Skip to content

Commit

Permalink
Task/linux events (#63400)
Browse files Browse the repository at this point in the history
* linux events for endpoint policy details, additional windows events
  • Loading branch information
parkiino authored and wayneseymour committed Apr 15, 2020
1 parent ac0d6bc commit 357f883
Show file tree
Hide file tree
Showing 8 changed files with 240 additions and 45 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -15,8 +15,13 @@ export const generatePolicy = (): PolicyConfig => {
return {
windows: {
events: {
process: true,
dll_and_driver_load: true,
dns: true,
file: true,
network: true,
process: true,
registry: true,
security: true,
},
malware: {
mode: ProtectionModes.prevent,
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -98,4 +98,26 @@ describe('policy details: ', () => {
expect(config!.mac.events.file).toEqual(true);
});
});

describe('when the user has enabled linux process events', () => {
beforeEach(() => {
const config = policyConfig(getState());
if (!config) {
throw new Error();
}

const newPayload1 = clone(config);
newPayload1.linux.events.file = true;

dispatch({
type: 'userChangedPolicyConfig',
payload: { policyConfig: newPayload1 },
});
});

it('linux file events is enabled', () => {
const config = policyConfig(getState());
expect(config!.linux.events.file).toEqual(true);
});
});
});
Original file line number Diff line number Diff line change
Expand Up @@ -119,6 +119,26 @@ export const selectedMacEvents = (state: PolicyDetailsState): number => {
return 0;
};

/** Returns the total number of possible linux eventing configurations */
export const totalLinuxEvents = (state: PolicyDetailsState): number => {
const config = policyConfig(state);
if (config) {
return Object.keys(config.linux.events).length;
}
return 0;
};

/** Returns the number of selected liinux eventing configurations */
export const selectedLinuxEvents = (state: PolicyDetailsState): number => {
const config = policyConfig(state);
if (config) {
return Object.values(config.linux.events).reduce((count, event) => {
return event === true ? count + 1 : count;
}, 0);
}
return 0;
};

/** is there an api call in flight */
export const isLoading = (state: PolicyDetailsState) => state.isLoading;

Expand Down
84 changes: 44 additions & 40 deletions x-pack/plugins/endpoint/public/applications/endpoint/types.ts
Original file line number Diff line number Diff line change
Expand Up @@ -131,21 +131,42 @@ export interface PolicyListUrlSearchParams {
* Endpoint Policy configuration
*/
export interface PolicyConfig {
windows: UIPolicyConfig['windows'] & {
windows: {
events: {
dll_and_driver_load: boolean;
dns: boolean;
file: boolean;
network: boolean;
process: boolean;
registry: boolean;
security: boolean;
};
malware: MalwareFields;
logging: {
stdout: string;
file: string;
};
advanced: PolicyConfigAdvancedOptions;
};
mac: UIPolicyConfig['mac'] & {
mac: {
events: {
file: boolean;
process: boolean;
network: boolean;
};
malware: MalwareFields;
logging: {
stdout: string;
file: string;
};
advanced: PolicyConfigAdvancedOptions;
};
linux: UIPolicyConfig['linux'] & {
linux: {
events: {
file: boolean;
process: boolean;
network: boolean;
};
logging: {
stdout: string;
file: string;
Expand All @@ -169,38 +190,28 @@ interface PolicyConfigAdvancedOptions {
}

/**
* The set of Policy configuration settings that are show/edited via the UI
* Windows-specific policy configuration that is supported via the UI
*/
/* eslint-disable @typescript-eslint/consistent-type-definitions */
export type UIPolicyConfig = {
windows: {
events: {
process: boolean;
network: boolean;
};
/** malware mode can be off, detect, prevent or prevent and notify user */
malware: MalwareFields;
};
mac: {
events: {
file: boolean;
process: boolean;
network: boolean;
};
malware: MalwareFields;
};
type WindowsPolicyConfig = Pick<PolicyConfig['windows'], 'events' | 'malware'>;

/**
* Linux-specific policy configuration that is supported via the UI
*/
linux: {
events: {
file: boolean;
process: boolean;
network: boolean;
};
};
};
/**
* Mac-specific policy configuration that is supported via the UI
*/
type MacPolicyConfig = Pick<PolicyConfig['mac'], 'malware' | 'events'>;

/**
* Linux-specific policy configuration that is supported via the UI
*/
type LinuxPolicyConfig = Pick<PolicyConfig['linux'], 'events'>;

/**
* The set of Policy configuration settings that are show/edited via the UI
*/
export interface UIPolicyConfig {
windows: WindowsPolicyConfig;
mac: MacPolicyConfig;
linux: LinuxPolicyConfig;
}

/** OS used in Policy */
export enum OS {
Expand All @@ -209,13 +220,6 @@ export enum OS {
linux = 'linux',
}

/** Used in Policy */
export enum EventingFields {
process = 'process',
network = 'network',
file = 'file',
}

