery).toHaveBeenCalledWith(mockOptions); - }); - - test('should send msearch request', () => { - expect(mockCallWithRequest).toHaveBeenCalledWith(mockRequest, 'msearch', mockMsearchOptions); - }); - - test('Happy Path - get Data', () => { - expect(data).toEqual(mockResult); - }); - }); - - describe('Unhappy Path - No data', () => { - beforeAll(async () => { - mockCallWithRequest.mockResolvedValue(mockResponseNoData); - (buildNetworkEventsQuery as jest.Mock).mockClear(); - (buildUniqueFlowIdsQuery as jest.Mock).mockClear(); - (buildDnsQuery as jest.Mock).mockClear(); - (buildUniquePrvateIpQuery as jest.Mock).mockClear(); - (buildTlsHandshakeQuery as jest.Mock).mockClear(); - - jest.doMock('../framework', () => ({ - callWithRequest: mockCallWithRequest, - })); - - EsKpiNetwork = new ElasticsearchKpiNetworkAdapter(mockFramework); - data = await EsKpiNetwork.getKpiNetwork(mockRequest as FrameworkRequest, mockOptions); - }); - - afterAll(() => { - mockCallWithRequest.mockReset(); - (buildNetworkEventsQuery as jest.Mock).mockClear(); - (buildUniqueFlowIdsQuery as jest.Mock).mockClear(); - (buildDnsQuery as jest.Mock).mockClear(); - (buildUniquePrvateIpQuery as jest.Mock).mockClear(); - (buildTlsHandshakeQuery as jest.Mock).mockClear(); - }); - - test('getKpiNetwork - response without data', async () => { - expect(data).toEqual(mockResultNoData); - }); - }); -}); diff --git a/x-pack/plugins/security_solution/server/lib/kpi_network/elasticsearch_adapter.ts b/x-pack/plugins/security_solution/server/lib/kpi_network/elasticsearch_adapter.ts deleted file mode 100644 index 11d8299725f2a..0000000000000 --- a/x-pack/plugins/security_solution/server/lib/kpi_network/elasticsearch_adapter.ts +++ /dev/null @@ -1,113 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import { getOr } from 'lodash/fp'; - -import { inspectStringifyObject } from '../../utils/build_query'; -import { FrameworkAdapter, FrameworkRequest, RequestBasicOptions } from '../framework'; - -import { buildDnsQuery } from './query_dns.dsl'; -import { buildTlsHandshakeQuery } from './query_tls_handshakes.dsl'; -import { buildUniquePrvateIpQuery } from './query_unique_private_ips.dsl'; -import { - KpiNetworkHit, - KpiNetworkAdapter, - KpiNetworkESMSearchBody, - KpiNetworkGeneralHit, - KpiNetworkUniquePrivateIpsHit, -} from './types'; -import { TermAggregation } from '../types'; -import { KpiNetworkHistogramData, KpiNetworkData } from '../../graphql/types'; -import { buildNetworkEventsQuery } from './query_network_events'; -import { buildUniqueFlowIdsQuery } from './query_unique_flow'; - -const formatHistogramData = ( - data: Array<{ key: number; count: { value: number } }> -): KpiNetworkHistogramData[] | null => { - return data && data.length > 0 - ? data.map(({ key, count }) => { - return { - x: key, - y: getOr(null, 'value', count), - }; - }) - : null; -}; - -export class ElasticsearchKpiNetworkAdapter implements KpiNetworkAdapter { - constructor(private readonly framework: FrameworkAdapter) {} - - public async getKpiNetwork( - request: FrameworkRequest, - options: RequestBasicOptions - ): Promise { - const networkEventsQuery: KpiNetworkESMSearchBody[] = buildNetworkEventsQuery(options); - const uniqueFlowIdsQuery: KpiNetworkESMSearchBody[] = buildUniqueFlowIdsQuery(options); - const uniquePrivateIpsQuery: KpiNetworkESMSearchBody[] = buildUniquePrvateIpQuery(options); - const dnsQuery: KpiNetworkESMSearchBody[] = buildDnsQuery(options); - const tlsHandshakesQuery: KpiNetworkESMSearchBody[] = buildTlsHandshakeQuery(options); - const response = await this.framework.callWithRequest< - KpiNetworkGeneralHit | KpiNetworkHit | KpiNetworkUniquePrivateIpsHit, - TermAggregation - >(request, 'msearch', { - body: [ - ...networkEventsQuery, - ...dnsQuery, - ...uniquePrivateIpsQuery, - ...uniqueFlowIdsQuery, - ...tlsHandshakesQuery, - ], - }); - const uniqueSourcePrivateIpsHistogram = getOr( - null, - 'responses.2.aggregations.source.histogram.buckets', - response - ); - const uniqueDestinationPrivateIpsHistogram = getOr( - null, - 'responses.2.aggregations.destination.histogram.buckets', - response - ); - - const inspect = { - dsl: [ - inspectStringifyObject({ ...networkEventsQuery[0], body: networkEventsQuery[1] }), - inspectStringifyObject({ ...dnsQuery[0], body: dnsQuery[1] }), - inspectStringifyObject({ ...uniquePrivateIpsQuery[0], body: uniquePrivateIpsQuery[1] }), - inspectStringifyObject({ ...uniqueFlowIdsQuery[0], body: uniqueFlowIdsQuery[1] }), - inspectStringifyObject({ ...tlsHandshakesQuery[0], body: tlsHandshakesQuery[1] }), - ], - response: [ - inspectStringifyObject(response.responses[0]), - inspectStringifyObject(response.responses[1]), - inspectStringifyObject(response.responses[2]), - inspectStringifyObject(response.responses[3]), - inspectStringifyObject(response.responses[4]), - ], - }; - return { - inspect, - networkEvents: getOr(null, 'responses.0.hits.total.value', response), - dnsQueries: getOr(null, 'responses.1.hits.total.value', response), - uniqueSourcePrivateIps: getOr( - null, - 'responses.2.aggregations.source.unique_private_ips.value', - response - ), - uniqueSourcePrivateIpsHistogram: formatHistogramData(uniqueSourcePrivateIpsHistogram), - uniqueDestinationPrivateIps: getOr( - null, - 'responses.2.aggregations.destination.unique_private_ips.value', - response - ), - uniqueDestinationPrivateIpsHistogram: formatHistogramData( - uniqueDestinationPrivateIpsHistogram - ), - uniqueFlowId: getOr(null, 'responses.3.aggregations.unique_flow_id.value', response), - tlsHandshakes: getOr(null, 'responses.4.hits.total.value', response), - }; - } -} diff --git a/x-pack/plugins/security_solution/server/lib/kpi_network/helpers.ts b/x-pack/plugins/security_solution/server/lib/kpi_network/helpers.ts deleted file mode 100644 index ed98e0226475c..0000000000000 --- a/x-pack/plugins/security_solution/server/lib/kpi_network/helpers.ts +++ /dev/null @@ -1,25 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -export const getIpFilter = () => [ - { - bool: { - should: [ - { - exists: { - field: 'source.ip', - }, - }, - { - exists: { - field: 'destination.ip', - }, - }, - ], - minimum_should_match: 1, - }, - }, -]; diff --git a/x-pack/plugins/security_solution/server/lib/kpi_network/index.ts b/x-pack/plugins/security_solution/server/lib/kpi_network/index.ts deleted file mode 100644 index b27026a462f5c..0000000000000 --- a/x-pack/plugins/security_solution/server/lib/kpi_network/index.ts +++ /dev/null @@ -1,21 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import { FrameworkRequest, RequestBasicOptions } from '../framework'; - -import { KpiNetworkAdapter } from './types'; -import { KpiNetworkData } from '../../graphql/types'; - -export class KpiNetwork { - constructor(private readonly adapter: KpiNetworkAdapter) {} - - public async getKpiNetwork( - req: FrameworkRequest, - options: RequestBasicOptions - ): Promise { - return this.adapter.getKpiNetwork(req, options); - } -} diff --git a/x-pack/plugins/security_solution/server/lib/kpi_network/mock.ts b/x-pack/plugins/security_solution/server/lib/kpi_network/mock.ts deleted file mode 100644 index fc9b64ae0746f..0000000000000 --- a/x-pack/plugins/security_solution/server/lib/kpi_network/mock.ts +++ /dev/null @@ -1,335 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import { DEFAULT_INDEX_PATTERN } from '../../../common/constants'; -import { RequestBasicOptions } from '../framework/types'; - -export const mockOptions: RequestBasicOptions = { - defaultIndex: DEFAULT_INDEX_PATTERN, - sourceConfiguration: { - fields: { - container: 'docker.container.name', - host: 'beat.hostname', - message: ['message', '@message'], - pod: 'kubernetes.pod.name', - tiebreaker: '_doc', - timestamp: '@timestamp', - }, - }, - timerange: { interval: '12h', to: '2019-02-11T02:26:46.071Z', from: '2019-02-10T02:26:46.071Z' }, - filterQuery: {}, -}; - -export const mockRequest = { - body: { - operationName: 'GetKpiNetworkQuery', - variables: { - sourceId: 'default', - timerange: { - interval: '12h', - from: '2019-05-09T23:48:41.842Z', - to: '2019-05-10T23:48:41.842Z', - }, - filterQuery: '', - }, - query: - 'fragment KpiNetworkChartFields on KpiNetworkHistogramData {\n x\n y\n __typename\n}\n\nquery GetKpiNetworkQuery($sourceId: ID!, $timerange: TimerangeInput!, $filterQuery: String, $defaultIndex: [String!]!) {\n source(id: $sourceId) {\n id\n KpiNetwork(timerange: $timerange, filterQuery: $filterQuery, defaultIndex: $defaultIndex) {\n networkEvents\n uniqueFlowId\n uniqueSourcePrivateIps\n uniqueSourcePrivateIpsHistogram {\n ...KpiNetworkChartFields\n __typename\n }\n uniqueDestinationPrivateIps\n uniqueDestinationPrivateIpsHistogram {\n ...KpiNetworkChartFields\n __typename\n }\n dnsQueries\n tlsHandshakes\n __typename\n }\n __typename\n }\n}\n', - }, -}; - -export const mockResponse = { - responses: [ - { - took: 384, - timed_out: false, - _shards: { - total: 10, - successful: 10, - skipped: 0, - failed: 0, - }, - hits: { - total: { - value: 733106, - relation: 'eq', - }, - max_score: null, - hits: [], - }, - status: 200, - }, - { - took: 64, - timed_out: false, - _shards: { - total: 10, - successful: 10, - skipped: 0, - failed: 0, - }, - hits: { - total: { - value: 10942, - relation: 'eq', - }, - max_score: null, - hits: [], - }, - status: 200, - }, - { - took: 224, - timed_out: false, - _shards: { - total: 10, - successful: 10, - skipped: 0, - failed: 0, - }, - hits: { - total: { - value: 480755, - relation: 'eq', - }, - max_score: null, - hits: [], - }, - aggregations: { - source: { - histogram: { - buckets: [ - { - key_as_string: '2019-05-09T23:00:00.000Z', - key: 1557442800000, - doc_count: 42109, - count: { - value: 14, - }, - }, - { - key_as_string: '2019-05-10T11:00:00.000Z', - key: 1557486000000, - doc_count: 437160, - count: { - value: 385, - }, - }, - { - key_as_string: '2019-05-10T23:00:00.000Z', - key: 1557529200000, - doc_count: 1486, - count: { - value: 7, - }, - }, - ], - interval: '12h', - }, - unique_private_ips: { - value: 387, - }, - }, - destination: { - histogram: { - buckets: [ - { - key_as_string: '2019-05-09T23:00:00.000Z', - key: 1557442800000, - doc_count: 36253, - count: { - value: 11, - }, - }, - { - key_as_string: '2019-05-10T11:00:00.000Z', - key: 1557486000000, - doc_count: 421719, - count: { - value: 877, - }, - }, - { - key_as_string: '2019-05-10T23:00:00.000Z', - key: 1557529200000, - doc_count: 1311, - count: { - value: 7, - }, - }, - ], - interval: '12h', - }, - unique_private_ips: { - value: 878, - }, - }, - }, - status: 200, - }, - { - took: 384, - timed_out: false, - _shards: { - total: 10, - successful: 10, - skipped: 0, - failed: 0, - }, - hits: { - total: { - value: 733106, - relation: 'eq', - }, - max_score: null, - hits: [], - }, - aggregations: { - unique_flow_id: { - value: 195415, - }, - }, - status: 200, - }, - { - took: 57, - timed_out: false, - _shards: { - total: 10, - successful: 10, - skipped: 0, - failed: 0, - }, - hits: { - total: { - value: 54482, - relation: 'eq', - }, - max_score: null, - hits: [], - }, - status: 200, - }, - ], -}; -const mockMsearchHeader = { - index: 'defaultIndex', - allowNoIndices: true, - ignoreUnavailable: true, -}; -const mockMsearchBody = { - query: {}, - aggregations: {}, - size: 0, - track_total_hits: false, -}; -export const mockNetworkEventsQueryDsl = [mockMsearchHeader, mockMsearchBody]; -export const mockUniqueFlowIdsQueryDsl = [ - mockMsearchHeader, - { mockUniqueFlowIdsQueryDsl: 'mockUniqueFlowIdsQueryDsl' }, -]; -export const mockUniquePrvateIpsQueryDsl = [ - mockMsearchHeader, - { mockUniquePrvateIpsQueryDsl: 'mockUniquePrvateIpsQueryDsl' }, -]; -export const mockDnsQueryDsl = [mockMsearchHeader, { mockDnsQueryDsl: 'mockDnsQueryDsl' }]; -export const mockTlsHandshakesQueryDsl = [ - mockMsearchHeader, - { mockTlsHandshakesQueryDsl: 'mockTlsHandshakesQueryDsl' }, -]; - -export const mockMsearchOptions = { - body: [ - ...mockNetworkEventsQueryDsl, - ...mockDnsQueryDsl, - ...mockUniquePrvateIpsQueryDsl, - ...mockUniqueFlowIdsQueryDsl, - ...mockTlsHandshakesQueryDsl, - ], -}; - -const mockDsl = [ - JSON.stringify({ ...mockNetworkEventsQueryDsl[0], body: mockNetworkEventsQueryDsl[1] }, null, 2), - JSON.stringify({ ...mockDnsQueryDsl[0], body: mockDnsQueryDsl[1] }, null, 2), - JSON.stringify( - { ...mockUniquePrvateIpsQueryDsl[0], body: mockUniquePrvateIpsQueryDsl[1] }, - null, - 2 - ), - JSON.stringify({ ...mockUniqueFlowIdsQueryDsl[0], body: mockUniqueFlowIdsQueryDsl[1] }, null, 2), - JSON.stringify({ ...mockTlsHandshakesQueryDsl[0], body: mockTlsHandshakesQueryDsl[1] }, null, 2), -]; - -export const mockResult = { - inspect: { - dsl: mockDsl, - response: [ - JSON.stringify(mockResponse.responses[0], null, 2), - JSON.stringify(mockResponse.responses[1], null, 2), - JSON.stringify(mockResponse.responses[2], null, 2), - JSON.stringify(mockResponse.responses[3], null, 2), - JSON.stringify(mockResponse.responses[4], null, 2), - ], - }, - dnsQueries: 10942, - networkEvents: 733106, - tlsHandshakes: 54482, - uniqueDestinationPrivateIps: 878, - uniqueDestinationPrivateIpsHistogram: [ - { - x: new Date('2019-05-09T23:00:00.000Z').valueOf(), - y: 11, - }, - { - x: new Date('2019-05-10T11:00:00.000Z').valueOf(), - y: 877, - }, - { - x: new Date('2019-05-10T23:00:00.000Z').valueOf(), - y: 7, - }, - ], - uniqueFlowId: 195415, - uniqueSourcePrivateIps: 387, - uniqueSourcePrivateIpsHistogram: [ - { - x: new Date('2019-05-09T23:00:00.000Z').valueOf(), - y: 14, - }, - { - x: new Date('2019-05-10T11:00:00.000Z').valueOf(), - y: 385, - }, - { - x: new Date('2019-05-10T23:00:00.000Z').valueOf(), - y: 7, - }, - ], -}; - -export const mockResponseNoData = { - responses: [null, null, null, null, null], -}; - -export const mockResultNoData = { - inspect: { - dsl: mockDsl, - response: [ - JSON.stringify(mockResponseNoData.responses[0], null, 2), - JSON.stringify(mockResponseNoData.responses[1], null, 2), - JSON.stringify(mockResponseNoData.responses[2], null, 2), - JSON.stringify(mockResponseNoData.responses[3], null, 2), - JSON.stringify(mockResponseNoData.responses[4], null, 2), - ], - }, - networkEvents: null, - uniqueFlowId: null, - uniqueSourcePrivateIps: null, - uniqueSourcePrivateIpsHistogram: null, - uniqueDestinationPrivateIps: null, - uniqueDestinationPrivateIpsHistogram: null, - dnsQueries: null, - tlsHandshakes: null, -}; diff --git a/x-pack/plugins/security_solution/server/lib/kpi_network/query_dns.dsl.ts b/x-pack/plugins/security_solution/server/lib/kpi_network/query_dns.dsl.ts deleted file mode 100644 index b3dba9b1d0fab..0000000000000 --- a/x-pack/plugins/security_solution/server/lib/kpi_network/query_dns.dsl.ts +++ /dev/null @@ -1,78 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ -import { createQueryFilterClauses } from '../../utils/build_query'; -import { RequestBasicOptions } from '../framework'; - -import { KpiNetworkESMSearchBody } from './types'; - -const getDnsQueryFilter = () => [ - { - bool: { - should: [ - { - exists: { - field: 'dns.question.name', - }, - }, - { - term: { - 'suricata.eve.dns.type': { - value: 'query', - }, - }, - }, - { - exists: { - field: 'zeek.dns.query', - }, - }, - ], - minimum_should_match: 1, - }, - }, -]; - -export const buildDnsQuery = ({ - filterQuery, - timerange: { from, to }, - defaultIndex, - sourceConfiguration: { - fields: { timestamp }, - }, -}: RequestBasicOptions): KpiNetworkESMSearchBody[] => { - const filter = [ - ...createQueryFilterClauses(filterQuery), - ...getDnsQueryFilter(), - { - range: { - [timestamp]: { - gte: from, - lte: to, - format: 'strict_date_optional_time', - }, - }, - }, - ]; - - const dslQuery = [ - { - index: defaultIndex, - allowNoIndices: true, - ignoreUnavailable: true, - }, - { - query: { - bool: { - filter, - }, - }, - size: 0, - track_total_hits: true, - }, - ]; - - return dslQuery; -}; diff --git a/x-pack/plugins/security_solution/server/lib/kpi_network/query_network_events.ts b/x-pack/plugins/security_solution/server/lib/kpi_network/query_network_events.ts deleted file mode 100644 index 17f705fe98d03..0000000000000 --- a/x-pack/plugins/security_solution/server/lib/kpi_network/query_network_events.ts +++ /dev/null @@ -1,52 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ -import { createQueryFilterClauses } from '../../utils/build_query'; -import { RequestBasicOptions } from '../framework'; - -import { KpiNetworkESMSearchBody } from './types'; -import { getIpFilter } from './helpers'; - -export const buildNetworkEventsQuery = ({ - filterQuery, - timerange: { from, to }, - defaultIndex, - sourceConfiguration: { - fields: { timestamp }, - }, -}: RequestBasicOptions): KpiNetworkESMSearchBody[] => { - const filter = [ - ...createQueryFilterClauses(filterQuery), - ...getIpFilter(), - { - range: { - [timestamp]: { - gte: from, - lte: to, - format: 'strict_date_optional_time', - }, - }, - }, - ]; - - const dslQuery = [ - { - index: defaultIndex, - allowNoIndices: true, - ignoreUnavailable: true, - }, - { - query: { - bool: { - filter, - }, - }, - size: 0, - track_total_hits: true, - }, - ]; - - return dslQuery; -}; diff --git a/x-pack/plugins/security_solution/server/lib/kpi_network/query_tls_handshakes.dsl.ts b/x-pack/plugins/security_solution/server/lib/kpi_network/query_tls_handshakes.dsl.ts deleted file mode 100644 index 5032863e7d324..0000000000000 --- a/x-pack/plugins/security_solution/server/lib/kpi_network/query_tls_handshakes.dsl.ts +++ /dev/null @@ -1,78 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ -import { createQueryFilterClauses } from '../../utils/build_query'; -import { RequestBasicOptions } from '../framework'; - -import { KpiNetworkESMSearchBody } from './types'; -import { getIpFilter } from './helpers'; - -const getTlsHandshakesQueryFilter = () => [ - { - bool: { - should: [ - { - exists: { - field: 'tls.version', - }, - }, - { - exists: { - field: 'suricata.eve.tls.version', - }, - }, - { - exists: { - field: 'zeek.ssl.version', - }, - }, - ], - minimum_should_match: 1, - }, - }, -]; - -export const buildTlsHandshakeQuery = ({ - filterQuery, - timerange: { from, to }, - defaultIndex, - sourceConfiguration: { - fields: { timestamp }, - }, -}: RequestBasicOptions): KpiNetworkESMSearchBody[] => { - const filter = [ - ...getIpFilter(), - ...createQueryFilterClauses(filterQuery), - ...getTlsHandshakesQueryFilter(), - { - range: { - [timestamp]: { - gte: from, - lte: to, - format: 'strict_date_optional_time', - }, - }, - }, - ]; - - const dslQuery = [ - { - index: defaultIndex, - allowNoIndices: true, - ignoreUnavailable: true, - }, - { - query: { - bool: { - filter, - }, - }, - size: 0, - track_total_hits: true, - }, - ]; - - return dslQuery; -}; diff --git