Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Security Solution][Exceptions] - Adds filtering to endpoint index patterns by exceptional fields #71757

Merged
merged 2 commits into from
Jul 15, 2020
Merged

[Security Solution][Exceptions] - Adds filtering to endpoint index patterns by exceptional fields #71757

merged 2 commits into from
Jul 15, 2020

Conversation

dplumlee
Copy link
Contributor

@dplumlee dplumlee commented Jul 14, 2020
edited
Loading

Summary

Filters the endpoint autofill index pattern fields by exceptionable fields

Screen Shot 2020-07-14 at 8 16 43 PM

Checklist

Delete any items that are not applicable to this PR.

For maintainers

@dplumlee dplumlee force-pushed the exceptions-modal-timeline branch 3 times, most recently from e6a95cc to 2d1bc2e Compare July 14, 2020 20:59
@dplumlee dplumlee changed the title Adds open exception from timeline feature to exception modal [Security Solution][Exceptions] - Adds open exception from timeline feature to exception modal Jul 14, 2020
@dplumlee dplumlee marked this pull request as ready for review July 14, 2020 21:26
@dplumlee dplumlee requested review from a team as code owners July 14, 2020 21:26
@elasticmachine
Copy link
Contributor

Pinging @elastic/siem (Team:SIEM)

@dplumlee dplumlee changed the title [Security Solution][Exceptions] - Adds open exception from timeline feature to exception modal [Security Solution][Exceptions] - Adds filtering to endpoint index patterns by exceptional fields Jul 14, 2020
@kibanamachine
Copy link
Contributor

💛 Build succeeded, but was flaky

Test Failures

Kibana Pipeline / kibana-xpack-agent / X-Pack Detection Engine API Integration Tests.x-pack/test/detection_engine_api_integration/security_and_spaces/tests/add_prepackaged_rules·ts.detection engine api security and spaces enabled add_prepackaged_rules creating prepackaged rules should be possible to call the API twice and the second time the number of rules installed should be zero