/**
* Returns the keys of an object whose values meet a criteria.
* Ex) interface largeNestedObject = {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,7 @@ import { AppAction } from '../../types';
import { useKibana } from '../../../../../../../../src/plugins/kibana_react/public';
import { AgentsSummary } from './agents_summary';
import { VerticalDivider } from './vertical_divider';
import { WindowsEvents, MacEvents } from './policy_forms/events';
import { WindowsEvents, MacEvents, LinuxEvents } from './policy_forms/events';
import { MalwareProtections } from './policy_forms/protections/malware';

export const PolicyDetails = React.memo(() => {
Expand Down Expand Up @@ -208,6 +208,8 @@ export const PolicyDetails = React.memo(() => {
<WindowsEvents />
<EuiSpacer size="l" />
<MacEvents />
<EuiSpacer size="l" />
<LinuxEvents />
</PageView>
</>
);
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -6,3 +6,4 @@

export { WindowsEvents } from './windows';
export { MacEvents } from './mac';
export { LinuxEvents } from './linux';
Original file line number Diff line number Diff line change
@@ -0,0 +1,106 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License;
* you may not use this file except in compliance with the Elastic License.
*/

import React, { useMemo } from 'react';
import { i18n } from '@kbn/i18n';
import { FormattedMessage } from '@kbn/i18n/react';
import { EuiTitle, EuiText, EuiSpacer } from '@elastic/eui';
import { EventsCheckbox } from './checkbox';
import { OS, UIPolicyConfig } from '../../../../types';
import { usePolicyDetailsSelector } from '../../policy_hooks';
import { selectedLinuxEvents, totalLinuxEvents } from '../../../../store/policy_details/selectors';
import { ConfigForm } from '../config_form';
import { getIn, setIn } from '../../../../models/policy_details_config';

export const LinuxEvents = React.memo(() => {
const selected = usePolicyDetailsSelector(selectedLinuxEvents);
const total = usePolicyDetailsSelector(totalLinuxEvents);

const checkboxes: Array<{
name: string;
os: 'linux';
protectionField: keyof UIPolicyConfig['linux']['events'];
}> = useMemo(
() => [
{
name: i18n.translate('xpack.endpoint.policyDetailsConfig.linux.events.file', {
defaultMessage: 'File',
}),
os: OS.linux,
protectionField: 'file',
},
{
name: i18n.translate('xpack.endpoint.policyDetailsConfig.linux.events.process', {
defaultMessage: 'Process',
}),
os: OS.linux,
protectionField: 'process',
},
{
name: i18n.translate('xpack.endpoint.policyDetailsConfig.linux.events.network', {
defaultMessage: 'Network',
}),
os: OS.linux,
protectionField: 'network',
},
],
[]
);

const renderCheckboxes = () => {
return (
<>
<EuiTitle size="xxs">
<h5>
<FormattedMessage
id="xpack.endpoint.policyDetailsConfig.eventingEvents"
defaultMessage="Events"
/>
</h5>
</EuiTitle>
<EuiSpacer size="s" />
{checkboxes.map((item, index) => {
return (
<EventsCheckbox
name={item.name}
key={index}
setter={(config, checked) =>
setIn(config)(item.os)('events')(item.protectionField)(checked)
}
getter={config => getIn(config)(item.os)('events')(item.protectionField)}
/>
);
})}
</>
);
};

const collectionsEnabled = () => {
return (
<EuiText size="s" color="subdued">
<FormattedMessage
id="xpack.endpoint.policy.details.eventCollectionsEnabled"
defaultMessage="{selected} / {total} event collections enabled"
values={{ selected, total }}
/>
</EuiText>
);
};

return (
<ConfigForm
type={i18n.translate('xpack.endpoint.policy.details.eventCollection', {
defaultMessage: 'Event Collection',
})}
supportedOss={[
i18n.translate('xpack.endpoint.policy.details.linux', { defaultMessage: 'Linux' }),
]}
id="linuxEventingForm"
rightCorner={collectionsEnabled()}
children={renderCheckboxes()}
/>
);
});
Original file line number Diff line number Diff line change
Expand Up @@ -29,11 +29,25 @@ export const WindowsEvents = React.memo(() => {
}> = useMemo(
() => [
{
name: i18n.translate('xpack.endpoint.policyDetailsConfig.windows.events.process', {
defaultMessage: 'Process',
name: i18n.translate('xpack.endpoint.policyDetailsConfig.windows.events.dllDriverLoad', {
defaultMessage: 'DLL and Driver Load',
}),
os: OS.windows,
protectionField: 'process',
protectionField: 'dll_and_driver_load',
},
{
name: i18n.translate('xpack.endpoint.policyDetailsConfig.windows.events.dns', {
defaultMessage: 'DNS',
}),
os: OS.windows,
protectionField: 'dns',
},
{
name: i18n.translate('xpack.endpoint.policyDetailsConfig.windows.events.file', {
defaultMessage: 'File',
}),
os: OS.windows,
protectionField: 'file',
},
{
name: i18n.translate('xpack.endpoint.policyDetailsConfig.windows.events.network', {
Expand All @@ -42,6 +56,27 @@ export const WindowsEvents = React.memo(() => {
os: OS.windows,
protectionField: 'network',
},
{
name: i18n.translate('xpack.endpoint.policyDetailsConfig.windows.events.process', {
defaultMessage: 'Process',
}),
os: OS.windows,
protectionField: 'process',
},
{
name: i18n.translate('xpack.endpoint.policyDetailsConfig.windows.events.registry', {
defaultMessage: 'Registry',
}),
os: OS.windows,
protectionField: 'registry',
},
{
name: i18n.translate('xpack.endpoint.policyDetailsConfig.windows.events.security', {
defaultMessage: 'Security',
}),
os: OS.windows,
protectionField: 'security',
},
],
[]
);
Expand Down

0 comments on commit 357f883

Please sign in to comment.