a/x-pack/plugins/security_solution/server/lib/kpi_network/query_unique_flow.ts b/x-pack/plugins/security_solution/server/lib/kpi_network/query_unique_flow.ts deleted file mode 100644 index fb717df2b4608..0000000000000 --- a/x-pack/plugins/security_solution/server/lib/kpi_network/query_unique_flow.ts +++ /dev/null @@ -1,59 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ -import { createQueryFilterClauses } from '../../utils/build_query'; -import { RequestBasicOptions } from '../framework'; - -import { KpiNetworkESMSearchBody } from './types'; -import { getIpFilter } from './helpers'; - -export const buildUniqueFlowIdsQuery = ({ - filterQuery, - timerange: { from, to }, - defaultIndex, - sourceConfiguration: { - fields: { timestamp }, - }, -}: RequestBasicOptions): KpiNetworkESMSearchBody[] => { - const filter = [ - ...createQueryFilterClauses(filterQuery), - ...getIpFilter(), - { - range: { - [timestamp]: { - gte: from, - lte: to, - format: 'strict_date_optional_time', - }, - }, - }, - ]; - - const dslQuery = [ - { - index: defaultIndex, - allowNoIndices: true, - ignoreUnavailable: true, - }, - { - aggregations: { - unique_flow_id: { - cardinality: { - field: 'network.community_id', - }, - }, - }, - query: { - bool: { - filter, - }, - }, - size: 0, - track_total_hits: false, - }, - ]; - - return dslQuery; -}; diff --git a/x-pack/plugins/security_solution/server/lib/kpi_network/query_unique_private_ips.dsl.ts b/x-pack/plugins/security_solution/server/lib/kpi_network/query_unique_private_ips.dsl.ts deleted file mode 100644 index 77d6efdcfdaa0..0000000000000 --- a/x-pack/plugins/security_solution/server/lib/kpi_network/query_unique_private_ips.dsl.ts +++ /dev/null @@ -1,108 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ -import { createQueryFilterClauses } from '../../utils/build_query'; -import { RequestBasicOptions } from '../framework'; - -import { KpiNetworkESMSearchBody, UniquePrivateAttributeQuery } from './types'; - -const getUniquePrivateIpsFilter = (attrQuery: UniquePrivateAttributeQuery) => ({ - bool: { - should: [ - { - term: { - [`${attrQuery}.ip`]: '10.0.0.0/8', - }, - }, - { - term: { - [`${attrQuery}.ip`]: '192.168.0.0/16', - }, - }, - { - term: { - [`${attrQuery}.ip`]: '172.16.0.0/12', - }, - }, - { - term: { - [`${attrQuery}.ip`]: 'fd00::/8', - }, - }, - ], - minimum_should_match: 1, - }, -}); - -const getAggs = (attrQuery: 'source' | 'destination') => ({ - [attrQuery]: { - filter: getUniquePrivateIpsFilter(attrQuery), - aggs: { - unique_private_ips: { - cardinality: { - field: `${attrQuery}.ip`, - }, - }, - histogram: { - auto_date_histogram: { - field: '@timestamp', - buckets: '6', - }, - aggs: { - count: { - cardinality: { - field: `${attrQuery}.ip`, - }, - }, - }, - }, - }, - }, -}); - -export const buildUniquePrvateIpQuery = ({ - filterQuery, - timerange: { from, to }, - defaultIndex, - sourceConfiguration: { - fields: { timestamp }, - }, -}: RequestBasicOptions): KpiNetworkESMSearchBody[] => { - const filter = [ - ...createQueryFilterClauses(filterQuery), - { - range: { - [timestamp]: { - gte: from, - lte: to, - format: 'strict_date_optional_time', - }, - }, - }, - ]; - - const dslQuery = [ - { - allowNoIndices: true, - index: defaultIndex, - ignoreUnavailable: true, - }, - { - aggregations: { - ...getAggs('source'), - ...getAggs('destination'), - }, - query: { - bool: { - filter, - }, - }, - size: 0, - track_total_hits: false, - }, - ]; - - return dslQuery; -}; diff --git a/x-pack/plugins/security_solution/server/lib/kpi_network/types.ts b/x-pack/plugins/security_solution/server/lib/kpi_network/types.ts deleted file mode 100644 index b0a00e0ba968f..0000000000000 --- a/x-pack/plugins/security_solution/server/lib/kpi_network/types.ts +++ /dev/null @@ -1,50 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ -import { FrameworkRequest, RequestBasicOptions } from '../framework'; -import { MSearchHeader, SearchHit } from '../types'; -import { KpiNetworkHistogramData, KpiNetworkData } from '../../graphql/types'; - -export interface KpiNetworkAdapter { - getKpiNetwork(request: FrameworkRequest, options: RequestBasicOptions): Promise; -} - -export interface KpiNetworkHit { - hits: { - total: { - value: number; - }; - }; -} - -export interface KpiNetworkGeneralHit extends SearchHit, KpiNetworkHit { - aggregations: { - unique_flow_id: { - value: number; - }; - }; -} - -export interface KpiNetworkUniquePrivateIpsHit extends SearchHit { - aggregations: { - unique_private_ips: { - value: number; - }; - histogram: { - buckets: [KpiNetworkHistogramData]; - }; - }; -} - -export interface KpiNetworkBody { - query?: object; - aggregations?: object; - size?: number; - track_total_hits?: boolean; -} - -export type KpiNetworkESMSearchBody = KpiNetworkBody | MSearchHeader; - -export type UniquePrivateAttributeQuery = 'source' | 'destination'; diff --git a/x-pack/plugins/security_solution/server/lib/matrix_histogram/elasticsearch_adapter.ts b/x-pack/plugins/security_solution/server/lib/matrix_histogram/elasticsearch_adapter.ts deleted file mode 100644 index f661fe165130e..0000000000000 --- a/x-pack/plugins/security_solution/server/lib/matrix_histogram/elasticsearch_adapter.ts +++ /dev/null @@ -1,81 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import { getOr } from 'lodash/fp'; - -import { MatrixHistogramOverTimeData, HistogramType } from '../../graphql/types'; -import { inspectStringifyObject } from '../../utils/build_query'; -import { FrameworkAdapter, FrameworkRequest, MatrixHistogramRequestOptions } from '../framework'; -import { MatrixHistogramAdapter, MatrixHistogramDataConfig, MatrixHistogramHit } from './types'; -import { TermAggregation } from '../types'; -import { buildAnomaliesOverTimeQuery } from './query.anomalies_over_time.dsl'; -import { buildDnsHistogramQuery } from './query_dns_histogram.dsl'; -import { buildEventsOverTimeQuery } from './query.events_over_time.dsl'; -import { getDnsParsedData, getGenericData } from './utils'; -import { buildAuthenticationsOverTimeQuery } from './query.authentications_over_time.dsl'; -import { buildAlertsHistogramQuery } from './query_alerts.dsl'; - -const matrixHistogramConfig: MatrixHistogramDataConfig = { - [HistogramType.alerts]: { - buildDsl: buildAlertsHistogramQuery, - aggName: 'aggregations.alertsGroup.buckets', - parseKey: 'alerts.buckets', - }, - [HistogramType.anomalies]: { - buildDsl: buildAnomaliesOverTimeQuery, - aggName: 'aggregations.anomalyActionGroup.buckets', - parseKey: 'anomalies.buckets', - }, - [HistogramType.authentications]: { - buildDsl: buildAuthenticationsOverTimeQuery, - aggName: 'aggregations.eventActionGroup.buckets', - parseKey: 'events.buckets', - }, - [HistogramType.dns]: { - buildDsl: buildDnsHistogramQuery, - aggName: 'aggregations.NetworkDns.buckets', - parseKey: 'dns.buckets', - parser: getDnsParsedData, - }, - [HistogramType.events]: { - buildDsl: buildEventsOverTimeQuery, - aggName: 'aggregations.eventActionGroup.buckets', - parseKey: 'events.buckets', - }, -}; - -export class ElasticsearchMatrixHistogramAdapter implements MatrixHistogramAdapter { - constructor(private readonly framework: FrameworkAdapter) {} - - public async getHistogramData( - request: FrameworkRequest, - options: MatrixHistogramRequestOptions - ): Promise { - const myConfig = getOr(null, options.histogramType, matrixHistogramConfig); - if (myConfig == null) { - throw new Error(`This histogram type ${options.histogramType} is unknown to the server side`); - } - const dsl = myConfig.buildDsl(options); - const response = await this.framework.callWithRequest< - MatrixHistogramHit, - TermAggregation - >(request, 'search', dsl); - const totalCount = getOr(0, 'hits.total.value', response); - const matrixHistogramData = getOr([], myConfig.aggName, response); - const inspect = { - dsl: [inspectStringifyObject(dsl)], - response: [inspectStringifyObject(response)], - }; - - return { - inspect, - matrixHistogramData: myConfig.parser - ? myConfig.parser(matrixHistogramData, myConfig.parseKey) - : getGenericData(matrixHistogramData, myConfig.parseKey), - totalCount, - }; - } -} diff --git a/x-pack/plugins/security_solution/server/lib/matrix_histogram/elasticseatch_adapter.test.ts b/x-pack/plugins/security_solution/server/lib/matrix_histogram/elasticseatch_adapter.test.ts deleted file mode 100644 index 0b63785d2203b..0000000000000 --- a/x-pack/plugins/security_solution/server/lib/matrix_histogram/elasticseatch_adapter.test.ts +++ /dev/null @@ -1,56 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ -import { FrameworkAdapter, FrameworkRequest, MatrixHistogramRequestOptions } from '../framework'; - -import expect from '@kbn/expect'; -import { ElasticsearchMatrixHistogramAdapter } from './elasticsearch_adapter'; -import { - mockRequest, - mockOptions, - mockAlertsHistogramDataResponse, - mockAlertsHistogramQueryDsl, - mockAlertsHistogramDataFormattedResponse, -} from './mock'; - -jest.mock('./query_alerts.dsl', () => { - return { - buildAlertsHistogramQuery: jest.fn(() => mockAlertsHistogramQueryDsl), - }; -}); - -describe('alerts elasticsearch_adapter', () => { - describe('getAlertsHistogramData', () => { - test('Happy Path ', async () => { - const mockCallWithRequest = jest.fn(); - mockCallWithRequest.mockImplementation((req: FrameworkRequest, method: string) => { - return mockAlertsHistogramDataResponse; - }); - const mockFramework: FrameworkAdapter = { - callWithRequest: mockCallWithRequest, - registerGraphQLEndpoint: jest.fn(), - getIndexPatternsService: jest.fn(), - }; - jest.doMock('../framework', () => ({ - callWithRequest: mockCallWithRequest, - })); - - const adapter = new ElasticsearchMatrixHistogramAdapter(mockFramework); - const data = await adapter.getHistogramData( - (mockRequest as unknown) as FrameworkRequest, - (mockOptions as unknown) as MatrixHistogramRequestOptions - ); - - expect(data).to.eql({ - matrixHistogramData: mockAlertsHistogramDataFormattedResponse, - inspect: { - dsl: ['"mockAlertsHistogramQueryDsl"'], - response: [JSON.stringify(mockAlertsHistogramDataResponse, null, 2)], - }, - totalCount: 1599508, - }); - }); - }); -}); diff --git a/x-pack/plugins/security_solution/server/lib/matrix_histogram/index.ts b/x-pack/plugins/security_solution/server/lib/matrix_histogram/index.ts deleted file mode 100644 index 900a6ab619ae0..0000000000000 --- a/x-pack/plugins/security_solution/server/lib/matrix_histogram/index.ts +++ /dev/null @@ -1,21 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import { FrameworkRequest, MatrixHistogramRequestOptions } from '../framework'; -export * from './elasticsearch_adapter'; -import { MatrixHistogramAdapter } from './types'; -import { MatrixHistogramOverTimeData } from '../../graphql/types'; - -export class MatrixHistogram { - constructor(private readonly adapter: MatrixHistogramAdapter) {} - - public async getMatrixHistogramData( - req: FrameworkRequest, - options: MatrixHistogramRequestOptions - ): Promise { - return this.adapter.getHistogramData(req, options); - } -} diff --git a/x-pack/plugins/security_solution/server/lib/matrix_histogram/mock.ts b/x-pack/plugins/security_solution/server/lib/matrix_histogram/mock.ts deleted file mode 100644 index 1d1ebfff936d2..0000000000000 --- a/x-pack/plugins/security_solution/server/lib/matrix_histogram/mock.ts +++ /dev/null @@ -1,118 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import { DEFAULT_INDEX_PATTERN } from '../../../common/constants'; -import { HistogramType } from '../../graphql/types'; - -export const mockAlertsHistogramDataResponse = { - took: 513, - timed_out: false, - _shards: { - total: 62, - successful: 61, - skipped: 0, - failed: 1, - failures: [ - { - shard: 0, - index: 'auditbeat-7.2.0', - node: 'jBC5kcOeT1exvECDMrk5Ug', - reason: { - type: 'illegal_argument_exception', - reason: - 'Fielddata is disabled on text fields by default. Set fielddata=true on [event.module] in order to load fielddata in memory by uninverting the inverted index. Note that this can however use significant memory. Alternatively use a keyword field instead.', - }, - }, - ], - }, - hits: { - total: { - value: 1599508, - relation: 'eq', - }, - max_score: null, - hits: [], - }, - aggregations: { - alertsGroup: { - doc_count_error_upper_bound: 0, - sum_other_doc_count: 802087, - buckets: [ - { - key: 'All others', - doc_count: 451519, - alerts: { - buckets: [ - { - key_as_string: '2019-12-15T09:30:00.000Z', - key: 1576402200000, - doc_count: 3008, - }, - { - key_as_string: '2019-12-15T10:00:00.000Z', - key: 1576404000000, - doc_count: 8671, - }, - ], - }, - }, - { - key: 'suricata', - doc_count: 345902, - alerts: { - buckets: [ - { - key_as_string: '2019-12-15T09:30:00.000Z', - key: 1576402200000, - doc_count: 1785, - }, - { - key_as_string: '2019-12-15T10:00:00.000Z', - key: 1576404000000, - doc_count: 5342, - }, - ], - }, - }, - ], - }, - }, -}; -export const mockAlertsHistogramDataFormattedResponse = [ - { - x: 1576402200000, - y: 3008, - g: 'All others', - }, - { - x: 1576404000000, - y: 8671, - g: 'All others', - }, - { - x: 1576402200000, - y: 1785, - g: 'suricata', - }, - { - x: 1576404000000, - y: 5342, - g: 'suricata', - }, -]; -export const mockAlertsHistogramQueryDsl = 'mockAlertsHistogramQueryDsl'; -export const mockRequest = 'mockRequest'; -export const mockOptions = { - sourceConfiguration: { field: {} }, - timerange: { - to: 9999, - from: 1234, - }, - defaultIndex: DEFAULT_INDEX_PATTERN, - filterQuery: '', - stackByField: 'event.module', - histogramType: HistogramType.alerts, -}; diff --git a/x-pack/plugins/security_solution/server/lib/matrix_histogram/query.anomalies_over_time.dsl.ts b/x-pack/plugins/security_solution/server/lib/matrix_histogram/query.anomalies_over_time.dsl.ts deleted file mode 100644 index fb4e666cda964..0000000000000 --- a/x-pack/plugins/security_solution/server/lib/matrix_histogram/query.anomalies_over_time.dsl.ts +++ /dev/null @@ -1,78 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import moment from 'moment'; - -import { createQueryFilterClauses, calculateTimeSeriesInterval } from '../../utils/build_query'; -import { MatrixHistogramRequestOptions } from '../framework'; - -export const buildAnomaliesOverTimeQuery = ({ - filterQuery, - timerange: { from, to }, - defaultIndex, - stackByField = 'job_id', -}: MatrixHistogramRequestOptions) => { - const filter = [ - ...createQueryFilterClauses(filterQuery), - { - range: { - timestamp: { - gte: from, - lte: to, - format: 'strict_date_optional_time', - }, - }, - }, - ]; - - const getHistogramAggregation = () => { - const interval = calculateTimeSeriesInterval(from, to); - const histogramTimestampField = 'timestamp'; - const dateHistogram = { - date_histogram: { - field: histogramTimestampField, - fixed_interval: interval, - min_doc_count: 0, - extended_bounds: { - min: moment(from).valueOf(), - max: moment(to).valueOf(), - }, - }, - }; - return { - anomalyActionGroup: { - terms: { - field: stackByField, - order: { - _count: 'desc', - }, - size: 10, - }, - aggs: { - anomalies: dateHistogram, - }, - }, - }; - }; - - const dslQuery = { - index: defaultIndex, - allowNoIndices: true, - ignoreUnavailable: true, - body: { - aggs: getHistogramAggregation(), - query: { - bool: { - filter, - }, - }, - size: 0, - track_total_hits: true, - }, - }; - - return dslQuery; -}; diff --git a/x-pack/plugins/security_solution/server/lib/matrix_histogram/query.authentications_over_time.dsl.ts b/x-pack/plugins/security_solution/server/lib/matrix_histogram/query.authentications_over_time.dsl.ts deleted file mode 100644 index 174cc907214a9..0000000000000 --- a/x-pack/plugins/security_solution/server/lib/matrix_histogram/query.authentications_over_time.dsl.ts +++ /dev/null @@ -1,92 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ -import moment from 'moment'; - -import { createQueryFilterClauses, calculateTimeSeriesInterval } from '../../utils/build_query'; -import { MatrixHistogramRequestOptions } from '../framework'; - -export const buildAuthenticationsOverTimeQuery = ({ - filterQuery, - timerange: { from, to }, - defaultIndex, - sourceConfiguration: { - fields: { timestamp }, - }, - stackByField = 'event.outcome', -}: MatrixHistogramRequestOptions) => { - const filter = [ - ...createQueryFilterClauses(filterQuery), - { - bool: { - must: [ - { - term: { - 'event.category': 'authentication', - }, - }, - ], - }, - }, - { - range: { - [timestamp]: { - gte: from, - lte: to, - format: 'strict_date_optional_time', - }, - }, - }, - ]; - - const getHistogramAggregation = () => { - const interval = calculateTimeSeriesInterval(from, to); - const histogramTimestampField = '@timestamp'; - const dateHistogram = { - date_histogram: { - field: histogramTimestampField, - fixed_interval: interval, - min_doc_count: 0, - extended_bounds: { - min: moment(from).valueOf(), - max: moment(to).valueOf(), - }, - }, - }; - return { - eventActionGroup: { - terms: { - field: stackByField, - include: ['success', 'failure'], - order: { - _count: 'desc', - }, - size: 2, - }, - aggs: { - events: dateHistogram, - }, - }, - }; - }; - - const dslQuery = { - index: defaultIndex, - allowNoIndices: true, - ignoreUnavailable: true, - body: { - aggregations: getHistogramAggregation(), - query: { - bool: { - filter, - }, - }, - size: 0, - track_total_hits: true, - }, - }; - - return dslQuery; -}; diff --git a/x-pack/plugins/security_solution/server/lib/matrix_histogram/query.events_over_time.dsl.ts b/x-pack/plugins/security_solution/server/lib/matrix_histogram/query.events_over_time.dsl.ts deleted file mode 100644 index fa7c1b9e55b9e..0000000000000 --- a/x-pack/plugins/security_solution/server/lib/matrix_histogram/query.events_over_time.dsl.ts +++ /dev/null @@ -1,93 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import moment from 'moment'; - -import { showAllOthersBucket } from '../../../common/constants'; -import { createQueryFilterClauses, calculateTimeSeriesInterval } from '../../utils/build_query'; -import { MatrixHistogramRequestOptions } from '../framework'; - -import * as i18n from './translations'; - -export const buildEventsOverTimeQuery = ({ - filterQuery, - timerange: { from, to }, - defaultIndex, - sourceConfiguration: { - fields: { timestamp }, - }, - stackByField = 'event.action', -}: MatrixHistogramRequestOptions) => { - const filter = [ - ...createQueryFilterClauses(filterQuery), - { - range: { - [timestamp]: { - gte: from, - lte: to, - format: 'strict_date_optional_time', - }, - }, - }, - ]; - - const getHistogramAggregation = () => { - const interval = calculateTimeSeriesInterval(from, to); - const histogramTimestampField = '@timestamp'; - const dateHistogram = { - date_histogram: { - field: histogramTimestampField, - fixed_interval: interval, - min_doc_count: 