Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

TheHive Connector for Cases #180931

Merged
merged 16 commits into from
Sep 10, 2024
Merged

TheHive Connector for Cases #180931

Show file tree
Hide file tree
Changes from 5 commits
Commits
Show all changes
16 commits
Select commit Hold shift + click to select a range
6ddf8c5
Add support of case connector for thehive
brijesh-elastic Apr 16, 2024
48938ec
Merge branch 'main' into thehive_cases_plugin
elasticmachine Jul 23, 2024
a98d141
Merge branch 'main' into thehive_cases_plugin
elasticmachine Aug 26, 2024
19b81b2
Resolve comments
brijesh-elastic Aug 27, 2024
1ea1945
Merge branch 'main' into thehive_cases_plugin
elasticmachine Aug 28, 2024
c5ba79a
[CI] Auto-commit changed files from 'node scripts/eslint --no-cache -…
kibanamachine Aug 28, 2024
c58a578
Update docs
brijesh-elastic Aug 29, 2024
db3d840
Remove the hideInUi flag
brijesh-elastic Sep 2, 2024
6d0dea7
Merge branch 'main' into thehive_cases_plugin
brijesh-elastic Sep 2, 2024
1aa9649
Adding back hideInUi flag
brijesh-elastic Sep 2, 2024
c8e1aea
Merge branch 'main' into thehive_cases_plugin
cnasikas Sep 3, 2024
ac4f754
Merge branch 'main' into thehive_cases_plugin
elasticmachine Sep 6, 2024
bf5598d
Resolve comments
brijesh-elastic Sep 9, 2024
63b8bd6
Merge branch 'main' into thehive_cases_plugin
brijesh-elastic Sep 9, 2024
0b5da8a
Update TheHiveTLP enum to be safer in the future
brijesh-elastic Sep 10, 2024
f7c3aa6
Merge branch 'main' into thehive_cases_plugin
brijesh-elastic Sep 10, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
19 changes: 19 additions & 0 deletions x-pack/plugins/cases/common/types/domain/connector/v1.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,7 @@ export enum ConnectorTypes {
serviceNowITSM = '.servicenow',
serviceNowSIR = '.servicenow-sir',
swimlane = '.swimlane',
theHive = '.thehive',
}

const ConnectorCasesWebhookTypeFieldsRt = rt.strict({
Expand Down Expand Up @@ -118,6 +119,21 @@ const ConnectorSwimlaneTypeFieldsRt = rt.strict({
fields: rt.union([SwimlaneFieldsRt, rt.null]),
});

/**
* Thehive
*/

export const TheHiveFieldsRt = rt.strict({
tlp: rt.union([rt.number, rt.string, rt.null]),
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The schema of the tlp of the connector is number and not a string. I think we should keep the same convention here for cases (number or null). This way we can avoid doing parseInt(tlp, 10) on the backend. We may need to do it on the frontend as the select dropdown accepts only strings as values (as you do here x-pack/plugins/stack_connectors/public/connector_types/thehive/params_case.tsx).

});

export type TheHiveFieldsType = rt.TypeOf<typeof TheHiveFieldsRt>;

const ConnectorTheHiveTypeFieldsRt = rt.strict({
type: rt.literal(ConnectorTypes.theHive),
fields: rt.union([TheHiveFieldsRt, rt.null]),
});

/**
* None connector
*/
Expand All @@ -135,6 +151,7 @@ export const ConnectorTypeFieldsRt = rt.union([
ConnectorServiceNowITSMTypeFieldsRt,
ConnectorServiceNowSIRTypeFieldsRt,
ConnectorSwimlaneTypeFieldsRt,
ConnectorTheHiveTypeFieldsRt,
]);

/**
Expand All @@ -148,6 +165,7 @@ export const CaseUserActionConnectorRt = rt.union([
rt.intersection([ConnectorServiceNowITSMTypeFieldsRt, rt.strict({ name: rt.string })]),
rt.intersection([ConnectorServiceNowSIRTypeFieldsRt, rt.strict({ name: rt.string })]),
rt.intersection([ConnectorSwimlaneTypeFieldsRt, rt.strict({ name: rt.string })]),
rt.intersection([ConnectorTheHiveTypeFieldsRt, rt.strict({ name: rt.string })]),
]);

