diff --git a/x-pack/plugins/security_solution/common/search_strategy/security_solution/hosts/overview/index.ts b/x-pack/plugins/security_solution/common/search_strategy/security_solution/hosts/overview/index.ts index 569ed611bd35b..4416cbb023f10 100644 --- a/x-pack/plugins/security_solution/common/search_strategy/security_solution/hosts/overview/index.ts +++ b/x-pack/plugins/security_solution/common/search_strategy/security_solution/hosts/overview/index.ts @@ -10,7 +10,7 @@ import { RequestBasicOptions } from '../..'; export type HostOverviewRequestOptions = RequestBasicOptions; -export interface HostOverviewStrategyResponse extends IEsSearchResponse { +export interface HostsOverviewStrategyResponse extends IEsSearchResponse { inspect?: Maybe; overviewHost: { auditbeatAuditd?: Maybe; diff --git a/x-pack/plugins/security_solution/common/search_strategy/security_solution/index.ts b/x-pack/plugins/security_solution/common/search_strategy/security_solution/index.ts index af9faef89af46..39443e596273a 100644 --- a/x-pack/plugins/security_solution/common/search_strategy/security_solution/index.ts +++ b/x-pack/plugins/security_solution/common/search_strategy/security_solution/index.ts @@ -9,7 +9,7 @@ import { ESQuery } from '../../typed_json'; import { HostDetailsStrategyResponse, HostDetailsRequestOptions, - HostOverviewStrategyResponse, + HostsOverviewStrategyResponse, HostAuthenticationsRequestOptions, HostAuthenticationsStrategyResponse, HostOverviewRequestOptions, @@ -107,7 +107,7 @@ export type StrategyResponseType = T extends HostsQ : T extends HostsQueries.details ? HostDetailsStrategyResponse : T extends HostsQueries.overview - ? HostOverviewStrategyResponse + ? HostsOverviewStrategyResponse : T extends HostsQueries.authentications ? HostAuthenticationsStrategyResponse : T extends HostsQueries.firstLastSeen diff --git a/x-pack/plugins/security_solution/public/graphql/introspection.json b/x-pack/plugins/security_solution/public/graphql/introspection.json index 568a960f0804e..2f312c461ff8c 100644 --- a/x-pack/plugins/security_solution/public/graphql/introspection.json +++ b/x-pack/plugins/security_solution/public/graphql/introspection.json @@ -2088,104 +2088,6 @@ "isDeprecated": false, "deprecationReason": null }, - { - "name": "OverviewNetwork", - "description": "", - "args": [ - { - "name": "id", - "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null - }, - { - "name": "timerange", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "INPUT_OBJECT", "name": "TimerangeInput", "ofType": null } - }, - "defaultValue": null - }, - { - "name": "filterQuery", - "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null - }, - { - "name": "defaultIndex", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } - } - } - }, - "defaultValue": null - } - ], - "type": { "kind": "OBJECT", "name": "OverviewNetworkData", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "OverviewHost", - "description": "", - "args": [ - { - "name": "id", - "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null - }, - { - "name": "timerange", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "INPUT_OBJECT", "name": "TimerangeInput", "ofType": null } - }, - "defaultValue": null - }, - { - "name": "filterQuery", - "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null - }, - { - "name": "defaultIndex", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } - } - } - }, - "defaultValue": null - } - ], - "type": { "kind": "OBJECT", "name": "OverviewHostData", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, { "name": "whoAmI", "description": "Just a simple example to get the app name", @@ -8901,244 +8803,6 @@ "enumValues": null, "possibleTypes": null }, - { - "kind": "OBJECT", - "name": "OverviewNetworkData", - "description": "", - "fields": [ - { - "name": "auditbeatSocket", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "filebeatCisco", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "filebeatNetflow", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "filebeatPanw", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "filebeatSuricata", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "filebeatZeek", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "packetbeatDNS", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "packetbeatFlow", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "packetbeatTLS", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "inspect", - "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "Inspect", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "OverviewHostData", - "description": "", - "fields": [ - { - "name": "auditbeatAuditd", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "auditbeatFIM", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "auditbeatLogin", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "auditbeatPackage", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "auditbeatProcess", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "auditbeatUser", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "endgameDns", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "endgameFile", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "endgameImageLoad", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "endgameNetwork", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "endgameProcess", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "endgameRegistry", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "endgameSecurity", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "filebeatSystemModule", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "winlogbeatSecurity", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "winlogbeatMWSysmonOperational", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "inspect", - "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "Inspect", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, { "kind": "OBJECT", "name": "SayMyName", diff --git a/x-pack/plugins/security_solution/public/graphql/types.ts b/x-pack/plugins/security_solution/public/graphql/types.ts index 0bce952912c5c..bcb580a1a2988 100644 --- a/x-pack/plugins/security_solution/public/graphql/types.ts +++ b/x-pack/plugins/security_solution/public/graphql/types.ts @@ -556,10 +556,6 @@ export interface Source { NetworkDnsHistogram: NetworkDsOverTimeData; NetworkHttp: NetworkHttpData; - - OverviewNetwork?: Maybe; - - OverviewHost?: Maybe; /** Just a simple example to get the app name */ whoAmI?: Maybe; } @@ -1832,64 +1828,6 @@ export interface NetworkHttpItem { statuses: string[]; } -export interface OverviewNetworkData { - auditbeatSocket?: Maybe; - - filebeatCisco?: Maybe; - - filebeatNetflow?: Maybe; - - filebeatPanw?: Maybe; - - filebeatSuricata?: Maybe; - - filebeatZeek?: Maybe; - - packetbeatDNS?: Maybe; - - packetbeatFlow?: Maybe; - - packetbeatTLS?: Maybe; - - inspect?: Maybe; -} - -export interface OverviewHostData { - auditbeatAuditd?: Maybe; - - auditbeatFIM?: Maybe; - - auditbeatLogin?: Maybe; - - auditbeatPackage?: Maybe; - - auditbeatProcess?: Maybe; - - auditbeatUser?: Maybe; - - endgameDns?: Maybe; - - endgameFile?: Maybe; - - endgameImageLoad?: Maybe; - - endgameNetwork?: Maybe; - - endgameProcess?: Maybe; - - endgameRegistry?: Maybe; - - endgameSecurity?: Maybe; - - filebeatSystemModule?: Maybe; - - winlogbeatSecurity?: Maybe; - - winlogbeatMWSysmonOperational?: Maybe; - - inspect?: Maybe; -} - export interface SayMyName { /** The id of the source */ appName: string; @@ -2487,24 +2425,6 @@ export interface NetworkHttpSourceArgs { defaultIndex: string[]; } -export interface OverviewNetworkSourceArgs { - id?: Maybe; - - timerange: TimerangeInput; - - filterQuery?: Maybe; - - defaultIndex: string[]; -} -export interface OverviewHostSourceArgs { - id?: Maybe; - - timerange: TimerangeInput; - - filterQuery?: Maybe; - - defaultIndex: string[]; -} export interface IndicesExistSourceStatusArgs { defaultIndex: string[]; } @@ -3957,132 +3877,6 @@ export namespace GetUsersQuery { }; } -export namespace GetOverviewHostQuery { - export type Variables = { - sourceId: string; - timerange: TimerangeInput; - filterQuery?: Maybe; - defaultIndex: string[]; - inspect: boolean; - }; - - export type Query = { - __typename?: 'Query'; - - source: Source; - }; - - export type Source = { - __typename?: 'Source'; - - id: string; - - OverviewHost: Maybe; - }; - - export