0, - extended_bounds: { - min: moment(from).valueOf(), - max: moment(to).valueOf(), - }, - }, - }; - - const missing = - stackByField != null && showAllOthersBucket.includes(stackByField) - ? { - missing: stackByField?.endsWith('.ip') ? '0.0.0.0' : i18n.ALL_OTHERS, - } - : {}; - - return { - eventActionGroup: { - terms: { - field: stackByField, - ...missing, - order: { - _count: 'desc', - }, - size: 10, - }, - aggs: { - events: dateHistogram, - }, - }, - }; - }; - - const dslQuery = { - index: defaultIndex, - allowNoIndices: true, - ignoreUnavailable: true, - body: { - aggregations: getHistogramAggregation(), - query: { - bool: { - filter, - }, - }, - size: 0, - track_total_hits: true, - }, - }; - - return dslQuery; -}; diff --git a/x-pack/plugins/security_solution/server/lib/matrix_histogram/query_alerts.dsl.ts b/x-pack/plugins/security_solution/server/lib/matrix_histogram/query_alerts.dsl.ts deleted file mode 100644 index dd45109672480..0000000000000 --- a/x-pack/plugins/security_solution/server/lib/matrix_histogram/query_alerts.dsl.ts +++ /dev/null @@ -1,121 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import moment from 'moment'; - -import { createQueryFilterClauses, calculateTimeSeriesInterval } from '../../utils/build_query'; -import { buildTimelineQuery } from '../events/query.dsl'; -import { RequestOptions, MatrixHistogramRequestOptions } from '../framework'; - -export const buildAlertsQuery = (options: RequestOptions) => { - const eventsQuery = buildTimelineQuery(options); - const eventsFilter = eventsQuery.body.query.bool.filter; - const alertsFilter = [ - ...createQueryFilterClauses({ match: { 'event.kind': { query: 'alert' } } }), - ]; - - return { - ...eventsQuery, - body: { - ...eventsQuery.body, - query: { - bool: { - filter: [...eventsFilter, ...alertsFilter], - }, - }, - }, - }; -}; - -export const buildAlertsHistogramQuery = ({ - filterQuery, - timerange: { from, to }, - defaultIndex, - sourceConfiguration: { - fields: { timestamp }, - }, - stackByField, -}: MatrixHistogramRequestOptions) => { - const filter = [ - ...createQueryFilterClauses(filterQuery), - { - bool: { - filter: [ - { - bool: { - should: [ - { - match: { - 'event.kind': 'alert', - }, - }, - ], - minimum_should_match: 1, - }, - }, - ], - }, - }, - { - range: { - [timestamp]: { - gte: from, - lte: to, - format: 'strict_date_optional_time', - }, - }, - }, - ]; - - const getHistogramAggregation = () => { - const interval = calculateTimeSeriesInterval(from, to); - const histogramTimestampField = '@timestamp'; - const dateHistogram = { - date_histogram: { - field: histogramTimestampField, - fixed_interval: interval, - min_doc_count: 0, - extended_bounds: { - min: moment(from).valueOf(), - max: moment(to).valueOf(), - }, - }, - }; - return { - alertsGroup: { - terms: { - field: stackByField, - missing: 'All others', - order: { - _count: 'desc', - }, - size: 10, - }, - aggs: { - alerts: dateHistogram, - }, - }, - }; - }; - - const dslQuery = { - index: defaultIndex, - allowNoIndices: true, - ignoreUnavailable: true, - body: { - aggregations: getHistogramAggregation(), - query: { - bool: { - filter, - }, - }, - size: 0, - track_total_hits: true, - }, - }; - - return dslQuery; -}; diff --git a/x-pack/plugins/security_solution/server/lib/matrix_histogram/query_dns_histogram.dsl.ts b/x-pack/plugins/security_solution/server/lib/matrix_histogram/query_dns_histogram.dsl.ts deleted file mode 100644 index 7e71263988957..0000000000000 --- a/x-pack/plugins/security_solution/server/lib/matrix_histogram/query_dns_histogram.dsl.ts +++ /dev/null @@ -1,84 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import { createQueryFilterClauses, calculateTimeSeriesInterval } from '../../utils/build_query'; -import { MatrixHistogramRequestOptions } from '../framework'; - -export const buildDnsHistogramQuery = ({ - filterQuery, - timerange: { from, to }, - defaultIndex, - sourceConfiguration: { - fields: { timestamp }, - }, - stackByField, -}: MatrixHistogramRequestOptions) => { - const filter = [ - ...createQueryFilterClauses(filterQuery), - { - range: { - [timestamp]: { - gte: from, - lte: to, - format: 'strict_date_optional_time', - }, - }, - }, - ]; - - const getHistogramAggregation = () => { - const interval = calculateTimeSeriesInterval(from, to); - const histogramTimestampField = '@timestamp'; - const dateHistogram = { - date_histogram: { - field: histogramTimestampField, - fixed_interval: interval, - }, - }; - - return { - NetworkDns: { - ...dateHistogram, - aggs: { - dns: { - terms: { - field: stackByField, - order: { - orderAgg: 'desc', - }, - size: 10, - }, - aggs: { - orderAgg: { - cardinality: { - field: 'dns.question.name', - }, - }, - }, - }, - }, - }, - }; - }; - - const dslQuery = { - index: defaultIndex, - allowNoIndices: true, - ignoreUnavailable: true, - body: { - aggregations: getHistogramAggregation(), - query: { - bool: { - filter, - }, - }, - size: 0, - track_total_hits: true, - }, - }; - - return dslQuery; -}; diff --git a/x-pack/plugins/security_solution/server/lib/matrix_histogram/translations.ts b/x-pack/plugins/security_solution/server/lib/matrix_histogram/translations.ts deleted file mode 100644 index 0e46f5cff1445..0000000000000 --- a/x-pack/plugins/security_solution/server/lib/matrix_histogram/translations.ts +++ /dev/null @@ -1,14 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import { i18n } from '@kbn/i18n'; - -export const ALL_OTHERS = i18n.translate( - 'xpack.securitySolution.detectionEngine.alerts.histogram.allOthersGroupingLabel', - { - defaultMessage: 'All others', - } -); diff --git a/x-pack/plugins/security_solution/server/lib/matrix_histogram/types.ts b/x-pack/plugins/security_solution/server/lib/matrix_histogram/types.ts deleted file mode 100644 index 87ea4b81f5fba..0000000000000 --- a/x-pack/plugins/security_solution/server/lib/matrix_histogram/types.ts +++ /dev/null @@ -1,144 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import { - MatrixHistogramOverTimeData, - HistogramType, - MatrixOverTimeHistogramData, -} from '../../graphql/types'; -import { FrameworkRequest, MatrixHistogramRequestOptions } from '../framework'; -import { SearchHit } from '../types'; -import { EventHit } from '../events/types'; -import { AuthenticationHit } from '../authentications/types'; - -export interface HistogramBucket { - key: number; - doc_count: number; -} - -interface AlertsGroupData { - key: string; - doc_count: number; - alerts: { - buckets: HistogramBucket[]; - }; -} - -interface AnomaliesOverTimeHistogramData { - key_as_string: string; - key: number; - doc_count: number; -} - -export interface AnomaliesActionGroupData { - key: number; - anomalies: { - bucket: AnomaliesOverTimeHistogramData[]; - }; - doc_count: number; -} - -export interface AnomalySource { - [field: string]: any; // eslint-disable-line @typescript-eslint/no-explicit-any -} - -export interface AnomalyHit extends SearchHit { - sort: string[]; - _source: AnomalySource; - aggregations: { - [agg: string]: any; // eslint-disable-line @typescript-eslint/no-explicit-any - }; -} - -interface EventsOverTimeHistogramData { - key_as_string: string; - key: number; - doc_count: number; -} - -export interface EventsActionGroupData { - key: number; - events: { - bucket: EventsOverTimeHistogramData[]; - }; - doc_count: number; -} - -export interface DnsHistogramSubBucket { - key: string; - doc_count: number; - orderAgg: { - value: number; - }; -} -interface DnsHistogramBucket { - doc_count_error_upper_bound: number; - sum_other_doc_count: number; - buckets: DnsHistogramSubBucket[]; -} - -export interface DnsHistogramGroupData { - key: number; - doc_count: number; - key_as_string: string; - histogram: DnsHistogramBucket; -} - -export interface MatrixHistogramSchema { - buildDsl: (options: MatrixHistogramRequestOptions) => {}; - aggName: string; - parseKey: string; - parser?: ( - data: MatrixHistogramParseData, - keyBucket: string - ) => MatrixOverTimeHistogramData[]; -} - -export type MatrixHistogramParseData = T extends HistogramType.alerts - ? AlertsGroupData[] - : T extends HistogramType.anomalies - ? AnomaliesActionGroupData[] - : T extends HistogramType.dns - ? DnsHistogramGroupData[] - : T extends HistogramType.authentications - ? AuthenticationsActionGroupData[] - : T extends HistogramType.events - ? EventsActionGroupData[] - : never; - -export type MatrixHistogramHit = T extends HistogramType.alerts - ? EventHit - : T extends HistogramType.anomalies - ? AnomalyHit - : T extends HistogramType.dns - ? EventHit - : T extends HistogramType.authentications - ? AuthenticationHit - : T extends HistogramType.events - ? EventHit - : never; - -export type MatrixHistogramDataConfig = Record>; -interface AuthenticationsOverTimeHistogramData { - key_as_string: string; - key: number; - doc_count: number; -} - -export interface AuthenticationsActionGroupData { - key: number; - events: { - bucket: AuthenticationsOverTimeHistogramData[]; - }; - doc_count: number; -} - -export interface MatrixHistogramAdapter { - getHistogramData( - request: FrameworkRequest, - options: MatrixHistogramRequestOptions - ): Promise; -} diff --git a/x-pack/plugins/security_solution/server/lib/matrix_histogram/utils.ts b/x-pack/plugins/security_solution/server/lib/matrix_histogram/utils.ts deleted file mode 100644 index 4a6a38421f42a..0000000000000 --- a/x-pack/plugins/security_solution/server/lib/matrix_histogram/utils.ts +++ /dev/null @@ -1,50 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import { get, getOr } from 'lodash/fp'; -import { MatrixHistogramParseData, DnsHistogramSubBucket, HistogramBucket } from './types'; -import { MatrixOverTimeHistogramData } from '../../graphql/types'; - -export const getDnsParsedData = ( - data: MatrixHistogramParseData, - keyBucket: string -): MatrixOverTimeHistogramData[] => { - let result: MatrixOverTimeHistogramData[] = []; - data.forEach((bucketData: unknown) => { - const time = get('key', bucketData); - const histData = getOr([], keyBucket, bucketData).map( - // eslint-disable-next-line @typescript-eslint/naming-convention - ({ key, doc_count }: DnsHistogramSubBucket) => ({ - x: time, - y: doc_count, - g: key, - }) - ); - result = [...result, ...histData]; - }); - return result; -}; - -export const getGenericData = ( - data: MatrixHistogramParseData, - keyBucket: string -): MatrixOverTimeHistogramData[] => { - let result: MatrixOverTimeHistogramData[] = []; - data.forEach((bucketData: unknown) => { - const group = get('key', bucketData); - const histData = getOr([], keyBucket, bucketData).map( - // eslint-disable-next-line @typescript-eslint/naming-convention - ({ key, doc_count }: HistogramBucket) => ({ - x: key, - y: doc_count, - g: group, - }) - ); - result = [...result, ...histData]; - }); - - return result; -}; diff --git a/x-pack/plugins/security_solution/server/lib/network/__snapshots__/elastic_adapter.test.ts.snap b/x-pack/plugins/security_solution/server/lib/network/__snapshots__/elastic_adapter.test.ts.snap deleted file mode 100644 index 50454fcb6b351..0000000000000 --- a/x-pack/plugins/security_solution/server/lib/network/__snapshots__/elastic_adapter.test.ts.snap +++ /dev/null @@ -1,1366 +0,0 @@ -// Jest Snapshot v1, https://goo.gl/fbAQLP - -exports[`Network Top N flow elasticsearch_adapter with FlowTarget=source Unhappy Path - No geo data getNetworkTopNFlow 1`] = ` -Object { - "edges": Array [ - Object { - "cursor": Object { - "tiebreaker": null, - "value": "1.1.1.1", - }, - "node": Object { - "_id": "1.1.1.1", - "network": Object { - "bytes_in": 11276023407, - "bytes_out": 1025631, - }, - "source": Object { - "autonomous_system": Object { - "name": "Level 3 Parent, LLC", - "number": 3356, - }, - "destination_ips": 345345, - "domain": Array [ - "test.1.net", - ], - "flows": 1234567, - "ip": "1.1.1.1", - "location": null, - }, - }, - }, - Object { - "cursor": Object { - "tiebreaker": null, - "value": "2.2.2.2", - }, - "node": Object { - "_id": "2.2.2.2", - "network": Object { - "bytes_in": 5469323342, - "bytes_out": 2811441, - }, - "source": Object { - "autonomous_system": Object { - "name": "Level 3 Parent, LLC", - "number": 3356, - }, - "destination_ips": 345345, - "domain": Array [ - "test.2.net", - ], - "flows": 1234567, - "ip": "2.2.2.2", - "location": Object { - "flowTarget": "source", - "geo": Object { - "city_name": "Philadelphia", - "continent_name": "North America", - "country_iso_code": "US", - "location": Object { - "lat": 39.9359, - "lon": -75.1534, - }, - "region_iso_code": "US-PA", - "region_name": "Pennsylvania", - }, - }, - }, - }, - }, - Object { - "cursor": Object { - "tiebreaker": null, - "value": "3.3.3.3", - }, - "node": Object { - "_id": "3.3.3.3", - "network": Object { - "bytes_in": 3807671322, - "bytes_out": 4494034, - }, - "source": Object { - "autonomous_system": Object { - "name": "Level 3 Parent, LLC", - "number": 3356, - }, - "destination_ips": 345345, - "domain": Array [ - "test.3.com", - "test.3-duplicate.com", - ], - "flows": 1234567, - "ip": "3.3.3.3", - "location": Object { - "flowTarget": "source", - "geo": Object { - "city_name": "Philadelphia", - "continent_name": "North America", - "country_iso_code": "US", - "location": Object { - "lat": 39.9359, - "lon": -75.1534, - }, - "region_iso_code": "US-PA", - "region_name": "Pennsylvania", - }, - }, - }, - }, - }, - Object { - "cursor": Object { - "tiebreaker": null, - "value": "4.4.4.4", - }, - "node": Object { - "_id": "4.4.4.4", - "network": Object { - "bytes_in": 166517626, - "bytes_out": 3194782, - }, - "source": Object { - "autonomous_system": Object { - "name": "Level 3 Parent, LLC", - "number": 3356, - }, - "destination_ips": 345345, - "domain": Array [ - "test.4.com", - ], - "flows": 1234567, - "ip": "4.4.4.4", - "location": Object { - "flowTarget": "source", - "geo": Object { - "city_name": "Philadelphia", - "continent_name": "North America", - "country_iso_code": "US", - "location": Object { - "lat": 39.9359, - "lon": -75.1534, - }, - "region_iso_code": "US-PA", - "region_name": "Pennsylvania", - }, - }, - }, - }, - }, - Object { - "cursor": Object { - "tiebreaker": null, - "value": "5.5.5.5", - }, - "node": Object { - "_id": "5.5.5.5", - "network": Object { - "bytes_in": 104785026, - "bytes_out": 1838597, - }, - "source": Object { - "autonomous_system": Object { - "name": "Level 3 Parent, LLC", - "number": 3356, - }, - "destination_ips": 345345, - "domain": Array [ - "test.5.com", - ], - "flows": 1234567, - "ip": "5.5.5.5", - "location": Object { - "flowTarget": "source", - "geo": Object { - "city_name": "Philadelphia", - "continent_name": "North America", - "country_iso_code": "US", - "location": Object { - "lat": 39.9359, - "lon": -75.1534, - }, - "region_iso_code": "US-PA", - "region_name": "Pennsylvania", - }, - }, - }, - }, - }, - Object { - "cursor": Object { - "tiebreaker": null, - "value": "6.6.6.6", - }, - "node": Object { - "_id": "6.6.6.6", - "network": Object { - "bytes_in": 28804250, - "bytes_out": 482982, - }, - "source": Object { - "autonomous_system": Object { - "name": "Level 3 Parent, LLC", - "number": 3356, - }, - "destination_ips": 345345, - "domain": Array [ - "test.6.com", - ], - "flows": 1234567, - "ip": "6.6.6.6", - "location": Object { - "flowTarget": "source", - "geo": Object { - "city_name": "Philadelphia", - "continent_name": "North America", - "country_iso_code": "US", - "location": Object { - "lat": 39.9359, - "lon": -75.1534, - }, - "region_iso_code": "US-PA", - "region_name": "Pennsylvania", - }, - }, - }, - }, - }, - Object { - "cursor": Object { - "tiebreaker": null, - "value": "7.7.7.7", - }, - "node": Object { - "_id": "7.7.7.7", - "network": Object { - "bytes_in": 23032363, - "bytes_out": 400623, - }, - "source": Object { - "autonomous_system": Object { - "name": "Level 3 Parent, LLC", - "number": 3356, - }, - "destination_ips": 345345, - "domain": Array [ - "test.7.com", - ], - "flows": 1234567, - "ip": "7.7.7.7", - "location": Object { - "flowTarget": "source", - "geo": Object { - "city_name": "Philadelphia", - "continent_name": "North America", - "country_iso_code": "US", - "location": Object { - "lat": 39.9359, - "lon": -75.1534, - }, - "region_iso_code": "US-PA", - "region_name": "Pennsylvania", - }, - }, - }, - }, - }, - Object { - "cursor": Object { - "tiebreaker": null, - "value": "8.8.8.8", - }, - "node": Object { - "_id": "8.8.8.8", - "network": Object { - "bytes_in": 21424889, - "bytes_out": 344357, - }, - "source": Object { - "autonomous_system": Object { - "name": "Level 3 Parent, LLC", - "number": 3356, - }, - "destination_ips": 345345, - "domain": Array [ - "test.8.com", - ], - "flows": 1234567, - "ip": "8.8.8.8", - "location": Object { - "flowTarget": "source", - "geo": Object { - "city_name": "Philadelphia", - "continent_name": "North America", - "country_iso_code": "US", - "location": Object { - "lat": 39.9359, - "lon": -75.1534, - }, - "region_iso_code": "US-PA", - "region_name": "Pennsylvania", - }, - }, - }, - }, - }, - Object { - "cursor": Object { - "tiebreaker": null, - "value": "9.9.9.9", - }, - "node": Object { - "_id": "9.9.9.9", - "network": Object { - "bytes_in": 19205000, - "bytes_out": 355663, - }, - "source": Object { - "autonomous_system": Object { - "name": "Level 3 Parent, LLC", - "number": 3356, - }, - "destination_ips": 345345, - "domain": Array [ - "test.9.com", - ], - "flows": 1234567, - "ip": "9.9.9.9", - "location": Object { - "flowTarget": "source", - "geo": Object { - "city_name": "Philadelphia", - "continent_name": "North America", - "country_iso_code": "US", - "location": Object { - "lat": 39.9359, - "lon": -75.1534, - }, - "region_iso_code": "US-PA", - "region_name": "Pennsylvania", - }, - }, - }, - }, - }, - Object { - "cursor": Object { - "tiebreaker": null, - "value": "10.10.10.10", - }, - "node": Object { - "_id": "10.10.10.10", - "network": Object { - "bytes_in": 11407633, - "bytes_out": 199360, - }, - "source": Object { - "autonomous_system": Object { - "name": "Level 3 Parent, LLC", - "number": 3356, - }, - "destination_ips": 345345, - "domain": Array [ - "test.10.com", - ], - "flows": 1234567, - "ip": "10.10.10.10", - "location": Object { - "flowTarget": "source", - "geo": Object { - "city_name": "Philadelphia", - "continent_name": "North America", - "country_iso_code": "US", - "location": Object { - "lat": 39.9359, - "lon": -75.1534, - }, - "region_iso_code": "US-PA", - "region_name": "Pennsylvania", - }, - }, - }, - }, - }, - ], - "inspect": Object { - "dsl": Array [ - "{ - \\"mockTopNFlowQueryDsl\\": \\"mockTopNFlowQueryDsl\\" -}", - ], - "response": Array [ - "{ - \\"took\\": 122, - \\"timed_out\\": false, - \\"_shards\\": { - \\"total\\": 11, - \\"successful\\": 11, - \\"skipped\\": 