Skip to content

Commit

Permalink
[8.x] [SecuritySolution][Endpoint][ResponseActions] Response action t…
Browse files Browse the repository at this point in the history 
…elemetry (endpoint/third party) (elastic#192685) (elastic#194262)

# Backport

This will backport the following commits from `main` to `8.x`:
- [[SecuritySolution][Endpoint][ResponseActions] Response action
telemetry (endpoint/third party)
(elastic#192685)](elastic#192685)

<!--- Backport version: 9.4.3 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sqren/backport)

<!--BACKPORT
[{"author":{"name":"Ash","email":"[email protected]"},"sourceCommit":{"committedDate":"2024-09-27T08:06:31Z","message":"[SecuritySolution][Endpoint][ResponseActions]
Response action telemetry (endpoint/third party) (elastic#192685)\n\n##
Summary\r\n\r\nAdds server-side telemetry collection for response action
creation and\r\nresponses.\r\npart of
elastic/security-team/issues/7466\r\n\r\n<details><summary>Events from
telemetry
staging</summary>\r\n<img\r\nsrc=\"https://github.com/user-attachments/assets/2e9f37f1-c5b5-46e9-be34-c3bdcff4015b\"\r\n/>\r\n<img\r\nsrc=\"https://github.com/user-attachments/assets/85a5a75d-f9f1-4d76-a782-272d9d7da0cb\"\r\n/>\r\n</details>
\r\n\r\n<details><summary>Dashboard on
staging</summary>\r\n<img\r\nsrc=\"https://github.com/user-attachments/assets/9faa96a2-a553-4def-b5da-6b66b5728ca4\">\r\n</details>
\r\n\r\nThis PR adds Server Side EBTs (event-based telemetry)
for:\r\n### Action creation event\r\n```json5\r\n\"event_type\": [\r\n
\"endpoint_response_action_sent\"\r\n ],\r\n \"properties\": [\r\n {\r\n
\"responseActions\": {\r\n \"actionId\":
\"696608a5-1908-457d-9072-5f555c740ffc\",\r\n \"agentType\":
\"sentinel_one\",\r\n \"command\": \"unisolate\",\r\n \"isAutomated\":
false\r\n }\r\n }\r\n ],\r\n```\r\n### Action response
event\r\n```json5\r\n{\r\n\"event_type\": [\r\n
\"endpoint_response_action_status_change_event\"\r\n ],\r\n
\"properties\": [\r\n {\r\n \"responseActions\": {\r\n \"actionId\":
\"696608a5-1908-457d-9072-5f555c740ffc\",\r\n \"agentType\":
\"sentinel_one\",\r\n \"actionStatus\": \"successful\",\r\n \"command\":
\"unisolate\",\r\n }\r\n }\r\n ],\r\n}\r\n```\r\n\r\n### Action creation
error event\r\n```json5\r\n\"event_type\": [\r\n
\"endpoint_response_action_sent_error\"\r\n ],\r\n \"properties\": [\r\n
{\r\n \"responseActions\": {\r\n \"command\": \"execute\",\r\n
\"error\": \"error message\",\r\n \"agentType\": \"endpoint\"\r\n }\r\n
}\r\n ],\r\n```\r\n\r\n\r\n**Note:** This PR does not add response
completion telemetry for\r\n`endpoint` agent type. There would be follow
up PRs to add that and some\r\nusage/snapshot telemetry.\r\n\r\n###
Checklist\r\n- [x] [Unit or
functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere
updated or added to match the most common scenarios\r\n- [ ] [Flaky
Test\r\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1)
was\r\nused on any tests changed\r\n- [ ] If a plugin configuration key
changed, check if it needs to be\r\nallow-listed in the cloud and added
to the
[docker\r\nlist](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker)","sha":"a80335e378da3a063bb79a191c550a88578afd07","branchLabelMapping":{"^v9.0.0$":"main","^v8.16.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","v9.0.0","Team:Defend
Workflows","OLM
Sprint","v8.16.0","backport:version"],"title":"[SecuritySolution][Endpoint][ResponseActions]
Response action telemetry (endpoint/third
party)","number":192685,"url":"https://github.com/elastic/kibana/pull/192685","mergeCommit":{"message":"[SecuritySolution][Endpoint][ResponseActions]
Response action telemetry (endpoint/third party) (elastic#192685)\n\n##
Summary\r\n\r\nAdds server-side telemetry collection for response action
creation and\r\nresponses.\r\npart of
elastic/security-team/issues/7466\r\n\r\n<details><summary>Events from
telemetry
staging</summary>\r\n<img\r\nsrc=\"https://github.com/user-attachments/assets/2e9f37f1-c5b5-46e9-be34-c3bdcff4015b\"\r\n/>\r\n<img\r\nsrc=\"https://github.com/user-attachments/assets/85a5a75d-f9f1-4d76-a782-272d9d7da0cb\"\r\n/>\r\n</details>
\r\n\r\n<details><summary>Dashboard on
staging</summary>\r\n<img\r\nsrc=\"https://github.com/user-attachments/assets/9faa96a2-a553-4def-b5da-6b66b5728ca4\">\r\n</details>
\r\n\r\nThis PR adds Server Side EBTs (event-based telemetry)
for:\r\n### Action creation event\r\n```json5\r\n\"event_type\": [\r\n
\"endpoint_response_action_sent\"\r\n ],\r\n \"properties\": [\r\n {\r\n