Link to Jenkins

Standard Out

Failed Tests Reporter:
  - Test has not failed recently on tracked branches

[00:00:00]       │
[00:00:00]         └-: detection engine api security and spaces enabled
[00:00:00]           └-> "before all" hook
[00:00:00]           └-: add_prepackaged_rules
[00:00:00]             └-> "before all" hook
[00:00:00]             └-: creating prepackaged rules
[00:00:00]               └-> "before all" hook
[00:00:00]               └-> should contain two output keys of rules_installed and rules_updated
[00:00:00]                 └-> "before each" hook: global before each
[00:00:00]                 └-> "before each" hook
[00:00:00]                   │ info [o.e.x.i.a.TransportPutLifecycleAction] [kibana-ci-immutable-ubuntu-18-tests-xl-1594772229053175898] adding index lifecycle policy [.siem-signals-default]
[00:00:00]                   │ info [o.e.c.m.MetadataIndexTemplateService] [kibana-ci-immutable-ubuntu-18-tests-xl-1594772229053175898] adding template [.siem-signals-default] for index patterns [.siem-signals-default-*]
[00:00:00]                   │ info [o.e.c.m.MetadataCreateIndexService] [kibana-ci-immutable-ubuntu-18-tests-xl-1594772229053175898] [.siem-signals-default-000001] creating index, cause [api], templates [.siem-signals-default], shards [1]/[1]
[00:00:00]                   │ info [o.e.x.i.IndexLifecycleTransition] [kibana-ci-immutable-ubuntu-18-tests-xl-1594772229053175898] moving index [.siem-signals-default-000001] from [null] to [{"phase":"new","action":"complete","name":"complete"}] in policy [.siem-signals-default]
[00:00:00]                   │ info [o.e.x.i.IndexLifecycleTransition] [kibana-ci-immutable-ubuntu-18-tests-xl-1594772229053175898] moving index [.siem-signals-default-000001] from [{"phase":"new","action":"complete","name":"complete"}] to [{"phase":"hot","action":"unfollow","name":"wait-for-indexing-complete"}] in policy [.siem-signals-default]
[00:00:00]                 │ info [o.e.x.i.IndexLifecycleTransition] [kibana-ci-immutable-ubuntu-18-tests-xl-1594772229053175898] moving index [.siem-signals-default-000001] from [{"phase":"hot","action":"unfollow","name":"wait-for-indexing-complete"}] to [{"phase":"hot","action":"unfollow","name":"wait-for-follow-shard-tasks"}] in policy [.siem-signals-default]
[00:00:01]                 │ info [o.e.c.m.MetadataMappingService] [kibana-ci-immutable-ubuntu-18-tests-xl-1594772229053175898] [.kibana_1/pnxqhZkwQ0OBnGyIC3_TSQ] update_mapping [_doc]
[00:00:03]                 └- ✓ pass  (2.6s) "detection engine api security and spaces enabled add_prepackaged_rules creating prepackaged rules should contain two output keys of rules_installed and rules_updated"
[00:00:03]               └-> "after each" hook
[00:00:03]                 │ info [o.e.c.m.MetadataDeleteIndexService] [kibana-ci-immutable-ubuntu-18-tests-xl-1594772229053175898] [.siem-signals-default-000001/HwbUfhypTAa6f1wPtZF29Q] deleting index
[00:00:03]                 │ info [o.e.c.m.MetadataIndexTemplateService] [kibana-ci-immutable-ubuntu-18-tests-xl-1594772229053175898] removing template [.siem-signals-default]
[00:00:03]               └-> should create the prepackaged rules and return a count greater than zero
[00:00:03]                 └-> "before each" hook: global before each
[00:00:03]                 └-> "before each" hook
[00:00:03]                   │ info [o.e.x.i.a.TransportPutLifecycleAction] [kibana-ci-immutable-ubuntu-18-tests-xl-1594772229053175898] adding index lifecycle policy [.siem-signals-default]
[00:00:03]                   │ info [o.e.c.m.MetadataIndexTemplateService] [kibana-ci-immutable-ubuntu-18-tests-xl-1594772229053175898] adding template [.siem-signals-default] for index patterns [.siem-signals-default-*]
[00:00:03]                   │ info [o.e.c.m.MetadataCreateIndexService] [kibana-ci-immutable-ubuntu-18-tests-xl-1594772229053175898] [.siem-signals-default-000001] creating index, cause [api], templates [.siem-signals-default], shards [1]/[1]
[00:00:04]                   │ info [o.e.x.i.IndexLifecycleTransition] [kibana-ci-immutable-ubuntu-18-tests-xl-1594772229053175898] moving index [.siem-signals-default-000001] from [null] to [{"phase":"new","action":"complete","name":"complete"}] in policy [.siem-signals-default]
[00:00:04]                   │ info [o.e.x.i.IndexLifecycleTransition] [kibana-ci-immutable-ubuntu-18-tests-xl-1594772229053175898] moving index [.siem-signals-default-000001] from [{"phase":"new","action":"complete","name":"complete"}] to [{"phase":"hot","action":"unfollow","name":"wait-for-indexing-complete"}] in policy [.siem-signals-default]
[00:00:04]                 │ info [o.e.x.i.IndexLifecycleTransition] [kibana-ci-immutable-ubuntu-18-tests-xl-1594772229053175898] moving index [.siem-signals-default-000001] from [{"phase":"hot","action":"unfollow","name":"wait-for-indexing-complete"}] to [{"phase":"hot","action":"unfollow","name":"wait-for-follow-shard-tasks"}] in policy [.siem-signals-default]
[00:00:06]                 └- ✓ pass  (2.3s) "detection engine api security and spaces enabled add_prepackaged_rules creating prepackaged rules should create the prepackaged rules and return a count greater than zero"
[00:00:06]               └-> "after each" hook
[00:00:06]                 │ info [o.e.c.m.MetadataDeleteIndexService] [kibana-ci-immutable-ubuntu-18-tests-xl-1594772229053175898] [.siem-signals-default-000001/S8v5MeVkTxiffwJhqlanvg] deleting index