0, - \\"failed\\": 0 - }, - \\"hits\\": { - \\"max_score\\": null, - \\"hits\\": [] - }, - \\"aggregations\\": { - \\"top_n_flow_count\\": { - \\"value\\": 545 - }, - \\"source\\": { - \\"buckets\\": [ - { - \\"key\\": \\"1.1.1.1\\", - \\"flows\\": { - \\"value\\": 1234567 - }, - \\"destination_ips\\": { - \\"value\\": 345345 - }, - \\"bytes_in\\": { - \\"value\\": 11276023407 - }, - \\"bytes_out\\": { - \\"value\\": 1025631 - }, - \\"location\\": { - \\"doc_count\\": 14, - \\"top_geo\\": { - \\"hits\\": { - \\"total\\": { - \\"value\\": 14, - \\"relation\\": \\"eq\\" - }, - \\"max_score\\": 1, - \\"hits\\": [] - } - } - }, - \\"autonomous_system\\": { - \\"doc_count\\": 14, - \\"top_as\\": { - \\"hits\\": { - \\"total\\": { - \\"value\\": 14, - \\"relation\\": \\"eq\\" - }, - \\"max_score\\": 1, - \\"hits\\": [ - { - \\"_index\\": \\"filebeat-8.0.0-2019.06.19-000005\\", - \\"_type\\": \\"_doc\\", - \\"_id\\": \\"dd4fa2d4bd-692279846149410\\", - \\"_score\\": 1, - \\"_source\\": { - \\"source\\": { - \\"as\\": { - \\"number\\": 3356, - \\"organization\\": { - \\"name\\": \\"Level 3 Parent, LLC\\" - } - } - } - } - } - ] - } - } - }, - \\"domain\\": { - \\"buckets\\": [ - { - \\"key\\": \\"test.1.net\\" - } - ] - } - }, - { - \\"key\\": \\"2.2.2.2\\", - \\"flows\\": { - \\"value\\": 1234567 - }, - \\"destination_ips\\": { - \\"value\\": 345345 - }, - \\"bytes_in\\": { - \\"value\\": 5469323342 - }, - \\"bytes_out\\": { - \\"value\\": 2811441 - }, - \\"location\\": { - \\"doc_count\\": 14, - \\"top_geo\\": { - \\"hits\\": { - \\"total\\": { - \\"value\\": 14, - \\"relation\\": \\"eq\\" - }, - \\"max_score\\": 1, - \\"hits\\": [ - { - \\"_index\\": \\"filebeat-8.0.0-2019.06.19-000005\\", - \\"_type\\": \\"_doc\\", - \\"_id\\": \\"dd4fa2d4bd-692279846149410\\", - \\"_score\\": 1, - \\"_source\\": { - \\"source\\": { - \\"geo\\": { - \\"continent_name\\": \\"North America\\", - \\"region_iso_code\\": \\"US-PA\\", - \\"city_name\\": \\"Philadelphia\\", - \\"country_iso_code\\": \\"US\\", - \\"region_name\\": \\"Pennsylvania\\", - \\"location\\": { - \\"lon\\": -75.1534, - \\"lat\\": 39.9359 - } - } - } - } - } - ] - } - } - }, - \\"autonomous_system\\": { - \\"doc_count\\": 14, - \\"top_as\\": { - \\"hits\\": { - \\"total\\": { - \\"value\\": 14, - \\"relation\\": \\"eq\\" - }, - \\"max_score\\": 1, - \\"hits\\": [ - { - \\"_index\\": \\"filebeat-8.0.0-2019.06.19-000005\\", - \\"_type\\": \\"_doc\\", - \\"_id\\": \\"dd4fa2d4bd-692279846149410\\", - \\"_score\\": 1, - \\"_source\\": { - \\"source\\": { - \\"as\\": { - \\"number\\": 3356, - \\"organization\\": { - \\"name\\": \\"Level 3 Parent, LLC\\" - } - } - } - } - } - ] - } - } - }, - \\"domain\\": { - \\"buckets\\": [ - { - \\"key\\": \\"test.2.net\\" - } - ] - } - }, - { - \\"key\\": \\"3.3.3.3\\", - \\"flows\\": { - \\"value\\": 1234567 - }, - \\"destination_ips\\": { - \\"value\\": 345345 - }, - \\"bytes_in\\": { - \\"value\\": 3807671322 - }, - \\"bytes_out\\": { - \\"value\\": 4494034 - }, - \\"location\\": { - \\"doc_count\\": 14, - \\"top_geo\\": { - \\"hits\\": { - \\"total\\": { - \\"value\\": 14, - \\"relation\\": \\"eq\\" - }, - \\"max_score\\": 1, - \\"hits\\": [ - { - \\"_index\\": \\"filebeat-8.0.0-2019.06.19-000005\\", - \\"_type\\": \\"_doc\\", - \\"_id\\": \\"dd4fa2d4bd-692279846149410\\", - \\"_score\\": 1, - \\"_source\\": { - \\"source\\": { - \\"geo\\": { - \\"continent_name\\": \\"North America\\", - \\"region_iso_code\\": \\"US-PA\\", - \\"city_name\\": \\"Philadelphia\\", - \\"country_iso_code\\": \\"US\\", - \\"region_name\\": \\"Pennsylvania\\", - \\"location\\": { - \\"lon\\": -75.1534, - \\"lat\\": 39.9359 - } - } - } - } - } - ] - } - } - }, - \\"autonomous_system\\": { - \\"doc_count\\": 14, - \\"top_as\\": { - \\"hits\\": { - \\"total\\": { - \\"value\\": 14, - \\"relation\\": \\"eq\\" - }, - \\"max_score\\": 1, - \\"hits\\": [ - { - \\"_index\\": \\"filebeat-8.0.0-2019.06.19-000005\\", - \\"_type\\": \\"_doc\\", - \\"_id\\": \\"dd4fa2d4bd-692279846149410\\", - \\"_score\\": 1, - \\"_source\\": { - \\"source\\": { - \\"as\\": { - \\"number\\": 3356, - \\"organization\\": { - \\"name\\": \\"Level 3 Parent, LLC\\" - } - } - } - } - } - ] - } - } - }, - \\"domain\\": { - \\"buckets\\": [ - { - \\"key\\": \\"test.3.com\\" - }, - { - \\"key\\": \\"test.3-duplicate.com\\" - } - ] - } - }, - { - \\"key\\": \\"4.4.4.4\\", - \\"flows\\": { - \\"value\\": 1234567 - }, - \\"destination_ips\\": { - \\"value\\": 345345 - }, - \\"bytes_in\\": { - \\"value\\": 166517626 - }, - \\"bytes_out\\": { - \\"value\\": 3194782 - }, - \\"location\\": { - \\"doc_count\\": 14, - \\"top_geo\\": { - \\"hits\\": { - \\"total\\": { - \\"value\\": 14, - \\"relation\\": \\"eq\\" - }, - \\"max_score\\": 1, - \\"hits\\": [ - { - \\"_index\\": \\"filebeat-8.0.0-2019.06.19-000005\\", - \\"_type\\": \\"_doc\\", - \\"_id\\": \\"dd4fa2d4bd-692279846149410\\", - \\"_score\\": 1, - \\"_source\\": { - \\"source\\": { - \\"geo\\": { - \\"continent_name\\": \\"North America\\", - \\"region_iso_code\\": \\"US-PA\\", - \\"city_name\\": \\"Philadelphia\\", - \\"country_iso_code\\": \\"US\\", - \\"region_name\\": \\"Pennsylvania\\", - \\"location\\": { - \\"lon\\": -75.1534, - \\"lat\\": 39.9359 - } - } - } - } - } - ] - } - } - }, - \\"autonomous_system\\": { - \\"doc_count\\": 14, - \\"top_as\\": { - \\"hits\\": { - \\"total\\": { - \\"value\\": 14, - \\"relation\\": \\"eq\\" - }, - \\"max_score\\": 1, - \\"hits\\": [ - { - \\"_index\\": \\"filebeat-8.0.0-2019.06.19-000005\\", - \\"_type\\": \\"_doc\\", - \\"_id\\": \\"dd4fa2d4bd-692279846149410\\", - \\"_score\\": 1, - \\"_source\\": { - \\"source\\": { - \\"as\\": { - \\"number\\": 3356, - \\"organization\\": { - \\"name\\": \\"Level 3 Parent, LLC\\" - } - } - } - } - } - ] - } - } - }, - \\"domain\\": { - \\"buckets\\": [ - { - \\"key\\": \\"test.4.com\\" - } - ] - } - }, - { - \\"key\\": \\"5.5.5.5\\", - \\"flows\\": { - \\"value\\": 1234567 - }, - \\"destination_ips\\": { - \\"value\\": 345345 - }, - \\"bytes_in\\": { - \\"value\\": 104785026 - }, - \\"bytes_out\\": { - \\"value\\": 1838597 - }, - \\"location\\": { - \\"doc_count\\": 14, - \\"top_geo\\": { - \\"hits\\": { - \\"total\\": { - \\"value\\": 14, - \\"relation\\": \\"eq\\" - }, - \\"max_score\\": 1, - \\"hits\\": [ - { - \\"_index\\": \\"filebeat-8.0.0-2019.06.19-000005\\", - \\"_type\\": \\"_doc\\", - \\"_id\\": \\"dd4fa2d4bd-692279846149410\\", - \\"_score\\": 1, - \\"_source\\": { - \\"source\\": { - \\"geo\\": { - \\"continent_name\\": \\"North America\\", - \\"region_iso_code\\": \\"US-PA\\", - \\"city_name\\": \\"Philadelphia\\", - \\"country_iso_code\\": \\"US\\", - \\"region_name\\": \\"Pennsylvania\\", - \\"location\\": { - \\"lon\\": -75.1534, - \\"lat\\": 39.9359 - } - } - } - } - } - ] - } - } - }, - \\"autonomous_system\\": { - \\"doc_count\\": 14, - \\"top_as\\": { - \\"hits\\": { - \\"total\\": { - \\"value\\": 14, - \\"relation\\": \\"eq\\" - }, - \\"max_score\\": 1, - \\"hits\\": [ - { - \\"_index\\": \\"filebeat-8.0.0-2019.06.19-000005\\", - \\"_type\\": \\"_doc\\", - \\"_id\\": \\"dd4fa2d4bd-692279846149410\\", - \\"_score\\": 1, - \\"_source\\": { - \\"source\\": { - \\"as\\": { - \\"number\\": 3356, - \\"organization\\": { - \\"name\\": \\"Level 3 Parent, LLC\\" - } - } - } - } - } - ] - } - } - }, - \\"domain\\": { - \\"buckets\\": [ - { - \\"key\\": \\"test.5.com\\" - } - ] - } - }, - { - \\"key\\": \\"6.6.6.6\\", - \\"flows\\": { - \\"value\\": 1234567 - }, - \\"destination_ips\\": { - \\"value\\": 345345 - }, - \\"bytes_in\\": { - \\"value\\": 28804250 - }, - \\"bytes_out\\": { - \\"value\\": 482982 - }, - \\"location\\": { - \\"doc_count\\": 14, - \\"top_geo\\": { - \\"hits\\": { - \\"total\\": { - \\"value\\": 14, - \\"relation\\": \\"eq\\" - }, - \\"max_score\\": 1, - \\"hits\\": [ - { - \\"_index\\": \\"filebeat-8.0.0-2019.06.19-000005\\", - \\"_type\\": \\"_doc\\", - \\"_id\\": \\"dd4fa2d4bd-692279846149410\\", - \\"_score\\": 1, - \\"_source\\": { - \\"source\\": { - \\"geo\\": { - \\"continent_name\\": \\"North America\\", - \\"region_iso_code\\": \\"US-PA\\", - \\"city_name\\": \\"Philadelphia\\", - \\"country_iso_code\\": \\"US\\", - \\"region_name\\": \\"Pennsylvania\\", - \\"location\\": { - \\"lon\\": -75.1534, - \\"lat\\": 39.9359 - } - } - } - } - } - ] - } - } - }, - \\"autonomous_system\\": { - \\"doc_count\\": 14, - \\"top_as\\": { - \\"hits\\": { - \\"total\\": { - \\"value\\": 14, - \\"relation\\": \\"eq\\" - }, - \\"max_score\\": 1, - \\"hits\\": [ - { - \\"_index\\": \\"filebeat-8.0.0-2019.06.19-000005\\", - \\"_type\\": \\"_doc\\", - \\"_id\\": \\"dd4fa2d4bd-692279846149410\\", - \\"_score\\": 1, - \\"_source\\": { - \\"source\\": { - \\"as\\": { - \\"number\\": 3356, - \\"organization\\": { - \\"name\\": \\"Level 3 Parent, LLC\\" - } - } - } - } - } - ] - } - } - }, - \\"domain\\": { - \\"doc_count_error_upper_bound\\": 0, - \\"sum_other_doc_count\\": 31, - \\"buckets\\": [ - { - \\"key\\": \\"test.6.com\\" - } - ] - } - }, - { - \\"key\\": \\"7.7.7.7\\", - \\"flows\\": { - \\"value\\": 1234567 - }, - \\"destination_ips\\": { - \\"value\\": 345345 - }, - \\"bytes_in\\": { - \\"value\\": 23032363 - }, - \\"bytes_out\\": { - \\"value\\": 400623 - }, - \\"location\\": { - \\"doc_count\\": 14, - \\"top_geo\\": { - \\"hits\\": { - \\"total\\": { - \\"value\\": 14, - \\"relation\\": \\"eq\\" - }, - \\"max_score\\": 1, - \\"hits\\": [ - { - \\"_index\\": \\"filebeat-8.0.0-2019.06.19-000005\\", - \\"_type\\": \\"_doc\\", - \\"_id\\": \\"dd4fa2d4bd-692279846149410\\", - \\"_score\\": 1, - \\"_source\\": { - \\"source\\": { - \\"geo\\": { - \\"continent_name\\": \\"North America\\", - \\"region_iso_code\\": \\"US-PA\\", - \\"city_name\\": \\"Philadelphia\\", - \\"country_iso_code\\": \\"US\\", - \\"region_name\\": \\"Pennsylvania\\", - \\"location\\": { - \\"lon\\": -75.1534, - \\"lat\\": 39.9359 - } - } - } - } - } - ] - } - } - }, - \\"autonomous_system\\": { - \\"doc_count\\": 14, - \\"top_as\\": { - \\"hits\\": { - \\"total\\": { - \\"value\\": 14, - \\"relation\\": \\"eq\\" - }, - \\"max_score\\": 1, - \\"hits\\": [ - { - \\"_index\\": \\"filebeat-8.0.0-2019.06.19-000005\\", - \\"_type\\": \\"_doc\\", - \\"_id\\": \\"dd4fa2d4bd-692279846149410\\", - \\"_score\\": 1, - \\"_source\\": { - \\"source\\": { - \\"as\\": { - \\"number\\": 3356, - \\"organization\\": { - \\"name\\": \\"Level 3 Parent, LLC\\" - } - } - } - } - } - ] - } - } - }, - \\"domain\\": { - \\"doc_count_error_upper_bound\\": 0, - \\"sum_other_doc_count\\": 0, - \\"buckets\\": [ - { - \\"key\\": \\"test.7.com\\" - } - ] - } - }, - { - \\"key\\": \\"8.8.8.8\\", - \\"flows\\": { - \\"value\\": 1234567 - }, - \\"destination_ips\\": { - \\"value\\": 345345 - }, - \\"bytes_in\\": { - \\"value\\": 21424889 - }, - \\"bytes_out\\": { - \\"value\\": 344357 - }, - \\"location\\": { - \\"doc_count\\": 14, - \\"top_geo\\": { - \\"hits\\": { - \\"total\\": { - \\"value\\": 14, - \\"relation\\": \\"eq\\" - }, - \\"max_score\\": 1, - \\"hits\\": [ - { - \\"_index\\": \\"filebeat-8.0.0-2019.06.19-000005\\", - \\"_type\\": \\"_doc\\", - \\"_id\\": \\"dd4fa2d4bd-692279846149410\\", - \\"_score\\": 1, - \\"_source\\": { - \\"source\\": { - \\"geo\\": { - \\"continent_name\\": \\"North America\\", - \\"region_iso_code\\": \\"US-PA\\", - \\"city_name\\": \\"Philadelphia\\", - \\"country_iso_code\\": \\"US\\", - \\"region_name\\": \\"Pennsylvania\\", - \\"location\\": { - \\"lon\\": -75.1534, - \\"lat\\": 39.9359 - } - } - } - } - } - ] - } - } - }, - \\"autonomous_system\\": { - \\"doc_count\\": 14, - \\"top_as\\": { - \\"hits\\": { - \\"total\\": { - \\"value\\": 14, - \\"relation\\": \\"eq\\" - }, - \\"max_score\\": 1, - \\"hits\\": [ - { - \\"_index\\": \\"filebeat-8.0.0-2019.06.19-000005\\", - \\"_type\\": \\"_doc\\", - \\"_id\\": \\"dd4fa2d4bd-692279846149410\\", - \\"_score\\": 1, - \\"_source\\": { - \\"source\\": { - \\"as\\": { - \\"number\\": 3356, - \\"organization\\": { - \\"name\\": \\"Level 3 Parent, LLC\\" - } - } - } - } - } - ] - } - } - }, - \\"domain\\": { - \\"buckets\\": [ - { - \\"key\\": \\"test.8.com\\" - } - ] - } - }, - { - \\"key\\": \\"9.9.9.9\\", - \\"flows\\": { - \\"value\\": 1234567 - }, - \\"destination_ips\\": { - \\"value\\": 345345 - }, - \\"bytes_in\\": { - \\"value\\": 19205000 - }, - \\"bytes_out\\": { - \\"value\\": 355663 - }, - \\"location\\": { - \\"doc_count\\": 14, - \\"top_geo\\": { - \\"hits\\": { - \\"total\\": { - \\"value\\": 14, - \\"relation\\": \\"eq\\" - }, - \\"max_score\\": 1, - \\"hits\\": [ - { - \\"_index\\": \\"filebeat-8.0.0-2019.06.19-000005\\", - \\"_type\\": \\"_doc\\", - \\"_id\\": \\"dd4fa2d4bd-692279846149410\\", - \\"_score\\": 1, - \\"_source\\": { - \\"source\\": { - \\"geo\\": { - \\"continent_name\\": \\"North America\\", - \\"region_iso_code\\": \\"US-PA\\", - \\"city_name\\": \\"Philadelphia\\", - \\"country_iso_code\\": \\"US\\", - \\"region_name\\": \\"Pennsylvania\\", - \\"location\\": { - \\"lon\\": -75.1534, - \\"lat\\": 39.9359 - } - } - } - } - } - ] - } - } - }, - \\"autonomous_system\\": { - \\"doc_count\\": 14, - \\"top_as\\": { - \\"hits\\": { - \\"total\\": { - \\"value\\": 14, - \\"relation\\": \\"eq\\" - }, - \\"max_score\\": 1, - \\"hits\\": [ - { - \\"_index\\": \\"filebeat-8.0.0-2019.06.19-000005\\", - \\"_type\\": \\"_doc\\", - \\"_id\\": \\"dd4fa2d4bd-692279846149410\\", - \\"_score\\": 1, - \\"_source\\": { - \\"source\\": { - \\"as\\": { - \\"number\\": 3356, - \\"organization\\": { - \\"name\\": \\"Level 3 Parent, LLC\\" - } - } - } - } - } - ] - } - } - }, - \\"domain\\": { - \\"buckets\\": [ - { - \\"key\\": \\"test.9.com\\" - } - ] - } - }, - { - \\"key\\": \\"10.10.10.10\\", - \\"flows\\": { - \\"value\\": 1234567 - }, - \\"destination_ips\\": { - \\"value\\": 345345 - }, - \\"bytes_in\\": { - \\"value\\": 11407633 - }, - \\"bytes_out\\": { - \\"value\\": 199360 - }, - \\"location\\": { - \\"doc_count\\": 14, - \\"top_geo\\": { - \\"hits\\": { - \\"total\\": { - \\"value\\": 14, - \\"relation\\": \\"eq\\" - }, - \\"max_score\\": 1, - \\"hits\\": [ - { - \\"_index\\": \\"filebeat-8.0.0-2019.06.19-000005\\", - \\"_type\\": \\"_doc\\", - \\"_id\\": \\"dd4fa2d4bd-692279846149410\\", - \\"_score\\": 1, - \\"_source\\": { - \\"source\\": { - \\"geo\\": { - \\"continent_name\\": \\"North America\\", - \\"region_iso_code\\": \\"US-PA\\", - \\"city_name\\": \\"Philadelphia\\", - \\"country_iso_code\\": \\"US\\", - \\"region_name\\": \\"Pennsylvania\\", - \\"location\\": { - \\"lon\\": -75.1534, - \\"lat\\": 39.9359 - } - } - } - } - } - ] - } - } - }, - \\"autonomous_system\\": { - \\"doc_count\\": 14, - \\"top_as\\": { - \\"hits\\": { - \\"total\\": { - \\"value\\": 14, - \\"relation\\": \\"eq\\" - }, - \\"max_score\\": 1, - \\"hits\\": [ - { - \\"_index\\": \\"filebeat-8.0.0-2019.06.19-000005\\", - \\"_type\\": \\"_doc\\", - \\"_id\\": \\"dd4fa2d4bd-692279846149410\\", - \\"_score\\": 1, - \\"_source\\": { - \\"source\\": { - \\"as\\": { - \\"number\\": 3356, - \\"organization\\": { - \\"name\\": \\"Level 3 Parent, LLC\\" - } - } - } - } - } - ] - } - } - }, - \\"domain\\": { - \\"buckets\\": [ - { - \\"key\\": \\"test.10.com\\" - } - ] - } - }, - { - \\"key\\": \\"11.11.11.11\\", - \\"flows\\": { - \\"value\\": 1234567 - }, - \\"destination_ips\\": { - \\"value\\": 345345 - }, - \\"bytes_in\\": { - \\"value\\": 11393327 - }, - \\"bytes_out\\": { - \\"value\\": 195914 - }, - \\"location\\": { - \\"doc_count\\": 14, - \\"top_geo\\": { - \\"hits\\": { - \\"total\\": { - \\"value\\": 14, - \\"relation\\": \\"eq\\" - }, - \\"max_score\\": 1, - \\"hits\\": [ - { - \\"_index\\": \\"filebeat-8.0.0-2019.06.19-000005\\", - \\"_type\\": \\"_doc\\", - \\"_id\\": \\"dd4fa2d4bd-692279846149410\\", - \\"_score\\": 1, - \\"_source\\": { - \\"source\\": { - \\"geo\\": { - \\"continent_name\\": \\"North America\\", - \\"region_iso_code\\": \\"US-PA\\", - \\"city_name\\": \\"Philadelphia\\", - \\"country_iso_code\\": \\"US\\", - \\"region_name\\": \\"Pennsylvania\\", - \\"location\\": { - \\"lon\\": -75.1534, - \\"lat\\": 39.9359 - } - } - } - } - } - ] - } - } - }, - \\"autonomous_system\\": { - \\"doc_count\\": 14, - \\"top_as\\": { - \\"hits\\": { - \\"total\\": { - \\"value\\": 14, - \\"relation\\": \\"eq\\" - }, - \\"max_score\\": 1, - \\"hits\\": [ - { - \\"_index\\": \\"filebeat-8.0.0-2019.06.19-000005\\", - \\"_type\\": \\"_doc\\", - \\"_id\\": \\"dd4fa2d4bd-692279846149410\\", - \\"_score\\": 1, - \\"_source\\": { - \\"source\\": { - \\"as\\": { - \\"number\\": 3356, - \\"organization\\": { - \\"name\\": \\"Level 3 Parent, LLC\\" - } - } - } - } - } - ] - } - } - }, - \\"domain\\": { - \\"buckets\\": [ - { - \\"key\\": \\"test.11.com\\" - } - ] - } - } - ] - } - } -}", - ], - }, - "pageInfo": Object { - "activePage": 0, - "fakeTotalCount": 50, - "showMorePagesIndicator": true, - }, - "totalCount": 545, -} -`; diff --git a/x-pack/plugins/security_solution/server/lib/network/elastic_adapter.test.ts b/x-pack/plugins/security_solution/server/lib/network/elastic_adapter.test.ts deleted file mode 100644 index eab461ee07ca7..0000000000000 --- a/x-pack/plugins/security_solution/server/lib/network/elastic_adapter.test.ts +++ /dev/null @@ -1,171 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import { cloneDeep } from 'lodash/fp'; - -import { FlowTargetSourceDest, NetworkTopNFlowData } from '../../graphql/types'; -import { FrameworkAdapter, FrameworkRequest } from '../framework'; - -import { ElasticsearchNetworkAdapter } from './elasticsearch_adapter'; -import { - mockOptions, - mockRequest, - mockResponse, - mockResult, - mockOptionsIp, - mockRequestIp, - mockResponseIp, - mockResultIp, - mockTopNFlowQueryDsl, -} from './mock'; - -jest.mock('./query_top_n_flow.dsl', () => { - const r = jest.requireActual('./query_top_n_flow.dsl'); - return { - ...r, - buildTopNFlowQuery: jest.fn(() => mockTopNFlowQueryDsl), - }; -}); - -describe('Network Top N flow elasticsearch_adapter with FlowTarget=source', () => { - describe('Happy Path - get Data', () => { - const mockCallWithRequest = jest.fn(); - mockCallWithRequest.mockResolvedValue(mockResponse); - const mockFramework: FrameworkAdapter = { - callWithRequest: mockCallWithRequest, - getIndexPatternsService: jest.fn(), - registerGraphQLEndpoint: jest.fn(), - }; - jest.doMock('../framework', () => ({ - callWithRequest: mockCallWithRequest, - })); - - test('getNetworkTopNFlow', async () => { - const EsNetworkTopNFlow = new ElasticsearchNetworkAdapter(mockFramework); - const data: NetworkTopNFlowData = await EsNetworkTopNFlow.getNetworkTopNFlow( - mockRequest as FrameworkRequest, - mockOptions - ); - expect(data).toEqual(mockResult); - }); - }); - - describe('Unhappy Path - No data', () => { - const