\"responseActions\": {\r\n \"actionId\":
\"696608a5-1908-457d-9072-5f555c740ffc\",\r\n \"agentType\":
\"sentinel_one\",\r\n \"command\": \"unisolate\",\r\n \"isAutomated\":
false\r\n }\r\n }\r\n ],\r\n```\r\n### Action response
event\r\n```json5\r\n{\r\n\"event_type\": [\r\n
\"endpoint_response_action_status_change_event\"\r\n ],\r\n
\"properties\": [\r\n {\r\n \"responseActions\": {\r\n \"actionId\":
\"696608a5-1908-457d-9072-5f555c740ffc\",\r\n \"agentType\":
\"sentinel_one\",\r\n \"actionStatus\": \"successful\",\r\n \"command\":
\"unisolate\",\r\n }\r\n }\r\n ],\r\n}\r\n```\r\n\r\n### Action creation
error event\r\n```json5\r\n\"event_type\": [\r\n
\"endpoint_response_action_sent_error\"\r\n ],\r\n \"properties\": [\r\n
{\r\n \"responseActions\": {\r\n \"command\": \"execute\",\r\n
\"error\": \"error message\",\r\n \"agentType\": \"endpoint\"\r\n }\r\n
}\r\n ],\r\n```\r\n\r\n\r\n**Note:** This PR does not add response
completion telemetry for\r\n`endpoint` agent type. There would be follow
up PRs to add that and some\r\nusage/snapshot telemetry.\r\n\r\n###
Checklist\r\n- [x] [Unit or
functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere
updated or added to match the most common scenarios\r\n- [ ] [Flaky
Test\r\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1)
was\r\nused on any tests changed\r\n- [ ] If a plugin configuration key
changed, check if it needs to be\r\nallow-listed in the cloud and added
to the
[docker\r\nlist](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker)","sha":"a80335e378da3a063bb79a191c550a88578afd07"}},"sourceBranch":"main","suggestedTargetBranches":["8.x"],"targetPullRequestStates":[{"branch":"main","label":"v9.0.0","branchLabelMappingKey":"^v9.0.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/192685","number":192685,"mergeCommit":{"message":"[SecuritySolution][Endpoint][ResponseActions]
Response action telemetry (endpoint/third party) (elastic#192685)\n\n##
Summary\r\n\r\nAdds server-side telemetry collection for response action
creation and\r\nresponses.\r\npart of
elastic/security-team/issues/7466\r\n\r\n<details><summary>Events from
telemetry
staging</summary>\r\n<img\r\nsrc=\"https://github.com/user-attachments/assets/2e9f37f1-c5b5-46e9-be34-c3bdcff4015b\"\r\n/>\r\n<img\r\nsrc=\"https://github.com/user-attachments/assets/85a5a75d-f9f1-4d76-a782-272d9d7da0cb\"\r\n/>\r\n</details>
\r\n\r\n<details><summary>Dashboard on
staging</summary>\r\n<img\r\nsrc=\"https://github.com/user-attachments/assets/9faa96a2-a553-4def-b5da-6b66b5728ca4\">\r\n</details>
\r\n\r\nThis PR adds Server Side EBTs (event-based telemetry)
for:\r\n### Action creation event\r\n```json5\r\n\"event_type\": [\r\n
\"endpoint_response_action_sent\"\r\n ],\r\n \"properties\": [\r\n {\r\n
\"responseActions\": {\r\n \"actionId\":
\"696608a5-1908-457d-9072-5f555c740ffc\",\r\n \"agentType\":
\"sentinel_one\",\r\n \"command\": \"unisolate\",\r\n \"isAutomated\":
false\r\n }\r\n }\r\n ],\r\n```\r\n### Action response
event\r\n```json5\r\n{\r\n\"event_type\": [\r\n
\"endpoint_response_action_status_change_event\"\r\n ],\r\n
\"properties\": [\r\n {\r\n \"responseActions\": {\r\n \"actionId\":
\"696608a5-1908-457d-9072-5f555c740ffc\",\r\n \"agentType\":
\"sentinel_one\",\r\n \"actionStatus\": \"successful\",\r\n \"command\":
\"unisolate\",\r\n }\r\n }\r\n ],\r\n}\r\n```\r\n\r\n### Action creation
error event\r\n```json5\r\n\"event_type\": [\r\n
\"endpoint_response_action_sent_error\"\r\n ],\r\n \"properties\": [\r\n
{\r\n \"responseActions\": {\r\n \"command\": \"execute\",\r\n
\"error\": \"error message\",\r\n \"agentType\": \"endpoint\"\r\n }\r\n
}\r\n ],\r\n```\r\n\r\n\r\n**Note:** This PR does not add response
completion telemetry for\r\n`endpoint` agent type. There would be follow
up PRs to add that and some\r\nusage/snapshot telemetry.\r\n\r\n###
Checklist\r\n- [x] [Unit or
functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere
updated or added to match the most common scenarios\r\n- [ ] [Flaky
Test\r\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1)
was\r\nused on any tests changed\r\n- [ ] If a plugin configuration key
changed, check if it needs to be\r\nallow-listed in the cloud and added
to the
[docker\r\nlist](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker)","sha":"a80335e378da3a063bb79a191c550a88578afd07"}},{"branch":"8.x","label":"v8.16.0","branchLabelMappingKey":"^v8.16.0$","isSourceBranch":false,"state":"NOT_CREATED"}]}]
BACKPORT-->

