diff --git a/x-pack/plugins/siem/common/endpoint/generate_data.ts b/x-pack/plugins/siem/common/endpoint/generate_data.ts index a683db86dc6a0..597ad4df64dfe 100644 --- a/x-pack/plugins/siem/common/endpoint/generate_data.ts +++ b/x-pack/plugins/siem/common/endpoint/generate_data.ts @@ -845,10 +845,6 @@ export class EndpointDocGenerator { }, ], id: this.commonInfo.endpoint.policy.id, - policy: { - id: this.commonInfo.endpoint.policy.id, - version: policyVersion, - }, response: { configurations: { events: { diff --git a/x-pack/plugins/siem/common/endpoint/types.ts b/x-pack/plugins/siem/common/endpoint/types.ts index 6d04f1dfac38f..45b5cf2526e12 100644 --- a/x-pack/plugins/siem/common/endpoint/types.ts +++ b/x-pack/plugins/siem/common/endpoint/types.ts @@ -685,10 +685,6 @@ export interface HostPolicyResponse { id: string; status: HostPolicyResponseActionStatus; actions: HostPolicyResponseAppliedAction[]; - policy: { - id: string; - version: string; - }; response: { configurations: { malware: HostPolicyResponseConfigurationStatus; diff --git a/x-pack/plugins/siem/scripts/endpoint/resolver_generator.ts b/x-pack/plugins/siem/scripts/endpoint/resolver_generator.ts index 77bf200eeb540..26c6e5ccc28a8 100644 --- a/x-pack/plugins/siem/scripts/endpoint/resolver_generator.ts +++ b/x-pack/plugins/siem/scripts/endpoint/resolver_generator.ts @@ -70,7 +70,7 @@ async function main() { metadataIndex: { alias: 'mi', describe: 'index to store host metadata in', - default: 'metrics-endpoint-default-1', + default: 'metrics-endpoint.metadata-default-1', type: 'string', }, policyIndex: { diff --git a/x-pack/plugins/siem/server/endpoint/alerts/index_pattern.ts b/x-pack/plugins/siem/server/endpoint/alerts/index_pattern.ts index 1cbdf96c5bcee..391aedecdd099 100644 --- a/x-pack/plugins/siem/server/endpoint/alerts/index_pattern.ts +++ b/x-pack/plugins/siem/server/endpoint/alerts/index_pattern.ts @@ -22,6 +22,7 @@ export interface IndexPatternRetriever { export class IngestIndexPatternRetriever implements IndexPatternRetriever { private static endpointPackageName = 'endpoint'; private static metadataDataset = 'metadata'; + private static policyDataset = 'policy'; private readonly log: Logger; constructor(private readonly service: ESIndexPatternService, loggerFactory: LoggerFactory) { this.log = loggerFactory.get('index-pattern-retriever'); @@ -76,7 +77,7 @@ export class IngestIndexPatternRetriever implements IndexPatternRetriever { } } - getPolicyResponseIndexPattern(ctx: RequestHandlerContext): Promise { - return Promise.resolve('metrics-endpoint.policy-default-1'); + async getPolicyResponseIndexPattern(ctx: RequestHandlerContext): Promise { + return this.getIndexPattern(ctx, IngestIndexPatternRetriever.policyDataset); } } diff --git a/x-pack/test/api_integration/apis/endpoint/alerts/index.ts b/x-pack/test/api_integration/apis/endpoint/alerts/index.ts index ecdee09ce7edf..155513aefc609 100644 --- a/x-pack/test/api_integration/apis/endpoint/alerts/index.ts +++ b/x-pack/test/api_integration/apis/endpoint/alerts/index.ts @@ -70,7 +70,7 @@ export default function ({ getService }: FtrProviderContext) { let nullableEventId = ''; - describe.skip('Endpoint alert API', () => { + describe('Endpoint alert API', () => { describe('when data is in elasticsearch', () => { before(async () => { await esArchiver.load('endpoint/alerts/api_feature'); diff --git a/x-pack/test/api_integration/apis/endpoint/alerts/index_pattern.ts b/x-pack/test/api_integration/apis/endpoint/alerts/index_pattern.ts index df1cbcfe28e7b..ad9f4463c6419 100644 --- a/x-pack/test/api_integration/apis/endpoint/alerts/index_pattern.ts +++ b/x-pack/test/api_integration/apis/endpoint/alerts/index_pattern.ts @@ -9,7 +9,7 @@ import { FtrProviderContext } from '../../../ftr_provider_context'; export default function ({ getService }: FtrProviderContext) { const supertest = getService('supertest'); - describe.skip('Endpoint index pattern API', () => { + describe('Endpoint index pattern API', () => { it('should retrieve the index pattern for events', async () => { const { body } = await supertest.get('/api/endpoint/index_pattern/events').expect(200); expect(body.indexPattern).to.eql('events-endpoint-*'); @@ -17,7 +17,12 @@ export default function ({ getService }: FtrProviderContext) { it('should retrieve the index pattern for metadata', async () => { const { body } = await supertest.get('/api/endpoint/index_pattern/metadata').expect(200); - expect(body.indexPattern).to.eql('metrics-endpoint-*'); + expect(body.indexPattern).to.eql('metrics-endpoint.metadata-*'); + }); + + it('should retrieve the index pattern for policy', async () => { + const { body } = await supertest.get('/api/endpoint/index_pattern/policy').expect(200); + expect(body.indexPattern).to.eql('metrics-endpoint.policy-*'); }); it('should