From 134d938f690e688bb386ece4cce89c0ad5f90d47 Mon Sep 17 00:00:00 2001 From: abhishekbhatia1710 Date: Fri, 24 Jan 2025 19:06:56 +0530 Subject: [PATCH 01/14] Changes to support event.ingested as a configurable timestamp files for init and enable --- .../entity_store/common.gen.ts | 1 + .../entity_store/common.schema.yaml | 2 ++ .../entity_store/enable.gen.ts | 4 +++ .../entity_store/enable.schema.yaml | 4 +++ .../entity_store/engine/init.gen.ts | 4 +++ .../entity_store/engine/init.schema.yaml | 4 +++ .../entity_store/engine/start.gen.ts | 9 ++++++ .../entity_store/engine/start.schema.yaml | 12 ++++++++ .../entity_store/entities/common.gen.ts | 21 ++++++++++++-- .../entity_store/entities/common.schema.yaml | 21 ++++++++++++-- .../common/api/quickstart_client.gen.ts | 3 ++ .../security_solution/server/config.ts | 1 + .../entity_store/entity_store_data_client.ts | 29 +++++++++++++++---- .../installation/engine_description.ts | 6 +++- .../saved_object/engine_descriptor.ts | 5 +++- .../saved_object/engine_descriptor_type.ts | 3 ++ .../services/security_solution_api.gen.ts | 9 ++++-- .../entity_store.ts | 5 ++++ .../entity_store_nondefault_spaces.ts | 5 ++++ 19 files changed, 132 insertions(+), 16 deletions(-) diff --git a/x-pack/solutions/security/plugins/security_solution/common/api/entity_analytics/entity_store/common.gen.ts b/x-pack/solutions/security/plugins/security_solution/common/api/entity_analytics/entity_store/common.gen.ts index 8fd0b17161154..05f51a77ffe7e 100644 --- a/x-pack/solutions/security/plugins/security_solution/common/api/entity_analytics/entity_store/common.gen.ts +++ b/x-pack/solutions/security/plugins/security_solution/common/api/entity_analytics/entity_store/common.gen.ts @@ -36,6 +36,7 @@ export const EngineDescriptor = z.object({ status: EngineStatus, filter: z.string().optional(), fieldHistoryLength: z.number().int(), + timestampField: z.string().optional(), error: z.object({}).optional(), }); diff --git a/x-pack/solutions/security/plugins/security_solution/common/api/entity_analytics/entity_store/common.schema.yaml b/x-pack/solutions/security/plugins/security_solution/common/api/entity_analytics/entity_store/common.schema.yaml index 68b6e6612735c..a6ea88767060c 100644 --- a/x-pack/solutions/security/plugins/security_solution/common/api/entity_analytics/entity_store/common.schema.yaml +++ b/x-pack/solutions/security/plugins/security_solution/common/api/entity_analytics/entity_store/common.schema.yaml @@ -32,6 +32,8 @@ components: type: string fieldHistoryLength: type: integer + timestampField: + type: string error: type: object diff --git a/x-pack/solutions/security/plugins/security_solution/common/api/entity_analytics/entity_store/enable.gen.ts b/x-pack/solutions/security/plugins/security_solution/common/api/entity_analytics/entity_store/enable.gen.ts index 70a58bf02be68..fe5df54a3dbf1 100644 --- a/x-pack/solutions/security/plugins/security_solution/common/api/entity_analytics/entity_store/enable.gen.ts +++ b/x-pack/solutions/security/plugins/security_solution/common/api/entity_analytics/entity_store/enable.gen.ts @@ -26,6 +26,10 @@ export const InitEntityStoreRequestBody = z.object({ fieldHistoryLength: z.number().int().optional().default(10), indexPattern: IndexPattern.optional(), filter: z.string().optional(), + /** + * The field to use as the timestamp. + */ + timestampField: z.string().optional().default('@timestamp'), }); export type InitEntityStoreRequestBodyInput = z.input; diff --git a/x-pack/solutions/security/plugins/security_solution/common/api/entity_analytics/entity_store/enable.schema.yaml b/x-pack/solutions/security/plugins/security_solution/common/api/entity_analytics/entity_store/enable.schema.yaml index 81eec22d9ade9..4b5a52cefb2ab 100644 --- a/x-pack/solutions/security/plugins/security_solution/common/api/entity_analytics/entity_store/enable.schema.yaml +++ b/x-pack/solutions/security/plugins/security_solution/common/api/entity_analytics/entity_store/enable.schema.yaml @@ -27,6 +27,10 @@ paths: $ref: './common.schema.yaml#/components/schemas/IndexPattern' filter: type: string + timestampField: + type: string + description: The field to use as the timestamp. + default: '@timestamp' responses: '200': description: Successful response diff --git a/x-pack/solutions/security/plugins/security_solution/common/api/entity_analytics/entity_store/engine/init.gen.ts b/x-pack/solutions/security/plugins/security_solution/common/api/entity_analytics/entity_store/engine/init.gen.ts index e3dcd55e0acc1..252cccc0775e0 100644 --- a/x-pack/solutions/security/plugins/security_solution/common/api/entity_analytics/entity_store/engine/init.gen.ts +++ b/x-pack/solutions/security/plugins/security_solution/common/api/entity_analytics/entity_store/engine/init.gen.ts @@ -35,6 +35,10 @@ export const InitEntityEngineRequestBody = z.object({ fieldHistoryLength: z.number().int().optional().default(10), indexPattern: IndexPattern.optional(), filter: z.string().optional(), + /** + * The field to use as the timestamp for the entity type. + */ + timestampField: z.string().optional().default('@timestamp'), }); export type InitEntityEngineRequestBodyInput = z.input; diff --git a/x-pack/solutions/security/plugins/security_solution/common/api/entity_analytics/entity_store/engine/init.schema.yaml b/x-pack/solutions/security/plugins/security_solution/common/api/entity_analytics/entity_store/engine/init.schema.yaml index 94a0d84e8cad0..3f92e02264b1a 100644 --- a/x-pack/solutions/security/plugins/security_solution/common/api/entity_analytics/entity_store/engine/init.schema.yaml +++ b/x-pack/solutions/security/plugins/security_solution/common/api/entity_analytics/entity_store/engine/init.schema.yaml @@ -33,6 +33,10 @@ paths: $ref: '../common.schema.yaml#/components/schemas/IndexPattern' filter: type: string + timestampField: + type: string + description: The field to use as the timestamp for the entity type. + default: '@timestamp' responses: '200': description: Successful response diff --git a/x-pack/solutions/security/plugins/security_solution/common/api/entity_analytics/entity_store/engine/start.gen.ts b/x-pack/solutions/security/plugins/security_solution/common/api/entity_analytics/entity_store/engine/start.gen.ts index 8260597d044fc..7dd13e83b04bc 100644 --- a/x-pack/solutions/security/plugins/security_solution/common/api/entity_analytics/entity_store/engine/start.gen.ts +++ b/x-pack/solutions/security/plugins/security_solution/common/api/entity_analytics/entity_store/engine/start.gen.ts @@ -27,6 +27,15 @@ export const StartEntityEngineRequestParams = z.object({ }); export type StartEntityEngineRequestParamsInput = z.input; +export type StartEntityEngineRequestBody = z.infer; +export const StartEntityEngineRequestBody = z.object({ + /** + * The field to use as the timestamp for the entity type. + */ + timestampField: z.string().optional().default('@timestamp'), +}); +export type StartEntityEngineRequestBodyInput = z.input; + export type StartEntityEngineResponse = z.infer; export const StartEntityEngineResponse = z.object({ started: z.boolean().optional(), diff --git a/x-pack/solutions/security/plugins/security_solution/common/api/entity_analytics/entity_store/engine/start.schema.yaml b/x-pack/solutions/security/plugins/security_solution/common/api/entity_analytics/entity_store/engine/start.schema.yaml index 595fd1e074441..d3e27de3acfd8 100644 --- a/x-pack/solutions/security/plugins/security_solution/common/api/entity_analytics/entity_store/engine/start.schema.yaml +++ b/x-pack/solutions/security/plugins/security_solution/common/api/entity_analytics/entity_store/engine/start.schema.yaml @@ -17,6 +17,18 @@ paths: schema: $ref: '../common.schema.yaml#/components/schemas/EntityType' description: The entity type