Co-authored-by: Ash <[email protected]>
  • Loading branch information
@kibanamachine @ashokaditya
kibanamachine and ashokaditya authored Sep 27, 2024
1 parent 9d98674 commit 3627544
Show file tree
Hide file tree
Showing 19 changed files with 668 additions and 109 deletions.
6 changes: 6 additions & 0 deletions x-pack/plugins/security_solution/common/experimental_features.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -182,6 +182,12 @@ export const allowedExperimentalValues = Object.freeze({
*/
crowdstrikeDataInAnalyzerEnabled: true,

/**
* Enables Response actions telemetry collection
* Should be enabled in 8.17.0
*/
responseActionsTelemetryEnabled: false,

/**
* Enables experimental JAMF integration data to be available in Analyzer
*/
Expand Down
5 changes: 3 additions & 2 deletions ...lic/management/components/endpoint_responder/command_render_components/execute_action.tsx
View file
Original file line number Diff line number Diff line change
Expand Up @@ -32,12 +32,13 @@ export const ExecuteActionResult = memo<
>(({ command, setStore, store, status, setStatus, ResultComponent }) => {
const actionCreator = useSendExecuteEndpoint();
const actionRequestBody = useMemo<undefined | ExecuteActionRequestBody>(() => {
const endpointId = command.commandDefinition?.meta?.endpointId;
const { endpointId, agentType } = command.commandDefinition?.meta ?? {};

