forked from elastic/kibana
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Update the Risk Input table in the expanded Entity Flyout to incorpor…
…ate all alerts contributing to the risk score (elastic#174025) ## Update the Risk Input table in the expanded Entity Flyout to incorporate all alerts contributing to the risk score <img width="1260" alt="Screenshot 2024-01-03 at 12 06 13" src="https://github.com/elastic/kibana/assets/7609147/81bbdcd6-d15c-4d70-9552-b270f75346d4"> We have changed the way how we request alerts for the risk inputs table. It will create a new query: ``` query: { bool: { filter: [ { term: { "user.name": "${user.name}" } }, { range: { '@timestamp': { gte: from, lte: to, }, }, }, ], }, } ``` It still uses in-memory pagination. It also updates the number of alerts in the Risk input summary but doesn't change the inspect query, as it can be used in the future for asset criticality and other input sources. ## Add new API to return risk engine settings Currently, return only the risk engine **range**, any other options can be added later if needed. Also added an open API generated types for this route --------- Co-authored-by: Kibana Machine <[email protected]>
- Loading branch information
1 parent
46707e4
commit 3fea5d4
Showing
32 changed files
with
1,019 additions
and
74 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
20 changes: 20 additions & 0 deletions
20
...ns/security_solution/common/api/entity_analytics/risk_engine/engine_settings_route.gen.ts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,20 @@ | ||
/* | ||
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one | ||
* or more contributor license agreements. Licensed under the Elastic License | ||
* 2.0; you may not use this file except in compliance with the Elastic License | ||
* 2.0. | ||
*/ | ||
|
||
import { z } from 'zod'; | ||
|
||
/* | ||
* NOTICE: Do not edit this file manually. | ||
* This file is automatically generated by the OpenAPI Generator, @kbn/openapi-generator. | ||
*/ | ||
|
||
import { DateRange } from '../common/common.gen'; | ||
|
||
export type RiskEngineSettingsResponse = z.infer<typeof RiskEngineSettingsResponse>; | ||
export const RiskEngineSettingsResponse = z.object({ | ||
range: DateRange.optional(), | ||
}); |
33 changes: 33 additions & 0 deletions
33
...curity_solution/common/api/entity_analytics/risk_engine/engine_settings_route.schema.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,33 @@ | ||
openapi: 3.0.0 | ||
info: | ||
version: 1.0.0 | ||
title: Risk Scoring API | ||
description: These APIs allow the consumer to manage Entity Risk Scores within Entity Analytics. | ||
servers: | ||
- url: 'http://{kibana_host}:{port}' | ||
variables: | ||
kibana_host: | ||
default: localhost | ||
port: | ||
default: '5601' | ||
|
||
paths: | ||
/engine/settings: | ||
get: | ||
operationId: RiskEngineSettingsGet | ||
summary: Get the settings of the Risk Engine | ||
responses: | ||
'200': | ||
description: Successful response | ||
content: | ||
application/json: | ||
schema: | ||
$ref: '#/components/schemas/RiskEngineSettingsResponse' | ||
|
||
components: | ||
schemas: | ||
RiskEngineSettingsResponse: | ||
type: object | ||
properties: | ||
range: | ||
$ref: '../common/common.schema.yaml#/components/schemas/DateRange' |
Oops, something went wrong.