Skip to content

Commit

Permalink
[8.x] [Cloud Security] Filters for Contextual Flyout Datagrid (#201708)…
Browse files Browse the repository at this point in the history 
… (#202556)

# Backport

This will backport the following commits from `main` to `8.x`:
- [[Cloud Security] Filters for Contextual Flyout Datagrid
(#201708)](#201708)

<!--- Backport version: 9.4.3 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sqren/backport)

<!--BACKPORT [{"author":{"name":"Rickyanto
Ang","email":"[email protected]"},"sourceCommit":{"committedDate":"2024-12-02T17:26:03Z","message":"[Cloud
Security] Filters for Contextual Flyout Datagrid (#201708)\n\n##
Summary\r\n\r\n\r\n\r\nhttps://github.com/user-attachments/assets/59ace35f-62b8-4c08-bf2c-eed200db791d\r\n\r\nThis
PR is for adding Filters for Contextual Flytout
Datagrid","sha":"2f62cdebfcc585689cd266495a82c2049fcc19ad","branchLabelMapping":{"^v9.0.0$":"main","^v8.18.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","v9.0.0","Team:Cloud
Security","backport:prev-minor","v8.18.0"],"title":"[Cloud Security]
Filters for Contextual Flyout
Datagrid","number":201708,"url":"https://github.com/elastic/kibana/pull/201708","mergeCommit":{"message":"[Cloud
Security] Filters for Contextual Flyout Datagrid (#201708)\n\n##
Summary\r\n\r\n\r\n\r\nhttps://github.com/user-attachments/assets/59ace35f-62b8-4c08-bf2c-eed200db791d\r\n\r\nThis
PR is for adding Filters for Contextual Flytout
Datagrid","sha":"2f62cdebfcc585689cd266495a82c2049fcc19ad"}},"sourceBranch":"main","suggestedTargetBranches":["8.x"],"targetPullRequestStates":[{"branch":"main","label":"v9.0.0","branchLabelMappingKey":"^v9.0.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/201708","number":201708,"mergeCommit":{"message":"[Cloud
Security] Filters for Contextual Flyout Datagrid (#201708)\n\n##
Summary\r\n\r\n\r\n\r\nhttps://github.com/user-attachments/assets/59ace35f-62b8-4c08-bf2c-eed200db791d\r\n\r\nThis
PR is for adding Filters for Contextual Flytout
Datagrid","sha":"2f62cdebfcc585689cd266495a82c2049fcc19ad"}},{"branch":"8.x","label":"v8.18.0","branchLabelMappingKey":"^v8.18.0$","isSourceBranch":false,"state":"NOT_CREATED"}]}]
BACKPORT-->

Co-authored-by: Rickyanto Ang <[email protected]>
  • Loading branch information
@kibanamachine @animehart
kibanamachine and animehart authored Dec 2, 2024
1 parent 94ed133 commit 84bf389
Show file tree
Hide file tree
Showing 17 changed files with 480 additions and 78 deletions.
5 changes: 5 additions & 0 deletions x-pack/packages/kbn-cloud-security-posture/common/constants.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -47,3 +47,8 @@ export const VULNERABILITIES_SEVERITY: Record<VulnSeverity, VulnSeverity> = {
CRITICAL: 'CRITICAL',
UNKNOWN: 'UNKNOWN',
};

export const MISCONFIGURATION_STATUS: Record<string, string> = {
PASSED: 'passed',
FAILED: 'failed',
};
4 changes: 3 additions & 1 deletion x-pack/packages/kbn-cloud-security-posture/common/index.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,9 @@ export * from './constants';
export {
extractErrorMessage,
buildMutedRulesFilter,
buildEntityFlyoutPreviewQuery,
buildGenericEntityFlyoutPreviewQuery,
buildMisconfigurationEntityFlyoutPreviewQuery,
buildVulnerabilityEntityFlyoutPreviewQuery,
} from './utils/helpers';
export { getAbbreviatedNumber } from './utils/get_abbreviated_number';
export { UiMetricService } from './utils/ui_metrics';
186 changes: 171 additions & 15 deletions x-pack/packages/kbn-cloud-security-posture/common/utils/helpers.test.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,8 +9,10 @@ import {
extractErrorMessage,
defaultErrorMessage,
buildMutedRulesFilter,
buildEntityFlyoutPreviewQuery,
buildEntityAlertsQuery,
buildGenericEntityFlyoutPreviewQuery,
buildMisconfigurationEntityFlyoutPreviewQuery,
buildVulnerabilityEntityFlyoutPreviewQuery,
} from './helpers';