type OverviewHost = { - __typename?: 'OverviewHostData'; - - auditbeatAuditd: Maybe; - - auditbeatFIM: Maybe; - - auditbeatLogin: Maybe; - - auditbeatPackage: Maybe; - - auditbeatProcess: Maybe; - - auditbeatUser: Maybe; - - endgameDns: Maybe; - - endgameFile: Maybe; - - endgameImageLoad: Maybe; - - endgameNetwork: Maybe; - - endgameProcess: Maybe; - - endgameRegistry: Maybe; - - endgameSecurity: Maybe; - - filebeatSystemModule: Maybe; - - winlogbeatSecurity: Maybe; - - winlogbeatMWSysmonOperational: Maybe; - - inspect: Maybe; - }; - - export type Inspect = { - __typename?: 'Inspect'; - - dsl: string[]; - - response: string[]; - }; -} - -export namespace GetOverviewNetworkQuery { - export type Variables = { - sourceId: string; - timerange: TimerangeInput; - filterQuery?: Maybe; - defaultIndex: string[]; - inspect: boolean; - }; - - export type Query = { - __typename?: 'Query'; - - source: Source; - }; - - export type Source = { - __typename?: 'Source'; - - id: string; - - OverviewNetwork: Maybe; - }; - - export type OverviewNetwork = { - __typename?: 'OverviewNetworkData'; - - auditbeatSocket: Maybe; - - filebeatCisco: Maybe; - - filebeatNetflow: Maybe; - - filebeatPanw: Maybe; - - filebeatSuricata: Maybe; - - filebeatZeek: Maybe; - - packetbeatDNS: Maybe; - - packetbeatFlow: Maybe; - - packetbeatTLS: Maybe; - - inspect: Maybe; - }; - - export type Inspect = { - __typename?: 'Inspect'; - - dsl: string[]; - - response: string[]; - }; -} - export namespace GetAllTimeline { export type Variables = { pageInfo: PageInfoTimeline; diff --git a/x-pack/plugins/security_solution/public/overview/components/overview_host_stats/index.test.tsx b/x-pack/plugins/security_solution/public/overview/components/overview_host_stats/index.test.tsx index 75295d9e45c0c..3a12f0c038b8c 100644 --- a/x-pack/plugins/security_solution/public/overview/components/overview_host_stats/index.test.tsx +++ b/x-pack/plugins/security_solution/public/overview/components/overview_host_stats/index.test.tsx @@ -14,7 +14,7 @@ import { TestProviders } from '../../../common/mock/test_providers'; describe('Overview Host Stat Data', () => { describe('rendering', () => { test('it renders the default OverviewHostStats', () => { - const wrapper = shallow(); + const wrapper = shallow(); expect(wrapper).toMatchSnapshot(); }); }); @@ -22,7 +22,7 @@ describe('Overview Host Stat Data', () => { test('it does NOT show loading indicator when loading is false', () => { const wrapper = mount( - + ); @@ -42,7 +42,7 @@ describe('Overview Host Stat Data', () => { test('it shows loading indicator when loading is true', () => { const wrapper = mount( - + ); diff --git a/x-pack/plugins/security_solution/public/overview/components/overview_host_stats/index.tsx b/x-pack/plugins/security_solution/public/overview/components/overview_host_stats/index.tsx index 92250ed3c549b..ef595476d8a94 100644 --- a/x-pack/plugins/security_solution/public/overview/components/overview_host_stats/index.tsx +++ b/x-pack/plugins/security_solution/public/overview/components/overview_host_stats/index.tsx @@ -9,16 +9,18 @@ import { FormattedMessage } from '@kbn/i18n/react'; import React from 'react'; import styled from 'styled-components'; -import { OverviewHostData } from '../../../graphql/types'; +import { HostsOverviewStrategyResponse } from '../../../../common/search_strategy'; import { FormattedStat, StatGroup } from '../types'; import { StatValue } from '../stat_value'; interface OverviewHostProps { - data: OverviewHostData; + data: HostsOverviewStrategyResponse['overviewHost']; loading: boolean; } -export const getOverviewHostStats = (data: OverviewHostData): FormattedStat[] => [ +export const getOverviewHostStats = ( + data: HostsOverviewStrategyResponse['overviewHost'] +): FormattedStat[] => [ { count: data.auditbeatAuditd ?? 0, title: ( diff --git a/x-pack/plugins/security_solution/public/overview/components/overview_host_stats/mock.ts b/x-pack/plugins/security_solution/public/overview/components/overview_host_stats/mock.ts index 63b3a484c1eaa..986d02faac37a 100644 --- a/x-pack/plugins/security_solution/public/overview/components/overview_host_stats/mock.ts +++ b/x-pack/plugins/security_solution/public/overview/components/overview_host_stats/mock.ts @@ -4,25 +4,23 @@ * you may not use this file except in compliance with the Elastic License. */ -import { OverviewHostData } from '../../../graphql/types'; +import { HostsOverviewStrategyResponse } from '../../../../common/search_strategy'; -export const mockData: { OverviewHost: OverviewHostData } = { - OverviewHost: { - auditbeatAuditd: 73847, - auditbeatFIM: 107307, - auditbeatLogin: 60015, - auditbeatPackage: 2003, - auditbeatProcess: 1200, - auditbeatUser: 1979, - endgameDns: 39123, - endgameFile: 39456, - endgameImageLoad: 39789, - endgameNetwork: 39101112, - endgameProcess: 39131415, - endgameRegistry: 39161718, - endgameSecurity: 39202122, - filebeatSystemModule: 568, - winlogbeatSecurity: 195929, - winlogbeatMWSysmonOperational: 101070, - }, +export const mockData: HostsOverviewStrategyResponse['overviewHost'] = { + auditbeatAuditd: 73847, + auditbeatFIM: 107307, + auditbeatLogin: 60015, + auditbeatPackage: 2003, + auditbeatProcess: 1200, + auditbeatUser: 1979, + endgameDns: 39123, + endgameFile: 39456, + endgameImageLoad: 39789, + endgameNetwork: 39101112, + endgameProcess: 39131415, + endgameRegistry: 39161718, + endgameSecurity: 39202122, + filebeatSystemModule: 568, + winlogbeatSecurity: 195929, + winlogbeatMWSysmonOperational: 101070, }; diff --git a/x-pack/plugins/security_solution/public/overview/components/overview_network_stats/index.test.tsx b/x-pack/plugins/security_solution/public/overview/components/overview_network_stats/index.test.tsx index 0add7c1a02047..2f801ae1f3623 100644 --- a/x-pack/plugins/security_solution/public/overview/components/overview_network_stats/index.test.tsx +++ b/x-pack/plugins/security_solution/public/overview/components/overview_network_stats/index.test.tsx @@ -14,9 +14,7 @@ import { TestProviders } from '../../../common/mock/test_providers'; describe('Overview Network Stat Data', () => { describe('rendering', () => { test('it renders the default OverviewNetworkStats', () => { - const wrapper = shallow( - - ); + const wrapper = shallow(); expect(wrapper).toMatchSnapshot(); }); }); @@ -24,7 +22,7 @@ describe('Overview Network Stat Data', () => { test('it does NOT show loading indicator when loading is false', () => { const wrapper = mount( - + ); @@ -45,7 +43,7 @@ describe('Overview Network Stat Data', () => { test('it shows the loading indicator when loading is true', () => { const wrapper = mount( - + ); diff --git a/x-pack/plugins/security_solution/public/overview/components/overview_network_stats/index.tsx b/x-pack/plugins/security_solution/public/overview/components/overview_network_stats/index.tsx index d3e16af7115ac..c6ad56b7243d4 100644 --- a/x-pack/plugins/security_solution/public/overview/components/overview_network_stats/index.tsx +++ b/x-pack/plugins/security_solution/public/overview/components/overview_network_stats/index.tsx @@ -9,16 +9,18 @@ import { FormattedMessage } from '@kbn/i18n/react'; import React from 'react'; import styled from 'styled-components'; -import { OverviewNetworkData } from '../../../graphql/types'; +import { NetworkOverviewStrategyResponse } from '../../../../common/search_strategy'; import { FormattedStat, StatGroup } from '../types'; import { StatValue } from '../stat_value'; interface OverviewNetworkProps { - data: OverviewNetworkData; + data: NetworkOverviewStrategyResponse['overviewNetwork']; loading: boolean; } -export const getOverviewNetworkStats = (data: OverviewNetworkData): FormattedStat[] => [ +export const getOverviewNetworkStats = ( + data: NetworkOverviewStrategyResponse['overviewNetwork'] +): FormattedStat[] => [ { count: data.auditbeatSocket ?? 