-
Notifications
You must be signed in to change notification settings - Fork 8.3k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[Security Solution][Entity Analytics] APIs for Entity Store engine (#…
…191986) This PR introduces the following API routes for setting up Entity Store "engines": <meta charset="utf-8"><b style="font-weight:normal;" id="docs-internal-guid-9410c5d7-7fff-e873-6830-887939a306fb"><div dir="ltr" style="margin-left:-0.75pt;" align="left"> Initialise Engine | POST /api/entity_store/engines/<entity_type>/init -- | -- Start Engine | POST /api/entity_store/engines/<entity_type>/start Stop Engine | POST /api/entity_store/engines/<entity_type>/stop Delete Engine | DELETE /api/entity_store/engines/<entity_type> Get engine | GET /api/entity_store/engines/<entity_type> List Engines | GET /api/entity_store/engines </div></b> The PR includes the following: - Adding the `EntityManager` plugin (see elastic/obs-entities) as a dependency of the Security Solution - The OpenAPI schemas for the new routes - The actual Kibana side endpoints - A `Saved Object` to track the installed engines - A new `EntityStoreDataClient` - A new feature flag `entityStoreEngineRoutesEnabled` 1. Add some host/user data * Easiest is to use [elastic/security-data-generator](https://github.com/elastic/security-documents-generator) 2. Make sure to add `entityStoreEngineRoutesEnabled` under `xpack.securitySolution.enableExperimental` in your `kibana.dev.yml` 3. In kibana dev tools or your terminal, call the `INIT` route for either `user` or `host`. 4. You should now see 2 transforms in kibana. Make sure to re-trigger them if needed so they process the documents. 5. Check that new entities have been observed by querying the new entities index via: * `GET .entities.v1.latest.ea*/_search` 6. Check the other endpoints are working (`START`, `STOP`, `LIST`, etc) 7. Calling `DELETE` should remove the transforms Implements elastic/security-team#10230 --------- Co-authored-by: kibanamachine <[email protected]> Co-authored-by: Elastic Machine <[email protected]> (cherry picked from commit cd964f1)
- Loading branch information
1 parent
297ab0b
commit 61b3645
Showing
50 changed files
with
2,098 additions
and
3 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
38 changes: 38 additions & 0 deletions
38
x-pack/plugins/security_solution/common/api/entity_analytics/entity_store/common.gen.ts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,38 @@ | ||
/* | ||
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one | ||
* or more contributor license agreements. Licensed under the Elastic License | ||
* 2.0; you may not use this file except in compliance with the Elastic License | ||
* 2.0. | ||
*/ | ||
|
||
/* | ||
* NOTICE: Do not edit this file manually. | ||
* This file is automatically generated by the OpenAPI Generator, @kbn/openapi-generator. | ||
* | ||
* info: | ||
* title: Entity Store Common Schema | ||
* version: 1 | ||
*/ | ||
|
||
import { z } from '@kbn/zod'; | ||
|
||
export type EntityType = z.infer<typeof EntityType>; | ||
export const EntityType = z.enum(['user', 'host']); | ||
export type EntityTypeEnum = typeof EntityType.enum; | ||
export const EntityTypeEnum = EntityType.enum; | ||
|
||
export type IndexPattern = z.infer<typeof IndexPattern>; | ||
export const IndexPattern = z.string(); | ||
|
||
export type EngineStatus = z.infer<typeof EngineStatus>; | ||
export const EngineStatus = z.enum(['installing', 'started', 'stopped']); | ||
export type EngineStatusEnum = typeof EngineStatus.enum; | ||
export const EngineStatusEnum = EngineStatus.enum; | ||
|
||
export type EngineDescriptor = z.infer<typeof EngineDescriptor>; | ||
export const EngineDescriptor = z.object({ | ||
type: EntityType.optional(), | ||
indexPattern: IndexPattern.optional(), | ||
status: EngineStatus.optional(), | ||
filter: z.string().optional(), | ||
}); |
37 changes: 37 additions & 0 deletions
37
x-pack/plugins/security_solution/common/api/entity_analytics/entity_store/common.schema.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,37 @@ | ||
openapi: 3.0.0 | ||
info: | ||
title: Entity Store Common Schema | ||
description: Common schema for Entity Store | ||
version: '1' | ||
paths: {} | ||
components: | ||
schemas: | ||
|
||
EntityType: | ||
type: string | ||
enum: | ||
- user | ||
- host | ||
|
||
EngineDescriptor: | ||
type: object | ||
properties: | ||
type: | ||
$ref: '#/components/schemas/EntityType' | ||
indexPattern: | ||
$ref: '#/components/schemas/IndexPattern' | ||
status: | ||
$ref: '#/components/schemas/EngineStatus' | ||
filter: | ||
type: string | ||
|
||
EngineStatus: | ||
type: string | ||
