Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[RAC][Alerting][Security Solution] Adds Rule Execution UUID #113058

Merged
merged 49 commits into from
Jan 21, 2022
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
49 commits
Select commit Hold shift + click to select a range
24fe2c2
Adds Rule Execution UUID
spong Sep 23, 2021
f2b2ae9
Fixes event-log mapping
spong Sep 24, 2021
70de4ca
Updated JSDoc
spong Sep 24, 2021
80d280b
Merge branch 'master' of github.com:elastic/kibana into add-rule-exec…
spong Sep 24, 2021
1eb8614
Merge branch 'master' of github.com:elastic/kibana into add-rule-exec…
spong Oct 1, 2021
fd3bdc3
Increases happiness of test input parameters
spong Oct 1, 2021
51898fe
Merge branch 'master' of github.com:elastic/kibana into add-rule-exec…
spong Oct 4, 2021
ff3b3ec
Merge branch 'master' of github.com:elastic/kibana into add-rule-exec…
spong Oct 6, 2021
e10a942
Merge branch 'master' of github.com:elastic/kibana into add-rule-exec…
spong Oct 11, 2021
54976a5
Merged with rule execution event-log updates, and adds support to sig…
spong Oct 11, 2021
c4f535e
Merge branch 'main' of github.com:elastic/kibana into add-rule-execut…
spong Nov 18, 2021
95da7a0
Adding default executionId to rule preview functionality
spong Nov 18, 2021
a64dd30
Increases integrity of test outputs
spong Nov 19, 2021
42bb152
Merge branch 'main' of github.com:elastic/kibana into add-rule-execut…
spong Nov 19, 2021
c26cb1c
Merge branch 'main' of github.com:elastic/kibana into add-rule-execut…
spong Nov 22, 2021
9878e77
Updating snapshot tests
spong Nov 23, 2021
1bd9402
Merge branch 'main' of github.com:elastic/kibana into add-rule-execut…
spong Nov 23, 2021
b60791d
Removes signals mappings for executionId as not shipping in 7.16
spong Nov 23, 2021
0c69791
Fixing snapshot test for signal index revert
spong Nov 23, 2021
374c0d9
Merge branch 'main' of github.com:elastic/kibana into add-rule-execut…
spong Nov 23, 2021
8ade837
Snapshot for .alerts index
spong Nov 23, 2021
e2a9195
Merge branch 'main' of github.com:elastic/kibana into add-rule-execut…
spong Nov 24, 2021
b11a35b
Merge branch 'main' of github.com:elastic/kibana into add-rule-execut…
spong Nov 29, 2021
1db77df
Fixes cypress test and ml functional test
spong Nov 29, 2021
2b4bbc2
Merge branch 'main' of github.com:elastic/kibana into add-rule-execut…
spong Dec 4, 2021
ccb49e5
Merge branch 'main' of github.com:elastic/kibana into add-rule-execut…
spong Dec 8, 2021
86ebaa1
Fixing task_runner test
spong Dec 9, 2021
4da6e82
Merge branch 'main' of github.com:elastic/kibana into add-rule-execut…
spong Dec 9, 2021
2587478
Merge branch 'main' of github.com:elastic/kibana into add-rule-execut…
spong Dec 13, 2021
f088181
Merge branch 'main' of github.com:elastic/kibana into add-rule-execut…
spong Dec 15, 2021
b43525d
Merge branch 'main' of github.com:elastic/kibana into add-rule-execut…
spong Dec 17, 2021
a993668
Plumbs through remaining EVENT_LOG_ACTIONS types
spong Dec 17, 2021
0fac144
Merge branch 'main' of github.com:elastic/kibana into add-rule-execut…
spong Jan 4, 2022
989a45a
Merge branch 'main' of github.com:elastic/kibana into add-rule-execut…
spong Jan 11, 2022
e06a4ff
Merge branch 'main' of github.com:elastic/kibana into add-rule-execut…
spong Jan 12, 2022
c81341c
Removed legacy signals impl, now writing to all alert types, and test…
spong Jan 12, 2022
4fea3d6
Fixes snapshot and ftr tests
spong Jan 13, 2022
aa09598
Merge branch 'main' of github.com:elastic/kibana into add-rule-execut…
spong Jan 14, 2022
0f1df1d
Adds functional test coverage for identifying unqiue execution ids
spong Jan 15, 2022
4cc12a7
Merge branch 'main' of github.com:elastic/kibana into add-rule-execut…
spong Jan 18, 2022
3e8b569
Merge branch 'main' of github.com:elastic/kibana into add-rule-execut…
spong Jan 18, 2022
1e636cc
