-
Notifications
You must be signed in to change notification settings - Fork 8.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Cloud Security]Misconfiguration preview & Refactor CSP Plugin to include new package #190105
Changes from all commits
6517be3
6a609d0
457da53
7183328
bc336b4
5ddf177
cdd6568
875015e
3187a52
f86e7d2
0a425e4
11ef98c
e74b284
32dfd1e
7ac9384
0dc7f84
d3ef3de
846ee3d
da69272
041dd92
eb51a72
a371893
1296a8d
2e84041
b264344
5335a65
6656625
8539ff2
0c06dcd
b48d13a
c583d4d
b428713
dcae120
f46f40d
23bb270
c8922f9
b8f4efb
c7113be
cbb5b51
6b3eab0
9f1cc37
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,9 @@ | ||
# @kbn/cloud-security-posture-common | ||
|
||
This package provides common code consumed in both the browser, i.e. the | ||
`packages/cloud-security-posture` package and `plugins/cloud_security_posture` plugin, and on the server, i.e. the | ||
`plugins/cloud_security_posture` plugin. | ||
|
||
## Maintainers | ||
|
||
Maintained by the Cloud Security Posture Team | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. nit: Cloud Risk Management team. Though the team name might change, so maybe worth just mentioning the overarching Cloud Security Team |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,20 @@ | ||
/* | ||
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one | ||
* or more contributor license agreements. Licensed under the Elastic License | ||
* 2.0; you may not use this file except in compliance with the Elastic License | ||
* 2.0. | ||
*/ | ||
export const KSPM_POLICY_TEMPLATE = 'kspm'; | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I see that these are copied over from the cloud_security_posture plugin. The idea of the common package is that we would use the code from this package everywhere. Ideally we shouldn't have any duplicated code after we are done with the creation of shared packages. If you are concerned with the PR size, we can do it in the follow up PR, but right away, without creating tech debt tickets |
||
export const CSPM_POLICY_TEMPLATE = 'cspm'; | ||
export const CDR_LATEST_NATIVE_MISCONFIGURATIONS_INDEX_PATTERN = | ||
'logs-cloud_security_posture.findings_latest-default'; | ||
export const CDR_LATEST_THIRD_PARTY_MISCONFIGURATIONS_INDEX_PATTERN = | ||
'logs-*_latest_misconfigurations_cdr'; | ||
export const CDR_MISCONFIGURATIONS_INDEX_PATTERN = `${CDR_LATEST_NATIVE_MISCONFIGURATIONS_INDEX_PATTERN},${CDR_LATEST_THIRD_PARTY_MISCONFIGURATIONS_INDEX_PATTERN}`; | ||
export const LATEST_FINDINGS_RETENTION_POLICY = '26h'; | ||
export const MAX_FINDINGS_TO_LOAD = 500; | ||
export const CSP_GET_BENCHMARK_RULES_STATE_ROUTE_PATH = | ||
'/internal/cloud_security_posture/rules/_get_states'; | ||
export const CSP_GET_BENCHMARK_RULES_STATE_API_CURRENT_VERSION = '1'; | ||
export const STATUS_ROUTE_PATH = '/internal/cloud_security_posture/status'; | ||
export const STATUS_API_CURRENT_VERSION = '1'; |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,13 @@ | ||
/* | ||
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one | ||
* or more contributor license agreements. Licensed under the Elastic License | ||
* 2.0; you may not use this file except in compliance with the Elastic License | ||
* 2.0. | ||
*/ | ||
|
||
export * from './types'; | ||
export * from './constants'; | ||
export * from './schema/csp_finding'; | ||
export type { CspBenchmarkRulesStates } from './types/latest'; | ||
export { showErrorToast } from './utils/show_error_toast'; | ||
export { buildMutedRulesFilter } from './utils/helpers'; |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,6 @@ | ||
|
||
{ | ||
"id": "@kbn/cloud-security-posture-common", | ||
"owner": "@elastic/kibana-cloud-security-posture", | ||
"type": "shared-common" | ||
} |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,7 @@ | ||
{ | ||
"name": "@kbn/cloud-security-posture-common", | ||
"private": true, | ||
"version": "1.0.0", | ||