enum: | ||
- installing | ||
- started | ||
- stopped | ||
|
||
IndexPattern: | ||
type: string | ||
|
43 changes: 43 additions & 0 deletions
43
...k/plugins/security_solution/common/api/entity_analytics/entity_store/engine/delete.gen.ts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,43 @@ | ||
/* | ||
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one | ||
* or more contributor license agreements. Licensed under the Elastic License | ||
* 2.0; you may not use this file except in compliance with the Elastic License | ||
* 2.0. | ||
*/ | ||
|
||
/* | ||
* NOTICE: Do not edit this file manually. | ||
* This file is automatically generated by the OpenAPI Generator, @kbn/openapi-generator. | ||
* | ||
* info: | ||
* title: Delete the entity store engine | ||
* version: 2023-10-31 | ||
*/ | ||
|
||
import { z } from '@kbn/zod'; | ||
import { BooleanFromString } from '@kbn/zod-helpers'; | ||
|
||
import { EntityType } from '../common.gen'; | ||
|
||
export type DeleteEntityStoreRequestQuery = z.infer<typeof DeleteEntityStoreRequestQuery>; | ||
export const DeleteEntityStoreRequestQuery = z.object({ | ||
/** | ||
* Control flag to also delete the entity data. | ||
*/ | ||
data: BooleanFromString.optional(), | ||
}); | ||
export type DeleteEntityStoreRequestQueryInput = z.input<typeof DeleteEntityStoreRequestQuery>; | ||
|
||
export type DeleteEntityStoreRequestParams = z.infer<typeof DeleteEntityStoreRequestParams>; | ||
export const DeleteEntityStoreRequestParams = z.object({ | ||
/** | ||
* The entity type of the store (either 'user' or 'host'). | ||
*/ | ||
entityType: EntityType, | ||
}); | ||
export type DeleteEntityStoreRequestParamsInput = z.input<typeof DeleteEntityStoreRequestParams>; | ||
|
||
export type DeleteEntityStoreResponse = z.infer<typeof DeleteEntityStoreResponse>; | ||
export const DeleteEntityStoreResponse = z.object({ | ||
deleted: z.boolean().optional(), | ||
}); |
37 changes: 37 additions & 0 deletions
37
...gins/security_solution/common/api/entity_analytics/entity_store/engine/delete.schema.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,37 @@ | ||
openapi: 3.0.0 | ||
|
||
info: | ||
title: Delete the entity store engine | ||
version: '2023-10-31' | ||
paths: | ||
/api/entity_store/engines/{entityType}: | ||
delete: | ||
x-labels: [ess, serverless] | ||
x-codegen-enabled: true | ||
operationId: DeleteEntityStore | ||
summary: Delete the Entity Store engine | ||
parameters: | ||
- name: entityType | ||
in: path | ||
required: true | ||
schema: | ||
$ref: '../common.schema.yaml#/components/schemas/EntityType' | ||
description: The entity type of the store (either 'user' or 'host'). | ||
|
||
- name: data | ||
in: query | ||
required: false | ||
schema: | ||
type: boolean | ||
description: Control flag to also delete the entity data. | ||
responses: | ||
'200': | ||
description: Successful response | ||
content: | ||
application/json: | ||
schema: | ||
type: object | ||
properties: | ||
deleted: | ||
type: boolean | ||
|
33 changes: 33 additions & 0 deletions
33
x-pack/plugins/security_solution/common/api/entity_analytics/entity_store/engine/get.gen.ts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,33 @@ | ||
/* | ||
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one | ||
* or more contributor license agreements. Licensed under the Elastic License | ||
* 2.0; you may not use this file except in compliance with the Elastic License | ||
* 2.0. | ||
*/ | ||
|
||
/* | ||
* NOTICE: Do not edit this file manually. | ||
* This file is automatically generated by the OpenAPI Generator, @kbn/openapi-generator. | ||
* | ||
* info: | ||
* title: Get Entity Store engine | ||
* version: 2023-10-31 | ||
*/ | ||
|
||
import { z } from '@kbn/zod'; | ||
|
||
import { EntityType, EngineDescriptor } from '../common.gen'; | ||
|
||
export type GetEntityStoreEngineRequestParams = z.infer<typeof GetEntityStoreEngineRequestParams>; | ||
export const GetEntityStoreEngineRequestParams = z.object({ | ||
/** | ||
* The entity type of the store (either 'user' or 'host'). | ||
*/ | ||
entityType: EntityType, | ||
}); | ||
export type GetEntityStoreEngineRequestParamsInput = z.input< | ||
typeof GetEntityStoreEngineRequestParams | ||
>; | ||
|
||
export type GetEntityStoreEngineResponse = z.infer<typeof GetEntityStoreEngineResponse>; | ||
export const GetEntityStoreEngineResponse = EngineDescriptor; |
25 changes: 25 additions & 0 deletions
25
...plugins/security_solution/common/api/entity_analytics/entity_store/engine/get.schema.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,25 @@ | ||
openapi: 3.0.0 | ||
info: | ||
title: Get Entity Store engine | ||
