[Endpoint] Host Details Policy Response Panel #63518

paul-tavares · 2020-04-14T19:52:58Z

Summary

Converts the Policy Status on the host details panel to a link, that when clicked will show a Policy Response panel (empty at the moment). Enablement of this panel is driven by a new URL search param (show).
In addition, the following improvements were also done:

the mocks/app_context_render was enhanced to use the Redux middleware Action spy
The Redux Middleware Action spy utility was moved to be directly under store/ (its not specific to Policy List and is now being used in the mock app context render)
The Redux Middleware Action waitForAction() utility was modified to resolve with the action that was dispatched

Hosts List

Checklist

Delete any items that are not applicable to this PR.

Any text added follows EUI's writing guidelines, uses sentence case text and includes i18n support
Unit or functional tests were updated or added to match the most common scenarios
This renders correctly on smaller devices using a responsive layout. (You can test this in your browser

elasticmachine · 2020-04-14T19:53:36Z

Pinging @elastic/endpoint-management (Team:Endpoint Management)

elasticmachine · 2020-04-14T19:53:37Z

Pinging @elastic/endpoint-app-team (Feature:Endpoint)

oatkiller · 2020-04-15T12:59:22Z

x-pack/plugins/endpoint/public/applications/endpoint/view/hosts/details/host_details.tsx

+              data-test-subj="hostnameCellLink"
+              href={'?' + policyResponseUri.search}
+              onClick={(ev: React.MouseEvent) => {
+                ev.preventDefault();


should this use the same logic as we do here: https://github.com/elastic/kibana/blob/master/x-pack/plugins/endpoint/public/applications/endpoint/view/hooks/use_navigate_to_app_event_handler.ts#L42

No - its different here. In this case, its not a navigate to app, but rather a direct router history update. @kevinlog is assigned to issue 230 which will (I assume) add an additional hook similar to the one you referenced above, but that will use react-router's history.push.

@paul-tavares gotcha.

re: using the same logic, I meant should ev.preventDefault() here be replaced with:

try { if (onClick) { onClick(ev); } } catch (error) { ev.preventDefault(); throw error; } if (ev.defaultPrevented) { return; } if (ev.button !== 0) { return; } if ( ev.currentTarget instanceof HTMLAnchorElement && ev.currentTarget.target !== '' && ev.currentTarget.target !== '_self' ) { return; } if (ev.metaKey || ev.altKey || ev.ctrlKey || ev.shiftKey) { return; } ev.preventDefault();

Yeah, I thought about that. I'm hoping we will have a true hook implemented soon so that we don't keep duplicating this type of code (increase tech. debt). There are a few links already doing this through out our codebase

@kevinlog you ok if I just go ahead and implement the hook for this?

@paul-tavares yes, sounds good.

Ok. If @oatkiller is ok with it, then I will work on that Issue next and will search/replace usages in our code base with the new callback.

oatkiller · 2020-04-15T13:10:41Z

...ns/endpoint/public/applications/endpoint/view/hosts/details/components/flyout_sub_header.tsx

+  ({ children, backButton, ...otherProps }) => {
+    return (
+      <StyledEuiFlyoutHeader hasBorder {...otherProps} className={backButton && `hasButtons`}>
+        {backButton && (


what is the purpose of having a second back button?

There is only 1 back button - if you look at the screen capture above, you can see the link in the sub-panel. perhaps if I rename the prop to leftLink it would be clearer?

Also - FYI: I made this a separate component because I think we'll have more use cases we will need it - at least that seems to be true for Host details. Once we have that need, we should likely move the component to a higher directory.

Sorry, I was thinking 'second' as in addition to the browser back button. does this do the same thing? or is it different

@oatkiller

does this do the same thing? or is it different

Yes and No :)
The link (in the current usage by Host Policy Response panel) will always take you to the Host Details panel. If user navigated to the Policy Response panel from the host details, then yes, the behaviour would be the same as the browser back button. But since this panel is driven by a URL param, the user might have also gotten there by using the URL directly - in that case, this link would (possibly) not match the behavior of the browser's back button.

… prop

paul-tavares · 2020-04-15T13:50:41Z

x-pack/plugins/endpoint/public/applications/endpoint/mocks/app_context_render.tsx

+  const store = appStoreFactory({
+    coreStart,
+    depsStart,
+    additionalMiddleware: [middlewareSpy.actionSpyMiddleware],


@oatkiller could you review and comment on this change?
This goes along with a change to the appStoreMiddleware() (see further below). It enables us to inject the actionSpyMiddleware into the application store for testing purposes.

Let me know your thoughts

I generally think this makes sense. One thought though:

When looking at the appStoreFactory, I see these comments:

/** * Any additional Redux Middlewares * (should only be used for testing - example: to inject the action spy middleware) */

// Additional Middleware should go last ...additionalMiddleware

Based on those, could we replace:

additionalMiddleware?: Array<ReturnType<typeof substateMiddlewareFactory>>;

with:

actionSpyMiddleware?: WhateverTheTypeShouldBe

Let me know your thoughts

Thanks for the comments. Yeah, that makes sense. I assume that would be (from our types.ts) - ReturnType<MiddlewareFactory> so that it is correctly typed for the dispatch signature.

paul-tavares · 2020-04-15T13:53:16Z

x-pack/plugins/endpoint/public/applications/endpoint/store/test_utils.ts

+/**
+ * Utilities for testing Redux middleware
+ */
+export interface MiddlewareActionSpyHelper<S = GlobalState> {


Moved this test utility under /store since its not specific to Host list and can be used by any of the test cases. Currently used in the mocks/app_context_render

…resolve

…cy-Response-panel # Conflicts: # x-pack/plugins/endpoint/public/applications/endpoint/store/policy_list/index.test.ts # x-pack/plugins/endpoint/public/applications/endpoint/store/policy_list/test_mock_utils.ts

paul-tavares · 2020-04-16T12:48:41Z

x-pack/plugins/endpoint/public/applications/endpoint/store/test_utils.ts

+          if (action.type === actionType) {
+            watchers.delete(watch);
+            clearTimeout(timeout);
+            resolve((action as unknown) as ActionsMap<A>[typeof actionType]);


I had to this this casting here (which I think is safe being that we are inside of the if() clause) because I kept getting errors in TS around the types not matching. It might have something to do with the fact that the ActionWatcher is defined to take in AppAction (A), but the return value is actually from the ActionMap. They should match up (in my opinion), but they are not 😞

parkiino · 2020-04-16T13:56:28Z

...ns/endpoint/public/applications/endpoint/view/hosts/details/components/flyout_sub_header.tsx

+  }
+`;
+
+const BUTTON_CONTENT_PROPS = Object.freeze({ className: 'back-button-content' });


question about why you have to object.freeze this object

I am defining this constant at the module level and want to ensure it is never mutated accidentally, since that would impact future instantiations of the component.
Maybe I should have also used a type to set the value as Immutable.

…cy-Response-panel

paul-tavares · 2020-04-16T17:03:23Z

jenkins test this

kibanamachine · 2020-04-16T18:58:40Z

💛 Build succeeded, but was flaky

continuous-integration/kibana-ci/pull-request
Commit: c99b360
Flaky suites:
- xpack-kibana-ciGroup1

Test Failures

Kibana Pipeline / kibana-xpack-agent / X-Pack Detection Engine API Integration Tests.x-pack/test/detection_engine_api_integration/security_and_spaces/tests/find_statuses·ts.detection engine api security and spaces enabled find_statuses should return a single rule status when a single rule is loaded from a find status with defaults added

Link to Jenkins

Standard Out

Failed Tests Reporter:
  - Test has failed 1 times on tracked branches: https://github.com/elastic/kibana/issues/63747