of the engine (either 'user' or 'host'). + requestBody: + description: Schema for the engine start + required: false + content: + application/json: + schema: + type: object + properties: + timestampField: + type: string + description: The field to use as the timestamp for the entity type. + default: '@timestamp' responses: '200': description: Successful response diff --git a/x-pack/solutions/security/plugins/security_solution/common/api/entity_analytics/entity_store/entities/common.gen.ts b/x-pack/solutions/security/plugins/security_solution/common/api/entity_analytics/entity_store/entities/common.gen.ts index 6e056b07f194b..6efd6e4be02b9 100644 --- a/x-pack/solutions/security/plugins/security_solution/common/api/entity_analytics/entity_store/entities/common.gen.ts +++ b/x-pack/solutions/security/plugins/security_solution/common/api/entity_analytics/entity_store/entities/common.gen.ts @@ -21,7 +21,7 @@ import { AssetCriticalityLevel } from '../../asset_criticality/common.gen'; export type UserEntity = z.infer; export const UserEntity = z.object({ - '@timestamp': z.string().datetime(), + '@timestamp': z.string().datetime().optional(), entity: z.object({ name: z.string(), source: z.string(), @@ -41,11 +41,16 @@ export const UserEntity = z.object({ criticality: AssetCriticalityLevel, }) .optional(), + event: z + .object({ + ingested: z.string().datetime().optional(), + }) + .optional(), }); export type HostEntity = z.infer; export const HostEntity = z.object({ - '@timestamp': z.string().datetime(), + '@timestamp': z.string().datetime().optional(), entity: z.object({ name: z.string(), source: z.string(), @@ -66,11 +71,16 @@ export const HostEntity = z.object({ criticality: AssetCriticalityLevel, }) .optional(), + event: z + .object({ + ingested: z.string().datetime().optional(), + }) + .optional(), }); export type ServiceEntity = z.infer; export const ServiceEntity = z.object({ - '@timestamp': z.string().datetime(), + '@timestamp': z.string().datetime().optional(), entity: z.object({ name: z.string(), source: z.string(), @@ -84,6 +94,11 @@ export const ServiceEntity = z.object({ criticality: AssetCriticalityLevel, }) .optional(), + event: z + .object({ + ingested: z.string().datetime().optional(), + }) + .optional(), }); export const EntityInternal = z.union([UserEntity, HostEntity, ServiceEntity]); diff --git a/x-pack/solutions/security/plugins/security_solution/common/api/entity_analytics/entity_store/entities/common.schema.yaml b/x-pack/solutions/security/plugins/security_solution/common/api/entity_analytics/entity_store/entities/common.schema.yaml index b4cafa02965a7..d2b2f46ff5e34 100644 --- a/x-pack/solutions/security/plugins/security_solution/common/api/entity_analytics/entity_store/entities/common.schema.yaml +++ b/x-pack/solutions/security/plugins/security_solution/common/api/entity_analytics/entity_store/entities/common.schema.yaml @@ -9,7 +9,6 @@ components: UserEntity: type: object required: - - "@timestamp" - user - entity properties: @@ -66,10 +65,15 @@ components: $ref: '../../asset_criticality/common.schema.yaml#/components/schemas/AssetCriticalityLevel' required: - criticality + event: + type: object + properties: + ingested: + type: string + format: date-time HostEntity: type: object required: - - "@timestamp" - host - entity properties: @@ -130,10 +134,15 @@ components: $ref: '../../asset_criticality/common.schema.yaml#/components/schemas/AssetCriticalityLevel' required: - criticality + event: + type: object + properties: + ingested: + type: string + format: date-time ServiceEntity: type: object required: - - "@timestamp" - service - entity properties: @@ -166,6 +175,12 @@ components: $ref: '../../asset_criticality/common.schema.yaml#/components/schemas/AssetCriticalityLevel' required: - criticality + event: + type: object + properties: + ingested: + type: string + format: date-time Entity: oneOf: - $ref: '#/components/schemas/UserEntity' diff --git a/x-pack/solutions/security/plugins/security_solution/common/api/quickstart_client.gen.ts b/x-pack/solutions/security/plugins/security_solution/common/api/quickstart_client.gen.ts index a57be4b8f0680..4980451fc2200 100644 --- a/x-pack/solutions/security/plugins/security_solution/common/api/quickstart_client.gen.ts +++ b/x-pack/solutions/security/plugins/security_solution/common/api/quickstart_client.gen.ts @@ -265,6 +265,7 @@ import type { import type { ListEntityEnginesResponse } from './entity_analytics/entity_store/engine/list.gen'; import type { StartEntityEngineRequestParamsInput, + StartEntityEngineRequestBodyInput, StartEntityEngineResponse, } from './entity_analytics/entity_store/engine/start.gen'; import type { @@ -2146,6 +2147,7 @@ detection engine rules. [ELASTIC_HTTP_VERSION_HEADER]: '2023-10-31', }, method: 'POST', + body: props.body, }) .catch(catchAxiosErrorFormatAndThrow); } @@ -2579,6 +2581,7 @@ export interface SetAlertTagsProps { } export interface StartEntityEngineProps { params: StartEntityEngineRequestParamsInput; + body: StartEntityEngineRequestBodyInput; } export interface StartRuleMigrationProps { params: StartRuleMigrationRequestParamsInput; diff --git a/x-pack/solutions/security/plugins/security_solution/server/config.ts b/x-pack/solutions/security/plugins/security_solution/server/config.ts index 8b31a21f1e221..c46140438a0da 100644 --- a/x-pack/solutions/security/plugins/security_solution/server/config.ts +++ b/x-pack/solutions/security/plugins/security_solution/server/config.ts @@ -181,6 +181,7 @@ export const configSchema = schema.object({ developer: schema.object({ pipelineDebugMode: schema.boolean({ defaultValue: false }), }), + timestampField: schema.string({ defaultValue: '@timestamp' }), }), }), }); diff --git a/x-pack/solutions/security/plugins/security_solution/server/lib/entity_analytics/entity_store/entity_store_data_client.ts b/x-pack/solutions/security/plugins/security_solution/server/lib/entity_analytics/entity_store/entity_store_data_client.ts index 3d6e7e22cc048..921ea33017d70 100644 --- a/x-pack/solutions/security/plugins/security_solution/server/lib/entity_analytics/entity_store/entity_store_data_client.ts +++ b/x-pack/solutions/security/plugins/security_solution/server/lib/entity_analytics/entity_store/entity_store_data_client.ts @@ -203,7 +203,12 @@ export class EntityStoreDataClient { } public async enable( - { indexPattern = '', filter = '', fieldHistoryLength = 10 }: InitEntityStoreRequestBody, + { + indexPattern = '', + filter = '', + fieldHistoryLength = 10, + timestampField = '@timestamp', + }: InitEntityStoreRequestBody, { pipelineDebugMode = false }: { pipelineDebugMode?: boolean } = {} ): Promise { if (!this.options.taskManager) { @@ -219,7 +224,11 @@ export class EntityStoreDataClient { const promises = enginesTypes.map((entity) => run(() => - this.init(entity, { indexPattern, filter, fieldHistoryLength }, { pipelineDebugMode }) + this.init( + entity, + { indexPattern, filter, fieldHistoryLength, timestampField }, + { pipelineDebugMode } + ) ) ); @@ -277,7 +286,12 @@ export class EntityStoreDataClient { public async init( entityType: EntityType, - { indexPattern = '', filter = '', fieldHistoryLength = 10 }: InitEntityEngineRequestBody, + { + indexPattern = '', + filter = '', + fieldHistoryLength = 10, + timestampField, + }: InitEntityEngineRequestBody, { pipelineDebugMode = false }: { pipelineDebugMode?: boolean } = {} ): Promise { const { experimentalFeatures } = this.options; @@ -328,6 +342,7 @@ export class EntityStoreDataClient { filter, fieldHistoryLength, indexPattern, + timestampField, }); this.log('debug', entityType, `Initialized engine saved object`); @@ -338,7 +353,8 @@ export class EntityStoreDataClient { indexPattern, filter, config, - pipelineDebugMode + pipelineDebugMode, + timestampField ).catch((e) => this.log('error', entityType, `Error during async setup of entity store: ${e.message}`) ); @@ -353,7 +369,8 @@ export class EntityStoreDataClient { indexPattern: string, filter: string, config: EntityStoreConfig, - pipelineDebugMode: boolean + pipelineDebugMode: boolean, + timestampField: string ) { const setupStartTime = moment().utc().toISOString(); const { logger, namespace, appClient, dataViewsService } = this.options; @@ -363,7 +380,7 @@ export class EntityStoreDataClient { const description = createEngineDescription({ entityType, namespace, - requestParams: { indexPattern, fieldHistoryLength }, + requestParams: { indexPattern, fieldHistoryLength, timestampField }, defaultIndexPatterns, config, }); diff --git a/x-pack/solutions/security/plugins/security_solution/server/lib/entity_analytics/entity_store/installation/engine_description.ts b/x-pack/solutions/security/plugins/security_solution/server/lib/entity_analytics/entity_store/installation/engine_description.ts index d60e09935bda9..cd85a8d303dce 100644 --- a/x-pack/solutions/security/plugins/security_solution/server/lib/entity_analytics/entity_store/installation/engine_description.ts +++ b/x-pack/solutions/security/plugins/security_solution/server/lib/entity_analytics/entity_store/installation/engine_description.ts @@ -42,6 +42,7 @@ interface EngineDescriptionParams { requestParams?: { indexPattern?: string; fieldHistoryLength?: number; + timestampField?: string; }; defaultIndexPatterns: string[]; } @@ -60,7 +61,10 @@ export const createEngineDescription = (options: EngineDescriptionParams) => { syncDelay: `${config.syncDelay.asSeconds()}s`, frequency: `${config.frequency.asSeconds()}s`, lookbackPeriod: description.settings?.lookbackPeriod || DEFAULT_LOOKBACK_PERIOD, - timestampField: description.settings?.timestampField || DEFAULT_TIMESTAMP_FIELD, + timestampField: + requestParams?.timestampField || + description.settings?.timestampField || + DEFAULT_TIMESTAMP_FIELD, }; const updatedDescription = pipe( diff --git a/x-pack/solutions/security/plugins/security_solution/server/lib/entity_analytics/entity_store/saved_object/engine_descriptor.ts b/x-pack/solutions/security/plugins/security_solution/server/lib/entity_analytics/entity_store/saved_object/engine_descriptor.ts index a3c7a7d0266a1..c5bef75e014f6 100644 --- a/x-pack/solutions/security/plugins/security_solution/server/lib/entity_analytics/entity_store/saved_object/engine_descriptor.ts +++ b/x-pack/solutions/security/plugins/security_solution/server/lib/entity_analytics/entity_store/saved_object/engine_descriptor.ts @@ -37,7 +37,8 @@ export class EngineDescriptorClient { filter, fieldHistoryLength, indexPattern, - }: { filter: string; fieldHistoryLength: number; indexPattern: string } + timestampField, + }: { filter: string; fieldHistoryLength: number; indexPattern: string; timestampField: string } ) { const engineDescriptor = await this.find(entityType); @@ -54,6 +55,7 @@ export class EngineDescriptorClient { filter, fieldHistoryLength, indexPattern, + timestampField, }; await this.deps.soClient.update( entityEngineDescriptorTypeName, @@ -73,6 +75,7 @@ export class EngineDescriptorClient { indexPattern, filter, fieldHistoryLength, + timestampField, }, { id: this.getSavedObjectId(entityType) } ); diff --git a/x-pack/solutions/security/plugins/security_solution/server/lib/entity_analytics/entity_store/saved_object/engine_descriptor_type.ts b/x-pack/solutions/security/plugins/security_solution/server/lib/entity_analytics/entity_store/saved_object/engine_descriptor_type.ts index 9f618521ce27a..c4d90ee2c1587 100644 --- a/x-pack/solutions/security/plugins/security_solution/server/lib/entity_analytics/entity_store/saved_object/engine_descriptor_type.ts +++ b/x-pack/solutions/security/plugins/security_solution/server/lib/entity_analytics/entity_store/saved_object/engine_descriptor_type.ts @@ -30,6 +30,9 @@ export const entityEngineDescriptorTypeMappings: SavedObjectsType['mappings'] = type: 'integer', index: false, }, + timestampField: { + type: 'keyword', // timestampFieldName : @timestamp | event.ingested + }, }, }; diff --git a/x-pack/test/api_integration/services/security_solution_api.gen.ts b/x-pack/test/api_integration/services/security_solution_api.gen.ts index a069b2e1134ce..9c102c5446ef7 100644 --- a/x-pack/test/api_integration/services/security_solution_api.gen.ts +++ b/x-pack/test/api_integration/services/security_solution_api.gen.ts @@ -146,7 +146,10 @@ import { SearchAlertsRequestBodyInput } from '@kbn/security-solution-plugin/comm import { SetAlertAssigneesRequestBodyInput } from '@kbn/security-solution-plugin/common/api/detection_engine/alert_assignees/set_alert_assignees_route.gen'; import { SetAlertsStatusRequestBodyInput } from '@kbn/security-solution-plugin/common/api/detection_engine/signals/set_signal_status/set_signals_status_route.gen'; import { SetAlertTagsRequestBodyInput } from '@kbn/security-solution-plugin/common/api/detection_engine/alert_tags/set_alert_tags/set_alert_tags.gen'; -import { StartEntityEngineRequestParamsInput } from '@kbn/security-solution-plugin/common/api/entity_analytics/entity_store/engine/start.gen'; +import { + StartEntityEngineRequestParamsInput, + StartEntityEngineRequestBodyInput, +} from '@kbn/security-solution-plugin/common/api/entity_analytics/entity_store/engine/start.gen'; import { StartRuleMigrationRequestParamsInput, StartRuleMigrationRequestBodyInput, @@ -1488,7 +1491,8 @@ detection engine rules. ) .set('kbn-xsrf', 'true') .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') + .send(props.body as object); }, /** * Starts a SIEM rules migration using the migration id provided @@ -1893,6 +1897,7 @@ export interface SetAlertTagsProps { } export interface StartEntityEngineProps { params: StartEntityEngineRequestParamsInput; + body: StartEntityEngineRequestBodyInput; } export interface StartRuleMigrationProps { params: StartRuleMigrationRequestParamsInput; diff --git a/x-pack/test/security_solution_api_integration/test_suites/entity_analytics/entity_store/trial_license_complete_tier/entity_store.ts b/x-pack/test/security_solution_api_integration/test_suites/entity_analytics/entity_store/trial_license_complete_tier/entity_store.ts index 104fbf05b5159..9edd245d337b2 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/entity_analytics/entity_store/trial_license_complete_tier/entity_store.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/entity_analytics/entity_store/trial_license_complete_tier/entity_store.ts @@ -90,6 +90,7 @@ export default ({ getService }: FtrProviderContext) => { indexPattern: '', filter: '', fieldHistoryLength: 10, + timestampField: '@timestamp', }); }); @@ -106,6 +107,7 @@ export default ({ getService }: FtrProviderContext) => { indexPattern: '', filter: '', fieldHistoryLength: 10, + timestampField: '@timestamp', }); }); }); @@ -124,6 +126,7 @@ export default ({ getService }: FtrProviderContext) => { indexPattern: '', filter: '', fieldHistoryLength: 10, + timestampField: '@timestamp', }, { status: 'started', @@ -131,6 +134,7 @@ export default ({ getService }: FtrProviderContext) => { indexPattern: '', filter: '', fieldHistoryLength: 10, + timestampField: '@timestamp', }, ]); }); @@ -166,6 +170,7 @@ export default ({ getService }: FtrProviderContext) => { await api .startEntityEngine({ params: { entityType: 'host' }, + body: {}, }) .expect(200); diff --git a/x-pack/test/security_solution_api_integration/test_suites/entity_analytics/entity_store/trial_license_complete_tier/entity_store_nondefault_spaces.ts b/x-pack/test/security_solution_api_integration/test_suites/entity_analytics/entity_store/trial_license_complete_tier/entity_store_nondefault_spaces.ts index 64809533fec7b..e4c851f9dc5e8 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/entity_analytics/entity_store/trial_license_complete_tier/entity_store_nondefault_spaces.