version: '2023-10-31' | ||
paths: | ||
/api/entity_store/engines/{entityType}: | ||
get: | ||
x-labels: [ess, serverless] | ||
x-codegen-enabled: true | ||
operationId: GetEntityStoreEngine | ||
summary: Get the Entity Store engine | ||
parameters: | ||
- name: entityType | ||
in: path | ||
required: true | ||
schema: | ||
$ref: '../common.schema.yaml#/components/schemas/EntityType' | ||
description: The entity type of the store (either 'user' or 'host'). | ||
responses: | ||
'200': | ||
description: Successful response | ||
content: | ||
application/json: | ||
schema: | ||
$ref: '../common.schema.yaml#/components/schemas/EngineDescriptor' |
38 changes: 38 additions & 0 deletions
38
x-pack/plugins/security_solution/common/api/entity_analytics/entity_store/engine/init.gen.ts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,38 @@ | ||
/* | ||
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one | ||
* or more contributor license agreements. Licensed under the Elastic License | ||
* 2.0; you may not use this file except in compliance with the Elastic License | ||
* 2.0. | ||
*/ | ||
|
||
/* | ||
* NOTICE: Do not edit this file manually. | ||
* This file is automatically generated by the OpenAPI Generator, @kbn/openapi-generator. | ||
* | ||
* info: | ||
* title: Init Entity Store types | ||
* version: 2023-10-31 | ||
*/ | ||
|
||
import { z } from '@kbn/zod'; | ||
|
||
import { EntityType, IndexPattern, EngineDescriptor } from '../common.gen'; | ||
|
||
export type InitEntityStoreRequestParams = z.infer<typeof InitEntityStoreRequestParams>; | ||
export const InitEntityStoreRequestParams = z.object({ | ||
/** | ||
* The entity type of the store (either 'user' or 'host'). | ||
*/ | ||
entityType: EntityType, | ||
}); | ||
export type InitEntityStoreRequestParamsInput = z.input<typeof InitEntityStoreRequestParams>; | ||
|
||
export type InitEntityStoreRequestBody = z.infer<typeof InitEntityStoreRequestBody>; | ||
export const InitEntityStoreRequestBody = z.object({ | ||
indexPattern: IndexPattern.optional(), | ||
filter: z.string().optional(), | ||
}); | ||
export type InitEntityStoreRequestBodyInput = z.input<typeof InitEntityStoreRequestBody>; | ||
|
||
export type InitEntityStoreResponse = z.infer<typeof InitEntityStoreResponse>; | ||
export const InitEntityStoreResponse = EngineDescriptor; |
39 changes: 39 additions & 0 deletions
39
...lugins/security_solution/common/api/entity_analytics/entity_store/engine/init.schema.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,39 @@ | ||
openapi: 3.0.0 | ||
|
||
info: | ||
title: Init Entity Store types | ||
version: '2023-10-31' | ||
paths: | ||
/api/entity_store/engines/{entityType}/init: | ||
post: | ||
x-labels: [ess, serverless] | ||
x-codegen-enabled: true | ||
operationId: InitEntityStore | ||
summary: Initialize the Entity Store | ||
parameters: | ||
- name: entityType | ||
in: path | ||
required: true | ||
schema: | ||
$ref: '../common.schema.yaml#/components/schemas/EntityType' | ||
description: The entity type of the store (either 'user' or 'host'). | ||
requestBody: | ||
description: Schema for the engine initialization | ||
required: true | ||
content: | ||
application/json: | ||
schema: | ||
type: object | ||
properties: | ||
indexPattern: | ||
$ref: '../common.schema.yaml#/components/schemas/IndexPattern' | ||
filter: | ||
type: string | ||
responses: | ||
'200': | ||
description: Successful response | ||
content: | ||
application/json: | ||
schema: | ||
$ref: '../common.schema.yaml#/components/schemas/EngineDescriptor' | ||
|
25 changes: 25 additions & 0 deletions
25
x-pack/plugins/security_solution/common/api/entity_analytics/entity_store/engine/list.gen.ts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,25 @@ | ||
/* | ||
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one | ||
* or more contributor license agreements. Licensed under the Elastic License | ||
* 2.0; you may not use this file except in compliance with the Elastic License | ||
* 2.0. | ||
*/ | ||
|
||
/* | ||
* NOTICE: Do not edit this file manually. | ||
* This file is automatically generated by the OpenAPI Generator, @kbn/openapi-generator. | ||
* | ||
* info: | ||
* title: List Entity Store engines | ||
* version: 2023-10-31 | ||
*/ | ||
|
||
import { z } from '@kbn/zod'; | ||
|
||
import { EngineDescriptor } from '../common.gen'; | ||
|
||
export type ListEntityStoreEnginesResponse = z.infer<typeof ListEntityStoreEnginesResponse>; | ||
export const ListEntityStoreEnginesResponse = z.object({ | ||
count: z.number().int().optional(), | ||
engines: z.array(EngineDescriptor).optional(), | ||
}); |
Oops, something went wrong.