export const CaseConnectorRt = rt.intersection([
Expand Down Expand Up @@ -205,3 +223,4 @@ export type ConnectorServiceNowITSMTypeFields = rt.TypeOf<
typeof ConnectorServiceNowITSMTypeFieldsRt
>;
export type ConnectorServiceNowSIRTypeFields = rt.TypeOf<typeof ConnectorServiceNowSIRTypeFieldsRt>;
export type ConnectorTheHiveTypeFields = rt.TypeOf<typeof ConnectorTheHiveTypeFieldsRt>;
3 changes: 3 additions & 0 deletions x-pack/plugins/cases/public/components/connectors/index.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,12 +12,14 @@ import { getCaseConnector as getSwimlaneCaseConnector } from './swimlane';
import { getCaseConnector as getResilientCaseConnector } from './resilient';
import { getCaseConnector as getCasesWebhookCaseConnector } from './cases_webhook';
import { getServiceNowITSMCaseConnector, getServiceNowSIRCaseConnector } from './servicenow';
import { getCaseConnector as getTheHiveCaseConnector } from './thehive';
import type {
JiraFieldsType,
ServiceNowITSMFieldsType,
ServiceNowSIRFieldsType,
ResilientFieldsType,
SwimlaneFieldsType,
TheHiveFieldsType,
} from '../../../common/types/domain';

export * from './types';
Expand All @@ -43,6 +45,7 @@ class CaseConnectors {
this.caseConnectorsRegistry.register<ServiceNowSIRFieldsType>(getServiceNowSIRCaseConnector());
this.caseConnectorsRegistry.register<SwimlaneFieldsType>(getSwimlaneCaseConnector());
this.caseConnectorsRegistry.register<null>(getCasesWebhookCaseConnector());
this.caseConnectorsRegistry.register<TheHiveFieldsType>(getTheHiveCaseConnector());
}

registry(): CaseConnectorsRegistry {
Expand Down
10 changes: 10 additions & 0 deletions x-pack/plugins/cases/public/components/connectors/mock.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -35,6 +35,16 @@ export const swimlaneConnector = {
isSystemAction: false,
};

export const theHiveConnector = {
id: '123',
name: 'My connector',
actionTypeId: '.thehive',
config: {},
isPreconfigured: false,
isDeprecated: false,
isSystemAction: false,
};

export const issues = [
{ id: 'personId', title: 'Person Task', key: 'personKey' },
{ id: 'womanId', title: 'Woman Task', key: 'womanKey' },
Expand Down
50 changes: 50 additions & 0 deletions x-pack/plugins/cases/public/components/connectors/thehive/case_fields.test.tsx
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,50 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/

import React from 'react';
import userEvent from '@testing-library/user-event';
import { screen } from '@testing-library/react';
import Fields from './case_fields';
import { theHiveConnector as connector } from '../mock';
import { MockFormWrapperComponent } from '../test_utils';
import type { AppMockRenderer } from '../../../common/mock';
import { createAppMockRenderer } from '../../../common/mock';
import { TheHiveTLP } from './types';

describe('TheHive Cases Fields', () => {
const fields = {
TLP: '1',
};

let appMockRenderer: AppMockRenderer;

beforeEach(() => {
appMockRenderer = createAppMockRenderer();
jest.clearAllMocks();
});

it('all params fields are rendered', () => {
appMockRenderer.render(
<MockFormWrapperComponent fields={fields}>
<Fields connector={connector} />
</MockFormWrapperComponent>
);

expect(screen.getByText('TLP')).toBeInTheDocument();
});

it('sets TLP correctly', async () => {
appMockRenderer.render(
<MockFormWrapperComponent fields={fields}>
<Fields connector={connector} />
</MockFormWrapperComponent>
);

userEvent.selectOptions(screen.getByTestId('tlp-field'), '4');
expect(await screen.findByTestId('tlp-field')).toHaveValue(TheHiveTLP.RED);
});
});
71 changes: 71 additions & 0 deletions x-pack/plugins/cases/public/components/connectors/thehive/case_fields.tsx
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,71 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/

import React from 'react';
import { SelectField } from '@kbn/es-ui-shared-plugin/static/forms/components';
import { UseField } from '@kbn/es-ui-shared-plugin/static/forms/hook_form_lib';
import { fieldValidators } from '@kbn/es-ui-shared-plugin/static/forms/helpers';
import type { ConnectorFieldsProps } from '../types';
import * as i18n from './translations';
import { TheHiveTLP } from './types';

const { emptyField } = fieldValidators;

const tlpOptions: Array<{ text: string; value: string }> = [
{
text: 'CLEAR',
value: TheHiveTLP.CLEAR,
},
{
text: 'GREEN',
value: TheHiveTLP.GREEN,
},
{
text: 'AMBER',
value: TheHiveTLP.AMBER,
},
{
text: 'AMBER+STRICT',
value: TheHiveTLP.AMBER_STRICT,
},
{
text: 'RED',
value: TheHiveTLP.RED,
},
];

const TheHiveFieldsComponent: React.FunctionComponent<ConnectorFieldsProps> = () => {
return (
<div data-test-subj={'connector-fields-Thehive'}>
<UseField
path="fields.tlp"
component={SelectField}
config={{
label: i18n.TLP_LABEL,
validations: [
{
validator: emptyField(i18n.TLP_REQUIRED),
},
],
}}
componentProps={{
euiFieldProps: {
'data-test-subj': 'tlp-field',
options: tlpOptions,
fullWidth: true,
hasNoInitialSelection: true,
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Given that the field is required should we have a default value on the dropdown?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, AMBER.

