From e581a756ed999697f09e585734fce40349be207f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Patryk=20Kopyci=C5=84ski?= Date: Thu, 24 Sep 2020 11:48:42 +0200 Subject: [PATCH] [Security Solution] Cleanup IP Details graphql (#78318) (#78389) --- .../security_solution/network/users/index.ts | 6 +- .../public/graphql/introspection.json | 680 ++---------------- .../security_solution/public/graphql/types.ts | 398 +--------- .../components/users_table/columns.tsx | 12 +- .../network/components/users_table/mock.ts | 5 +- .../containers/details/index.gql_query.ts | 91 --- .../containers/users/index.gql_query.ts | 59 -- .../security_solution/server/graphql/index.ts | 2 - .../server/graphql/ip_details/index.ts | 8 - .../server/graphql/ip_details/resolvers.ts | 50 -- .../server/graphql/ip_details/schema.gql.ts | 97 --- .../security_solution/server/graphql/types.ts | 409 +---------- .../security_solution/server/init_server.ts | 2 - .../server/lib/compose/kibana.ts | 2 - .../ip_details/elasticsearch_adapter.test.ts | 53 -- .../lib/ip_details/elasticsearch_adapter.ts | 160 ----- .../server/lib/ip_details/index.ts | 37 - .../server/lib/ip_details/mock.ts | 430 ----------- .../lib/ip_details/query_overview.dsl.ts | 126 ---- .../server/lib/ip_details/query_users.dsl.ts | 104 --- .../server/lib/ip_details/types.ts | 135 ---- .../security_solution/server/lib/types.ts | 2 - .../apis/security_solution/index.js | 2 +- .../apis/security_solution/network_details.ts | 2 + .../apis/security_solution/users.ts | 3 + 25 files changed, 94 insertions(+), 2781 deletions(-) delete mode 100644 x-pack/plugins/security_solution/public/network/containers/details/index.gql_query.ts delete mode 100644 x-pack/plugins/security_solution/public/network/containers/users/index.gql_query.ts delete mode 100644 x-pack/plugins/security_solution/server/graphql/ip_details/index.ts delete mode 100644 x-pack/plugins/security_solution/server/graphql/ip_details/resolvers.ts delete mode 100644 x-pack/plugins/security_solution/server/graphql/ip_details/schema.gql.ts delete mode 100644 x-pack/plugins/security_solution/server/lib/ip_details/elasticsearch_adapter.test.ts delete mode 100644 x-pack/plugins/security_solution/server/lib/ip_details/elasticsearch_adapter.ts delete mode 100644 x-pack/plugins/security_solution/server/lib/ip_details/index.ts delete mode 100644 x-pack/plugins/security_solution/server/lib/ip_details/mock.ts delete mode 100644 x-pack/plugins/security_solution/server/lib/ip_details/query_overview.dsl.ts delete mode 100644 x-pack/plugins/security_solution/server/lib/ip_details/query_users.dsl.ts delete mode 100644 x-pack/plugins/security_solution/server/lib/ip_details/types.ts diff --git a/x-pack/plugins/security_solution/common/search_strategy/security_solution/network/users/index.ts b/x-pack/plugins/security_solution/common/search_strategy/security_solution/network/users/index.ts index 196317e7587bf..8c4e19a804148 100644 --- a/x-pack/plugins/security_solution/common/search_strategy/security_solution/network/users/index.ts +++ b/x-pack/plugins/security_solution/common/search_strategy/security_solution/network/users/index.ts @@ -40,9 +40,9 @@ export interface NetworkUsersNode { export interface NetworkUsersItem { name?: Maybe; - id?: Maybe; - groupId?: Maybe; - groupName?: Maybe; + id?: Maybe; + groupId?: Maybe; + groupName?: Maybe; count?: Maybe; } diff --git a/x-pack/plugins/security_solution/public/graphql/introspection.json b/x-pack/plugins/security_solution/public/graphql/introspection.json index 38baa7691c9f9..d8342104af823 100644 --- a/x-pack/plugins/security_solution/public/graphql/introspection.json +++ b/x-pack/plugins/security_solution/public/graphql/introspection.json @@ -1245,174 +1245,6 @@ "isDeprecated": false, "deprecationReason": null }, - { - "name": "IpOverview", - "description": "", - "args": [ - { - "name": "id", - "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null - }, - { - "name": "filterQuery", - "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null - }, - { - "name": "ip", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } - }, - "defaultValue": null - }, - { - "name": "defaultIndex", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } - } - } - }, - "defaultValue": null - }, - { - "name": "docValueFields", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { - "kind": "INPUT_OBJECT", - "name": "docValueFieldsInput", - "ofType": null - } - } - } - }, - "defaultValue": null - } - ], - "type": { "kind": "OBJECT", "name": "IpOverviewData", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "Users", - "description": "", - "args": [ - { - "name": "filterQuery", - "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null - }, - { - "name": "id", - "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null - }, - { - "name": "ip", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } - }, - "defaultValue": null - }, - { - "name": "pagination", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { - "kind": "INPUT_OBJECT", - "name": "PaginationInputPaginated", - "ofType": null - } - }, - "defaultValue": null - }, - { - "name": "sort", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "INPUT_OBJECT", "name": "UsersSortField", "ofType": null } - }, - "defaultValue": null - }, - { - "name": "flowTarget", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "ENUM", "name": "FlowTarget", "ofType": null } - }, - "defaultValue": null - }, - { - "name": "timerange", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "INPUT_OBJECT", "name": "TimerangeInput", "ofType": null } - }, - "defaultValue": null - }, - { - "name": "defaultIndex", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } - } - } - }, - "defaultValue": null - } - ], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "UsersData", "ofType": null } - }, - "isDeprecated": false, - "deprecationReason": null - }, { "name": "KpiNetwork", "description": "", @@ -6756,109 +6588,94 @@ }, { "kind": "OBJECT", - "name": "IpOverviewData", + "name": "KpiNetworkData", "description": "", "fields": [ { - "name": "client", + "name": "networkEvents", "description": "", "args": [], - "type": { "kind": "OBJECT", "name": "Overview", "ofType": null }, + "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "destination", + "name": "uniqueFlowId", "description": "", "args": [], - "type": { "kind": "OBJECT", "name": "Overview", "ofType": null }, + "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "host", + "name": "uniqueSourcePrivateIps", "description": "", "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "HostEcsFields", "ofType": null } - }, + "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "server", + "name": "uniqueSourcePrivateIpsHistogram", "description": "", "args": [], - "type": { "kind": "OBJECT", "name": "Overview", "ofType": null }, + "type": { + "kind": "LIST", + "name": null, + "ofType": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "OBJECT", "name": "KpiNetworkHistogramData", "ofType": null } + } + }, "isDeprecated": false, "deprecationReason": null }, { - "name": "source", + "name": "uniqueDestinationPrivateIps", "description": "", "args": [], - "type": { "kind": "OBJECT", "name": "Overview", "ofType": null }, + "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "inspect", - "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "Inspect", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "Overview", - "description": "", - "fields": [ - { - "name": "firstSeen", + "name": "uniqueDestinationPrivateIpsHistogram", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "Date", "ofType": null }, + "type": { + "kind": "LIST", + "name": null, + "ofType": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "OBJECT", "name": "KpiNetworkHistogramData", "ofType": null } + } + }, "isDeprecated": false, "deprecationReason": null }, { - "name": "lastSeen", + "name": "dnsQueries", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "Date", "ofType": null }, + "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "autonomousSystem", + "name": "tlsHandshakes", "description": "", "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "AutonomousSystem", "ofType": null } - }, + "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "geo", + "name": "inspect", "description": "", "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "GeoEcsFields", "ofType": null } - }, + "type": { "kind": "OBJECT", "name": "Inspect", "ofType": null }, "isDeprecated": false, "deprecationReason": null } @@ -6870,11 +6687,11 @@ }, { "kind": "OBJECT", - "name": "AutonomousSystem", + "name": "KpiNetworkHistogramData", "description": "", "fields": [ { - "name": "number", + "name": "x", "description": "", "args": [], "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, @@ -6882,10 +6699,10 @@ "deprecationReason": null }, { - "name": "organization", + "name": "y", "description": "", "args": [], - "type": { "kind": "OBJECT", "name": "AutonomousSystemOrganization", "ofType": null }, + "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, "isDeprecated": false, "deprecationReason": null } @@ -6897,407 +6714,14 @@ }, { "kind": "OBJECT", - "name": "AutonomousSystemOrganization", + "name": "KpiHostsData", "description": "", "fields": [ { - "name": "name", + "name": "hosts", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "INPUT_OBJECT", - "name": "UsersSortField", - "description": "", - "fields": null, - "inputFields": [ - { - "name": "field", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "ENUM", "name": "UsersFields", "ofType": null } - }, - "defaultValue": null - }, - { - "name": "direction", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "ENUM", "name": "Direction", "ofType": null } - }, - "defaultValue": null - } - ], - "interfaces": null, - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "ENUM", - "name": "UsersFields", - "description": "", - "fields": null, - "inputFields": null, - "interfaces": null, - "enumValues": [ - { "name": "name", "description": "", "isDeprecated": false, "deprecationReason": null }, - { "name": "count", "description": "", "isDeprecated": false, "deprecationReason": null } - ], - "possibleTypes": null - }, - { - "kind": "ENUM", - "name": "FlowTarget", - "description": "", - "fields": null, - "inputFields": null, - "interfaces": null, - "enumValues": [ - { "name": "client", "description": "", "isDeprecated": false, "deprecationReason": null }, - { - "name": "destination", - "description": "", - "isDeprecated": false, - "deprecationReason": null - }, - { "name": "server", "description": "", "isDeprecated": false, "deprecationReason": null }, - { "name": "source", "description": "", "isDeprecated": false, "deprecationReason": null } - ], - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "UsersData", - "description": "", - "fields": [ - { - "name": "edges", - "description": "", - "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "UsersEdges", "ofType": null } - } - } - }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "totalCount", - "description": "", - "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "Float", "ofType": null } - }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "pageInfo", - "description": "", - "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "PageInfoPaginated", "ofType": null } - }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "inspect", - "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "Inspect", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "UsersEdges", - "description": "", - "fields": [ - { - "name": "node", - "description": "", - "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "UsersNode", "ofType": null } - }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "cursor", - "description": "", - "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "CursorType", "ofType": null } - }, - "isDeprecated": false, - "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "UsersNode", - "description": "", - "fields": [ - { - "name": "_id", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "timestamp", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "Date", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "user", - "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "UsersItem", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "UsersItem", - "description": "", - "fields": [ - { - "name": "name", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "id", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "groupId", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "groupName", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "count", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "KpiNetworkData", - "description": "", - "fields": [ - { - "name": "networkEvents", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "uniqueFlowId", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "uniqueSourcePrivateIps", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "uniqueSourcePrivateIpsHistogram", - "description": "", - "args": [], - "type": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "KpiNetworkHistogramData", "ofType": null } - } - }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "uniqueDestinationPrivateIps", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "uniqueDestinationPrivateIpsHistogram", - "description": "", - "args": [], - "type": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "KpiNetworkHistogramData", "ofType": null } - } - }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "dnsQueries", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "tlsHandshakes", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "inspect", - "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "Inspect", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "KpiNetworkHistogramData", - "description": "", - "fields": [ - { - "name": "x", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "y", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "KpiHostsData", - "description": "", - "fields": [ - { - "name": "hosts", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, + "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, @@ -12212,6 +11636,26 @@ ], "possibleTypes": null }, + { + "kind": "ENUM", + "name": "FlowTarget", + "description": "", + "fields": null, + "inputFields": null, + "interfaces": null, + "enumValues": [ + { "name": "client", "description": "", "isDeprecated": false, "deprecationReason": null }, + { + "name": "destination", + "description": "", + "isDeprecated": false, + "deprecationReason": null + }, + { "name": "server", "description": "", "isDeprecated": false, "deprecationReason": null }, + { "name": "source", "description": "", "isDeprecated": false, "deprecationReason": null } + ], + "possibleTypes": null + }, { "kind": "ENUM", "name": "FlowDirection", diff --git a/x-pack/plugins/security_solution/public/graphql/types.ts b/x-pack/plugins/security_solution/public/graphql/types.ts index 63906b41cb50e..3d32fad1bd691 100644 --- a/x-pack/plugins/security_solution/public/graphql/types.ts +++ b/x-pack/plugins/security_solution/public/graphql/types.ts @@ -73,12 +73,6 @@ export interface HostsSortField { direction: Direction; } -export interface UsersSortField { - field: UsersFields; - - direction: Direction; -} - export interface NetworkTopTablesSortField { field: NetworkTopTablesFields; @@ -307,18 +301,6 @@ export enum HostPolicyResponseActionStatus { warning = 'warning', } -export enum UsersFields { - name = 'name', - count = 'count', -} - -export enum FlowTarget { - client = 'client', - destination = 'destination', - server = 'server', - source = 'source', -} - export enum HistogramType { authentications = 'authentications', anomalies = 'anomalies', @@ -408,6 +390,13 @@ export enum NetworkHttpFields { statuses = 'statuses', } +export enum FlowTarget { + client = 'client', + destination = 'destination', + server = 'server', + source = 'source', +} + export enum FlowDirection { uniDirectional = 'uniDirectional', biDirectional = 'biDirectional', @@ -533,10 +522,6 @@ export interface Source { HostFirstLastSeen: FirstLastSeenHost; - IpOverview?: Maybe; - - Users: UsersData; - KpiNetwork?: Maybe; KpiHosts: KpiHostsData; @@ -1486,76 +1471,6 @@ export interface FirstLastSeenHost { lastSeen?: Maybe; } -export interface IpOverviewData { - client?: Maybe; - - destination?: Maybe; - - host: HostEcsFields; - - server?: Maybe; - - source?: Maybe; - - inspect?: Maybe; -} - -export interface Overview { - firstSeen?: Maybe; - - lastSeen?: Maybe; - - autonomousSystem: AutonomousSystem; - - geo: GeoEcsFields; -} - -export interface AutonomousSystem { - number?: Maybe; - - organization?: Maybe; -} - -export interface AutonomousSystemOrganization { - name?: Maybe; -} - -export interface UsersData { - edges: UsersEdges[]; - - totalCount: number; - - pageInfo: PageInfoPaginated; - - inspect?: Maybe; -} - -export interface UsersEdges { - node: UsersNode; - - cursor: CursorType; -} - -export interface UsersNode { - _id?: Maybe; - - timestamp?: Maybe; - - user?: Maybe; -} - -export interface UsersItem { - name?: Maybe; - - id?: Maybe; - - groupId?: Maybe; - - groupName?: Maybe; - - count?: Maybe; -} - export interface KpiNetworkData { networkEvents?: Maybe; @@ -2278,34 +2193,6 @@ export interface HostFirstLastSeenSourceArgs { docValueFields: DocValueFieldsInput[]; } -export interface IpOverviewSourceArgs { - id?: Maybe; - - filterQuery?: Maybe; - - ip: string; - - defaultIndex: string[]; - - docValueFields: DocValueFieldsInput[]; -} -export interface UsersSourceArgs { - filterQuery?: Maybe; - - id?: Maybe; - - ip: string; - - pagination: PaginationInputPaginated; - - sort: UsersSortField; - - flowTarget: FlowTarget; - - timerange: TimerangeInput; - - defaultIndex: string[]; -} export interface KpiNetworkSourceArgs { id?: Maybe; @@ -3122,185 +3009,6 @@ export namespace GetKpiHostsQuery { }; } -export namespace GetIpOverviewQuery { - export type Variables = { - sourceId: string; - filterQuery?: Maybe; - ip: string; - defaultIndex: string[]; - inspect: boolean; - docValueFields: DocValueFieldsInput[]; - }; - - export type Query = { - __typename?: 'Query'; - - source: Source; - }; - - export type Source = { - __typename?: 'Source'; - - id: string; - - IpOverview: Maybe; - }; - - export type IpOverview = { - __typename?: 'IpOverviewData'; - - source: Maybe<_Source>; - - destination: Maybe; - - host: Host; - - inspect: Maybe; - }; - - export type _Source = { - __typename?: 'Overview'; - - firstSeen: Maybe; - - lastSeen: Maybe; - - autonomousSystem: AutonomousSystem; - - geo: Geo; - }; - - export type AutonomousSystem = { - __typename?: 'AutonomousSystem'; - - number: Maybe; - - organization: Maybe; - }; - - export type Organization = { - __typename?: 'AutonomousSystemOrganization'; - - name: Maybe; - }; - - export type Geo = { - __typename?: 'GeoEcsFields'; - - continent_name: Maybe; - - city_name: Maybe; - - country_iso_code: Maybe; - - country_name: Maybe; - - location: Maybe; - - region_iso_code: Maybe; - - region_name: Maybe; - }; - - export type Location = { - __typename?: 'Location'; - - lat: Maybe; - - lon: Maybe; - }; - - export type Destination = { - __typename?: 'Overview'; - - firstSeen: Maybe; - - lastSeen: Maybe; - - autonomousSystem: _AutonomousSystem; - - geo: _Geo; - }; - - export type _AutonomousSystem = { - __typename?: 'AutonomousSystem'; - - number: Maybe; - - organization: Maybe<_Organization>; - }; - - export type _Organization = { - __typename?: 'AutonomousSystemOrganization'; - - name: Maybe; - }; - - export type _Geo = { - __typename?: 'GeoEcsFields'; - - continent_name: Maybe; - - city_name: Maybe; - - country_iso_code: Maybe; - - country_name: Maybe; - - location: Maybe<_Location>; - - region_iso_code: Maybe; - - region_name: Maybe; - }; - - export type _Location = { - __typename?: 'Location'; - - lat: Maybe; - - lon: Maybe; - }; - - export type Host = { - __typename?: 'HostEcsFields'; - - architecture: Maybe; - - id: Maybe; - - ip: Maybe; - - mac: Maybe; - - name: Maybe; - - os: Maybe; - - type: Maybe; - }; - - export type Os = { - __typename?: 'OsEcsFields'; - - family: Maybe; - - name: Maybe; - - platform: Maybe; - - version: Maybe; - }; - - export type Inspect = { - __typename?: 'Inspect'; - - dsl: string[]; - - response: string[]; - }; -} - export namespace GetKpiNetworkQuery { export type Variables = { sourceId: string; @@ -3836,98 +3544,6 @@ export namespace GetNetworkTopNFlowQuery { }; } -export namespace GetUsersQuery { - export type Variables = { - sourceId: string; - filterQuery?: Maybe; - flowTarget: FlowTarget; - ip: string; - pagination: PaginationInputPaginated; - sort: UsersSortField; - timerange: TimerangeInput; - defaultIndex: string[]; - inspect: boolean; - }; - - export type Query = { - __typename?: 'Query'; - - source: Source; - }; - - export type Source = { - __typename?: 'Source'; - - id: string; - - Users: Users; - }; - - export type Users = { - __typename?: 'UsersData'; - - totalCount: number; - - edges: Edges[]; - - pageInfo: PageInfo; - - inspect: Maybe; - }; - - export type Edges = { - __typename?: 'UsersEdges'; - - node: Node; - - cursor: Cursor; - }; - - export type Node = { - __typename?: 'UsersNode'; - - user: Maybe; - }; - - export type User = { - __typename?: 'UsersItem'; - - name: Maybe; - - id: Maybe; - - groupId: Maybe; - - groupName: Maybe; - - count: Maybe; - }; - - export type Cursor = { - __typename?: 'CursorType'; - - value: Maybe; - }; - - export type PageInfo = { - __typename?: 'PageInfoPaginated'; - - activePage: number; - - fakeTotalCount: number; - - showMorePagesIndicator: boolean; - }; - - export type Inspect = { - __typename?: 'Inspect'; - - dsl: string[]; - - response: string[]; - }; -} - export namespace GetAllTimeline { export type Variables = { pageInfo: PageInfoTimeline; diff --git a/x-pack/plugins/security_solution/public/network/components/users_table/columns.tsx b/x-pack/plugins/security_solution/public/network/components/users_table/columns.tsx index b7f7887342335..afef7fe794939 100644 --- a/x-pack/plugins/security_solution/public/network/components/users_table/columns.tsx +++ b/x-pack/plugins/security_solution/public/network/components/users_table/columns.tsx @@ -4,7 +4,7 @@ * you may not use this file except in compliance with the Elastic License. */ -import { FlowTarget, UsersItem } from '../../../graphql/types'; +import { FlowTarget, NetworkUsersItem } from '../../../../common/search_strategy'; import { defaultToEmptyTag } from '../../../common/components/empty_value'; import { Columns } from '../../../common/components/paginated_table'; @@ -15,11 +15,11 @@ import { } from '../../../common/components/tables/helpers'; export type UsersColumns = [ - Columns, - Columns, - Columns, - Columns, - Columns + Columns, + Columns, + Columns, + Columns, + Columns ]; export const getUsersColumns = (flowTarget: FlowTarget, tableId: string): UsersColumns => [ diff --git a/x-pack/plugins/security_solution/public/network/components/users_table/mock.ts b/x-pack/plugins/security_solution/public/network/components/users_table/mock.ts index 50bef1867aa3b..9180ee328f988 100644 --- a/x-pack/plugins/security_solution/public/network/components/users_table/mock.ts +++ b/x-pack/plugins/security_solution/public/network/components/users_table/mock.ts @@ -4,9 +4,9 @@ * you may not use this file except in compliance with the Elastic License. */ -import { UsersData } from '../../../graphql/types'; +import { NetworkUsersStrategyResponse } from '../../../../common/search_strategy'; -export const mockUsersData: UsersData = { +export const mockUsersData: NetworkUsersStrategyResponse = { edges: [ { node: { @@ -63,4 +63,5 @@ export const mockUsersData: UsersData = { fakeTotalCount: 3, showMorePagesIndicator: true, }, + rawResponse: {} as NetworkUsersStrategyResponse['rawResponse'], }; diff --git a/x-pack/plugins/security_solution/public/network/containers/details/index.gql_query.ts b/x-pack/plugins/security_solution/public/network/containers/details/index.gql_query.ts deleted file mode 100644 index 6ebb60ccb4ea6..0000000000000 --- a/x-pack/plugins/security_solution/public/network/containers/details/index.gql_query.ts +++ /dev/null @@ -1,91 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import gql from 'graphql-tag'; - -export const ipOverviewQuery = gql` - query GetIpOverviewQuery( - $sourceId: ID! - $filterQuery: String - $ip: String! - $defaultIndex: [String!]! - $inspect: Boolean! - $docValueFields: [docValueFieldsInput!]! - ) { - source(id: $sourceId) { - id - IpOverview( - filterQuery: $filterQuery - ip: $ip - defaultIndex: $defaultIndex - docValueFields: $docValueFields - ) { - source { - firstSeen - lastSeen - autonomousSystem { - number - organization { - name - } - } - geo { - continent_name - city_name - country_iso_code - country_name - location { - lat - lon - } - region_iso_code - region_name - } - } - destination { - firstSeen - lastSeen - autonomousSystem { - number - organization { - name - } - } - geo { - continent_name - city_name - country_iso_code - country_name - location { - lat - lon - } - region_iso_code - region_name - } - } - host { - architecture - id - ip - mac - name - os { - family - name - platform - version - } - type - } - inspect @include(if: $inspect) { - dsl - response - } - } - } - } -`; diff --git a/x-pack/plugins/security_solution/public/network/containers/users/index.gql_query.ts b/x-pack/plugins/security_solution/public/network/containers/users/index.gql_query.ts deleted file mode 100644 index 3fc1cdfd160db..0000000000000 --- a/x-pack/plugins/security_solution/public/network/containers/users/index.gql_query.ts +++ /dev/null @@ -1,59 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import gql from 'graphql-tag'; - -export const usersQuery = gql` - query GetUsersQuery( - $sourceId: ID! - $filterQuery: String - $flowTarget: FlowTarget! - $ip: String! - $pagination: PaginationInputPaginated! - $sort: UsersSortField! - $timerange: TimerangeInput! - $defaultIndex: [String!]