"license": "Elastic License 2.0", | ||
"description": "Shared components for cloud security posture, both client and server side" | ||
} |
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -4,10 +4,37 @@ | |
* 2.0; you may not use this file except in compliance with the Elastic License | ||
* 2.0. | ||
*/ | ||
|
||
// TODO: this needs to be defined in a versioned schema | ||
import type { EcsDataStream, EcsEvent } from '@elastic/ecs'; | ||
import { CspBenchmarkRuleMetadata } from '../types/latest'; | ||
import { TypeOf, schema } from '@kbn/config-schema'; | ||
import { CSPM_POLICY_TEMPLATE, KSPM_POLICY_TEMPLATE } from '../constants'; | ||
|
||
export type CspBenchmarkRuleMetadata = TypeOf<typeof cspBenchmarkRuleMetadataSchema>; | ||
|
||
export const cspBenchmarkRuleMetadataSchema = schema.object({ | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I see it is duplicated from the v3 rule type. Longer term I think we will need to move all the common schemas and types here, versioned and have it here as a source of truth. Let's think how to get rid of this duplication now, eg. import in the v3 from the common and reexport . But overall we still need this TODO |
||
audit: schema.string(), | ||
benchmark: schema.object({ | ||
name: schema.string(), | ||
posture_type: schema.maybe( | ||
schema.oneOf([schema.literal(CSPM_POLICY_TEMPLATE), schema.literal(KSPM_POLICY_TEMPLATE)]) | ||
), | ||
id: schema.string(), | ||
version: schema.string(), | ||
rule_number: schema.maybe(schema.string()), | ||
}), | ||
default_value: schema.maybe(schema.string()), | ||
description: schema.string(), | ||
id: schema.string(), | ||
impact: schema.maybe(schema.string()), | ||
name: schema.string(), | ||
profile_applicability: schema.string(), | ||
rationale: schema.string(), | ||
references: schema.maybe(schema.string()), | ||
rego_rule_id: schema.string(), | ||
remediation: schema.string(), | ||
section: schema.string(), | ||
tags: schema.arrayOf(schema.string()), | ||
version: schema.string(), | ||
}); | ||
|
||
export interface CspFinding { | ||
'@timestamp': string; | ||
|
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,23 @@ | ||
{ | ||
"extends": "../../../tsconfig.base.json", | ||
"compilerOptions": { | ||
"outDir": "target/types", | ||
"types": [ | ||
"jest", | ||
"node", | ||
] | ||
}, | ||
"include": [ | ||
"**/*.ts", | ||
"**/*.tsx", | ||
], | ||
"exclude": [ | ||
"target/**/*" | ||
], | ||
"kbn_references": [ | ||
"@kbn/config-schema", | ||
"@kbn/data-views-plugin", | ||
"@kbn/core", | ||
"@kbn/i18n", | ||
] | ||
} |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,43 @@ | ||
/* | ||
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one | ||
* or more contributor license agreements. Licensed under the Elastic License | ||
* 2.0; you may not use this file except in compliance with the Elastic License | ||
* 2.0. | ||
*/ | ||
|
||
export type CspStatusCode = | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. let's make sure there are no duplications left in our plugin, we should be using types from the common package There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. so for this one specifically, there seems to be an issue with Telemetry where it doesn't seem to like it when I'm using this type from the package |
||
| 'indexed' // latest findings index exists and has results | ||
| 'indexing' // index timeout was not surpassed since installation, assumes data is being indexed | ||
| 'unprivileged' // user lacks privileges for the latest findings index | ||
| 'index-timeout' // index timeout was surpassed since installation | ||
| 'not-deployed' // no healthy agents were deployed | ||
| 'not-installed' // number of installed csp integrations is 0; | ||
| 'waiting_for_results'; // have healthy agents but no findings at all, assumes data is being indexed for the 1st time | ||
|
||
export type IndexStatus = | ||
| 'not-empty' // Index contains documents | ||