if (!endpointId) {
return;
}
return {
agent_type: agentType,
endpoint_ids: [endpointId],
parameters: {
command: command.args.args.command[0],
Expand All @@ -46,7 +47,7 @@ export const ExecuteActionResult = memo<
comment: command.args.args?.comment?.[0],
};
}, [
command.commandDefinition?.meta?.endpointId,
command.commandDefinition?.meta,
command.args.args.command,
command.args.args.timeout,
command.args.args?.comment,
Expand Down
9 changes: 2 additions & 7 deletions ...ic/management/components/endpoint_responder/command_render_components/get_file_action.tsx
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,9 +23,8 @@ export const GetFileActionResult = memo<
const actionCreator = useSendGetFileRequest();

const actionRequestBody = useMemo<undefined | ResponseActionGetFileRequestBody>(() => {
const endpointId = command.commandDefinition?.meta?.endpointId;
const { agentType, endpointId } = command.commandDefinition?.meta ?? {};
const { path, comment } = command.args.args;
const agentType = command.commandDefinition?.meta?.agentType;

return endpointId
? {
Expand All @@ -37,11 +36,7 @@ export const GetFileActionResult = memo<
},
}
: undefined;
}, [
command.args.args,
command.commandDefinition?.meta?.agentType,
command.commandDefinition?.meta?.endpointId,
]);
}, [command.args.args, command.commandDefinition?.meta]);

const { result, actionDetails } = useConsoleActionSubmitter<ResponseActionGetFileRequestBody>({
ResultComponent,
Expand Down
2 changes: 1 addition & 1 deletion ...ts/endpoint_responder/command_render_components/integration_tests/execute_action.test.tsx
View file
Original file line number Diff line number Diff line change
Expand Up @@ -153,7 +153,7 @@ describe('When using execute action from response actions console', () => {

await waitFor(() => {
expect(apiMocks.responseProvider.execute).toHaveBeenCalledWith({
body: '{"endpoint_ids":["a.b.c"],"parameters":{"command":"ls -al"}}',
body: '{"agent_type":"endpoint","endpoint_ids":["a.b.c"],"parameters":{"command":"ls -al"}}',
path: EXECUTE_ROUTE,
version: '2023-10-31',
});
Expand Down
10 changes: 2 additions & 8 deletions ...lic/management/components/endpoint_responder/command_render_components/isolate_action.tsx
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,9 +19,8 @@ export const IsolateActionResult = memo<ActionRequestComponentProps>(
const isolateHostApi = useSendIsolateEndpointRequest();

const actionRequestBody = useMemo(() => {
const endpointId = command.commandDefinition?.meta?.endpointId;
const { agentType, endpointId } = command.commandDefinition?.meta ?? {};
const comment = command.args.args?.comment?.[0];
const agentType = command.commandDefinition?.meta?.agentType;

return endpointId
? {
Expand All @@ -30,12 +29,7 @@ export const IsolateActionResult = memo<ActionRequestComponentProps>(
comment,
}
: undefined;
}, [
command.args.args?.comment,
command.commandDefinition?.meta?.agentType,
command.commandDefinition?.meta?.endpointId,
isSentinelOneV1Enabled,
]);
}, [command.args.args?.comment, command.commandDefinition?.meta, isSentinelOneV1Enabled]);

return useConsoleActionSubmitter({
ResultComponent,
Expand Down
9 changes: 2 additions & 7 deletions ...anagement/components/endpoint_responder/command_render_components/kill_process_action.tsx
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,8 +18,7 @@ export const KillProcessActionResult = memo<
const actionCreator = useSendKillProcessRequest();

const actionRequestBody = useMemo<undefined | KillProcessRequestBody>(() => {
const endpointId = command.commandDefinition?.meta?.endpointId;
const agentType = command.commandDefinition?.meta?.agentType;
const { endpointId, agentType } = command.commandDefinition?.meta ?? {};
const parameters = parsedKillOrSuspendParameter(command.args.args);

return endpointId
Expand All @@ -30,11 +29,7 @@ export const KillProcessActionResult = memo<
parameters,
}
: undefined;
}, [
command.args.args,
command.commandDefinition?.meta?.agentType,
command.commandDefinition?.meta?.endpointId,
]);
}, [command.args.args, command.commandDefinition?.meta]);

return useConsoleActionSubmitter<KillProcessRequestBody>({
ResultComponent,
Expand Down
10 changes: 2 additions & 8 deletions ...lic/management/components/endpoint_responder/command_render_components/release_action.tsx
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,9 +19,8 @@ export const ReleaseActionResult = memo<ActionRequestComponentProps>(
const releaseHostApi = useSendReleaseEndpointRequest();