! - $inspect: Boolean! - ) { - source(id: $sourceId) { - id - Users( - filterQuery: $filterQuery - flowTarget: $flowTarget - ip: $ip - pagination: $pagination - sort: $sort - timerange: $timerange - defaultIndex: $defaultIndex - ) { - totalCount - edges { - node { - user { - name - id - groupId - groupName - count - } - } - cursor { - value - } - } - pageInfo { - activePage - fakeTotalCount - showMorePagesIndicator - } - inspect @include(if: $inspect) { - dsl - response - } - } - } - } -`; diff --git a/x-pack/plugins/security_solution/server/graphql/index.ts b/x-pack/plugins/security_solution/server/graphql/index.ts index 2de6ef32b5703..d23494e0eeaa6 100644 --- a/x-pack/plugins/security_solution/server/graphql/index.ts +++ b/x-pack/plugins/security_solution/server/graphql/index.ts @@ -11,7 +11,6 @@ import { authenticationsSchema } from './authentications'; import { ecsSchema } from './ecs'; import { eventsSchema } from './events'; import { hostsSchema } from './hosts'; -import { ipDetailsSchemas } from './ip_details'; import { kpiHostsSchema } from './kpi_hosts'; import { kpiNetworkSchema } from './kpi_network'; import { networkSchema } from './network'; @@ -37,7 +36,6 @@ export const schemas = [ toDateSchema, toBooleanSchema, hostsSchema, - ...ipDetailsSchemas, kpiNetworkSchema, kpiHostsSchema, matrixHistogramSchema, diff --git a/x-pack/plugins/security_solution/server/graphql/ip_details/index.ts b/x-pack/plugins/security_solution/server/graphql/ip_details/index.ts deleted file mode 100644 index 186397ea347cb..0000000000000 --- a/x-pack/plugins/security_solution/server/graphql/ip_details/index.ts +++ /dev/null @@ -1,8 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -export { createIpDetailsResolvers } from './resolvers'; -export { ipDetailsSchemas } from './schema.gql'; diff --git a/x-pack/plugins/security_solution/server/graphql/ip_details/resolvers.ts b/x-pack/plugins/security_solution/server/graphql/ip_details/resolvers.ts deleted file mode 100644 index d0e84026de473..0000000000000 --- a/x-pack/plugins/security_solution/server/graphql/ip_details/resolvers.ts +++ /dev/null @@ -1,50 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import { SourceResolvers } from '../../graphql/types'; -import { AppResolverOf, ChildResolverOf } from '../../lib/framework'; -import { IpDetails, UsersRequestOptions } from '../../lib/ip_details'; -import { createOptions, createOptionsPaginated } from '../../utils/build_query/create_options'; -import { QuerySourceResolver } from '../sources/resolvers'; - -export type QueryIpOverviewResolver = ChildResolverOf< - AppResolverOf, - QuerySourceResolver ->; - -export type QueryUsersResolver = ChildResolverOf< - AppResolverOf, - QuerySourceResolver ->; - -export interface IDetailsResolversDeps { - ipDetails: IpDetails; -} - -export const createIpDetailsResolvers = ( - libs: IDetailsResolversDeps -): { - Source: { - IpOverview: QueryIpOverviewResolver; - Users: QueryUsersResolver; - }; -} => ({ - Source: { - async IpOverview(source, args, { req }, info) { - const options = { ...createOptions(source, args, info), ip: args.ip }; - return libs.ipDetails.getIpOverview(req, options); - }, - async Users(source, args, { req }, info) { - const options: UsersRequestOptions = { - ...createOptionsPaginated(source, args, info), - ip: args.ip, - sort: args.sort, - flowTarget: args.flowTarget, - }; - return libs.ipDetails.getUsers(req, options); - }, - }, -}); diff --git a/x-pack/plugins/security_solution/server/graphql/ip_details/schema.gql.ts b/x-pack/plugins/security_solution/server/graphql/ip_details/schema.gql.ts deleted file mode 100644 index 2531f8d169327..0000000000000 --- a/x-pack/plugins/security_solution/server/graphql/ip_details/schema.gql.ts +++ /dev/null @@ -1,97 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import gql from 'graphql-tag'; - -const ipOverviewSchema = gql` - type AutonomousSystemOrganization { - name: String - } - - type AutonomousSystem { - number: Float - organization: AutonomousSystemOrganization - } - - type Overview { - firstSeen: Date - lastSeen: Date - autonomousSystem: AutonomousSystem! - geo: GeoEcsFields! - } - - type IpOverviewData { - client: Overview - destination: Overview - host: HostEcsFields! - server: Overview - source: Overview - inspect: Inspect - } - - extend type Source { - IpOverview( - id: String - filterQuery: String - ip: String! - defaultIndex: [String!]! - docValueFields: [docValueFieldsInput!]! - ): IpOverviewData - } -`; - -const usersSchema = gql` - enum UsersFields { - name - count - } - - input UsersSortField { - field: UsersFields! - direction: Direction! - } - - type UsersItem { - name: String - id: ToStringArray - groupId: ToStringArray - groupName: ToStringArray - count: Float - } - - type UsersNode { - _id: String - timestamp: Date - user: UsersItem - } - - type UsersEdges { - node: UsersNode! - cursor: CursorType! - } - - type UsersData { - edges: [UsersEdges!]! - totalCount: Float! - pageInfo: PageInfoPaginated! - inspect: Inspect - } - - extend type Source { - Users( - filterQuery: String - id: String - ip: String! - pagination: PaginationInputPaginated! - sort: UsersSortField! - flowTarget: FlowTarget! - timerange: TimerangeInput! - defaultIndex: [String!]! - ): UsersData! - } -`; - -export const ipDetailsSchemas = [ipOverviewSchema, usersSchema]; diff --git a/x-pack/plugins/security_solution/server/graphql/types.ts b/x-pack/plugins/security_solution/server/graphql/types.ts index 242721d225e19..ced64b693df49 100644 --- a/x-pack/plugins/security_solution/server/graphql/types.ts +++ b/x-pack/plugins/security_solution/server/graphql/types.ts @@ -75,12 +75,6 @@ export interface HostsSortField { direction: Direction; } -export interface UsersSortField { - field: UsersFields; - - direction: Direction; -} - export interface NetworkTopTablesSortField { field: NetworkTopTablesFields; @@ -309,18 +303,6 @@ export enum HostPolicyResponseActionStatus { warning = 'warning', } -export enum UsersFields { - name = 'name', - count = 'count', -} - -export enum FlowTarget { - client = 'client', - destination = 'destination', - server = 'server', - source = 'source', -} - export enum HistogramType { authentications = 'authentications', anomalies = 'anomalies', @@ -410,6 +392,13 @@ export enum NetworkHttpFields { statuses = 'statuses', } +export enum FlowTarget { + client = 'client', + destination = 'destination', + server = 'server', + source = 'source', +} + export enum FlowDirection { uniDirectional = 'uniDirectional', biDirectional = 'biDirectional', @@ -535,10 +524,6 @@ export interface Source { HostFirstLastSeen: FirstLastSeenHost; - IpOverview?: Maybe; - - Users: UsersData; - KpiNetwork?: Maybe; KpiHosts: KpiHostsData; @@ -1488,76 +1473,6 @@ export interface FirstLastSeenHost { lastSeen?: Maybe; } -export interface IpOverviewData { - client?: Maybe; - - destination?: Maybe; - - host: HostEcsFields; - - server?: Maybe; - - source?: Maybe; - - inspect?: Maybe; -} - -export interface Overview { - firstSeen?: Maybe; - - lastSeen?: Maybe; - - autonomousSystem: AutonomousSystem; - - geo: GeoEcsFields; -} - -export interface AutonomousSystem { - number?: Maybe; - - organization?: Maybe; -} - -export interface AutonomousSystemOrganization { - name?: Maybe; -} - -export interface UsersData { - edges: UsersEdges[]; - - totalCount: number; - - pageInfo: PageInfoPaginated; - - inspect?: Maybe; -} - -export interface UsersEdges { - node: UsersNode; - - cursor: CursorType; -} - -export interface UsersNode { - _id?: Maybe; - - timestamp?: Maybe; - - user?: Maybe; -} - -export interface UsersItem { - name?: Maybe; - - id?: Maybe; - - groupId?: Maybe; - - groupName?: Maybe; - - count?: Maybe; -} - export interface KpiNetworkData { networkEvents?: Maybe; @@ -2280,34 +2195,6 @@ export interface HostFirstLastSeenSourceArgs { docValueFields: DocValueFieldsInput[]; } -export interface IpOverviewSourceArgs { - id?: Maybe; - - filterQuery?: Maybe; - - ip: string; - - defaultIndex: string[]; - - docValueFields: DocValueFieldsInput[]; -} -export interface UsersSourceArgs { - filterQuery?: Maybe; - - id?: Maybe; - - ip: string; - - pagination: PaginationInputPaginated; - - sort: UsersSortField; - - flowTarget: FlowTarget; - - timerange: TimerangeInput; - - defaultIndex: string[]; -} export interface KpiNetworkSourceArgs { id?: Maybe; @@ -2834,10 +2721,6 @@ export namespace SourceResolvers { HostFirstLastSeen?: HostFirstLastSeenResolver; - IpOverview?: IpOverviewResolver, TypeParent, TContext>; - - Users?: UsersResolver; - KpiNetwork?: KpiNetworkResolver, TypeParent, TContext>; KpiHosts?: KpiHostsResolver; @@ -3000,47 +2883,6 @@ export namespace SourceResolvers { docValueFields: DocValueFieldsInput[]; } - export type IpOverviewResolver< - R = Maybe, - Parent = Source, - TContext = SiemContext - > = Resolver; - export interface IpOverviewArgs { - id?: Maybe; - - filterQuery?: Maybe; - - ip: string; - - defaultIndex: string[]; - - docValueFields: DocValueFieldsInput[]; - } - - export type UsersResolver = Resolver< - R, - Parent, - TContext, - UsersArgs - >; - export interface UsersArgs { - filterQuery?: Maybe; - - id?: Maybe; - - ip: string; - - pagination: PaginationInputPaginated; - - sort: UsersSortField; - - flowTarget: FlowTarget; - - timerange: TimerangeInput; - - defaultIndex: string[]; - } - export type KpiNetworkResolver< R = Maybe, Parent = Source, @@ -6302,235 +6144,6 @@ export namespace FirstLastSeenHostResolvers { > = Resolver; } -export namespace IpOverviewDataResolvers { - export interface Resolvers { - client?: ClientResolver, TypeParent, TContext>; - - destination?: DestinationResolver, TypeParent, TContext>; - - host?: HostResolver; - - server?: ServerResolver, TypeParent, TContext>; - - source?: SourceResolver, TypeParent, TContext>; - - inspect?: InspectResolver, TypeParent, TContext>; - } - - export type ClientResolver< - R = Maybe, - Parent = IpOverviewData, - TContext = SiemContext - > = Resolver; - export type DestinationResolver< - R = Maybe, - Parent = IpOverviewData, - TContext = SiemContext - > = Resolver; - export type HostResolver< - R = HostEcsFields, - Parent = IpOverviewData, - TContext = SiemContext - > = Resolver; - export type ServerResolver< - R = Maybe, - Parent = IpOverviewData, - TContext = SiemContext - > = Resolver; - export type SourceResolver< - R = Maybe, - Parent = IpOverviewData, - TContext = SiemContext - > = Resolver; - export type InspectResolver< - R = Maybe, - Parent = IpOverviewData, - TContext = SiemContext - > = Resolver; -} - -export namespace OverviewResolvers { - export interface Resolvers { - firstSeen?: FirstSeenResolver, TypeParent, TContext>; - - lastSeen?: LastSeenResolver, TypeParent, TContext>; - - autonomousSystem?: AutonomousSystemResolver; - - geo?: GeoResolver; - } - - export type FirstSeenResolver< - R = Maybe, - Parent = Overview, - TContext = SiemContext - > = Resolver; - export type LastSeenResolver< - R = Maybe, - Parent = Overview, - TContext = SiemContext - > = Resolver; - export type AutonomousSystemResolver< - R = AutonomousSystem, - Parent = Overview, - TContext = SiemContext - > = Resolver; - export type GeoResolver = Resolver< - R, - Parent, - TContext - >; -} - -export namespace AutonomousSystemResolvers { - export interface Resolvers { - number?: NumberResolver, TypeParent, TContext>; - - organization?: OrganizationResolver, TypeParent, TContext>; - } - - export type NumberResolver< - R = Maybe, - Parent = AutonomousSystem, - TContext = SiemContext - > = Resolver; - export type OrganizationResolver< - R = Maybe, - Parent = AutonomousSystem, - TContext = SiemContext - > = Resolver; -} - -export namespace AutonomousSystemOrganizationResolvers { - export interface Resolvers { - name?: NameResolver, TypeParent, TContext>; - } - - export type NameResolver< - R = Maybe, - Parent = AutonomousSystemOrganization, - TContext = SiemContext - > = Resolver; -} - -export namespace UsersDataResolvers { - export interface Resolvers { - edges?: EdgesResolver; - - totalCount?: TotalCountResolver; - - pageInfo?: PageInfoResolver; - - inspect?: InspectResolver, TypeParent, TContext>; - } - - export type EdgesResolver< - R = UsersEdges[], - Parent = UsersData, - TContext = SiemContext - > = Resolver; - export type TotalCountResolver = Resolver< - R, - Parent, - TContext - >; - export type PageInfoResolver< - R = PageInfoPaginated, - Parent = UsersData, - TContext = SiemContext - > = Resolver; - export type InspectResolver< - R = Maybe, - Parent = UsersData, - TContext = SiemContext - > = Resolver; -} - -export namespace UsersEdgesResolvers { - export interface Resolvers { - node?: NodeResolver; - - cursor?: CursorResolver; - } - - export type NodeResolver = Resolver< - R, - Parent, - TContext - >; - export type CursorResolver< - R = CursorType, - Parent = UsersEdges, - TContext = SiemContext - > = Resolver; -} - -export namespace UsersNodeResolvers { - export interface Resolvers { - _id?: _IdResolver, TypeParent, TContext>; - - timestamp?: TimestampResolver, TypeParent, TContext>; - - user?: UserResolver, TypeParent, TContext>; - } - - export type _IdResolver, Parent = UsersNode, TContext = SiemContext> = Resolver< - R, - Parent, - TContext - >; - export type TimestampResolver< - R = Maybe, - Parent = UsersNode, - TContext = SiemContext - > = Resolver; - export type UserResolver< - R = Maybe, - Parent = UsersNode, - TContext = SiemContext - > = Resolver; -} - -export namespace UsersItemResolvers { - export interface Resolvers { - name?: NameResolver, TypeParent, TContext>; - - id?: IdResolver, TypeParent, TContext>; - - groupId?: GroupIdResolver, TypeParent, TContext>; - - groupName?: GroupNameResolver, TypeParent, TContext>; - - count?: CountResolver, TypeParent, TContext>; - } - - export type NameResolver< - R = Maybe, - Parent = UsersItem, - TContext = SiemContext - > = Resolver; - export type IdResolver< - R = Maybe, - Parent = UsersItem, - TContext = SiemContext - > = Resolver; - export type GroupIdResolver< - R = Maybe, - Parent = UsersItem, - TContext = SiemContext - > = Resolver; - export type GroupNameResolver< - R = Maybe, - Parent = UsersItem, - TContext = SiemContext - > = Resolver; - export type CountResolver< - R = Maybe, - Parent = UsersItem, - TContext = SiemContext - > = Resolver; -} - export namespace KpiNetworkDataResolvers { export interface Resolvers { networkEvents?: NetworkEventsResolver, TypeParent, TContext>; @@ -8805,14 +8418,6 @@ export type IResolvers = { CloudMachine?: CloudMachineResolvers.Resolvers; EndpointFields?: EndpointFieldsResolvers.Resolvers; FirstLastSeenHost?: FirstLastSeenHostResolvers.Resolvers; - IpOverviewData?: IpOverviewDataResolvers.Resolvers; - Overview?: OverviewResolvers.Resolvers; - AutonomousSystem?: AutonomousSystemResolvers.Resolvers; - AutonomousSystemOrganization?: AutonomousSystemOrganizationResolvers.Resolvers; - UsersData?: UsersDataResolvers.Resolvers; - UsersEdges?: UsersEdgesResolvers.Resolvers; - UsersNode?: UsersNodeResolvers.Resolvers; - UsersItem?: UsersItemResolvers.Resolvers; KpiNetworkData?: KpiNetworkDataResolvers.Resolvers; KpiNetworkHistogramData?: KpiNetworkHistogramDataResolvers.Resolvers; KpiHostsData?: KpiHostsDataResolvers.Resolvers; diff --git a/x-pack/plugins/security_solution/server/init_server.ts b/x-pack/plugins/security_solution/server/init_server.ts index ac0273ec1770d..3d2833f1c6c60 100644 --- a/x-pack/plugins/security_solution/server/init_server.ts +++ b/x-pack/plugins/security_solution/server/init_server.ts @@ -10,7 +10,6 @@ import { createAuthenticationsResolvers } from './graphql/authentications'; import { createScalarToStringArrayValueResolvers } from './graphql/ecs'; import { createEsValueResolvers, createEventsResolvers } from './graphql/events'; import { createHostsResolvers } from './graphql/hosts'; -import { createIpDetailsResolvers } from './graphql/ip_details'; import { createKpiHostsResolvers } from './graphql/kpi_hosts'; import { createKpiNetworkResolvers } from './graphql/kpi_network'; import { createNetworkResolvers } from './graphql/network'; @@ -35,7 +34,6 @@ export const initServer = (libs: AppBackendLibs) => { createEsValueResolvers() as IResolvers, createEventsResolvers(libs) as IResolvers, createHostsResolvers(libs) as IResolvers, - createIpDetailsResolvers(libs) as IResolvers, createKpiNetworkResolvers(libs) as IResolvers, createMatrixHistogramResolvers(libs) as IResolvers, createNoteResolvers(libs) as IResolvers, diff --git a/x-pack/plugins/security_solution/server/lib/compose/kibana.ts b/x-pack/plugins/security_solution/server/lib/compose/kibana.ts index bd646fe07329c..7c149c4bafe82 100644 --- a/x-pack/plugins/security_solution/server/lib/compose/kibana.ts +++ b/x-pack/plugins/security_solution/server/lib/compose/kibana.ts @@ -16,7 +16,6 @@ import { KpiHosts } from '../kpi_hosts'; import { ElasticsearchKpiHostsAdapter } from '../kpi_hosts/elasticsearch_adapter'; import { ElasticsearchIndexFieldAdapter, IndexFields } from '../index_fields'; -import { ElasticsearchIpDetailsAdapter, IpDetails } from '../ip_details'; import { KpiNetwork } from '../kpi_network'; import { ElasticsearchKpiNetworkAdapter } from '../kpi_network/elasticsearch_adapter'; @@ -45,7 +44,6 @@ export function compose( events: new Events(new ElasticsearchEventsAdapter(framework)), fields: new IndexFields(new ElasticsearchIndexFieldAdapter(framework)), hosts: new Hosts(new ElasticsearchHostsAdapter(framework, endpointContext)), - ipDetails: new IpDetails(new ElasticsearchIpDetailsAdapter(framework)), kpiHosts: new KpiHosts(new ElasticsearchKpiHostsAdapter(framework)), kpiNetwork: new KpiNetwork(new ElasticsearchKpiNetworkAdapter(framework)), matrixHistogram: new MatrixHistogram(new ElasticsearchMatrixHistogramAdapter(framework)), diff --git a/x-pack/plugins/security_solution/server/lib/ip_details/elasticsearch_adapter.test.ts b/x-pack/plugins/security_solution/server/lib/ip_details/elasticsearch_adapter.test.ts deleted file mode 100644 index 6249e60d9a2be..0000000000000 --- a/x-pack/plugins/security_solution/server/lib/ip_details/elasticsearch_adapter.test.ts +++ /dev/null @@ -1,53 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ -import { FlowTarget } from '../../graphql/types'; - -import { getIpOverviewAgg, getIpOverviewHostAgg, getUsersEdges } from './elasticsearch_adapter'; - -import { - formattedDestination, - formattedEmptySource, - formattedHost, - formattedSource, - mockFormattedUsersEdges, - mockUsersData, - responseAggs, -} from './mock'; - -describe('elasticsearch_adapter', () => { - describe('#getIpOverview', () => { - test('will return a destination correctly', () => { - const destination = getIpOverviewAgg( - FlowTarget.destination, - responseAggs.aggregations.destination! - ); - expect(destination).toEqual(formattedDestination); - }); - - test('will return a source correctly', () => { - const source = getIpOverviewAgg(FlowTarget.source, responseAggs.aggregations.source!); - expect(source).toEqual(formattedSource); - }); - - test('will return a host correctly', () => { - const host = getIpOverviewHostAgg(responseAggs.aggregations.host); - expect(host).toEqual(formattedHost); - }); - - test('will return an empty source correctly', () => { - const source = getIpOverviewAgg(FlowTarget.source, {}); - expect(source).toEqual(formattedEmptySource); - }); - }); - - describe('#getUsers', () => { - test('will format edges correctly', () => { - // @ts-expect-error Re-work `DatabaseSearchResponse` types as mock ES Response won't match - const edges = getUsersEdges(mockUsersData); - expect(edges).toEqual(mockFormattedUsersEdges); - }); - }); -}); diff --git a/x-pack/plugins/security_solution/server/lib/ip_details/elasticsearch_adapter.ts b/x-pack/plugins/security_solution/server/lib/ip_details/elasticsearch_adapter.ts deleted file mode 100644 index 90803ca302bd4..0000000000000 --- a/x-pack/plugins/security_solution/server/lib/ip_details/elasticsearch_adapter.ts +++ /dev/null @@ -1,160 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import { get, getOr } from 'lodash/fp'; - -import { - AutonomousSystem, - GeoEcsFields, - HostEcsFields, - IpOverviewData, - UsersData, - UsersEdges, -} from '../../graphql/types'; -import { inspectStringifyObject } from '../../utils/build_query'; -import { DatabaseSearchResponse, FrameworkAdapter, FrameworkRequest } from '../framework'; -import { TermAggregation } from '../types'; -import { DEFAULT_MAX_TABLE_QUERY_SIZE } from '../../../common/constants'; -import { IpOverviewRequestOptions, UsersRequestOptions } from './index'; -import { buildOverviewQuery } from './query_overview.dsl'; -import { buildUsersQuery } from './query_users.dsl'; - -import { - IpDetailsAdapter, - IpOverviewHit, - OverviewHit, - OverviewHostHit, - UsersBucketsItem, -} from './types'; - -export class ElasticsearchIpDetailsAdapter implements IpDetailsAdapter { - constructor(private readonly framework: FrameworkAdapter) {} - - public async getIpDetails( - request: FrameworkRequest, - options: IpOverviewRequestOptions - ): Promise { - const dsl = buildOverviewQuery(options); - const response = await this.framework.callWithRequest( - request, - 'search', - dsl - ); - - const inspect = { - dsl: [inspectStringifyObject(dsl)], - response: [inspectStringifyObject(response)], - }; - - return { - inspect, - ...getIpOverviewAgg('source', getOr({}, 'aggregations.source', response)), - ...getIpOverviewAgg('destination', getOr({}, 'aggregations.destination', response)), - ...getIpOverviewHostAgg(getOr({}, 'aggregations.host', response)), - }; - } - - public async getUsers( - request: FrameworkRequest, - options: UsersRequestOptions - ): Promise { - if (options.pagination && options.pagination.querySize >= DEFAULT_MAX_TABLE_QUERY_SIZE) { - throw new Error(`No query size above ${DEFAULT_MAX_TABLE_QUERY_SIZE}`); - } - const dsl = buildUsersQuery(options); - const response = await this.framework.callWithRequest( - request, - 'search', - dsl - ); - - const { activePage, cursorStart, fakePossibleCount, querySize } = options.pagination; - const totalCount = getOr(0, 'aggregations.user_count.value', response); - const usersEdges = getUsersEdges(response); - const fakeTotalCount = fakePossibleCount <= totalCount ? fakePossibleCount : totalCount; - const edges = usersEdges.splice(cursorStart, querySize - cursorStart); - const inspect = { - dsl: [inspectStringifyObject(dsl)], - response: [inspectStringifyObject(response)], - }; - const showMorePagesIndicator = totalCount > fakeTotalCount; - return { - edges, - inspect, - pageInfo: { - activePage: activePage ? activePage : 0, - fakeTotalCount, - showMorePagesIndicator, - }, - totalCount, - }; - } -} - -export const getIpOverviewAgg = (type: string, overviewHit: OverviewHit | {}) => { - const firstSeen = getOr(null, `firstSeen.value_as_string`, overviewHit); - const lastSeen = getOr(null, `lastSeen.value_as_string`, overviewHit); - const autonomousSystem: AutonomousSystem | null = getOr( - null, - `as.results.hits.hits[0]._source.${type}.as`, - overviewHit - ); - const geoFields: GeoEcsFields | null = getOr( - null, - `geo.results.hits.hits[0]._source.${type}.geo`, - overviewHit - ); - - return { - [type]: { - firstSeen, - lastSeen, - autonomousSystem: { - ...autonomousSystem, - }, - geo: { - ...geoFields, - }, - }, - }; -}; - -export const getIpOverviewHostAgg = (overviewHostHit: OverviewHostHit | {}) => { - const hostFields: HostEcsFields | null = getOr( - null, - `results.hits.hits[0]._source.host`, - overviewHostHit - ); - return { - host: { - ...hostFields, - }, - }; -}; - -export const getUsersEdges = ( - response: DatabaseSearchResponse -): UsersEdges[] => - getOr([], `aggregations.users.buckets`, response).map((bucket: UsersBucketsItem) => ({ - node: { - _id: bucket.key, - user: { - id: getOr([], 'id.buckets', bucket).map((id: UsersBucketsItem) => id.key), - name: bucket.key, - groupId: getOr([], 'groupId.buckets', bucket).map( - (groupId: UsersBucketsItem) => groupId.key - ), - groupName: getOr([], 'groupName.buckets', bucket).map( - (groupName: UsersBucketsItem) => groupName.key - ), - count: get('doc_count', bucket), - }, - }, - cursor: { - value: bucket.key, - tiebreaker: null, - }, - })); diff --git a/x-pack/plugins/security_solution/server/lib/ip_details/index.ts b/x-pack/plugins/security_solution/server/lib/ip_details/index.ts deleted file mode 100644 index ed8824bc284e4..0000000000000 --- a/x-pack/plugins/security_solution/server/lib/ip_details/index.ts +++ /dev/null @@ -1,37 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import { FlowTarget, IpOverviewData, UsersData, UsersSortField } from '../../graphql/types'; -import { FrameworkRequest, RequestOptions, RequestOptionsPaginated } from '../framework'; - -import { IpDetailsAdapter } from './types'; - -export * from './elasticsearch_adapter'; - -export interface IpOverviewRequestOptions extends RequestOptions { - ip: string; -} - -export interface UsersRequestOptions extends RequestOptionsPaginated { - ip: string; - sort: UsersSortField; - flowTarget: FlowTarget; -} - -export class IpDetails { - constructor(private readonly adapter: IpDetailsAdapter) {} - - public async getIpOverview( - req: FrameworkRequest, - options: IpOverviewRequestOptions - ): Promise { - return this.adapter.getIpDetails(req, options); - } - - public async getUsers(req: FrameworkRequest, options: UsersRequestOptions): Promise { - return this.adapter.getUsers(req, options); - } -} diff --git a/x-pack/plugins/security_solution/server/lib/ip_details/mock.ts b/x-pack/plugins/security_solution/server/lib/ip_details/mock.ts deleted file mode 100644 index 1db86e7766fcf..0000000000000 --- a/x-pack/plugins/security_solution/server/lib/ip_details/mock.ts +++ /dev/null @@ -1,430 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import { UsersEdges } from '../../graphql/types'; - -import { IpOverviewHit, UsersResponse } from './types'; - -export const responseAggs: IpOverviewHit = { - aggregations: { - destination: { - doc_count: 882307, - geo: { - doc_count: 62089, - results: { - hits: { - total: { - value: 62089, - relation: 'eq', - }, - max_score: null, - hits: [ - { - _source: { - destination: { - geo: { - continent_name: 'Asia', - region_iso_code: 'IN-KA', - city_name: 'Bengaluru', - country_iso_code: 'IN', - region_name: 'Karnataka', - location: { - lon: 77.5833, - lat: 12.9833, - }, - }, - }, - }, - sort: [1553894176003], - }, - ], - }, - }, - }, - lastSeen: { - value: 1553900180003, - value_as_string: '2019-03-29T22:56:20.003Z', - }, - firstSeen: { - value: 1551388820000, - value_as_string: '2019-02-28T21:20:20.000Z', - }, - autonomousSystem: { - doc_count: 0, - results: { - hits: { - total: { - value: 0, - relation: 'eq', - }, - max_score: null, - hits: [], - }, - }, - }, - }, - source: { - doc_count: 1002234, - geo: { - doc_count: 1507, - results: { - hits: { - total: { - value: 1507, - relation: 'eq', - }, - max_score: null, - hits: [ - { - _index: 'filebeat-8.0.0-2019.03.21-000002', - _type: '_doc', - _id: 'dHQ6y2kBCQofM5eXi5OE', - _score: null, - _source: { - source: { - geo: { - continent_name: 'Asia', - region_iso_code: 'IN-KA', - city_name: 'Bengaluru', - country_iso_code: 'IN', - region_name: 'Karnataka', - location: { - lon: 77.5833, - lat: 12.9833, - }, - }, - }, - }, - sort: [1553892804003], - }, - ], - }, - }, - }, - lastSeen: { - value: 1553900180003, - value_as_string: '2019-03-29T22:56:20.003Z', - }, - firstSeen: { - value: 1551388804322, - value_as_string: '2019-02-28T21:20:04.322Z', - }, - autonomousSystem: { - doc_count: 0, - results: { - hits: { - total: { - value: 0, - relation: 'eq', - }, - max_score: null, - hits: [], - }, - }, - }, - }, - host: { - doc_count: 1588091, - results: { - hits: { - total: { - value: 1588091, - relation: 'eq', - }, - max_score: null, - hits: [ - { - _index: 'filebeat-8.0.0-2019.05.20-000004', - _type: '_doc', - _id: 'NU9dD2sB9v5HJNSHMMRc', - _score: null, - _source: { - host: { - hostname: 'suricata-iowa', - os: { - kernel: '4.15.0-1032-gcp', - codename: 'bionic', - name: 'Ubuntu', - family: 'debian', - version: '18.04.2 LTS (Bionic Beaver)', - platform: 'ubuntu', - }, - ip: ['10.128.0.4', 'fe80::4001:aff:fe80:4'], - containerized: false, - name: 'suricata-iowa', - id: 'be1f3d767896212736b880e846876dcb', - mac: ['42:01:0a:80:00:04'], - architecture: 'x86_64', - }, - }, - sort: [1559330892000], - }, - ], - }, - }, - }, - }, - _shards: { - total: 42, - successful: 42, - skipped: 0, - failed: 0, - }, - hits: { - total: { - value: 71358841, - relation: 'eq', - }, - max_score: null, - hits: [], - }, - took: 392, - timeout: 500, -}; - -export const formattedDestination = { - destination: { - firstSeen: '2019-02-28T21:20:20.000Z', - lastSeen: '2019-03-29T22:56:20.003Z', - autonomousSystem: {}, - geo: { - continent_name: 'Asia', - region_iso_code: 'IN-KA', - city_name: 'Bengaluru', - country_iso_code: 'IN', - region_name: 'Karnataka', - location: { - lon: 77.5833, - lat: 12.9833, - }, - }, - }, -}; - -export const formattedSource = { - source: { - firstSeen: '2019-02-28T21:20:04.322Z', - lastSeen: '2019-03-29T22:56:20.003Z', - autonomousSystem: {}, - geo: { - continent_name: 'Asia', - region_iso_code: 'IN-KA', - city_name: 'Bengaluru', - country_iso_code: 'IN', - region_name: 'Karnataka', - location: { - lon: 77.5833, - lat: 12.9833, - }, - }, - }, -}; - -export const formattedHost = { - host: { - hostname: 'suricata-iowa', - os: { - kernel: '4.15.0-1032-gcp', - codename: 'bionic', - name: 'Ubuntu', - family: 'debian', - version: '18.04.2 LTS (Bionic Beaver)', - platform: 'ubuntu', - }, - ip: ['10.128.0.4', 'fe80::4001:aff:fe80:4'], - containerized: false, - name: 'suricata-iowa', - id: 'be1f3d767896212736b880e846876dcb', - mac: ['42:01:0a:80:00:04'], - architecture: 'x86_64', - }, -}; - -export const formattedEmptySource = { - source: { - firstSeen: null, - lastSeen: null, - autonomousSystem: {}, - geo: {}, - }, -}; - -export const mockUsersData: UsersResponse = { - took: 445, - timed_out: false, - _shards: { - total: 59, - successful: 59, - skipped: 0, - failed: 0, - }, - hits: { - max_score: null, - hits: [], - }, - aggregations: { - user_count: { - value: 3, - }, - users: { - doc_count_error_upper_bound: 0, - sum_other_doc_count: 0, - buckets: [ - { - key: '_apt', - doc_count: 10, - groupName: { - doc_count_error_upper_bound: 0, - sum_other_doc_count: 0, - buckets: [ - { - key: 'nogroup', - doc_count: 10, - }, - ], - }, - groupId: { - doc_count_error_upper_bound: 0, - sum_other_doc_count: 0, - buckets: [ - { - key: '65534', - doc_count: 10, - }, - ], - }, - id: { - doc_count_error_upper_bound: 0, - sum_other_doc_count: 0, - buckets: [ - { - key: '104', - doc_count: 10, - }, - ], - }, - }, - { - key: 'root', - doc_count: 109, - groupName: { - doc_count_error_upper_bound: 0, - sum_other_doc_count: 0, - buckets: [ - { - key: 'Debian-exim', - doc_count: 72, - }, - { - key: 'root', - doc_count: 37, - }, - ], - }, - groupId: { - doc_count_error_upper_bound: 0, - sum_other_doc_count: 0, - buckets: [ - { - key: '116', - doc_count: 72, - }, - { - key: '0', - doc_count: 37, - }, - ], - }, - id: { - doc_count_error_upper_bound: 0, - sum_other_doc_count: 0, - buckets: [ - { - key: '0', - doc_count: 109, - }, - ], - }, - }, - { - key: 'systemd-resolve', - doc_count: 4, - groupName: { - doc_count_error_upper_bound: 0, - sum_other_doc_count: 0, - buckets: [], - }, - groupId: { - doc_count_error_upper_bound: 0, - sum_other_doc_count: 0, - buckets: [], - }, - id: { - doc_count_error_upper_bound: 0, - sum_other_doc_count: 0, - buckets: [ - { - key: '102', - doc_count: 4, - }, - ], - }, - }, - ], - }, - }, -}; - -export const mockFormattedUsersEdges: UsersEdges[] = [ - { - node: { - _id: '_apt', - user: { - id: ['104'], - name: '_apt', - groupId: ['65534'], - groupName: ['nogroup'], - count: 10, - }, - }, - cursor: { - value: '_apt', - tiebreaker: null, - }, - }, - { - node: { - _id: 'root', - user: { - id: ['0'], - name: 'root', - groupId: ['116', '0'], - groupName: ['Debian-exim', 'root'], - count: 109, - }, - }, - cursor: { - value: 'root', - tiebreaker: null, - }, - }, - { - node: { - _id: 'systemd-resolve', - user: { - id: ['102'], - name: 'systemd-resolve', - groupId: [], - groupName: [], - count: 4, - }, - }, - cursor: { - value: 'systemd-resolve', - tiebreaker: null, - }, - }, -]; diff --git a/x-pack/plugins/security_solution/server/lib/ip_details/query_overview.dsl.ts b/x-pack/plugins/security_solution/server/lib/ip_details/query_overview.dsl.ts deleted file mode 100644 index d9c8f32d0b465..0000000000000 --- a/x-pack/plugins/security_solution/server/lib/ip_details/query_overview.dsl.ts +++ /dev/null @@ -1,126 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import { isEmpty } from 'lodash/fp'; -import { IpOverviewRequestOptions } from './index'; - -const getAggs = (type: string, ip: string) => { - return { - [type]: { - filter: { - term: { - [`${type}.ip`]: ip, - }, - }, - aggs: { - firstSeen: { - min: { - field: '@timestamp', - }, - }, - lastSeen: { - max: { - field: '@timestamp', - }, - }, - as: { - filter: { - exists: { - field: `${type}.as`, - }, - }, - aggs: { - results: { - top_hits: { - size: 1, - _source: [`${type}.as`], - sort: [ - { - '@timestamp': 'desc', - }, - ], - }, - }, - }, - }, - geo: { - filter: { - exists: { - field: `${type}.geo`, - }, - }, - aggs: { - results: { - top_hits: { - size: 1, - _source: [`${type}.geo`], - sort: [ - { - '@timestamp': 'desc', - }, - ], - }, - }, - }, - }, - }, - }, - }; -}; - -const getHostAggs = (ip: string) => { - return { - host: { - filter: { - term: { - 'host.ip': ip, - }, - }, - aggs: { - results: { - top_hits: { - size: 1, - _source: ['host'], - sort: [ - { - '@timestamp': 'desc', - }, - ], - }, - }, - }, - }, - }; -}; - -export const buildOverviewQuery = ({ - defaultIndex, - docValueFields, - ip, -}: IpOverviewRequestOptions) => { - const dslQuery = { - allowNoIndices: true, - index: defaultIndex, - ignoreUnavailable: true, - body: { - ...