const fallbackMessage = 'thisIsAFallBackMessage';
Expand Down Expand Up @@ -145,7 +147,7 @@ describe('test helper methods', () => {
});
});

describe('buildEntityFlyoutPreviewQueryTest', () => {
describe('buildGenericEntityFlyoutPreviewQuery', () => {
it('should return the correct query when given field and query', () => {
const field = 'host.name';
const query = 'exampleHost';
Expand All @@ -162,10 +164,10 @@ describe('test helper methods', () => {
},
};

expect(buildEntityFlyoutPreviewQuery(field, query)).toEqual(expectedQuery);
expect(buildGenericEntityFlyoutPreviewQuery(field, query)).toEqual(expectedQuery);
});

it('should return the correct query when given field and empty query', () => {
it('should return the correct query when given field and empty query and empty status', () => {
const field = 'host.name';
const expectedQuery = {
bool: {
Expand All @@ -180,12 +182,143 @@ describe('test helper methods', () => {
},
};

expect(buildEntityFlyoutPreviewQuery(field)).toEqual(expectedQuery);
expect(buildGenericEntityFlyoutPreviewQuery(field)).toEqual(expectedQuery);
});

it('should return the correct query when given field and queryValue and status but empty queryField', () => {
const field = 'host.name';
const query = 'exampleHost';
const status = 'pass';
const expectedQuery = {
bool: {
filter: [
{
bool: {
should: [{ term: { 'host.name': 'exampleHost' } }],
minimum_should_match: 1,
},
},
],
},
};

expect(buildGenericEntityFlyoutPreviewQuery(field, query, status)).toEqual(expectedQuery);
});

it('should return the correct query when given field and queryValue and queryField but empty status', () => {
const field = 'host.name';
const query = 'exampleHost';
const emptyStatus = undefined;
const queryField = 'some.field';
const expectedQuery = {
bool: {
filter: [
{
bool: {
should: [{ term: { 'host.name': 'exampleHost' } }],
minimum_should_match: 1,
},
},
],
},
};

expect(buildGenericEntityFlyoutPreviewQuery(field, query, emptyStatus, queryField)).toEqual(
expectedQuery
);
});

it('should return the correct query when given all the parameters', () => {
const field = 'host.name';
const query = 'exampleHost';
const emptyStatus = 'some.status';
const queryField = 'some.field';
const expectedQuery = {
bool: {
filter: [
{
bool: {
should: [{ term: { 'host.name': 'exampleHost' } }],
minimum_should_match: 1,
},
},
{
bool: {
should: [{ term: { 'some.field': 'some.status' } }],
minimum_should_match: 1,
},
},
],
},
};

expect(buildGenericEntityFlyoutPreviewQuery(field, query, emptyStatus, queryField)).toEqual(
expectedQuery
);
});
});

describe('buildMisconfigurationEntityFlyoutPreviewQuery', () => {
it('should return the correct query when given field, queryValue, status and queryType Misconfiguration', () => {
const field = 'host.name';
const queryValue = 'exampleHost';
const status = 'pass';
const expectedQuery = {
bool: {
filter: [
{
bool: {
should: [{ term: { 'host.name': 'exampleHost' } }],
minimum_should_match: 1,
},
},
{
bool: {
should: [{ term: { 'result.evaluation': 'pass' } }],
minimum_should_match: 1,
},
},
],
},
};

expect(buildMisconfigurationEntityFlyoutPreviewQuery(field, queryValue, status)).toEqual(
expectedQuery
);
});
});
describe('buildVulnerabilityEntityFlyoutPreviewQuery', () => {
it('should return the correct query when given field, queryValue, status and queryType Vulnerability', () => {
const field = 'host.name';
const queryValue = 'exampleHost';
const status = 'low';
const expectedQuery = {
bool: {
filter: [
{
bool: {
should: [{ term: { 'host.name': 'exampleHost' } }],
minimum_should_match: 1,
},
},
{
bool: {
should: [{ term: { 'vulnerability.severity': 'low' } }],
minimum_should_match: 1,
},
},
],
},
};

expect(buildVulnerabilityEntityFlyoutPreviewQuery(field, queryValue, status)).toEqual(
expectedQuery
);
});
});

