Skip to content

Commit

Permalink
Type fixes and pr comments
Browse files Browse the repository at this point in the history
  • Loading branch information
spong committed Jul 2, 2020
1 parent a3d0075 commit ac86c2b
Show file tree
Hide file tree
Showing 16 changed files with 78 additions and 42 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -36,6 +36,7 @@ export const getPartialRulesSchemaMock = (): Partial<RulesSchema> => ({
});

export const getRulesSchemaMock = (anchorDate: string = ANCHOR_DATE): RulesSchema => ({
author: [],
id: '7a7065d7-6e8b-4aae-8d20-c93613dec9f9',
created_at: new Date(anchorDate).toISOString(),
updated_at: new Date(anchorDate).toISOString(),
Expand All @@ -49,6 +50,7 @@ export const getRulesSchemaMock = (anchorDate: string = ANCHOR_DATE): RulesSchem
query: 'user.name: root or user.name: admin',
references: ['test 1', 'test 2'],
severity: 'high',
severity_mapping: [],
updated_by: 'elastic_kibana',
tags: [],
to: 'now',
Expand All @@ -62,6 +64,7 @@ export const getRulesSchemaMock = (anchorDate: string = ANCHOR_DATE): RulesSchem
output_index: '.siem-signals-hassanabad-frank-default',
max_signals: 100,
risk_score: 55,
risk_score_mapping: [],
language: 'kuery',
rule_id: 'query-rule-id',
interval: '5m',
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -55,22 +55,25 @@ import {
filters,
meta,
note,
author,
building_block_type,
license,
rule_name_override,
timestamp_override,
risk_score_mapping,
severity_mapping,
} from '../common/schemas';
import { DefaultListArray } from '../types/lists_default_array';
import {
DefaultStringArray,
DefaultRiskScoreMappingArray,
DefaultSeverityMappingArray,
} from '../types';

/**
* This is the required fields for the rules schema response. Put all required properties on
* this base for schemas such as create_rules, update_rules, for the correct validation of the
* output schema.
*/
export const requiredRulesSchema = t.type({
author: DefaultStringArray,
description,
enabled,
false_positives,
Expand All @@ -82,9 +85,11 @@ export const requiredRulesSchema = t.type({
output_index,
max_signals,
risk_score,
risk_score_mapping: DefaultRiskScoreMappingArray,
name,
references,
severity,
severity_mapping: DefaultSeverityMappingArray,
updated_by,
tags,
to,
Expand Down Expand Up @@ -127,13 +132,10 @@ export const dependentRulesSchema = t.partial({
*/
export const partialRulesSchema = t.partial({
actions,
author,
building_block_type,
license,
throttle,
risk_score_mapping,
rule_name_override,
severity_mapping,
status: job_status,
status_date,
timestamp_override,
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,7 @@ import styled from 'styled-components';
import * as i18n from './translations';
import { FieldHook } from '../../../../../../../../src/plugins/es_ui_shared/static/forms/hook_form_lib';
import { CommonUseField } from '../../../../cases/components/create';
import { AboutStepRiskScore } from '../../../pages/detection_engine/rules/types';

const NestedContent = styled.div`
margin-left: 24px;
Expand All @@ -45,8 +46,9 @@ export const RiskScoreField = ({ dataTestSubj, field, idAria, indices }: RiskSco

const updateRiskScoreMapping = useCallback(
(event) => {
const values = field.value as AboutStepRiskScore;
field.setValue({
value: field.value.value,
value: values.value,
mapping: [
{
field: event.target.value,
Expand Down Expand Up @@ -163,11 +165,11 @@ export const RiskScoreField = ({ dataTestSubj, field, idAria, indices }: RiskSco
<EuiFlexGroup alignItems="center" gutterSize="s">
<EuiFlexItem>
<EuiFieldText
data-test-subj={`detectionEngineStepAboutRuleRiskScoreMappingValue`}
idAria={`detectionEngineStepAboutRuleRiskScoreMappingValue`}
isDisabled={false}
data-test-subj={'detectionEngineStepAboutRuleRiskScoreMappingValue'}
aria-label={'detectionEngineStepAboutRuleRiskScoreMappingValu'}
disabled={false}
onChange={updateRiskScoreMapping.bind(null)}
value={field.value.mapping?.[0]?.field ?? ''}
value={(field.value as AboutStepRiskScore).mapping?.[0]?.field ?? ''}
/>
</EuiFlexItem>
<EuiFlexItemIconColumn grow={false}>
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,7 @@ import * as i18n from './translations';
import { FieldHook } from '../../../../../../../../src/plugins/es_ui_shared/static/forms/hook_form_lib';
import { SeverityOptionItem } from '../step_about_rule/data';
import { CommonUseField } from '../../../../cases/components/create';
import { AboutStepSeverity } from '../../../pages/detection_engine/rules/types';

