[SIEM] Adds Connections (Pewpew) Map to Network Page (elastic#43965)

## Summary This PR uses the Embeddables API to embed a [Connections Map](elastic#41504) on the Network Page of the SIEM App. A [Map Configuration](elastic#43878) is generated on page load for configured Kibana Index Patterns that match the `siem:defaultIndex` setting in Kibana Advanced Settings, with a `Source`, `Destination`, and `Line` layer being created for each configured Kibana Index Pattern. Features includes: * Global KQL Bar Filtering * Global Timerange Filtering * Global Refresh * Click on a feature on the map to view details in tooltip * Line Selection: shows `Total Source/Destination Bytes` and `Total Documents` in tooltip * Source/Destination Selection: shows `host.name` and `host.ip` * Send filter to Global KQL Bar from Source/Destination feature tooltip (`host.name` and `host.ip`) * Informative error when index patterns aren't configured that links to specific beats setup documentation (e.g. [auditbeat setup docs](https://www.elastic.co/guide/en/beats/auditbeat/current/load-kibana-dashboards.html)) #### Dark Theme: ![image](https://user-images.githubusercontent.com/2946766/63667505-4dbe1900-c791-11e9-9b1e-9b690eafc405.png) #### Light Theme: ![image](https://user-images.githubusercontent.com/2946766/63667685-f2d8f180-c791-11e9-840e-6d3fbe0adaf2.png) ### Visual Feature Catalogue® <details><summary>Global KQL Bar Filtering</summary> ![pewpew_global_kql_filter](https://user-images.githubusercontent.com/2946766/63803146-72210f00-c8d1-11e9-951a-18571bbf9069.gif) </details> <details><summary>Global Timerange Filtering + Refreshing</summary> ![pewpew_global_time_filter](https://user-images.githubusercontent.com/2946766/63803214-9b419f80-c8d1-11e9-8349-e4f40fa39200.gif) </details> <details><summary>Filter on `host.name` or `host.ip` From Map Tooltip</summary> ![pewpew_filter_on_property](https://user-images.githubusercontent.com/2946766/63803302-d6dc6980-c8d1-11e9-990d-c364b53e247b.gif) </details> <details><summary>Using Field Formatters in Tooltip to link to Host/Network Details</summary> ![pewpew_field_formatter_links](https://user-images.githubusercontent.com/2946766/63803333-e65bb280-c8d1-11e9-9743-81165e0f78d7.gif) </details> <details><summary>Error displayed when Index Patterns aren't available</summary> ![image](https://user-images.githubusercontent.com/2946766/63804367-418ea480-c8d4-11e9-9357-73418a197809.png) </details> ### Checklist Use ~~strikethroughs~~ to remove checklist items you don't feel are applicable to this PR. - [x] This was checked for cross-browser compatibility, [including a check against IE11](https://github.com/elastic/kibana/blob/master/CONTRIBUTING.md#cross-browser-compatibility) * Tested and all functionality works in Chrome/FF/Safari * IE11 fails to load map with `mapbox-gl.js` exception. Details: elastic#44155 - [x] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/master/packages/kbn-i18n/README.md) - [ ] [Documentation](https://github.com/elastic/kibana/blob/master/CONTRIBUTING.md#writing-documentation) was added for features that require explanation or tutorials * Not yet, but will work with @benskelker on this. - [x] [Unit or functional tests](https://github.com/elastic/kibana/blob/master/CONTRIBUTING.md#cross-browser-compatibility) were updated or added to match the most common scenarios - [ ] ~This was checked for [keyboard-only and screenreader accessibility](https://developer.mozilla.org/en-US/docs/Learn/Tools_and_testing/Cross_browser_testing/Accessibility#Accessibility_testing_checklist)~ ### For maintainers - [ ] ~This was checked for breaking API changes and was [labeled appropriately](https://github.com/elastic/kibana/blob/master/CONTRIBUTING.md#release-notes-process)~ - [x] This includes a feature addition or change that requires a release note and was [labeled appropriately](https://github.com/elastic/kibana/blob/master/CONTRIBUTING.md#release-notes-process)
spong · Aug 30, 2019 · 5ffe4be · 5ffe4be
1 parent 1aeb617
commit 5ffe4be
Show file tree

