From 6aa03b73506ad6eb044b386a01308ce846b9d747 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Patryk=20Kopyci=C5=84ski?= Date: Wed, 23 Sep 2020 17:11:49 +0200 Subject: [PATCH] [Security Solution] Cleanup Tls graphql (#78265) (#78283) --- .../public/graphql/introspection.json | 329 ------------ .../security_solution/public/graphql/types.ts | 365 ++++--------- .../network/components/tls_table/columns.tsx | 14 +- .../network/components/tls_table/mock.ts | 5 +- .../network/containers/tls/index.gql_query.ts | 57 --- .../public/network/containers/tls/index.tsx | 5 +- .../security_solution/server/graphql/index.ts | 2 - .../server/graphql/tls/index.ts | 8 - .../server/graphql/tls/resolvers.ts | 40 -- .../server/graphql/tls/schema.gql.ts | 47 -- .../security_solution/server/graphql/types.ts | 187 ------- .../security_solution/server/init_server.ts | 2 - .../server/lib/compose/kibana.ts | 2 - .../lib/tls/elasticsearch_adapter.test.ts | 63 --- .../server/lib/tls/elasticsearch_adapter.ts | 82 --- .../security_solution/server/lib/tls/index.ts | 26 - .../security_solution/server/lib/tls/mock.ts | 481 ------------------ .../server/lib/tls/query_tls.dsl.ts | 107 ---- .../security_solution/server/lib/tls/types.ts | 36 -- .../security_solution/server/lib/types.ts | 2 - .../apis/security_solution/index.js | 2 +- .../apis/security_solution/tls.ts | 3 + 22 files changed, 127 insertions(+), 1738 deletions(-) delete mode 100644 x-pack/plugins/security_solution/public/network/containers/tls/index.gql_query.ts delete mode 100644 x-pack/plugins/security_solution/server/graphql/tls/index.ts delete mode 100644 x-pack/plugins/security_solution/server/graphql/tls/resolvers.ts delete mode 100644 x-pack/plugins/security_solution/server/graphql/tls/schema.gql.ts delete mode 100644 x-pack/plugins/security_solution/server/lib/tls/elasticsearch_adapter.test.ts delete mode 100644 x-pack/plugins/security_solution/server/lib/tls/elasticsearch_adapter.ts delete mode 100644 x-pack/plugins/security_solution/server/lib/tls/index.ts delete mode 100644 x-pack/plugins/security_solution/server/lib/tls/mock.ts delete mode 100644 x-pack/plugins/security_solution/server/lib/tls/query_tls.dsl.ts delete mode 100644 x-pack/plugins/security_solution/server/lib/tls/types.ts diff --git a/x-pack/plugins/security_solution/public/graphql/introspection.json b/x-pack/plugins/security_solution/public/graphql/introspection.json index b32083fec1b5e..0bbc1fcc80e92 100644 --- a/x-pack/plugins/security_solution/public/graphql/introspection.json +++ b/x-pack/plugins/security_solution/public/graphql/introspection.json @@ -2186,103 +2186,6 @@ "isDeprecated": false, "deprecationReason": null }, - { - "name": "Tls", - "description": "", - "args": [ - { - "name": "filterQuery", - "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null - }, - { - "name": "id", - "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null - }, - { - "name": "ip", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } - }, - "defaultValue": null - }, - { - "name": "pagination", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { - "kind": "INPUT_OBJECT", - "name": "PaginationInputPaginated", - "ofType": null - } - }, - "defaultValue": null - }, - { - "name": "sort", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "INPUT_OBJECT", "name": "TlsSortField", "ofType": null } - }, - "defaultValue": null - }, - { - "name": "flowTarget", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "ENUM", "name": "FlowTargetSourceDest", "ofType": null } - }, - "defaultValue": null - }, - { - "name": "timerange", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "INPUT_OBJECT", "name": "TimerangeInput", "ofType": null } - }, - "defaultValue": null - }, - { - "name": "defaultIndex", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } - } - } - }, - "defaultValue": null - } - ], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "TlsData", "ofType": null } - }, - "isDeprecated": false, - "deprecationReason": null - }, { "name": "UncommonProcesses", "description": "Gets UncommonProcesses based on a timerange, or all UncommonProcesses if no criteria is specified", @@ -9444,238 +9347,6 @@ "enumValues": null, "possibleTypes": null }, - { - "kind": "INPUT_OBJECT", - "name": "TlsSortField", - "description": "", - "fields": null, - "inputFields": [ - { - "name": "field", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "ENUM", "name": "TlsFields", "ofType": null } - }, - "defaultValue": null - }, - { - "name": "direction", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "ENUM", "name": "Direction", "ofType": null } - }, - "defaultValue": null - } - ], - "interfaces": null, - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "ENUM", - "name": "TlsFields", - "description": "", - "fields": null, - "inputFields": null, - "interfaces": null, - "enumValues": [ - { "name": "_id", "description": "", "isDeprecated": false, "deprecationReason": null } - ], - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "TlsData", - "description": "", - "fields": [ - { - "name": "edges", - "description": "", - "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "TlsEdges", "ofType": null } - } - } - }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "totalCount", - "description": "", - "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "Float", "ofType": null } - }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "pageInfo", - "description": "", - "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "PageInfoPaginated", "ofType": null } - }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "inspect", - "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "Inspect", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "TlsEdges", - "description": "", - "fields": [ - { - "name": "node", - "description": "", - "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "TlsNode", "ofType": null } - }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "cursor", - "description": "", - "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "CursorType", "ofType": null } - }, - "isDeprecated": false, - "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "TlsNode", - "description": "", - "fields": [ - { - "name": "_id", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "timestamp", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "Date", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "notAfter", - "description": "", - "args": [], - "type": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } - } - }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "subjects", - "description": "", - "args": [], - "type": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } - } - }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "ja3", - "description": "", - "args": [], - "type": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } - } - }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "issuers", - "description": "", - "args": [], - "type": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } - } - }, - "isDeprecated": false, - "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, { "kind": "OBJECT", "name": "UncommonProcessesData", diff --git a/x-pack/plugins/security_solution/public/graphql/types.ts b/x-pack/plugins/security_solution/public/graphql/types.ts index 65d9212f77dcc..4d3837f434b05 100644 --- a/x-pack/plugins/security_solution/public/graphql/types.ts +++ b/x-pack/plugins/security_solution/public/graphql/types.ts @@ -95,12 +95,6 @@ export interface NetworkHttpSortField { direction: Direction; } -export interface TlsSortField { - field: TlsFields; - - direction: Direction; -} - export interface PageInfoTimeline { pageIndex: number; @@ -354,10 +348,6 @@ export enum NetworkDnsFields { dnsBytesOut = 'dnsBytesOut', } -export enum TlsFields { - _id = '_id', -} - export enum DataProviderType { default = 'default', template = 'template', @@ -568,8 +558,6 @@ export interface Source { OverviewNetwork?: Maybe; OverviewHost?: Maybe; - - Tls: TlsData; /** Gets UncommonProcesses based on a timerange, or all UncommonProcesses if no criteria is specified */ UncommonProcesses: UncommonProcessesData; /** Just a simple example to get the app name */ @@ -1928,36 +1916,6 @@ export interface OverviewHostData { inspect?: Maybe; } -export interface TlsData { - edges: TlsEdges[]; - - totalCount: number; - - pageInfo: PageInfoPaginated; - - inspect?: Maybe; -} - -export interface TlsEdges { - node: TlsNode; - - cursor: CursorType; -} - -export interface TlsNode { - _id?: Maybe; - - timestamp?: Maybe; - - notAfter?: Maybe; - - subjects?: Maybe; - - ja3?: Maybe; - - issuers?: Maybe; -} - export interface UncommonProcessesData { edges: UncommonProcessesEdges[]; @@ -2573,23 +2531,6 @@ export interface OverviewHostSourceArgs { defaultIndex: string[]; } -export interface TlsSourceArgs { - filterQuery?: Maybe; - - id?: Maybe; - - ip: string; - - pagination: PaginationInputPaginated; - - sort: TlsSortField; - - flowTarget: FlowTargetSourceDest; - - timerange: TimerangeInput; - - defaultIndex: string[]; -} export interface UncommonProcessesSourceArgs { timerange: TimerangeInput; @@ -2930,6 +2871,116 @@ export namespace GetAuthenticationsQuery { }; } +export namespace GetHostOverviewQuery { + export type Variables = { + sourceId: string; + hostName: string; + timerange: TimerangeInput; + defaultIndex: string[]; + inspect: boolean; + }; + + export type Query = { + __typename?: 'Query'; + + source: Source; + }; + + export type Source = { + __typename?: 'Source'; + + id: string; + + HostOverview: HostOverview; + }; + + export type HostOverview = { + __typename?: 'HostItem'; + + _id: Maybe; + + host: Maybe; + + cloud: Maybe; + + inspect: Maybe; + + endpoint: Maybe; + }; + + export type Host = { + __typename?: 'HostEcsFields'; + + architecture: Maybe; + + id: Maybe; + + ip: Maybe; + + mac: Maybe; + + name: Maybe; + + os: Maybe; + + type: Maybe; + }; + + export type Os = { + __typename?: 'OsEcsFields'; + + family: Maybe; + + name: Maybe; + + platform: Maybe; + + version: Maybe; + }; + + export type Cloud = { + __typename?: 'CloudFields'; + + instance: Maybe; + + machine: Maybe; + + provider: Maybe<(Maybe)[]>; + + region: Maybe<(Maybe)[]>; + }; + + export type Instance = { + __typename?: 'CloudInstance'; + + id: Maybe<(Maybe)[]>; + }; + + export type Machine = { + __typename?: 'CloudMachine'; + + type: Maybe<(Maybe)[]>; + }; + + export type Inspect = { + __typename?: 'Inspect'; + + dsl: string[]; + + response: string[]; + }; + + export type Endpoint = { + __typename?: 'EndpointFields'; + + endpointPolicy: Maybe; + + policyStatus: Maybe; + + sensorVersion: Maybe; + }; +} + export namespace GetHostFirstLastSeenQuery { export type Variables = { sourceId: string; @@ -3060,116 +3111,6 @@ export namespace GetHostsTableQuery { }; } -export namespace GetHostOverviewQuery { - export type Variables = { - sourceId: string; - hostName: string; - timerange: TimerangeInput; - defaultIndex: string[]; - inspect: boolean; - }; - - export type Query = { - __typename?: 'Query'; - - source: Source; - }; - - export type Source = { - __typename?: 'Source'; - - id: string; - - HostOverview: HostOverview; - }; - - export type HostOverview = { - __typename?: 'HostItem'; - - _id: Maybe; - - host: Maybe; - - cloud: Maybe; - - inspect: Maybe; - - endpoint: Maybe; - }; - - export type Host = { - __typename?: 'HostEcsFields'; - - architecture: Maybe; - - id: Maybe; - - ip: Maybe; - - mac: Maybe; - - name: Maybe; - - os: Maybe; - - type: Maybe; - }; - - export type Os = { - __typename?: 'OsEcsFields'; - - family: Maybe; - - name: Maybe; - - platform: Maybe; - - version: Maybe; - }; - - export type Cloud = { - __typename?: 'CloudFields'; - - instance: Maybe; - - machine: Maybe; - - provider: Maybe<(Maybe)[]>; - - region: Maybe<(Maybe)[]>; - }; - - export type Instance = { - __typename?: 'CloudInstance'; - - id: Maybe<(Maybe)[]>; - }; - - export type Machine = { - __typename?: 'CloudMachine'; - - type: Maybe<(Maybe)[]>; - }; - - export type Inspect = { - __typename?: 'Inspect'; - - dsl: string[]; - - response: string[]; - }; - - export type Endpoint = { - __typename?: 'EndpointFields'; - - endpointPolicy: Maybe; - - policyStatus: Maybe; - - sensorVersion: Maybe; - }; -} - export namespace GetKpiHostDetailsQuery { export type Variables = { sourceId: string; @@ -4119,92 +4060,6 @@ export namespace GetNetworkTopNFlowQuery { }; } -export namespace GetTlsQuery { - export type Variables = { - sourceId: string; - filterQuery?: Maybe; - flowTarget: FlowTargetSourceDest; - ip: string; - pagination: PaginationInputPaginated; - sort: TlsSortField; - timerange: TimerangeInput; - defaultIndex: string[]; - inspect: boolean; - }; - - export type Query = { - __typename?: 'Query'; - - source: Source; - }; - - export type Source = { - __typename?: 'Source'; - - id: string; - - Tls: Tls; - }; - - export type Tls = { - __typename?: 'TlsData'; - - totalCount: number; - - edges: Edges[]; - - pageInfo: PageInfo; - - inspect: Maybe; - }; - - export type Edges = { - __typename?: 'TlsEdges'; - - node: Node; - - cursor: Cursor; - }; - - export type Node = { - __typename?: 'TlsNode'; - - _id: Maybe; - - subjects: Maybe; - - ja3: Maybe; - - issuers: Maybe; - - notAfter: Maybe; - }; - - export type Cursor = { - __typename?: 'CursorType'; - - value: Maybe; - }; - - export type PageInfo = { - __typename?: 'PageInfoPaginated'; - - activePage: number; - - fakeTotalCount: number; - - showMorePagesIndicator: boolean; - }; - - export type Inspect = { - __typename?: 'Inspect'; - - dsl: string[]; - - response: string[]; - }; -} - export namespace GetUsersQuery { export type Variables = { sourceId: string; diff --git a/x-pack/plugins/security_solution/public/network/components/tls_table/columns.tsx