const NestedContent = styled.div`
margin-left: 24px;
Expand Down Expand Up @@ -53,17 +54,18 @@ export const SeverityField = ({

const updateSeverityMapping = useCallback(
(index: number, severity: string, mappingField: string, event) => {
const values = field.value as AboutStepSeverity;
field.setValue({
value: field.value.value,
value: values.value,
mapping: [
...field.value.mapping.slice(0, index),
...values.mapping.slice(0, index),
{
...field.value.mapping[index],
...values.mapping[index],
[mappingField]: event.target.value,
operator: 'equals',
severity,
},
...field.value.mapping.slice(index + 1),
...values.mapping.slice(index + 1),
],
});
},
Expand Down Expand Up @@ -177,20 +179,20 @@ export const SeverityField = ({
<EuiFlexItem>
<EuiFieldText
data-test-subj={`detectionEngineStepAboutRuleSeverityMappingField${option.value}`}
idAria={`detectionEngineStepAboutRuleSeverityMappingField${option.value}`}
isDisabled={false}
aria-label={`detectionEngineStepAboutRuleSeverityMappingField${option.value}`}
disabled={false}
onChange={updateSeverityMapping.bind(null, index, option.value, 'field')}
value={field.value.mapping?.[index]?.field ?? ''}
value={(field.value as AboutStepSeverity).mapping?.[index]?.field ?? ''}
/>
</EuiFlexItem>

<EuiFlexItem>
<EuiFieldText
data-test-subj={`detectionEngineStepAboutRuleSeverityMappingValue${option.value}`}
idAria={`detectionEngineStepAboutRuleSeverityMappingValue${option.value}`}
isDisabled={false}
aria-label={`detectionEngineStepAboutRuleSeverityMappingValue${option.value}`}
disabled={false}
onChange={updateSeverityMapping.bind(null, index, option.value, 'value')}
value={field.value.mapping?.[index]?.value ?? ''}
value={(field.value as AboutStepSeverity).mapping?.[index]?.value ?? ''}
/>
</EuiFlexItem>
<EuiFlexItemIconColumn grow={false}>
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -291,7 +291,7 @@ describe('Detections Rules API', () => {
await duplicateRules({ rules: rulesMock.data });
expect(fetchMock).toHaveBeenCalledWith('/api/detection_engine/rules/_bulk_create', {
body:
'[{"actions":[],"description":"Elastic Endpoint detected Credential Dumping. Click the Elastic Endpoint icon in the event.module column or the link in the rule.reference column in the External Alerts tab of the SIEM Detections page for additional information.","enabled":false,"false_positives":[],"from":"now-660s","index":["endgame-*"],"interval":"10m","language":"kuery","output_index":".siem-signals-default","max_signals":100,"risk_score":73,"name":"Credential Dumping - Detected - Elastic Endpoint [Duplicate]","query":"event.kind:alert and event.module:endgame and event.action:cred_theft_event and endgame.metadata.type:detection","filters":[],"references":[],"severity":"high","tags":["Elastic","Endpoint"],"to":"now","type":"query","threat":[],"throttle":null,"version":1},{"actions":[],"description":"Elastic Endpoint detected an Adversary Behavior. Click the Elastic Endpoint icon in the event.module column or the link in the rule.reference column in the External Alerts tab of the SIEM Detections page for additional information.","enabled":false,"false_positives":[],"from":"now-660s","index":["endgame-*"],"interval":"10m","language":"kuery","output_index":".siem-signals-default","max_signals":100,"risk_score":47,"name":"Adversary Behavior - Detected - Elastic Endpoint [Duplicate]","query":"event.kind:alert and event.module:endgame and event.action:rules_engine_event","filters":[],"references":[],"severity":"medium","tags":["Elastic","Endpoint"],"to":"now","type":"query","threat":[],"throttle":null,"version":1}]',
'[{"actions":[],"author":[],"description":"Elastic Endpoint detected Credential Dumping. Click the Elastic Endpoint icon in the event.module column or the link in the rule.reference column in the External Alerts tab of the SIEM Detections page for additional information.","enabled":false,"false_positives":[],"from":"now-660s","index":["endgame-*"],"interval":"10m","language":"kuery","output_index":".siem-signals-default","max_signals":100,"risk_score":73,"risk_score_mapping":[],"name":"Credential Dumping - Detected - Elastic Endpoint [Duplicate]","query":"event.kind:alert and event.module:endgame and event.action:cred_theft_event and endgame.metadata.type:detection","filters":[],"references":[],"severity":"high","severity_mapping":[],"tags":["Elastic","Endpoint"],"to":"now","type":"query","threat":[],"throttle":null,"version":1},{"actions":[],"author":[],"description":"Elastic Endpoint detected an Adversary Behavior. Click the Elastic Endpoint icon in the event.module column or the link in the rule.reference column in the External Alerts tab of the SIEM Detections page for additional information.","enabled":false,"false_positives":[],"from":"now-660s","index":["endgame-*"],"interval":"10m","language":"kuery","output_index":".siem-signals-default","max_signals":100,"risk_score":47,"risk_score_mapping":[],"name":"Adversary Behavior - Detected - Elastic Endpoint [Duplicate]","query":"event.kind:alert and event.module:endgame and event.action:rules_engine_event","filters":[],"references":[],"severity":"medium","severity_mapping":[],"tags":["Elastic","Endpoint"],"to":"now","type":"query","threat":[],"throttle":null,"version":1}]',
method: 'POST',
});
});
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -36,6 +36,7 @@ export const ruleMock: NewRule = {
};