[00:00:06]                 │ info [o.e.c.m.MetadataIndexTemplateService] [kibana-ci-immutable-ubuntu-18-tests-xl-1594772229053175898] removing template [.siem-signals-default]
[00:00:06]               └-> should create the prepackaged rules that the rules_updated is of size zero
[00:00:06]                 └-> "before each" hook: global before each
[00:00:06]                 └-> "before each" hook
[00:00:06]                   │ info [o.e.x.i.a.TransportPutLifecycleAction] [kibana-ci-immutable-ubuntu-18-tests-xl-1594772229053175898] adding index lifecycle policy [.siem-signals-default]
[00:00:06]                   │ info [o.e.c.m.MetadataIndexTemplateService] [kibana-ci-immutable-ubuntu-18-tests-xl-1594772229053175898] adding template [.siem-signals-default] for index patterns [.siem-signals-default-*]
[00:00:06]                   │ info [o.e.c.m.MetadataCreateIndexService] [kibana-ci-immutable-ubuntu-18-tests-xl-1594772229053175898] [.siem-signals-default-000001] creating index, cause [api], templates [.siem-signals-default], shards [1]/[1]
[00:00:06]                   │ info [o.e.x.i.IndexLifecycleTransition] [kibana-ci-immutable-ubuntu-18-tests-xl-1594772229053175898] moving index [.siem-signals-default-000001] from [null] to [{"phase":"new","action":"complete","name":"complete"}] in policy [.siem-signals-default]
[00:00:07]                   │ info [o.e.x.i.IndexLifecycleTransition] [kibana-ci-immutable-ubuntu-18-tests-xl-1594772229053175898] moving index [.siem-signals-default-000001] from [{"phase":"new","action":"complete","name":"complete"}] to [{"phase":"hot","action":"unfollow","name":"wait-for-indexing-complete"}] in policy [.siem-signals-default]
[00:00:07]                 │ info [o.e.x.i.IndexLifecycleTransition] [kibana-ci-immutable-ubuntu-18-tests-xl-1594772229053175898] moving index [.siem-signals-default-000001] from [{"phase":"hot","action":"unfollow","name":"wait-for-indexing-complete"}] to [{"phase":"hot","action":"unfollow","name":"wait-for-follow-shard-tasks"}] in policy [.siem-signals-default]
[00:00:08]                 └- ✓ pass  (1.6s) "detection engine api security and spaces enabled add_prepackaged_rules creating prepackaged rules should create the prepackaged rules that the rules_updated is of size zero"
[00:00:08]               └-> "after each" hook
[00:00:08]                 │ info [o.e.c.m.MetadataDeleteIndexService] [kibana-ci-immutable-ubuntu-18-tests-xl-1594772229053175898] [.siem-signals-default-000001/cZ0n5LkBQ8WdIjZvDjF8zQ] deleting index
[00:00:08]                 │ info [o.e.c.m.MetadataIndexTemplateService] [kibana-ci-immutable-ubuntu-18-tests-xl-1594772229053175898] removing template [.siem-signals-default]
[00:00:08]               └-> should be possible to call the API twice and the second time the number of rules installed should be zero
[00:00:08]                 └-> "before each" hook: global before each
[00:00:08]                 └-> "before each" hook
[00:00:08]                   │ info [o.e.x.i.a.TransportPutLifecycleAction] [kibana-ci-immutable-ubuntu-18-tests-xl-1594772229053175898] adding index lifecycle policy [.siem-signals-default]
[00:00:09]                   │ info [o.e.c.m.MetadataIndexTemplateService] [kibana-ci-immutable-ubuntu-18-tests-xl-1594772229053175898] adding template [.siem-signals-default] for index patterns [.siem-signals-default-*]
[00:00:09]                   │ info [o.e.c.m.MetadataCreateIndexService] [kibana-ci-immutable-ubuntu-18-tests-xl-1594772229053175898] [.siem-signals-default-000001] creating index, cause [api], templates [.siem-signals-default], shards [1]/[1]
[00:00:09]                   │ info [o.e.x.i.IndexLifecycleTransition] [kibana-ci-immutable-ubuntu-18-tests-xl-1594772229053175898] moving index [.siem-signals-default-000001] from [null] to [{"phase":"new","action":"complete","name":"complete"}] in policy [.siem-signals-default]
[00:00:09]                   │ info [o.e.x.i.IndexLifecycleTransition] [kibana-ci-immutable-ubuntu-18-tests-xl-1594772229053175898] moving index [.siem-signals-default-000001] from [{"phase":"new","action":"complete","name":"complete"}] to [{"phase":"hot","action":"unfollow","name":"wait-for-indexing-complete"}] in policy [.siem-signals-default]
[00:00:09]                 │ info [o.e.x.i.IndexLifecycleTransition] [kibana-ci-immutable-ubuntu-18-tests-xl-1594772229053175898] moving index [.siem-signals-default-000001] from [{"phase":"hot","action":"unfollow","name":"wait-for-indexing-complete"}] to [{"phase":"hot","action":"unfollow","name":"wait-for-follow-shard-tasks"}] in policy [.siem-signals-default]
[00:00:10]                 └- ✖ fail: detection engine api security and spaces enabled add_prepackaged_rules creating prepackaged rules should be possible to call the API twice and the second time the number of rules installed should be zero
[00:00:10]                 │       Error: expected 1 to sort of equal 0
[00:00:10]                 │       + expected - actual
[00:00:10]                 │ 
[00:00:10]                 │       -1
[00:00:10]                 │       +0
[00:00:10]                 │       
[00:00:10]                 │       at Assertion.assert (/dev/shm/workspace/kibana/packages/kbn-expect/expect.js:100:11)
[00:00:10]                 │       at Assertion.eql (/dev/shm/workspace/kibana/packages/kbn-expect/expect.js:244:8)
[00:00:10]                 │       at Context.it (test/detection_engine_api_integration/security_and_spaces/tests/add_prepackaged_rules.ts:99:41)
[00:00:10]                 │ 
[00:00:10]                 │

