Skip to content

Commit

Permalink
[SecuritySolution] Load entity store indices from security solution d…
Browse files Browse the repository at this point in the history 
…ata view (#195862)

## Summary

* Update the Entity Store to retrieve indices from the security solution
data view.
* Create a new API that updates all installed entity engine indices
(`api/entity_store/engines/apply_dataview_indices`)


### How to test it?
* Install the entity store
* Check if the transform index has the security solutions data view
indices
* Call `apply_dataview_indices` API; it should not return changes
* Update the security solution data view indices
* Call `apply_dataview_indices` API and if the API response contains the
updated indices
* Check if the transform index also got updated

---------

Co-authored-by: kibanamachine <[email protected]>
  • Loading branch information
@machadoum @kibanamachine
machadoum and kibanamachine authored Oct 14, 2024
1 parent 1062296 commit 489c090
Show file tree
Hide file tree
Showing 28 changed files with 954 additions and 56 deletions.
65 changes: 65 additions & 0 deletions oas_docs/output/kibana.serverless.staging.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8421,6 +8421,56 @@ paths:
summary: Stop an Entity Engine
tags:
- Security Entity Analytics API
/api/entity_store/engines/apply_dataview_indices:
post:
operationId: ApplyEntityEngineDataviewIndices
responses:
'200':
content:
application/json; Elastic-Api-Version=2023-10-31:
schema:
type: object
properties:
result:
items:
$ref: >-
#/components/schemas/Security_Entity_Analytics_API_EngineDataviewUpdateResult
type: array
success:
type: boolean
description: Successful response
'207':
content:
application/json; Elastic-Api-Version=2023-10-31:
schema:
type: object
properties:
errors:
items:
type: string
type: array
result:
items:
$ref: >-
#/components/schemas/Security_Entity_Analytics_API_EngineDataviewUpdateResult
type: array
success:
type: boolean
description: Partial successful response
'500':
content:
application/json; Elastic-Api-Version=2023-10-31:
schema:
type: object
properties:
body:
type: string
statusCode:
type: number
description: Error response
summary: Apply DataView indices to all installed engines
tags:
- Security Entity Analytics API
/api/entity_store/entities/list:
get:
description: List entities records, paging, sorting and filtering as needed.
Expand Down Expand Up @@ -47909,6 +47959,20 @@ components:
#/components/schemas/Security_Entity_Analytics_API_AssetCriticalityLevel
required:
- criticality_level
Security_Entity_Analytics_API_EngineDataviewUpdateResult:
type: object
properties:
changes:
type: object
properties:
indexPatterns:
items:
type: string
type: array
type:
type: string
required:
- type
Security_Entity_Analytics_API_EngineDescriptor:
type: object
properties:
Expand All @@ -47932,6 +47996,7 @@ components:
- installing
- started
- stopped
- updating
type: string
Security_Entity_Analytics_API_Entity:
oneOf:
Expand Down
65 changes: 65 additions & 0 deletions oas_docs/output/kibana.serverless.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8421,6 +8421,56 @@ paths:
summary: Stop an Entity Engine
tags:
- Security Entity Analytics API
/api/entity_store/engines/apply_dataview_indices:
post:
operationId: ApplyEntityEngineDataviewIndices
responses:
'200':
content:
application/json; Elastic-Api-Version=2023-10-31:
schema:
type: object
properties:
result:
items:
$ref: >-
#/components/schemas/Security_Entity_Analytics_API_EngineDataviewUpdateResult
type: array
success:
type: boolean
description: Successful response
'207':
content:
application/json; Elastic-Api-Version=2023-10-31:
schema:
type: object
properties:
errors:
items:
type: string
type: array
result:
items:
$ref: >-
#/components/schemas/Security_Entity_Analytics_API_EngineDataviewUpdateResult
type: array
success:
type: boolean
description: Partial successful response
'500':
content:
application/json; Elastic-Api-Version=2023-10-31:
schema:
type: object
properties:
body:
type: string
statusCode:
type: number
description: Error response
summary: Apply DataView indices to all installed engines
tags:
- Security Entity Analytics API
/api/entity_store/entities/list:
get:
description: List entities records, paging, sorting and filtering as needed.
Expand Down Expand Up @@ -47909,6 +47959,20 @@ components:
#/components/schemas/Security_Entity_Analytics_API_AssetCriticalityLevel
required:
- criticality_level
Security_Entity_Analytics_API_EngineDataviewUpdateResult:
type: object
properties:
changes:
type: object
properties:
indexPatterns:
items:
type: string
type: array
type:
type: string
required:
- type
Security_Entity_Analytics_API_EngineDescriptor:
type: object
properties:
Expand All @@ -47932,6 +47996,7 @@ components:
- installing
- started
- stopped
- updating
type: string
Security_Entity_Analytics_API_Entity:
oneOf:
Expand Down
65 changes: 65 additions & 0 deletions oas_docs/output/kibana.staging.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11850,6 +11850,56 @@ paths:
summary: Stop an Entity Engine
tags:
- Security Entity Analytics API
/api/entity_store/engines/apply_dataview_indices:
post:
operationId: ApplyEntityEngineDataviewIndices
responses:
'200':
content:
application/json; Elastic-Api-Version=2023-10-31:
schema:
type: object
properties:
result:
items:
$ref: >-
#/components/schemas/Security_Entity_Analytics_API_EngineDataviewUpdateResult
type: array
success:
type: boolean
description: Successful response
'207':
content:
application/json; Elastic-Api-Version=2023-10-31:
schema:
type: object
properties:
errors:
items:
type: string
type: array
result:
items:
$ref: >-
#/components/schemas/Security_Entity_Analytics_API_EngineDataviewUpdateResult
type: array
success:
type: boolean
description: Partial successful response
'500':
content:
application/json; Elastic-Api-Version=2023-10-31:
schema:
type: object
properties:
body:
type: string
statusCode:
type: number
description: Error response
summary: Apply DataView indices to all installed engines
tags:
- Security Entity Analytics API
/api/entity_store/entities/list:
get:
description: List entities records, paging, sorting and filtering as needed.
Expand Down Expand Up @@ -56675,6 +56725,20 @@ components:
#/components/schemas/Security_Entity_Analytics_API_AssetCriticalityLevel
required:
- criticality_level
Security_Entity_Analytics_API_EngineDataviewUpdateResult:
type: object
properties:
changes:
type: object
properties:
indexPatterns:
items:
type: string
type: array
type:
type: string
required:
- type
Security_Entity_Analytics_API_EngineDescriptor:
type: object
properties:
Expand All @@ -56698,6 +56762,7 @@ components:
- installing
- started
- stopped
- updating
type: string
Security_Entity_Analytics_API_Entity:
oneOf:
Expand Down
65 changes: 65 additions & 0 deletions oas_docs/output/kibana.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11850,6 +11850,56 @@ paths:
summary: Stop an Entity Engine
tags:
- Security Entity Analytics API
/api/entity_store/engines/apply_dataview_indices:
post:
operationId: ApplyEntityEngineDataviewIndices
responses:
'200':
content:
application/json; Elastic-Api-Version=2023-10-31:
schema:
type: object
properties:
result:
items:
$ref: >-
#/components/schemas/Security_Entity_Analytics_API_EngineDataviewUpdateResult
type: array
success:
type: boolean
description: Successful response
'207':
content:
application/json; Elastic-Api-Version=2023-10-31:
schema:
type: object
properties:
errors:
items:
type: string
type: array
result:
items:
$ref: >-
#/components/schemas/Security_Entity_Analytics_API_EngineDataviewUpdateResult
type: array
success:
type: boolean
description: Partial successful response
'500':
content:
application/json; Elastic-Api-Version=2023-10-31:
schema:
type: object
properties:
body:
type: string
statusCode:
type: number
description: Error response
summary: Apply DataView indices to all installed engines
tags:
- Security Entity Analytics API
/api/entity_store/entities/list:
get:
description: List entities records, paging, sorting and filtering as needed.
Expand Down Expand Up @@ -56675,6 +56725,20 @@ components:
#/components/schemas/Security_Entity_Analytics_API_AssetCriticalityLevel
required:
- criticality_level
Security_Entity_Analytics_API_EngineDataviewUpdateResult:
type: object
properties:
changes:
type: object
properties:
indexPatterns:
items:
type: string
type: array
type:
type: string
required:
- type
Security_Entity_Analytics_API_EngineDescriptor:
type: object
properties:
Expand All @@ -56698,6 +56762,7 @@ components:
- installing
- started
- stopped
- updating
type: string
Security_Entity_Analytics_API_Entity:
oneOf:
Expand Down
13 changes: 13 additions & 0 deletions ...ck/plugins/entity_manager/server/lib/entities/errors/entity_definition_update_conflict.ts
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/

export class EntityDefinitionUpdateConflict extends Error {
constructor(message: string) {
super(message);
this.name = 'EntityDefinitionUpdateConflict';
}
}
Loading

0 comments on commit 489c090

Please sign in to comment.