const actionRequestBody = useMemo(() => {
const endpointId = command.commandDefinition?.meta?.endpointId;
const { endpointId, agentType } = command.commandDefinition?.meta ?? {};
const comment = command.args.args?.comment?.[0];
const agentType = command.commandDefinition?.meta?.agentType;

return endpointId
? {
Expand All @@ -30,12 +29,7 @@ export const ReleaseActionResult = memo<ActionRequestComponentProps>(
comment,
}
: undefined;
}, [
command.args.args?.comment,
command.commandDefinition?.meta?.agentType,
command.commandDefinition?.meta?.endpointId,
isSentinelOneV1Enabled,
]);
}, [command.args.args?.comment, command.commandDefinition?.meta, isSentinelOneV1Enabled]);

return useConsoleActionSubmitter({
ResultComponent,
Expand Down
5 changes: 3 additions & 2 deletions ...gement/components/endpoint_responder/command_render_components/suspend_process_action.tsx
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,19 +23,20 @@ export const SuspendProcessActionResult = memo<
const actionCreator = useSendSuspendProcessRequest();

const actionRequestBody = useMemo<undefined | SuspendProcessRequestBody>(() => {
const endpointId = command.commandDefinition?.meta?.endpointId;
const { agentType, endpointId } = command.commandDefinition?.meta ?? {};
const parameters = parsedKillOrSuspendParameter(command.args.args) as
| ResponseActionParametersWithPid
| ResponseActionParametersWithEntityId;

return endpointId
? {
agent_type: agentType,
endpoint_ids: [endpointId],
comment: command.args.args?.comment?.[0],
parameters,
}
: undefined;
}, [command.args.args, command.commandDefinition?.meta?.endpointId]);
}, [command.args.args, command.commandDefinition?.meta]);

return useConsoleActionSubmitter<SuspendProcessRequestBody, SuspendProcessActionOutputContent>({
ResultComponent,
Expand Down
5 changes: 3 additions & 2 deletions ...blic/management/components/endpoint_responder/command_render_components/upload_action.tsx
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,14 +29,15 @@ export const UploadActionResult = memo<
const actionCreator = useSendUploadEndpointRequest();

const actionRequestBody = useMemo<undefined | UploadActionUIRequestBody>(() => {
const endpointId = command.commandDefinition?.meta?.endpointId;
const { agentType, endpointId } = command.commandDefinition?.meta ?? {};
const { comment, overwrite, file } = command.args.args;

if (!endpointId) {
return;
}

const reqBody: UploadActionUIRequestBody = {
agent_type: agentType,
endpoint_ids: [endpointId],
...(comment?.[0] ? { comment: comment?.[0] } : {}),
parameters:
Expand All @@ -49,7 +50,7 @@ export const UploadActionResult = memo<
};

return reqBody;
}, [command.args.args, command.commandDefinition?.meta?.endpointId]);
}, [command.args.args, command.commandDefinition?.meta]);

