From e6b57c0ba524f9dff36550cfc2b78a309798f7f4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Alejandro=20Ferna=CC=81ndez=20Haro?= Date: Wed, 31 Mar 2021 17:58:15 +0200 Subject: [PATCH] Use the APIs in the Security Solutions plugin --- src/plugins/telemetry/common/schema/index.ts | 8 +++- .../server/lib/telemetry/sender.ts | 38 +++++++++++++++++-- 2 files changed, 41 insertions(+), 5 deletions(-) diff --git a/src/plugins/telemetry/common/schema/index.ts b/src/plugins/telemetry/common/schema/index.ts index c89203b6275ae4..79d5dfa8902581 100644 --- a/src/plugins/telemetry/common/schema/index.ts +++ b/src/plugins/telemetry/common/schema/index.ts @@ -6,4 +6,10 @@ * Side Public License, v 1. */ -export type { TelemetryRootSchema } from './types'; +export type { + TelemetryRootSchema, + TelemetrySchemaObject, + TelemetrySchemaArray, + TelemetrySchemaValue, + TelemetryMeta, +} from './types'; diff --git a/x-pack/plugins/security_solution/server/lib/telemetry/sender.ts b/x-pack/plugins/security_solution/server/lib/telemetry/sender.ts index 989bfea26fe045..0db8b809ea455f 100644 --- a/x-pack/plugins/security_solution/server/lib/telemetry/sender.ts +++ b/x-pack/plugins/security_solution/server/lib/telemetry/sender.ts @@ -9,6 +9,7 @@ import { cloneDeep } from 'lodash'; import axios from 'axios'; import { LegacyAPICaller } from 'kibana/server'; import { URL } from 'url'; +import type { TelemetrySchemaValue } from 'src/plugins/telemetry/common/schema'; import { Logger, CoreStart } from '../../../../../../src/core/server'; import { transformDataToNdjson } from '../../utils/read_stream/create_stream_from_ndjson'; import { @@ -50,6 +51,8 @@ export interface TelemetryEvent { license?: ESLicense; } +const DIAGNOSTIC_ANALYTICS_CHANNEL = 'diagnostics-analytics'; + export class TelemetryEventsSender { private readonly initialCheckDelayMs = 10 * 1000; private readonly checkIntervalMs = 60 * 1000; @@ -71,9 +74,32 @@ export class TelemetryEventsSender { public setup(telemetrySetup?: TelemetryPluginSetup, taskManager?: TaskManagerSetupContract) { this.telemetrySetup = telemetrySetup; + const optionalPassThrough: TelemetrySchemaValue = { + type: 'pass_through', + _meta: { description: 'To be filled', optional: true }, + }; + this.telemetrySetup?.events.registerChannel({ - name: 'diagnostics-analytics', - schema: {}, // TODO: Fill up schema based on allowlistEventFields + name: DIAGNOSTIC_ANALYTICS_CHANNEL, + schema: { + // Obtained from allowlistEventFields below in this file (we might need to set the optional fields) + '@timestamp': { type: 'date', _meta: { description: 'When the event was collected' } }, + // TODO: Replace `pass_through` with more detailed info + agent: optionalPassThrough, + Endpoint: optionalPassThrough, + // eslint-disable-next-line @typescript-eslint/naming-convention + Memory_protection: optionalPassThrough, + Ransomware: optionalPassThrough, + data_stream: optionalPassThrough, + ecs: optionalPassThrough, + elastic: optionalPassThrough, + event: optionalPassThrough, + rule: optionalPassThrough, + file: optionalPassThrough, + host: optionalPassThrough, + process: optionalPassThrough, + Target: optionalPassThrough, + }, }); if (taskManager) { @@ -140,6 +166,12 @@ export class TelemetryEventsSender { } public queueTelemetryEvents(events: TelemetryEvent[]) { + this.telemetryStart?.events.sendToChannel( + DIAGNOSTIC_ANALYTICS_CHANNEL, + this.processEvents(events) + ); + // ^ should replace everything below + const qlength = this.queue.length; if (events.length === 0) { @@ -153,8 +185,6 @@ export class TelemetryEventsSender { return; } - this.telemetryStart?.events.sendToChannel('alerts-endpoint', this.processEvents(events)); - if (events.length > this.maxQueueSize - qlength) { this.queue.push(...this.processEvents(events.slice(0, this.maxQueueSize - qlength))); } else {