Hide file tree

Showing 21 changed files with 1,325 additions and 19 deletions.
diff --git a/x-pack/legacy/plugins/siem/public/components/embeddables/__mocks__/mock.ts b/x-pack/legacy/plugins/siem/public/components/embeddables/__mocks__/mock.ts
@@ -0,0 +1,168 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License;
+ * you may not use this file except in compliance with the Elastic License.
+ */
+
+import { IndexPatternMapping } from '../types';
+
+export const mockIndexPatternIds: IndexPatternMapping[] = [
+  { title: 'filebeat-*', id: '8c7323ac-97ad-4b53-ac0a-40f8f691a918' },
+];
+
+export const mockSourceLayer = {
+  sourceDescriptor: {
+    id: 'uuid.v4()',
+    type: 'ES_SEARCH',
+    geoField: 'source.geo.location',
+    filterByMapBounds: false,
+    tooltipProperties: ['host.name', 'host.ip'],
+    useTopHits: false,
+    topHitsTimeField: '@timestamp',
+    topHitsSize: 1,
+    indexPatternId: '8c7323ac-97ad-4b53-ac0a-40f8f691a918',
+  },
+  style: {
+    type: 'VECTOR',
+    properties: {
+      fillColor: { type: 'STATIC', options: { color: '#3cb44b' } },
+      lineColor: { type: 'STATIC', options: { color: '#FFFFFF' } },
+      lineWidth: { type: 'STATIC', options: { size: 1 } },
+      iconSize: { type: 'STATIC', options: { size: 6 } },
+      iconOrientation: { type: 'STATIC', options: { orientation: 0 } },
+      symbol: { options: { symbolizeAs: 'circle', symbolId: 'arrow-es' } },
+    },
+  },
+  id: 'uuid.v4()',
+  label: `filebeat-* | Source Point`,
+  minZoom: 0,
+  maxZoom: 24,
+  alpha: 0.75,
+  visible: true,
+  applyGlobalQuery: true,
+  type: 'VECTOR',
+  query: { query: 'source.geo.location:* and destination.geo.location:*', language: 'kuery' },
+  joins: [],
+};
+
+export const mockDestinationLayer = {
+  sourceDescriptor: {
+    id: 'uuid.v4()',
+    type: 'ES_SEARCH',
+    geoField: 'destination.geo.location',
+    filterByMapBounds: true,
+    tooltipProperties: ['host.name', 'host.ip'],
+    useTopHits: false,
+    topHitsTimeField: '@timestamp',
+    topHitsSize: 1,
+    indexPatternId: '8c7323ac-97ad-4b53-ac0a-40f8f691a918',
+  },
+  style: {
+    type: 'VECTOR',
+    properties: {
+      fillColor: { type: 'STATIC', options: { color: '#e6194b' } },
+      lineColor: { type: 'STATIC', options: { color: '#FFFFFF' } },
+      lineWidth: { type: 'STATIC', options: { size: 1 } },
+      iconSize: { type: 'STATIC', options: { size: 6 } },
+      iconOrientation: { type: 'STATIC', options: { orientation: 0 } },
+      symbol: { options: { symbolizeAs: 'circle', symbolId: 'airfield' } },
+    },
+  },
+  id: 'uuid.v4()',
+  label: `filebeat-* | Destination Point`,
+  minZoom: 0,
+  maxZoom: 24,
+  alpha: 0.75,
+  visible: true,
+  applyGlobalQuery: true,
+  type: 'VECTOR',
+  query: { query: 'source.geo.location:* and destination.geo.location:*', language: 'kuery' },
+};
+
+export const mockLineLayer = {
+  sourceDescriptor: {
+    type: 'ES_PEW_PEW',
+    id: 'uuid.v4()',
+    indexPatternId: '8c7323ac-97ad-4b53-ac0a-40f8f691a918',
+    sourceGeoField: 'source.geo.location',
+    destGeoField: 'destination.geo.location',
+    metrics: [
+      { type: 'sum', field: 'source.bytes', label: 'Total Src Bytes' },
+      { type: 'sum', field: 'destination.bytes', label: 'Total Dest Bytes' },
+      { type: 'count', label: 'Total Documents' },
+    ],
+  },
+  style: {
+    type: 'VECTOR',
+    properties: {
+      fillColor: { type: 'STATIC', options: { color: '#e6194b' } },
+      lineColor: {
+        type: 'DYNAMIC',
+        options: {
+          color: 'Green to Red',
+          field: { label: 'count', name: 'doc_count', origin: 'source' },
+          useCustomColorRamp: false,
+        },
+      },
+      lineWidth: {
+        type: 'DYNAMIC',
+        options: {
+          minSize: 1,
+          maxSize: 4,
+          field: { label: 'count', name: 'doc_count', origin: 'source' },
+        },
+      },
+      iconSize: { type: 'STATIC', options: { size: 10 } },
+      iconOrientation: { type: 'STATIC', options: { orientation: 0 } },
+      symbol: { options: { symbolizeAs: 'circle', symbolId: 'airfield' } },
+    },
+  },
+  id: 'uuid.v4()',
+  label: `filebeat-* | Line`,
+  minZoom: 0,
+  maxZoom: 24,
+  alpha: 1,
+  visible: true,
+  applyGlobalQuery: true,
+  type: 'VECTOR',
+  query: { query: '', language: 'kuery' },
+};
+
+export const mockLayerList = [
+  {
+    sourceDescriptor: { type: 'EMS_TMS', isAutoSelect: true },
+    id: 'uuid.v4()',
+    label: null,
+    minZoom: 0,
+    maxZoom: 24,
+    alpha: 1,
+    visible: true,
+    applyGlobalQuery: true,
+    style: { type: 'TILE', properties: {} },
+    type: 'TILE',
+  },
+  mockLineLayer,
+  mockDestinationLayer,
+  mockSourceLayer,
+];
+
+export const mockLayerListDouble = [
+  {
+    sourceDescriptor: { type: 'EMS_TMS', isAutoSelect: true },
+    id: 'uuid.v4()',
+    label: null,
+    minZoom: 0,
+    maxZoom: 24,
+    alpha: 1,
+    visible: true,
+    applyGlobalQuery: true,
+    style: { type: 'TILE', properties: {} },
+    type: 'TILE',
+  },
+  mockLineLayer,
+  mockDestinationLayer,
+  mockSourceLayer,
+  mockLineLayer,
+  mockDestinationLayer,
+  mockSourceLayer,
+];
diff --git a/...egacy/plugins/siem/public/components/embeddables/__snapshots__/embedded_map.test.tsx.snap b/...egacy/plugins/siem/public/components/embeddables/__snapshots__/embedded_map.test.tsx.snap
diff --git a/...m/public/components/embeddables/__snapshots__/index_patterns_missing_prompt.test.tsx.snap b/...m/public/components/embeddables/__snapshots__/index_patterns_missing_prompt.test.tsx.snap