const { result, actionDetails } = useConsoleActionSubmitter<
UploadActionUIRequestBody,
Expand Down
4 changes: 2 additions & 2 deletions ...urity_solution/scripts/telemetry/saved_objects/security_solution_ebt_kibana_server.ndjson
View file
Original file line number Diff line number Diff line change
@@ -1,2 +1,2 @@
{"attributes":{"allowHidden":false,"fieldAttrs":"{\"properties.model\":{},\"properties.resourceAccessed\":{},\"properties.resultCount\":{},\"properties.responseTime\":{},\"properties.errorMessage\":{},\"properties.isEnabledKnowledgeBase\":{},\"properties.isEnabledRAGAlerts\":{},\"properties.assistantStreamingEnabled\":{},\"properties.actionTypeId\":{},\"properties.message\":{},\"properties.productTier\":{},\"properties.failedToDeleteCount\":{},\"properties.totalInstalledCount\":{},\"properties.scoresWritten\":{},\"properties.taskDurationInSeconds\":{},\"properties.interval\":{},\"properties.alertSampleSizePerShard\":{},\"properties.status\":{},\"properties.processing.startTime\":{},\"properties.processing.endTime\":{},\"properties.processing.tookMs\":{},\"properties.result.successful\":{},\"properties.result.failed\":{},\"properties.result.total\":{},\"properties.alertsContextCount\":{},\"properties.alertsCount\":{},\"properties.configuredAlertsCount\":{},\"properties.discoveriesGenerated\":{},\"properties.durationMs\":{},\"properties.provider\":{},\"properties.total_tokens\":{},\"properties.prompt_tokens\":{},\"properties.completion_tokens\":{},\"properties.suppressionRuleType\":{},\"properties.suppressionMissingFields\":{},\"properties.suppressionAlertsCreated\":{},\"properties.suppressionAlertsSuppressed\":{},\"properties.suppressionRuleName\":{},\"properties.suppressionDuration\":{},\"properties.suppressionFieldsNumber\":{},\"properties.suppressionGroupByFieldsNumber\":{},\"properties.suppressionGroupByFields\":{},\"properties.suppressionRuleId\":{}}","fieldFormatMap":"{}","fields":"[]","name":"security-solution-ebt-kibana-server","runtimeFieldMap":"{\"properties.message\":{\"type\":\"keyword\"},\"properties.productTier\":{\"type\":\"keyword\"},\"properties.failedToDeleteCount\":{\"type\":\"long\"},\"properties.totalInstalledCount\":{\"type\":\"long\"},\"properties.model\":{\"type\":\"keyword\"},\"properties.resourceAccessed\":{\"type\":\"keyword\"},\"properties.resultCount\":{\"type\":\"long\"},\"properties.responseTime\":{\"type\":\"long\"},\"properties.errorMessage\":{\"type\":\"keyword\"},\"properties.isEnabledKnowledgeBase\":{\"type\":\"boolean\"},\"properties.isEnabledRAGAlerts\":{\"type\":\"boolean\"},\"properties.assistantStreamingEnabled\":{\"type\":\"boolean\"},\"properties.actionTypeId\":{\"type\":\"keyword\"},\"properties.alertsContextCount\":{\"type\":\"long\"},\"properties.alertsCount\":{\"type\":\"long\"},\"properties.configuredAlertsCount\":{\"type\":\"long\"},\"properties.discoveriesGenerated\":{\"type\":\"long\"},\"properties.durationMs\":{\"type\":\"long\"},\"properties.provider\":{\"type\":\"keyword\"},\"properties.scoresWritten\":{\"type\":\"long\"},\"properties.taskDurationInSeconds\":{\"type\":\"long\"},\"properties.interval\":{\"type\":\"keyword\"},\"properties.alertSampleSizePerShard\":{\"type\":\"long\"},\"properties.status\":{\"type\":\"keyword\"},\"properties.processing.startTime\":{\"type\":\"date\"},\"properties.processing.endTime\":{\"type\":\"date\"},\"properties.processing.tookMs\":{\"type\":\"long\"},\"properties.result.successful\":{\"type\":\"long\"},\"properties.result.failed\":{\"type\":\"long\"},\"properties.result.total\":{\"type\":\"long\"},\"properties.total_tokens\":{\"type\":\"long\"},\"properties.prompt_tokens\":{\"type\":\"long\"},\"properties.completion_tokens\":{\"type\":\"keyword\"},\"properties.suppressionMissingFields\":{\"type\":\"boolean\"},\"properties.suppressionAlertsCreated\":{\"type\":\"long\"},\"properties.suppressionAlertsSuppressed\":{\"type\":\"long\"},\"properties.suppressionRuleName\":{\"type\":\"keyword\"},\"properties.suppressionDuration\":{\"type\":\"long\"},\"properties.suppressionRuleType\":{\"type\":\"keyword\"},\"properties.suppressionGroupByFieldsNumber\":{\"type\":\"long\"},\"properties.suppressionGroupByFields\":{\"type\":\"keyword\"},\"properties.suppressionRuleId\":{\"type\":\"keyword\"}}","sourceFilters":"[]","timeFieldName":"timestamp","title":"ebt-kibana-server"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-30T16:12:44.874Z","id":"security-solution-ebt-kibana-server","managed":false,"references":[],"type":"index-pattern","typeMigrationVersion":"8.0.0","updated_at":"2024-07-30T11:12:43.928Z","version":"WzM4ODczLDVd"}
{"excludedObjects":[],"excludedObjectsCount":0,"exportedCount":1,"missingRefCount":0,"missingReferences":[]}