Stack Trace

{ Error: expected 1 to sort of equal 0
    at Assertion.assert (/dev/shm/workspace/kibana/packages/kbn-expect/expect.js:100:11)
    at Assertion.eql (/dev/shm/workspace/kibana/packages/kbn-expect/expect.js:244:8)
    at Context.it (test/detection_engine_api_integration/security_and_spaces/tests/add_prepackaged_rules.ts:99:41) actual: '1', expected: '0', showDiff: true }

Build metrics

‼️ unable to find a baseline build for [master@754ade5]. Try merging the upstream branch and trying again.

History

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

@dplumlee dplumlee merged commit 8a99880 into elastic:master Jul 15, 2020
@dplumlee dplumlee deleted the exceptions-modal-timeline branch July 15, 2020 02:05
@dplumlee dplumlee mentioned this pull request Jul 15, 2020
Merged
gmmorris added a commit to gmmorris/kibana that referenced this pull request Jul 15, 2020
@gmmorris
Merge branch 'master' into alerting/consumer-based-rbac
6b090eb 
* master: (82 commits)
  Fixed the spacing of child accordion items for policy response dialog. (elastic#71677)
  [SECURITY] Timeline bug 7.9 (elastic#71748)
  use fixed isChromeVisible method (elastic#71813)
  [SIEM][Detection Engine][Lists] Adds specific endpoint_list REST API and API for abilities to auto-create the endpoint_list if it gets deleted (elastic#71792)
  [test] Skips flaky Saved Objects Management test
  [APM] Remove watcher integration (elastic#71655)
  [APM] Increase `xpack.apm.ui.transactionGroupBucketSize` (elastic#71661)
  [test] Skips Ingest Manager test preventing ES promotion
  [test] Skips flaky detection engine tests
  Revert "re-fix navigate path for master add SAML login to login_page (elastic#71337)"
  [tests] Temporarily skipped Fleet tests
  [test] Skipped monitoring test
  [Security Solution][Detections] Associate Endpoint Exceptions List to Rule during rule creation/update (elastic#71794)
  Add endpoint exception creation API validation (elastic#71791)
  Skip jest tests that timeout waiting for react (elastic#71801)
  [Security Solution][Exceptions] - Adds filtering to endpoint index patterns by exceptional fields (elastic#71757)
  [Reporting] Re-delete a file (elastic#71730)
  [Security Solution] [Detections] Fixes bug for determining when we hit max signals after filtering with lists (elastic#71768)
  [Ingest Manager] Better display of Fleet requirements (elastic#71686)
  [tests] Temporarily skipped to promote snapshot
  ...
angorayc pushed a commit that referenced this pull request Jul 15, 2020
@dplumlee @elasticmachine
[Security Solution][Exceptions] - Adds filtering to endpoint index pa…
7c1ed4c 
…tterns by exceptional fields (#71757) (#71804)

Co-authored-by: Elastic Machine <[email protected]>
@MindyRS MindyRS added the Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. label Sep 23, 2021
@elasticmachine
Copy link
Contributor

Pinging @elastic/security-solution (Team: SecuritySolution)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@peluja1012 peluja1012 peluja1012 approved these changes

@marshallmain marshallmain marshallmain approved these changes

Assignees
No one assigned
Labels
release_note:enhancement Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. Team:SIEM v7.9.0 v8.0.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@dplumlee @elasticmachine @kibanamachine @peluja1012 @marshallmain @MindyRS