[00:00:00]       │
[00:00:00]         └-: detection engine api security and spaces enabled
[00:00:00]           └-> "before all" hook
[00:02:18]           └-: find_statuses
[00:02:18]             └-> "before all" hook
[00:02:18]             └-> should return an empty find statuses body correctly if no statuses are loaded
[00:02:18]               └-> "before each" hook: global before each
[00:02:18]               └-> "before each" hook
[00:02:18]                 │ info [o.e.x.i.a.TransportPutLifecycleAction] [kibana-ci-immutable-ubuntu-16-tests-xl-1587056632249124530] adding index lifecycle policy [.siem-signals-default]
[00:02:18]                 │ info [o.e.c.m.MetadataIndexTemplateService] [kibana-ci-immutable-ubuntu-16-tests-xl-1587056632249124530] adding template [.siem-signals-default] for index patterns [.siem-signals-default-*]
[00:02:18]                 │ info [o.e.c.m.MetadataCreateIndexService] [kibana-ci-immutable-ubuntu-16-tests-xl-1587056632249124530] applying create index request using v1 templates [{".siem-signals-default":{"order":0,"index_patterns":[".siem-signals-default-*"],"settings":{"index":{"lifecycle":{"name":".siem-signals-default","rollover_alias":".siem-signals-default"}}},"mappings":{"_doc":{"dynamic":false,"properties":{"container":{"properties":{"image":{"properties":{"name":{"ignore_above":1024,"type":"keyword"},"tag":{"ignore_above":1024,"type":"keyword"}}},"name":{"ignore_above":1024,"type":"keyword"},"runtime":{"ignore_above":1024,"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"},"labels":{"type":"object"}}},"server":{"properties":{"nat":{"properties":{"port":{"type":"long"},"ip":{"type":"ip"}}},"address":{"ignore_above":1024,"type":"keyword"},"top_level_domain":{"ignore_above":1024,"type":"keyword"},"ip":{"type":"ip"},"mac":{"ignore_above":1024,"type":"keyword"},"packets":{"type":"long"},"geo":{"properties":{"continent_name":{"ignore_above":1024,"type":"keyword"},"region_iso_code":{"ignore_above":1024,"type":"keyword"},"city_name":{"ignore_above":1024,"type":"keyword"},"country_iso_code":{"ignore_above":1024,"type":"keyword"},"country_name":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"type":"keyword"},"location":{"type":"geo_point"},"region_name":{"ignore_above":1024,"type":"keyword"}}},"as":{"properties":{"number":{"type":"long"},"organization":{"properties":{"name":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"}}}}},"registered_domain":{"ignore_above":1024,"type":"keyword"},"port":{"type":"long"},"bytes":{"type":"long"},"domain":{"ignore_above":1024,"type":"keyword"},"user":{"properties":{"full_name":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"domain":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"},"email":{"ignore_above":1024,"type":"keyword"},"hash":{"ignore_above":1024,"type":"keyword"},"group":{"properties":{"domain":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"}}}}}}},"agent":{"properties":{"name":{"ignore_above":1024,"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"},"ephemeral_id":{"ignore_above":1024,"type":"keyword"},"type":{"ignore_above":1024,"type":"keyword"},"version":{"ignore_above":1024,"type":"keyword"}}},"log":{"properties":{"original":{"ignore_above":1024,"index":false,"type":"keyword","doc_values":false},"level":{"ignore_above":1024,"type":"keyword"},"logger":{"ignore_above":1024,"type":"keyword"},"origin":{"properties":{"file":{"properties":{"line":{"type":"integer"},"name":{"ignore_above":1024,"type":"keyword"}}},"function":{"ignore_above":1024,"type":"keyword"}}},"syslog":{"type":"object","properties":{"severity":{"properties":{"code":{"type":"long"},"name":{"ignore_above":1024,"type":"keyword"}}},"priority":{"type":"long"},"facility":{"properties":{"code":{"type":"long"},"name":{"ignore_above":1024,"type":"keyword"}}}}}}},"destination":{"properties":{"nat":{"properties":{"port":{"type":"long"},"ip":{"type":"ip"}}},"address":{"ignore_above":1024,"type":"keyword"},"top_level_domain":{"ignore_above":1024,"type":"keyword"},"ip":{"type":"ip"},"mac":{"ignore_above":1024,"type":"keyword"},"packets":{"type":"long"},"geo":{"properties":{"continent_name":{"ignore_above":1024,"type":"keyword"},"region_iso_code":{"ignore_above":1024,"type":"keyword"},"city_name":{"ignore_above":1024,"type":"keyword"},"country_iso_code":{"ignore_above":1024,"type":"keyword"},"country_name":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"type":"keyword"},"location":{"type":"geo_point"},"region_name":{"ignore_above":1024,"type":"keyword"}}},"as":{"properties":{"number":{"type":"long"},"organization":{"properties":{"name":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"}}}}},"registered_domain":{"ignore_above":1024,"type":"keyword"},"port":{"type":"long"},"bytes":{"type":"long"},"domain":{"ignore_above":1024,"type":"keyword"},"user":{"properties":{"full_name":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"domain":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"},"email":{"ignore_above":1024,"type":"keyword"},"hash":{"ignore_above":1024,"type":"keyword"},"group":{"properties":{"domain":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"}}}}}}},"rule":{"properties":{"reference":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"type":"keyword"},"ruleset":{"ignore_above":1024,"type":"keyword"},"description":{"ignore_above":1024,"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"},"category":{"ignore_above":1024,"type":"keyword"},"uuid":{"ignore_above":1024,"type":"keyword"},"version":{"ignore_above":1024,"type":"keyword"}}},"source":{"properties":{"nat":{"properties":{"port":{"type":"long"},"ip":{"type":"ip"}}},"address":{"ignore_above":1024,"type":"keyword"},"top_level_domain":{"ignore_above":1024,"type":"keyword"},"ip":{"type":"ip"},"mac":{"ignore_above":1024,"type":"keyword"},"packets":{"type":"long"},"geo":{"properties":{"continent_name":{"ignore_above":1024,"type":"keyword"},"region_iso_code":{"ignore_above":1024,"type":"keyword"},"city_name":{"ignore_above":1024,"type":"keyword"},"country_iso_code":{"ignore_above":1024,"type":"keyword"},"country_name":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"type":"keyword"},"location":{"type":"geo_point"},"region_name":{"ignore_above":1024,"type":"keyword"}}},"as":{"properties":{"number":{"type":"long"},"organization":{"properties":{"name":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"}}}}},"registered_domain":{"ignore_above":1024,"type":"keyword"},"port":{"type":"long"},"bytes":{"type":"long"},"domain":{"ignore_above":1024,"type":"keyword"},"user":{"properties":{"full_name":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"domain":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"},"email":{"ignore_above":1024,"type":"keyword"},"hash":{"ignore_above":1024,"type":"keyword"},"group":{"properties":{"domain":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"}}}}}}},"error":{"properties":{"code":{"ignore_above":1024,"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"},"stack_trace":{"ignore_above":1024,"index":false,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword","doc_values":false},"message":{"norms":false,"type":"text"},"type":{"ignore_above":1024,"type":"keyword"}}},"network":{"properties":{"community_id":{"ignore_above":1024,"type":"keyword"},"forwarded_ip":{"type":"ip"},"protocol":{"ignore_above":1024,"type":"keyword"},"application":{"ignore_above":1024,"type":"keyword"},"bytes":{"type":"long"},"name":{"ignore_above":1024,"type":"keyword"},"transport":{"ignore_above":1024,"type":"keyword"},"type":{"ignore_above":1024,"type":"keyword"},"iana_number":{"ignore_above":1024,"type":"keyword"},"packets":{"type":"long"},"direction":{"ignore_above":1024,"type":"keyword"}}},"cloud":{"properties":{"availability_zone":{"ignore_above":1024,"type":"keyword"},"instance":{"properties":{"name":{"ignore_above":1024,"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"}}},"provider":{"ignore_above":1024,"type":"keyword"},"machine":{"properties":{"type":{"ignore_above":1024,"type":"keyword"}}},"region":{"ignore_above":1024,"type":"keyword"},"account":{"properties":{"id":{"ignore_above":1024,"type":"keyword"}}}}},"geo":{"properties":{"continent_name":{"ignore_above":1024,"type":"keyword"},"region_iso_code":{"ignore_above":1024,"type":"keyword"},"city_name":{"ignore_above":1024,"type":"keyword"},"country_iso_code":{"ignore_above":1024,"type":"keyword"},"country_name":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"type":"keyword"},"location":{"type":"geo_point"},"region_name":{"ignore_above":1024,"type":"keyword"}}},"observer":{"properties":{"geo":{"properties":{"continent_name":{"ignore_above":1024,"type":"keyword"},"region_iso_code":{"ignore_above":1024,"type":"keyword"},"city_name":{"ignore_above":1024,"type":"keyword"},"country_iso_code":{"ignore_above":1024,"type":"keyword"},"country_name":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"type":"keyword"},"location":{"type":"geo_point"},"region_name":{"ignore_above":1024,"type":"keyword"}}},"hostname":{"ignore_above":1024,"type":"keyword"},"product":{"ignore_above":1024,"type":"keyword"},"os":{"properties":{"kernel":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"family":{"ignore_above":1024,"type":"keyword"},"version":{"ignore_above":1024,"type":"keyword"},"platform":{"ignore_above":1024,"type":"