0, title: ( diff --git a/x-pack/plugins/security_solution/public/overview/components/overview_network_stats/mock.ts b/x-pack/plugins/security_solution/public/overview/components/overview_network_stats/mock.ts index f55d6a1577ccd..1eb337f1ea454 100644 --- a/x-pack/plugins/security_solution/public/overview/components/overview_network_stats/mock.ts +++ b/x-pack/plugins/security_solution/public/overview/components/overview_network_stats/mock.ts @@ -4,18 +4,16 @@ * you may not use this file except in compliance with the Elastic License. */ -import { OverviewNetworkData } from '../../../graphql/types'; +import { NetworkOverviewStrategyResponse } from '../../../../common/search_strategy'; -export const mockData: { OverviewNetwork: OverviewNetworkData } = { - OverviewNetwork: { - auditbeatSocket: 12, - filebeatCisco: 999, - filebeatNetflow: 7777, - filebeatPanw: 66, - filebeatSuricata: 60015, - filebeatZeek: 2003, - packetbeatDNS: 10277307, - packetbeatFlow: 16, - packetbeatTLS: 3400000, - }, +export const mockData: NetworkOverviewStrategyResponse['overviewNetwork'] = { + auditbeatSocket: 12, + filebeatCisco: 999, + filebeatNetflow: 7777, + filebeatPanw: 66, + filebeatSuricata: 60015, + filebeatZeek: 2003, + packetbeatDNS: 10277307, + packetbeatFlow: 16, + packetbeatTLS: 3400000, }; diff --git a/x-pack/plugins/security_solution/public/overview/containers/overview_host/index.gql_query.ts b/x-pack/plugins/security_solution/public/overview/containers/overview_host/index.gql_query.ts deleted file mode 100644 index 6f17bf6915aa4..0000000000000 --- a/x-pack/plugins/security_solution/public/overview/containers/overview_host/index.gql_query.ts +++ /dev/null @@ -1,43 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import gql from 'graphql-tag'; - -export const overviewHostQuery = gql` - query GetOverviewHostQuery( - $sourceId: ID! - $timerange: TimerangeInput! - $filterQuery: String - $defaultIndex: [String!]! - $inspect: Boolean! - ) { - source(id: $sourceId) { - id - OverviewHost(timerange: $timerange, filterQuery: $filterQuery, defaultIndex: $defaultIndex) { - auditbeatAuditd - auditbeatFIM - auditbeatLogin - auditbeatPackage - auditbeatProcess - auditbeatUser - endgameDns - endgameFile - endgameImageLoad - endgameNetwork - endgameProcess - endgameRegistry - endgameSecurity - filebeatSystemModule - winlogbeatSecurity - winlogbeatMWSysmonOperational - inspect @include(if: $inspect) { - dsl - response - } - } - } - } -`; diff --git a/x-pack/plugins/security_solution/public/overview/containers/overview_host/index.tsx b/x-pack/plugins/security_solution/public/overview/containers/overview_host/index.tsx index ac439107cb4a5..946cd33088a45 100644 --- a/x-pack/plugins/security_solution/public/overview/containers/overview_host/index.tsx +++ b/x-pack/plugins/security_solution/public/overview/containers/overview_host/index.tsx @@ -11,7 +11,7 @@ import deepEqual from 'fast-deep-equal'; import { HostsQueries, HostOverviewRequestOptions, - HostOverviewStrategyResponse, + HostsOverviewStrategyResponse, } from '../../../../common/search_strategy/security_solution'; import { useKibana } from '../../../common/lib/kibana'; import { inputsModel } from '../../../common/store/inputs'; @@ -32,7 +32,7 @@ export interface HostOverviewArgs { id: string; inspect: InspectResponse; isInspected: boolean; - overviewHost: HostOverviewStrategyResponse['overviewHost']; + overviewHost: HostsOverviewStrategyResponse['overviewHost']; refetch: inputsModel.Refetch; } @@ -85,7 +85,7 @@ export const useHostOverview = ({ setLoading(true); const searchSubscription$ = data.search - .search(request, { + .search(request, { strategy: 'securitySolutionSearchStrategy', abortSignal: abortCtrl.current.signal, }) diff --git a/x-pack/plugins/security_solution/public/overview/containers/overview_network/index.gql_query.ts b/x-pack/plugins/security_solution/public/overview/containers/overview_network/index.gql_query.ts deleted file mode 100644 index d40ab900b91a7..0000000000000 --- a/x-pack/plugins/security_solution/public/overview/containers/overview_network/index.gql_query.ts +++ /dev/null @@ -1,40 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import gql from 'graphql-tag'; - -export const overviewNetworkQuery = gql` - query GetOverviewNetworkQuery( - $sourceId: ID! - $timerange: TimerangeInput! - $filterQuery: String - $defaultIndex: [String!]! - $inspect: Boolean! - ) { - source(id: $sourceId) { - id - OverviewNetwork( - timerange: $timerange - filterQuery: $filterQuery - defaultIndex: $defaultIndex - ) { - auditbeatSocket - filebeatCisco - filebeatNetflow - filebeatPanw - filebeatSuricata - filebeatZeek - packetbeatDNS - packetbeatFlow - packetbeatTLS - inspect @include(if: $inspect) { - dsl - response - } - } - } - } -`; diff --git a/x-pack/plugins/security_solution/server/graphql/index.ts b/x-pack/plugins/security_solution/server/graphql/index.ts index e949150c47c6c..2de6ef32b5703 100644 --- a/x-pack/plugins/security_solution/server/graphql/index.ts +++ b/x-pack/plugins/security_solution/server/graphql/index.ts @@ -15,7 +15,6 @@ import { ipDetailsSchemas } from './ip_details'; import { kpiHostsSchema } from './kpi_hosts'; import { kpiNetworkSchema } from './kpi_network'; import { networkSchema } from './network'; -import { overviewSchema } from './overview'; import { dateSchema } from './scalar_date'; import { noteSchema } from './note'; import { pinnedEventSchema } from './pinned_event'; @@ -44,7 +43,6 @@ export const schemas = [ matrixHistogramSchema, networkSchema, noteSchema, - overviewSchema, pinnedEventSchema, rootSchema, sourcesSchema, diff --git a/x-pack/plugins/security_solution/server/graphql/overview/index.ts b/x-pack/plugins/security_solution/server/graphql/overview/index.ts deleted file mode 100644 index 58cf182ccd976..0000000000000 --- a/x-pack/plugins/security_solution/server/graphql/overview/index.ts +++ /dev/null @@ -1,8 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -export { createOverviewResolvers } from './resolvers'; -export { overviewSchema } from './schema.gql'; diff --git a/x-pack/plugins/security_solution/server/graphql/overview/resolvers.ts b/x-pack/plugins/security_solution/server/graphql/overview/resolvers.ts deleted file mode 100644 index a7bafabb64092..0000000000000 --- a/x-pack/plugins/security_solution/server/graphql/overview/resolvers.ts +++ /dev/null @@ -1,45 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import { SourceResolvers } from '../../graphql/types'; -import { AppResolverOf, ChildResolverOf } from '../../lib/framework'; -import { Overview } from '../../lib/overview'; -import { createOptions } from '../../utils/build_query/create_options'; -import { QuerySourceResolver } from '../sources/resolvers'; - -export type QueryOverviewNetworkResolver = ChildResolverOf< - AppResolverOf, - QuerySourceResolver ->; - -export type QueryOverviewHostResolver = ChildResolverOf< - AppResolverOf, - QuerySourceResolver ->; - -export interface OverviewResolversDeps { - overview: Overview; -} - -export const createOverviewResolvers = ( - libs: OverviewResolversDeps -): { - Source: { - OverviewHost: QueryOverviewHostResolver; - OverviewNetwork: QueryOverviewNetworkResolver; - }; -} => ({ - Source: { - async OverviewNetwork(source, args, { req }, info) { - const options = { ...createOptions(source, args, info) }; - return libs.overview.getOverviewNetwork(req, options); - }, - async OverviewHost(source, args, { req }, info) { - const options = { ...createOptions(source, args, info) }; - return libs.overview.getOverviewHost(req, options); - }, - }, -}); diff --git a/x-pack/plugins/security_solution/server/graphql/overview/schema.gql.ts b/x-pack/plugins/security_solution/server/graphql/overview/schema.gql.ts deleted file mode 100644 index 7ab4f9fdb18d6..0000000000000 --- a/x-pack/plugins/security_solution/server/graphql/overview/schema.gql.ts +++ /dev/null @@ -1,57 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import gql from 'graphql-tag'; - -export const overviewSchema = gql` - type OverviewNetworkData { - auditbeatSocket: Float - filebeatCisco: Float - filebeatNetflow: Float - filebeatPanw: Float - filebeatSuricata: Float - filebeatZeek: Float - packetbeatDNS: Float - packetbeatFlow: Float - packetbeatTLS: Float - inspect: Inspect - } - - type OverviewHostData { - auditbeatAuditd: Float - auditbeatFIM: Float - auditbeatLogin: Float - auditbeatPackage: Float - auditbeatProcess: Float - auditbeatUser: Float - endgameDns: Float - endgameFile: Float - endgameImageLoad: Float - endgameNetwork: Float - endgameProcess: Float - endgameRegistry: Float - endgameSecurity: Float - filebeatSystemModule: Float - winlogbeatSecurity: Float - winlogbeatMWSysmonOperational: Float - inspect: Inspect - } - - extend type Source { - OverviewNetwork( - id: String - timerange: TimerangeInput! - filterQuery: String - defaultIndex: [String!]