Merge branch 'main' of github.com:elastic/kibana into add-rule-execut…
spong Jan 20, 2022
a090a55
Merge branch 'main' of github.com:elastic/kibana into add-rule-execut…
spong Jan 20, 2022
d3e01da
Adds executionId to buildRuleMessageFactory
spong Jan 20, 2022
b389135
Merge branch 'main' of github.com:elastic/kibana into add-rule-execut…
spong Jan 20, 2022
e816335
Merge branch 'main' of github.com:elastic/kibana into add-rule-execut…
spong Jan 20, 2022
677d232
Reworks executionId through new rule execution logger changes from main
spong Jan 20, 2022
a15d328
Adds test coverage to ensure each execution has a different id genere…
spong Jan 20, 2022
180d98b
Merge branch 'main' of github.com:elastic/kibana into add-rule-execut…
spong Jan 20, 2022
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions packages/kbn-rule-data-utils/src/technical_field_names.ts
Original file line number Diff line number Diff line change
Expand Up @@ -47,6 +47,7 @@ const ALERT_RULE_CREATED_AT = `${ALERT_RULE_NAMESPACE}.created_at` as const;
const ALERT_RULE_CREATED_BY = `${ALERT_RULE_NAMESPACE}.created_by` as const;
const ALERT_RULE_DESCRIPTION = `${ALERT_RULE_NAMESPACE}.description` as const;
const ALERT_RULE_ENABLED = `${ALERT_RULE_NAMESPACE}.enabled` as const;
const ALERT_RULE_EXECUTION_UUID = `${ALERT_RULE_NAMESPACE}.execution.uuid` as const;
const ALERT_RULE_FROM = `${ALERT_RULE_NAMESPACE}.from` as const;
const ALERT_RULE_INTERVAL = `${ALERT_RULE_NAMESPACE}.interval` as const;
const ALERT_RULE_LICENSE = `${ALERT_RULE_NAMESPACE}.license` as const;
Expand Down Expand Up @@ -103,6 +104,7 @@ const fields = {
ALERT_RULE_CREATED_BY,
ALERT_RULE_DESCRIPTION,
ALERT_RULE_ENABLED,
ALERT_RULE_EXECUTION_UUID,
ALERT_RULE_FROM,
ALERT_RULE_INTERVAL,
ALERT_RULE_LICENSE,
Expand Down Expand Up @@ -156,6 +158,7 @@ export {
ALERT_RULE_CREATED_BY,
ALERT_RULE_DESCRIPTION,
ALERT_RULE_ENABLED,
ALERT_RULE_EXECUTION_UUID,
ALERT_RULE_FROM,
ALERT_RULE_INTERVAL,
ALERT_RULE_LICENSE,
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,7 @@ describe('createAlertEventLogRecordObject', () => {
test('created alert event "execute-start"', async () => {
expect(
createAlertEventLogRecordObject({
executionId: '7a7065d7-6e8b-4aae-8d20-c93613dec9fb',
ruleId: '1',
ruleType,
action: 'execute-start',
Expand All @@ -50,6 +51,13 @@ describe('createAlertEventLogRecordObject', () => {
kind: 'alert',
},
kibana: {
alert: {
rule: {
execution: {
uuid: '7a7065d7-6e8b-4aae-8d20-c93613dec9fb',
},
},
},
saved_objects: [
{
id: '1',
Expand All @@ -76,6 +84,7 @@ describe('createAlertEventLogRecordObject', () => {
test('created alert event "recovered-instance"', async () => {
expect(
createAlertEventLogRecordObject({
executionId: '7a7065d7-6e8b-4aae-8d20-c93613dec9fb',
ruleId: '1',
ruleName: 'test name',
ruleType,
Expand Down Expand Up @@ -109,6 +118,13 @@ describe('createAlertEventLogRecordObject', () => {
start: '1970-01-01T00:00:00.000Z',
},
kibana: {
alert: {
rule: {
execution: {
uuid: '7a7065d7-6e8b-4aae-8d20-c93613dec9fb',
},
},
},
alerting: {
action_group_id: 'group 1',
action_subgroup: 'subgroup value',
Expand Down Expand Up @@ -138,6 +154,7 @@ describe('createAlertEventLogRecordObject', () => {
test('created alert event "execute-action"', async () => {
expect(
createAlertEventLogRecordObject({
executionId: '7a7065d7-6e8b-4aae-8d20-c93613dec9fb',
ruleId: '1',
ruleName: 'test name',
ruleType,
Expand Down Expand Up @@ -176,6 +193,13 @@ describe('createAlertEventLogRecordObject', () => {
start: '1970-01-01T00:00:00.000Z',
},
kibana: {
alert: {
rule: {
execution: {
uuid: '7a7065d7-6e8b-4aae-8d20-c93613dec9fb',
},
},
},
alerting: {
action_group_id: 'group 1',
action_subgroup: 'subgroup value',
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@ import { UntypedNormalizedRuleType } from '../rule_type_registry';
export type Event = Exclude<IEvent, undefined>;