keyword"},"full":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"}}},"vendor":{"ignore_above":1024,"type":"keyword"},"ip":{"type":"ip"},"name":{"ignore_above":1024,"type":"keyword"},"serial_number":{"ignore_above":1024,"type":"keyword"},"type":{"ignore_above":1024,"type":"keyword"},"version":{"ignore_above":1024,"type":"keyword"},"mac":{"ignore_above":1024,"type":"keyword"}}},"trace":{"properties":{"id":{"ignore_above":1024,"type":"keyword"}}},"file":{"properties":{"owner":{"ignore_above":1024,"type":"keyword"},"extension":{"ignore_above":1024,"type":"keyword"},"gid":{"ignore_above":1024,"type":"keyword"},"drive_letter":{"ignore_above":1,"type":"keyword"},"created":{"type":"date"},"accessed":{"type":"date"},"mtime":{"type":"date"},"type":{"ignore_above":1024,"type":"keyword"},"directory":{"ignore_above":1024,"type":"keyword"},"target_path":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"inode":{"ignore_above":1024,"type":"keyword"},"mode":{"ignore_above":1024,"type":"keyword"},"path":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"uid":{"ignore_above":1024,"type":"keyword"},"size":{"type":"long"},"name":{"ignore_above":1024,"type":"keyword"},"ctime":{"type":"date"},"attributes":{"ignore_above":1024,"type":"keyword"},"device":{"ignore_above":1024,"type":"keyword"},"hash":{"properties":{"sha1":{"ignore_above":1024,"type":"keyword"},"sha256":{"ignore_above":1024,"type":"keyword"},"sha512":{"ignore_above":1024,"type":"keyword"},"md5":{"ignore_above":1024,"type":"keyword"}}},"group":{"ignore_above":1024,"type":"keyword"}}},"ecs":{"properties":{"version":{"ignore_above":1024,"type":"keyword"}}},"related":{"properties":{"ip":{"type":"ip"},"user":{"ignore_above":1024,"type":"keyword"},"hash":{"ignore_above":1024,"type":"keyword"}}},"host":{"properties":{"geo":{"properties":{"continent_name":{"ignore_above":1024,"type":"keyword"},"region_iso_code":{"ignore_above":1024,"type":"keyword"},"city_name":{"ignore_above":1024,"type":"keyword"},"country_iso_code":{"ignore_above":1024,"type":"keyword"},"country_name":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"type":"keyword"},"location":{"type":"geo_point"},"region_name":{"ignore_above":1024,"type":"keyword"}}},"hostname":{"ignore_above":1024,"type":"keyword"},"os":{"properties":{"kernel":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"family":{"ignore_above":1024,"type":"keyword"},"version":{"ignore_above":1024,"type":"keyword"},"platform":{"ignore_above":1024,"type":"keyword"},"full":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"}}},"domain":{"ignore_above":1024,"type":"keyword"},"ip":{"type":"ip"},"name":{"ignore_above":1024,"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"},"type":{"ignore_above":1024,"type":"keyword"},"user":{"properties":{"full_name":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"domain":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"},"email":{"ignore_above":1024,"type":"keyword"},"hash":{"ignore_above":1024,"type":"keyword"},"group":{"properties":{"domain":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"}}}}},"mac":{"ignore_above":1024,"type":"keyword"},"architecture":{"ignore_above":1024,"type":"keyword"},"uptime":{"type":"long"}}},"client":{"properties":{"nat":{"properties":{"port":{"type":"long"},"ip":{"type":"ip"}}},"address":{"ignore_above":1024,"type":"keyword"},"top_level_domain":{"ignore_above":1024,"type":"keyword"},"ip":{"type":"ip"},"mac":{"ignore_above":1024,"type":"keyword"},"packets":{"type":"long"},"geo":{"properties":{"continent_name":{"ignore_above":1024,"type":"keyword"},"region_iso_code":{"ignore_above":1024,"type":"keyword"},"city_name":{"ignore_above":1024,"type":"keyword"},"country_iso_code":{"ignore_above":1024,"type":"keyword"},"country_name":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"type":"keyword"},"location":{"type":"geo_point"},"region_name":{"ignore_above":1024,"type":"keyword"}}},"as":{"properties":{"number":{"type":"long"},"organization":{"properties":{"name":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"}}}}},"registered_domain":{"ignore_above":1024,"type":"keyword"},"port":{"type":"long"},"bytes":{"type":"long"},"domain":{"ignore_above":1024,"type":"keyword"},"user":{"properties":{"full_name":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"domain":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"},"email":{"ignore_above":1024,"type":"keyword"},"hash":{"ignore_above":1024,"type":"keyword"},"group":{"properties":{"domain":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"}}}}}}},"event":{"properties":{"severity":{"type":"long"},"code":{"ignore_above":1024,"type":"keyword"},"original":{"ignore_above":1024,"index":false,"type":"keyword","doc_values":false},"risk_score":{"type":"float"},"created":{"type":"date"},"kind":{"ignore_above":1024,"type":"keyword"},"timezone":{"ignore_above":1024,"type":"keyword"},"module":{"ignore_above":1024,"type":"keyword"},"start":{"type":"date"},"type":{"ignore_above":1024,"type":"keyword"},"duration":{"type":"long"},"sequence":{"type":"long"},"ingested":{"type":"date"},"provider":{"ignore_above":1024,"type":"keyword"},"risk_score_norm":{"type":"float"},"action":{"ignore_above":1024,"type":"keyword"},"end":{"type":"date"},"id":{"ignore_above":1024,"type":"keyword"},"category":{"ignore_above":1024,"type":"keyword"},"dataset":{"ignore_above":1024,"type":"keyword"},"hash":{"ignore_above":1024,"type":"keyword"},"outcome":{"ignore_above":1024,"type":"keyword"}}},"signal":{"properties":{"parent":{"properties":{"depth":{"type":"long"},"rule":{"type":"keyword"},"index":{"type":"keyword"},"id":{"type":"keyword"},"type":{"type":"keyword"}}},"rule":{"properties":{"note":{"type":"text"},"references":{"type":"keyword"},"description":{"type":"keyword"},"created_at":{"type":"date"},"language":{"type":"keyword"},"output_index":{"type":"keyword"},"type":{"type":"keyword"},"enabled":{"type":"keyword"},"updated_at":{"type":"date"},"from":{"type":"keyword"},"id":{"type":"keyword"},"timeline_id":{"type":"keyword"},"max_signals":{"type":"keyword"},"severity":{"type":"keyword"},"risk_score":{"type":"keyword"},"query":{"type":"keyword"},"index":{"type":"keyword"},"filters":{"type":"object"},"created_by":{"type":"keyword"},"version":{"type":"keyword"},"saved_id":{"type":"keyword"},"tags":{"type":"keyword"},"rule_id":{"type":"keyword"},"immutable":{"type":"keyword"},"size":{"type":"keyword"},"timeline_title":{"type":"keyword"},"name":{"type":"keyword"},"updated_by":{"type":"keyword"},"interval":{"type":"keyword"},"false_positives":{"type":"keyword"},"threat":{"properties":{"framework":{"type":"keyword"},"technique":{"properties":{"reference":{"type":"keyword"},"name":{"type":"keyword"},"id":{"type":"keyword"}}},"tactic":{"properties":{"reference":{"type":"keyword"},"name":{"type":"keyword"},"id":{"type":"keyword"}}}}},"to":{"type":"keyword"}}},"original_time":{"type":"date"},"ancestors":{"properties":{"depth":{"type":"long"},"rule":{"type":"keyword"},"id":{"type":"keyword"},"type":{"type":"keyword"}}},"original_event":{"properties":{"severity":{"type":"long"},"code":{"type":"keyword"},"original":{"index":false,"type":"keyword","doc_values":false},"risk_score":{"type":"float"},"created":{"type":"date"},"kind":{"type":"keyword"},"timezone":{"type":"keyword"},"module":{"type":"keyword"},"start":{"type":"date"},"type":{"type":"keyword"},"duration":{"type":"long"},"sequence":{"type":"long"},"provider":{"type":"keyword"},"risk_score_norm":{"type":"float"},"action":{"type":"keyword"},"end":{"type":"date"},"id":{"type":"keyword"},"category":{"type":"keyword"},"dataset":{"type":"keyword"},"hash":{"type":"keyword"},"outcome":{"type":"keyword"}}},"status":{"type":"keyword"}}},"user_agent":{"properties":{"original":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"os":{"properties":{"kernel":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"family":{"ignore_above":1024,"type":"keyword"},"version":{"ignore_above":1024,"type":"keyword"},"platform":{"ignore_above":1024,"type":"keyword"},"full":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"}}},"name":{"ignore_above":1024,"type":"keyword"},"device":{"properties":{"name":{"ignore_above":1024,"type":"keyword"}}},"version":{"ignore_above":1024,"type":"keyword"}}},"group":{"properties":{"domain":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"}}},"registry":{"properties":{"hive":{"ignore_above":1024,"type":"keyword"},"path":{"ignore_above":1024,"type":"keyword"},"data":{"properties":{"strings":{"ignore_above":1024,"type":"keyword"},"bytes":{"ignore_above":1024,"type":"keyword"},"type":{"ignore_above":1024,"type":"keyword"}}},"value":{"ignore_above":1024,"type":"keyword"},"key":{"ignore_above":1024,"type":"keyword"}}},"process":{"properties":{"parent":{"properties":{"pgid":{"type":"long"},"start":{"type":"date"},"pid":{"type":"long"},"working_directory":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"thread":{"properties":{"name":{"ignore_above":1024,"type":"keyword"},"id":{"type":"long"}}},"title":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"executable":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"ppid":{"type":"long"},"uptime":{"type":"long"},"args":{"ignore_above":1024,"type":"keyword"},"exit_code":{"type":"long"},"name":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"args_count