b/x-pack/plugins/security_solution/public/network/components/tls_table/columns.tsx index 33667a65a95e9..94de71017d339 100644 --- a/x-pack/plugins/security_solution/public/network/components/tls_table/columns.tsx +++ b/x-pack/plugins/security_solution/public/network/components/tls_table/columns.tsx @@ -8,9 +8,9 @@ import React from 'react'; import moment from 'moment'; -import { TlsNode } from '../../../graphql/types'; -import { Columns } from '../../../common/components/paginated_table'; +import { NetworkTlsNode } from '../../../../common/search_strategy'; +import { Columns } from '../../../common/components/paginated_table'; import { getRowItemDraggables, getRowItemDraggable, @@ -21,11 +21,11 @@ import { PreferenceFormattedDate } from '../../../common/components/formatted_da import * as i18n from './translations'; export type TlsColumns = [ - Columns, - Columns, - Columns, - Columns, - Columns + Columns, + Columns, + Columns, + Columns, + Columns ]; export const getTlsColumns = (tableId: string): TlsColumns => [ diff --git a/x-pack/plugins/security_solution/public/network/components/tls_table/mock.ts b/x-pack/plugins/security_solution/public/network/components/tls_table/mock.ts index a90907eb38854..0e16d76d300de 100644 --- a/x-pack/plugins/security_solution/public/network/components/tls_table/mock.ts +++ b/x-pack/plugins/security_solution/public/network/components/tls_table/mock.ts @@ -4,9 +4,9 @@ * you may not use this file except in compliance with the Elastic License. */ -import { TlsData } from '../../../graphql/types'; +import { NetworkTlsStrategyResponse } from '../../../../common/search_strategy'; -export const mockTlsData: TlsData = { +export const mockTlsData: NetworkTlsStrategyResponse = { totalCount: 2, edges: [ { @@ -51,4 +51,5 @@ export const mockTlsData: TlsData = { fakeTotalCount: 50, showMorePagesIndicator: true, }, + rawResponse: {} as NetworkTlsStrategyResponse['rawResponse'], }; diff --git a/x-pack/plugins/security_solution/public/network/containers/tls/index.gql_query.ts b/x-pack/plugins/security_solution/public/network/containers/tls/index.gql_query.ts deleted file mode 100644 index f513a94d69667..0000000000000 --- a/x-pack/plugins/security_solution/public/network/containers/tls/index.gql_query.ts +++ /dev/null @@ -1,57 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import gql from 'graphql-tag'; - -export const tlsQuery = gql` - query GetTlsQuery( - $sourceId: ID! - $filterQuery: String - $flowTarget: FlowTargetSourceDest! - $ip: String! - $pagination: PaginationInputPaginated! - $sort: TlsSortField! - $timerange: TimerangeInput! - $defaultIndex: [String!]! - $inspect: Boolean! - ) { - source(id: $sourceId) { - id - Tls( - filterQuery: $filterQuery - flowTarget: $flowTarget - ip: $ip - pagination: $pagination - sort: $sort - timerange: $timerange - defaultIndex: $defaultIndex - ) { - totalCount - edges { - node { - _id - subjects - ja3 - issuers - notAfter - } - cursor { - value - } - } - pageInfo { - activePage - fakeTotalCount - showMorePagesIndicator - } - inspect @include(if: $inspect) { - dsl - response - } - } - } - } -`; diff --git a/x-pack/plugins/security_solution/public/network/containers/tls/index.tsx b/x-pack/plugins/security_solution/public/network/containers/tls/index.tsx index f9393cfc26692..4c9658aa9b42c 100644 --- a/x-pack/plugins/security_solution/public/network/containers/tls/index.tsx +++ b/x-pack/plugins/security_solution/public/network/containers/tls/index.tsx @@ -14,7 +14,7 @@ import { DEFAULT_INDEX_KEY } from '../../../../common/constants'; import { inputsModel, State } from '../../../common/store'; import { useKibana } from '../../../common/lib/kibana'; import { createFilter } from '../../../common/containers/helpers'; -import { TlsEdges, PageInfoPaginated, FlowTargetSourceDest } from '../../../graphql/types'; +import { PageInfoPaginated, FlowTargetSourceDest } from '../../../graphql/types'; import { generateTablePaginationOptions } from '../../../common/components/paginated_table/helpers'; import { networkModel, networkSelectors } from '../../store'; import { @@ -40,7 +40,7 @@ export interface NetworkTlsArgs { loadPage: (newActivePage: number) => void; pageInfo: PageInfoPaginated; refetch: inputsModel.Refetch; - tls: TlsEdges[]; + tls: NetworkTlsStrategyResponse['edges']; totalCount: number; } @@ -81,6 +81,7 @@ export const useNetworkTls = ({ factoryQueryType: NetworkQueries.tls, filterQuery: createFilter(filterQuery), flowTarget, + id, ip, pagination: generateTablePaginationOptions(activePage, limit), sort, diff --git a/x-pack/plugins/security_solution/server/graphql/index.ts b/x-pack/plugins/security_solution/server/graphql/index.ts index 7e25735707893..959aa4549d43f 100644 --- a/x-pack/plugins/security_solution/server/graphql/index.ts +++ b/x-pack/plugins/security_solution/server/graphql/index.ts @@ -26,7 +26,6 @@ import { toNumberSchema } from './scalar_to_number_array'; import { sourceStatusSchema } from './source_status'; import { sourcesSchema } from './sources'; import { timelineSchema } from './timeline'; -import { tlsSchema } from './tls'; import { uncommonProcessesSchema } from './uncommon_processes'; import { whoAmISchema } from './who_am_i'; import { matrixHistogramSchema } from './matrix_histogram'; @@ -53,7 +52,6 @@ export const schemas = [ sourceStatusSchema, sharedSchema, timelineSchema, - tlsSchema, uncommonProcessesSchema, whoAmISchema, ]; diff --git a/x-pack/plugins/security_solution/server/graphql/tls/index.ts b/x-pack/plugins/security_solution/server/graphql/tls/index.ts deleted file mode 100644 index 7d745742090a6..0000000000000 --- a/x-pack/plugins/security_solution/server/graphql/tls/index.ts +++ /dev/null @@ -1,8 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -export { createTlsResolvers } from './resolvers'; -export { tlsSchema } from './schema.gql'; diff --git a/x-pack/plugins/security_solution/server/graphql/tls/resolvers.ts b/x-pack/plugins/security_solution/server/graphql/tls/resolvers.ts deleted file mode 100644 index bfa3fddc3c8a5..0000000000000 --- a/x-pack/plugins/security_solution/server/graphql/tls/resolvers.ts +++ /dev/null @@ -1,40 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import { SourceResolvers } from '../../graphql/types'; -import { AppResolverOf, ChildResolverOf } from '../../lib/framework'; -import { TLS, TlsRequestOptions } from '../../lib/tls'; -import { createOptionsPaginated } from '../../utils/build_query/create_options'; -import { QuerySourceResolver } from '../sources/resolvers'; - -export type QueryTlsResolver = ChildResolverOf< - AppResolverOf, - QuerySourceResolver ->; - -export interface TlsResolversDeps { - tls: TLS; -} - -export const createTlsResolvers = ( - libs: TlsResolversDeps -): { - Source: { - Tls: QueryTlsResolver; - }; -} => ({ - Source: { - async Tls(source, args, { req }, info) { - const options: TlsRequestOptions = { - ...createOptionsPaginated(source, args, info), - ip: args.ip, - sort: args.sort, - flowTarget: args.flowTarget, - }; - return libs.tls.getTls(req, options); - }, - }, -}); diff --git a/x-pack/plugins/security_solution/server/graphql/tls/schema.gql.ts b/x-pack/plugins/security_solution/server/graphql/tls/schema.gql.ts deleted file mode 100644 index 452c615c65aa5..0000000000000 --- a/x-pack/plugins/security_solution/server/graphql/tls/schema.gql.ts +++ /dev/null @@ -1,47 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import gql from 'graphql-tag'; - -export const tlsSchema = gql` - enum TlsFields { - _id - } - type TlsNode { - _id: String - timestamp: Date - notAfter: [String!] - subjects: [String!] - ja3: [String!] - issuers: [String!] - } - input TlsSortField { - field: TlsFields! - direction: Direction! - } - type TlsEdges { - node: TlsNode! - cursor: CursorType! - } - type TlsData { - edges: [TlsEdges!]