Skip to content

Commit

Permalink
[7.x] [Security Solution] Cleanup endpoint telemetry (#71950) (#72477)
Browse files Browse the repository at this point in the history
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
  • Loading branch information
michaelolo24 and elasticmachine authored Jul 20, 2020
1 parent a20a807 commit b2cb216
Show file tree
Hide file tree
Showing 5 changed files with 480 additions and 169 deletions.
2 changes: 1 addition & 1 deletion x-pack/plugins/security_solution/server/usage/collector.ts
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@ import { EndpointUsage, getEndpointTelemetryFromFleet } from './endpoints';
export type RegisterCollector = (deps: CollectorDependencies) => void;
export interface UsageData {
detections: DetectionsUsage;
endpoints: EndpointUsage;
endpoints: EndpointUsage | {};
}

export async function getInternalSavedObjectsClient(core: CoreSetup) {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,7 @@ import { FLEET_ENDPOINT_PACKAGE_CONSTANT } from './fleet_saved_objects';

const testAgentId = 'testAgentId';
const testConfigId = 'testConfigId';
const testHostId = 'randoHostId';

/** Mock OS Platform for endpoint telemetry */
export const MockOSPlatform = 'somePlatform';
Expand All @@ -30,6 +31,7 @@ export const MockOSFullName = 'somePlatformFullName';
* @description We request the install and OS related telemetry information from the 'fleet-agents' saved objects in ingest_manager. This mocks that response
*/
export const mockFleetObjectsResponse = (
hasDuplicates = true,
lastCheckIn = new Date().toISOString()
): SavedObjectsFindResponse<Agent> => ({
page: 1,
Expand All @@ -56,7 +58,44 @@ export const mockFleetObjectsResponse = (
host: {
hostname: 'testDesktop',
name: 'testDesktop',
id: 'randoHostId',
id: testHostId,
},
os: {
platform: MockOSPlatform,
version: MockOSVersion,
name: MockOSName,
full: MockOSFullName,
},
},
packages: [FLEET_ENDPOINT_PACKAGE_CONSTANT, 'system'],
last_checkin: lastCheckIn,
},
references: [],
updated_at: lastCheckIn,
version: 'WzI4MSwxXQ==',
score: 0,
},
{
type: AGENT_SAVED_OBJECT_TYPE,
id: testAgentId,
attributes: {
active: true,
id: 'oldTestAgentId',
config_id: 'randoConfigId',
type: 'PERMANENT',
user_provided_metadata: {},
enrolled_at: lastCheckIn,
current_error_events: [],
local_metadata: {
elastic: {
agent: {
id: 'oldTestAgentId',
},
},
host: {
hostname: 'testDesktop',
name: 'testDesktop',
id: hasDuplicates ? testHostId : 'oldRandoHostId',
},
os: {
platform: MockOSPlatform,
Expand All @@ -76,7 +115,10 @@ export const mockFleetObjectsResponse = (
],
});

const mockPolicyPayload = (malwareStatus: 'success' | 'warning' | 'failure') =>
const mockPolicyPayload = (
policyStatus: 'success' | 'warning' | 'failure',
policyMode: 'prevent' | 'detect' | 'off' = 'prevent'
) =>
JSON.stringify({
'endpoint-security': {
Endpoint: {
Expand Down Expand Up @@ -105,7 +147,7 @@ const mockPolicyPayload = (malwareStatus: 'success' | 'warning' | 'failure') =>
file: 'info',
},
malware: {
mode: 'prevent',
mode: policyMode,
},
},
windows: {
Expand All @@ -122,7 +164,7 @@ const mockPolicyPayload = (malwareStatus: 'success' | 'warning' | 'failure') =>
file: 'info',
},
malware: {
mode: 'prevent',
mode: policyMode,
},
},
},
Expand Down Expand Up @@ -151,11 +193,11 @@ const mockPolicyPayload = (malwareStatus: 'success' | 'warning' | 'failure') =>
'detect_file_open_events',
'detect_sync_image_load_events',
],
status: `${malwareStatus}`,
status: `${policyStatus}`,
},
},
},
status: `${malwareStatus}`,
status: `${policyStatus}`,
},
},
},
Expand Down Expand Up @@ -186,7 +228,9 @@ const mockPolicyPayload = (malwareStatus: 'success' | 'warning' | 'failure') =>
*/
export const mockFleetEventsObjectsResponse = (
running?: boolean,
updatedDate = new Date().toISOString()
updatedDate = new Date().toISOString(),
policyStatus: 'success' | 'failure' = running ? 'success' : 'failure',
policyMode: 'prevent' | 'detect' | 'off' = 'prevent'
): SavedObjectsFindResponse<AgentEventSOAttributes> => {
return {
page: 1,
Expand All @@ -204,7 +248,7 @@ export const mockFleetEventsObjectsResponse = (
message: `Application: endpoint-security--8.0.0[d8f7f6e8-9375-483c-b456-b479f1d7a4f2]: State changed to ${
running ? 'RUNNING' : 'FAILED'
}: `,
payload: mockPolicyPayload(running ? 'success' : 'failure'),
payload: running ? mockPolicyPayload(policyStatus, policyMode) : undefined,
config_id: testConfigId,
},
references: [],
Expand Down
Loading

0 comments on commit b2cb216

Please sign in to comment.