| 'empty' // Index doesn't contain documents (or doesn't exist) | ||
| 'unprivileged'; // User doesn't have access to query the index | ||
|
||
export interface IndexDetails { | ||
index: string; | ||
status: IndexStatus; | ||
} | ||
|
||
export interface BaseCspSetupBothPolicy { | ||
status: CspStatusCode; | ||
installedPackagePolicies: number; | ||
healthyAgents: number; | ||
} | ||
|
||
export interface BaseCspSetupStatus { | ||
indicesDetails: IndexDetails[]; | ||
latestPackageVersion: string; | ||
cspm: BaseCspSetupBothPolicy; | ||
kspm: BaseCspSetupBothPolicy; | ||
vuln_mgmt: BaseCspSetupBothPolicy; | ||
isPluginInitialized: boolean; | ||
installedPackageVersion?: string | undefined; | ||
} | ||
|
||
export type CspSetupStatus = BaseCspSetupStatus; |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,18 @@ | ||
/* | ||
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one | ||
* or more contributor license agreements. Licensed under the Elastic License | ||
* 2.0; you may not use this file except in compliance with the Elastic License | ||
* 2.0. | ||
*/ | ||
import { schema, TypeOf } from '@kbn/config-schema'; | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. having the latest without the versioned types doesn't seem like the right approach. It shows I guess that we need to move the whole types with all the versions to the common package There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. i mean in this case, I think we can just import + re-export the versioned types in the latest file in csp plugin There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. For the first iteration it might work, but eventually I think the source of truth for the versioned schema should be the common package, as we are using types and schemas in both the plugin and in the package |
||
|
||
export type CspBenchmarkRulesStates = TypeOf<typeof rulesStates>; | ||
const ruleStateAttributes = schema.object({ | ||
muted: schema.boolean(), | ||
benchmark_id: schema.string(), | ||
benchmark_version: schema.string(), | ||
rule_number: schema.string(), | ||
rule_id: schema.string(), | ||
}); | ||
|
||
const rulesStates = schema.recordOf(schema.string(), ruleStateAttributes); |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,41 @@ | ||
/* | ||
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one | ||
* or more contributor license agreements. Licensed under the Elastic License | ||
* 2.0; you may not use this file except in compliance with the Elastic License | ||
* 2.0. | ||
*/ | ||
import { QueryDslQueryContainer } from '@kbn/data-views-plugin/common/types'; | ||
import { i18n } from '@kbn/i18n'; | ||
import { CspBenchmarkRulesStates } from '../types/latest'; | ||
|
||
export const extractErrorMessage = (e: unknown, defaultMessage = 'Unknown Error'): string => { | ||
if (e instanceof Error) return e.message; | ||
if (typeof e === 'string') return e; | ||
|
||
return i18n.translate('xpack.csp.findings.errorMessage.default', { | ||
defaultMessage, | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I'm not sure the dynamic default message will work. I don't know the i18n tooling in depth, but I guess it creates the translation files out of the default message and it can't be fully dynamic. I think it should be a constant string. As I can see it was copied from |
||
}); | ||
}; | ||
|
||
export const buildMutedRulesFilter = ( | ||
rulesStates: CspBenchmarkRulesStates | ||
): QueryDslQueryContainer[] => { | ||
const mutedRules = Object.fromEntries( | ||
Object.entries(rulesStates).filter(([key, value]) => value.muted === true) | ||
); | ||
|
||
const mutedRulesFilterQuery = Object.keys(mutedRules).map((key) => { | ||
const rule = mutedRules[key]; | ||
return { | ||
bool: { | ||
must: [ | ||
{ term: { 'rule.benchmark.id': rule.benchmark_id } }, | ||
{ term: { 'rule.benchmark.version': rule.benchmark_version } }, | ||
