Skip to content

Commit

Permalink
[Alerting] Updating audit event terminology (#102263) (#102787)
Browse files Browse the repository at this point in the history 
* Updating audit terminology

* Fixing unit tests

* Updating audit docs

Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>

Co-authored-by: ymao1 <ying.mao@elastic.co>
  • Loading branch information
@kibanamachine @ymao1
kibanamachine and ymao1 authored Jun 21, 2021
1 parent 7f83682 commit 44b060c
Show file tree
Hide file tree
Showing 16 changed files with 193 additions and 193 deletions.
68 changes: 34 additions & 34 deletions docs/user/security/audit-logging.asciidoc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -93,9 +93,9 @@ Refer to the corresponding {es} logs for potential write errors.
| `unknown` | User is creating a connector.
| `failure` | User is not authorized to create a connector.

.2+| `alert_create`
| `unknown` | User is creating an alert.
| `failure` | User is not authorized to create an alert.
.2+| `rule_create`
| `unknown` | User is creating a rule.
| `failure` | User is not authorized to create a rule.

.2+| `space_create`
| `unknown` | User is creating a space.
Expand Down Expand Up @@ -128,38 +128,38 @@ Refer to the corresponding {es} logs for potential write errors.
| `unknown` | User is updating a connector.
| `failure` | User is not authorized to update a connector.

.2+| `alert_update`
| `unknown` | User is updating an alert.
| `failure` | User is not authorized to update an alert.
.2+| `rule_update`
| `unknown` | User is updating a rule.
| `failure` | User is not authorized to update a rule.

.2+| `alert_update_api_key`
| `unknown` | User is updating the API key of an alert.
| `failure` | User is not authorized to update the API key of an alert.
.2+| `rule_update_api_key`
| `unknown` | User is updating the API key of a rule.
| `failure` | User is not authorized to update the API key of a rule.

.2+| `alert_enable`
| `unknown` | User is enabling an alert.
| `failure` | User is not authorized to enable an alert.
.2+| `rule_enable`
| `unknown` | User is enabling a rule.
| `failure` | User is not authorized to enable a rule.

.2+| `alert_disable`
| `unknown` | User is disabling an alert.
| `failure` | User is not authorized to disable an alert.
.2+| `rule_disable`
| `unknown` | User is disabling a rule.
| `failure` | User is not authorized to disable a rule.

.2+| `alert_mute`
.2+| `rule_mute`
| `unknown` | User is muting a rule.
| `failure` | User is not authorized to mute a rule.

.2+| `rule_unmute`
| `unknown` | User is unmuting a rule.
| `failure` | User is not authorized to unmute a rule.

.2+| `rule_alert_mute`
| `unknown` | User is muting an alert.
| `failure` | User is not authorized to mute an alert.

.2+| `alert_unmute`
.2+| `rule_alert_unmute`
| `unknown` | User is unmuting an alert.
| `failure` | User is not authorized to unmute an alert.

.2+| `alert_instance_mute`
| `unknown` | User is muting an alert instance.
| `failure` | User is not authorized to mute an alert instance.

.2+| `alert_instance_unmute`
| `unknown` | User is unmuting an alert instance.
| `failure` | User is not authorized to unmute an alert instance.

.2+| `space_update`
| `unknown` | User is updating a space.
| `failure` | User is not authorized to update a space.
Expand All @@ -183,9 +183,9 @@ Refer to the corresponding {es} logs for potential write errors.
| `unknown` | User is deleting a connector.
| `failure` | User is not authorized to delete a connector.

.2+| `alert_delete`
| `unknown` | User is deleting an alert.
| `failure` | User is not authorized to delete an alert.
.2+| `rule_delete`
| `unknown` | User is deleting a rule.
| `failure` | User is not authorized to delete a rule.

.2+| `space_delete`
| `unknown` | User is deleting a space.
Expand Down Expand Up @@ -218,13 +218,13 @@ Refer to the corresponding {es} logs for potential write errors.
| `success` | User has accessed a connector as part of a search operation.
| `failure` | User is not authorized to search for connectors.

.2+| `alert_get`
| `success` | User has accessed an alert.
| `failure` | User is not authorized to access an alert.
.2+| `rule_get`
| `success` | User has accessed a rule.
| `failure` | User is not authorized to access a rule.

.2+| `alert_find`
| `success` | User has accessed an alert as part of a search operation.
| `failure` | User is not authorized to search for alerts.
.2+| `rule_find`
| `success` | User has accessed a rule as part of a search operation.
| `failure` | User is not authorized to search for rules.

