Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Security Solution][Alerts] - Add alerts subfeature UI #105505

Merged
merged 3 commits into from
Jul 15, 2021
Merged

[Security Solution][Alerts] - Add alerts subfeature UI #105505

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
7917abb
updates security solution to add alerts subfeature based on rule regi…
yctercero Jul 9, 2021
046341a
adds alerts subfeature UI in security solution
yctercero Jul 13, 2021
ed9f3b6
updated global read role and test config to add flag for rule registr…
yctercero Jul 15, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
161 changes: 161 additions & 0 deletions x-pack/plugins/security_solution/server/features.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,161 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/

import { i18n } from '@kbn/i18n';

import { KibanaFeatureConfig, SubFeatureConfig } from '../../features/common';
import { DEFAULT_APP_CATEGORIES } from '../../../../src/core/server';
import { APP_ID, SERVER_APP_ID } from '../common/constants';
import { savedObjectTypes } from './saved_objects';

const CASES_SUB_FEATURE: SubFeatureConfig = {
name: 'Cases',
privilegeGroups: [
{
groupType: 'mutually_exclusive',
privileges: [
{
id: 'cases_all',
includeIn: 'all',
name: 'All',
savedObject: {
all: [],
read: [],
},
// using variables with underscores here otherwise when we retrieve them from the kibana
// capabilities in a hook I get type errors regarding boolean | ReadOnly<{[x: string]: boolean}>
ui: ['crud_cases', 'read_cases'], // uiCapabilities.siem.crud_cases
cases: {
all: [APP_ID],
},
},
{
id: 'cases_read',
includeIn: 'read',
name: 'Read',
savedObject: {
all: [],
read: [],
},
// using variables with underscores here otherwise when we retrieve them from the kibana
// capabilities in a hook I get type errors regarding boolean | ReadOnly<{[x: string]: boolean}>
ui: ['read_cases'], // uiCapabilities.siem.read_cases
cases: {
read: [APP_ID],
},
},
],
},
],
};

export const getAlertsSubFeature = (ruleTypes: string[]): SubFeatureConfig => ({
name: i18n.translate('xpack.securitySolution.featureRegistry.manageAlertsName', {
defaultMessage: 'Alerts',
}),
privilegeGroups: [
{
groupType: 'mutually_exclusive',
privileges: [
{
id: 'alerts_all',
name: i18n.translate('xpack.securitySolution.featureRegistry.subfeature.alertsAllName', {
defaultMessage: 'All',
}),
includeIn: 'all' as 'all',
alerting: {
alert: {
all: ruleTypes,
},
},
savedObject: {
all: [],
read: [],
},
ui: [],
},
{
id: 'alerts_read',
name: i18n.translate('xpack.securitySolution.featureRegistry.subfeature.alertsReadName', {
defaultMessage: 'Read',
}),
includeIn: 'read' as 'read',
alerting: {
alert: {
read: ruleTypes,
},
},
savedObject: {
all: [],
read: [],
},
ui: [],
},
],
},
],
});

export const getKibanaPrivilegesFeaturePrivileges = (
ruleTypes: string[],
isRuleRegistryEnabled: boolean
): KibanaFeatureConfig => ({
id: SERVER_APP_ID,
name: i18n.translate('xpack.securitySolution.featureRegistry.linkSecuritySolutionTitle', {
defaultMessage: 'Security',
}),
order: 1100,
category: DEFAULT_APP_CATEGORIES.security,
app: [APP_ID, 'kibana'],
catalogue: ['securitySolution'],
management: {
insightsAndAlerting: ['triggersActions'],
},
alerting: ruleTypes,
cases: [APP_ID],
subFeatures: isRuleRegistryEnabled
? [{ ...CASES_SUB_FEATURE }, { ...getAlertsSubFeature(ruleTypes) }]
: [{ ...CASES_SUB_FEATURE }],
privileges: {
all: {
app: [APP_ID, 'kibana'],
catalogue: ['securitySolution'],
api: ['securitySolution', 'lists-all', 'lists-read', 'rac'],
savedObject: {
all: ['alert', 'exception-list', 'exception-list-agnostic', ...savedObjectTypes],
read: [],
},
alerting: {
rule: {
all: ruleTypes,
},
},
management: {
insightsAndAlerting: ['triggersActions'],
},
ui: ['show', 'crud'],
},
read: {
app: [APP_ID, 'kibana'],
catalogue: ['securitySolution'],
api: ['securitySolution', 'lists-read', 'rac'],
savedObject: {
all: [],
read: ['exception-list', 'exception-list-agnostic', ...savedObjectTypes],
},
alerting: {
rule: {
read: ruleTypes,
},
},
management: {
insightsAndAlerting: ['triggersActions'],
},
ui: ['show'],
},
},
});
109 changes: 5 additions & 104 deletions x-pack/plugins/security_solution/server/plugin.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,6 @@

import { once } from 'lodash';
import { Observable } from 'rxjs';
import { i18n } from '@kbn/i18n';
import LRU from 'lru-cache';