{ term: { 'rule.benchmark.rule_number': rule.rule_number } }, | ||
], | ||
}, | ||
}; | ||
}); | ||
|
||
return mutedRulesFilterQuery; | ||
}; |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,9 @@ | ||
# @kbn/cloud-security-posture | ||
|
||
This package includes | ||
- Hooks that's used on Flyout component that's used in Alerts page on Security Solution Plugins as well as components on CSP plugin | ||
- Utilities and types thats used for the Hooks above as well as in CSP plugins | ||
|
||
## Maintainers | ||
|
||
Maintained by the Cloud Security Posture Team | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. same as for the common package let's update the team name |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,16 @@ | ||
/* | ||
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one | ||
* or more contributor license agreements. Licensed under the Elastic License | ||
* 2.0; you may not use this file except in compliance with the Elastic License | ||
* 2.0. | ||
*/ | ||
|
||
export * from './type'; | ||
export { useMisconfigurationPreview } from './src/hooks/use_misconfiguration_preview'; | ||
export { useGetCspBenchmarkRulesStatesApi } from './src/hooks/use_get_benchmark_rules_state_api'; | ||
export { useCspSetupStatusApi } from './src/hooks/use_csp_setup_status_api'; | ||
export { | ||
getAggregationCount, | ||
getFindingsCountAggQuery, | ||
isIndexWithDocsAvailable, | ||
} from './src/utils/utils'; |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,5 @@ | ||
{ | ||
"id": "@kbn/cloud-security-posture", | ||
"owner": "@elastic/kibana-cloud-security-posture", | ||
"type": "shared-browser" | ||
} |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,7 @@ | ||
{ | ||
"name": "@kbn/cloud-security-posture", | ||
"private": true, | ||
"version": "1.0.0", | ||
"license": "Elastic License 2.0", | ||
"description": "Shared components for cloud security posture, client side" | ||
} |
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -6,16 +6,18 @@ | |
*/ | ||
|
||
import { useQuery, type UseQueryOptions } from '@tanstack/react-query'; | ||
import { useKibana } from '../hooks/use_kibana'; | ||
import { type CspSetupStatus } from '../../../common/types_old'; | ||
import { STATUS_API_CURRENT_VERSION, STATUS_ROUTE_PATH } from '../../../common/constants'; | ||
import { useKibana } from '@kbn/kibana-react-plugin/public'; | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. does it make sense to move our typed There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Originally I did that but there seems to be an issue when I moved our useKibana to the package (things starts to fail) and separate from that issue I also had a discussion with @opauloh where we think that it might be better to have 2 different useKibana due to plugin dependencies There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. let's see if we can bring it back as a part of a smaller PR separately so it's easier to reason about. If not, using the hook directly from |
||
import type { CoreStart } from '@kbn/core/public'; | ||
import { STATUS_API_CURRENT_VERSION, STATUS_ROUTE_PATH } from '@kbn/cloud-security-posture-common'; | ||
import type { CspSetupStatus } from '@kbn/cloud-security-posture-common'; | ||
import type { CspClientPluginStartDeps } from '../../type'; | ||
|
||
const getCspSetupStatusQueryKey = 'csp_status_key'; | ||
|
||
export const useCspSetupStatusApi = ( | ||
options?: UseQueryOptions<CspSetupStatus, unknown, CspSetupStatus> | ||
) => { | ||
const { http } = useKibana().services; | ||
const { http } = useKibana<CoreStart & CspClientPluginStartDeps>().services; | ||
return useQuery<CspSetupStatus, unknown, CspSetupStatus>( | ||
[getCspSetupStatusQueryKey], | ||
() => http.get<CspSetupStatus>(STATUS_ROUTE_PATH, { version: STATUS_API_CURRENT_VERSION }), | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
packages/kbn-cloud-security-posture