mockNoDataResponse = cloneDeep(mockResponse); - mockNoDataResponse.aggregations.top_n_flow_count.value = 0; - mockNoDataResponse.aggregations[FlowTargetSourceDest.source].buckets = []; - const mockCallWithRequest = jest.fn(); - mockCallWithRequest.mockResolvedValue(mockNoDataResponse); - const mockFramework: FrameworkAdapter = { - callWithRequest: mockCallWithRequest, - registerGraphQLEndpoint: jest.fn(), - getIndexPatternsService: jest.fn(), - }; - jest.doMock('../framework', () => ({ - callWithRequest: mockCallWithRequest, - })); - - test('getNetworkTopNFlow', async () => { - const EsNetworkTopNFlow = new ElasticsearchNetworkAdapter(mockFramework); - const data: NetworkTopNFlowData = await EsNetworkTopNFlow.getNetworkTopNFlow( - mockRequest as FrameworkRequest, - mockOptions - ); - expect(data).toEqual({ - inspect: { - dsl: [JSON.stringify(mockTopNFlowQueryDsl, null, 2)], - response: [JSON.stringify(mockNoDataResponse, null, 2)], - }, - edges: [], - pageInfo: { - activePage: 0, - fakeTotalCount: 0, - showMorePagesIndicator: false, - }, - totalCount: 0, - }); - }); - }); - - describe('Unhappy Path - No geo data', () => { - const mockCallWithRequest = jest.fn(); - const mockNoGeoDataResponse = cloneDeep(mockResponse); - // sometimes bad things happen to good ecs - mockNoGeoDataResponse.aggregations[ - FlowTargetSourceDest.source - ].buckets[0].location.top_geo.hits.hits = []; - mockCallWithRequest.mockResolvedValue(mockNoGeoDataResponse); - const mockFramework: FrameworkAdapter = { - callWithRequest: mockCallWithRequest, - getIndexPatternsService: jest.fn(), - registerGraphQLEndpoint: jest.fn(), - }; - jest.doMock('../framework', () => ({ - callWithRequest: mockCallWithRequest, - })); - - test('getNetworkTopNFlow', async () => { - const EsNetworkTopNFlow = new ElasticsearchNetworkAdapter(mockFramework); - const data: NetworkTopNFlowData = await EsNetworkTopNFlow.getNetworkTopNFlow( - mockRequest as FrameworkRequest, - mockOptions - ); - expect(data).toMatchSnapshot(); - }); - }); - - describe('No pagination', () => { - const mockNoPaginationResponse = cloneDeep(mockResponse); - mockNoPaginationResponse.aggregations.top_n_flow_count.value = 10; - mockNoPaginationResponse.aggregations[ - FlowTargetSourceDest.source - ].buckets = mockNoPaginationResponse.aggregations[FlowTargetSourceDest.source].buckets.slice( - 0, - -1 - ); - const mockCallWithRequest = jest.fn(); - mockCallWithRequest.mockResolvedValue(mockNoPaginationResponse); - const mockFramework: FrameworkAdapter = { - callWithRequest: mockCallWithRequest, - registerGraphQLEndpoint: jest.fn(), - getIndexPatternsService: jest.fn(), - }; - jest.doMock('../framework', () => ({ - callWithRequest: mockCallWithRequest, - })); - - test('getNetworkTopNFlow', async () => { - const EsNetworkTopNFlow = new ElasticsearchNetworkAdapter(mockFramework); - const data: NetworkTopNFlowData = await EsNetworkTopNFlow.getNetworkTopNFlow( - mockRequest as FrameworkRequest, - mockOptions - ); - expect(data.pageInfo.showMorePagesIndicator).toBeFalsy(); - }); - }); - - describe('Filter by IP', () => { - const mockCallWithRequest = jest.fn(); - mockCallWithRequest.mockResolvedValue(mockResponseIp); - const mockFramework: FrameworkAdapter = { - callWithRequest: mockCallWithRequest, - getIndexPatternsService: jest.fn(), - registerGraphQLEndpoint: jest.fn(), - }; - jest.doMock('../framework', () => ({ - callWithRequest: mockCallWithRequest, - })); - - test('getNetworkTopNFlow', async () => { - const EsNetworkTopNFlow = new ElasticsearchNetworkAdapter(mockFramework); - const data: NetworkTopNFlowData = await EsNetworkTopNFlow.getNetworkTopNFlow( - mockRequestIp as FrameworkRequest, - mockOptionsIp - ); - expect(data).toEqual(mockResultIp); - }); - }); -}); diff --git a/x-pack/plugins/security_solution/server/lib/network/elasticsearch_adapter.ts b/x-pack/plugins/security_solution/server/lib/network/elasticsearch_adapter.ts deleted file mode 100644 index d12d225cc8908..0000000000000 --- a/x-pack/plugins/security_solution/server/lib/network/elasticsearch_adapter.ts +++ /dev/null @@ -1,361 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import { get, getOr } from 'lodash/fp'; - -import { - FlowTargetSourceDest, - AutonomousSystemItem, - GeoItem, - NetworkDnsData, - NetworkDnsEdges, - NetworkTopCountriesData, - NetworkTopCountriesEdges, - NetworkTopNFlowData, - NetworkHttpData, - NetworkHttpEdges, - NetworkTopNFlowEdges, -} from '../../graphql/types'; -import { inspectStringifyObject } from '../../utils/build_query'; -import { DatabaseSearchResponse, FrameworkAdapter, FrameworkRequest } from '../framework'; -import { TermAggregation } from '../types'; -import { DEFAULT_MAX_TABLE_QUERY_SIZE } from '../../../common/constants'; - -import { - NetworkDnsRequestOptions, - NetworkTopCountriesRequestOptions, - NetworkHttpRequestOptions, - NetworkTopNFlowRequestOptions, -} from './index'; -import { buildDnsQuery } from './query_dns.dsl'; -import { buildTopNFlowQuery, getOppositeField } from './query_top_n_flow.dsl'; -import { buildHttpQuery } from './query_http.dsl'; -import { buildTopCountriesQuery } from './query_top_countries.dsl'; -import { - NetworkAdapter, - NetworkDnsBuckets, - NetworkTopCountriesBuckets, - NetworkHttpBuckets, - NetworkTopNFlowBuckets, -} from './types'; - -export class ElasticsearchNetworkAdapter implements NetworkAdapter { - constructor(private readonly framework: FrameworkAdapter) {} - - public async getNetworkTopCountries( - request: FrameworkRequest, - options: NetworkTopCountriesRequestOptions - ): Promise { - if (options.pagination && options.pagination.querySize >= DEFAULT_MAX_TABLE_QUERY_SIZE) { - throw new Error(`No query size above ${DEFAULT_MAX_TABLE_QUERY_SIZE}`); - } - const dsl = buildTopCountriesQuery(options); - const response = await this.framework.callWithRequest( - request, - 'search', - dsl - ); - const { activePage, cursorStart, fakePossibleCount, querySize } = options.pagination; - const totalCount = getOr(0, 'aggregations.top_countries_count.value', response); - const networkTopCountriesEdges: NetworkTopCountriesEdges[] = getTopCountriesEdges( - response, - options - ); - const fakeTotalCount = fakePossibleCount <= totalCount ? fakePossibleCount : totalCount; - const edges = networkTopCountriesEdges.splice(cursorStart, querySize - cursorStart); - const inspect = { - dsl: [inspectStringifyObject(dsl)], - response: [inspectStringifyObject(response)], - }; - const showMorePagesIndicator = totalCount > fakeTotalCount; - - return { - edges, - inspect, - pageInfo: { - activePage: activePage ? activePage : 0, - fakeTotalCount, - showMorePagesIndicator, - }, - totalCount, - }; - } - - public async getNetworkTopNFlow( - request: FrameworkRequest, - options: NetworkTopNFlowRequestOptions - ): Promise { - if (options.pagination && options.pagination.querySize >= DEFAULT_MAX_TABLE_QUERY_SIZE) { - throw new Error(`No query size above ${DEFAULT_MAX_TABLE_QUERY_SIZE}`); - } - const dsl = buildTopNFlowQuery(options); - const response = await this.framework.callWithRequest( - request, - 'search', - dsl - ); - const { activePage, cursorStart, fakePossibleCount, querySize } = options.pagination; - const totalCount = getOr(0, 'aggregations.top_n_flow_count.value', response); - const networkTopNFlowEdges: NetworkTopNFlowEdges[] = getTopNFlowEdges(response, options); - const fakeTotalCount = fakePossibleCount <= totalCount ? fakePossibleCount : totalCount; - const edges = networkTopNFlowEdges.splice(cursorStart, querySize - cursorStart); - const inspect = { - dsl: [inspectStringifyObject(dsl)], - response: [inspectStringifyObject(response)], - }; - const showMorePagesIndicator = totalCount > fakeTotalCount; - - return { - edges, - inspect, - pageInfo: { - activePage: activePage ? activePage : 0, - fakeTotalCount, - showMorePagesIndicator, - }, - totalCount, - }; - } - - public async getNetworkDns( - request: FrameworkRequest, - options: NetworkDnsRequestOptions - ): Promise { - if (options.pagination && options.pagination.querySize >= DEFAULT_MAX_TABLE_QUERY_SIZE) { - throw new Error(`No query size above ${DEFAULT_MAX_TABLE_QUERY_SIZE}`); - } - const dsl = buildDnsQuery(options); - const response = await this.framework.callWithRequest( - request, - 'search', - dsl - ); - const { activePage, cursorStart, fakePossibleCount, querySize } = options.pagination; - const totalCount = getOr(0, 'aggregations.dns_count.value', response); - const networkDnsEdges: NetworkDnsEdges[] = formatDnsEdges( - getOr([], 'aggregations.dns_name_query_count.buckets', response) - ); - const fakeTotalCount = fakePossibleCount <= totalCount ? fakePossibleCount : totalCount; - const edges = networkDnsEdges.splice(cursorStart, querySize - cursorStart); - const inspect = { - dsl: [inspectStringifyObject(dsl)], - response: [inspectStringifyObject(response)], - }; - const showMorePagesIndicator = totalCount > fakeTotalCount; - return { - edges, - inspect, - pageInfo: { - activePage: activePage ? activePage : 0, - fakeTotalCount, - showMorePagesIndicator, - }, - totalCount, - }; - } - - public async getNetworkHttp( - request: FrameworkRequest, - options: NetworkHttpRequestOptions - ): Promise { - if (options.pagination && options.pagination.querySize >= DEFAULT_MAX_TABLE_QUERY_SIZE) { - throw new Error(`No query size above ${DEFAULT_MAX_TABLE_QUERY_SIZE}`); - } - const dsl = buildHttpQuery(options); - const response = await this.framework.callWithRequest( - request, - 'search', - dsl - ); - const { activePage, cursorStart, fakePossibleCount, querySize } = options.pagination; - const totalCount = getOr(0, 'aggregations.http_count.value', response); - const networkHttpEdges: NetworkHttpEdges[] = getHttpEdges(response); - const fakeTotalCount = fakePossibleCount <= totalCount ? fakePossibleCount : totalCount; - const edges = networkHttpEdges.splice(cursorStart, querySize - cursorStart); - const inspect = { - dsl: [inspectStringifyObject(dsl)], - response: [inspectStringifyObject(response)], - }; - const showMorePagesIndicator = totalCount > fakeTotalCount; - - return { - edges, - inspect, - pageInfo: { - activePage: activePage ? activePage : 0, - fakeTotalCount, - showMorePagesIndicator, - }, - totalCount, - }; - } -} - -const getTopNFlowEdges = ( - response: DatabaseSearchResponse, - options: NetworkTopNFlowRequestOptions -): NetworkTopNFlowEdges[] => { - return formatTopNFlowEdges( - getOr([], `aggregations.${options.flowTarget}.buckets`, response), - options.flowTarget - ); -}; - -const getTopCountriesEdges = ( - response: DatabaseSearchResponse, - options: NetworkTopCountriesRequestOptions -): NetworkTopCountriesEdges[] => { - return formatTopCountriesEdges( - getOr([], `aggregations.${options.flowTarget}.buckets`, response), - options.flowTarget - ); -}; - -const getHttpEdges = ( - response: DatabaseSearchResponse -): NetworkHttpEdges[] => { - return formatHttpEdges(getOr([], `aggregations.url.buckets`, response)); -}; - -const getFlowTargetFromString = (flowAsString: string) => - flowAsString === 'source' ? FlowTargetSourceDest.source : FlowTargetSourceDest.destination; - -const getGeoItem = (result: NetworkTopNFlowBuckets): GeoItem | null => - result.location.top_geo.hits.hits.length > 0 && result.location.top_geo.hits.hits[0]._source - ? { - geo: getOr( - '', - `location.top_geo.hits.hits[0]._source.${ - Object.keys(result.location.top_geo.hits.hits[0]._source)[0] - }.geo`, - result - ), - flowTarget: getFlowTargetFromString( - Object.keys(result.location.top_geo.hits.hits[0]._source)[0] - ), - } - : null; - -const getAsItem = (result: NetworkTopNFlowBuckets): AutonomousSystemItem | null => - result.autonomous_system.top_as.hits.hits.length > 0 && - result.autonomous_system.top_as.hits.hits[0]._source - ? { - number: getOr( - null, - `autonomous_system.top_as.hits.hits[0]._source.${ - Object.keys(result.autonomous_system.top_as.hits.hits[0]._source)[0] - }.as.number`, - result - ), - name: getOr( - '', - `autonomous_system.top_as.hits.hits[0]._source.${ - Object.keys(result.autonomous_system.top_as.hits.hits[0]._source)[0] - }.as.organization.name`, - result - ), - } - : null; - -const formatTopNFlowEdges = ( - buckets: NetworkTopNFlowBuckets[], - flowTarget: FlowTargetSourceDest -): NetworkTopNFlowEdges[] => - buckets.map((bucket: NetworkTopNFlowBuckets) => ({ - node: { - _id: bucket.key, - [flowTarget]: { - domain: bucket.domain.buckets.map((bucketDomain) => bucketDomain.key), - ip: bucket.key, - location: getGeoItem(bucket), - autonomous_system: getAsItem(bucket), - flows: getOr(0, 'flows.value', bucket), - [`${getOppositeField(flowTarget)}_ips`]: getOr( - 0, - `${getOppositeField(flowTarget)}_ips.value`, - bucket - ), - }, - network: { - bytes_in: getOr(0, 'bytes_in.value', bucket), - bytes_out: getOr(0, 'bytes_out.value', bucket), - }, - }, - cursor: { - value: bucket.key, - tiebreaker: null, - }, - })); - -const formatTopCountriesEdges = ( - buckets: NetworkTopCountriesBuckets[], - flowTarget: FlowTargetSourceDest -): NetworkTopCountriesEdges[] => - buckets.map((bucket: NetworkTopCountriesBuckets) => ({ - node: { - _id: bucket.key, - [flowTarget]: { - country: bucket.key, - flows: getOr(0, 'flows.value', bucket), - [`${getOppositeField(flowTarget)}_ips`]: getOr( - 0, - `${getOppositeField(flowTarget)}_ips.value`, - bucket - ), - [`${flowTarget}_ips`]: getOr(0, `${flowTarget}_ips.value`, bucket), - }, - network: { - bytes_in: getOr(0, 'bytes_in.value', bucket), - bytes_out: getOr(0, 'bytes_out.value', bucket), - }, - }, - cursor: { - value: bucket.key, - tiebreaker: null, - }, - })); - -const formatDnsEdges = (buckets: NetworkDnsBuckets[]): NetworkDnsEdges[] => - buckets.map((bucket: NetworkDnsBuckets) => ({ - node: { - _id: bucket.key, - dnsBytesIn: getOrNumber('dns_bytes_in.value', bucket), - dnsBytesOut: getOrNumber('dns_bytes_out.value', bucket), - dnsName: bucket.key, - queryCount: bucket.doc_count, - uniqueDomains: getOrNumber('unique_domains.value', bucket), - }, - cursor: { - value: bucket.key, - tiebreaker: null, - }, - })); - -const formatHttpEdges = (buckets: NetworkHttpBuckets[]): NetworkHttpEdges[] => - buckets.map((bucket: NetworkHttpBuckets) => ({ - node: { - _id: bucket.key, - domains: bucket.domains.buckets.map(({ key }) => key), - methods: bucket.methods.buckets.map(({ key }) => key), - statuses: bucket.status.buckets.map(({ key }) => `${key}`), - lastHost: get('source.hits.hits[0]._source.host.name', bucket), - lastSourceIp: get('source.hits.hits[0]._source.source.ip', bucket), - path: bucket.key, - requestCount: bucket.doc_count, - }, - cursor: { - value: bucket.key, - tiebreaker: null, - }, - })); - -const getOrNumber = (path: string, bucket: NetworkTopNFlowBuckets | NetworkDnsBuckets) => { - const numb = get(path, bucket); - if (numb == null) { - return null; - } - return numb; -}; diff --git a/x-pack/plugins/security_solution/server/lib/network/index.ts b/x-pack/plugins/security_solution/server/lib/network/index.ts deleted file mode 100644 index 42ce9f0726ddb..0000000000000 --- a/x-pack/plugins/security_solution/server/lib/network/index.ts +++ /dev/null @@ -1,77 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import { - FlowTargetSourceDest, - Maybe, - NetworkDnsData, - NetworkDnsSortField, - NetworkHttpData, - NetworkHttpSortField, - NetworkTopCountriesData, - NetworkTopNFlowData, - NetworkTopTablesSortField, -} from '../../graphql/types'; -import { FrameworkRequest, RequestOptionsPaginated } from '../framework'; -export * from './elasticsearch_adapter'; -import { NetworkAdapter } from './types'; - -export * from './types'; - -export interface NetworkTopNFlowRequestOptions extends RequestOptionsPaginated { - networkTopNFlowSort: NetworkTopTablesSortField; - flowTarget: FlowTargetSourceDest; - ip?: Maybe; -} - -export interface NetworkTopCountriesRequestOptions extends RequestOptionsPaginated { - networkTopCountriesSort: NetworkTopTablesSortField; - flowTarget: FlowTargetSourceDest; - ip?: Maybe; -} - -export interface NetworkHttpRequestOptions extends RequestOptionsPaginated { - networkHttpSort: NetworkHttpSortField; - ip?: Maybe; -} - -export interface NetworkDnsRequestOptions extends RequestOptionsPaginated { - isPtrIncluded: boolean; - networkDnsSortField: NetworkDnsSortField; - stackByField?: Maybe; -} - -export class Network { - constructor(private readonly adapter: NetworkAdapter) {} - - public async getNetworkTopCountries( - req: FrameworkRequest, - options: NetworkTopCountriesRequestOptions - ): Promise { - return this.adapter.getNetworkTopCountries(req, options); - } - - public async getNetworkTopNFlow( - req: FrameworkRequest, - options: NetworkTopNFlowRequestOptions - ): Promise { - return this.adapter.getNetworkTopNFlow(req, options); - } - - public async getNetworkDns( - req: FrameworkRequest, - options: NetworkDnsRequestOptions - ): Promise { - return this.adapter.getNetworkDns(req, options); - } - - public async getNetworkHttp( - req: FrameworkRequest, - options: NetworkHttpRequestOptions - ): Promise { - return this.adapter.getNetworkHttp(req, options); - } -} diff --git a/x-pack/plugins/security_solution/server/lib/network/mock.ts b/x-pack/plugins/security_solution/server/lib/network/mock.ts deleted file mode 100644 index b421f7af56603..0000000000000 --- a/x-pack/plugins/security_solution/server/lib/network/mock.ts +++ /dev/null @@ -1,1675 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import { DEFAULT_INDEX_PATTERN } from '../../../common/constants'; -import { Direction, FlowTargetSourceDest, NetworkTopTablesFields } from '../../graphql/types'; - -import { NetworkTopNFlowRequestOptions } from '.'; - -export const mockOptions: NetworkTopNFlowRequestOptions = { - defaultIndex: DEFAULT_INDEX_PATTERN, - sourceConfiguration: { - fields: { - container: 'docker.container.name', - host: 'beat.hostname', - message: ['message', '@message'], - pod: 'kubernetes.pod.name', - tiebreaker: '_doc', - timestamp: '@timestamp', - }, - }, - timerange: { interval: '12h', to: '2019-02-11T02:26:46.071Z', from: '2019-02-11T02:26:46.071Z' }, - pagination: { - activePage: 0, - cursorStart: 0, - fakePossibleCount: 50, - querySize: 10, - }, - filterQuery: {}, - fields: [ - 'totalCount', - 'source.ip', - 'source.domain', - 'source.__typename', - 'destination.ip', - 'destination.domain', - 'destination.__typename', - 'event.duration', - 'event.__typename', - 'network.bytes_in', - 'network.bytes_out', - 'network.__typename', - '__typename', - 'edges.cursor.value', - 'edges.cursor.__typename', - 'edges.__typename', - 'pageInfo.activePage', - 'pageInfo.__typename', - 'pageInfo.fakeTotalCount', - 'pageInfo.__typename', - 'pageInfo.showMorePagesIndicator', - 'pageInfo.