":{"type":"long"},"command_line":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"}}},"pgid":{"type":"long"},"start":{"type":"date"},"pid":{"type":"long"},"working_directory":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"thread":{"properties":{"name":{"ignore_above":1024,"type":"keyword"},"id":{"type":"long"}}},"title":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"executable":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"ppid":{"type":"long"},"uptime":{"type":"long"},"args":{"ignore_above":1024,"type":"keyword"},"exit_code":{"type":"long"},"name":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"args_count":{"type":"long"},"command_line":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"hash":{"properties":{"sha1":{"ignore_above":1024,"type":"keyword"},"sha256":{"ignore_above":1024,"type":"keyword"},"sha512":{"ignore_above":1024,"type":"keyword"},"md5":{"ignore_above":1024,"type":"keyword"}}}}},"package":{"properties":{"installed":{"type":"date"},"build_version":{"ignore_above":1024,"type":"keyword"},"description":{"ignore_above":1024,"type":"keyword"},"type":{"ignore_above":1024,"type":"keyword"},"version":{"ignore_above":1024,"type":"keyword"},"reference":{"ignore_above":1024,"type":"keyword"},"license":{"ignore_above":1024,"type":"keyword"},"path":{"ignore_above":1024,"type":"keyword"},"install_scope":{"ignore_above":1024,"type":"keyword"},"size":{"type":"long"},"checksum":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"type":"keyword"},"architecture":{"ignore_above":1024,"type":"keyword"}}},"os":{"properties":{"kernel":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"family":{"ignore_above":1024,"type":"keyword"},"version":{"ignore_above":1024,"type":"keyword"},"platform":{"ignore_above":1024,"type":"keyword"},"full":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"}}},"dns":{"properties":{"op_code":{"ignore_above":1024,"type":"keyword"},"resolved_ip":{"type":"ip"},"response_code":{"ignore_above":1024,"type":"keyword"},"question":{"properties":{"registered_domain":{"ignore_above":1024,"type":"keyword"},"top_level_domain":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"type":"keyword"},"subdomain":{"ignore_above":1024,"type":"keyword"},"type":{"ignore_above":1024,"type":"keyword"},"class":{"ignore_above":1024,"type":"keyword"}}},"answers":{"type":"object","properties":{"data":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"type":"keyword"},"type":{"ignore_above":1024,"type":"keyword"},"class":{"ignore_above":1024,"type":"keyword"},"ttl":{"type":"long"}}},"header_flags":{"ignore_above":1024,"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"},"type":{"ignore_above":1024,"type":"keyword"}}},"vulnerability":{"properties":{"reference":{"ignore_above":1024,"type":"keyword"},"severity":{"ignore_above":1024,"type":"keyword"},"score":{"properties":{"environmental":{"type":"float"},"version":{"ignore_above":1024,"type":"keyword"},"temporal":{"type":"float"},"base":{"type":"float"}}},"report_id":{"ignore_above":1024,"type":"keyword"},"scanner":{"properties":{"vendor":{"ignore_above":1024,"type":"keyword"}}},"description":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"},"category":{"ignore_above":1024,"type":"keyword"},"classification":{"ignore_above":1024,"type":"keyword"},"enumeration":{"ignore_above":1024,"type":"keyword"}}},"message":{"norms":false,"type":"text"},"url":{"properties":{"extension":{"ignore_above":1024,"type":"keyword"},"original":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"scheme":{"ignore_above":1024,"type":"keyword"},"top_level_domain":{"ignore_above":1024,"type":"keyword"},"query":{"ignore_above":1024,"type":"keyword"},"path":{"ignore_above":1024,"type":"keyword"},"fragment":{"ignore_above":1024,"type":"keyword"},"password":{"ignore_above":1024,"type":"keyword"},"registered_domain":{"ignore_above":1024,"type":"keyword"},"port":{"type":"long"},"domain":{"ignore_above":1024,"type":"keyword"},"full":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"username":{"ignore_above":1024,"type":"keyword"}}},"labels":{"type":"object"},"tags":{"ignore_above":1024,"type":"keyword"},"as":{"properties":{"number":{"type":"long"},"organization":{"p
[00:02:18]                 │ info roperties":{"name":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"}}}}},"@timestamp":{"type":"date"},"service":{"properties":{"node":{"properties":{"name":{"ignore_above":1024,"type":"keyword"}}},"name":{"ignore_above":1024,"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"},"state":{"ignore_above":1024,"type":"keyword"},"ephemeral_id":{"ignore_above":1024,"type":"keyword"},"type":{"ignore_above":1024,"type":"keyword"},"version":{"ignore_above":1024,"type":"keyword"}}},"organization":{"properties":{"name":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"}}},"http":{"properties":{"request":{"properties":{"referrer":{"ignore_above":1024,"type":"keyword"},"method":{"ignore_above":1024,"type":"keyword"},"bytes":{"type":"long"},"body":{"properties":{"bytes":{"type":"long"},"content":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"}}}}},"response":{"properties":{"status_code":{"type":"long"},"bytes":{"type":"long"},"body":{"properties":{"bytes":{"type":"long"},"content":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"}}}}},"version":{"ignore_above":1024,"type":"keyword"}}},"tls":{"properties":{"cipher":{"ignore_above":1024,"type":"keyword"},"established":{"type":"boolean"},"server":{"properties":{"not_after":{"type":"date"},"ja3s":{"ignore_above":1024,"type":"keyword"},"not_before":{"type":"date"},"subject":{"ignore_above":1024,"type":"keyword"},"certificate":{"ignore_above":1024,"type":"keyword"},"certificate_chain":{"ignore_above":1024,"type":"keyword"},"hash":{"properties":{"sha1":{"ignore_above":1024,"type":"keyword"},"sha256":{"ignore_above":1024,"type":"keyword"},"md5":{"ignore_above":1024,"type":"keyword"}}},"issuer":{"ignore_above":1024,"type":"keyword"}}},"curve":{"ignore_above":1024,"type":"keyword"},"client":{"properties":{"not_after":{"type":"date"},"server_name":{"ignore_above":1024,"type":"keyword"},"not_before":{"type":"date"},"subject":{"ignore_above":1024,"type":"keyword"},"supported_ciphers":{"ignore_above":1024,"type":"keyword"},"certificate":{"ignore_above":1024,"type":"keyword"},"ja3":{"ignore_above":1024,"type":"keyword"},"certificate_chain":{"ignore_above":1024,"type":"keyword"},"hash":{"properties":{"sha1":{"ignore_above":1024,"type":"keyword"},"sha256":{"ignore_above":1024,"type":"keyword"},"md5":{"ignore_above":1024,"type":"keyword"}}},"issuer":{"ignore_above":1024,"type":"keyword"}}},"next_protocol":{"ignore_above":1024,"type":"keyword"},"resumed":{"type":"boolean"},"version":{"ignore_above":1024,"type":"keyword"},"version_protocol":{"ignore_above":1024,"type":"keyword"}}},"threat":{"properties":{"framework":{"ignore_above":1024,"type":"keyword"},"technique":{"properties":{"reference":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"}}},"tactic":{"properties":{"reference":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"}}}}},"user":{"properties":{"full_name":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"domain":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"},"email":{"ignore_above":1024,"type":"keyword"},"hash":{"ignore_above":1024,"type":"keyword"},"group":{"properties":{"domain":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"}}}}},"hash":{"properties":{"sha1":{"ignore_above":1024,"type":"keyword"},"sha256":{"ignore_above":1024,"type":"keyword"},"sha512":{"ignore_above":1024,"type":"keyword"},"md5":{"ignore_above":1024,"type":"keyword"}}},"transaction":{"properties":{"id":{"ignore_above":1024,"type":"keyword"}}}}}},"aliases":{}}}]
[00:02:18]                 │ info [o.e.c.m.MetadataCreateIndexService] [kibana-ci-immutable-ubuntu-16-tests-xl-1587056632249124530] [.siem-signals-default-000001] creating index, cause [api], templates [.siem-signals-default], shards [1]/[1], mappings [_doc]
[00:02:18]                 │ info [o.e.x.i.IndexLifecycleTransition] [kibana-ci-immutable-ubuntu-16-tests-xl-1587056632249124530] moving index [.siem-signals-default-000001] from [null] to [{"phase":"new","action":"complete","name":"complete"}] in policy [.siem-signals-default]
[00:02:18]                 │ info [o.e.x.i.IndexLifecycleTransition] [kibana-ci-immutable-ubuntu-16-tests-xl-1587056632249124530] moving index [.siem-signals-default-000001] from [{"phase":"new","action":"complete","name":"complete"}] to [{"phase":"hot","action":"unfollow","name":"wait-for-indexing-complete"}] in policy [.siem-signals-default]
[00:02:18]               │ info [o.e.x.i.IndexLifecycleTransition] [kibana-ci-immutable-ubuntu-16-tests-xl-1587056632249124530] moving index [.siem-signals-default-000001] from [{"phase":"hot","action":"unfollow","name":"wait-for-indexing-complete"}] to [{"phase":"hot","action":"unfollow","name":"wait-for-follow-shard-tasks"}] in policy [.siem-signals-default]
[00:02:18]               └- ✓ pass  (74ms) "detection engine api security and spaces enabled find_statuses should return an empty find statuses body correctly if no statuses are loaded"
[00:02:18]             └-> "after each" hook
[00:02:18]               │ info [o.e.c.m.MetadataDeleteIndexService] [kibana-ci-immutable-ubuntu-16-tests-xl-1587056632249124530] [.siem-signals-default-000001/Rulw9F7zSaK0pkOyGaQZNw] deleting index