not retrieve the index pattern for an invalid key', async () => { diff --git a/x-pack/test/api_integration/apis/endpoint/metadata.ts b/x-pack/test/api_integration/apis/endpoint/metadata.ts index c01919f60a922..5c4bb52b8d9e2 100644 --- a/x-pack/test/api_integration/apis/endpoint/metadata.ts +++ b/x-pack/test/api_integration/apis/endpoint/metadata.ts @@ -14,7 +14,7 @@ const numberOfHostsInFixture = 3; export default function ({ getService }: FtrProviderContext) { const esArchiver = getService('esArchiver'); const supertest = getService('supertest'); - describe.skip('test metadata api', () => { + describe('test metadata api', () => { describe('POST /api/endpoint/metadata when index is empty', () => { it('metadata api should return empty result when index is empty', async () => { await esArchiver.unload('endpoint/metadata/api_feature'); diff --git a/x-pack/test/functional/es_archives/endpoint/alerts/host_api_feature/data.json.gz b/x-pack/test/functional/es_archives/endpoint/alerts/host_api_feature/data.json.gz index 3d4f0e11a7cc6..49082ed3bec8b 100644 Binary files a/x-pack/test/functional/es_archives/endpoint/alerts/host_api_feature/data.json.gz and b/x-pack/test/functional/es_archives/endpoint/alerts/host_api_feature/data.json.gz differ diff --git a/x-pack/test/functional/es_archives/endpoint/alerts/host_api_feature/mappings.json b/x-pack/test/functional/es_archives/endpoint/alerts/host_api_feature/mappings.json index f9d5de0d0a94c..ffd64ab3bb939 100644 --- a/x-pack/test/functional/es_archives/endpoint/alerts/host_api_feature/mappings.json +++ b/x-pack/test/functional/es_archives/endpoint/alerts/host_api_feature/mappings.json @@ -2,7 +2,7 @@ "type": "index", "value": { "aliases": {}, - "index": "metrics-endpoint-default-1", + "index": "metrics-endpoint.metadata-default-1", "mappings": { "_meta": { "version": "1.5.0-dev" diff --git a/x-pack/test/functional/es_archives/endpoint/metadata/api_feature/data.json b/x-pack/test/functional/es_archives/endpoint/metadata/api_feature/data.json index d3617dc236375..0f9f86b36dec7 100644 --- a/x-pack/test/functional/es_archives/endpoint/metadata/api_feature/data.json +++ b/x-pack/test/functional/es_archives/endpoint/metadata/api_feature/data.json @@ -2,7 +2,7 @@ "type": "doc", "value": { "id": "3KVN2G8BYQH1gtPUuYk7", - "index": "metrics-endpoint-default-1", + "index": "metrics-endpoint.metadata-default-1", "source": { "@timestamp": 1579881969541, "agent": { @@ -51,7 +51,7 @@ "type": "doc", "value": { "id": "3aVN2G8BYQH1gtPUuYk7", - "index": "metrics-endpoint-default-1", + "index": "metrics-endpoint.metadata-default-1", "source": { "@timestamp": 1579881969541, "agent": { @@ -99,7 +99,7 @@ "type": "doc", "value": { "id": "3qVN2G8BYQH1gtPUuYk7", - "index": "metrics-endpoint-default-1", + "index": "metrics-endpoint.metadata-default-1", "source": { "@timestamp": 1579881969541, "agent": { @@ -145,7 +145,7 @@ "type": "doc", "value": { "id": "36VN2G8BYQH1gtPUuYk7", - "index": "metrics-endpoint-default-1", + "index": "metrics-endpoint.metadata-default-1", "source": { "@timestamp": 1579878369541, "agent": { @@ -194,7 +194,7 @@ "type": "doc", "value": { "id": "4KVN2G8BYQH1gtPUuYk7", - "index": "metrics-endpoint-default-1", + "index": "metrics-endpoint.metadata-default-1", "source": { "@timestamp": 1579878369541, "agent": { @@ -241,7 +241,7 @@ "type": "doc", "value": { "id": "4aVN2G8BYQH1gtPUuYk7", - "index": "metrics-endpoint-default-1", + "index": "metrics-endpoint.metadata-default-1", "source": { "@timestamp": 1579878369541, "agent": { @@ -288,7 +288,7 @@ "type": "doc", "value": { "id": "4qVN2G8BYQH1gtPUuYk7", - "index": "metrics-endpoint-default-1", + "index": "metrics-endpoint.metadata-default-1", "source": { "@timestamp": 1579874769541, "agent": { @@ -336,7 +336,7 @@ "type": "doc", "value": { "id": "46VN2G8BYQH1gtPUuYk7", - "index": "metrics-endpoint-default-1", + "index": "metrics-endpoint.metadata-default-1", "source": { "@timestamp": 1579874769541, "agent": { @@ -383,7 +383,7 @@ "type": "doc", "value": { "id": "5KVN2G8BYQH1gtPUuYk7", - "index": "metrics-endpoint-default-1", + "index": "metrics-endpoint.metadata-default-1", "source": { "@timestamp": 1579874769541, "agent": { diff --git a/x-pack/test/functional/es_archives/endpoint/metadata/api_feature/mappings.json b/x-pack/test/functional/es_archives/endpoint/metadata/api_feature/mappings.json index f9d5de0d0a94c..ffd64ab3bb939 100644 --- a/x-pack/test/functional/es_archives/endpoint/metadata/api_feature/mappings.json +++ b/x-pack/test/functional/es_archives/endpoint/metadata/api_feature/mappings.json @@ -2,7 +2,7 @@ "type": "index", "value": { "aliases": {}, - "index": "metrics-endpoint-default-1", + "index": "metrics-endpoint.metadata-default-1", "mappings": { "_meta": { "version": "1.5.0-dev"