! - totalCount: Float! - pageInfo: PageInfoPaginated! - inspect: Inspect - } - extend type Source { - Tls( - filterQuery: String - id: String - ip: String! - pagination: PaginationInputPaginated! - sort: TlsSortField! - flowTarget: FlowTargetSourceDest! - timerange: TimerangeInput! - defaultIndex: [String!]! - ): TlsData! - } -`; diff --git a/x-pack/plugins/security_solution/server/graphql/types.ts b/x-pack/plugins/security_solution/server/graphql/types.ts index 7638ebd03f6b1..ed3abd25df882 100644 --- a/x-pack/plugins/security_solution/server/graphql/types.ts +++ b/x-pack/plugins/security_solution/server/graphql/types.ts @@ -97,12 +97,6 @@ export interface NetworkHttpSortField { direction: Direction; } -export interface TlsSortField { - field: TlsFields; - - direction: Direction; -} - export interface PageInfoTimeline { pageIndex: number; @@ -356,10 +350,6 @@ export enum NetworkDnsFields { dnsBytesOut = 'dnsBytesOut', } -export enum TlsFields { - _id = '_id', -} - export enum DataProviderType { default = 'default', template = 'template', @@ -570,8 +560,6 @@ export interface Source { OverviewNetwork?: Maybe; OverviewHost?: Maybe; - - Tls: TlsData; /** Gets UncommonProcesses based on a timerange, or all UncommonProcesses if no criteria is specified */ UncommonProcesses: UncommonProcessesData; /** Just a simple example to get the app name */ @@ -1930,36 +1918,6 @@ export interface OverviewHostData { inspect?: Maybe; } -export interface TlsData { - edges: TlsEdges[]; - - totalCount: number; - - pageInfo: PageInfoPaginated; - - inspect?: Maybe; -} - -export interface TlsEdges { - node: TlsNode; - - cursor: CursorType; -} - -export interface TlsNode { - _id?: Maybe; - - timestamp?: Maybe; - - notAfter?: Maybe; - - subjects?: Maybe; - - ja3?: Maybe; - - issuers?: Maybe; -} - export interface UncommonProcessesData { edges: UncommonProcessesEdges[]; @@ -2575,23 +2533,6 @@ export interface OverviewHostSourceArgs { defaultIndex: string[]; } -export interface TlsSourceArgs { - filterQuery?: Maybe; - - id?: Maybe; - - ip: string; - - pagination: PaginationInputPaginated; - - sort: TlsSortField; - - flowTarget: FlowTargetSourceDest; - - timerange: TimerangeInput; - - defaultIndex: string[]; -} export interface UncommonProcessesSourceArgs { timerange: TimerangeInput; @@ -3041,8 +2982,6 @@ export namespace SourceResolvers { OverviewNetwork?: OverviewNetworkResolver, TypeParent, TContext>; OverviewHost?: OverviewHostResolver, TypeParent, TContext>; - - Tls?: TlsResolver; /** Gets UncommonProcesses based on a timerange, or all UncommonProcesses if no criteria is specified */ UncommonProcesses?: UncommonProcessesResolver; /** Just a simple example to get the app name */ @@ -3426,30 +3365,6 @@ export namespace SourceResolvers { defaultIndex: string[]; } - export type TlsResolver = Resolver< - R, - Parent, - TContext, - TlsArgs - >; - export interface TlsArgs { - filterQuery?: Maybe; - - id?: Maybe; - - ip: string; - - pagination: PaginationInputPaginated; - - sort: TlsSortField; - - flowTarget: FlowTargetSourceDest; - - timerange: TimerangeInput; - - defaultIndex: string[]; - } - export type UncommonProcessesResolver< R = UncommonProcessesData, Parent = Source, @@ -8021,105 +7936,6 @@ export namespace OverviewHostDataResolvers { > = Resolver; } -export namespace TlsDataResolvers { - export interface Resolvers { - edges?: EdgesResolver; - - totalCount?: TotalCountResolver; - - pageInfo?: PageInfoResolver; - - inspect?: InspectResolver, TypeParent, TContext>; - } - - export type EdgesResolver = Resolver< - R, - Parent, - TContext - >; - export type TotalCountResolver = Resolver< - R, - Parent, - TContext - >; - export type PageInfoResolver< - R = PageInfoPaginated, - Parent = TlsData, - TContext = SiemContext - > = Resolver; - export type InspectResolver< - R = Maybe, - Parent = TlsData, - TContext = SiemContext - > = Resolver; -} - -export namespace TlsEdgesResolvers { - export interface Resolvers { - node?: NodeResolver; - - cursor?: CursorResolver; - } - - export type NodeResolver = Resolver< - R, - Parent, - TContext - >; - export type CursorResolver = Resolver< - R, - Parent, - TContext - >; -} - -export namespace TlsNodeResolvers { - export interface Resolvers { - _id?: _IdResolver, TypeParent, TContext>; - - timestamp?: TimestampResolver, TypeParent, TContext>; - - notAfter?: NotAfterResolver, TypeParent, TContext>; - - subjects?: SubjectsResolver, TypeParent, TContext>; - - ja3?: Ja3Resolver, TypeParent, TContext>; - - issuers?: IssuersResolver, TypeParent, TContext>; - } - - export type _IdResolver, Parent = TlsNode, TContext = SiemContext> = Resolver< - R, - Parent, - TContext - >; - export type TimestampResolver< - R = Maybe, - Parent = TlsNode, - TContext = SiemContext - > = Resolver; - export type NotAfterResolver< - R = Maybe, - Parent = TlsNode, - TContext = SiemContext - > = Resolver; - export type SubjectsResolver< - R = Maybe, - Parent = TlsNode, - TContext = SiemContext - > = Resolver; - export type Ja3Resolver, Parent = TlsNode, TContext = SiemContext> = Resolver< - R, - Parent, - TContext - >; - export type IssuersResolver< - R = Maybe, - Parent = TlsNode, - TContext = SiemContext - > = Resolver; -} - export namespace UncommonProcessesDataResolvers { export interface Resolvers { edges?: EdgesResolver; @@ -9492,9 +9308,6 @@ export type IResolvers = { NetworkHttpItem?: NetworkHttpItemResolvers.Resolvers; OverviewNetworkData?: OverviewNetworkDataResolvers.Resolvers; OverviewHostData?: OverviewHostDataResolvers.Resolvers; - TlsData?: TlsDataResolvers.Resolvers; - TlsEdges?: TlsEdgesResolvers.Resolvers; - TlsNode?: TlsNodeResolvers.Resolvers; UncommonProcessesData?: UncommonProcessesDataResolvers.Resolvers; UncommonProcessesEdges?: UncommonProcessesEdgesResolvers.Resolvers; UncommonProcessItem?: UncommonProcessItemResolvers.Resolvers; diff --git a/x-pack/plugins/security_solution/server/init_server.ts