[00:02:18]               │ info [o.e.c.m.MetadataIndexTemplateService] [kibana-ci-immutable-ubuntu-16-tests-xl-1587056632249124530] removing template [.siem-signals-default]
[00:02:19]             └-> should return a single rule status when a single rule is loaded from a find status with defaults added
[00:02:19]               └-> "before each" hook: global before each
[00:02:19]               └-> "before each" hook
[00:02:19]                 │ info [o.e.x.i.a.TransportPutLifecycleAction] [kibana-ci-immutable-ubuntu-16-tests-xl-1587056632249124530] adding index lifecycle policy [.siem-signals-default]
[00:02:19]                 │ info [o.e.c.m.MetadataIndexTemplateService] [kibana-ci-immutable-ubuntu-16-tests-xl-1587056632249124530] adding template [.siem-signals-default] for index patterns [.siem-signals-default-*]
[00:02:19]                 │ info [o.e.c.m.MetadataCreateIndexService] [kibana-ci-immutable-ubuntu-16-tests-xl-1587056632249124530] applying create index request using v1 templates [{".siem-signals-default":{"order":0,"index_patterns":[".siem-signals-default-*"],"settings":{"index":{"lifecycle":{"name":".siem-signals-default","rollover_alias":".siem-signals-default"}}},"mappings":{"_doc":{"dynamic":false,"properties":{"container":{"properties":{"image":{"properties":{"name":{"ignore_above":1024,"type":"keyword"},"tag":{"ignore_above":1024,"type":"keyword"}}},"name":{"ignore_above":1024,"type":"keyword"},"runtime":{"ignore_above":1024,"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"},"labels":{"type":"object"}}},"server":{"properties":{"nat":{"properties":{"port":{"type":"long"},"ip":{"type":"ip"}}},"address":{"ignore_above":1024,"type":"keyword"},"top_level_domain":{"ignore_above":1024,"type":"keyword"},"ip":{"type":"ip"},"mac":{"ignore_above":1024,"type":"keyword"},"packets":{"type":"long"},"geo":{"properties":{"continent_name":{"ignore_above":1024,"type":"keyword"},"region_iso_code":{"ignore_above":1024,"type":"keyword"},"city_name":{"ignore_above":1024,"type":"keyword"},"country_iso_code":{"ignore_above":1024,"type":"keyword"},"country_name":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"type":"keyword"},"location":{"type":"geo_point"},"region_name":{"ignore_above":1024,"type":"keyword"}}},"as":{"properties":{"number":{"type":"long"},"organization":{"properties":{"name":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"}}}}},"registered_domain":{"ignore_above":1024,"type":"keyword"},"port":{"type":"long"},"bytes":{"type":"long"},"domain":{"ignore_above":1024,"type":"keyword"},"user":{"properties":{"full_name":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"domain":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"},"email":{"ignore_above":1024,"type":"keyword"},"hash":{"ignore_above":1024,"type":"keyword"},"group":{"properties":{"domain":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"}}}}}}},"agent":{"properties":{"name":{"ignore_above":1024,"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"},"ephemeral_id":{"ignore_above":1024,"type":"keyword"},"type":{"ignore_above":1024,"type":"keyword"},"version":{"ignore_above":1024,"type":"keyword"}}},"log":{"properties":{"original":{"ignore_above":1024,"index":false,"type":"keyword","doc_values":false},"level":{"ignore_above":1024,"type":"keyword"},"logger":{"ignore_above":1024,"type":"keyword"},"origin":{"properties":{"file":{"properties":{"line":{"type":"integer"},"name":{"ignore_above":1024,"type":"keyword"}}},"function":{"ignore_above":1024,"type":"keyword"}}},"syslog":{"type":"object","properties":{"severity":{"properties":{"code":{"type":"long"},"name":{"ignore_above":1024,"type":"keyword"}}},"priority":{"type":"long"},"facility":{"properties":{"code":{"type":"long"},"name":{"ignore_above":1024,"type":"keyword"}}}}}}},"destination":{"properties":{"nat":{"properties":{"port":{"type":"long"},"ip":{"type":"ip"}}},"address":{"ignore_above":1024,"type":"keyword"},"top_level_domain":{"ignore_above":1024,"type":"keyword"},"ip":{"type":"ip"},"mac":{"ignore_above":1024,"type":"keyword"},"packets":{"type":"long"},"geo":{"properties":{"continent_name":{"ignore_above":1024,"type":"keyword"},"region_iso_code":{"ignore_above":1024,"type":"keyword"},"city_name":{"ignore_above":1024,"type":"keyword"},"country_iso_code":{"ignore_above":1024,"type":"keyword"},"country_name":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"type":"keyword"},"location":{"type":"geo_point"},"region_name":{"ignore_above":1024,"type":"keyword"}}},"as":{"properties":{"number":{"type":"long"},"organization":{"properties":{"name":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"}}}}},"registered_domain":{"ignore_above":1024,"type":"keyword"},"port":{"type":"long"},"bytes":{"type":"long"},"domain":{"ignore_above":1024,"type":"keyword"},"user":{"properties":{"full_name":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"domain":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"},"email":{"ignore_above":1024,"type":"keyword"},"hash":{"ignore_above":1024,"type":"keyword"},"group":{"properties":{"domain":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"}}}}}}},"rule":{"properties":{"reference":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"type":"keyword"},"ruleset":{"ignore_above":1024,"type":"keyword"},"description":{"ignore_above":1024,"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"},"category":{"ignore_above":1024,"type":"keyword"},"uuid":{"ignore_above":1024,"type":"keyword"},"version":{"ignore_above":1024,"type":"keyword"}}},"source":{"properties":{"nat":{"properties":{"port":{"type":"long"},"ip":{"type":"ip"}}},"address":{"ignore_above":1024,"type":"keyword"},"top_level_domain":{"ignore_above":1024,"type":"keyword"},"ip":{"type":"ip"},"mac":{"ignore_above":1024,"type":"keyword"},"packets":{"type":"long"},"geo":{"properties":{"continent_name":{"ignore_above":1024,"type":"keyword"},"region_iso_code":{"ignore_above":1024,"type":"keyword"},"city_name":{"ignore_above":1024,"type":"keyword"},"country_iso_code":{"ignore_above":1024,"type":"keyword"},"country_name":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"type":"keyword"},"location":{"type":"geo_point"},"region_name":{"ignore_above":1024,"type":"keyword"}}},"as":{"properties":{"number":{"type":"long"},"organization":{"properties":{"name":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"}}}}},"registered_domain":{"ignore_above":1024,"type":"keyword"},"port":{"type":"long"},"bytes":{"type":"long"},"domain":{"ignore_above":1024,"type":"keyword"},"user":{"properties":{"full_name":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"domain":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"},"email":{"ignore_above":1024,"type":"keyword"},"hash":{"ignore_above":1024,"type":"keyword"},"group":{"properties":{"domain":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"}}}}}}},"error":{"properties":{"code":{"ignore_above":1024,"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"},"stack_trace":{"ignore_above":1024,"index":false,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword","doc_values":false},"message":{"norms":false,"type":"text"},"type":{"ignore_above":1024,"type":"keyword"}}},"network":{"properties":{"community_id":{"ignore_above":1024,"type":"keyword"},"forwarded_ip":{"type":"ip"},"protocol":{"ignore_above":1024,"type":"keyword"},"application":{"ignore_above":1024,"type":"keyword"},"bytes":{"type":"long"},"name":{"ignore_above":1024,"type":"keyword"},"transport":{"ignore_above":1024,"type":"keyword"},"type":{"ignore_above":1024,"type":"keyword"},"iana_number":{"ignore_above":1024,"type":"keyword"},"packets":{"type":"long"},"direction":{"ignore_above":1024,"type":"keyword"}}},"cloud":{"properties":{"availability_zone":{"ignore_above":1024,"type":"keyword"},"instance":{"properties":{"name":{"ignore_above":1024,"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"}}},"provider":{"ignore_above":1024,"type":"keyword"},"machine":{"properties":{"type":{"ignore_above":1024,"type":"keyword"}}},"region":{"ignore_above":1024,"type":"keyword"},"account":{"properties":{"id":{"ignore_above":1024,"type":"keyword"}}}}},"geo":{"properties":{"con