},
}}
/>
</div>
);
};

TheHiveFieldsComponent.displayName = 'ThehiveFields';

// eslint-disable-next-line import/no-default-export
export { TheHiveFieldsComponent as default };
34 changes: 34 additions & 0 deletions x-pack/plugins/cases/public/components/connectors/thehive/case_fields_preview.test.tsx
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,34 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/

import React from 'react';
import { screen } from '@testing-library/react';
import FieldsPreview from './case_fields_preview';
import type { AppMockRenderer } from '../../../common/mock';
import { theHiveConnector } from '../mock';
import { createAppMockRenderer } from '../../../common/mock';
import { createQueryWithMarkup } from '../../../common/test_utils';

describe('TheHive Fields: Preview', () => {
const fields = {
tlp: '1',
};

let appMockRenderer: AppMockRenderer;

beforeEach(() => {
appMockRenderer = createAppMockRenderer();
jest.clearAllMocks();
});

it('renders all fields correctly', () => {
appMockRenderer.render(<FieldsPreview connector={theHiveConnector} fields={fields} />);

const getByText = createQueryWithMarkup(screen.getByText);
expect(getByText('TLP: GREEN')).toBeInTheDocument();
});
});
65 changes: 65 additions & 0 deletions x-pack/plugins/cases/public/components/connectors/thehive/case_fields_preview.tsx
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,65 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/

import React, { useMemo } from 'react';

import type { TheHiveFieldsType } from '../../../../common/types/domain';
import { ConnectorTypes } from '../../../../common/types/domain';
import type { ConnectorFieldsPreviewProps } from '../types';
import { ConnectorCard } from '../card';
import * as i18n from './translations';

const mapTLP = (tlpValue: number | string): string => {
switch (tlpValue) {
case '0':
return 'CLEAR';
case '1':
return 'GREEN';
case '2':
return 'AMBER';
case '3':
return 'AMBER+STRICT';
case '4':
return 'RED';
default:
return 'AMBER';
}
};

const TheHiveFieldsPreviewComponent: React.FunctionComponent<
ConnectorFieldsPreviewProps<TheHiveFieldsType>
> = ({ fields, connector }) => {
const { tlp } = fields ?? {};

const listItems = useMemo(
() => [
...(tlp !== null
? [
{
title: i18n.TLP_LABEL,
description: mapTLP(tlp),
},
]
: []),
],
[tlp]
);

return (
<ConnectorCard
connectorType={ConnectorTypes.theHive}
isLoading={false}
listItems={listItems}
title={connector.name}
/>
);
};

TheHiveFieldsPreviewComponent.displayName = 'TheHiveFieldsPreview';

// eslint-disable-next-line import/no-default-export
export { TheHiveFieldsPreviewComponent as default };
20 changes: 20 additions & 0 deletions x-pack/plugins/cases/public/components/connectors/thehive/index.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/

import { lazy } from 'react';

import type { CaseConnector } from '../types';
import type { TheHiveFieldsType } from '../../../../common/types/domain';
import { ConnectorTypes } from '../../../../common/types/domain';

export * from './types';

export const getCaseConnector = (): CaseConnector<TheHiveFieldsType> => ({
id: ConnectorTypes.theHive,
fieldsComponent: lazy(() => import('./case_fields')),
previewComponent: lazy(() => import('./case_fields_preview')),
});
23 changes: 23 additions & 0 deletions x-pack/plugins/cases/public/components/connectors/thehive/translations.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/

import { i18n } from '@kbn/i18n';


export const TLP_LABEL = i18n.translate(
'xpack.cases.connectors.thehive.tlpLable',
{
defaultMessage: 'TLP',
}
);

export const TLP_REQUIRED = i18n.translate(
'xpack.cases.connectors.thehive.tlpLableRequired',
{
defaultMessage: 'TLP is required',
}
);
14 changes: 14 additions & 0 deletions x-pack/plugins/cases/public/components/connectors/thehive/types.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/

export enum TheHiveTLP {
Copy link
Member

@cnasikas cnasikas Sep 9, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think is better if we do

export enum TheHiveTLP {
  CLEAR = 0,
  GREEN = 1,
  AMBER = 2,
  "AMBER+STRICT" = 3, <--- I added the + symbol so the label can be used in the UI.
  RED = 4,
}

The reason is that by doing

Object.entries(TheHiveTLP).map(
  ([_, value], index) => ({
    text: value,
    value: index,
  })
);

we rely on the order of the enum (index) which may change or be different in the future. If we explicitly map the key to an integer we avoid this problem. The key can be used as the value to be shown in the UI and there is no need to rely on the order of the enum. What do you think?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, That make more sense. Let me change it.

CLEAR = "0",
GREEN = "1",
AMBER = "2",
AMBER_STRICT = "3",
RED = "4"
}
Loading