b/x-pack/plugins/security_solution/server/init_server.ts index 1463d7f0da284..2ef42eaee4b98 100644 --- a/x-pack/plugins/security_solution/server/init_server.ts +++ b/x-pack/plugins/security_solution/server/init_server.ts @@ -28,7 +28,6 @@ import { createTimelineResolvers } from './graphql/timeline'; import { createUncommonProcessesResolvers } from './graphql/uncommon_processes'; import { createWhoAmIResolvers } from './graphql/who_am_i'; import { AppBackendLibs } from './lib/types'; -import { createTlsResolvers } from './graphql/tls'; import { createMatrixHistogramResolvers } from './graphql/matrix_histogram'; export const initServer = (libs: AppBackendLibs) => { @@ -55,7 +54,6 @@ export const initServer = (libs: AppBackendLibs) => { createSourcesResolvers(libs) as IResolvers, createSourceStatusResolvers(libs) as IResolvers, createTimelineResolvers(libs) as IResolvers, - createTlsResolvers(libs) as IResolvers, createUncommonProcessesResolvers(libs) as IResolvers, createWhoAmIResolvers() as IResolvers, createKpiHostsResolvers(libs) as IResolvers, diff --git a/x-pack/plugins/security_solution/server/lib/compose/kibana.ts b/x-pack/plugins/security_solution/server/lib/compose/kibana.ts index db76f6d52dbb0..bab00e33e3378 100644 --- a/x-pack/plugins/security_solution/server/lib/compose/kibana.ts +++ b/x-pack/plugins/security_solution/server/lib/compose/kibana.ts @@ -17,7 +17,6 @@ import { ElasticsearchKpiHostsAdapter } from '../kpi_hosts/elasticsearch_adapter import { ElasticsearchIndexFieldAdapter, IndexFields } from '../index_fields'; import { ElasticsearchIpDetailsAdapter, IpDetails } from '../ip_details'; -import { ElasticsearchTlsAdapter, TLS } from '../tls'; import { KpiNetwork } from '../kpi_network'; import { ElasticsearchKpiNetworkAdapter } from '../kpi_network/elasticsearch_adapter'; @@ -50,7 +49,6 @@ export function compose( fields: new IndexFields(new ElasticsearchIndexFieldAdapter(framework)), hosts: new Hosts(new ElasticsearchHostsAdapter(framework, endpointContext)), ipDetails: new IpDetails(new ElasticsearchIpDetailsAdapter(framework)), - tls: new TLS(new ElasticsearchTlsAdapter(framework)), kpiHosts: new KpiHosts(new ElasticsearchKpiHostsAdapter(framework)), kpiNetwork: new KpiNetwork(new ElasticsearchKpiNetworkAdapter(framework)), matrixHistogram: new MatrixHistogram(new ElasticsearchMatrixHistogramAdapter(framework)), diff --git a/x-pack/plugins/security_solution/server/lib/tls/elasticsearch_adapter.test.ts b/x-pack/plugins/security_solution/server/lib/tls/elasticsearch_adapter.test.ts deleted file mode 100644 index 428685cbaddb8..0000000000000 --- a/x-pack/plugins/security_solution/server/lib/tls/elasticsearch_adapter.test.ts +++ /dev/null @@ -1,63 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import { buildTlsQuery } from './query_tls.dsl'; -import { ElasticsearchTlsAdapter } from './elasticsearch_adapter'; -import expect from '@kbn/expect'; -import { FrameworkRequest, FrameworkAdapter } from '../framework'; -import { mockRequest, mockResponse, mockOptions, expectedTlsEdges, mockTlsQuery } from './mock'; -import { TlsData } from '../../graphql/types'; - -jest.mock('./query_tls.dsl', () => { - return { - buildTlsQuery: jest.fn(), - }; -}); - -describe('elasticsearch_adapter', () => { - describe('#getTls', () => { - let data: TlsData; - const mockCallWithRequest = jest.fn(); - const mockFramework: FrameworkAdapter = { - callWithRequest: mockCallWithRequest, - registerGraphQLEndpoint: jest.fn(), - getIndexPatternsService: jest.fn(), - }; - - beforeAll(async () => { - (buildTlsQuery as jest.Mock).mockReset(); - (buildTlsQuery as jest.Mock).mockReturnValue(mockTlsQuery); - - mockCallWithRequest.mockResolvedValue(mockResponse); - jest.doMock('../framework', () => ({ - callWithRequest: mockCallWithRequest, - })); - - const EsTls = new ElasticsearchTlsAdapter(mockFramework); - data = await EsTls.getTls(mockRequest as FrameworkRequest, mockOptions); - }); - - afterAll(() => { - mockCallWithRequest.mockRestore(); - (buildTlsQuery as jest.Mock).mockClear(); - }); - - test('buildTlsQuery', () => { - expect((buildTlsQuery as jest.Mock).mock.calls[0][0]).to.eql(mockOptions); - }); - - test('will return tlsEdges correctly', () => { - expect(data.edges).to.eql(expectedTlsEdges); - }); - - test('will return inspect data', () => { - expect(data.inspect).to.eql({ - dsl: [JSON.stringify(mockTlsQuery, null, 2)], - response: [JSON.stringify(mockResponse, null, 2)], - }); - }); - }); -}); diff --git a/x-pack/plugins/security_solution/server/lib/tls/elasticsearch_adapter.ts b/x-pack/plugins/security_solution/server/lib/tls/elasticsearch_adapter.ts deleted file mode 100644 index ab9175951a8f5..0000000000000 --- a/x-pack/plugins/security_solution/server/lib/tls/elasticsearch_adapter.ts +++ /dev/null @@ -1,82 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import { getOr } from 'lodash/fp'; - -import { TlsData, TlsEdges } from '../../graphql/types'; -import { inspectStringifyObject } from '../../utils/build_query'; -import { DatabaseSearchResponse, FrameworkAdapter, FrameworkRequest } from '../framework'; -import { TermAggregation } from '../types'; -import { DEFAULT_MAX_TABLE_QUERY_SIZE } from '../../../common/constants'; -import { TlsRequestOptions } from './index'; - -import { TlsAdapter, TlsBuckets } from './types'; - -import { buildTlsQuery } from './query_tls.dsl'; - -export class ElasticsearchTlsAdapter implements TlsAdapter { - constructor(private readonly framework: FrameworkAdapter) {} - - public async getTls(request: FrameworkRequest, options: TlsRequestOptions): Promise { - if (options.pagination && options.pagination.querySize >= DEFAULT_MAX_TABLE_QUERY_SIZE) { - throw new Error(`No query size above ${DEFAULT_MAX_TABLE_QUERY_SIZE}`); - } - const dsl = buildTlsQuery(options); - const response = await this.framework.callWithRequest( - request, - 'search', - dsl - ); - - const { activePage, cursorStart, fakePossibleCount, querySize } = options.pagination; - const totalCount = getOr(0, 'aggregations.count.value', response); - const tlsEdges: TlsEdges[] = getTlsEdges(response, options); - const fakeTotalCount = fakePossibleCount <= totalCount ? fakePossibleCount : totalCount; - const edges = tlsEdges.splice(cursorStart, querySize - cursorStart); - const inspect = { - dsl: [inspectStringifyObject(dsl)], - response: [inspectStringifyObject(response)], - }; - const showMorePagesIndicator = totalCount > fakeTotalCount; - return { - edges, - inspect, - pageInfo: { - activePage: activePage ? activePage : 0, - fakeTotalCount, - showMorePagesIndicator, - }, - totalCount, - }; - } -} - -const getTlsEdges = ( - response: DatabaseSearchResponse, - options: TlsRequestOptions -): TlsEdges[] => { - return formatTlsEdges(getOr([], 'aggregations.sha1.buckets', response)); -}; - -export const formatTlsEdges = (buckets: TlsBuckets[]): TlsEdges[] => { - return buckets.map((bucket: TlsBuckets) => { - const edge: TlsEdges = { - node: { - _id: bucket.key, - subjects: bucket.subjects.buckets.map(({ key }) => key), - ja3: bucket.ja3.buckets.map(({ key }) => key), - issuers: bucket.issuers.buckets.map(({ key }) => key), - // eslint-disable-next-line @typescript-eslint/naming-convention - notAfter: bucket.not_after.buckets.map(({ key_as_string }) => key_as_string), - }, - cursor: { - value: bucket.key, - tiebreaker: null, - }, - }; - return edge; - }); -}; diff --git a/x-pack/plugins/security_solution/server/lib/tls/index.ts b/x-pack/plugins/security_solution/server/lib/tls/index.ts deleted file mode 100644 index 25e3957cc99db..0000000000000 --- a/x-pack/plugins/security_solution/server/lib/tls/index.ts +++ /dev/null @@ -1,26 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import { FlowTargetSourceDest, TlsSortField, TlsData } from '../../graphql/types'; -import { FrameworkRequest, RequestOptionsPaginated } from '../framework'; - -import { TlsAdapter } from './types'; - -export * from './elasticsearch_adapter'; - -export interface TlsRequestOptions extends RequestOptionsPaginated { - ip?: string; - sort: TlsSortField; - flowTarget: FlowTargetSourceDest; -} - -export class TLS { - constructor(private readonly adapter: TlsAdapter) {} - - public async getTls(req: FrameworkRequest, options: TlsRequestOptions): Promise { - return this.adapter.getTls(req, options); - } -} diff --git a/x-pack/plugins/security_solution/server/lib/tls/mock.ts b/x-pack/plugins/security_solution/server/lib/tls/mock.ts deleted file mode 100644 index 62d5e1e61570a..0000000000000 --- a/x-pack/plugins/security_solution/server/lib/tls/mock.ts +++ /dev/null @@ -1,481 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import { Direction, TlsFields, FlowTargetSourceDest } from '../../graphql/types'; - -export const mockTlsQuery = { - allowNoIndices: true, - index: ['auditbeat-*', 'filebeat-*', 'packetbeat-*', 'winlogbeat-*'], - ignoreUnavailable: true, - body: { - aggs: { - count: { cardinality: { field: 'tls.server_certificate.fingerprint.sha1' } }, - sha1: { - terms: { - field: 'tls.server_certificate.fingerprint.sha1', - size: 10, - order: { _key: 'desc' }, - }, - aggs: { - issuers: { terms: { field: 'tls.server.issuer' } }, - subjects: { terms: { field: 'tls.server.subject' } }, - not_after: { terms: { field: 'tls.server.not_after' } }, - ja3: { terms: { field: 'tls.server.ja3s' } }, - }, - }, - }, - query: { - bool: { filter: [{ range: { '@timestamp': { gte: 1570719927430, lte: 1570806327431 } } }] }, - }, - size: 0, - track_total_hits: false, - }, -}; - -export const expectedTlsEdges = [ - { - cursor: { - tiebreaker: null, - value: 'fff8dc95436e0e25ce46b1526a1a547e8cf3bb82', - }, - node: { - _id: 'fff8dc95436e0e25ce46b1526a1a547e8cf3bb82', - subjects: ['*.1.nflxso.net'], - issuers: ['DigiCert SHA2 Secure Server CA'], - ja3: ['95d2dd53a89b334cddd5c22e81e7fe61'], - notAfter: ['2019-10-27T12:00:00.000Z'], - }, - }, - { - cursor: { - tiebreaker: null, - value: 'fd8440c4b20978b173e0910e2639d114f0d405c5', - }, - node: { - _id: 'fd8440c4b20978b173e0910e2639d114f0d405c5', - subjects: ['cogocast.net'], - issuers: ['Amazon'], - ja3: ['a111d93cdf31f993c40a8a9ef13e8d7e'], - notAfter: ['2020-02-01T12:00:00.000Z'], - }, - }, - { - cursor: { tiebreaker: null, value: 'fcdc16645ebb3386adc96e7ba735c4745709b9dd' }, - node: { - _id: 'fcdc16645ebb3386adc96e7ba735c4745709b9dd', - subjects: ['player-devintever2.mountain.siriusxm.com'], - issuers: ['Trustwave Organization Validation SHA256 CA, Level 1'], - ja3: ['6fa3244afc6bb6f9fad207b6b52af26b'], - notAfter: ['2020-03-06T21:57:09.000Z'], - }, - }, - { - cursor: { tiebreaker: null, value: 'fccf375789cb7e671502a7b0cc969f218a4b2c70' }, - node: { - _id: 'fccf375789cb7e671502a7b0cc969f218a4b2c70', - subjects: ['appleid.apple.com'], - issuers: ['DigiCert SHA2 Extended Validation Server CA'], - ja3: ['6fa3244afc6bb6f9fad207b6b52af26b'], - notAfter: ['2020-07-04T12:00:00.000Z'], - }, - }, - { - cursor: { tiebreaker: null, value: 'fc4a296b706fa18ac50b96f5c0327c69db4a8981' }, - node: { - _id: 'fc4a296b706fa18ac50b96f5c0327c69db4a8981', - subjects: ['itunes.apple.com'], - issuers: ['DigiCert SHA2 Extended Validation Server CA'], - ja3: ['a441a33aaee795f498d6b764cc78989a'], - notAfter: ['2020-03-24T12:00:00.000Z'], - }, - }, - { - cursor: { tiebreaker: null, value: 'fc2cbc41f6a0e9c0118de4fe40f299f7207b797e' }, - node: { - _id: 'fc2cbc41f6a0e9c0118de4fe40f299f7207b797e', - subjects: ['incapsula.com'], - issuers: ['GlobalSign CloudSSL CA - SHA256 - G3'], - ja3: ['6fa3244afc6bb6f9fad207b6b52af26b'], - notAfter: ['2020-04-04T14:05:06.000Z'], - }, - }, - { - cursor: { tiebreaker: null, value: 'fb70d78ffa663a3a4374d841b3288d2de9759566' }, - node: { - _id: 'fb70d78ffa663a3a4374d841b3288d2de9759566', - subjects: ['*.siriusxm.com'], - issuers: ['DigiCert Baltimore CA-2 G2'], - ja3: ['535aca3d99fc247509cd50933cd71d37', '6fa3244afc6bb6f9fad207b6b52af26b'], - notAfter: ['2021-10-27T12:00:00.000Z'], - }, - }, - { - cursor: { tiebreaker: null, value: 'fb59038dcec33ab3a01a6ae60d0835ad0e04ccf0' }, - node: { - _id: 'fb59038dcec33ab3a01a6ae60d0835ad0e04ccf0', - subjects: ['photos.amazon.eu'], - issuers: ['Amazon'], - ja3: ['6fa3244afc6bb6f9fad207b6b52af26b'], - notAfter: ['2020-04-23T12:00:00.000Z'], - }, - }, - { - cursor: { tiebreaker: null, value: 'f9815293c883a6006f0b2d95a4895bdc501fd174' }, - node: { - _id: 'f9815293c883a6006f0b2d95a4895bdc501fd174', - subjects: ['cdn.hbo.com'], - issuers: ['Sectigo RSA Organization Validation Secure Server CA'], - ja3: ['6fa3244afc6bb6f9fad207b6b52af26b'], - notAfter: ['2021-02-10T23:59:59.000Z'], - }, - }, - { - cursor: { tiebreaker: null, value: 'f8db6a69797e383dca2529727369595733123386' }, - node: { - _id: 'f8db6a69797e383dca2529727369595733123386', - subjects: ['www.google.com'], - issuers: ['GTS CA 1O1'], - ja3: ['a111d93cdf31f993c40a8a9ef13e8d7e'], - notAfter: ['2019-12-10T13:32:54.000Z'], - }, - }, -]; - -export const mockRequest = { - body: { - operationName: 'GetTlsQuery', - variables: { - defaultIndex: ['auditbeat-*', 'filebeat-*', 'packetbeat-*', 'winlogbeat-*'], - filterQuery: '', - flowTarget: 'source', - inspect: false, - ip: '', - pagination: { activePage: 0, cursorStart: 0, fakePossibleCount: 50, querySize: 10 }, - sort: { field: '_id', direction: 'desc' }, - sourceId: 'default', - timerange: { interval: '12h', from: 1570716261267, to: 1570802661267 }, - }, - query: - 'query GetTlsQuery($sourceId: ID!, $filterQuery: String, $flowTarget: FlowTarget!, $ip: String!, $pagination: PaginationInputPaginated!, $sort: TlsSortField!, $timerange: TimerangeInput!, $defaultIndex: [String!]