[Endpoint] ERT-82 ERT-83 ERT-84: Alert list API with pagination (elas…

…tic#56538) * ERT-82 ERT-83 ERT-84 (partial): Add Alert List API with pagination * Better type safety for alert list API
majagrubic · Feb 10, 2020 · e6fbe12 · e6fbe12
1 parent 08cb1d9
commit e6fbe12
Show file tree

Hide file tree

Showing 21 changed files with 11,345 additions and 11,420 deletions.
diff --git a/x-pack/plugins/endpoint/common/types.ts b/x-pack/plugins/endpoint/common/types.ts
@@ -23,20 +23,72 @@ export type ImmutableSet<T> = ReadonlySet<Immutable<T>>;
 export type ImmutableObject<T> = { readonly [K in keyof T]: Immutable<T[K]> };
 
 export class EndpointAppConstants {
+  static ALERT_INDEX_NAME = 'my-index';
   static ENDPOINT_INDEX_NAME = 'endpoint-agent*';
 }
 
+export interface AlertResultList {
+  /**
+   * The alerts restricted by page size.
+   */
+  alerts: AlertData[];
+
+  /**
+   * The total number of alerts on the page.
+   */
+  total: number;
+
+  /**
+   * The size of the requested page.
+   */
+  request_page_size: number;
+
+  /**
+   * The index of the requested page, starting at 0.
+   */
+  request_page_index: number;
+
+  /**
+   * The offset of the requested page, starting at 0.
+   */
+  result_from_index: number;
+}
+
 export interface EndpointResultList {
-  // the endpoint restricted by the page size
+  /* the endpoints restricted by the page size */
   endpoints: EndpointMetadata[];
-  // the total number of unique endpoints in the index
+  /* the total number of unique endpoints in the index */
   total: number;
-  // the page size requested
+  /* the page size requested */
   request_page_size: number;
-  // the index requested
+  /* the page index requested */
   request_page_index: number;
 }
 
+export interface AlertData {
+  '@timestamp': Date;
+  agent: {
+    id: string;
+    version: string;
+  };
+  event: {
+    action: string;
+  };
+  file_classification: {
+    malware_classification: {
+      score: number;
+    };
+  };
+  host: {
+    hostname: string;
+    ip: string;
+    os: {
+      name: string;
+    };
+  };
+  thread: {};
+}
+
 export interface EndpointMetadata {
   event: {
     created: Date;
@@ -63,35 +115,6 @@ export interface EndpointMetadata {
   };
 }
 
-export interface AlertData {
-  value: {
-    source: {
-      endgame: {
-        data: {
-          file_operation: string;
-          malware_classification: {
-            score: number;
-          };
-        };
-        metadata: {
-          key: string;
-        };
-        timestamp_utc: Date;
-      };
-      labels: {
-        endpoint_id: string;
-      };
-      host: {
-        hostname: string;
-        ip: string;
-        os: {
-          name: string;
-        };
-      };
-    };
-  };
-}
-
 /**
  * The PageId type is used for the payload when firing userNavigatedToPage actions
  */

diff --git a/x-pack/plugins/endpoint/public/applications/endpoint/store/alerts/action.ts b/x-pack/plugins/endpoint/public/applications/endpoint/store/alerts/action.ts
@@ -4,11 +4,11 @@
  * you may not use this file except in compliance with the Elastic License.
  */
 
-import { AlertData, Immutable } from '../../../../../common/types';
+import { AlertListData } from '../../types';
 
-type ServerReturnedAlertsData = Immutable<{
+interface ServerReturnedAlertsData {
   type: 'serverReturnedAlertsData';
-  payload: AlertData[];
-}>;
+  payload: AlertListData;
+}
 
 export type AlertAction = ServerReturnedAlertsData;
diff --git a/x-pack/plugins/endpoint/public/applications/endpoint/store/alerts/index.ts b/x-pack/plugins/endpoint/public/applications/endpoint/store/alerts/index.ts
@@ -6,3 +6,4 @@
 
 export { alertListReducer } from './reducer';
 export { AlertAction } from './action';
+export * from '../../types';
diff --git a/x-pack/plugins/endpoint/public/applications/endpoint/store/alerts/middleware.ts b/x-pack/plugins/endpoint/public/applications/endpoint/store/alerts/middleware.ts
@@ -4,15 +4,20 @@
  * you may not use this file except in compliance with the Elastic License.
  */
 