! - ): OverviewNetworkData - OverviewHost( - id: String - timerange: TimerangeInput! - filterQuery: String - defaultIndex: [String!]! - ): OverviewHostData - } -`; diff --git a/x-pack/plugins/security_solution/server/graphql/types.ts b/x-pack/plugins/security_solution/server/graphql/types.ts index 4c85c08e137fa..d10dfb16a9b8a 100644 --- a/x-pack/plugins/security_solution/server/graphql/types.ts +++ b/x-pack/plugins/security_solution/server/graphql/types.ts @@ -558,10 +558,6 @@ export interface Source { NetworkDnsHistogram: NetworkDsOverTimeData; NetworkHttp: NetworkHttpData; - - OverviewNetwork?: Maybe; - - OverviewHost?: Maybe; /** Just a simple example to get the app name */ whoAmI?: Maybe; } @@ -1834,64 +1830,6 @@ export interface NetworkHttpItem { statuses: string[]; } -export interface OverviewNetworkData { - auditbeatSocket?: Maybe; - - filebeatCisco?: Maybe; - - filebeatNetflow?: Maybe; - - filebeatPanw?: Maybe; - - filebeatSuricata?: Maybe; - - filebeatZeek?: Maybe; - - packetbeatDNS?: Maybe; - - packetbeatFlow?: Maybe; - - packetbeatTLS?: Maybe; - - inspect?: Maybe; -} - -export interface OverviewHostData { - auditbeatAuditd?: Maybe; - - auditbeatFIM?: Maybe; - - auditbeatLogin?: Maybe; - - auditbeatPackage?: Maybe; - - auditbeatProcess?: Maybe; - - auditbeatUser?: Maybe; - - endgameDns?: Maybe; - - endgameFile?: Maybe; - - endgameImageLoad?: Maybe; - - endgameNetwork?: Maybe; - - endgameProcess?: Maybe; - - endgameRegistry?: Maybe; - - endgameSecurity?: Maybe; - - filebeatSystemModule?: Maybe; - - winlogbeatSecurity?: Maybe; - - winlogbeatMWSysmonOperational?: Maybe; - - inspect?: Maybe; -} - export interface SayMyName { /** The id of the source */ appName: string; @@ -2489,24 +2427,6 @@ export interface NetworkHttpSourceArgs { defaultIndex: string[]; } -export interface OverviewNetworkSourceArgs { - id?: Maybe; - - timerange: TimerangeInput; - - filterQuery?: Maybe; - - defaultIndex: string[]; -} -export interface OverviewHostSourceArgs { - id?: Maybe; - - timerange: TimerangeInput; - - filterQuery?: Maybe; - - defaultIndex: string[]; -} export interface IndicesExistSourceStatusArgs { defaultIndex: string[]; } @@ -2943,10 +2863,6 @@ export namespace SourceResolvers { NetworkDnsHistogram?: NetworkDnsHistogramResolver; NetworkHttp?: NetworkHttpResolver; - - OverviewNetwork?: OverviewNetworkResolver, TypeParent, TContext>; - - OverviewHost?: OverviewHostResolver, TypeParent, TContext>; /** Just a simple example to get the app name */ whoAmI?: WhoAmIResolver, TypeParent, TContext>; } @@ -3298,36 +3214,6 @@ export namespace SourceResolvers { defaultIndex: string[]; } - export type OverviewNetworkResolver< - R = Maybe, - Parent = Source, - TContext = SiemContext - > = Resolver; - export interface OverviewNetworkArgs { - id?: Maybe; - - timerange: TimerangeInput; - - filterQuery?: Maybe; - - defaultIndex: string[]; - } - - export type OverviewHostResolver< - R = Maybe, - Parent = Source, - TContext = SiemContext - > = Resolver; - export interface OverviewHostArgs { - id?: Maybe; - - timerange: TimerangeInput; - - filterQuery?: Maybe; - - defaultIndex: string[]; - } - export type WhoAmIResolver< R = Maybe, Parent = Source, @@ -7598,209 +7484,6 @@ export namespace NetworkHttpItemResolvers { > = Resolver; } -export namespace OverviewNetworkDataResolvers { - export interface Resolvers { - auditbeatSocket?: AuditbeatSocketResolver, TypeParent, TContext>; - - filebeatCisco?: FilebeatCiscoResolver, TypeParent, TContext>; - - filebeatNetflow?: FilebeatNetflowResolver, TypeParent, TContext>; - - filebeatPanw?: FilebeatPanwResolver, TypeParent, TContext>; - - filebeatSuricata?: FilebeatSuricataResolver, TypeParent, TContext>; - - filebeatZeek?: FilebeatZeekResolver, TypeParent, TContext>; - - packetbeatDNS?: PacketbeatDnsResolver, TypeParent, TContext>; - - packetbeatFlow?: PacketbeatFlowResolver, TypeParent, TContext>; - - packetbeatTLS?: PacketbeatTlsResolver, TypeParent, TContext>; - - inspect?: InspectResolver, TypeParent, TContext>; - } - - export type AuditbeatSocketResolver< - R = Maybe, - Parent = OverviewNetworkData, - TContext = SiemContext - > = Resolver; - export type FilebeatCiscoResolver< - R = Maybe, - Parent = OverviewNetworkData, - TContext = SiemContext - > = Resolver; - export type FilebeatNetflowResolver< - R = Maybe, - Parent = OverviewNetworkData, - TContext = SiemContext - > = Resolver; - export type FilebeatPanwResolver< - R = Maybe, - Parent = OverviewNetworkData, - TContext = SiemContext - > = Resolver; - export type FilebeatSuricataResolver< - R = Maybe, - Parent = OverviewNetworkData, - TContext = SiemContext - > = Resolver; - export type FilebeatZeekResolver< - R = Maybe, - Parent = OverviewNetworkData, - TContext = SiemContext - > = Resolver; - export type PacketbeatDnsResolver< - R = Maybe, - Parent = OverviewNetworkData, - TContext = SiemContext - > = Resolver; - export type PacketbeatFlowResolver< - R = Maybe, - Parent = OverviewNetworkData, - TContext = SiemContext - > = Resolver; - export type PacketbeatTlsResolver< - R = Maybe, - Parent = OverviewNetworkData, - TContext = SiemContext - > = Resolver; - export type InspectResolver< - R = Maybe, - Parent = OverviewNetworkData, - TContext = SiemContext - > = Resolver; -} - -export namespace OverviewHostDataResolvers { - export interface Resolvers { - auditbeatAuditd?: AuditbeatAuditdResolver, TypeParent, TContext>; - - auditbeatFIM?: AuditbeatFimResolver, TypeParent, TContext>; - - auditbeatLogin?: AuditbeatLoginResolver, TypeParent, TContext>; - - auditbeatPackage?: AuditbeatPackageResolver, TypeParent, TContext>; - - auditbeatProcess?: AuditbeatProcessResolver, TypeParent, TContext>; - - auditbeatUser?: AuditbeatUserResolver, TypeParent, TContext>; - - endgameDns?: EndgameDnsResolver, TypeParent, TContext>; - - endgameFile?: EndgameFileResolver, TypeParent, TContext>; - - endgameImageLoad?: EndgameImageLoadResolver, TypeParent, TContext>; - - endgameNetwork?: EndgameNetworkResolver, TypeParent, TContext>; - - endgameProcess?: EndgameProcessResolver, TypeParent, TContext>; - - endgameRegistry?: EndgameRegistryResolver, TypeParent, TContext>; - - endgameSecurity?: EndgameSecurityResolver, TypeParent, TContext>; - - filebeatSystemModule?: FilebeatSystemModuleResolver, TypeParent, TContext>; - - winlogbeatSecurity?: WinlogbeatSecurityResolver, TypeParent, TContext>; - - winlogbeatMWSysmonOperational?: WinlogbeatMwSysmonOperationalResolver< - Maybe, - TypeParent, - TContext - >; - - inspect?: InspectResolver, TypeParent, TContext>; - } - - export type AuditbeatAuditdResolver< - R = Maybe, - Parent = OverviewHostData, - TContext = SiemContext - > = Resolver; - export type AuditbeatFimResolver< - R = Maybe, - Parent = OverviewHostData, - TContext = SiemContext - > = Resolver; - export type AuditbeatLoginResolver< - R = Maybe, - Parent = OverviewHostData, - TContext = SiemContext - > = Resolver; - export type AuditbeatPackageResolver< - R = Maybe, - Parent = OverviewHostData, - TContext = SiemContext - > = Resolver; - export type AuditbeatProcessResolver< - R = Maybe, - Parent = OverviewHostData, - TContext = SiemContext - > = Resolver; - export type AuditbeatUserResolver< - R = Maybe, - Parent = OverviewHostData, - TContext = SiemContext - > = Resolver; - export type EndgameDnsResolver< - R = Maybe, - Parent = OverviewHostData, - TContext = SiemContext - > = Resolver; - export type EndgameFileResolver< - R = Maybe, - Parent = OverviewHostData, - TContext = SiemContext - > = Resolver; - export type EndgameImageLoadResolver< - R = Maybe, - Parent = OverviewHostData, - TContext = SiemContext - > = Resolver; - export type EndgameNetworkResolver< - R = Maybe, - Parent = OverviewHostData, - TContext = SiemContext - > = Resolver; - export type EndgameProcessResolver< - R = Maybe, - Parent = OverviewHostData, - TContext = SiemContext - > = Resolver; - export type EndgameRegistryResolver< - R = Maybe, - Parent = OverviewHostData, - TContext = SiemContext - > = Resolver; - export type EndgameSecurityResolver< - R = Maybe, - Parent = OverviewHostData, - TContext = SiemContext - > = Resolver; - export type FilebeatSystemModuleResolver< - R = Maybe, - Parent = OverviewHostData, - TContext = SiemContext - > = Resolver; - export type WinlogbeatSecurityResolver< - R = Maybe, - Parent = OverviewHostData, - TContext = SiemContext - > = Resolver; - export type WinlogbeatMwSysmonOperationalResolver< - R = Maybe, - Parent = OverviewHostData, - TContext = SiemContext - > = Resolver; - export type InspectResolver< - R = Maybe, - Parent = OverviewHostData, - TContext = SiemContext - > = Resolver; -} - export namespace SayMyNameResolvers { export interface Resolvers { /** The id of the source */ @@ -9168,8 +8851,6 @@ export type IResolvers = { NetworkHttpData?: NetworkHttpDataResolvers.Resolvers; NetworkHttpEdges?: NetworkHttpEdgesResolvers.Resolvers; NetworkHttpItem?: NetworkHttpItemResolvers.Resolvers; - OverviewNetworkData?: OverviewNetworkDataResolvers.Resolvers; - OverviewHostData?: OverviewHostDataResolvers.Resolvers; SayMyName?: SayMyNameResolvers.Resolvers; TimelineResult?: TimelineResultResolvers.Resolvers; ColumnHeaderResult?: ColumnHeaderResultResolvers.Resolvers; diff --git a/x-pack/plugins/security_solution/server/init_server.ts b/x-pack/plugins/security_solution/server/init_server.ts index 7cb2127a3d9d7..ac0273ec1770d 100644 --- a/x-pack/plugins/security_solution/server/init_server.ts +++ b/x-pack/plugins/security_solution/server/init_server.ts @@ -16,7 +16,6 @@ import { createKpiNetworkResolvers } from './graphql/kpi_network'; import { createNetworkResolvers } from './graphql/network'; import { createNoteResolvers } from './graphql/note'; import { createPinnedEventResolvers } from './graphql/pinned_event'; -import { createOverviewResolvers } from './graphql/overview'; import { createScalarDateResolvers } from './graphql/scalar_date'; import { createScalarToAnyValueResolvers } from './graphql/scalar_to_any'; import { createScalarToBooleanArrayValueResolvers } from './graphql/scalar_to_boolean_array'; @@ -43,7 +42,6 @@ export const initServer = (libs: AppBackendLibs) => { createPinnedEventResolvers(libs) as IResolvers, createSourcesResolvers(libs) as IResolvers, createScalarToStringArrayValueResolvers() as IResolvers, - createOverviewResolvers(libs) as IResolvers, createNetworkResolvers(libs) as IResolvers, createScalarDateResolvers() as IResolvers, createScalarToDateArrayValueResolvers() as IResolvers, diff --git a/x-pack/plugins/security_solution/server/lib/compose/kibana.ts b/x-pack/plugins/security_solution/server/lib/compose/kibana.ts index cfd7bfbf255f6..3bfb3d9492353 100644 --- a/x-pack/plugins/security_solution/server/lib/compose/kibana.ts +++ b/x-pack/plugins/security_solution/server/lib/compose/kibana.ts @@ -21,8 +21,6 @@ import { ElasticsearchIpDetailsAdapter, IpDetails } from '../ip_details'; import { KpiNetwork } from '../kpi_network'; import { ElasticsearchKpiNetworkAdapter } from '../kpi_network/elasticsearch_adapter'; import { ElasticsearchNetworkAdapter, Network } from '../network'; -import { Overview } from '../overview'; -import { ElasticsearchOverviewAdapter } from '../overview/elasticsearch_adapter'; import { ElasticsearchSourceStatusAdapter, SourceStatus } from '../source_status'; import { ConfigurationSourcesAdapter, Sources } from '../sources'; import { AppBackendLibs, AppDomainLibs } from '../types'; @@ -52,7 +50,6 @@ export function compose( kpiNetwork: new KpiNetwork(new ElasticsearchKpiNetworkAdapter(framework)), matrixHistogram: new MatrixHistogram(new ElasticsearchMatrixHistogramAdapter(framework)), network: new Network(new ElasticsearchNetworkAdapter(framework)), - overview: new Overview(new ElasticsearchOverviewAdapter(framework)), }; const libs: AppBackendLibs = { diff --git a/x-pack/plugins/security_solution/server/lib/overview/elastic_adapter.test.ts b/x-pack/plugins/security_solution/server/lib/overview/elastic_adapter.test.ts deleted file mode 100644 index f421704dffe12..0000000000000 --- a/x-pack/plugins/security_solution/server/lib/overview/elastic_adapter.test.ts +++ /dev/null @@ -1,187 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import { cloneDeep } from 'lodash/fp'; - -import { OverviewHostData, OverviewNetworkData } from '../../graphql/types'; -import { FrameworkAdapter, FrameworkRequest } from '../framework'; - -import { ElasticsearchOverviewAdapter } from './elasticsearch_adapter'; -import { - mockOptionsHost, - mockOptionsNetwork, - mockRequestHost, - mockRequestNetwork, - mockResponseHost, - mockResponseNetwork, - mockResultHost, - mockResultNetwork, - mockBuildOverviewHostQuery, - mockBuildOverviewNetworkQuery, -} from './mock'; - -jest.mock('./query.dsl', () => { - return { - buildOverviewHostQuery: jest.fn(() => mockBuildOverviewHostQuery), - buildOverviewNetworkQuery: jest.fn(() => mockBuildOverviewNetworkQuery), - }; -}); - -describe('Siem Overview elasticsearch_adapter', () => { - describe('Network Stats', () => { - describe('Happy Path - get Data', () => { - const mockCallWithRequest = jest.fn(); - mockCallWithRequest.mockResolvedValue(mockResponseNetwork); - const mockFramework: FrameworkAdapter = { - callWithRequest: mockCallWithRequest, - registerGraphQLEndpoint: jest.fn(), - getIndexPatternsService: jest.fn(), - }; - jest.doMock('../framework', () => ({ - callWithRequest: mockCallWithRequest, - })); - - test('getOverviewNetwork', async () => { - const EsOverviewNetwork = new ElasticsearchOverviewAdapter(mockFramework); - const data: OverviewNetworkData = await EsOverviewNetwork.getOverviewNetwork( - mockRequestNetwork as FrameworkRequest, - mockOptionsNetwork - ); - expect(data).toEqual(mockResultNetwork); - }); - }); - - describe('Unhappy Path - No data', () => { - const mockNoDataResponse = cloneDeep(mockResponseNetwork); - mockNoDataResponse.aggregations.unique_flow_count.doc_count = 0; - mockNoDataResponse.aggregations.unique_dns_count.doc_count = 0; - mockNoDataResponse.aggregations.unique_suricata_count.doc_count = 0; - mockNoDataResponse.aggregations.unique_zeek_count.doc_count = 0; - mockNoDataResponse.aggregations.unique_socket_count.doc_count = 0; - mockNoDataResponse.aggregations.unique_zeek_count.doc_count = 0; - mockNoDataResponse.aggregations.unique_packetbeat_count.unique_tls_count.doc_count = 0; - mockNoDataResponse.aggregations.unique_filebeat_count.unique_cisco_count.doc_count = 0; - mockNoDataResponse.aggregations.unique_filebeat_count.unique_netflow_count.doc_count = 0; - mockNoDataResponse.aggregations.unique_filebeat_count.unique_panw_count.doc_count = 0; - const mockCallWithRequest = jest.fn(); - mockCallWithRequest.mockResolvedValue(mockNoDataResponse); - const mockFramework: FrameworkAdapter = { - callWithRequest: mockCallWithRequest, - registerGraphQLEndpoint: jest.fn(), - getIndexPatternsService: jest.fn(), - }; - jest.doMock('../framework', () => ({ - callWithRequest: mockCallWithRequest, - })); - - test('getOverviewNetwork', async () => { - const EsOverviewNetwork = new ElasticsearchOverviewAdapter(mockFramework); - const data: OverviewNetworkData = await EsOverviewNetwork.getOverviewNetwork( - mockRequestNetwork as FrameworkRequest, - mockOptionsNetwork - ); - expect(data).toEqual({ - inspect: { - dsl: [JSON.stringify(mockBuildOverviewNetworkQuery, null, 2)], - response: [JSON.stringify(mockNoDataResponse, null, 2)], - }, - auditbeatSocket: 0, - filebeatCisco: 0, - filebeatNetflow: 0, - filebeatPanw: 0, - filebeatSuricata: 0, - filebeatZeek: 0, - packetbeatDNS: 0, - packetbeatFlow: 0, - packetbeatTLS: 0, - }); - }); - }); - }); - describe('Host Stats', () => { - describe('Happy Path - get Data', () => { - const mockCallWithRequest = jest.fn(); - mockCallWithRequest.mockResolvedValue(mockResponseHost); - const mockFramework: FrameworkAdapter = { - callWithRequest: mockCallWithRequest, - registerGraphQLEndpoint: jest.fn(), - getIndexPatternsService: jest.fn(), - }; - jest.doMock('../framework', () => ({ - callWithRequest: mockCallWithRequest, - })); - - test('getOverviewHost', async () => { - const EsOverviewHost = new ElasticsearchOverviewAdapter(mockFramework); - const data: OverviewHostData = await EsOverviewHost.getOverviewHost( - mockRequestHost as FrameworkRequest, - mockOptionsHost - ); - expect(data).toEqual(mockResultHost); - }); - }); - - describe('Unhappy Path - No data', () => { - const mockNoDataResponse = cloneDeep(mockResponseHost); - mockNoDataResponse.aggregations.auditd_count.doc_count = 0; - mockNoDataResponse.aggregations.endgame_module.dns_event_count.doc_count = 0; - mockNoDataResponse.aggregations.endgame_module.file_event_count.doc_count = 0; - mockNoDataResponse.aggregations.endgame_module.image_load_event_count.doc_count = 0; - mockNoDataResponse.aggregations.endgame_module.network_event_count.doc_count = 0; - mockNoDataResponse.aggregations.endgame_module.process_event_count.doc_count = 0; - mockNoDataResponse.aggregations.endgame_module.registry_event.doc_count = 0; - mockNoDataResponse.aggregations.endgame_module.security_event_count.doc_count = 0; - mockNoDataResponse.aggregations.fim_count.doc_count = 0; - mockNoDataResponse.aggregations.system_module.login_count.doc_count = 0; - mockNoDataResponse.aggregations.system_module.package_count.doc_count = 0; - mockNoDataResponse.aggregations.system_module.process_count.doc_count = 0; - mockNoDataResponse.aggregations.system_module.user_count.doc_count = 0; - mockNoDataResponse.aggregations.system_module.filebeat_count.doc_count = 0; - mockNoDataResponse.aggregations.winlog_module.security_event_count.doc_count = 0; - mockNoDataResponse.aggregations.winlog_module.mwsysmon_operational_event_count.doc_count = 0; - const mockCallWithRequest = jest.fn(); - mockCallWithRequest.mockResolvedValue(mockNoDataResponse); - const mockFramework: FrameworkAdapter = { - callWithRequest: mockCallWithRequest, - registerGraphQLEndpoint: jest.fn(), - getIndexPatternsService: jest.fn(), - }; - jest.doMock('../framework', () => ({ - callWithRequest: mockCallWithRequest, - })); - - test('getOverviewHost', async () => { - const EsOverviewHost = new ElasticsearchOverviewAdapter(mockFramework); - const data: OverviewHostData = await EsOverviewHost.getOverviewHost( - mockRequestHost as FrameworkRequest, - mockOptionsHost - ); - expect(data).toEqual({ - inspect: { - dsl: [JSON.stringify(mockBuildOverviewHostQuery, null, 2)], - response: [JSON.stringify(mockNoDataResponse, null, 2)], - }, - auditbeatAuditd: 0, - auditbeatFIM: 0, - auditbeatLogin: 0, - auditbeatPackage: 0, - auditbeatProcess: 0, - auditbeatUser: 0, - endgameDns: 0, - endgameFile: 0, - endgameImageLoad: 0, - endgameNetwork: 0, - endgameProcess: 0, - endgameRegistry: 0, - endgameSecurity: 0, - filebeatSystemModule: 0, - winlogbeatSecurity: 0, - winlogbeatMWSysmonOperational: 0, - }); - }); - }); - }); -}); diff --git a/x-pack/plugins/security_solution/server/lib/overview/elasticsearch_adapter.ts b/x-pack/plugins/security_solution/server/lib/overview/elasticsearch_adapter.ts deleted file mode 100644 index 982b47110c513..0000000000000 --- a/x-pack/plugins/security_solution/server/lib/overview/elasticsearch_adapter.ts +++ /dev/null @@ -1,132 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import { getOr } from 'lodash/fp'; - -import { OverviewHostData, OverviewNetworkData } from '../../graphql/types'; -import { inspectStringifyObject } from '../../utils/build_query'; -import { FrameworkAdapter, FrameworkRequest, RequestBasicOptions } from '../framework'; -import { TermAggregation } from '../types'; - -import { buildOverviewHostQuery, buildOverviewNetworkQuery } from './query.dsl'; -import { OverviewAdapter, OverviewHostHit, OverviewNetworkHit } from './types'; - -export class ElasticsearchOverviewAdapter implements OverviewAdapter { - constructor(private readonly framework: FrameworkAdapter) {} - - public async getOverviewNetwork( - request: FrameworkRequest, - options: RequestBasicOptions - ): Promise { - const dsl = buildOverviewNetworkQuery(options); - const response = await this.framework.callWithRequest( - request, - 'search', - dsl - ); - const inspect = { - dsl: [inspectStringifyObject(dsl)], - response: [inspectStringifyObject(response)], - }; - - return { - inspect, - auditbeatSocket: getOr(null, 'aggregations.unique_socket_count.doc_count', response), - filebeatCisco: getOr( - null, - 'aggregations.unique_filebeat_count.unique_cisco_count.doc_count', - response - ), - filebeatNetflow: getOr( - null, - 'aggregations.unique_filebeat_count.unique_netflow_count.doc_count', - response - ), - filebeatPanw: getOr( - null, - 'aggregations.unique_filebeat_count.unique_panw_count.doc_count', - response - ), - filebeatSuricata: getOr(null, 'aggregations.unique_suricata_count.doc_count', response), - filebeatZeek: getOr(null, 'aggregations.unique_zeek_count.doc_count', response), - packetbeatDNS: getOr(null, 'aggregations.unique_dns_count.doc_count', response), - packetbeatFlow: getOr(null, 'aggregations.unique_flow_count.doc_count', response), - packetbeatTLS: getOr( - null, - 'aggregations.unique_packetbeat_count.unique_tls_count.doc_count', - response - ), - }; - } - - public async getOverviewHost( - request: FrameworkRequest, - options: RequestBasicOptions - ): Promise { - const dsl = buildOverviewHostQuery(options); - const response = await this.framework.callWithRequest( - request, - 'search', - dsl - ); - const inspect = { - dsl: [inspectStringifyObject(dsl)], - response: [inspectStringifyObject(response)], - }; - - return { - inspect, - auditbeatAuditd: getOr(null, 'aggregations.auditd_count.doc_count', response), - auditbeatFIM: getOr(null, 'aggregations.fim_count.doc_count', response), - auditbeatLogin: getOr(null, 'aggregations.system_module.login_count.doc_count', response), - auditbeatPackage: getOr(null, 'aggregations.system_module.package_count.doc_count', response), - auditbeatProcess: getOr(null, 'aggregations.system_module.process_count.doc_count', response), - auditbeatUser: getOr(null, 'aggregations.system_module.user_count.doc_count', response), - endgameDns: getOr(null, 'aggregations.endgame_module.dns_event_count.doc_count', response), - endgameFile: getOr(null, 'aggregations.endgame_module.file_event_count.doc_count', response), - endgameImageLoad: getOr( - null, - 'aggregations.endgame_module.image_load_event_count.doc_count', - response - ), - endgameNetwork: getOr( - null, - 'aggregations.endgame_module.network_event_count.doc_count', - response - ), - endgameProcess: getOr( - null, - 'aggregations.endgame_module.process_event_count.doc_count', - response - ), - endgameRegistry: getOr( - null, - 'aggregations.endgame_module.registry_event.doc_count', - response - ), - endgameSecurity: getOr( - null, - 'aggregations.endgame_module.security_event_count.doc_count', - response - ), - filebeatSystemModule: getOr( - null, - 'aggregations.system_module.filebeat_count.doc_count', - response - ), - winlogbeatSecurity: getOr( - null, - 'aggregations.winlog_module.security_event_count.doc_count', - response - ), - winlogbeatMWSysmonOperational: getOr( - null, - 'aggregations.winlog_module.mwsysmon_operational_event_count.doc_count', - response - ), - }; - } -} diff --git a/x-pack/plugins/security_solution/server/lib/overview/index.ts b/x-pack/plugins/security_solution/server/lib/overview/index.ts deleted file mode 100644 index ae9f81eb261a7..0000000000000 --- a/x-pack/plugins/security_solution/server/lib/overview/index.ts +++ /dev/null @@ -1,28 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import { OverviewHostData, OverviewNetworkData } from '../../graphql/types'; -import { FrameworkRequest, RequestBasicOptions } from '../framework'; - -import { OverviewAdapter } from './types'; - -export class Overview { - constructor(private readonly adapter: OverviewAdapter) {} - - public async getOverviewNetwork( - req: FrameworkRequest, - options: RequestBasicOptions - ): Promise { - return this.adapter.getOverviewNetwork(req, options); - } - - public async getOverviewHost( - req: FrameworkRequest, - options: RequestBasicOptions - ): Promise { - return this.adapter.getOverviewHost(req, options); - } -} diff --git a/x-pack/plugins/security_solution/server/lib/overview/mock.ts b/x-pack/plugins/security_solution/server/lib/overview/mock.ts deleted file mode 100644 index 2621c795ecd6b..0000000000000 --- a/x-pack/plugins/security_solution/server/lib/overview/mock.ts +++ /dev/null @@ -1,176 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import { DEFAULT_INDEX_PATTERN } from '../../../common/constants'; -import { RequestBasicOptions } from '../framework/types'; - -export const mockOptionsNetwork: RequestBasicOptions = { - defaultIndex: DEFAULT_INDEX_PATTERN, - sourceConfiguration: { - fields: { - container: 'docker.container.name', - host: 'beat.hostname', - message: ['message', '@message'], - pod: 'kubernetes.pod.name', - tiebreaker: '_doc', - timestamp: '@timestamp', - }, - }, - timerange: { interval: '12h', to: '2019-02-11T02:26:46.071Z', from: '2019-02-10T02:26:46.071Z' }, - filterQuery: {}, -}; - -export const mockRequestNetwork = { - body: { - operationName: 'GetOverviewNetworkQuery', - variables: { - sourceId: 'default', - timerange: { - interval: '12h', - from: '2019-02-10T02:30:30.772Z', - to: '2019-02-11T02:30:30.772Z', - }, - filterQuery: '', - }, - query: - 'query GetOverviewNetworkQuery(\n $sourceId: ID!