[00:02:19]                 │ info tinent_name":{"ignore_above":1024,"type":"keyword"},"region_iso_code":{"ignore_above":1024,"type":"keyword"},"city_name":{"ignore_above":1024,"type":"keyword"},"country_iso_code":{"ignore_above":1024,"type":"keyword"},"country_name":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"type":"keyword"},"location":{"type":"geo_point"},"region_name":{"ignore_above":1024,"type":"keyword"}}},"observer":{"properties":{"geo":{"properties":{"continent_name":{"ignore_above":1024,"type":"keyword"},"region_iso_code":{"ignore_above":1024,"type":"keyword"},"city_name":{"ignore_above":1024,"type":"keyword"},"country_iso_code":{"ignore_above":1024,"type":"keyword"},"country_name":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"type":"keyword"},"location":{"type":"geo_point"},"region_name":{"ignore_above":1024,"type":"keyword"}}},"hostname":{"ignore_above":1024,"type":"keyword"},"product":{"ignore_above":1024,"type":"keyword"},"os":{"properties":{"kernel":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"family":{"ignore_above":1024,"type":"keyword"},"version":{"ignore_above":1024,"type":"keyword"},"platform":{"ignore_above":1024,"type":"keyword"},"full":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"}}},"vendor":{"ignore_above":1024,"type":"keyword"},"ip":{"type":"ip"},"name":{"ignore_above":1024,"type":"keyword"},"serial_number":{"ignore_above":1024,"type":"keyword"},"type":{"ignore_above":1024,"type":"keyword"},"version":{"ignore_above":1024,"type":"keyword"},"mac":{"ignore_above":1024,"type":"keyword"}}},"trace":{"properties":{"id":{"ignore_above":1024,"type":"keyword"}}},"file":{"properties":{"owner":{"ignore_above":1024,"type":"keyword"},"extension":{"ignore_above":1024,"type":"keyword"},"gid":{"ignore_above":1024,"type":"keyword"},"drive_letter":{"ignore_above":1,"type":"keyword"},"created":{"type":"date"},"accessed":{"type":"date"},"mtime":{"type":"date"},"type":{"ignore_above":1024,"type":"keyword"},"directory":{"ignore_above":1024,"type":"keyword"},"target_path":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"inode":{"ignore_above":1024,"type":"keyword"},"mode":{"ignore_above":1024,"type":"keyword"},"path":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"uid":{"ignore_above":1024,"type":"keyword"},"size":{"type":"long"},"name":{"ignore_above":1024,"type":"keyword"},"ctime":{"type":"date"},"attributes":{"ignore_above":1024,"type":"keyword"},"device":{"ignore_above":1024,"type":"keyword"},"hash":{"properties":{"sha1":{"ignore_above":1024,"type":"keyword"},"sha256":{"ignore_above":1024,"type":"keyword"},"sha512":{"ignore_above":1024,"type":"keyword"},"md5":{"ignore_above":1024,"type":"keyword"}}},"group":{"ignore_above":1024,"type":"keyword"}}},"ecs":{"properties":{"version":{"ignore_above":1024,"type":"keyword"}}},"related":{"properties":{"ip":{"type":"ip"},"user":{"ignore_above":1024,"type":"keyword"},"hash":{"ignore_above":1024,"type":"keyword"}}},"host":{"properties":{"geo":{"properties":{"continent_name":{"ignore_above":1024,"type":"keyword"},"region_iso_code":{"ignore_above":1024,"type":"keyword"},"city_name":{"ignore_above":1024,"type":"keyword"},"country_iso_code":{"ignore_above":1024,"type":"keyword"},"country_name":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"type":"keyword"},"location":{"type":"geo_point"},"region_name":{"ignore_above":1024,"type":"keyword"}}},"hostname":{"ignore_above":1024,"type":"keyword"},"os":{"properties":{"kernel":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"family":{"ignore_above":1024,"type":"keyword"},"version":{"ignore_above":1024,"type":"keyword"},"platform":{"ignore_above":1024,"type":"keyword"},"full":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"}}},"domain":{"ignore_above":1024,"type":"keyword"},"ip":{"type":"ip"},"name":{"ignore_above":1024,"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"},"type":{"ignore_above":1024,"type":"keyword"},"user":{"properties":{"full_name":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"domain":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"},"email":{"ignore_above":1024,"type":"keyword"},"hash":{"ignore_above":1024,"type":"keyword"},"group":{"properties":{"domain":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"}}}}},"mac":{"ignore_above":1024,"type":"keyword"},"architecture":{"ignore_above":1024,"type":"keyword"},"uptime":{"type":"long"}}},"client":{"properties":{"nat":{"properties":{"port":{"type":"long"},"ip":{"type":"ip"}}},"address":{"ignore_above":1024,"type":"keyword"},"top_level_domain":{"ignore_above":1024,"type":"keyword"},"ip":{"type":"ip"},"mac":{"ignore_above":1024,"type":"keyword"},"packets":{"type":"long"},"geo":{"properties":{"continent_name":{"ignore_above":1024,"type":"keyword"},"region_iso_code":{"ignore_above":1024,"type":"keyword"},"city_name":{"ignore_above":1024,"type":"keyword"},"country_iso_code":{"ignore_above":1024,"type":"keyword"},"country_name":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"type":"keyword"},"location":{"type":"geo_point"},"region_name":{"ignore_above":1024,"type":"keyword"}}},"as":{"properties":{"number":{"type":"long"},"organization":{"properties":{"name":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"}}}}},"registered_domain":{"ignore_above":1024,"type":"keyword"},"port":{"type":"long"},"bytes":{"type":"long"},"domain":{"ignore_above":1024,"type":"keyword"},"user":{"properties":{"full_name":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"domain":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"},"email":{"ignore_above":1024,"type":"keyword"},"hash":{"ignore_above":1024,"type":"keyword"},"group":{"properties":{"domain":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"}}}}}}},"event":{"properties":{"severity":{"type":"long"},"code":{"ignore_above":1024,"type":"keyword"},"original":{"ignore_above":1024,"index":false,"type":"keyword","doc_values":false},"risk_score":{"type":"float"},"created":{"type":"date"},"kind":{"ignore_above":1024,"type":"keyword"},"timezone":{"ignore_above":1024,"type":"keyword"},"module":{"ignore_above":1024,"type":"keyword"},"start":{"type":"date"},"type":{"ignore_above":1024,"type":"keyword"},"duration":{"type":"long"},"sequence":{"type":"long"},"ingested":{"type":"date"},"provider":{"ignore_above":1024,"type":"keyword"},"risk_score_norm":{"type":"float"},"action":{"ignore_above":1024,"type":"keyword"},"end":{"type":"date"},"id":{"ignore_above":1024,"type":"keyword"},"category":{"ignore_above":1024,"type":"keyword"},"dataset":{"ignore_above":1024,"type":"keyword"},"hash":{"ignore_above":1024,"type":"keyword"},"outcome":{"ignore_above":1024,"type":"keyword"}}},"signal":{"properties":{"parent":{"properties":{"depth":{"type":"long"},"rule":{"type":"keyword"},"index":{"type":"keyword"},"id":{"type":"keyword"},"type":{"type":"keyword"}}},"rule":{"properties":{"note":{"type":"text"},"references":{"type":"keyword"},"description":{"type":"keyword"},"created_at":{"type":"date"},"language":{"type":"keyword"},"output_index":{"type":"keyword"},"type":{"type":"keyword"},"enabled":{"type":"keyword"},"updated_at":{"type":"date"},"from":{"type":"keyword"},"id":{"type":"keyword"},"timeline_id":{"type":"keyword"},"max_signals":{"type":"keyword"},"severity":{"type":"keyword"},"risk_score":{"type":"keyword"},"query":{"type":"keyword"},"index":{"type":"keyword"},"filters":{"type":"object"},"c
[00:02:19]                 │ info reated_by":{"type":"keyword"},"version":{"type":"keyword"},"saved_id":{"type":"keyword"},"tags":{"type":"keyword"},"rule_id":{"type":"keyword"},"immutable":{"type":"keyword"},"size":{"type":"keyword"},"timeline_title":{"type":"keyword"},"name":{"type":"keyword"},"updated_by":{"type":"keyword"},"interval":{"type":"keyword"},"false_positives":{"type":"keyword"},"threat":{"properties":{"framework":{"type":"keyword"},"technique":{"properties":{"reference":{"type":"keyword"},"name":{"type":"keyword"},"id":{"type":"keyword"}}},"tactic":{"properties":{"reference":{"type":"keyword"},"name":{"type":"keyword"},"id":{"type":"keyword"}}}}},"to":{"type":"keyword"}}},"original_time":{"type":"date"},"ancestors":{"properties":{"depth":{"type":"long"},"rule":{"type":"keyword"},"id":{"type":"keyword"},"type":{"type":"keyword"}}},"original_event":{"properties":{"severity":{"type":"long"},"code":{"type":"keyword"},"original":{"index":false,"type":"keyword","doc_values":false},"risk_score":{"type":"float"},"created":{"type":"date"},"kind":{"type":"keyword"},"timezone":{"type":"keyword"},"module":{"type":"keyword"},"start":{"type":"date"},"type":{"type":"keyword"},"duration":{"type":"long"},"sequence":{"type":"long"},"provider":{"type":"keyword"},"risk_score_norm":{"type":"float"},"action":{"type":"keyword"},"end":{"type":"date"},"id":{"type":"keyword"},"category":{"type":"keyword"},"dataset":{"type":"keyword"},"hash":{"type":"keyword"},"outcome":{"type":"keyword"}}},"status":{"type":"keyword"}}},"user_agent":{"properties":{"original":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"os":{"properties":{"kernel":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"family":{"ignore_above":1024,"type":"keyword"},"version":{"ignore_above":1024,"type":"keyword"},"platform":{"ignore_above":1024,"type":"keyword"},"full":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"}}},"name":{"ignore_above":1024,"type":"keyword"},"device":{"properties":{"name":{"ignore_above":1024,"type":"keyword"}}},"version":{"ignore_above":1024,"type":"keyword"}}},"group":{"properties":{"domain":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"}}},"registry":{"properties":{"hive":{"ignore_above":1024,"type":"keyword"},"path":{"ignore_above":1024,"type":"keyword"},"data":{"properties":{"strings":{"ignore_above":1024,"type":"keyword"},"bytes":{"ignore_above":1024,"type":"keyword"},"type":{"ignore_above":1024,"type":"keyword"}}},"value":{"ignore_above":1024,"type":"keyword"},"key":{"ignore_above":1024,"type":"keyword"}}},"process":{"properties":{"parent":{"properties":{"pgid":{"type":"long"},"start":{"type":"date"},"pid":{"type":"long"},"working_directory":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"thread":{"properties":{"name":{"ignore_above":1024,"type":"keyword"},"id":{"type":"long"}}},"title":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"executable":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"ppid":{"type":"long"},"uptime":{"type":"long"},"args":{"ignore_above