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/entity_analytics/entity_store/trial_license_complete_tier/entity_store_nondefault_spaces.ts @@ -78,6 +78,7 @@ export default ({ getService }: FtrProviderContextWithSpaces) => { filter: '', fieldHistoryLength: 10, indexPattern: '', + timestampField: '@timestamp', }); }); @@ -97,6 +98,7 @@ export default ({ getService }: FtrProviderContextWithSpaces) => { filter: '', fieldHistoryLength: 10, indexPattern: '', + timestampField: '@timestamp', }); }); }); @@ -115,6 +117,7 @@ export default ({ getService }: FtrProviderContextWithSpaces) => { filter: '', fieldHistoryLength: 10, indexPattern: '', + timestampField: '@timestamp', }, { status: 'started', @@ -122,6 +125,7 @@ export default ({ getService }: FtrProviderContextWithSpaces) => { filter: '', fieldHistoryLength: 10, indexPattern: '', + timestampField: '@timestamp', }, ]); }); @@ -164,6 +168,7 @@ export default ({ getService }: FtrProviderContextWithSpaces) => { .startEntityEngine( { params: { entityType: 'host' }, + body: {}, }, namespace ) From 3727e925ed7922c2fd5b34ec3f09d333eefac13c Mon Sep 17 00:00:00 2001 From: kibanamachine <42973632+kibanamachine@users.noreply.github.com> Date: Fri, 24 Jan 2025 14:12:53 +0000 Subject: [PATCH 02/14] [CI] Auto-commit changed files from 'yarn openapi:bundle' --- ...alytics_api_2023_10_31.bundled.schema.yaml | 43 +++++++++++++++++-- ...alytics_api_2023_10_31.bundled.schema.yaml | 43 +++++++++++++++++-- 2 files changed, 80 insertions(+), 6 deletions(-) diff --git a/x-pack/solutions/security/plugins/security_solution/docs/openapi/ess/security_solution_entity_analytics_api_2023_10_31.bundled.schema.yaml b/x-pack/solutions/security/plugins/security_solution/docs/openapi/ess/security_solution_entity_analytics_api_2023_10_31.bundled.schema.yaml index 96c9f89c449df..53a5465f88257 100644 --- a/x-pack/solutions/security/plugins/security_solution/docs/openapi/ess/security_solution_entity_analytics_api_2023_10_31.bundled.schema.yaml +++ b/x-pack/solutions/security/plugins/security_solution/docs/openapi/ess/security_solution_entity_analytics_api_2023_10_31.bundled.schema.yaml @@ -315,6 +315,10 @@ paths: type: string indexPattern: $ref: '#/components/schemas/IndexPattern' + timestampField: + default: '@timestamp' + description: The field to use as the timestamp. + type: string description: Schema for the entity store initialization required: true responses: @@ -426,6 +430,10 @@ paths: type: string indexPattern: $ref: '#/components/schemas/IndexPattern' + timestampField: + default: '@timestamp' + description: The field to use as the timestamp for the entity type. + type: string description: Schema for the engine initialization required: true responses: @@ -448,6 +456,18 @@ paths: required: true schema: $ref: '#/components/schemas/EntityType' + requestBody: + content: + application/json: + schema: + type: object + properties: + timestampField: + default: '@timestamp' + description: The field to use as the timestamp for the entity type. + type: string + description: Schema for the engine start + required: false responses: '200': content: @@ -1004,6 +1024,8 @@ components: $ref: '#/components/schemas/IndexPattern' status: $ref: '#/components/schemas/EngineStatus' + timestampField: + type: string type: $ref: '#/components/schemas/EntityType' required: @@ -1143,6 +1165,12 @@ components: required: - name - source + event: + type: object + properties: + ingested: + format: date-time + type: string host: type: object properties: @@ -1181,7 +1209,6 @@ components: required: - name required: - - '@timestamp' - host - entity IdField: @@ -1283,6 +1310,12 @@ components: required: - name - source + event: + type: object + properties: + ingested: + format: date-time + type: string service: type: object properties: @@ -1293,7 +1326,6 @@ components: required: - name required: - - '@timestamp' - service - entity StoreStatus: @@ -1339,6 +1371,12 @@ components: required: - name - source + event: + type: object + properties: + ingested: + format: date-time + type: string user: type: object properties: @@ -1373,7 +1411,6 @@ components: required: - name required: - - '@timestamp' - user - entity securitySchemes: diff --git a/x-pack/solutions/security/plugins/security_solution/docs/openapi/serverless/security_solution_entity_analytics_api_2023_10_31.bundled.schema.yaml b/x-pack/solutions/security/plugins/security_solution/docs/openapi/serverless/security_solution_entity_analytics_api_2023_10_31.bundled.schema.yaml index e0c4889d64802..6bc183ca7692e 100644 --- a/x-pack/solutions/security/plugins/security_solution/docs/openapi/serverless/security_solution_entity_analytics_api_2023_10_31.bundled.schema.yaml +++ b/x-pack/solutions/security/plugins/security_solution/docs/openapi/serverless/security_solution_entity_analytics_api_2023_10_31.bundled.schema.yaml @@ -315,6 +315,10 @@ paths: type: string indexPattern: $ref: '#/components/schemas/IndexPattern' + timestampField: + default: '@timestamp' + description: The field to use as the timestamp. + type: string description: Schema for the entity store initialization required: true responses: @@ -426,6 +430,10 @@ paths: type: string indexPattern: $ref: '#/components/schemas/IndexPattern' + timestampField: + default: '@timestamp' + description: The field to use as the timestamp for the entity type. + type: string description: Schema for the engine initialization required: true responses: @@ -448,6 +456,18 @@ paths: required: true schema: $ref: '#/components/schemas/EntityType' + requestBody: + content: + application/json: + schema: + type: object + properties: + timestampField: + default: '@timestamp' + description: The field to use as the timestamp for the entity type. + type: string + description: Schema for the engine start + required: false responses: '200': content: @@ -1004,6 +1024,8 @@ components: $ref: '#/components/schemas/IndexPattern' status: $ref: '#/components/schemas/EngineStatus' + timestampField: + type: string type: $ref: '#/components/schemas/EntityType' required: @@ -1143,6 +1165,12 @@ components: required: - name - source + event: + type: object + properties: + ingested: + format: date-time + type: string host: type: object properties: @@ -1181,7 +1209,6 @@ components: required: - name required: - - '@timestamp' - host - entity IdField: @@ -1283,6 +1310,12 @@ components: required: - name - source + event: + type: object + properties: + ingested: + format: date-time + type: string service: type: object properties: @@ -1293,7 +1326,6 @@ components: required: - name required: - - '@timestamp' - service - entity StoreStatus: @@ -1339,6 +1371,12 @@ components: required: - name - source + event: + type: object + properties: + ingested: + format: date-time + type: string user: type: object properties: @@ -1373,7 +1411,6 @@ components: required: - name required: - - '@timestamp' - user - entity securitySchemes: From 4b118da1e4c90a277f83acbf2b71b1af01cfa42e Mon Sep 17 00:00:00 2001 From: kibanamachine <42973632+kibanamachine@users.noreply.github.com> Date: Fri, 24 Jan 2025 14:31:05 +0000 Subject: [PATCH 03/14] [CI] Auto-commit changed files from 'make api-docs' --- oas_docs/output/kibana.serverless.yaml | 43 ++++++++++++++++++++++++-- oas_docs/output/kibana.yaml | 43 ++++++++++++++++++++++++-- 2 files changed, 80 insertions(+), 6 deletions(-) diff --git a/oas_docs/output/kibana.serverless.yaml b/oas_docs/output/kibana.serverless.yaml index 4d574192cb676..3aef5f4001492 100644 --- a/oas_docs/output/kibana.serverless.yaml +++ b/oas_docs/output/kibana.serverless.yaml @@ -9729,6 +9729,10 @@ paths: type: string indexPattern: $ref: '#/components/schemas/Security_Entity_Analytics_API_IndexPattern' + timestampField: + default: '@timestamp' + description: The field to use as the timestamp. + type: string description: Schema for the entity store initialization required: true responses: @@ -9844,6 +9848,10 @@ paths: type: string indexPattern: $ref: '#/components/schemas/Security_Entity_Analytics_API_IndexPattern' + timestampField: + default: '@timestamp' + description: The field to use as the timestamp for the entity type. + type: string description: Schema for the engine initialization required: true responses: @@ -9867,6 +9875,18 @@ paths: required: true schema: $ref: '#/components/schemas/Security_Entity_Analytics_API_EntityType' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + timestampField: + default: '@timestamp' + description: The field to use as the timestamp for the entity type. + type: string + description: Schema for the engine start + required: false responses: '200': content: @@ -48839,6 +48859,8 @@ components: $ref: '#/components/schemas/Security_Entity_Analytics_API_IndexPattern' status: $ref: '#/components/schemas/Security_Entity_Analytics_API_EngineStatus' + timestampField: + type: string type: $ref: '#/components/schemas/Security_Entity_Analytics_API_EntityType' required: @@ -48966,6 +48988,12 @@ components: required: - name - source + event: + type: object + properties: + ingested: + format: date-time + type: string host: type: object properties: @@ -49004,7 +49032,6 @@ components: required: - name required: - - '@timestamp' - host - entity Security_Entity_Analytics_API_IdField: @@ -49106,6 +49133,12 @@ components: required: - name - source + event: + type: object + properties: + ingested: + format: date-time + type: string service: type: object properties: @@ -49116,7 +49149,6 @@ components: required: - name required: - - '@timestamp' - service - entity Security_Entity_Analytics_API_StoreStatus: @@ -49162,6 +49194,12 @@ components: required: - name - source + event: + type: object + properties: + ingested: + format: date-time + type: string user: type: object properties: @@ -49196,7 +49234,6 @@ components: required: - name required: - - '@timestamp' - user - entity Security_Exceptions_API_CreateExceptionListItemComment: diff --git a/oas_docs/output/kibana.yaml b/oas_docs/output/kibana.yaml index 98319048fac28..bc41709a00267 100644 --- a/oas_docs/output/kibana.yaml +++ b/oas_docs/output/kibana.yaml @@ -11900,6 +11900,10 @@ paths: type: string indexPattern: $ref: '#/components/schemas/Security_Entity_Analytics_API_IndexPattern' + timestampField: + default: '@timestamp' + description: The field to use as the timestamp. + type: string description: Schema for the entity store initialization required: true responses: @@ -12011,6 +12015,10 @@ paths: type: string indexPattern: $ref: '#/components/schemas/Security_Entity_Analytics_API_IndexPattern' + timestampField: + default: '@timestamp' + description: The field to use as the timestamp for the entity type. + type: string description: Schema for the engine initialization required: true responses: @@ -12033,6 +12041,18 @@ paths: required: true schema: $ref: '#/components/schemas/Security_Entity_Analytics_API_EntityType' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + timestampField: + default: '@timestamp' + description: The field to use as the timestamp for the entity type. + type: string + description: Schema for the engine start + required: false responses: '200': content: @@ -55714,6 +55734,8 @@ components: $ref: '#/components/schemas/Security_Entity_Analytics_API_IndexPattern' status: $ref: '#/components/schemas/Security_Entity_Analytics_API_EngineStatus' + timestampField: + type: string type: $ref: '#/components/schemas/Security_Entity_Analytics_API_EntityType' required: @@ -55841,6 +55863,12 @@ components: required: - name - source + event: + type: object + properties: + ingested: + format: date-time + type: string host: type: object properties: @@ -55879,7 +55907,6 @@ components: required: - name required: - - '@timestamp' - host - entity Security_Entity_Analytics_API_IdField: @@ -55981,6 +56008,12 @@ components: required: - name - source + event: + type: object + properties: + ingested: + format: date-time + type: string service: type: object properties: @@ -55991,7 +56024,6 @@ components: required: - name required: - - '@timestamp' - service - entity Security_Entity_Analytics_API_StoreStatus: @@ -56037,6 +56069,12 @@ components: required: - name - source + event: + type: object + properties: + ingested: + format: date-time + type: string user: type: object properties: @@ -56071,7 +56109,6 @@ components: required: - name required: - - '@timestamp' - user - entity Security_Exceptions_API_CreateExceptionListItemComment: From eac17796fa89180dc2bc39d68f0c4839eb7a286c Mon Sep 17 00:00:00 2001 From: abhishekbhatia1710 Date: Wed, 29 Jan 2025 14:28:22 +0530 Subject: [PATCH 04/14] Updating the savedObjects model version for the mappings addition --- .../entity_store/saved_object/engine_descriptor_type.ts | 1 + 1 file changed, 1 insertion(+) diff --git a/x-pack/solutions/security/plugins/security_solution/server/lib/entity_analytics/entity_store/saved_object/engine_descriptor_type.ts b/x-pack/solutions/security/plugins/security_solution/server/lib/entity_analytics/entity_store/saved_object/engine_descriptor_type.ts index c4d90ee2c1587..8caf67c38c565 100644 --- a/x-pack/solutions/security/plugins/security_solution/server/lib/entity_analytics/entity_store/saved_object/engine_descriptor_type.ts +++ b/x-pack/solutions/security/plugins/security_solution/server/lib/entity_analytics/entity_store/saved_object/engine_descriptor_type.ts @@ -42,6 +42,7 @@ const version1: SavedObjectsModelVersion = { type: 'mappings_addition', addedMappings: { fieldHistoryLength: { type: 'integer', index: false }, + timestampField: { type: 'keyword' }, }, }, { From dd49a9f7a5a039b45d6a38ac51931e9fae898283 Mon Sep 17 00:00:00 2001 From: kibanamachine <42973632+kibanamachine@users.noreply.github.com> Date: Wed, 29 Jan 2025 09:11:31 +0000 Subject: [PATCH 05/14] [CI] Auto-commit changed files from 'node scripts/check_mappings_update --fix' --- packages/kbn-check-mappings-update-cli/current_fields.json | 1 + packages/kbn-check-mappings-update-cli/current_mappings.json | 3 +++ 2 files changed, 4 insertions(+) diff --git a/packages/kbn-check-mappings-update-cli/current_fields.json b/packages/kbn-check-mappings-update-cli/current_fields.json index 38766ac438b02..7c1226d45ee31 100644 --- a/packages/kbn-check-mappings-update-cli/current_fields.json +++ b/packages/kbn-check-mappings-update-cli/current_fields.json @@ -321,6 +321,7 @@ "filter", "indexPattern", "status", + "timestampField", "type" ], "epm-packages": [ diff --git a/packages/kbn-check-mappings-update-cli/current_mappings.json b/packages/kbn-check-mappings-update-cli/current_mappings.json index 9f41f0839c431..be5d77ad2e8c0 100644 --- a/packages/kbn-check-mappings-update-cli/current_mappings.json +++ b/packages/kbn-check-mappings-update-cli/current_mappings.json @@ -1092,6 +1092,9 @@ "status": { "type": "keyword" }, + "timestampField": { + "type": "keyword" + }, "type": { "type": "keyword" } From 0df797539e19e3b53abd045ea3e25036ca76db19 Mon Sep 17 00:00:00 2001 From: kibanamachine <42973632+kibanamachine@users.noreply.github.com> Date: Wed, 29 Jan 2025 09:29:53 +0000 Subject: [PATCH 06/14] [CI] Auto-commit changed files from 'node scripts/jest_integration -u src/core/server/integration_tests/ci_checks' --- .../ci_checks/saved_objects/check_registered_types.test.