__typename', - '__typename', - ], - networkTopNFlowSort: { field: NetworkTopTablesFields.bytes_out, direction: Direction.desc }, - flowTarget: FlowTargetSourceDest.source, -}; - -export const mockRequest = { - body: { - operationName: 'GetNetworkTopNFlowQuery', - variables: { - filterQuery: '', - flowTarget: FlowTargetSourceDest.source, - pagination: { - activePage: 0, - cursorStart: 0, - fakePossibleCount: 50, - querySize: 10, - }, - sourceId: 'default', - timerange: { interval: '12h', from: 1549765830772, to: 1549852230772 }, - }, - query: ` - query GetNetworkTopNFlowQuery( - $sourceId: ID! - $ip: String - $filterQuery: String - $pagination: PaginationInputPaginated! - $sort: NetworkTopTablesSortField! - $flowTarget: FlowTargetSourceDest! - $timerange: TimerangeInput! - $defaultIndex: [String!]! - $inspect: Boolean! - ) { - source(id: $sourceId) { - id - NetworkTopNFlow( - filterQuery: $filterQuery - flowTarget: $flowTarget - ip: $ip - pagination: $pagination - sort: $sort - timerange: $timerange - defaultIndex: $defaultIndex - ) { - totalCount - edges { - node { - source { - autonomous_system { - name - number - } - domain - ip - location { - geo { - continent_name - country_name - country_iso_code - city_name - region_iso_code - region_name - } - flowTarget - } - flows - destination_ips - } - destination { - autonomous_system { - name - number - } - domain - ip - location { - geo { - continent_name - country_name - country_iso_code - city_name - region_iso_code - region_name - } - flowTarget - } - flows - source_ips - } - network { - bytes_in - bytes_out - } - } - cursor { - value - } - } - pageInfo { - activePage - fakeTotalCount - showMorePagesIndicator - } - inspect @include(if: $inspect) { - dsl - response - } - } - } - } -`, - }, -}; - -export const mockResponse = { - took: 122, - timed_out: false, - _shards: { - total: 11, - successful: 11, - skipped: 0, - failed: 0, - }, - hits: { - max_score: null, - hits: [], - }, - aggregations: { - top_n_flow_count: { - value: 545, - }, - [FlowTargetSourceDest.source]: { - buckets: [ - { - key: '1.1.1.1', - flows: { value: 1234567 }, - destination_ips: { value: 345345 }, - bytes_in: { - value: 11276023407, - }, - bytes_out: { - value: 1025631, - }, - location: { - doc_count: 14, - top_geo: { - hits: { - total: { - value: 14, - relation: 'eq', - }, - max_score: 1, - hits: [ - { - _index: 'filebeat-8.0.0-2019.06.19-000005', - _type: '_doc', - _id: 'dd4fa2d4bd-692279846149410', - _score: 1, - _source: { - source: { - geo: { - continent_name: 'North America', - region_iso_code: 'US-PA', - city_name: 'Philadelphia', - country_iso_code: 'US', - region_name: 'Pennsylvania', - location: { - lon: -75.1534, - lat: 39.9359, - }, - }, - }, - }, - }, - ], - }, - }, - }, - autonomous_system: { - doc_count: 14, - top_as: { - hits: { - total: { - value: 14, - relation: 'eq', - }, - max_score: 1, - hits: [ - { - _index: 'filebeat-8.0.0-2019.06.19-000005', - _type: '_doc', - _id: 'dd4fa2d4bd-692279846149410', - _score: 1, - _source: { - source: { - as: { - number: 3356, - organization: { - name: 'Level 3 Parent, LLC', - }, - }, - }, - }, - }, - ], - }, - }, - }, - domain: { - buckets: [ - { - key: 'test.1.net', - }, - ], - }, - }, - { - key: '2.2.2.2', - flows: { value: 1234567 }, - destination_ips: { value: 345345 }, - bytes_in: { - value: 5469323342, - }, - bytes_out: { - value: 2811441, - }, - location: { - doc_count: 14, - top_geo: { - hits: { - total: { - value: 14, - relation: 'eq', - }, - max_score: 1, - hits: [ - { - _index: 'filebeat-8.0.0-2019.06.19-000005', - _type: '_doc', - _id: 'dd4fa2d4bd-692279846149410', - _score: 1, - _source: { - source: { - geo: { - continent_name: 'North America', - region_iso_code: 'US-PA', - city_name: 'Philadelphia', - country_iso_code: 'US', - region_name: 'Pennsylvania', - location: { - lon: -75.1534, - lat: 39.9359, - }, - }, - }, - }, - }, - ], - }, - }, - }, - autonomous_system: { - doc_count: 14, - top_as: { - hits: { - total: { - value: 14, - relation: 'eq', - }, - max_score: 1, - hits: [ - { - _index: 'filebeat-8.0.0-2019.06.19-000005', - _type: '_doc', - _id: 'dd4fa2d4bd-692279846149410', - _score: 1, - _source: { - source: { - as: { - number: 3356, - organization: { - name: 'Level 3 Parent, LLC', - }, - }, - }, - }, - }, - ], - }, - }, - }, - domain: { - buckets: [ - { - key: 'test.2.net', - }, - ], - }, - }, - { - key: '3.3.3.3', - flows: { value: 1234567 }, - destination_ips: { value: 345345 }, - bytes_in: { - value: 3807671322, - }, - bytes_out: { - value: 4494034, - }, - location: { - doc_count: 14, - top_geo: { - hits: { - total: { - value: 14, - relation: 'eq', - }, - max_score: 1, - hits: [ - { - _index: 'filebeat-8.0.0-2019.06.19-000005', - _type: '_doc', - _id: 'dd4fa2d4bd-692279846149410', - _score: 1, - _source: { - source: { - geo: { - continent_name: 'North America', - region_iso_code: 'US-PA', - city_name: 'Philadelphia', - country_iso_code: 'US', - region_name: 'Pennsylvania', - location: { - lon: -75.1534, - lat: 39.9359, - }, - }, - }, - }, - }, - ], - }, - }, - }, - autonomous_system: { - doc_count: 14, - top_as: { - hits: { - total: { - value: 14, - relation: 'eq', - }, - max_score: 1, - hits: [ - { - _index: 'filebeat-8.0.0-2019.06.19-000005', - _type: '_doc', - _id: 'dd4fa2d4bd-692279846149410', - _score: 1, - _source: { - source: { - as: { - number: 3356, - organization: { - name: 'Level 3 Parent, LLC', - }, - }, - }, - }, - }, - ], - }, - }, - }, - domain: { - buckets: [ - { - key: 'test.3.com', - }, - { - key: 'test.3-duplicate.com', - }, - ], - }, - }, - { - key: '4.4.4.4', - flows: { value: 1234567 }, - destination_ips: { value: 345345 }, - bytes_in: { - value: 166517626, - }, - bytes_out: { - value: 3194782, - }, - location: { - doc_count: 14, - top_geo: { - hits: { - total: { - value: 14, - relation: 'eq', - }, - max_score: 1, - hits: [ - { - _index: 'filebeat-8.0.0-2019.06.19-000005', - _type: '_doc', - _id: 'dd4fa2d4bd-692279846149410', - _score: 1, - _source: { - source: { - geo: { - continent_name: 'North America', - region_iso_code: 'US-PA', - city_name: 'Philadelphia', - country_iso_code: 'US', - region_name: 'Pennsylvania', - location: { - lon: -75.1534, - lat: 39.9359, - }, - }, - }, - }, - }, - ], - }, - }, - }, - autonomous_system: { - doc_count: 14, - top_as: { - hits: { - total: { - value: 14, - relation: 'eq', - }, - max_score: 1, - hits: [ - { - _index: 'filebeat-8.0.0-2019.06.19-000005', - _type: '_doc', - _id: 'dd4fa2d4bd-692279846149410', - _score: 1, - _source: { - source: { - as: { - number: 3356, - organization: { - name: 'Level 3 Parent, LLC', - }, - }, - }, - }, - }, - ], - }, - }, - }, - domain: { - buckets: [ - { - key: 'test.4.com', - }, - ], - }, - }, - { - key: '5.5.5.5', - flows: { value: 1234567 }, - destination_ips: { value: 345345 }, - bytes_in: { - value: 104785026, - }, - bytes_out: { - value: 1838597, - }, - location: { - doc_count: 14, - top_geo: { - hits: { - total: { - value: 14, - relation: 'eq', - }, - max_score: 1, - hits: [ - { - _index: 'filebeat-8.0.0-2019.06.19-000005', - _type: '_doc', - _id: 'dd4fa2d4bd-692279846149410', - _score: 1, - _source: { - source: { - geo: { - continent_name: 'North America', - region_iso_code: 'US-PA', - city_name: 'Philadelphia', - country_iso_code: 'US', - region_name: 'Pennsylvania', - location: { - lon: -75.1534, - lat: 39.9359, - }, - }, - }, - }, - }, - ], - }, - }, - }, - autonomous_system: { - doc_count: 14, - top_as: { - hits: { - total: { - value: 14, - relation: 'eq', - }, - max_score: 1, - hits: [ - { - _index: 'filebeat-8.0.0-2019.06.19-000005', - _type: '_doc', - _id: 'dd4fa2d4bd-692279846149410', - _score: 1, - _source: { - source: { - as: { - number: 3356, - organization: { - name: 'Level 3 Parent, LLC', - }, - }, - }, - }, - }, - ], - }, - }, - }, - domain: { - buckets: [ - { - key: 'test.5.com', - }, - ], - }, - }, - { - key: '6.6.6.6', - flows: { value: 1234567 }, - destination_ips: { value: 345345 }, - bytes_in: { - value: 28804250, - }, - bytes_out: { - value: 482982, - }, - location: { - doc_count: 14, - top_geo: { - hits: { - total: { - value: 14, - relation: 'eq', - }, - max_score: 1, - hits: [ - { - _index: 'filebeat-8.0.0-2019.06.19-000005', - _type: '_doc', - _id: 'dd4fa2d4bd-692279846149410', - _score: 1, - _source: { - source: { - geo: { - continent_name: 'North America', - region_iso_code: 'US-PA', - city_name: 'Philadelphia', - country_iso_code: 'US', - region_name: 'Pennsylvania', - location: { - lon: -75.1534, - lat: 39.9359, - }, - }, - }, - }, - }, - ], - }, - }, - }, - autonomous_system: { - doc_count: 14, - top_as: { - hits: { - total: { - value: 14, - relation: 'eq', - }, - max_score: 1, - hits: [ - { - _index: 'filebeat-8.0.0-2019.06.19-000005', - _type: '_doc', - _id: 'dd4fa2d4bd-692279846149410', - _score: 1, - _source: { - source: { - as: { - number: 3356, - organization: { - name: 'Level 3 Parent, LLC', - }, - }, - }, - }, - }, - ], - }, - }, - }, - domain: { - doc_count_error_upper_bound: 0, - sum_other_doc_count: 31, - buckets: [ - { - key: 'test.6.com', - }, - ], - }, - }, - { - key: '7.7.7.7', - flows: { value: 1234567 }, - destination_ips: { value: 345345 }, - bytes_in: { - value: 23032363, - }, - bytes_out: { - value: 400623, - }, - location: { - doc_count: 14, - top_geo: { - hits: { - total: { - value: 14, - relation: 'eq', - }, - max_score: 1, - hits: [ - { - _index: 'filebeat-8.0.0-2019.06.19-000005', - _type: '_doc', - _id: 'dd4fa2d4bd-692279846149410', - _score: 1, - _source: { - source: { - geo: { - continent_name: 'North America', - region_iso_code: 'US-PA', - city_name: 'Philadelphia', - country_iso_code: 'US', - region_name: 'Pennsylvania', - location: { - lon: -75.1534, - lat: 39.9359, - }, - }, - }, - }, - }, - ], - }, - }, - }, - autonomous_system: { - doc_count: 14, - top_as: { - hits: { - total: { - value: 14, - relation: 'eq', - }, - max_score: 1, - hits: [ - { - _index: 'filebeat-8.0.0-2019.06.19-000005', - _type: '_doc', - _id: 'dd4fa2d4bd-692279846149410', - _score: 1, - _source: { - source: { - as: { - number: 3356, - organization: { - name: 'Level 3 Parent, LLC', - }, - }, - }, - }, - }, - ], - }, - }, - }, - domain: { - doc_count_error_upper_bound: 0, - sum_other_doc_count: 0, - buckets: [ - { - key: 'test.7.com', - }, - ], - }, - }, - { - key: '8.8.8.8', - flows: { value: 1234567 }, - destination_ips: { value: 345345 }, - bytes_in: { - value: 21424889, - }, - bytes_out: { - value: 344357, - }, - location: { - doc_count: 14, - top_geo: { - hits: { - total: { - value: 14, - relation: 'eq', - }, - max_score: 1, - hits: [ - { - _index: 'filebeat-8.0.0-2019.06.19-000005', - _type: '_doc', - _id: 'dd4fa2d4bd-692279846149410', - _score: 1, - _source: { - source: { - geo: { - continent_name: 'North America', - region_iso_code: 'US-PA', - city_name: 'Philadelphia', - country_iso_code: 'US', - region_name: 'Pennsylvania', - location: { - lon: -75.1534, - lat: 39.9359, - }, - }, - }, - }, - }, - ], - }, - }, - }, - autonomous_system: { - doc_count: 14, - top_as: { - hits: { - total: { - value: 14, - relation: 'eq', - }, - max_score: 1, - hits: [ - { - _index: 'filebeat-8.0.0-2019.06.19-000005', - _type: '_doc', - _id: 'dd4fa2d4bd-692279846149410', - _score: 1, - _source: { - source: { - as: { - number: 3356, - organization: { - name: 'Level 3 Parent, LLC', - }, - }, - }, - }, - }, - ], - }, - }, - }, - domain: { - buckets: [ - { - key: 'test.8.com', - }, - ], - }, - }, - { - key: '9.9.9.9', - flows: { value: 1234567 }, - destination_ips: { value: 345345 }, - bytes_in: { - value: 19205000, - }, - bytes_out: { - value: 355663, - }, - location: { - doc_count: 14, - top_geo: { - hits: { - total: { - value: 14, - relation: 'eq', - }, - max_score: 1, - hits: [ - { - _index: 'filebeat-8.0.0-2019.06.19-000005', - _type: '_doc', - _id: 'dd4fa2d4bd-692279846149410', - _score: 1, - _source: { - source: { - geo: { - continent_name: 'North America', - region_iso_code: 'US-PA', - city_name: 'Philadelphia', - country_iso_code: 'US', - region_name: 'Pennsylvania', - location: { - lon: -75.1534, - lat: 39.9359, - }, - }, - }, - }, - }, - ], - }, - }, - }, - autonomous_system: { - doc_count: 14, - top_as: { - hits: { - total: { - value: 14, - relation: 'eq', - }, - max_score: 1, - hits: [ - { - _index: 'filebeat-8.0.0-2019.06.19-000005', - _type: '_doc', - _id: 'dd4fa2d4bd-692279846149410', - _score: 1, - _source: { - source: { - as: { - number: 3356, - organization: { - name: 'Level 3 Parent, LLC', - }, - }, - }, - }, - }, - ], - }, - }, - }, - domain: { - buckets: [ - { - key: 'test.9.com', - }, - ], - }, - }, - { - key: '10.10.10.10', - flows: { value: 1234567 }, - destination_ips: { value: 345345 }, - bytes_in: { - value: 11407633, - }, - bytes_out: { - value: 199360, - }, - location: { - doc_count: 14, - top_geo: { - hits: { - total: { - value: 14, - relation: 'eq', - }, - max_score: 1, - hits: [ - { - _index: 'filebeat-8.0.0-2019.06.19-000005', - _type: '_doc', - _id: 'dd4fa2d4bd-692279846149410', - _score: 1, - _source: { - source: { - geo: { - continent_name: 'North America', - region_iso_code: 'US-PA', - city_name: 'Philadelphia', - country_iso_code: 'US', - region_name: 'Pennsylvania', - location: { - lon: -75.1534, - lat: 39.9359, - }, - }, - }, - }, - }, - ], - }, - }, - }, - autonomous_system: { - doc_count: 14, - top_as: { - hits: { - total: { - value: 14, - relation: 'eq', - }, - max_score: 1, - hits: [ - { - _index: 'filebeat-8.0.0-2019.06.19-000005', - _type: '_doc', - _id: 'dd4fa2d4bd-692279846149410', - _score: 1, - _source: { - source: { - as: { - number: 3356, - organization: { - name: 'Level 3 Parent, LLC', - }, - }, - }, - }, - }, - ], - }, - }, - }, - domain: { - buckets: [ - { - key: 'test.10.com', - }, - ], - }, - }, - { - key: '11.11.11.11', - flows: { value: 1234567 }, - destination_ips: { value: 345345 }, - bytes_in: { - value: 11393327, - }, - bytes_out: { - value: 195914, - }, - location: { - doc_count: 14, - top_geo: { - hits: { - total: { - value: 14, - relation: 'eq', - }, - max_score: 1, - hits: [ - { - _index: 'filebeat-8.0.0-2019.06.19-000005', - _type: '_doc', - _id: 'dd4fa2d4bd-692279846149410', - _score: 1, - _source: { - source: { - geo: { - continent_name: 'North America', - region_iso_code: 'US-PA', - city_name: 'Philadelphia', - country_iso_code: 'US', - region_name: 'Pennsylvania', - location: { - lon: -75.1534, - lat: 39.9359, - }, - }, - }, - }, - }, - ], - }, - }, - }, - autonomous_system: { - doc_count: 14, - top_as: { - hits: { - total: { - value: 14, - relation: 'eq', - }, - max_score: 1, - hits: [ - { - _index: 'filebeat-8.0.0-2019.06.19-000005', - _type: '_doc', - _id: 'dd4fa2d4bd-692279846149410', - _score: 1, - _source: { - source: { - as: { - number: 3356, - organization: { - name: 'Level 3 Parent, LLC', - }, - }, - }, - }, - }, - ], - }, - }, - }, - domain: { - buckets: [ - { - key: 'test.11.com', - }, - ], - }, - }, - ], - }, - }, -}; - -export const mockTopNFlowQueryDsl = { - mockTopNFlowQueryDsl: 'mockTopNFlowQueryDsl', -}; - -export const mockResult = { - inspect: { - dsl: [JSON.stringify(mockTopNFlowQueryDsl, null, 2)], - response: [JSON.stringify(mockResponse, null, 2)], - }, - edges: [ - { - cursor: { - tiebreaker: null, - value: '1.1.1.1', - }, - node: { - _id: '1.1.1.1', - network: { - bytes_in: 11276023407, - bytes_out: 1025631, - }, - source: { - domain: ['test.1.net'], - ip: '1.1.1.1', - autonomous_system: { - name: 'Level 3 Parent, LLC', - number: 3356, - }, - location: { - flowTarget: 'source', - geo: { - city_name: 'Philadelphia', - continent_name: 'North America', - country_iso_code: 'US', - location: { - lat: 39.9359, - lon: -75.1534, - }, - region_iso_code: 'US-PA', - region_name: 'Pennsylvania', - }, - }, - flows: 1234567, - destination_ips: 345345, - }, - }, - }, - { - cursor: { - tiebreaker: null, - value: '2.2.2.2', - }, - node: { - _id: '2.2.2.2', - network: { - bytes_in: 5469323342, - bytes_out: 2811441, - }, - source: { - domain: ['test.2.net'], - ip: '2.2.2.2', - location: { - flowTarget: 'source', - geo: { - city_name: 'Philadelphia', - continent_name: 'North America', - country_iso_code: 'US', - location: { - lat: 39.9359, - lon: -75.1534, - }, - region_iso_code: 'US-PA', - region_name: 'Pennsylvania', - }, - }, - autonomous_system: { - name: 'Level 3 Parent, LLC', - number: 3356, - }, - flows: 1234567, - destination_ips: 345345, - }, - }, - }, - { - cursor: { - tiebreaker: null, - value: '3.3.3.3', - }, - node: { - _id: '3.3.3.3', - network: { - bytes_in: 3807671322, - bytes_out: 4494034, - }, - source: { - domain: ['test.3.com', 'test.3-duplicate.com'], - ip: '3.3.3.3', - location: { - flowTarget: 'source', - geo: { - city_name: 'Philadelphia', - continent_name: 'North America', - country_iso_code: 'US', - location: { - lat: 39.9359, - lon: -75.1534, - }, - region_iso_code: 'US-PA', - region_name: 'Pennsylvania', - }, - }, - autonomous_system: { - name: 'Level 3 Parent, LLC', - number: 3356, - }, - flows: 1234567, - destination_ips: 345345, - }, - }, - }, - { - cursor: { - tiebreaker: null, - value: '4.4.4.4', - }, - node: { - _id: '4.4.4.4', - network: { - bytes_in: 166517626, - bytes_out: 3194782, - }, - source: { - domain: ['test.4.com'], - ip: '4.4.4.4', - location: { - flowTarget: 'source', - geo: { - city_name: 'Philadelphia', - continent_name: 'North America', - country_iso_code: 'US', - location: { - lat: 39.9359, - lon: -75.1534, - }, - region_iso_code: 'US-PA', - region_name: 'Pennsylvania', - }, - }, - autonomous_system: { - name: 'Level 3 Parent, LLC', - number: 3356, - }, - flows: 1234567, - destination_ips: 345345, - }, - }, - }, - { - cursor: { - tiebreaker: null, - value: '5.5.5.5', - }, - node: { - _id: '5.5.5.5', - network: { - bytes_in: 104785026, - bytes_out: 1838597, - }, - source: { - domain: ['test.5.com'], - ip: '5.5.5.5', - location: { - flowTarget: 'source', - geo: { - city_name: 'Philadelphia', - continent_name: 'North America', - country_iso_code: 'US', - location: { - lat: 39.9359, - lon: -75.1534, - }, - region_iso_code: 'US-PA', - region_name: 'Pennsylvania', - }, - }, - autonomous_system: { - name: 'Level 3 Parent, LLC', - number: 3356, - }, - flows: 1234567, - destination_ips: 345345, - }, - }, - }, - { - cursor: { - tiebreaker: null, - value: '6.6.6.6', - }, - node: { - _id: '6.6.6.6', - network: { - bytes_in: 28804250, - bytes_out: 482982, - }, - source: { - domain: ['test.6.com'], - ip: '6.6.6.6', - location: { - flowTarget: 'source', - geo: { - city_name: 'Philadelphia', - continent_name: 'North America', - country_iso_code: 'US', - location: { - lat: 39.9359, - lon: -75.1534, - }, - region_iso_code: 'US-PA', - region_name: 'Pennsylvania', - }, - }, - autonomous_system: { - name: 'Level 3 Parent, LLC', - number: 3356, - }, - flows: 