{"attributes":{"allowHidden":false,"fieldAttrs":"{\"properties.model\":{},\"properties.resourceAccessed\":{},\"properties.resultCount\":{},\"properties.responseTime\":{},\"properties.errorMessage\":{},\"properties.isEnabledKnowledgeBase\":{},\"properties.isEnabledRAGAlerts\":{},\"properties.assistantStreamingEnabled\":{},\"properties.actionTypeId\":{},\"properties.message\":{},\"properties.productTier\":{},\"properties.failedToDeleteCount\":{},\"properties.totalInstalledCount\":{},\"properties.scoresWritten\":{},\"properties.taskDurationInSeconds\":{},\"properties.interval\":{},\"properties.alertSampleSizePerShard\":{},\"properties.status\":{},\"properties.processing.startTime\":{},\"properties.processing.endTime\":{},\"properties.processing.tookMs\":{},\"properties.result.successful\":{},\"properties.result.failed\":{},\"properties.result.total\":{},\"properties.alertsContextCount\":{},\"properties.alertsCount\":{},\"properties.configuredAlertsCount\":{},\"properties.discoveriesGenerated\":{},\"properties.durationMs\":{},\"properties.provider\":{},\"properties.total_tokens\":{},\"properties.prompt_tokens\":{},\"properties.completion_tokens\":{},\"properties.suppressionRuleType\":{},\"properties.suppressionMissingFields\":{},\"properties.suppressionAlertsCreated\":{},\"properties.suppressionAlertsSuppressed\":{},\"properties.suppressionRuleName\":{},\"properties.suppressionDuration\":{},\"properties.suppressionFieldsNumber\":{},\"properties.suppressionGroupByFieldsNumber\":{},\"properties.suppressionGroupByFields\":{},\"properties.suppressionRuleId\":{},\"properties.responseActions.actionId\":{},\"properties.responseActions.agentType\":{},\"properties.responseActions.command\":{},\"properties.responseActions.endpointIds\":{},\"properties.responseActions.isAutomated\":{},\"properties.responseActions.actionStatus\":{}}","fieldFormatMap":"{}","fields":"[]","name":"security-solution-ebt-kibana-server","runtimeFieldMap":"{\"properties.message\":{\"type\":\"keyword\"},\"properties.productTier\":{\"type\":\"keyword\"},\"properties.failedToDeleteCount\":{\"type\":\"long\"},\"properties.totalInstalledCount\":{\"type\":\"long\"},\"properties.isEnabledKnowledgeBase\":{\"type\":\"boolean\"},\"properties.isEnabledRAGAlerts\":{\"type\":\"boolean\"},\"properties.total_tokens\":{\"type\":\"long\"},\"properties.prompt_tokens\":{\"type\":\"long\"},\"properties.completion_tokens\":{\"type\":\"keyword\"},\"properties.suppressionGroupByFields\":{\"type\":\"keyword\"},\"properties.model\":{\"type\":\"keyword\"},\"properties.resourceAccessed\":{\"type\":\"keyword\"},\"properties.resultCount\":{\"type\":\"long\"},\"properties.responseTime\":{\"type\":\"long\"},\"properties.errorMessage\":{\"type\":\"keyword\"},\"properties.assistantStreamingEnabled\":{\"type\":\"boolean\"},\"properties.actionTypeId\":{\"type\":\"keyword\"},\"properties.alertsContextCount\":{\"type\":\"long\"},\"properties.alertsCount\":{\"type\":\"long\"},\"properties.configuredAlertsCount\":{\"type\":\"long\"},\"properties.discoveriesGenerated\":{\"type\":\"long\"},\"properties.durationMs\":{\"type\":\"long\"},\"properties.provider\":{\"type\":\"keyword\"},\"properties.scoresWritten\":{\"type\":\"long\"},\"properties.taskDurationInSeconds\":{\"type\":\"long\"},\"properties.interval\":{\"type\":\"keyword\"},\"properties.alertSampleSizePerShard\":{\"type\":\"long\"},\"properties.status\":{\"type\":\"keyword\"},\"properties.processing.startTime\":{\"type\":\"date\"},\"properties.processing.endTime\":{\"type\":\"date\"},\"properties.processing.tookMs\":{\"type\":\"long\"},\"properties.result.successful\":{\"type\":\"long\"},\"properties.result.failed\":{\"type\":\"long\"},\"properties.result.total\":{\"type\":\"long\"},\"properties.suppressionAlertsCreated\":{\"type\":\"long\"},\"properties.suppressionAlertsSuppressed\":{\"type\":\"long\"},\"properties.suppressionRuleName\":{\"type\":\"keyword\"},\"properties.suppressionDuration\":{\"type\":\"long\"},\"properties.suppressionGroupByFieldsNumber\":{\"type\":\"long\"},\"properties.suppressionRuleType\":{\"type\":\"keyword\"},\"properties.suppressionMissingFields\":{\"type\":\"boolean\"},\"properties.suppressionRuleId\":{\"type\":\"keyword\"},\"properties.responseActions.actionId\":{\"type\":\"keyword\"},\"properties.responseActions.agentType\":{\"type\":\"keyword\"},\"properties.responseActions.command\":{\"type\":\"keyword\"},\"properties.responseActions.endpointIds\":{\"type\":\"keyword\"},\"properties.responseActions.isAutomated\":{\"type\":\"boolean\"},\"properties.responseActions.actionStatus\":{\"type\":\"keyword\"}}","sourceFilters":"[]","timeFieldName":"timestamp","title":"ebt-kibana-server"},"coreMigrationVersion":"8.8.0","created_at":"2024-05-30T16:12:44.874Z","id":"security-solution-ebt-kibana-server","managed":false,"references":[],"type":"index-pattern","typeMigrationVersion":"8.0.0","updated_at":"2024-09-16T11:22:09.683Z","version":"WzQ2MDU0LDdd"}
{"excludedObjects":[],"excludedObjectsCount":0,"exportedCount":1,"missingRefCount":0,"missingReferences":[]}
9 changes: 9 additions & 0 deletions x-pack/plugins/security_solution/server/endpoint/endpoint_app_context_services.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@
*/