import {
Expand All @@ -17,7 +16,6 @@ import {
Plugin as IPlugin,
PluginInitializerContext,
SavedObjectsClient,
DEFAULT_APP_CATEGORIES,
} from '../../../../src/core/server';
import {
PluginSetup as DataPluginSetup,
Expand Down Expand Up @@ -58,7 +56,7 @@ import { signalRulesAlertType } from './lib/detection_engine/signals/signal_rule
import { rulesNotificationAlertType } from './lib/detection_engine/notifications/rules_notification_alert_type';
import { isNotificationAlertExecutor } from './lib/detection_engine/notifications/types';
import { ManifestTask } from './endpoint/lib/artifacts';
import { initSavedObjects, savedObjectTypes } from './saved_objects';
import { initSavedObjects } from './saved_objects';
import { AppClientFactory } from './client';
import { createConfig, ConfigType } from './config';
import { initUiSettings } from './ui_settings';
Expand Down Expand Up @@ -91,6 +89,7 @@ import { licenseService } from './lib/license';
import { PolicyWatcher } from './endpoint/lib/policy/license_watch';
import { parseExperimentalConfigValue } from '../common/experimental_features';
import { migrateArtifactsToFleet } from './endpoint/lib/artifacts/migrate_artifacts_to_fleet';
import { getKibanaPrivilegesFeaturePrivileges } from './features';

export interface SetupPlugins {
alerting: AlertingSetup;
Expand Down Expand Up @@ -279,107 +278,9 @@ export class Plugin implements IPlugin<PluginSetup, PluginStart, SetupPlugins, S
...(isRuleRegistryEnabled ? referenceRuleTypes : []),
];

plugins.features.registerKibanaFeature({
id: SERVER_APP_ID,
name: i18n.translate('xpack.securitySolution.featureRegistry.linkSecuritySolutionTitle', {
defaultMessage: 'Security',
}),
order: 1100,
category: DEFAULT_APP_CATEGORIES.security,
app: [APP_ID, 'kibana'],
catalogue: ['securitySolution'],
management: {
insightsAndAlerting: ['triggersActions'],
},
alerting: ruleTypes,
cases: [APP_ID],
subFeatures: [
{
name: 'Cases',
privilegeGroups: [
{
groupType: 'mutually_exclusive',
privileges: [
{
id: 'cases_all',
includeIn: 'all',
name: 'All',
savedObject: {
all: [],
read: [],
},
// using variables with underscores here otherwise when we retrieve them from the kibana
// capabilities in a hook I get type errors regarding boolean | ReadOnly<{[x: string]: boolean}>
ui: ['crud_cases', 'read_cases'], // uiCapabilities.siem.crud_cases
cases: {
all: [APP_ID],
},
},
{
id: 'cases_read',
includeIn: 'read',
name: 'Read',
savedObject: {
all: [],
read: [],
},
// using variables with underscores here otherwise when we retrieve them from the kibana
// capabilities in a hook I get type errors regarding boolean | ReadOnly<{[x: string]: boolean}>
ui: ['read_cases'], // uiCapabilities.siem.read_cases
cases: {
read: [APP_ID],
},
},
],
},
],
},
],
privileges: {
all: {
app: [APP_ID, 'kibana'],
catalogue: ['securitySolution'],
api: ['securitySolution', 'lists-all', 'lists-read', 'rac'],
savedObject: {
all: ['alert', 'exception-list', 'exception-list-agnostic', ...savedObjectTypes],
read: [],
},
alerting: {
rule: {
all: ruleTypes,
},
alert: {
all: ruleTypes,
},
},
management: {
insightsAndAlerting: ['triggersActions'],
},
ui: ['show', 'crud'],
},
read: {
app: [APP_ID, 'kibana'],
catalogue: ['securitySolution'],
api: ['securitySolution', 'lists-read', 'rac'],
savedObject: {
all: [],
read: ['exception-list', 'exception-list-agnostic', ...savedObjectTypes],
},
alerting: {
rule: {
read: ruleTypes,
},
alert: {
read: ruleTypes,
},
},
management: {
insightsAndAlerting: ['triggersActions'],
},
ui: ['show'],
},
},
});
plugins.features.registerKibanaFeature(
getKibanaPrivilegesFeaturePrivileges(ruleTypes, isRuleRegistryEnabled)
);

// Continue to register legacy rules against alerting client exposed through rule-registry
if (this.setupPlugins.alerting != null) {
Expand Down
3 changes: 3 additions & 0 deletions x-pack/test/rule_registry/common/config.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -80,6 +80,9 @@ export function createTestConfig(name: string, options: CreateTestConfigOptions)
`--xpack.actions.enabledActionTypes=${JSON.stringify(enabledActionTypes)}`,
'--xpack.eventLog.logEntries=true',
...disabledPlugins.map((key) => `--xpack.${key}.enabled=false`),
// TO DO: Remove feature flags once we're good to go
'--xpack.securitySolution.enableExperimental=["ruleRegistryEnabled"]',
'--xpack.ruleRegistry.write.enabled=true',
`--server.xsrf.whitelist=${JSON.stringify(getAllExternalServiceSimulatorPaths())}`,
...(ssl
? [
Expand Down
5 changes: 1 addition & 4 deletions x-pack/test/rule_registry/common/lib/authentication/roles.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,10 +24,7 @@ export const globalRead: Role = {
},
kibana: [
{
feature: {
siem: ['read'],
apm: ['read'],
},
base: ['read'],
spaces: ['*'],
},
],
Expand Down