.2+| `space_get`
| `success` | User has accessed a space.
Expand Down
102 changes: 51 additions & 51 deletions x-pack/plugins/alerting/server/alerts_client/alerts_client.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -63,7 +63,7 @@ import { parseDuration } from '../../common/parse_duration';
import { retryIfConflicts } from '../lib/retry_if_conflicts';
import { partiallyUpdateAlert } from '../saved_objects';
import { markApiKeyForInvalidation } from '../invalidate_pending_api_keys/mark_api_key_for_invalidation';
import { alertAuditEvent, AlertAuditAction } from './audit_events';
import { ruleAuditEvent, RuleAuditAction } from './audit_events';
import { KueryNode, nodeBuilder } from '../../../../../src/plugins/data/common';
import { mapSortField } from './lib';
import { getAlertExecutionStatusPending } from '../lib/alert_execution_status';
Expand Down Expand Up @@ -253,8 +253,8 @@ export class AlertsClient {
});
} catch (error) {
this.auditLogger?.log(
alertAuditEvent({
action: AlertAuditAction.CREATE,
ruleAuditEvent({
action: RuleAuditAction.CREATE,
savedObject: { type: 'alert', id },
error,
})
Expand Down Expand Up @@ -305,8 +305,8 @@ export class AlertsClient {
};

this.auditLogger?.log(
alertAuditEvent({
action: AlertAuditAction.CREATE,
ruleAuditEvent({
action: RuleAuditAction.CREATE,
outcome: 'unknown',
savedObject: { type: 'alert', id },
})
Expand Down Expand Up @@ -375,17 +375,17 @@ export class AlertsClient {
});
} catch (error) {
this.auditLogger?.log(
alertAuditEvent({
action: AlertAuditAction.GET,
ruleAuditEvent({
action: RuleAuditAction.GET,
savedObject: { type: 'alert', id },
error,
})
);
throw error;
}
this.auditLogger?.log(
alertAuditEvent({
action: AlertAuditAction.GET,
ruleAuditEvent({
action: RuleAuditAction.GET,
savedObject: { type: 'alert', id },
})
);
Expand Down Expand Up @@ -467,8 +467,8 @@ export class AlertsClient {
);
} catch (error) {
this.auditLogger?.log(
alertAuditEvent({
action: AlertAuditAction.FIND,
ruleAuditEvent({
action: RuleAuditAction.FIND,
error,
})
);
Expand Down Expand Up @@ -508,8 +508,8 @@ export class AlertsClient {
);
} catch (error) {
this.auditLogger?.log(
alertAuditEvent({
action: AlertAuditAction.FIND,
ruleAuditEvent({
action: RuleAuditAction.FIND,
savedObject: { type: 'alert', id },
error,
})
Expand All @@ -525,8 +525,8 @@ export class AlertsClient {

authorizedData.forEach(({ id }) =>
this.auditLogger?.log(
alertAuditEvent({
action: AlertAuditAction.FIND,
ruleAuditEvent({
action: RuleAuditAction.FIND,
savedObject: { type: 'alert', id },
})
)
Expand Down Expand Up @@ -620,8 +620,8 @@ export class AlertsClient {
});
} catch (error) {
this.auditLogger?.log(
alertAuditEvent({
action: AlertAuditAction.DELETE,
ruleAuditEvent({
action: RuleAuditAction.DELETE,
savedObject: { type: 'alert', id },
error,
})
Expand All @@ -630,8 +630,8 @@ export class AlertsClient {
}

this.auditLogger?.log(
alertAuditEvent({
action: AlertAuditAction.DELETE,
ruleAuditEvent({
action: RuleAuditAction.DELETE,
outcome: 'unknown',
savedObject: { type: 'alert', id },
})
Expand Down Expand Up @@ -694,8 +694,8 @@ export class AlertsClient {
});
} catch (error) {
this.auditLogger?.log(
alertAuditEvent({
action: AlertAuditAction.UPDATE,
ruleAuditEvent({
action: RuleAuditAction.UPDATE,
savedObject: { type: 'alert', id },
error,
})
Expand All @@ -704,8 +704,8 @@ export class AlertsClient {
}

this.auditLogger?.log(
alertAuditEvent({
action: AlertAuditAction.UPDATE,
ruleAuditEvent({
action: RuleAuditAction.UPDATE,
outcome: 'unknown',
savedObject: { type: 'alert', id },
})
Expand Down Expand Up @@ -870,8 +870,8 @@ export class AlertsClient {
}
} catch (error) {
this.auditLogger?.log(
alertAuditEvent({
action: AlertAuditAction.UPDATE_API_KEY,
ruleAuditEvent({
action: RuleAuditAction.UPDATE_API_KEY,
savedObject: { type: 'alert', id },
error,
})
Expand Down Expand Up @@ -900,8 +900,8 @@ export class AlertsClient {
});