!, $inspect: Boolean!) {\n source(id: $sourceId) {\n id\n Tls(filterQuery: $filterQuery, flowTarget: $flowTarget, ip: $ip, pagination: $pagination, sort: $sort, timerange: $timerange, defaultIndex: $defaultIndex) {\n totalCount\n edges {\n node {\n _id\n subjects\n ja3\n issuers\n notAfter\n __typename\n }\n cursor {\n value\n __typename\n }\n __typename\n }\n pageInfo {\n activePage\n fakeTotalCount\n showMorePagesIndicator\n __typename\n }\n inspect @include(if: $inspect) {\n dsl\n response\n __typename\n }\n __typename\n }\n __typename\n }\n}\n', - }, -}; - -export const mockResponse = { - took: 92, - timed_out: false, - _shards: { total: 33, successful: 33, skipped: 0, failed: 0 }, - hits: { max_score: null, hits: [] }, - aggregations: { - sha1: { - doc_count_error_upper_bound: 0, - sum_other_doc_count: 4597, - buckets: [ - { - key: 'fff8dc95436e0e25ce46b1526a1a547e8cf3bb82', - doc_count: 1, - not_after: { - doc_count_error_upper_bound: 0, - sum_other_doc_count: 0, - buckets: [ - { key: 1572177600000, key_as_string: '2019-10-27T12:00:00.000Z', doc_count: 1 }, - ], - }, - issuers: { - doc_count_error_upper_bound: 0, - sum_other_doc_count: 0, - buckets: [{ key: 'DigiCert SHA2 Secure Server CA', doc_count: 1 }], - }, - subjects: { - doc_count_error_upper_bound: 0, - sum_other_doc_count: 0, - buckets: [{ key: '*.1.nflxso.net', doc_count: 1 }], - }, - ja3: { - doc_count_error_upper_bound: 0, - sum_other_doc_count: 0, - buckets: [{ key: '95d2dd53a89b334cddd5c22e81e7fe61', doc_count: 1 }], - }, - }, - { - key: 'fd8440c4b20978b173e0910e2639d114f0d405c5', - doc_count: 1, - not_after: { - doc_count_error_upper_bound: 0, - sum_other_doc_count: 0, - buckets: [ - { key: 1580558400000, key_as_string: '2020-02-01T12:00:00.000Z', doc_count: 1 }, - ], - }, - issuers: { - doc_count_error_upper_bound: 0, - sum_other_doc_count: 0, - buckets: [{ key: 'Amazon', doc_count: 1 }], - }, - subjects: { - doc_count_error_upper_bound: 0, - sum_other_doc_count: 0, - buckets: [{ key: 'cogocast.net', doc_count: 1 }], - }, - ja3: { - doc_count_error_upper_bound: 0, - sum_other_doc_count: 0, - buckets: [{ key: 'a111d93cdf31f993c40a8a9ef13e8d7e', doc_count: 1 }], - }, - }, - { - key: 'fcdc16645ebb3386adc96e7ba735c4745709b9dd', - doc_count: 1, - not_after: { - doc_count_error_upper_bound: 0, - sum_other_doc_count: 0, - buckets: [ - { key: 1583531829000, key_as_string: '2020-03-06T21:57:09.000Z', doc_count: 1 }, - ], - }, - issuers: { - doc_count_error_upper_bound: 0, - sum_other_doc_count: 0, - buckets: [ - { key: 'Trustwave Organization Validation SHA256 CA, Level 1', doc_count: 1 }, - ], - }, - subjects: { - doc_count_error_upper_bound: 0, - sum_other_doc_count: 0, - buckets: [{ key: 'player-devintever2.mountain.siriusxm.com', doc_count: 1 }], - }, - ja3: { - doc_count_error_upper_bound: 0, - sum_other_doc_count: 0, - buckets: [{ key: '6fa3244afc6bb6f9fad207b6b52af26b', doc_count: 1 }], - }, - }, - { - key: 'fccf375789cb7e671502a7b0cc969f218a4b2c70', - doc_count: 1, - not_after: { - doc_count_error_upper_bound: 0, - sum_other_doc_count: 0, - buckets: [ - { key: 1593864000000, key_as_string: '2020-07-04T12:00:00.000Z', doc_count: 1 }, - ], - }, - issuers: { - doc_count_error_upper_bound: 0, - sum_other_doc_count: 0, - buckets: [{ key: 'DigiCert SHA2 Extended Validation Server CA', doc_count: 1 }], - }, - subjects: { - doc_count_error_upper_bound: 0, - sum_other_doc_count: 0, - buckets: [{ key: 'appleid.apple.com', doc_count: 1 }], - }, - ja3: { - doc_count_error_upper_bound: 0, - sum_other_doc_count: 0, - buckets: [{ key: '6fa3244afc6bb6f9fad207b6b52af26b', doc_count: 1 }], - }, - }, - { - key: 'fc4a296b706fa18ac50b96f5c0327c69db4a8981', - doc_count: 2, - not_after: { - doc_count_error_upper_bound: 0, - sum_other_doc_count: 0, - buckets: [ - { key: 1585051200000, key_as_string: '2020-03-24T12:00:00.000Z', doc_count: 2 }, - ], - }, - issuers: { - doc_count_error_upper_bound: 0, - sum_other_doc_count: 0, - buckets: [{ key: 'DigiCert SHA2 Extended Validation Server CA', doc_count: 2 }], - }, - subjects: { - doc_count_error_upper_bound: 0, - sum_other_doc_count: 0, - buckets: [{ key: 'itunes.apple.com', doc_count: 2 }], - }, - ja3: { - doc_count_error_upper_bound: 0, - sum_other_doc_count: 0, - buckets: [{ key: 'a441a33aaee795f498d6b764cc78989a', doc_count: 2 }], - }, - }, - { - key: 'fc2cbc41f6a0e9c0118de4fe40f299f7207b797e', - doc_count: 1, - not_after: { - doc_count_error_upper_bound: 0, - sum_other_doc_count: 0, - buckets: [ - { key: 1586009106000, key_as_string: '2020-04-04T14:05:06.000Z', doc_count: 1 }, - ], - }, - issuers: { - doc_count_error_upper_bound: 0, - sum_other_doc_count: 0, - buckets: [{ key: 'GlobalSign CloudSSL CA - SHA256 - G3', doc_count: 1 }], - }, - subjects: { - doc_count_error_upper_bound: 0, - sum_other_doc_count: 0, - buckets: [{ key: 'incapsula.com', doc_count: 1 }], - }, - ja3: { - doc_count_error_upper_bound: 0, - sum_other_doc_count: 0, - buckets: [{ key: '6fa3244afc6bb6f9fad207b6b52af26b', doc_count: 1 }], - }, - }, - { - key: 'fb70d78ffa663a3a4374d841b3288d2de9759566', - doc_count: 325, - not_after: { - doc_count_error_upper_bound: 0, - sum_other_doc_count: 0, - buckets: [ - { key: 1635336000000, key_as_string: '2021-10-27T12:00:00.000Z', doc_count: 325 }, - ], - }, - issuers: { - doc_count_error_upper_bound: 0, - sum_other_doc_count: 0, - buckets: [{ key: 'DigiCert Baltimore CA-2 G2', doc_count: 325 }], - }, - subjects: { - doc_count_error_upper_bound: 0, - sum_other_doc_count: 0, - buckets: [{ key: '*.siriusxm.com', doc_count: 325 }], - }, - ja3: { - doc_count_error_upper_bound: 0, - sum_other_doc_count: 0, - buckets: [ - { key: '535aca3d99fc247509cd50933cd71d37', doc_count: 284 }, - { key: '6fa3244afc6bb6f9fad207b6b52af26b', doc_count: 39 }, - ], - }, - }, - { - key: 'fb59038dcec33ab3a01a6ae60d0835ad0e04ccf0', - doc_count: 5, - not_after: { - doc_count_error_upper_bound: 0, - sum_other_doc_count: 0, - buckets: [ - { key: 1587643200000, key_as_string: '2020-04-23T12:00:00.000Z', doc_count: 5 }, - ], - }, - issuers: { - doc_count_error_upper_bound: 0, - sum_other_doc_count: 0, - buckets: [{ key: 'Amazon', doc_count: 5 }], - }, - subjects: { - doc_count_error_upper_bound: 0, - sum_other_doc_count: 0, - buckets: [{ key: 'photos.amazon.eu', doc_count: 5 }], - }, - ja3: { - doc_count_error_upper_bound: 0, - sum_other_doc_count: 0, - buckets: [{ key: '6fa3244afc6bb6f9fad207b6b52af26b', doc_count: 5 }], - }, - }, - { - key: 'f9815293c883a6006f0b2d95a4895bdc501fd174', - doc_count: 29, - not_after: { - doc_count_error_upper_bound: 0, - sum_other_doc_count: 0, - buckets: [ - { key: 1613001599000, key_as_string: '2021-02-10T23:59:59.000Z', doc_count: 29 }, - ], - }, - issuers: { - doc_count_error_upper_bound: 0, - sum_other_doc_count: 0, - buckets: [ - { key: 'Sectigo RSA Organization Validation Secure Server CA', doc_count: 29 }, - ], - }, - subjects: { - doc_count_error_upper_bound: 0, - sum_other_doc_count: 0, - buckets: [{ key: 'cdn.hbo.com', doc_count: 29 }], - }, - ja3: { - doc_count_error_upper_bound: 0, - sum_other_doc_count: 0, - buckets: [{ key: '6fa3244afc6bb6f9fad207b6b52af26b', doc_count: 