export const savedRuleMock: Rule = {
author: [],
actions: [],
created_at: 'mm/dd/yyyyTHH:MM:sssz',
created_by: 'mockUser',
Expand All @@ -58,11 +59,13 @@ export const savedRuleMock: Rule = {
rule_id: 'bbd3106e-b4b5-4d7c-a1a2-47531d6a2baf',
language: 'kuery',
risk_score: 75,
risk_score_mapping: [],
name: 'Test rule',
max_signals: 100,
query: "user.email: '[email protected]'",
references: [],
severity: 'high',
severity_mapping: [],
tags: ['APM'],
to: 'now',
type: 'query',
Expand All @@ -79,6 +82,7 @@ export const rulesMock: FetchRulesResponse = {
data: [
{
actions: [],
author: [],
created_at: '2020-02-14T19:49:28.178Z',
updated_at: '2020-02-14T19:49:28.320Z',
created_by: 'elastic',
Expand All @@ -96,12 +100,14 @@ export const rulesMock: FetchRulesResponse = {
output_index: '.siem-signals-default',
max_signals: 100,
risk_score: 73,
risk_score_mapping: [],
name: 'Credential Dumping - Detected - Elastic Endpoint',
query:
'event.kind:alert and event.module:endgame and event.action:cred_theft_event and endgame.metadata.type:detection',
filters: [],
references: [],
severity: 'high',
severity_mapping: [],
updated_by: 'elastic',
tags: ['Elastic', 'Endpoint'],
to: 'now',
Expand All @@ -112,6 +118,7 @@ export const rulesMock: FetchRulesResponse = {
},
{
actions: [],
author: [],
created_at: '2020-02-14T19:49:28.189Z',
updated_at: '2020-02-14T19:49:28.326Z',
created_by: 'elastic',
Expand All @@ -129,11 +136,13 @@ export const rulesMock: FetchRulesResponse = {
output_index: '.siem-signals-default',
max_signals: 100,
risk_score: 47,
risk_score_mapping: [],
name: 'Adversary Behavior - Detected - Elastic Endpoint',
query: 'event.kind:alert and event.module:endgame and event.action:rules_engine_event',
filters: [],
references: [],
severity: 'medium',
severity_mapping: [],
updated_by: 'elastic',
tags: ['Elastic', 'Endpoint'],
to: 'now',
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -87,6 +87,7 @@ const MetaRule = t.intersection([