describe('buildEntityAlertsQuery', () => {
const getExpectedAlertsQuery = (size?: number) => {
const getExpectedAlertsQuery = (size?: number, severity?: string) => {
return {
size: size || 0,
_source: false,
Expand All @@ -202,20 +335,30 @@ describe('test helper methods', () => {
filter: [
{
bool: {
must: [],
filter: [
should: [
{
match_phrase: {
'host.name': {
query: 'exampleHost',
},
term: {
'host.name': 'exampleHost',
},
},
],
should: [],
must_not: [],
minimum_should_match: 1,
},
},
severity
? {
bool: {
should: [
{
term: {
'kibana.alert.severity': 'low',
},
},
],
minimum_should_match: 1,
},
}
: undefined,
{
range: {
'@timestamp': {
Expand All @@ -229,7 +372,7 @@ describe('test helper methods', () => {
'kibana.alert.workflow_status': ['open', 'acknowledged'],
},
},
],
].filter(Boolean),
},
},
};
Expand All @@ -256,5 +399,18 @@ describe('test helper methods', () => {

expect(buildEntityAlertsQuery(field, to, from, query)).toEqual(getExpectedAlertsQuery(size));
});

it('should return the correct query when given severity query', () => {
const field = 'host.name';
const query = 'exampleHost';
const to = 'Tomorrow';
const from = 'Today';
const size = undefined;
const severity = 'low';

expect(buildEntityAlertsQuery(field, to, from, query, size, severity)).toEqual(
getExpectedAlertsQuery(size, 'low')
);
});
});
});
74 changes: 62 additions & 12 deletions x-pack/packages/kbn-cloud-security-posture/common/utils/helpers.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -43,7 +43,12 @@ export const buildMutedRulesFilter = (
return mutedRulesFilterQuery;
};

export const buildEntityFlyoutPreviewQuery = (field: string, queryValue?: string) => {
export const buildGenericEntityFlyoutPreviewQuery = (
field: string,
queryValue?: string,
status?: string,
queryField?: string
) => {
return {
bool: {
filter: [
Expand All @@ -59,17 +64,52 @@ export const buildEntityFlyoutPreviewQuery = (field: string, queryValue?: string
minimum_should_match: 1,
},
},
],
status && queryField
? {
bool: {
should: [
{
term: {
[queryField]: status,
},
},
],
minimum_should_match: 1,
},
}
: undefined,
].filter(Boolean),
},
};
};

// Higher-order function for Misconfiguration
export const buildMisconfigurationEntityFlyoutPreviewQuery = (
field: string,
queryValue?: string,
status?: string
) => {
const queryField = 'result.evaluation';
return buildGenericEntityFlyoutPreviewQuery(field, queryValue, status, queryField);
};

// Higher-order function for Vulnerability
export const buildVulnerabilityEntityFlyoutPreviewQuery = (
field: string,
queryValue?: string,
status?: string
) => {
const queryField = 'vulnerability.severity';
return buildGenericEntityFlyoutPreviewQuery(field, queryValue, status, queryField);
};

export const buildEntityAlertsQuery = (
field: string,
to: string,
from: string,
queryValue?: string,
size?: number
size?: number,
severity?: string
) => {
return {
size: size || 0,
Expand All @@ -87,20 +127,30 @@ export const buildEntityAlertsQuery = (
filter: [
{
bool: {
must: [],
filter: [
should: [
{
match_phrase: {
[field]: {
query: queryValue,
},
term: {
[field]: `${queryValue || ''}`,
},
},
],
should: [],
must_not: [],
minimum_should_match: 1,
},
},
severity
? {
bool: {
should: [
{
term: {
'kibana.alert.severity': severity,
},
},
],
minimum_should_match: 1,
},
}
: undefined,
{
range: {
'@timestamp': {
Expand All @@ -114,7 +164,7 @@ export const buildEntityAlertsQuery = (
'kibana.alert.workflow_status': ['open', 'acknowledged'],
},
},
],
].filter(Boolean),
},
},
};
Expand Down
3 changes: 3 additions & 0 deletions x-pack/packages/kbn-cloud-security-posture/public/src/constants/component_constants.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,3 +11,6 @@ export const statusColors = {
failed: euiThemeVars.euiColorVis9,
unknown: euiThemeVars.euiColorLightShade,
};

export const HOST_NAME = 'host.name';
export const USER_NAME = 'user.name';
Loading

0 comments on commit 84bf389

Please sign in to comment.