1234567, - destination_ips: 345345, - }, - }, - }, - { - cursor: { - tiebreaker: null, - value: '7.7.7.7', - }, - node: { - _id: '7.7.7.7', - network: { - bytes_in: 23032363, - bytes_out: 400623, - }, - source: { - domain: ['test.7.com'], - ip: '7.7.7.7', - location: { - flowTarget: 'source', - geo: { - city_name: 'Philadelphia', - continent_name: 'North America', - country_iso_code: 'US', - location: { - lat: 39.9359, - lon: -75.1534, - }, - region_iso_code: 'US-PA', - region_name: 'Pennsylvania', - }, - }, - autonomous_system: { - name: 'Level 3 Parent, LLC', - number: 3356, - }, - flows: 1234567, - destination_ips: 345345, - }, - }, - }, - { - cursor: { - tiebreaker: null, - value: '8.8.8.8', - }, - node: { - _id: '8.8.8.8', - network: { - bytes_in: 21424889, - bytes_out: 344357, - }, - source: { - domain: ['test.8.com'], - ip: '8.8.8.8', - location: { - flowTarget: 'source', - geo: { - city_name: 'Philadelphia', - continent_name: 'North America', - country_iso_code: 'US', - location: { - lat: 39.9359, - lon: -75.1534, - }, - region_iso_code: 'US-PA', - region_name: 'Pennsylvania', - }, - }, - autonomous_system: { - name: 'Level 3 Parent, LLC', - number: 3356, - }, - flows: 1234567, - destination_ips: 345345, - }, - }, - }, - { - cursor: { - tiebreaker: null, - value: '9.9.9.9', - }, - node: { - _id: '9.9.9.9', - network: { - bytes_in: 19205000, - bytes_out: 355663, - }, - source: { - domain: ['test.9.com'], - ip: '9.9.9.9', - location: { - flowTarget: 'source', - geo: { - city_name: 'Philadelphia', - continent_name: 'North America', - country_iso_code: 'US', - location: { - lat: 39.9359, - lon: -75.1534, - }, - region_iso_code: 'US-PA', - region_name: 'Pennsylvania', - }, - }, - autonomous_system: { - name: 'Level 3 Parent, LLC', - number: 3356, - }, - flows: 1234567, - destination_ips: 345345, - }, - }, - }, - { - cursor: { - tiebreaker: null, - value: '10.10.10.10', - }, - node: { - _id: '10.10.10.10', - network: { - bytes_in: 11407633, - bytes_out: 199360, - }, - source: { - domain: ['test.10.com'], - ip: '10.10.10.10', - location: { - flowTarget: 'source', - geo: { - city_name: 'Philadelphia', - continent_name: 'North America', - country_iso_code: 'US', - location: { - lat: 39.9359, - lon: -75.1534, - }, - region_iso_code: 'US-PA', - region_name: 'Pennsylvania', - }, - }, - autonomous_system: { - name: 'Level 3 Parent, LLC', - number: 3356, - }, - flows: 1234567, - destination_ips: 345345, - }, - }, - }, - ], - pageInfo: { - activePage: 0, - fakeTotalCount: 50, - showMorePagesIndicator: true, - }, - totalCount: 545, -}; - -export const mockOptionsIp: NetworkTopNFlowRequestOptions = { - ...mockOptions, - ip: '1.1.1.1', -}; - -export const mockRequestIp = { - ...mockRequest, - body: { - ...mockRequest.body, - variables: { - ...mockRequest.body.variables, - ip: '1.1.1.1', - }, - }, -}; - -export const mockResponseIp = { - took: 122, - timed_out: false, - _shards: { - total: 1, - successful: 1, - skipped: 0, - failed: 0, - }, - hits: { - max_score: null, - hits: [], - }, - aggregations: { - top_n_flow_count: { - value: 1, - }, - [FlowTargetSourceDest.source]: { - buckets: [ - { - key: '1.1.1.1', - flows: { value: 1234567 }, - destination_ips: { value: 345345 }, - bytes_in: { - value: 11276023407, - }, - bytes_out: { - value: 1025631, - }, - location: { - doc_count: 14, - top_geo: { - hits: { - total: { - value: 14, - relation: 'eq', - }, - max_score: 1, - hits: [ - { - _index: 'filebeat-8.0.0-2019.06.19-000005', - _type: '_doc', - _id: 'dd4fa2d4bd-692279846149410', - _score: 1, - _source: { - source: { - geo: { - continent_name: 'North America', - region_iso_code: 'US-PA', - city_name: 'Philadelphia', - country_iso_code: 'US', - region_name: 'Pennsylvania', - location: { - lon: -75.1534, - lat: 39.9359, - }, - }, - }, - }, - }, - ], - }, - }, - }, - autonomous_system: { - doc_count: 14, - top_as: { - hits: { - total: { - value: 14, - relation: 'eq', - }, - max_score: 1, - hits: [ - { - _index: 'filebeat-8.0.0-2019.06.19-000005', - _type: '_doc', - _id: 'dd4fa2d4bd-692279846149410', - _score: 1, - _source: { - source: { - as: { - number: 3356, - organization: { - name: 'Level 3 Parent, LLC', - }, - }, - }, - }, - }, - ], - }, - }, - }, - domain: { - buckets: [ - { - key: 'test.1.net', - }, - ], - }, - }, - ], - }, - }, -}; - -export const mockResultIp = { - inspect: { - dsl: [JSON.stringify(mockTopNFlowQueryDsl, null, 2)], - response: [JSON.stringify(mockResponseIp, null, 2)], - }, - edges: [ - { - cursor: { - tiebreaker: null, - value: '1.1.1.1', - }, - node: { - _id: '1.1.1.1', - network: { - bytes_in: 11276023407, - bytes_out: 1025631, - }, - source: { - domain: ['test.1.net'], - ip: '1.1.1.1', - autonomous_system: { - name: 'Level 3 Parent, LLC', - number: 3356, - }, - location: { - flowTarget: 'source', - geo: { - city_name: 'Philadelphia', - continent_name: 'North America', - country_iso_code: 'US', - location: { - lat: 39.9359, - lon: -75.1534, - }, - region_iso_code: 'US-PA', - region_name: 'Pennsylvania', - }, - }, - flows: 1234567, - destination_ips: 345345, - }, - }, - }, - ], - pageInfo: { - activePage: 0, - fakeTotalCount: 1, - showMorePagesIndicator: false, - }, - totalCount: 1, -}; diff --git a/x-pack/plugins/security_solution/server/lib/network/query_dns.dsl.ts b/x-pack/plugins/security_solution/server/lib/network/query_dns.dsl.ts deleted file mode 100644 index 90781e7b48b4a..0000000000000 --- a/x-pack/plugins/security_solution/server/lib/network/query_dns.dsl.ts +++ /dev/null @@ -1,134 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import { isEmpty } from 'lodash/fp'; - -import { assertUnreachable } from '../../../common/utility_types'; -import { Direction, NetworkDnsFields, NetworkDnsSortField } from '../../graphql/types'; -import { createQueryFilterClauses } from '../../utils/build_query'; - -import { NetworkDnsRequestOptions } from './index'; - -type QueryOrder = - | { _count: Direction } - | { _key: Direction } - | { unique_domains: Direction } - | { dns_bytes_in: Direction } - | { dns_bytes_out: Direction }; - -const getQueryOrder = (networkDnsSortField: NetworkDnsSortField): QueryOrder => { - switch (networkDnsSortField.field) { - case NetworkDnsFields.queryCount: - return { _count: networkDnsSortField.direction }; - case NetworkDnsFields.dnsName: - return { _key: networkDnsSortField.direction }; - case NetworkDnsFields.uniqueDomains: - return { unique_domains: networkDnsSortField.direction }; - case NetworkDnsFields.dnsBytesIn: - return { dns_bytes_in: networkDnsSortField.direction }; - case NetworkDnsFields.dnsBytesOut: - return { dns_bytes_out: networkDnsSortField.direction }; - } - assertUnreachable(networkDnsSortField.field); -}; - -const getCountAgg = () => ({ - dns_count: { - cardinality: { - field: 'dns.question.registered_domain', - }, - }, -}); - -const createIncludePTRFilter = (isPtrIncluded: boolean) => - isPtrIncluded - ? {} - : { - must_not: [ - { - term: { - 'dns.question.type': { - value: 'PTR', - }, - }, - }, - ], - }; - -export const buildDnsQuery = ({ - defaultIndex, - docValueFields, - filterQuery, - isPtrIncluded, - networkDnsSortField, - pagination: { querySize }, - sourceConfiguration: { - fields: { timestamp }, - }, - stackByField = 'dns.question.registered_domain', - timerange: { from, to }, -}: NetworkDnsRequestOptions) => { - const filter = [ - ...createQueryFilterClauses(filterQuery), - { - range: { - [timestamp]: { - gte: from, - lte: to, - format: 'strict_date_optional_time', - }, - }, - }, - ]; - - const dslQuery = { - allowNoIndices: true, - index: defaultIndex, - ignoreUnavailable: true, - body: { - ...(isEmpty(docValueFields) ? { docvalue_fields: docValueFields } : {}), - aggregations: { - ...getCountAgg(), - dns_name_query_count: { - terms: { - field: stackByField, - size: querySize, - order: { - ...getQueryOrder(networkDnsSortField), - }, - }, - aggs: { - unique_domains: { - cardinality: { - field: 'dns.question.name', - }, - }, - dns_bytes_in: { - sum: { - field: 'source.bytes', - }, - }, - dns_bytes_out: { - sum: { - field: 'destination.bytes', - }, - }, - }, - }, - }, - query: { - bool: { - filter, - ...createIncludePTRFilter(isPtrIncluded), - }, - }, - }, - size: 0, - track_total_hits: false, - }; - - return dslQuery; -}; diff --git a/x-pack/plugins/security_solution/server/lib/network/query_http.dsl.ts b/x-pack/plugins/security_solution/server/lib/network/query_http.dsl.ts deleted file mode 100644 index a2d1963414be1..0000000000000 --- a/x-pack/plugins/security_solution/server/lib/network/query_http.dsl.ts +++ /dev/null @@ -1,116 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ -import { NetworkHttpSortField } from '../../graphql/types'; -import { createQueryFilterClauses } from '../../utils/build_query'; - -import { NetworkHttpRequestOptions } from './index'; - -const getCountAgg = () => ({ - http_count: { - cardinality: { - field: 'url.path', - }, - }, -}); - -export const buildHttpQuery = ({ - defaultIndex, - filterQuery, - networkHttpSort, - pagination: { querySize }, - sourceConfiguration: { - fields: { timestamp }, - }, - timerange: { from, to }, - ip, -}: NetworkHttpRequestOptions) => { - const filter = [ - ...createQueryFilterClauses(filterQuery), - { - range: { - [timestamp]: { gte: from, lte: to, format: 'strict_date_optional_time' }, - }, - }, - { exists: { field: 'http.request.method' } }, - ]; - - const dslQuery = { - allowNoIndices: true, - index: defaultIndex, - ignoreUnavailable: true, - body: { - aggregations: { - ...getCountAgg(), - ...getHttpAggs(networkHttpSort, querySize), - }, - query: { - bool: ip - ? { - filter, - should: [ - { - term: { - 'source.ip': ip, - }, - }, - { - term: { - 'destination.ip': ip, - }, - }, - ], - minimum_should_match: 1, - } - : { - filter, - }, - }, - }, - size: 0, - track_total_hits: false, - }; - return dslQuery; -}; - -const getHttpAggs = (networkHttpSortField: NetworkHttpSortField, querySize: number) => ({ - url: { - terms: { - field: `url.path`, - size: querySize, - order: { - _count: networkHttpSortField.direction, - }, - }, - aggs: { - methods: { - terms: { - field: 'http.request.method', - size: 4, - }, - }, - domains: { - terms: { - field: 'url.domain', - size: 4, - }, - }, - status: { - terms: { - field: 'http.response.status_code', - size: 4, - }, - }, - source: { - top_hits: { - size: 1, - _source: { - includes: ['host.name', 'source.ip'], - }, - }, - }, - }, - }, -}); diff --git a/x-pack/plugins/security_solution/server/lib/network/query_top_countries.dsl.ts b/x-pack/plugins/security_solution/server/lib/network/query_top_countries.dsl.ts deleted file mode 100644 index be0b8fb64c76a..0000000000000 --- a/x-pack/plugins/security_solution/server/lib/network/query_top_countries.dsl.ts +++ /dev/null @@ -1,153 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import { - Direction, - FlowTargetSourceDest, - NetworkTopTablesSortField, - NetworkTopTablesFields, -} from '../../graphql/types'; -import { createQueryFilterClauses } from '../../utils/build_query'; -import { assertUnreachable } from '../../../common/utility_types'; -import { NetworkTopCountriesRequestOptions } from './index'; - -const getCountAgg = (flowTarget: FlowTargetSourceDest) => ({ - top_countries_count: { - cardinality: { - field: `${flowTarget}.geo.country_iso_code`, - }, - }, -}); - -export const buildTopCountriesQuery = ({ - defaultIndex, - filterQuery, - flowTarget, - networkTopCountriesSort, - pagination: { querySize }, - sourceConfiguration: { - fields: { timestamp }, - }, - timerange: { from, to }, - ip, -}: NetworkTopCountriesRequestOptions) => { - const filter = [ - ...createQueryFilterClauses(filterQuery), - { - range: { - [timestamp]: { gte: from, lte: to, format: 'strict_date_optional_time' }, - }, - }, - ]; - - const dslQuery = { - allowNoIndices: true, - index: defaultIndex, - ignoreUnavailable: true, - body: { - aggregations: { - ...getCountAgg(flowTarget), - ...getFlowTargetAggs(networkTopCountriesSort, flowTarget, querySize), - }, - query: { - bool: ip - ? { - filter, - should: [ - { - term: { - [`${getOppositeField(flowTarget)}.ip`]: ip, - }, - }, - ], - minimum_should_match: 1, - } - : { - filter, - }, - }, - }, - size: 0, - track_total_hits: false, - }; - return dslQuery; -}; - -const getFlowTargetAggs = ( - networkTopCountriesSortField: NetworkTopTablesSortField, - flowTarget: FlowTargetSourceDest, - querySize: number -) => ({ - [flowTarget]: { - terms: { - field: `${flowTarget}.geo.country_iso_code`, - size: querySize, - order: { - ...getQueryOrder(networkTopCountriesSortField), - }, - }, - aggs: { - bytes_in: { - sum: { - field: `${getOppositeField(flowTarget)}.bytes`, - }, - }, - bytes_out: { - sum: { - field: `${flowTarget}.bytes`, - }, - }, - flows: { - cardinality: { - field: 'network.community_id', - }, - }, - source_ips: { - cardinality: { - field: 'source.ip', - }, - }, - destination_ips: { - cardinality: { - field: 'destination.ip', - }, - }, - }, - }, -}); - -export const getOppositeField = (flowTarget: FlowTargetSourceDest): FlowTargetSourceDest => { - switch (flowTarget) { - case FlowTargetSourceDest.source: - return FlowTargetSourceDest.destination; - case FlowTargetSourceDest.destination: - return FlowTargetSourceDest.source; - } - assertUnreachable(flowTarget); -}; - -type QueryOrder = - | { bytes_in: Direction } - | { bytes_out: Direction } - | { flows: Direction } - | { destination_ips: Direction } - | { source_ips: Direction }; - -const getQueryOrder = (networkTopCountriesSortField: NetworkTopTablesSortField): QueryOrder => { - switch (networkTopCountriesSortField.field) { - case NetworkTopTablesFields.bytes_in: - return { bytes_in: networkTopCountriesSortField.direction }; - case NetworkTopTablesFields.bytes_out: - return { bytes_out: networkTopCountriesSortField.direction }; - case NetworkTopTablesFields.flows: - return { flows: networkTopCountriesSortField.direction }; - case NetworkTopTablesFields.destination_ips: - return { destination_ips: networkTopCountriesSortField.direction }; - case NetworkTopTablesFields.source_ips: - return { source_ips: networkTopCountriesSortField.direction }; - } - assertUnreachable(networkTopCountriesSortField.field); -}; diff --git a/x-pack/plugins/security_solution/server/lib/network/query_top_n_flow.dsl.ts b/x-pack/plugins/security_solution/server/lib/network/query_top_n_flow.dsl.ts deleted file mode 100644 index 14a9c5e33aca0..0000000000000 --- a/x-pack/plugins/security_solution/server/lib/network/query_top_n_flow.dsl.ts +++ /dev/null @@ -1,194 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import { assertUnreachable } from '../../../common/utility_types'; -import { - Direction, - FlowTargetSourceDest, - NetworkTopTablesSortField, - NetworkTopTablesFields, -} from '../../graphql/types'; -import { createQueryFilterClauses } from '../../utils/build_query'; - -import { NetworkTopNFlowRequestOptions } from './index'; - -const getCountAgg = (flowTarget: FlowTargetSourceDest) => ({ - top_n_flow_count: { - cardinality: { - field: `${flowTarget}.ip`, - }, - }, -}); - -export const buildTopNFlowQuery = ({ - defaultIndex, - filterQuery, - flowTarget, - networkTopNFlowSort, - pagination: { querySize }, - sourceConfiguration: { - fields: { timestamp }, - }, - timerange: { from, to }, - ip, -}: NetworkTopNFlowRequestOptions) => { - const filter = [ - ...createQueryFilterClauses(filterQuery), - { - range: { - [timestamp]: { gte: from, lte: to, format: 'strict_date_optional_time' }, - }, - }, - ]; - - const dslQuery = { - allowNoIndices: true, - index: defaultIndex, - ignoreUnavailable: true, - body: { - aggregations: { - ...getCountAgg(flowTarget), - ...getFlowTargetAggs(networkTopNFlowSort, flowTarget, querySize), - }, - query: { - bool: ip - ? { - filter, - should: [ - { - term: { - [`${getOppositeField(flowTarget)}.ip`]: ip, - }, - }, - ], - minimum_should_match: 1, - } - : { - filter, - }, - }, - }, - size: 0, - track_total_hits: false, - }; - return dslQuery; -}; - -const getFlowTargetAggs = ( - networkTopNFlowSortField: NetworkTopTablesSortField, - flowTarget: FlowTargetSourceDest, - querySize: number -) => ({ - [flowTarget]: { - terms: { - field: `${flowTarget}.ip`, - size: querySize, - order: { - ...getQueryOrder(networkTopNFlowSortField), - }, - }, - aggs: { - bytes_in: { - sum: { - field: `${getOppositeField(flowTarget)}.bytes`, - }, - }, - bytes_out: { - sum: { - field: `${flowTarget}.bytes`, - }, - }, - domain: { - terms: { - field: `${flowTarget}.domain`, - order: { - timestamp: 'desc', - }, - }, - aggs: { - timestamp: { - max: { - field: '@timestamp', - }, - }, - }, - }, - location: { - filter: { - exists: { - field: `${flowTarget}.geo`, - }, - }, - aggs: { - top_geo: { - top_hits: { - _source: `${flowTarget}.geo.*`, - size: 1, - }, - }, - }, - }, - autonomous_system: { - filter: { - exists: { - field: `${flowTarget}.as`, - }, - }, - aggs: { - top_as: { - top_hits: { - _source: `${flowTarget}.as.