this.auditLogger?.log(
alertAuditEvent({
action: AlertAuditAction.UPDATE_API_KEY,
ruleAuditEvent({
action: RuleAuditAction.UPDATE_API_KEY,
outcome: 'unknown',
savedObject: { type: 'alert', id },
})
Expand Down Expand Up @@ -976,8 +976,8 @@ export class AlertsClient {
}
} catch (error) {
this.auditLogger?.log(
alertAuditEvent({
action: AlertAuditAction.ENABLE,
ruleAuditEvent({
action: RuleAuditAction.ENABLE,
savedObject: { type: 'alert', id },
error,
})
Expand All @@ -986,8 +986,8 @@ export class AlertsClient {
}

this.auditLogger?.log(
alertAuditEvent({
action: AlertAuditAction.ENABLE,
ruleAuditEvent({
action: RuleAuditAction.ENABLE,
outcome: 'unknown',
savedObject: { type: 'alert', id },
})
Expand Down Expand Up @@ -1090,8 +1090,8 @@ export class AlertsClient {
});
} catch (error) {
this.auditLogger?.log(
alertAuditEvent({
action: AlertAuditAction.DISABLE,
ruleAuditEvent({
action: RuleAuditAction.DISABLE,
savedObject: { type: 'alert', id },
error,
})
Expand All @@ -1100,8 +1100,8 @@ export class AlertsClient {
}

this.auditLogger?.log(
alertAuditEvent({
action: AlertAuditAction.DISABLE,
ruleAuditEvent({
action: RuleAuditAction.DISABLE,
outcome: 'unknown',
savedObject: { type: 'alert', id },
})
Expand Down Expand Up @@ -1167,8 +1167,8 @@ export class AlertsClient {
}
} catch (error) {
this.auditLogger?.log(
alertAuditEvent({
action: AlertAuditAction.MUTE,
ruleAuditEvent({
action: RuleAuditAction.MUTE,
savedObject: { type: 'alert', id },
error,
})
Expand All @@ -1177,8 +1177,8 @@ export class AlertsClient {
}

this.auditLogger?.log(
alertAuditEvent({
action: AlertAuditAction.MUTE,
ruleAuditEvent({
action: RuleAuditAction.MUTE,
outcome: 'unknown',
savedObject: { type: 'alert', id },
})
Expand Down Expand Up @@ -1229,8 +1229,8 @@ export class AlertsClient {
}
} catch (error) {
this.auditLogger?.log(
alertAuditEvent({
action: AlertAuditAction.UNMUTE,
ruleAuditEvent({
action: RuleAuditAction.UNMUTE,
savedObject: { type: 'alert', id },
error,
})
Expand All @@ -1239,8 +1239,8 @@ export class AlertsClient {
}

this.auditLogger?.log(
alertAuditEvent({
action: AlertAuditAction.UNMUTE,
ruleAuditEvent({
action: RuleAuditAction.UNMUTE,
outcome: 'unknown',
savedObject: { type: 'alert', id },
})
Expand Down Expand Up @@ -1291,8 +1291,8 @@ export class AlertsClient {
}
} catch (error) {
this.auditLogger?.log(
alertAuditEvent({
action: AlertAuditAction.MUTE_INSTANCE,
ruleAuditEvent({
action: RuleAuditAction.MUTE_ALERT,
savedObject: { type: 'alert', id: alertId },
error,
})
Expand All @@ -1301,8 +1301,8 @@ export class AlertsClient {
}

this.auditLogger?.log(
alertAuditEvent({
action: AlertAuditAction.MUTE_INSTANCE,
ruleAuditEvent({
action: RuleAuditAction.MUTE_ALERT,
outcome: 'unknown',
savedObject: { type: 'alert', id: alertId },
})
Expand Down Expand Up @@ -1358,8 +1358,8 @@ export class AlertsClient {
}
} catch (error) {
this.auditLogger?.log(
alertAuditEvent({
action: AlertAuditAction.UNMUTE_INSTANCE,
ruleAuditEvent({
action: RuleAuditAction.UNMUTE_ALERT,
savedObject: { type: 'alert', id: alertId },
error,
})
Expand All @@ -1368,8 +1368,8 @@ export class AlertsClient {
}

this.auditLogger?.log(
alertAuditEvent({
action: AlertAuditAction.UNMUTE_INSTANCE,
ruleAuditEvent({
action: RuleAuditAction.UNMUTE_ALERT,
outcome: 'unknown',
savedObject: { type: 'alert', id: alertId },
})
Expand Down
Loading

0 comments on commit 44b060c

Please sign in to comment.