":1024,"type":"keyword"},"exit_code":{"type":"long"},"name":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"args_count":{"type":"long"},"command_line":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"}}},"pgid":{"type":"long"},"start":{"type":"date"},"pid":{"type":"long"},"working_directory":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"thread":{"properties":{"name":{"ignore_above":1024,"type":"keyword"},"id":{"type":"long"}}},"title":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"executable":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"ppid":{"type":"long"},"uptime":{"type":"long"},"args":{"ignore_above":1024,"type":"keyword"},"exit_code":{"type":"long"},"name":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"args_count":{"type":"long"},"command_line":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"hash":{"properties":{"sha1":{"ignore_above":1024,"type":"keyword"},"sha256":{"ignore_above":1024,"type":"keyword"},"sha512":{"ignore_above":1024,"type":"keyword"},"md5":{"ignore_above":1024,"type":"keyword"}}}}},"package":{"properties":{"installed":{"type":"date"},"build_version":{"ignore_above":1024,"type":"keyword"},"description":{"ignore_above":1024,"type":"keyword"},"type":{"ignore_above":1024,"type":"keyword"},"version":{"ignore_above":1024,"type":"keyword"},"reference":{"ignore_above":1024,"type":"keyword"},"license":{"ignore_above":1024,"type":"keyword"},"path":{"ignore_above":1024,"type":"keyword"},"install_scope":{"ignore_above":1024,"type":"keyword"},"size":{"type":"long"},"checksum":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"type":"keyword"},"architecture":{"ignore_above":1024,"type":"keyword"}}},"os":{"properties":{"kernel":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"family":{"ignore_above":1024,"type":"keyword"},"version":{"ignore_above":1024,"type":"keyword"},"platform":{"ignore_above":1024,"type":"keyword"},"full":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"}}},"dns":{"properties":{"op_code":{"ignore_above":1024,"type":"keyword"},"resolved_ip":{"type":"ip"},"response_code":{"ignore_above":1024,"type":"keyword"},"question":{"properties":{"registered_domain":{"ignore_above":1024,"type":"keyword"},"top_level_domain":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"type":"keyword"},"subdomain":{"ignore_above":1024,"type":"keyword"},"type":{"ignore_above":1024,"type":"keyword"},"class":{"ignore_above":1024,"type":"keyword"}}},"answers":{"type":"object","properties":{"data":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"type":"keyword"},"type":{"ignore_above":1024,"type":"keyword"},"class":{"ignore_above":1024,"type":"keyword"},"ttl":{"type":"long"}}},"header_flags":{"ignore_above":1024,"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"},"type":{"ignore_above":1024,"type":"keyword"}}},"vulnerability":{"properties":{"reference":{"ignore_above":1024,"type":"keyword"},"severity":{"ignore_above":1024,"type":"keyword"},"score":{"properties":{"environmental":{"type":"float"},"version":{"ignore_above":1024,"type":"keyword"},"temporal":{"type":"float"},"base":{"type":"float"}}},"report_id":{"ignore_above":1024,"type":"keyword"},"scanner":{"properties":{"vendor":{"ignore_above":1024,"type":"keyword"}}},"description":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"},"category":{"ignore_above":1024,"type":"keyword"},"classification":{"ignore_above":1024,"type":"keyword"},"enumeration":{"ignore_above":1024,"type":"keyword"}}},"message":{"norms":false,"type":"text"},"url":{"properties":{"extension":{"ignore_above":1024,"type":"keyword"},"original":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"scheme":{"ignore_above":1024,"type":"keyword"},"top_level_domain":{"ignore_above":1024,"type":"keyword"},"query":{"ignore_above":1024,"type":"keyword"},"path":{"ignore_above":1024,"type":"keyword"},"fragment":{"ignore_above":1024,"type":"keyword"},"password":{"ignore_above":1024,"type":"keyword"},"registered_domain":{"ignore_above":1024,"type":"keyword"},"port":{"type":"long"},"domain":{"ignore_above":1024,"type":"keyword"},"full":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"username":{"ignore_above":1024,"type":"keyword"}}},"labels":{"type":"object"},"tags":{"ignore_above":1024,"type":"keyword"},"as":{"properties":{"number":{"type":"long"},"organization":{"p
[00:02:19]                 │ info roperties":{"name":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"}}}}},"@timestamp":{"type":"date"},"service":{"properties":{"node":{"properties":{"name":{"ignore_above":1024,"type":"keyword"}}},"name":{"ignore_above":1024,"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"},"state":{"ignore_above":1024,"type":"keyword"},"ephemeral_id":{"ignore_above":1024,"type":"keyword"},"type":{"ignore_above":1024,"type":"keyword"},"version":{"ignore_above":1024,"type":"keyword"}}},"organization":{"properties":{"name":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"}}},"http":{"properties":{"request":{"properties":{"referrer":{"ignore_above":1024,"type":"keyword"},"method":{"ignore_above":1024,"type":"keyword"},"bytes":{"type":"long"},"body":{"properties":{"bytes":{"type":"long"},"content":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"}}}}},"response":{"properties":{"status_code":{"type":"long"},"bytes":{"type":"long"},"body":{"properties":{"bytes":{"type":"long"},"content":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"}}}}},"version":{"ignore_above":1024,"type":"keyword"}}},"tls":{"properties":{"cipher":{"ignore_above":1024,"type":"keyword"},"established":{"type":"boolean"},"server":{"properties":{"not_after":{"type":"date"},"ja3s":{"ignore_above":1024,"type":"keyword"},"not_before":{"type":"date"},"subject":{"ignore_above":1024,"type":"keyword"},"certificate":{"ignore_above":1024,"type":"keyword"},"certificate_chain":{"ignore_above":1024,"type":"keyword"},"hash":{"properties":{"sha1":{"ignore_above":1024,"type":"keyword"},"sha256":{"ignore_above":1024,"type":"keyword"},"md5":{"ignore_above":1024,"type":"keyword"}}},"issuer":{"ignore_above":1024,"type":"keyword"}}},"curve":{"ignore_above":1024,"type":"keyword"},"client":{"properties":{"not_after":{"type":"date"},"server_name":{"ignore_above":1024,"type":"keyword"},"not_before":{"type":"date"},"subject":{"ignore_above":1024,"type":"keyword"},"supported_ciphers":{"ignore_above":1024,"type":"keyword"},"certificate":{"ignore_above":1024,"type":"keyword"},"ja3":{"ignore_above":1024,"type":"keyword"},"certificate_chain":{"ignore_above":1024,"type":"keyword"},"hash":{"properties":{"sha1":{"ignore_above":1024,"type":"keyword"},"sha256":{"ignore_above":1024,"type":"keyword"},"md5":{"ignore_above":1024,"type":"keyword"}}},"issuer":{"ignore_above":1024,"type":"keyword"}}},"next_protocol":{"ignore_above":1024,"type":"keyword"},"resumed":{"type":"boolean"},"version":{"ignore_above":1024,"type":"keyword"},"version_protocol":{"ignore_above":1024,"type":"keyword"}}},"threat":{"properties":{"framework":{"ignore_above":1024,"type":"keyword"},"technique":{"properties":{"reference":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"}}},"tactic":{"properties":{"reference":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"}}}}},"user":{"properties":{"full_name":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"domain":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"},"email":{"ignore_above":1024,"type":"keyword"},"hash":{"ignore_above":1024,"type":"keyword"},"group":{"properties":{"domain":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"}}}}},"hash":{"properties":{"sha1":{"ignore_above":1024,"type":"keyword"},"sha256":{"ignore_above":1024,"type":"keyword"},"sha512":{"ignore_above":1024,"type":"keyword"},"md5":{"ignore_above":1024,"type":"keyword"}}},"transaction":{"properties":{"id":{"ignore_above":1024,"type":"keyword"}}}}}},"aliases":{}}}]
[00:02:19]                 │ info [o.e.c.m.MetadataCreateIndexService] [kibana-ci-immutable-ubuntu-16-tests-xl-1587056632249124530] [.siem-signals-default-000001] creating index, cause [api], templates [.siem-signals-default], shards [1]/[1], mappings [_doc]
[00:02:19]                 │ info [o.e.x.i.IndexLifecycleTransition] [kibana-ci-immutable-ubuntu-16-tests-xl-1587056632249124530] moving index [.siem-signals-default-000001] from [null] to [{"phase":"new","action":"complete","name":"complete"}] in policy [.siem-signals-default]
[00:02:19]                 │ info [o.e.x.i.IndexLifecycleTransition] [kibana-ci-immutable-ubuntu-16-tests-xl-1587056632249124530] moving index [.siem-signals-default-000001] from [{"phase":"new","action":"complete","name":"complete"}] to [{"phase":"hot","action":"unfollow","name":"wait-for-indexing-complete"}] in policy [.siem-signals-default]
[00:02:19]               │ info [o.e.x.i.IndexLifecycleTransition] [kibana-ci-immutable-ubuntu-16-tests-xl-1587056632249124530] moving index [.siem-signals-default-000001] from [{"phase":"hot","action":"unfollow","name":"wait-for-indexing-complete"}] to [{"phase":"hot","action":"unfollow","name":"wait-for-follow-shard-tasks"}] in policy [.siem-signals-default]
[00:02:24]               └- ✖ fail: "detection engine api security and spaces enabled find_statuses should return a single rule status when a single rule is loaded from a find status with defaults added"
[00:02:24]               │