26 }], - }, - }, - { - key: 'f8db6a69797e383dca2529727369595733123386', - doc_count: 5, - not_after: { - doc_count_error_upper_bound: 0, - sum_other_doc_count: 0, - buckets: [ - { key: 1575984774000, key_as_string: '2019-12-10T13:32:54.000Z', doc_count: 5 }, - ], - }, - issuers: { - doc_count_error_upper_bound: 0, - sum_other_doc_count: 0, - buckets: [{ key: 'GTS CA 1O1', doc_count: 5 }], - }, - subjects: { - doc_count_error_upper_bound: 0, - sum_other_doc_count: 0, - buckets: [{ key: 'www.google.com', doc_count: 5 }], - }, - ja3: { - doc_count_error_upper_bound: 0, - sum_other_doc_count: 0, - buckets: [{ key: 'a111d93cdf31f993c40a8a9ef13e8d7e', doc_count: 5 }], - }, - }, - ], - }, - count: { value: 364 }, - }, -}; - -export const mockOptions = { - defaultIndex: ['auditbeat-*', 'filebeat-*', 'packetbeat-*', 'winlogbeat-*'], - sourceConfiguration: { - fields: { - container: 'docker.container.name', - host: 'beat.hostname', - message: ['message', '@message'], - pod: 'kubernetes.pod.name', - tiebreaker: '_doc', - timestamp: '@timestamp', - }, - }, - timerange: { interval: '12h', to: '2019-10-11T13:51:11.626Z', from: '2019-10-10T13:51:11.626Z' }, - pagination: { activePage: 0, cursorStart: 0, fakePossibleCount: 50, querySize: 10 }, - filterQuery: {}, - fields: [ - 'totalCount', - '_id', - 'subjects', - 'ja3', - 'issuers', - 'notAfter', - 'edges.cursor.value', - 'pageInfo.activePage', - 'pageInfo.fakeTotalCount', - 'pageInfo.showMorePagesIndicator', - 'inspect.dsl', - 'inspect.response', - ], - ip: '', - sort: { field: TlsFields._id, direction: Direction.desc }, - flowTarget: FlowTargetSourceDest.source, -}; diff --git a/x-pack/plugins/security_solution/server/lib/tls/query_tls.dsl.ts b/x-pack/plugins/security_solution/server/lib/tls/query_tls.dsl.ts deleted file mode 100644 index f6921ddcdf508..0000000000000 --- a/x-pack/plugins/security_solution/server/lib/tls/query_tls.dsl.ts +++ /dev/null @@ -1,107 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import { assertUnreachable } from '../../../common/utility_types'; -import { createQueryFilterClauses } from '../../utils/build_query'; - -import { TlsRequestOptions } from './index'; -import { TlsSortField, Direction, TlsFields } from '../../graphql/types'; - -const getAggs = (querySize: number, sort: TlsSortField) => ({ - count: { - cardinality: { - field: 'tls.server.hash.sha1', - }, - }, - sha1: { - terms: { - field: 'tls.server.hash.sha1', - size: querySize, - order: { - ...getQueryOrder(sort), - }, - }, - aggs: { - issuers: { - terms: { - field: 'tls.server.issuer', - }, - }, - subjects: { - terms: { - field: 'tls.server.subject', - }, - }, - not_after: { - terms: { - field: 'tls.server.not_after', - }, - }, - ja3: { - terms: { - field: 'tls.server.ja3s', - }, - }, - }, - }, -}); - -export const buildTlsQuery = ({ - ip, - sort, - filterQuery, - flowTarget, - pagination: { querySize }, - defaultIndex, - sourceConfiguration: { - fields: { timestamp }, - }, - timerange: { from, to }, -}: TlsRequestOptions) => { - const defaultFilter = [ - ...createQueryFilterClauses(filterQuery), - { - range: { - [timestamp]: { gte: from, lte: to, format: 'strict_date_optional_time' }, - }, - }, - ]; - - const filter = ip ? [...defaultFilter, { term: { [`${flowTarget}.ip`]: ip } }] : defaultFilter; - - const dslQuery = { - allowNoIndices: true, - index: defaultIndex, - ignoreUnavailable: true, - body: { - aggs: { - ...getAggs(querySize, sort), - }, - query: { - bool: { - filter, - }, - }, - size: 0, - track_total_hits: false, - }, - }; - - return dslQuery; -}; - -interface QueryOrder { - _key: Direction; -} - -const getQueryOrder = (sort: TlsSortField): QueryOrder => { - switch (sort.field) { - case TlsFields._id: - return { _key: sort.direction }; - default: - return assertUnreachable(sort.field); - } -}; diff --git a/x-pack/plugins/security_solution/server/lib/tls/types.ts b/x-pack/plugins/security_solution/server/lib/tls/types.ts deleted file mode 100644 index f18ddc04e14a0..0000000000000 --- a/x-pack/plugins/security_solution/server/lib/tls/types.ts +++ /dev/null @@ -1,36 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import { FrameworkRequest, RequestBasicOptions } from '../framework'; -import { TlsData } from '../../graphql/types'; - -export interface TlsAdapter { - getTls(request: FrameworkRequest, options: RequestBasicOptions): Promise; -} - -export interface TlsBuckets { - key: string; - timestamp?: { - value: number; - value_as_string: string; - }; - - subjects: { - buckets: Readonly>; - }; - - ja3: { - buckets: Readonly>; - }; - - issuers: { - buckets: Readonly>; - }; - - not_after: { - buckets: Readonly>; - }; -} diff --git a/x-pack/plugins/security_solution/server/lib/types.ts b/x-pack/plugins/security_solution/server/lib/types.ts index 435bcd9d61d89..4f70e3aa8652a 100644 --- a/x-pack/plugins/security_solution/server/lib/types.ts +++ b/x-pack/plugins/security_solution/server/lib/types.ts @@ -24,7 +24,6 @@ import { UncommonProcesses } from './uncommon_processes'; import { Note } from './note/saved_object'; import { PinnedEvent } from './pinned_event/saved_object'; import { Timeline } from './timeline/saved_object'; -import { TLS } from './tls'; import { MatrixHistogram } from './matrix_histogram'; export * from './hosts'; @@ -41,7 +40,6 @@ export interface AppDomainLibs { overview: Overview; uncommonProcesses: UncommonProcesses; kpiHosts: KpiHosts; - tls: TLS; } export interface AppBackendLibs extends AppDomainLibs { diff --git a/x-pack/test/api_integration/apis/security_solution/index.js b/x-pack/test/api_integration/apis/security_solution/index.js index b97795f325271..e4204ae295653 100644 --- a/x-pack/test/api_integration/apis/security_solution/index.js +++ b/x-pack/test/api_integration/apis/security_solution/index.js @@ -22,7 +22,7 @@ export default function ({ loadTestFile }) { loadTestFile(require.resolve('./timeline_details')); loadTestFile(require.resolve('./uncommon_processes')); loadTestFile(require.resolve('./users')); - loadTestFile(require.resolve('./tls')); + // loadTestFile(require.resolve('./tls')); loadTestFile(require.resolve('./feature_controls')); }); } diff --git a/x-pack/test/api_integration/apis/security_solution/tls.ts b/x-pack/test/api_integration/apis/security_solution/tls.ts index e5f6233d50d59..ebaec7783427f 100644 --- a/x-pack/test/api_integration/apis/security_solution/tls.ts +++ b/x-pack/test/api_integration/apis/security_solution/tls.ts @@ -5,11 +5,14 @@ */ import expect from '@kbn/expect'; +// @ts-expect-error import { tlsQuery } from '../../../../plugins/security_solution/public/network/containers/tls/index.gql_query'; import { Direction, + // @ts-expect-error TlsFields, FlowTarget, + // @ts-expect-error GetTlsQuery, } from '../../../../plugins/security_solution/public/graphql/types'; import { FtrProviderContext } from '../../ftr_provider_context';