\n $timerange: TimerangeInput!\n $filterQuery: String\n ) {\n source(id: $sourceId) {\n id\n OverviewNetwork(timerange: $timerange, filterQuery: $filterQuery) {\n packetbeatFlow\n packetbeatDNS\n filebeatSuricata\n filebeatZeek\n auditbeatSocket\n }\n }\n }', - }, -}; - -export const mockResponseNetwork = { - took: 89, - timed_out: false, - _shards: { total: 18, successful: 18, skipped: 0, failed: 0 }, - hits: { total: { value: 950867, relation: 'eq' }, max_score: null, hits: [] }, - aggregations: { - unique_flow_count: { doc_count: 50243 }, - unique_dns_count: { doc_count: 15000 }, - unique_suricata_count: { doc_count: 2375 }, - unique_zeek_count: { doc_count: 456 }, - unique_socket_count: { doc_count: 13 }, - unique_filebeat_count: { - doc_count: 456756, - unique_cisco_count: { doc_count: 14 }, - unique_netflow_count: { doc_count: 992 }, - unique_panw_count: { doc_count: 225 }, - }, - unique_packetbeat_count: { doc_count: 7897896, unique_tls_count: { doc_count: 2009 } }, - }, -}; - -export const mockBuildOverviewHostQuery = { buildOverviewHostQuery: 'buildOverviewHostQuery' }; -export const mockBuildOverviewNetworkQuery = { - buildOverviewNetworkQuery: 'buildOverviewNetworkQuery', -}; - -export const mockResultNetwork = { - inspect: { - dsl: [JSON.stringify(mockBuildOverviewNetworkQuery, null, 2)], - response: [JSON.stringify(mockResponseNetwork, null, 2)], - }, - packetbeatFlow: 50243, - packetbeatDNS: 15000, - filebeatSuricata: 2375, - filebeatZeek: 456, - auditbeatSocket: 13, - filebeatCisco: 14, - filebeatNetflow: 992, - filebeatPanw: 225, - packetbeatTLS: 2009, -}; - -export const mockOptionsHost: RequestBasicOptions = { - defaultIndex: DEFAULT_INDEX_PATTERN, - sourceConfiguration: { - fields: { - container: 'docker.container.name', - host: 'beat.hostname', - message: ['message', '@message'], - pod: 'kubernetes.pod.name', - tiebreaker: '_doc', - timestamp: '@timestamp', - }, - }, - timerange: { interval: '12h', to: '2019-02-11T02:26:46.071Z', from: '2019-02-10T02:26:46.071Z' }, - filterQuery: {}, -}; - -export const mockRequestHost = { - body: { - operationName: 'GetOverviewHostQuery', - variables: { - sourceId: 'default', - timerange: { - interval: '12h', - from: '2019-02-10T02:30:30.772Z', - to: '2019-02-11T02:30:30.772Z', - }, - filterQuery: '', - }, - query: - 'query GetOverviewHostQuery(\n $sourceId: ID!\n $timerange: TimerangeInput!\n $filterQuery: String\n ) {\n source(id: $sourceId) {\n id\n OverviewHost(timerange: $timerange, filterQuery: $filterQuery) {\n auditbeatAuditd\n auditbeatFIM\n auditbeatLogin\n auditbeatPackage\n auditbeatProcess\n auditbeatUser\n }\n }\n }', - }, -}; - -export const mockResponseHost = { - took: 89, - timed_out: false, - _shards: { total: 18, successful: 18, skipped: 0, failed: 0 }, - hits: { total: { value: 950867, relation: 'eq' }, max_score: null, hits: [] }, - aggregations: { - auditd_count: { doc_count: 73847 }, - endgame_module: { - doc_count: 6258, - dns_event_count: { doc_count: 891 }, - file_event_count: { doc_count: 892 }, - image_load_event_count: { doc_count: 893 }, - network_event_count: { doc_count: 894 }, - process_event_count: { doc_count: 895 }, - registry_event: { doc_count: 896 }, - security_event_count: { doc_count: 897 }, - }, - fim_count: { doc_count: 107307 }, - system_module: { - doc_count: 20000000, - login_count: { doc_count: 60015 }, - package_count: { doc_count: 2003 }, - process_count: { doc_count: 1200 }, - user_count: { doc_count: 1979 }, - filebeat_count: { doc_count: 225 }, - }, - winlog_module: { - security_event_count: { - doc_count: 523, - }, - mwsysmon_operational_event_count: { - doc_count: 214, - }, - }, - }, -}; - -export const mockResultHost = { - inspect: { - dsl: [JSON.stringify(mockBuildOverviewHostQuery, null, 2)], - response: [JSON.stringify(mockResponseHost, null, 2)], - }, - auditbeatAuditd: 73847, - auditbeatFIM: 107307, - auditbeatLogin: 60015, - auditbeatPackage: 2003, - auditbeatProcess: 1200, - auditbeatUser: 1979, - endgameDns: 891, - endgameFile: 892, - endgameImageLoad: 893, - endgameNetwork: 894, - endgameProcess: 895, - endgameRegistry: 896, - endgameSecurity: 897, - filebeatSystemModule: 225, - winlogbeatSecurity: 523, - winlogbeatMWSysmonOperational: 214, -}; diff --git a/x-pack/plugins/security_solution/server/lib/overview/query.dsl.ts b/x-pack/plugins/security_solution/server/lib/overview/query.dsl.ts deleted file mode 100644 index b6b1cfea394fd..0000000000000 --- a/x-pack/plugins/security_solution/server/lib/overview/query.dsl.ts +++ /dev/null @@ -1,397 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ -import { createQueryFilterClauses } from '../../utils/build_query'; -import { RequestBasicOptions } from '../framework'; - -export const buildOverviewNetworkQuery = ({ - filterQuery, - timerange: { from, to }, - defaultIndex, - sourceConfiguration: { - fields: { timestamp }, - }, -}: RequestBasicOptions) => { - const filter = [ - ...createQueryFilterClauses(filterQuery), - { - range: { - [timestamp]: { - gte: from, - lte: to, - format: 'strict_date_optional_time', - }, - }, - }, - ]; - - const dslQuery = { - allowNoIndices: true, - index: defaultIndex, - ignoreUnavailable: true, - body: { - aggregations: { - unique_flow_count: { - filter: { - term: { type: 'flow' }, - }, - }, - unique_dns_count: { - filter: { - term: { type: 'dns' }, - }, - }, - unique_suricata_count: { - filter: { - term: { 'service.type': 'suricata' }, - }, - }, - unique_zeek_count: { - filter: { - term: { 'service.type': 'zeek' }, - }, - }, - unique_socket_count: { - filter: { - term: { 'event.dataset': 'socket' }, - }, - }, - unique_filebeat_count: { - filter: { - term: { 'agent.type': 'filebeat' }, - }, - aggs: { - unique_netflow_count: { - filter: { - term: { 'input.type': 'netflow' }, - }, - }, - unique_panw_count: { - filter: { - term: { 'event.module': 'panw' }, - }, - }, - unique_cisco_count: { - filter: { - term: { 'event.module': 'cisco' }, - }, - }, - }, - }, - unique_packetbeat_count: { - filter: { - term: { 'agent.type': 'packetbeat' }, - }, - aggs: { - unique_tls_count: { - filter: { - term: { 'network.protocol': 'tls' }, - }, - }, - }, - }, - }, - query: { - bool: { - filter, - }, - }, - size: 0, - track_total_hits: false, - }, - }; - - return dslQuery; -}; - -export const buildOverviewHostQuery = ({ - filterQuery, - timerange: { from, to }, - defaultIndex, - sourceConfiguration: { - fields: { timestamp }, - }, -}: RequestBasicOptions) => { - const filter = [ - ...createQueryFilterClauses(filterQuery), - { - range: { - [timestamp]: { - gte: from, - lte: to, - format: 'strict_date_optional_time', - }, - }, - }, - ]; - - const dslQuery = { - allowNoIndices: true, - index: defaultIndex, - ignoreUnavailable: true, - body: { - aggregations: { - auditd_count: { - filter: { - term: { - 'event.module': 'auditd', - }, - }, - }, - endgame_module: { - filter: { - bool: { - should: [ - { - term: { 'event.module': 'endpoint' }, - }, - { - term: { - 'event.module': 'endgame', - }, - }, - ], - }, - }, - aggs: { - dns_event_count: { - filter: { - bool: { - should: [ - { - bool: { - filter: [ - { term: { 'network.protocol': 'dns' } }, - { term: { 'event.category': 'network' } }, - ], - }, - }, - { - term: { - 'endgame.event_type_full': 'dns_event', - }, - }, - ], - }, - }, - }, - file_event_count: { - filter: { - bool: { - should: [ - { - term: { - 'event.category': 'file', - }, - }, - { - term: { - 'endgame.event_type_full': 'file_event', - }, - }, - ], - }, - }, - }, - image_load_event_count: { - filter: { - bool: { - should: [ - { - bool: { - should: [ - { - term: { - 'event.category': 'library', - }, - }, - { - term: { - 'event.category': 'driver', - }, - }, - ], - }, - }, - { - term: { - 'endgame.event_type_full': 'image_load_event', - }, - }, - ], - }, - }, - }, - network_event_count: { - filter: { - bool: { - should: [ - { - bool: { - filter: [ - { - bool: { - must_not: { - term: { 'network.protocol': 'dns' }, - }, - }, - }, - { - term: { 'event.category': 'network' }, - }, - ], - }, - }, - { - term: { - 'endgame.event_type_full': 'network_event', - }, - }, - ], - }, - }, - }, - process_event_count: { - filter: { - bool: { - should: [ - { - term: { 