Stack Trace

TypeError: Cannot read property 'status' of null
    at Promise.then (test/detection_engine_api_integration/security_and_spaces/tests/find_statuses.ts:62:90)

History

💔 Build #41291 failed c99b360
💚 Build #41076 succeeded a29a22f
💔 Build #40963 failed f00bcbb
💔 Build #40819 failed 72e1c5e
💔 Build #40817 failed 8b5182d

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

* Added link to Policy status that updates URL and show details panel * Custom Styled Flyout Panel sub-header component to display sub-headers * Move Middleware spy utils under `store/` for re-use * Changed `appStoreFactory()` to accept optional `additionalMiddleware` prop * `waitForAction` middleware test utility now return Action on Promise resolve * Updated PageView component to remove bottom margin

* master: (40 commits) [APM]Upgrade apm-rum agent to latest version to fix full page reload (elastic#63723) add deprecation warning for legacy 3rd party plugins (elastic#62401) Migrate timelion vis (elastic#62819) Replacebad scope link with actual values (elastic#63444) Index pattern management UI -> TypeScript and New Platform Ready (create_index_pattern_wizard) (elastic#63111) [SIEM] Threat hunting enhancements: Filter for/out value, Show top field, Copy to Clipboard, Draggable chart legends (elastic#61207) [Maps] fix term join agg key collision (elastic#63324) [Ingest] Fix agent config key sorting (elastic#63488) [Monitoring] Fixed server response errors (elastic#63181) update elastic charts to 18.3.0 (elastic#63732) Start services (elastic#63720) [APM] Encode spaces when creating ML job (elastic#63683) Uptime 7.7 docs (elastic#62228) [DOCS] Updates remote cluster and ccr docs (elastic#63517) [Maps] Add 3rd party vector tile support (elastic#62084) [Endpoint][EPM] Retrieve Index Pattern from Ingest Manager (elastic#63016) [Endpoint] Host Details Policy Response Panel (elastic#63518) [Uptime] Certificate expiration threshold settings (elastic#63682) Refactor saved object types to use `namespaceType` (elastic#63217) [SIEM][CASE] Create comments sequentially (elastic#63692) ...

* Added link to Policy status that updates URL and show details panel * Custom Styled Flyout Panel sub-header component to display sub-headers * Move Middleware spy utils under `store/` for re-use * Changed `appStoreFactory()` to accept optional `additionalMiddleware` prop * `waitForAction` middleware test utility now return Action on Promise resolve * Updated PageView component to remove bottom margin

paul-tavares added 4 commits April 14, 2020 12:53

File/code restructure + policy response component placeholder

9950f9b

Added link to Policy status that updates URL and show details panel

a79bc42

Policy Response panel title + back to details link

a6ea3fa

Move sub-panel title to EuiFlyoutHeader

9e6c3f5

paul-tavares self-assigned this Apr 14, 2020

paul-tavares added Feature:Endpoint Elastic Endpoint feature Team:Endpoint Management v7.8.0 v8.0.0 labels Apr 14, 2020

paul-tavares added the release_note:skip Skip the PR/issue when compiling release notes label Apr 14, 2020

paul-tavares added 3 commits April 14, 2020 15:55

label change

ed9f2c5

Custom Styled Flyout Panel sub-header component

8b5182d

Fix type

72e1c5e

oatkiller reviewed Apr 15, 2020

View reviewed changes

paul-tavares added 2 commits April 15, 2020 09:24

Move Middleware spy utils under store/ for re-use

0c9df52

Changed appStoreFactory() to accept optional additionalMiddleware…

f00bcbb

… prop

paul-tavares commented Apr 15, 2020

View reviewed changes

paul-tavares added 5 commits April 15, 2020 15:13

waitForAction middleware test utility now return Action on Promise …

9b45f61

…resolve

Test cases for Host Details Policy Response panel

11e6f0c

Fix Functional test case

135e014

Merge remote-tracking branch 'upstream/master' into task/EMT-163-poli…

469655f

…cy-Response-panel # Conflicts: # x-pack/plugins/endpoint/public/applications/endpoint/store/policy_list/index.test.ts # x-pack/plugins/endpoint/public/applications/endpoint/store/policy_list/test_mock_utils.ts

Fixes post-master merge

a29a22f

paul-tavares marked this pull request as ready for review April 15, 2020 19:54

paul-tavares requested a review from a team as a code owner April 15, 2020 19:54

paul-tavares commented Apr 16, 2020

View reviewed changes

parkiino reviewed Apr 16, 2020

View reviewed changes

Simplified the types for waitForAction

9069a40

paul-tavares added 2 commits April 16, 2020 11:11

Updated PageView component to remove bottom margin

9bfbb22

Merge remote-tracking branch 'upstream/master' into task/EMT-163-poli…

c99b360

…cy-Response-panel

parkiino approved these changes Apr 16, 2020

View reviewed changes

paul-tavares merged commit cae0c96 into elastic:master Apr 16, 2020

paul-tavares deleted the task/EMT-163-policy-Response-panel branch April 16, 2020 20:17

paul-tavares mentioned this pull request Apr 16, 2020

[7.x] [Endpoint] Host Details Policy Response Panel (#63518) #63759

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Endpoint] Host Details Policy Response Panel #63518

[Endpoint] Host Details Policy Response Panel #63518

paul-tavares commented Apr 14, 2020 •

edited

Loading

elasticmachine commented Apr 14, 2020

elasticmachine commented Apr 14, 2020

oatkiller Apr 15, 2020

paul-tavares Apr 15, 2020

oatkiller Apr 15, 2020

paul-tavares Apr 15, 2020

kevinlog Apr 15, 2020

paul-tavares Apr 16, 2020

oatkiller Apr 15, 2020

paul-tavares Apr 15, 2020 •

edited

Loading

paul-tavares Apr 15, 2020

oatkiller Apr 15, 2020

paul-tavares Apr 15, 2020

paul-tavares Apr 15, 2020 •

edited

Loading

oatkiller Apr 15, 2020

paul-tavares Apr 15, 2020

paul-tavares Apr 15, 2020

paul-tavares Apr 16, 2020

parkiino Apr 16, 2020

paul-tavares Apr 16, 2020

paul-tavares commented Apr 16, 2020

kibanamachine commented Apr 16, 2020

Standard Out

Stack Trace

[Endpoint] Host Details Policy Response Panel #63518

[Endpoint] Host Details Policy Response Panel #63518

Conversation

paul-tavares commented Apr 14, 2020 • edited Loading

Summary

Hosts List

Checklist

elasticmachine commented Apr 14, 2020

elasticmachine commented Apr 14, 2020

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

paul-tavares Apr 15, 2020 • edited Loading

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

paul-tavares Apr 15, 2020 • edited Loading

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

paul-tavares commented Apr 16, 2020

kibanamachine commented Apr 16, 2020

💛 Build succeeded, but was flaky

Standard Out

Stack Trace

History

paul-tavares commented Apr 14, 2020 •

edited

Loading

paul-tavares Apr 15, 2020 •

edited

Loading

paul-tavares Apr 15, 2020 •

edited

Loading