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/core/server/integration_tests/ci_checks/saved_objects/check_registered_types.test.ts b/src/core/server/integration_tests/ci_checks/saved_objects/check_registered_types.test.ts index 8e1b64633df2f..2ca772bccffad 100644 --- a/src/core/server/integration_tests/ci_checks/saved_objects/check_registered_types.test.ts +++ b/src/core/server/integration_tests/ci_checks/saved_objects/check_registered_types.test.ts @@ -97,7 +97,7 @@ describe('checking migration metadata changes on all registered SO types', () => "enterprise_search_telemetry": "9ac912e1417fc8681e0cd383775382117c9e3d3d", "entity-definition": "1c6bff35c423d5dc5650bc806cf2899e4706a0bc", "entity-discovery-api-key": "c267a65c69171d1804362155c1378365f5acef88", - "entity-engine-status": "8cb7dcb13f5e2ea8f2e08dd4af72c110e2051120", + "entity-engine-status": "8c65ed80f9c653dc9cc5a2f21f2a4dd2bd3df46a", "epm-packages": "8042d4a1522f6c4e6f5486e791b3ffe3a22f88fd", "epm-packages-assets": "7a3e58efd9a14191d0d1a00b8aaed30a145fd0b1", "event-annotation-group": "715ba867d8c68f3c9438052210ea1c30a9362582", From 11d45cbf37d8e13b3b92443b622967f31cb97bf7 Mon Sep 17 00:00:00 2001 From: abhishekbhatia1710 Date: Wed, 29 Jan 2025 15:29:06 +0530 Subject: [PATCH 07/14] Adding Changes for checkTypes fix --- packages/kbn-check-mappings-update-cli/current_fields.json | 1 + packages/kbn-check-mappings-update-cli/current_mappings.json | 3 +++ .../security/plugins/security_solution/server/config.mock.ts | 1 + 3 files changed, 5 insertions(+) diff --git a/packages/kbn-check-mappings-update-cli/current_fields.json b/packages/kbn-check-mappings-update-cli/current_fields.json index 38766ac438b02..7c1226d45ee31 100644 --- a/packages/kbn-check-mappings-update-cli/current_fields.json +++ b/packages/kbn-check-mappings-update-cli/current_fields.json @@ -321,6 +321,7 @@ "filter", "indexPattern", "status", + "timestampField", "type" ], "epm-packages": [ diff --git a/packages/kbn-check-mappings-update-cli/current_mappings.json b/packages/kbn-check-mappings-update-cli/current_mappings.json index 9f41f0839c431..be5d77ad2e8c0 100644 --- a/packages/kbn-check-mappings-update-cli/current_mappings.json +++ b/packages/kbn-check-mappings-update-cli/current_mappings.json @@ -1092,6 +1092,9 @@ "status": { "type": "keyword" }, + "timestampField": { + "type": "keyword" + }, "type": { "type": "keyword" } diff --git a/x-pack/solutions/security/plugins/security_solution/server/config.mock.ts b/x-pack/solutions/security/plugins/security_solution/server/config.mock.ts index 5fb3dc7b3b48d..ba9de8d331850 100644 --- a/x-pack/solutions/security/plugins/security_solution/server/config.mock.ts +++ b/x-pack/solutions/security/plugins/security_solution/server/config.mock.ts @@ -46,6 +46,7 @@ export const createMockConfig = (): ConfigType => { }, }, entityStore: { + timestampField: '@timestamp', frequency: duration('1m'), syncDelay: duration('5m'), developer: { From a26f52288fb775e0f07fa403e1e2db51b8328b36 Mon Sep 17 00:00:00 2001 From: abhishekbhatia1710 Date: Wed, 29 Jan 2025 15:59:36 +0530 Subject: [PATCH 08/14] Changes for checkTypes --- .../entity_store/installation/engine_description.test.ts | 3 +++ 1 file changed, 3 insertions(+) diff --git a/x-pack/solutions/security/plugins/security_solution/server/lib/entity_analytics/entity_store/installation/engine_description.test.ts b/x-pack/solutions/security/plugins/security_solution/server/lib/entity_analytics/entity_store/installation/engine_description.test.ts index 480dadf676f3c..55f014a5cce20 100644 --- a/x-pack/solutions/security/plugins/security_solution/server/lib/entity_analytics/entity_store/installation/engine_description.test.ts +++ b/x-pack/solutions/security/plugins/security_solution/server/lib/entity_analytics/entity_store/installation/engine_description.test.ts @@ -23,6 +23,7 @@ describe('getUnitedEntityDefinition', () => { syncDelay: duration(60, 'seconds'), frequency: duration(60, 'seconds'), developer: { pipelineDebugMode: false }, + timestampField: '@timestamp', }, }); @@ -273,6 +274,7 @@ describe('getUnitedEntityDefinition', () => { syncDelay: duration(60, 'seconds'), frequency: duration(60, 'seconds'), developer: { pipelineDebugMode: false }, + timestampField: '@timestamp', }, }); @@ -489,6 +491,7 @@ describe('getUnitedEntityDefinition', () => { syncDelay: duration(60, 'seconds'), frequency: duration(60, 'seconds'), developer: { pipelineDebugMode: false }, + timestampField: '@timestamp', }, }); From 814256547a242bbef42fd5cb5f3fdf6ff0d7a28c Mon Sep 17 00:00:00 2001 From: abhishekbhatia1710 Date: Wed, 29 Jan 2025 20:35:20 +0530 Subject: [PATCH 09/14] Removing changes unrelated to the PR --- .../platform/plugins/shared/fleet/public/plugin.ts | 3 +-- .../public/components/overview/overview.tsx | 8 ++------ .../public/components/synonym_sets/synonym_sets.tsx | 5 +---- .../synonyms_set_detail/synonyms_set_detail.tsx | 13 ++----------- .../synonyms_set_detail/synonyms_set_rule_table.tsx | 1 - 5 files changed, 6 insertions(+), 24 deletions(-) diff --git a/x-pack/platform/plugins/shared/fleet/public/plugin.ts b/x-pack/platform/plugins/shared/fleet/public/plugin.ts index 9f4d42e113d3c..993678b6ca649 100644 --- a/x-pack/platform/plugins/shared/fleet/public/plugin.ts +++ b/x-pack/platform/plugins/shared/fleet/public/plugin.ts @@ -53,8 +53,6 @@ import type { DashboardStart } from '@kbn/dashboard-plugin/public'; import { Subject } from 'rxjs'; -import type { AutomaticImportPluginStart } from '@kbn/automatic-import-plugin/public'; - import type { FleetAuthz } from '../common'; import { appRoutesService, INTEGRATIONS_PLUGIN_ID, PLUGIN_ID, setupRouteService } from '../common'; import { @@ -89,6 +87,7 @@ import type { import { LazyCustomLogsAssetsExtension } from './lazy_custom_logs_assets_extension'; import { setCustomIntegrations, setCustomIntegrationsStart } from './services/custom_integrations'; import { getFleetDeepLinks } from './deep_links'; +import type { AutomaticImportPluginStart } from '@kbn/automatic-import-plugin/public'; export type { FleetConfigType } from '../common/types'; diff --git a/x-pack/solutions/search/plugins/search_synonyms/public/components/overview/overview.tsx b/x-pack/solutions/search/plugins/search_synonyms/public/components/overview/overview.tsx index ce82f1cfb36af..53f703f2bf4c6 100644 --- a/x-pack/solutions/search/plugins/search_synonyms/public/components/overview/overview.tsx +++ b/x-pack/solutions/search/plugins/search_synonyms/public/components/overview/overview.tsx @@ -48,7 +48,7 @@ export const SearchSynonymsOverview = () => { rightSideItems={[ - + { - + { }), render: (name: string) => (
- application?.navigateToUrl(`${PLUGIN_ROUTE_ROOT}/sets/${name}`)} - > + application?.navigateToUrl(`${PLUGIN_ROUTE_ROOT}/sets/${name}`)}> {name}