import type {
AnalyticsServiceSetup,
ElasticsearchClient,
KibanaRequest,
Logger,
Expand Down Expand Up @@ -58,6 +59,7 @@ export interface EndpointAppContextServiceSetupContract {
securitySolutionRequestContextFactory: IRequestContextFactory;
cloud: CloudSetup;
loggerFactory: LoggerFactory;
telemetry: AnalyticsServiceSetup;
}

export interface EndpointAppContextServiceStartContract {
Expand Down Expand Up @@ -339,4 +341,11 @@ export class EndpointAppContextService {

return this.startDependencies.createFleetActionsClient('endpoint');
}

public getTelemetryService(): AnalyticsServiceSetup {
if (!this.setupDependencies?.telemetry) {
throw new EndpointAppContentServicesNotSetUpError();
}
return this.setupDependencies.telemetry;
}
}
3 changes: 3 additions & 0 deletions x-pack/plugins/security_solution/server/endpoint/mocks/mocks.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@

import type { ScopedClusterClientMock } from '@kbn/core/server/mocks';
import {
analyticsServiceMock,
elasticsearchServiceMock,
httpServerMock,
httpServiceMock,
Expand Down Expand Up @@ -128,6 +129,7 @@ export const createMockEndpointAppContextService = (
getExceptionListsClient: jest.fn(),
getMessageSigningService: jest.fn().mockReturnValue(messageSigningService),
getFleetActionsClient: jest.fn(async (_) => fleetActionsClientMock),
getTelemetryService: jest.fn(),
getInternalResponseActionsClient: jest.fn(() => {
return responseActionsClientMock.create();
}),
Expand All @@ -143,6 +145,7 @@ export const createMockEndpointAppContextServiceSetupContract =
securitySolutionRequestContextFactory: requestContextFactoryMock.create(),
cloud: cloudMock.createSetup(),
loggerFactory: loggingSystemMock.create(),
telemetry: analyticsServiceMock.createAnalyticsServiceSetup(),
};
};

Expand Down
Loading

0 comments on commit 3627544

Please sign in to comment.