interface CreateAlertEventLogRecordParams {
executionId?: string;
ruleId: string;
ruleType: UntypedNormalizedRuleType;
action: string;
Expand All @@ -36,7 +37,18 @@ interface CreateAlertEventLogRecordParams {
}

export function createAlertEventLogRecordObject(params: CreateAlertEventLogRecordParams): Event {
const { ruleType, action, state, message, task, ruleId, group, subgroup, namespace } = params;
const {
executionId,
ruleType,
action,
state,
message,
task,
ruleId,
group,
subgroup,
namespace,
} = params;
const alerting =
params.instanceId || group || subgroup
? {
Expand All @@ -59,6 +71,17 @@ export function createAlertEventLogRecordObject(params: CreateAlertEventLogRecor
},
kibana: {
...(alerting ? alerting : {}),
...(executionId
? {
alert: {
rule: {
execution: {
uuid: executionId,
},
},
},
}
: {}),
saved_objects: params.savedObjects.map((so) => ({
...(so.relation ? { rel: so.relation } : {}),
type: so.type,
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,10 @@ import { getBeforeSetup, setGlobalDate } from './lib';
import { eventLoggerMock } from '../../../../event_log/server/event_logger.mock';
import { TaskStatus } from '../../../../task_manager/server';

jest.mock('uuid', () => ({
v4: () => '5f6aa57d-3e22-484e-bae8-cbed868f4d28',
}));

const taskManager = taskManagerMock.createStart();
const ruleTypeRegistry = ruleTypeRegistryMock.create();
const unsecuredSavedObjectsClient = savedObjectsClientMock.create();
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -73,6 +73,7 @@ const createExecutionHandlerParams: jest.Mocked<
spaceId: 'test1',
ruleId: '1',
ruleName: 'name-of-alert',
executionId: '5f6aa57d-3e22-484e-bae8-cbed868f4d28',
tags: ['tag-A', 'tag-B'],
apiKey: 'MTIzOmFiYw==',
kibanaBaseUrl: 'http://localhost:5601',
Expand Down Expand Up @@ -173,6 +174,13 @@ test('enqueues execution per selected action', async () => {
"kind": "alert",
},
"kibana": Object {
"alert": Object {
"rule": Object {
"execution": Object {
"uuid": "5f6aa57d-3e22-484e-bae8-cbed868f4d28",
},
},
},
"alerting": Object {
"action_group_id": "default",
"instance_id": "2",
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -36,6 +36,7 @@ export interface CreateExecutionHandlerOptions<
> {
ruleId: string;
ruleName: string;
executionId: string;
tags?: string[];
actionsPlugin: ActionsPluginStartContract;
actions: AlertAction[];
Expand Down Expand Up @@ -83,6 +84,7 @@ export function createExecutionHandler<
logger,
ruleId,
ruleName,
executionId,
tags,
actionsPlugin,
actions: ruleActions,
Expand Down Expand Up @@ -206,6 +208,7 @@ export function createExecutionHandler<
ruleId,
ruleType: ruleType as UntypedNormalizedRuleType,
action: EVENT_LOG_ACTIONS.executeAction,
executionId,
instanceId: alertId,
group: actionGroup,
subgroup: actionSubgroup,
Expand Down
Loading