'event.category': 'process' }, - }, - { - term: { - 'endgame.event_type_full': 'process_event', - }, - }, - ], - }, - }, - }, - registry_event: { - filter: { - bool: { - should: [ - { - term: { 'event.category': 'registry' }, - }, - { - term: { - 'endgame.event_type_full': 'registry_event', - }, - }, - ], - }, - }, - }, - security_event_count: { - filter: { - bool: { - should: [ - { - bool: { - filter: [ - { term: { 'event.category': 'session' } }, - { term: { 'event.category': 'authentication' } }, - ], - }, - }, - { - term: { - 'endgame.event_type_full': 'security_event', - }, - }, - ], - }, - }, - }, - }, - }, - fim_count: { - filter: { - term: { - 'event.module': 'file_integrity', - }, - }, - }, - winlog_module: { - filter: { - term: { - 'agent.type': 'winlogbeat', - }, - }, - aggs: { - mwsysmon_operational_event_count: { - filter: { - term: { - 'winlog.channel': 'Microsoft-Windows-Sysmon/Operational', - }, - }, - }, - security_event_count: { - filter: { - term: { - 'winlog.channel': 'Security', - }, - }, - }, - }, - }, - system_module: { - filter: { - term: { - 'event.module': 'system', - }, - }, - aggs: { - login_count: { - filter: { - term: { - 'event.dataset': 'login', - }, - }, - }, - package_count: { - filter: { - term: { - 'event.dataset': 'package', - }, - }, - }, - process_count: { - filter: { - term: { - 'event.dataset': 'process', - }, - }, - }, - user_count: { - filter: { - term: { - 'event.dataset': 'user', - }, - }, - }, - filebeat_count: { - filter: { - term: { - 'agent.type': 'filebeat', - }, - }, - }, - }, - }, - }, - query: { - bool: { - filter, - }, - }, - size: 0, - track_total_hits: false, - }, - }; - - return dslQuery; -}; diff --git a/x-pack/plugins/security_solution/server/lib/overview/types.ts b/x-pack/plugins/security_solution/server/lib/overview/types.ts deleted file mode 100644 index 7fdad08ac9b37..0000000000000 --- a/x-pack/plugins/security_solution/server/lib/overview/types.ts +++ /dev/null @@ -1,109 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ -import { OverviewHostData, OverviewNetworkData } from '../../graphql/types'; -import { FrameworkRequest, RequestBasicOptions } from '../framework'; -import { SearchHit } from '../types'; - -export interface OverviewAdapter { - getOverviewNetwork( - request: FrameworkRequest, - options: RequestBasicOptions - ): Promise; - getOverviewHost( - request: FrameworkRequest, - options: RequestBasicOptions - ): Promise; -} - -export interface OverviewNetworkHit extends SearchHit { - aggregations: { - unique_flow_count: { - doc_count: number; - }; - unique_dns_count: { - doc_count: number; - }; - unique_suricata_count: { - doc_count: number; - }; - unique_zeek_count: { - doc_count: number; - }; - unique_socket_count: { - doc_count: number; - }; - unique_filebeat_count: { - unique_netflow_count: { - doc_count: number; - }; - unique_panw_count: { - doc_count: number; - }; - unique_cisco_count: { - doc_count: number; - }; - }; - unique_packetbeat_count: { - unique_tls_count: { - doc_count: number; - }; - }; - }; -} - -export interface OverviewHostHit extends SearchHit { - aggregations: { - auditd_count: { - doc_count: number; - }; - endgame_module: { - dns_event_count: { - doc_count: number; - }; - file_event_count: { - doc_count: number; - }; - image_load_event_count: { - doc_count: number; - }; - network_event_count: { - doc_count: number; - }; - process_event_count: { - doc_count: number; - }; - registry_event: { - doc_count: number; - }; - security_event_count: { - doc_count: number; - }; - }; - fim_count: { - doc_count: number; - }; - system_module: { - login_count: { - doc_count: number; - }; - package_count: { - doc_count: number; - }; - process_count: { - doc_count: number; - }; - user_count: { - doc_count: number; - }; - filebeat_count: { - doc_count: number; - }; - }; - winlog_count: { - doc_count: number; - }; - }; -} diff --git a/x-pack/plugins/security_solution/server/lib/types.ts b/x-pack/plugins/security_solution/server/lib/types.ts index 87e755360285f..3c7c1cd3d7cff 100644 --- a/x-pack/plugins/security_solution/server/lib/types.ts +++ b/x-pack/plugins/security_solution/server/lib/types.ts @@ -17,7 +17,6 @@ import { IpDetails } from './ip_details'; import { KpiHosts } from './kpi_hosts'; import { KpiNetwork } from './kpi_network'; import { Network } from './network'; -import { Overview } from './overview'; import { SourceStatus } from './source_status'; import { Sources } from './sources'; import { Note } from './note/saved_object'; @@ -36,7 +35,6 @@ export interface AppDomainLibs { matrixHistogram: MatrixHistogram; network: Network; kpiNetwork: KpiNetwork; - overview: Overview; kpiHosts: KpiHosts; } diff --git a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/hosts/overview/index.ts b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/hosts/overview/index.ts index 7a28c983ec466..61c228a5fd164 100644 --- a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/hosts/overview/index.ts +++ b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/hosts/overview/index.ts @@ -8,7 +8,7 @@ import { get, getOr } from 'lodash/fp'; import { IEsSearchResponse } from '../../../../../../../../../src/plugins/data/common'; import { - HostOverviewStrategyResponse, + HostsOverviewStrategyResponse, HostsQueries, HostOverviewRequestOptions, OverviewHostHit, @@ -22,7 +22,7 @@ export const hostOverview: SecuritySolutionFactory = { parse: async ( options: HostOverviewRequestOptions, response: IEsSearchResponse - ): Promise => { + ): Promise => { const aggregations: OverviewHostHit = get('aggregations', response.rawResponse) || {}; const inspect = { dsl: [inspectStringifyObject(buildOverviewHostQuery(options))], diff --git a/x-pack/test/api_integration/apis/security_solution/index.js b/x-pack/test/api_integration/apis/security_solution/index.js index 16a38c0fafbca..a9ddf091245f7 100644 --- a/x-pack/test/api_integration/apis/security_solution/index.js +++ b/x-pack/test/api_integration/apis/security_solution/index.js @@ -12,12 +12,12 @@ export default function ({ loadTestFile }) { loadTestFile(require.resolve('./kpi_hosts')); loadTestFile(require.resolve('./network_dns')); loadTestFile(require.resolve('./network_top_n_flow')); - loadTestFile(require.resolve('./overview_host')); + // loadTestFile(require.resolve('./overview_host')); loadTestFile(require.resolve('./saved_objects/notes')); loadTestFile(require.resolve('./saved_objects/pinned_events')); loadTestFile(require.resolve('./saved_objects/timeline')); loadTestFile(require.resolve('./sources')); - loadTestFile(require.resolve('./overview_network')); + // loadTestFile(require.resolve('./overview_network')); loadTestFile(require.resolve('./timeline')); loadTestFile(require.resolve('./timeline_details')); // loadTestFile(require.resolve('./uncommon_processes')); diff --git a/x-pack/test/api_integration/apis/security_solution/overview_host.ts b/x-pack/test/api_integration/apis/security_solution/overview_host.ts index ffbf9d89fc112..0d648e665a9a9 100644 --- a/x-pack/test/api_integration/apis/security_solution/overview_host.ts +++ b/x-pack/test/api_integration/apis/security_solution/overview_host.ts @@ -7,7 +7,9 @@ import expect from '@kbn/expect'; import { DEFAULT_INDEX_PATTERN } from '../../../../plugins/security_solution/common/constants'; +// @ts-expect-error import { overviewHostQuery } from '../../../../plugins/security_solution/public/overview/containers//overview_host/index.gql_query'; +// @ts-expect-error import { GetOverviewHostQuery } from '../../../../plugins/security_solution/public/graphql/types'; import { FtrProviderContext } from '../../ftr_provider_context'; diff --git a/x-pack/test/api_integration/apis/security_solution/overview_network.ts b/x-pack/test/api_integration/apis/security_solution/overview_network.ts index 6976b225a4d2a..60d300e168e4a 100644 --- a/x-pack/test/api_integration/apis/security_solution/overview_network.ts +++ b/x-pack/test/api_integration/apis/security_solution/overview_network.ts @@ -5,7 +5,9 @@ */ import expect from '@kbn/expect'; +// @ts-expect-error import { overviewNetworkQuery } from '../../../../plugins/security_solution/public/overview/containers/overview_network/index.gql_query'; +// @ts-expect-error import { GetOverviewNetworkQuery } from '../../../../plugins/security_solution/public/graphql/types'; import { FtrProviderContext } from '../../ftr_provider_context';