export const RuleSchema = t.intersection([
t.type({
author,
created_at: t.string,
created_by: t.string,
description: t.string,
Expand All @@ -100,8 +101,10 @@ export const RuleSchema = t.intersection([
max_signals: t.number,
references: t.array(t.string),
risk_score: t.number,
risk_score_mapping,
rule_id: t.string,
severity: t.string,
severity_mapping,
tags: t.array(t.string),
type: RuleTypeSchema,
to: t.string,
Expand All @@ -112,7 +115,6 @@ export const RuleSchema = t.intersection([
throttle: t.union([t.string, t.null]),
}),
t.partial({
author,
building_block_type,
anomaly_threshold: t.number,
filters: t.array(t.unknown),
Expand All @@ -125,10 +127,8 @@ export const RuleSchema = t.intersection([
machine_learning_job_id: t.string,
output_index: t.string,
query: t.string,
risk_score_mapping,
rule_name_override,
saved_id: t.string,
severity_mapping,
status: t.string,
status_date: t.string,
timeline_id: t.string,
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -32,6 +32,7 @@ describe('useRule', () => {
false,
{
actions: [],
author: [],
created_at: 'mm/dd/yyyyTHH:MM:sssz',
created_by: 'mockUser',
description: 'some desc',
Expand All @@ -56,8 +57,10 @@ describe('useRule', () => {
query: "user.email: '[email protected]'",
references: [],
risk_score: 75,
risk_score_mapping: [],
rule_id: 'bbd3106e-b4b5-4d7c-a1a2-47531d6a2baf',
severity: 'high',
severity_mapping: [],
tags: ['APM'],
threat: [],
throttle: null,
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,7 @@ const testRule: Rule = {
},
},
],
author: [],
created_at: 'mm/dd/yyyyTHH:MM:sssz',
created_by: 'mockUser',
description: 'some desc',
Expand All @@ -51,8 +52,10 @@ const testRule: Rule = {
query: "user.email: '[email protected]'",
references: [],
risk_score: 75,
risk_score_mapping: [],
rule_id: 'bbd3106e-b4b5-4d7c-a1a2-47531d6a2baf',
severity: 'high',
severity_mapping: [],
tags: ['APM'],
threat: [],
throttle: null,
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -59,6 +59,7 @@ describe('useRules', () => {
data: [
{
actions: [],
author: [],
created_at: '2020-02-14T19:49:28.178Z',
created_by: 'elastic',
description:
Expand All @@ -79,8 +80,10 @@ describe('useRules', () => {
'event.kind:alert and event.module:endgame and event.action:cred_theft_event and endgame.metadata.type:detection',
references: [],
risk_score: 73,
risk_score_mapping: [],
rule_id: '571afc56-5ed9-465d-a2a9-045f099f6e7e',
severity: 'high',
severity_mapping: [],
tags: ['Elastic', 'Endpoint'],
threat: [],
throttle: null,
Expand All @@ -92,6 +95,7 @@ describe('useRules', () => {
},
{
actions: [],
author: [],
created_at: '2020-02-14T19:49:28.189Z',
created_by: 'elastic',
description:
Expand All @@ -112,8 +116,10 @@ describe('useRules', () => {
'event.kind:alert and event.module:endgame and event.action:rules_engine_event',
references: [],
risk_score: 47,
risk_score_mapping: [],
rule_id: '77a3c3df-8ec4-4da4-b758-878f551dee69',
severity: 'medium',
severity_mapping: [],
tags: ['Elastic', 'Endpoint'],
threat: [],
throttle: null,
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -41,6 +41,7 @@ export const mockQueryBar: FieldValueQueryBar = {

export const mockRule = (id: string): Rule => ({
actions: [],
author: [],
created_at: '2020-01-10T21:11:45.839Z',
updated_at: '2020-01-10T21:11:45.839Z',
created_by: 'elastic',
Expand All @@ -58,6 +59,7 @@ export const mockRule = (id: string): Rule => ({
output_index: '.siem-signals-default',
max_signals: 100,
risk_score: 21,
risk_score_mapping: [],
name: 'Home Grown!',
query: '',
references: [],
Expand All @@ -66,6 +68,7 @@ export const mockRule = (id: string): Rule => ({
timeline_title: 'Untitled timeline',
meta: { from: '0m' },
severity: 'low',
severity_mapping: [],
updated_by: 'elastic',
tags: [],
to: 'now',
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -135,9 +135,9 @@ export const getAboutStepsData = (rule: Rule, detailsView: boolean): AboutStepRu
isNew: false,
author,
isBuildingBlock: buildingBlockType !== undefined,
license,
ruleNameOverride,
timestampOverride,
license: license ?? '',
ruleNameOverride: ruleNameOverride ?? '',
timestampOverride: timestampOverride ?? '',
name,
description,
note: note!,
Expand Down
Loading

0 comments on commit ac86c2b

Please sign in to comment.