diff --git a/x-pack/solutions/search/plugins/search_synonyms/public/components/synonyms_set_detail/synonyms_set_detail.tsx b/x-pack/solutions/search/plugins/search_synonyms/public/components/synonyms_set_detail/synonyms_set_detail.tsx index 2fb364eedfc8e..1d76b07481750 100644 --- a/x-pack/solutions/search/plugins/search_synonyms/public/components/synonyms_set_detail/synonyms_set_detail.tsx +++ b/x-pack/solutions/search/plugins/search_synonyms/public/components/synonyms_set_detail/synonyms_set_detail.tsx @@ -43,11 +43,7 @@ export const SynonymsSetDetail = () => { rightSideItems={[ - + { - + , ]} diff --git a/x-pack/solutions/search/plugins/search_synonyms/public/components/synonyms_set_detail/synonyms_set_rule_table.tsx b/x-pack/solutions/search/plugins/search_synonyms/public/components/synonyms_set_detail/synonyms_set_rule_table.tsx index f5ddda7816efc..393698c541a86 100644 --- a/x-pack/solutions/search/plugins/search_synonyms/public/components/synonyms_set_detail/synonyms_set_rule_table.tsx +++ b/x-pack/solutions/search/plugins/search_synonyms/public/components/synonyms_set_detail/synonyms_set_rule_table.tsx @@ -53,7 +53,6 @@ export const SynonymsSetRuleTable = ({ synonymsSetId = '' }: { synonymsSetId: st Date: Wed, 29 Jan 2025 20:14:42 +0000 Subject: [PATCH 10/14] remove timestampField from start API docs --- .../entity_store/engine/start.gen.ts | 11 +---------- .../entity_store/engine/start.schema.yaml | 14 +------------- .../common/api/quickstart_client.gen.ts | 3 --- .../services/security_solution_api.gen.ts | 9 ++------- 4 files changed, 4 insertions(+), 33 deletions(-) diff --git a/x-pack/solutions/security/plugins/security_solution/common/api/entity_analytics/entity_store/engine/start.gen.ts b/x-pack/solutions/security/plugins/security_solution/common/api/entity_analytics/entity_store/engine/start.gen.ts index 7dd13e83b04bc..e78c6d812bb10 100644 --- a/x-pack/solutions/security/plugins/security_solution/common/api/entity_analytics/entity_store/engine/start.gen.ts +++ b/x-pack/solutions/security/plugins/security_solution/common/api/entity_analytics/entity_store/engine/start.gen.ts @@ -21,21 +21,12 @@ import { EntityType } from '../common.gen'; export type StartEntityEngineRequestParams = z.infer; export const StartEntityEngineRequestParams = z.object({ /** - * The entity type of the engine (either 'user' or 'host'). + * The entity type of the engine */ entityType: EntityType, }); export type StartEntityEngineRequestParamsInput = z.input; -export type StartEntityEngineRequestBody = z.infer; -export const StartEntityEngineRequestBody = z.object({ - /** - * The field to use as the timestamp for the entity type. - */ - timestampField: z.string().optional().default('@timestamp'), -}); -export type StartEntityEngineRequestBodyInput = z.input; - export type StartEntityEngineResponse = z.infer; export const StartEntityEngineResponse = z.object({ started: z.boolean().optional(), diff --git a/x-pack/solutions/security/plugins/security_solution/common/api/entity_analytics/entity_store/engine/start.schema.yaml b/x-pack/solutions/security/plugins/security_solution/common/api/entity_analytics/entity_store/engine/start.schema.yaml index d3e27de3acfd8..188254a67df1a 100644 --- a/x-pack/solutions/security/plugins/security_solution/common/api/entity_analytics/entity_store/engine/start.schema.yaml +++ b/x-pack/solutions/security/plugins/security_solution/common/api/entity_analytics/entity_store/engine/start.schema.yaml @@ -16,19 +16,7 @@ paths: required: true schema: $ref: '../common.schema.yaml#/components/schemas/EntityType' - description: The entity type of the engine (either 'user' or 'host'). - requestBody: - description: Schema for the engine start - required: false - content: - application/json: - schema: - type: object - properties: - timestampField: - type: string - description: The field to use as the timestamp for the entity type. - default: '@timestamp' + description: The entity type of the engine responses: '200': description: Successful response diff --git a/x-pack/solutions/security/plugins/security_solution/common/api/quickstart_client.gen.ts b/x-pack/solutions/security/plugins/security_solution/common/api/quickstart_client.gen.ts index 4980451fc2200..a57be4b8f0680 100644 --- a/x-pack/solutions/security/plugins/security_solution/common/api/quickstart_client.gen.ts +++ b/x-pack/solutions/security/plugins/security_solution/common/api/quickstart_client.gen.ts @@ -265,7 +265,6 @@ import type { import type { ListEntityEnginesResponse } from './entity_analytics/entity_store/engine/list.gen'; import type { StartEntityEngineRequestParamsInput, - StartEntityEngineRequestBodyInput, StartEntityEngineResponse, } from './entity_analytics/entity_store/engine/start.gen'; import type { @@ -2147,7 +2146,6 @@ detection engine rules. [ELASTIC_HTTP_VERSION_HEADER]: '2023-10-31', }, method: 'POST', - body: props.body, }) .catch(catchAxiosErrorFormatAndThrow); } @@ -2581,7 +2579,6 @@ export interface SetAlertTagsProps { } export interface StartEntityEngineProps { params: StartEntityEngineRequestParamsInput; - body: StartEntityEngineRequestBodyInput; } export interface StartRuleMigrationProps { params: StartRuleMigrationRequestParamsInput; diff --git a/x-pack/test/api_integration/services/security_solution_api.gen.ts b/x-pack/test/api_integration/services/security_solution_api.gen.ts index 9c102c5446ef7..a069b2e1134ce 100644 --- a/x-pack/test/api_integration/services/security_solution_api.gen.ts +++ b/x-pack/test/api_integration/services/security_solution_api.gen.ts @@ -146,10 +146,7 @@ import { SearchAlertsRequestBodyInput } from '@kbn/security-solution-plugin/comm import { SetAlertAssigneesRequestBodyInput } from '@kbn/security-solution-plugin/common/api/detection_engine/alert_assignees/set_alert_assignees_route.gen'; import { SetAlertsStatusRequestBodyInput } from '@kbn/security-solution-plugin/common/api/detection_engine/signals/set_signal_status/set_signals_status_route.gen'; import { SetAlertTagsRequestBodyInput } from '@kbn/security-solution-plugin/common/api/detection_engine/alert_tags/set_alert_tags/set_alert_tags.gen'; -import { - StartEntityEngineRequestParamsInput, - StartEntityEngineRequestBodyInput, -} from '@kbn/security-solution-plugin/common/api/entity_analytics/entity_store/engine/start.gen'; +import { StartEntityEngineRequestParamsInput } from '@kbn/security-solution-plugin/common/api/entity_analytics/entity_store/engine/start.gen'; import { StartRuleMigrationRequestParamsInput, StartRuleMigrationRequestBodyInput, @@ -1491,8 +1488,7 @@ detection engine rules. ) .set('kbn-xsrf', 'true') .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object); + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); }, /** * Starts a SIEM rules migration using the migration id provided @@ -1897,7 +1893,6 @@ export interface SetAlertTagsProps { } export interface StartEntityEngineProps { params: StartEntityEngineRequestParamsInput; - body: StartEntityEngineRequestBodyInput; } export interface StartRuleMigrationProps { params: StartRuleMigrationRequestParamsInput; From f6994c1216a778e2813615a7fae80eceb4cb6217 Mon Sep 17 00:00:00 2001 From: Mark Hopkin Date: Wed, 29 Jan 2025 20:14:50 +0000 Subject: [PATCH 11/14] remove timestampField config value --- .../security/plugins/security_solution/server/config.mock.ts | 1 - .../security/plugins/security_solution/server/config.ts | 1 - .../entity_store/installation/engine_description.test.ts | 3 --- 3 files changed, 5 deletions(-) diff --git a/x-pack/solutions/security/plugins/security_solution/server/config.mock.ts b/x-pack/solutions/security/plugins/security_solution/server/config.mock.ts index ba9de8d331850..5fb3dc7b3b48d 100644 --- a/x-pack/solutions/security/plugins/security_solution/server/config.mock.ts +++ b/x-pack/solutions/security/plugins/security_solution/server/config.mock.ts @@ -46,7 +46,6 @@ export const createMockConfig = (): ConfigType => { }, }, entityStore: { - timestampField: '@timestamp', frequency: duration('1m'), syncDelay: duration('5m'), developer: { diff --git a/x-pack/solutions/security/plugins/security_solution/server/config.ts b/x-pack/solutions/security/plugins/security_solution/server/config.ts index c46140438a0da..8b31a21f1e221 100644 --- a/x-pack/solutions/security/plugins/security_solution/server/config.ts +++ b/x-pack/solutions/security/plugins/security_solution/server/config.ts @@ -181,7 +181,6 @@ export const configSchema = schema.object({ developer: schema.object({ pipelineDebugMode: schema.boolean({ defaultValue: false }), }), - timestampField: schema.string({ defaultValue: '@timestamp' }), }), }), }); diff --git a/x-pack/solutions/security/plugins/security_solution/server/lib/entity_analytics/entity_store/installation/engine_description.test.ts b/x-pack/solutions/security/plugins/security_solution/server/lib/entity_analytics/entity_store/installation/engine_description.test.ts