(isEmpty(docValueFields) ? { docvalue_fields: docValueFields } : {}), - aggs: { - ...getAggs('source', ip), - ...getAggs('destination', ip), - ...getHostAggs(ip), - }, - query: { - bool: { - should: [], - }, - }, - size: 0, - track_total_hits: false, - }, - }; - - return dslQuery; -}; diff --git a/x-pack/plugins/security_solution/server/lib/ip_details/query_users.dsl.ts b/x-pack/plugins/security_solution/server/lib/ip_details/query_users.dsl.ts deleted file mode 100644 index 293a487777fd2..0000000000000 --- a/x-pack/plugins/security_solution/server/lib/ip_details/query_users.dsl.ts +++ /dev/null @@ -1,104 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import { assertUnreachable } from '../../../common/utility_types'; -import { Direction, UsersFields, UsersSortField } from '../../graphql/types'; -import { createQueryFilterClauses } from '../../utils/build_query'; - -import { UsersRequestOptions } from './index'; - -export const buildUsersQuery = ({ - ip, - sort, - filterQuery, - flowTarget, - pagination: { querySize }, - defaultIndex, - sourceConfiguration: { - fields: { timestamp }, - }, - timerange: { from, to }, -}: UsersRequestOptions) => { - const filter = [ - ...createQueryFilterClauses(filterQuery), - { - range: { - [timestamp]: { gte: from, lte: to, format: 'strict_date_optional_time' }, - }, - }, - { term: { [`${flowTarget}.ip`]: ip } }, - ]; - - const dslQuery = { - allowNoIndices: true, - index: defaultIndex, - ignoreUnavailable: true, - body: { - aggs: { - user_count: { - cardinality: { - field: 'user.name', - }, - }, - users: { - terms: { - field: 'user.name', - size: querySize, - order: { - ...getQueryOrder(sort), - }, - }, - aggs: { - id: { - terms: { - field: 'user.id', - }, - }, - groupId: { - terms: { - field: 'user.group.id', - }, - }, - groupName: { - terms: { - field: 'user.group.name', - }, - }, - }, - }, - }, - query: { - bool: { - filter, - must_not: [ - { - term: { - 'event.category': 'authentication', - }, - }, - ], - }, - }, - size: 0, - track_total_hits: false, - }, - }; - - return dslQuery; -}; - -type QueryOrder = { _count: Direction } | { _key: Direction }; - -const getQueryOrder = (sort: UsersSortField): QueryOrder => { - switch (sort.field) { - case UsersFields.name: - return { _key: sort.direction }; - case UsersFields.count: - return { _count: sort.direction }; - default: - return assertUnreachable(sort.field); - } -}; diff --git a/x-pack/plugins/security_solution/server/lib/ip_details/types.ts b/x-pack/plugins/security_solution/server/lib/ip_details/types.ts deleted file mode 100644 index d137d919932f7..0000000000000 --- a/x-pack/plugins/security_solution/server/lib/ip_details/types.ts +++ /dev/null @@ -1,135 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import { IpOverviewData, UsersData } from '../../graphql/types'; -import { FrameworkRequest, RequestBasicOptions } from '../framework'; -import { Hit, ShardsResponse, TotalValue } from '../types'; - -export interface IpDetailsAdapter { - getIpDetails(request: FrameworkRequest, options: RequestBasicOptions): Promise; - getUsers(request: FrameworkRequest, options: RequestBasicOptions): Promise; -} - -interface ResultHit { - doc_count: number; - results: { - hits: { - total: TotalValue | number; - max_score: number | null; - hits: Array<{ - _source: T; - sort?: [number]; - _index?: string; - _type?: string; - _id?: string; - _score?: number | null; - }>; - }; - }; -} - -export interface OverviewHit { - took?: number; - timed_out?: boolean; - _scroll_id?: string; - _shards?: ShardsResponse; - timeout?: number; - hits?: { - total: number; - hits: Hit[]; - }; - doc_count: number; - geo: ResultHit; - autonomousSystem: ResultHit; - firstSeen: { - value: number; - value_as_string: string; - }; - lastSeen: { - value: number; - value_as_string: string; - }; -} - -export type OverviewHostHit = ResultHit; - -export interface IpOverviewHit { - aggregations: { - destination?: OverviewHit; - source?: OverviewHit; - host: ResultHit; - }; - _shards: { - total: number; - successful: number; - skipped: number; - failed: number; - }; - hits: { - total: { - value: number; - relation: string; - }; - max_score: number | null; - hits: []; - }; - took: number; - timeout: number; -} - -// Users Table - -export interface UsersResponse { - took: number; - timed_out: boolean; - _shards: UsersShards; - hits: UsersHits; - aggregations: Aggregations; -} -interface UsersShards { - total: number; - successful: number; - skipped: number; - failed: number; -} -interface UsersHits { - max_score: null; - hits: string[]; -} -interface Aggregations { - user_count: UserCount; - users: Users; -} -interface UserCount { - value: number; -} -interface Users { - doc_count_error_upper_bound: number; - sum_other_doc_count: number; - buckets: UsersBucketsItem[]; -} -export interface UsersBucketsItem { - key: string; - doc_count: number; - groupName?: UsersGroupName; - groupId?: UsersGroupId; - id?: Id; -} -export interface UsersGroupName { - doc_count_error_upper_bound: number; - sum_other_doc_count: number; - buckets: UsersBucketsItem[]; -} -export interface UsersGroupId { - doc_count_error_upper_bound: number; - sum_other_doc_count: number; - buckets: UsersBucketsItem[]; -} -interface Id { - doc_count_error_upper_bound: number; - sum_other_doc_count: number; - buckets: UsersBucketsItem[]; -} diff --git a/x-pack/plugins/security_solution/server/lib/types.ts b/x-pack/plugins/security_solution/server/lib/types.ts index 3c7c1cd3d7cff..6e233f6e49d3b 100644 --- a/x-pack/plugins/security_solution/server/lib/types.ts +++ b/x-pack/plugins/security_solution/server/lib/types.ts @@ -13,7 +13,6 @@ import { Events } from './events'; import { FrameworkAdapter, FrameworkRequest } from './framework'; import { Hosts } from './hosts'; import { IndexFields } from './index_fields'; -import { IpDetails } from './ip_details'; import { KpiHosts } from './kpi_hosts'; import { KpiNetwork } from './kpi_network'; import { Network } from './network'; @@ -31,7 +30,6 @@ export interface AppDomainLibs { events: Events; fields: IndexFields; hosts: Hosts; - ipDetails: IpDetails; matrixHistogram: MatrixHistogram; network: Network; kpiNetwork: KpiNetwork; diff --git a/x-pack/test/api_integration/apis/security_solution/index.js b/x-pack/test/api_integration/apis/security_solution/index.js index a9ddf091245f7..a143d94dde172 100644 --- a/x-pack/test/api_integration/apis/security_solution/index.js +++ b/x-pack/test/api_integration/apis/security_solution/index.js @@ -21,7 +21,7 @@ export default function ({ loadTestFile }) { loadTestFile(require.resolve('./timeline')); loadTestFile(require.resolve('./timeline_details')); // loadTestFile(require.resolve('./uncommon_processes')); - loadTestFile(require.resolve('./users')); + // loadTestFile(require.resolve('./users')); // loadTestFile(require.resolve('./tls')); loadTestFile(require.resolve('./feature_controls')); }); diff --git a/x-pack/test/api_integration/apis/security_solution/network_details.ts b/x-pack/test/api_integration/apis/security_solution/network_details.ts index cffcd790fa19c..7b851e875454d 100644 --- a/x-pack/test/api_integration/apis/security_solution/network_details.ts +++ b/x-pack/test/api_integration/apis/security_solution/network_details.ts @@ -5,7 +5,9 @@ */ import expect from '@kbn/expect'; +// @ts-expect-error import { ipOverviewQuery } from '../../../../plugins/security_solution/public/network/containers/details/index.gql_query'; +// @ts-expect-error import { GetIpOverviewQuery } from '../../../../plugins/security_solution/public/graphql/types'; import { FtrProviderContext } from '../../ftr_provider_context'; diff --git a/x-pack/test/api_integration/apis/security_solution/users.ts b/x-pack/test/api_integration/apis/security_solution/users.ts index abb2c5b2f5bbd..9d42fc0b9788b 100644 --- a/x-pack/test/api_integration/apis/security_solution/users.ts +++ b/x-pack/test/api_integration/apis/security_solution/users.ts @@ -5,11 +5,14 @@ */ import expect from '@kbn/expect'; +// @ts-expect-error import { usersQuery } from '../../../../plugins/security_solution/public/network/containers/users/index.gql_query'; import { Direction, + // @ts-expect-error UsersFields, FlowTarget, + // @ts-expect-error GetUsersQuery, } from '../../../../plugins/security_solution/public/graphql/types'; import { FtrProviderContext } from '../../ftr_provider_context';