*`, - size: 1, - }, - }, - }, - }, - flows: { - cardinality: { - field: 'network.community_id', - }, - }, - [`${getOppositeField(flowTarget)}_ips`]: { - cardinality: { - field: `${getOppositeField(flowTarget)}.ip`, - }, - }, - }, - }, -}); - -export const getOppositeField = (flowTarget: FlowTargetSourceDest): FlowTargetSourceDest => { - switch (flowTarget) { - case FlowTargetSourceDest.source: - return FlowTargetSourceDest.destination; - case FlowTargetSourceDest.destination: - return FlowTargetSourceDest.source; - } - assertUnreachable(flowTarget); -}; - -type QueryOrder = - | { bytes_in: Direction } - | { bytes_out: Direction } - | { flows: Direction } - | { destination_ips: Direction } - | { source_ips: Direction }; - -const getQueryOrder = (networkTopNFlowSortField: NetworkTopTablesSortField): QueryOrder => { - switch (networkTopNFlowSortField.field) { - case NetworkTopTablesFields.bytes_in: - return { bytes_in: networkTopNFlowSortField.direction }; - case NetworkTopTablesFields.bytes_out: - return { bytes_out: networkTopNFlowSortField.direction }; - case NetworkTopTablesFields.flows: - return { flows: networkTopNFlowSortField.direction }; - case NetworkTopTablesFields.destination_ips: - return { destination_ips: networkTopNFlowSortField.direction }; - case NetworkTopTablesFields.source_ips: - return { source_ips: networkTopNFlowSortField.direction }; - } - assertUnreachable(networkTopNFlowSortField.field); -}; diff --git a/x-pack/plugins/security_solution/server/lib/network/types.ts b/x-pack/plugins/security_solution/server/lib/network/types.ts deleted file mode 100644 index b7848be097151..0000000000000 --- a/x-pack/plugins/security_solution/server/lib/network/types.ts +++ /dev/null @@ -1,165 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import { - NetworkDnsData, - NetworkHttpData, - NetworkTopCountriesData, - NetworkTopNFlowData, -} from '../../graphql/types'; -import { FrameworkRequest, RequestOptionsPaginated } from '../framework'; -import { TotalValue } from '../types'; -import { NetworkDnsRequestOptions } from '.'; - -export interface NetworkAdapter { - getNetworkTopCountries( - req: FrameworkRequest, - options: RequestOptionsPaginated - ): Promise; - getNetworkTopNFlow( - req: FrameworkRequest, - options: RequestOptionsPaginated - ): Promise; - getNetworkDns(req: FrameworkRequest, options: NetworkDnsRequestOptions): Promise; - getNetworkHttp(req: FrameworkRequest, options: RequestOptionsPaginated): Promise; -} - -export interface GenericBuckets { - key: string; - doc_count: number; -} - -interface LocationHit { - doc_count: number; - top_geo: { - hits: { - total: TotalValue | number; - max_score: number | null; - hits: Array<{ - _source: T; - sort?: [number]; - _index?: string; - _type?: string; - _id?: string; - _score?: number | null; - }>; - }; - }; -} - -interface AutonomousSystemHit { - doc_count: number; - top_as: { - hits: { - total: TotalValue | number; - max_score: number | null; - hits: Array<{ - _source: T; - sort?: [number]; - _index?: string; - _type?: string; - _id?: string; - _score?: number | null; - }>; - }; - }; -} - -interface HttpHit { - hits: { - total: TotalValue | number; - max_score: number | null; - hits: Array<{ - _source: T; - sort?: [number]; - _index?: string; - _type?: string; - _id?: string; - _score?: number | null; - }>; - }; -} - -export interface NetworkTopNFlowBuckets { - key: string; - autonomous_system: AutonomousSystemHit; - bytes_in: { - value: number; - }; - bytes_out: { - value: number; - }; - domain: { - buckets: GenericBuckets[]; - }; - location: LocationHit; - flows: number; - destination_ips?: number; - source_ips?: number; -} - -export interface NetworkTopCountriesBuckets { - country: string; - key: string; - bytes_in: { - value: number; - }; - bytes_out: { - value: number; - }; - flows: number; - destination_ips: number; - source_ips: number; -} - -export interface NetworkDnsBuckets { - key: string; - doc_count: number; - unique_domains: { - value: number; - }; - dns_bytes_in: { - value: number; - }; - dns_bytes_out: { - value: number; - }; -} - -export interface NetworkHttpBuckets { - key: string; - doc_count: number; - domains: { - buckets: GenericBuckets[]; - }; - methods: { - buckets: GenericBuckets[]; - }; - source: HttpHit; - status: { - buckets: GenericBuckets[]; - }; -} - -interface DnsHistogramSubBucket { - key: string; - doc_count: number; - orderAgg: { - value: number; - }; -} -interface DnsHistogramBucket { - doc_count_error_upper_bound: number; - sum_other_doc_count: number; - buckets: DnsHistogramSubBucket[]; -} - -export interface DnsHistogramGroupData { - key: number; - doc_count: number; - key_as_string: string; - histogram: DnsHistogramBucket; -} diff --git a/x-pack/plugins/security_solution/server/lib/types.ts b/x-pack/plugins/security_solution/server/lib/types.ts index 6e233f6e49d3b..7e59280cd1358 100644 --- a/x-pack/plugins/security_solution/server/lib/types.ts +++ b/x-pack/plugins/security_solution/server/lib/types.ts @@ -8,32 +8,20 @@ import { AuthenticatedUser } from '../../../security/common/model'; import { RequestHandlerContext } from '../../../../../src/core/server'; export { ConfigType as Configuration } from '../config'; -import { Authentications } from './authentications'; -import { Events } from './events'; import { FrameworkAdapter, FrameworkRequest } from './framework'; import { Hosts } from './hosts'; import { IndexFields } from './index_fields'; -import { KpiHosts } from './kpi_hosts'; -import { KpiNetwork } from './kpi_network'; -import { Network } from './network'; import { SourceStatus } from './source_status'; import { Sources } from './sources'; import { Note } from './note/saved_object'; import { PinnedEvent } from './pinned_event/saved_object'; import { Timeline } from './timeline/saved_object'; -import { MatrixHistogram } from './matrix_histogram'; export * from './hosts'; export interface AppDomainLibs { - authentications: Authentications; - events: Events; fields: IndexFields; hosts: Hosts; - matrixHistogram: MatrixHistogram; - network: Network; - kpiNetwork: KpiNetwork; - kpiHosts: KpiHosts; } export interface AppBackendLibs extends AppDomainLibs { diff --git a/x-pack/test/api_integration/apis/security_solution/authentications.ts b/x-pack/test/api_integration/apis/security_solution/authentications.ts index 277ac7316e92d..d36f9aeaa8804 100644 --- a/x-pack/test/api_integration/apis/security_solution/authentications.ts +++ b/x-pack/test/api_integration/apis/security_solution/authentications.ts @@ -6,7 +6,9 @@ import expect from '@kbn/expect'; +// @ts-expect-error import { authenticationsQuery } from '../../../../plugins/security_solution/public/hosts/containers/authentications/index.gql_query'; +// @ts-expect-error import { GetAuthenticationsQuery } from '../../../../plugins/security_solution/public/graphql/types'; import { FtrProviderContext } from '../../ftr_provider_context'; diff --git a/x-pack/test/api_integration/apis/security_solution/index.js b/x-pack/test/api_integration/apis/security_solution/index.js index a143d94dde172..3d24af4413800 100644 --- a/x-pack/test/api_integration/apis/security_solution/index.js +++ b/x-pack/test/api_integration/apis/security_solution/index.js @@ -6,20 +6,20 @@ export default function ({ loadTestFile }) { describe('Siem GraphQL Endpoints', () => { - loadTestFile(require.resolve('./authentications')); + // loadTestFile(require.resolve('./authentications')); loadTestFile(require.resolve('./hosts')); - loadTestFile(require.resolve('./kpi_network')); - loadTestFile(require.resolve('./kpi_hosts')); - loadTestFile(require.resolve('./network_dns')); - loadTestFile(require.resolve('./network_top_n_flow')); + // loadTestFile(require.resolve('./kpi_network')); + // loadTestFile(require.resolve('./kpi_hosts')); + // loadTestFile(require.resolve('./network_dns')); + // loadTestFile(require.resolve('./network_top_n_flow')); // loadTestFile(require.resolve('./overview_host')); loadTestFile(require.resolve('./saved_objects/notes')); loadTestFile(require.resolve('./saved_objects/pinned_events')); loadTestFile(require.resolve('./saved_objects/timeline')); loadTestFile(require.resolve('./sources')); // loadTestFile(require.resolve('./overview_network')); - loadTestFile(require.resolve('./timeline')); - loadTestFile(require.resolve('./timeline_details')); + // loadTestFile(require.resolve('./timeline')); + // loadTestFile(require.resolve('./timeline_details')); // loadTestFile(require.resolve('./uncommon_processes')); // loadTestFile(require.resolve('./users')); // loadTestFile(require.resolve('./tls')); diff --git a/x-pack/test/api_integration/apis/security_solution/kpi_host_details.ts b/x-pack/test/api_integration/apis/security_solution/kpi_host_details.ts index c446fbb149e3a..27e4e02ee7d08 100644 --- a/x-pack/test/api_integration/apis/security_solution/kpi_host_details.ts +++ b/x-pack/test/api_integration/apis/security_solution/kpi_host_details.ts @@ -5,7 +5,9 @@ */ import expect from '@kbn/expect'; +// @ts-expect-error import { kpiHostDetailsQuery } from '../../../../plugins/security_solution/public/hosts/containers/kpi_host_details/index.gql_query'; +// @ts-expect-error import { GetKpiHostDetailsQuery } from '../../../../plugins/security_solution/public/graphql/types'; import { FtrProviderContext } from '../../ftr_provider_context'; diff --git a/x-pack/test/api_integration/apis/security_solution/kpi_hosts.ts b/x-pack/test/api_integration/apis/security_solution/kpi_hosts.ts index dcea52edcddf9..64109bd4d9321 100644 --- a/x-pack/test/api_integration/apis/security_solution/kpi_hosts.ts +++ b/x-pack/test/api_integration/apis/security_solution/kpi_hosts.ts @@ -5,7 +5,9 @@ */ import expect from '@kbn/expect'; +// @ts-expect-error import { kpiHostsQuery } from '../../../../plugins/security_solution/public/hosts/containers/kpi_hosts/index.gql_query'; +// @ts-expect-error import { GetKpiHostsQuery } from '../../../../plugins/security_solution/public/graphql/types'; import { FtrProviderContext } from '../../ftr_provider_context'; diff --git a/x-pack/test/api_integration/apis/security_solution/kpi_network.ts b/x-pack/test/api_integration/apis/security_solution/kpi_network.ts index 654607913d44a..14b061d678898 100644 --- a/x-pack/test/api_integration/apis/security_solution/kpi_network.ts +++ b/x-pack/test/api_integration/apis/security_solution/kpi_network.ts @@ -5,7 +5,9 @@ */ import expect from '@kbn/expect'; +// @ts-expect-error import { kpiNetworkQuery } from '../../../../plugins/security_solution/public/network/containers/kpi_network/index.gql_query'; +// @ts-expect-error import { GetKpiNetworkQuery } from '../../../../plugins/security_solution/public/graphql/types'; import { FtrProviderContext } from '../../ftr_provider_context'; diff --git a/x-pack/test/api_integration/apis/security_solution/network_dns.ts b/x-pack/test/api_integration/apis/security_solution/network_dns.ts index e5f3ed18d32ea..b53e2cc72853a 100644 --- a/x-pack/test/api_integration/apis/security_solution/network_dns.ts +++ b/x-pack/test/api_integration/apis/security_solution/network_dns.ts @@ -5,10 +5,13 @@ */ import expect from '@kbn/expect'; +// @ts-expect-error import { networkDnsQuery } from '../../../../plugins/security_solution/public/network/containers/network_dns/index.gql_query'; import { Direction, + // @ts-expect-error GetNetworkDnsQuery, + // @ts-expect-error NetworkDnsFields, } from '../../../../plugins/security_solution/public/graphql/types'; import { FtrProviderContext } from '../../ftr_provider_context'; @@ -53,6 +56,7 @@ export default function ({ getService }: FtrProviderContext) { const networkDns = resp.data.source.NetworkDns; expect(networkDns.edges.length).to.be(10); expect(networkDns.totalCount).to.be(44); + // @ts-expect-error expect(networkDns.edges.map((i) => i.node.dnsName).join(',')).to.be( 'aaplimg.com,adgrx.com,akadns.net,akamaiedge.net,amazonaws.com,cbsistatic.com,cdn-apple.com,connman.net,crowbird.com,d1oxlq5h9kq8q5.cloudfront.net' ); @@ -90,6 +94,7 @@ export default function ({ getService }: FtrProviderContext) { const networkDns = resp.data.source.NetworkDns; expect(networkDns.edges.length).to.be(10); expect(networkDns.totalCount).to.be(44); + // @ts-expect-error expect(networkDns.edges.map((i) => i.node.dnsName).join(',')).to.be( 'nflxvideo.net,apple.com,netflix.com,samsungcloudsolution.com,samsungqbe.com,samsungelectronics.com,internetat.tv,samsungcloudsolution.net,samsungosp.com,cbsnews.com' ); diff --git a/x-pack/test/api_integration/apis/security_solution/network_top_n_flow.ts b/x-pack/test/api_integration/apis/security_solution/network_top_n_flow.ts index 6033fdfefa4db..81a1924019a55 100644 --- a/x-pack/test/api_integration/apis/security_solution/network_top_n_flow.ts +++ b/x-pack/test/api_integration/apis/security_solution/network_top_n_flow.ts @@ -5,11 +5,14 @@ */ import expect from '@kbn/expect'; +// @ts-expect-error import { networkTopNFlowQuery } from '../../../../plugins/security_solution/public/network/containers/network_top_n_flow/index.gql_query'; import { Direction, FlowTargetSourceDest, + // @ts-expect-error GetNetworkTopNFlowQuery, + // @ts-expect-error NetworkTopTablesFields, } from '../../../../plugins/security_solution/public/graphql/types'; import { FtrProviderContext } from '../../ftr_provider_context'; @@ -55,6 +58,7 @@ export default function ({ getService }: FtrProviderContext) { const networkTopNFlow = resp.data.source.NetworkTopNFlow; expect(networkTopNFlow.edges.length).to.be(EDGE_LENGTH); expect(networkTopNFlow.totalCount).to.be(121); + // @ts-expect-error expect(networkTopNFlow.edges.map((i) => i.node.source!.ip).join(',')).to.be( '10.100.7.196,10.100.7.199,10.100.7.197,10.100.7.198,3.82.33.170,17.249.172.100,10.100.4.1,8.248.209.244,8.248.211.247,8.248.213.244' ); @@ -93,6 +97,7 @@ export default function ({ getService }: FtrProviderContext) { const networkTopNFlow = resp.data.source.NetworkTopNFlow; expect(networkTopNFlow.edges.length).to.be(EDGE_LENGTH); expect(networkTopNFlow.totalCount).to.be(121); + // @ts-expect-error expect(networkTopNFlow.edges.map((i) => i.node.source!.ip).join(',')).to.be( '8.248.209.244,8.248.211.247,8.248.213.244,8.248.223.246,8.250.107.245,8.250.121.236,8.250.125.244,8.253.38.231,8.253.157.112,8.253.157.240' ); diff --git a/x-pack/test/api_integration/apis/security_solution/timeline.ts b/x-pack/test/api_integration/apis/security_solution/timeline.ts index 5bd015a130a5a..8ae562a961431 100644 --- a/x-pack/test/api_integration/apis/security_solution/timeline.ts +++ b/x-pack/test/api_integration/apis/security_solution/timeline.ts @@ -6,9 +6,11 @@ import expect from '@kbn/expect'; +// @ts-expect-error import { timelineQuery } from '../../../../plugins/security_solution/public/timelines/containers/index.gql_query'; import { Direction, + // @ts-expect-error GetTimelineQuery, } from '../../../../plugins/security_solution/public/graphql/types'; import { FtrProviderContext } from '../../ftr_provider_context'; diff --git a/x-pack/test/api_integration/apis/security_solution/timeline_details.ts b/x-pack/test/api_integration/apis/security_solution/timeline_details.ts index 35f419fde894d..559cdc8c29c09 100644 --- a/x-pack/test/api_integration/apis/security_solution/timeline_details.ts +++ b/x-pack/test/api_integration/apis/security_solution/timeline_details.ts @@ -7,9 +7,12 @@ import expect from '@kbn/expect'; import { sortBy } from 'lodash'; +// @ts-expect-error import { timelineDetailsQuery } from '../../../../plugins/security_solution/public/timelines/containers/details/index.gql_query'; import { + // @ts-expect-error DetailItem, + // @ts-expect-error GetTimelineDetailsQuery, } from '../../../../plugins/security_solution/public/graphql/types'; import { FtrProviderContext } from '../../ftr_provider_context'; From 41927d9a63b29836a070fa42b793e828dd60ce0e Mon Sep 17 00:00:00 2001 From: Paul Tavares <56442535+paul-tavares@users.noreply.github.com> Date: Thu, 24 Sep 2020 12:25:08 -0400 Subject: [PATCH 24/63] [SECURITY_SOLUTION][ENDPOINT] Trusted App Create Form show inline validations errors (#78305) * Updated structure for `ValidationResult` type * show errors on the ui if field is invalid * Support for tracking visited fields * Remove use of Snapshots in Trusted Apps tests --- .../trusted_apps_list.test.tsx.snap | 7 + .../trusted_apps_page.test.tsx.snap | 1053 ----------------- .../create_trusted_app_form.test.tsx | 304 +++++ .../components/create_trusted_app_form.tsx | 161 ++- .../components/condition_entry.tsx | 21 +- .../components/condition_group.tsx | 9 +- .../logical_condition_builder.tsx | 3 +- .../trusted_apps/view/trusted_apps_list.tsx | 1 + .../view/trusted_apps_page.test.tsx | 16 +- 9 files changed, 498 insertions(+), 1077 deletions(-) delete mode 100644 x-pack/plugins/security_solution/public/management/pages/trusted_apps/view/__snapshots__/trusted_apps_page.test.tsx.snap create mode 100644 x-pack/plugins/security_solution/public/management/pages/trusted_apps/view/components/create_trusted_app_form.test.tsx diff --git a/x-pack/plugins/security_solution/public/management/pages/trusted_apps/view/__snapshots__/trusted_apps_list.test.tsx.snap b/x-pack/plugins/security_solution/public/management/pages/trusted_apps/view/__snapshots__/trusted_apps_list.test.tsx.snap index 46885bd653dc2..ccd94c63e96c8 100644 --- a/x-pack/plugins/security_solution/public/management/pages/trusted_apps/view/__snapshots__/trusted_apps_list.test.tsx.snap +++ b/x-pack/plugins/security_solution/public/management/pages/trusted_apps/view/__snapshots__/trusted_apps_list.test.tsx.snap @@ -4,6 +4,7 @@ exports[`TrustedAppsList renders correctly initially 1`] = `
-
-
-
-
-
-

- Trusted Applications - - - Beta - -

-
-
- View and configure trusted applications -
-
-
-
- -
-
- -
-
- -
-
- -
-
- - -
-
-
-
-
-
-
-
-
-
-
- - - - - - - - - - - - - - - -
-
-
- - Name - -
- 		-
- - OS - -
- 		-
- - Date Created - -
- 		-
- - Created By - -
- 		-
- - Actions - -
-
-
- - No items found - -
-
-
-
-
-
-
- , - "container":
-
-
-
-
-

- Trusted Applications - - - Beta - -

-
-
- View and configure trusted applications -
-
-
-
- -
-
- -
-
- -
-
- -
-
- - -
-
-
-
-
-
-
-
-
-
-
- - - - - - - - - - - - - - - -
-
-
- - Name - -
- 		-
- - OS - -
- 		-
- - Date Created - -
- 		-
- - Created By - -
- 		-
- - Actions - -
-
-
- - No items found - -
-
-
-
-
-
-
, - "debug": [Function], - "findAllByAltText": [Function], - "findAllByDisplayValue": [Function], - "findAllByLabelText": [Function], - "findAllByPlaceholderText": [Function], - "findAllByRole": [Function], - "findAllByTestId": [Function], - "findAllByText": [Function], - "findAllByTitle": [Function], - "findByAltText": [Function], - "findByDisplayValue": [Function], - "findByLabelText": [Function], - "findByPlaceholderText": [Function], - "findByRole": [Function], - "findByTestId": [Function], - "findByText": [Function], - "findByTitle": [Function], - "getAllByAltText": [Function], - "getAllByDisplayValue": [Function], - "getAllByLabelText": [Function], - "getAllByPlaceholderText": [Function], - "getAllByRole": [Function], - "getAllByTestId": [Function], - "getAllByText": [Function], - "getAllByTitle": [Function], - "getByAltText": [Function], - "getByDisplayValue": [Function], - "getByLabelText": [Function], - "getByPlaceholderText": [Function], - "getByRole": [Function], - "getByTestId": [Function], - "getByText": [Function], - "getByTitle": [Function], - "queryAllByAltText": [Function], - "queryAllByDisplayValue": [Function], - "queryAllByLabelText": [Function], - "queryAllByPlaceholderText": [Function], - "queryAllByRole": [Function], - "queryAllByTestId": [Function], - "queryAllByText": [Function], - "queryAllByTitle": [Function], - "queryByAltText": [Function], - "queryByDisplayValue": [Function], - "queryByLabelText": [Function], - "queryByPlaceholderText": [Function], - "queryByRole": [Function], - "queryByTestId": [Function], - "queryByText": [Function], - "queryByTitle": [Function], - "rerender": [Function], - "unmount": [Function], -} -`; - -exports[`TrustedAppsPage when the Add Trusted App button is clicked should display create form 1`] = ` -@media only screen and (min-width:575px) { - -} - -
-
-
- -
-
-
-
- -
-
-
-
-
-
- -
-
-
-
- -
-
- - Select an option: Windows, is selected - - -
- - -
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- -
-
-
-
- -
-
- - Select an option: Hash, is selected - - -
- - -
-
-
-
-
-
-
-
-
-
- -
-
-
-
- -
-
-
-
-
-
-
-
- -
-
-
-
- -
-
-
-
-
-
-
-
- -
-
- -
-
-
-
-
-
-
-
- -
-
-
-
-
- -
-
-