index 55f014a5cce20..480dadf676f3c 100644 --- a/x-pack/solutions/security/plugins/security_solution/server/lib/entity_analytics/entity_store/installation/engine_description.test.ts +++ b/x-pack/solutions/security/plugins/security_solution/server/lib/entity_analytics/entity_store/installation/engine_description.test.ts @@ -23,7 +23,6 @@ describe('getUnitedEntityDefinition', () => { syncDelay: duration(60, 'seconds'), frequency: duration(60, 'seconds'), developer: { pipelineDebugMode: false }, - timestampField: '@timestamp', }, }); @@ -274,7 +273,6 @@ describe('getUnitedEntityDefinition', () => { syncDelay: duration(60, 'seconds'), frequency: duration(60, 'seconds'), developer: { pipelineDebugMode: false }, - timestampField: '@timestamp', }, }); @@ -491,7 +489,6 @@ describe('getUnitedEntityDefinition', () => { syncDelay: duration(60, 'seconds'), frequency: duration(60, 'seconds'), developer: { pipelineDebugMode: false }, - timestampField: '@timestamp', }, }); From 6e07f95160dcb138ddc59bdef2523d49ba69463e Mon Sep 17 00:00:00 2001 From: kibanamachine <42973632+kibanamachine@users.noreply.github.com> Date: Wed, 29 Jan 2025 20:44:47 +0000 Subject: [PATCH 12/14] [CI] Auto-commit changed files from 'yarn openapi:bundle' --- ...ty_analytics_api_2023_10_31.bundled.schema.yaml | 14 +------------- ...ty_analytics_api_2023_10_31.bundled.schema.yaml | 14 +------------- 2 files changed, 2 insertions(+), 26 deletions(-) diff --git a/x-pack/solutions/security/plugins/security_solution/docs/openapi/ess/security_solution_entity_analytics_api_2023_10_31.bundled.schema.yaml b/x-pack/solutions/security/plugins/security_solution/docs/openapi/ess/security_solution_entity_analytics_api_2023_10_31.bundled.schema.yaml index 5bef7b69b1a39..d2186eb49f698 100644 --- a/x-pack/solutions/security/plugins/security_solution/docs/openapi/ess/security_solution_entity_analytics_api_2023_10_31.bundled.schema.yaml +++ b/x-pack/solutions/security/plugins/security_solution/docs/openapi/ess/security_solution_entity_analytics_api_2023_10_31.bundled.schema.yaml @@ -463,24 +463,12 @@ paths: post: operationId: StartEntityEngine parameters: - - description: The entity type of the engine (either 'user' or 'host'). + - description: The entity type of the engine in: path name: entityType required: true schema: $ref: '#/components/schemas/EntityType' - requestBody: - content: - application/json: - schema: - type: object - properties: - timestampField: - default: '@timestamp' - description: The field to use as the timestamp for the entity type. - type: string - description: Schema for the engine start - required: false responses: '200': content: diff --git a/x-pack/solutions/security/plugins/security_solution/docs/openapi/serverless/security_solution_entity_analytics_api_2023_10_31.bundled.schema.yaml b/x-pack/solutions/security/plugins/security_solution/docs/openapi/serverless/security_solution_entity_analytics_api_2023_10_31.bundled.schema.yaml index 3d860c25c53f8..0cd1de8bd7ec4 100644 --- a/x-pack/solutions/security/plugins/security_solution/docs/openapi/serverless/security_solution_entity_analytics_api_2023_10_31.bundled.schema.yaml +++ b/x-pack/solutions/security/plugins/security_solution/docs/openapi/serverless/security_solution_entity_analytics_api_2023_10_31.bundled.schema.yaml @@ -463,24 +463,12 @@ paths: post: operationId: StartEntityEngine parameters: - - description: The entity type of the engine (either 'user' or 'host'). + - description: The entity type of the engine in: path name: entityType required: true schema: $ref: '#/components/schemas/EntityType' - requestBody: - content: - application/json: - schema: - type: object - properties: - timestampField: - default: '@timestamp' - description: The field to use as the timestamp for the entity type. - type: string - description: Schema for the engine start - required: false responses: '200': content: From 2175566e14c208b408f501630dfe13ba21bb531e Mon Sep 17 00:00:00 2001 From: kibanamachine <42973632+kibanamachine@users.noreply.github.com> Date: Wed, 29 Jan 2025 20:59:42 +0000 Subject: [PATCH 13/14] [CI] Auto-commit changed files from 'make api-docs' --- oas_docs/output/kibana.serverless.yaml | 14 +------------- oas_docs/output/kibana.yaml | 14 +------------- 2 files changed, 2 insertions(+), 26 deletions(-) diff --git a/oas_docs/output/kibana.serverless.yaml b/oas_docs/output/kibana.serverless.yaml index 0fa4d19526e1e..6361040237af9 100644 --- a/oas_docs/output/kibana.serverless.yaml +++ b/oas_docs/output/kibana.serverless.yaml @@ -9950,24 +9950,12 @@ paths: post: operationId: StartEntityEngine parameters: - - description: The entity type of the engine (either 'user' or 'host'). + - description: The entity type of the engine in: path name: entityType required: true schema: $ref: '#/components/schemas/Security_Entity_Analytics_API_EntityType' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - timestampField: - default: '@timestamp' - description: The field to use as the timestamp for the entity type. - type: string - description: Schema for the engine start - required: false responses: '200': content: diff --git a/oas_docs/output/kibana.yaml b/oas_docs/output/kibana.yaml index 377e640804dfb..6b0092669e5c6 100644 --- a/oas_docs/output/kibana.yaml +++ b/oas_docs/output/kibana.yaml @@ -12035,24 +12035,12 @@ paths: post: operationId: StartEntityEngine parameters: - - description: The entity type of the engine (either 'user' or 'host'). + - description: The entity type of the engine in: path name: entityType required: true schema: $ref: '#/components/schemas/Security_Entity_Analytics_API_EntityType' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - timestampField: - default: '@timestamp' - description: The field to use as the timestamp for the entity type. - type: string - description: Schema for the engine start - required: false responses: '200': content: From bd94162c7fb48955fcc5e029b0ebdb570b11ab61 Mon Sep 17 00:00:00 2001 From: Mark Hopkin Date: Wed, 29 Jan 2025 21:14:53 +0000 Subject: [PATCH 14/14] remove body from start calls in tests --- .../entity_store/trial_license_complete_tier/entity_store.ts | 1 - .../entity_store_nondefault_spaces.ts | 1 - 2 files changed, 2 deletions(-) diff --git a/x-pack/test/security_solution_api_integration/test_suites/entity_analytics/entity_store/trial_license_complete_tier/entity_store.ts b/x-pack/test/security_solution_api_integration/test_suites/entity_analytics/entity_store/trial_license_complete_tier/entity_store.ts index 3258da501fef1..5706dddef75e1 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/entity_analytics/entity_store/trial_license_complete_tier/entity_store.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/entity_analytics/entity_store/trial_license_complete_tier/entity_store.ts @@ -162,7 +162,6 @@ export default ({ getService }: FtrProviderContext) => { await api .startEntityEngine({ params: { entityType: 'host' }, - body: {}, }) .expect(200); diff --git a/x-pack/test/security_solution_api_integration/test_suites/entity_analytics/entity_store/trial_license_complete_tier/entity_store_nondefault_spaces.ts b/x-pack/test/security_solution_api_integration/test_suites/entity_analytics/entity_store/trial_license_complete_tier/entity_store_nondefault_spaces.ts index f8ac4ff4785bb..d9e2001286359 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/entity_analytics/entity_store/trial_license_complete_tier/entity_store_nondefault_spaces.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/entity_analytics/entity_store/trial_license_complete_tier/entity_store_nondefault_spaces.ts @@ -159,7 +159,6 @@ export default ({ getService }: FtrProviderContextWithSpaces) => { .startEntityEngine( { params: { entityType: 'host' }, - body: {}, }, namespace )