-import { AlertData, ImmutableArray } from '../../../../../common/types';
+import qs from 'querystring';
+import { HttpFetchQuery } from 'src/core/public';
 import { AppAction } from '../action';
 import { MiddlewareFactory } from '../../types';
 
 export const alertMiddlewareFactory: MiddlewareFactory = coreStart => {
+  const qp = qs.parse(window.location.search.slice(1));
+
   return api => next => async (action: AppAction) => {
     next(action);
     if (action.type === 'userNavigatedToPage' && action.payload === 'alertsPage') {
-      const response: ImmutableArray<AlertData> = await coreStart.http.get('/api/endpoint/alerts');
+      const response = await coreStart.http.get('/api/endpoint/alerts', {
+        query: qp as HttpFetchQuery,
+      });
       api.dispatch({ type: 'serverReturnedAlertsData', payload: response });
     }
   };

diff --git a/x-pack/plugins/endpoint/public/applications/endpoint/store/alerts/reducer.ts b/x-pack/plugins/endpoint/public/applications/endpoint/store/alerts/reducer.ts
@@ -11,6 +11,10 @@ import { AppAction } from '../action';
 const initialState = (): AlertListState => {
   return {
     alerts: [],
+    request_page_size: 10,
+    request_page_index: 0,
+    result_from_index: 0,
+    total: 0,
   };
 };
 
@@ -21,7 +25,7 @@ export const alertListReducer: Reducer<AlertListState, AppAction> = (
   if (action.type === 'serverReturnedAlertsData') {
     return {
       ...state,
-      alerts: action.payload,
+      alerts: action.payload.alerts,
     };
   }
 

diff --git a/x-pack/plugins/endpoint/public/applications/endpoint/types.ts b/x-pack/plugins/endpoint/public/applications/endpoint/types.ts
@@ -6,21 +6,20 @@
 
 import { Dispatch, MiddlewareAPI } from 'redux';
 import { CoreStart } from 'kibana/public';
-import { Immutable, AlertData } from '../../../common/types';
 import { EndpointListState } from './store/endpoint_list';
 import { AppAction } from './store/action';
+import { AlertResultList } from '../../../common/types';
 
 export type MiddlewareFactory = (
   coreStart: CoreStart
 ) => (
   api: MiddlewareAPI<Dispatch<AppAction>, GlobalState>
 ) => (next: Dispatch<AppAction>) => (action: AppAction) => unknown;
 
-export type AlertListState = Immutable<{
-  alerts: AlertData[];
-}>;
-
 export interface GlobalState {
   readonly endpointList: EndpointListState;
   readonly alertList: AlertListState;
 }
+
+export type AlertListData = AlertResultList;
+export type AlertListState = AlertResultList;
diff --git a/x-pack/plugins/endpoint/public/applications/endpoint/view/alerts/index.tsx b/x-pack/plugins/endpoint/public/applications/endpoint/view/alerts/index.tsx
@@ -8,6 +8,7 @@ import { memo, useState, useMemo } from 'react';
 import React from 'react';
 import { EuiDataGrid } from '@elastic/eui';
 import { useSelector } from 'react-redux';
+import { i18n } from '@kbn/i18n';
 import * as selectors from '../../store/selectors';
 import { usePageId } from '../use_page_id';
 
@@ -40,21 +41,26 @@ export const AlertIndex = memo(() => {
       const row = json[rowIndex];
 
       if (columnId === 'alert_type') {
-        return row.value.source.endgame.metadata.key;
+        return i18n.translate(
+          'xpack.endpoint.application.endpoint.alerts.alertType.maliciousFileDescription',
+          {
+            defaultMessage: 'Malicious File',
+          }
+        );
       } else if (columnId === 'event_type') {
-        return row.value.source.endgame.data.file_operation;
+        return row.event.action;
       } else if (columnId === 'os') {
-        return row.value.source.host.os.name;
+        return row.host.os.name;
       } else if (columnId === 'ip_address') {
-        return row.value.source.host.ip;
+        return row.host.ip;
       } else if (columnId === 'host_name') {
-        return row.value.source.host.hostname;
+        return row.host.hostname;
       } else if (columnId === 'timestamp') {
-        return row.value.source.endgame.timestamp_utc;
+        return row['@timestamp'];
       } else if (columnId === 'archived') {
         return null;
       } else if (columnId === 'malware_score') {
-        return row.value.source.endgame.data.malware_classification.score;
+        return row.file_classification.malware_classification.score;
       }
       return null;
     };

diff --git a/x-pack/plugins/endpoint/server/config.ts b/x-pack/plugins/endpoint/server/config.ts
@@ -15,6 +15,8 @@ export const EndpointConfigSchema = schema.object({
   enabled: schema.boolean({ defaultValue: false }),
   endpointResultListDefaultFirstPageIndex: schema.number({ defaultValue: 0 }),
   endpointResultListDefaultPageSize: schema.number({ defaultValue: 10 }),
+  alertResultListDefaultFirstPageIndex: schema.number({ defaultValue: 0 }),
+  alertResultListDefaultPageSize: schema.number({ defaultValue: 10 }),
 });
 
 export function createConfig$(context: PluginInitializerContext) {

diff --git a/x-pack/plugins/endpoint/server/plugin.ts b/x-pack/plugins/endpoint/server/plugin.ts
@@ -69,7 +69,7 @@ export class EndpointPlugin
     const router = core.http.createRouter();
     addRoutes(router);
     registerEndpointRoutes(router, endpointContext);
-    registerAlertRoutes(router);
+    registerAlertRoutes(router, endpointContext);
   }
 
   public start() {