From cbe8f007957b54f9a24029a613cbc3eb385bb2ca Mon Sep 17 00:00:00 2001 From: Ryland Herrick Date: Tue, 14 Jul 2020 21:27:57 -0500 Subject: [PATCH] [Security Solution][Detections] Associate Endpoint Exceptions List to Rule during rule creation/update (#71794) * Add checkbox to associate rule with global endpoint exception list This works on creation, now we need edit. * Fix DomNesting error on ML Card Description EuiText generates a div, but this is inside of an EuiCard which is a paragraph. Defines a span with equivalent styles, instead. * Change default stack of alerts histogram to signal.rule.name --- .../components/alerts_histogram_panel/index.tsx | 2 +- .../select_rule_type/ml_card_description.tsx | 11 ++++++++--- .../rules/step_about_rule/default_value.ts | 1 + .../rules/step_about_rule/index.test.tsx | 2 ++ .../components/rules/step_about_rule/index.tsx | 16 ++++++++++++++-- .../components/rules/step_about_rule/schema.tsx | 10 ++++++++++ .../rules/step_about_rule/translations.ts | 8 ++++++++ .../detection_engine/rules/all/__mocks__/mock.ts | 1 + .../detection_engine/rules/create/helpers.ts | 8 ++++++++ .../detection_engine/rules/helpers.test.tsx | 4 +++- .../pages/detection_engine/rules/helpers.tsx | 2 ++ .../pages/detection_engine/rules/types.ts | 3 +++ 12 files changed, 61 insertions(+), 7 deletions(-) diff --git a/x-pack/plugins/security_solution/public/detections/components/alerts_histogram_panel/index.tsx b/x-pack/plugins/security_solution/public/detections/components/alerts_histogram_panel/index.tsx index ba12499b8f20e..560c092d12076 100644 --- a/x-pack/plugins/security_solution/public/detections/components/alerts_histogram_panel/index.tsx +++ b/x-pack/plugins/security_solution/public/detections/components/alerts_histogram_panel/index.tsx @@ -83,7 +83,7 @@ const NO_LEGEND_DATA: LegendItem[] = []; export const AlertsHistogramPanel = memo( ({ chartHeight, - defaultStackByOption = alertsHistogramOptions[0], + defaultStackByOption = alertsHistogramOptions[8], // signal.rule.name deleteQuery, filters, headerChildren, diff --git a/x-pack/plugins/security_solution/public/detections/components/rules/select_rule_type/ml_card_description.tsx b/x-pack/plugins/security_solution/public/detections/components/rules/select_rule_type/ml_card_description.tsx index 2171c93e47d63..79096c002f543 100644 --- a/x-pack/plugins/security_solution/public/detections/components/rules/select_rule_type/ml_card_description.tsx +++ b/x-pack/plugins/security_solution/public/detections/components/rules/select_rule_type/ml_card_description.tsx @@ -5,7 +5,8 @@ */ import { FormattedMessage } from '@kbn/i18n/react'; -import { EuiText, EuiLink } from '@elastic/eui'; +import { EuiLink } from '@elastic/eui'; +import styled from 'styled-components'; import React from 'react'; import { ML_TYPE_DESCRIPTION } from './translations'; @@ -15,11 +16,15 @@ interface MlCardDescriptionProps { hasValidLicense?: boolean; } +const SmallText = styled.span` + font-size: ${({ theme }) => theme.eui.euiFontSizeS}; +`; + const MlCardDescriptionComponent: React.FC = ({ subscriptionUrl, hasValidLicense = false, }) => ( - + {hasValidLicense ? ( ML_TYPE_DESCRIPTION ) : ( @@ -38,7 +43,7 @@ const MlCardDescriptionComponent: React.FC = ({ }} /> )} - + ); MlCardDescriptionComponent.displayName = 'MlCardDescriptionComponent'; diff --git a/x-pack/plugins/security_solution/public/detections/components/rules/step_about_rule/default_value.ts b/x-pack/plugins/security_solution/public/detections/components/rules/step_about_rule/default_value.ts index 060a2183eb06e..f5d61553b595b 100644 --- a/x-pack/plugins/security_solution/public/detections/components/rules/step_about_rule/default_value.ts +++ b/x-pack/plugins/security_solution/public/detections/components/rules/step_about_rule/default_value.ts @@ -18,6 +18,7 @@ export const stepAboutDefaultValue: AboutStepRule = { author: [], name: '', description: '', + isAssociatedToEndpointList: false, isBuildingBlock: false, isNew: true, severity: { value: 'low', mapping: [] }, diff --git a/x-pack/plugins/security_solution/public/detections/components/rules/step_about_rule/index.test.tsx b/x-pack/plugins/security_solution/public/detections/components/rules/step_about_rule/index.test.tsx index b21c54a0b6131..9b2e0069f0ac0 100644 --- a/x-pack/plugins/security_solution/public/detections/components/rules/step_about_rule/index.test.tsx +++ b/x-pack/plugins/security_solution/public/detections/components/rules/step_about_rule/index.test.tsx @@ -165,6 +165,7 @@ describe('StepAboutRuleComponent', () => { await wait(); const expected: Omit = { author: [], + isAssociatedToEndpointList: false, isBuildingBlock: false, license: '', ruleNameOverride: '', @@ -223,6 +224,7 @@ describe('StepAboutRuleComponent', () => { await wait(); const expected: Omit = { author: [], + isAssociatedToEndpointList: false, isBuildingBlock: false, license: '', ruleNameOverride: '', diff --git a/x-pack/plugins/security_solution/public/detections/components/rules/step_about_rule/index.tsx b/x-pack/plugins/security_solution/public/detections/components/rules/step_about_rule/index.tsx index 3616643874a0a..4d91460bfd2c8 100644 --- a/x-pack/plugins/security_solution/public/detections/components/rules/step_about_rule/index.tsx +++ b/x-pack/plugins/security_solution/public/detections/components/rules/step_about_rule/index.tsx @@ -282,7 +282,20 @@ const StepAboutRuleComponent: FC = ({ }} /> - + + + + = ({ euiFieldProps: { fullWidth: true, isDisabled: isLoading, - placeholder: '', }, }} /> diff --git a/x-pack/plugins/security_solution/public/detections/components/rules/step_about_rule/schema.tsx b/x-pack/plugins/security_solution/public/detections/components/rules/step_about_rule/schema.tsx index 309557e5c9421..f178923df5915 100644 --- a/x-pack/plugins/security_solution/public/detections/components/rules/step_about_rule/schema.tsx +++ b/x-pack/plugins/security_solution/public/detections/components/rules/step_about_rule/schema.tsx @@ -91,6 +91,16 @@ export const schema: FormSchema = { ), labelAppend: OptionalFieldLabel, }, + isAssociatedToEndpointList: { + type: FIELD_TYPES.CHECKBOX, + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.createRule.stepAboutRule.fieldAssociatedToEndpointListLabel', + { + defaultMessage: 'Associate rule to Global Endpoint Exception List', + } + ), + labelAppend: OptionalFieldLabel, + }, severity: { value: { type: FIELD_TYPES.SUPER_SELECT, diff --git a/x-pack/plugins/security_solution/public/detections/components/rules/step_about_rule/translations.ts b/x-pack/plugins/security_solution/public/detections/components/rules/step_about_rule/translations.ts index 3a5aa3c56c3df..939747717385c 100644 --- a/x-pack/plugins/security_solution/public/detections/components/rules/step_about_rule/translations.ts +++ b/x-pack/plugins/security_solution/public/detections/components/rules/step_about_rule/translations.ts @@ -26,6 +26,14 @@ export const ADD_FALSE_POSITIVE = i18n.translate( defaultMessage: 'Add false positive example', } ); + +export const GLOBAL_ENDPOINT_EXCEPTION_LIST = i18n.translate( + 'xpack.securitySolution.detectionEngine.createRule.stepAboutRuleForm.endpointExceptionListLabel', + { + defaultMessage: 'Global endpoint exception list', + } +); + export const BUILDING_BLOCK = i18n.translate( 'xpack.securitySolution.detectionEngine.createRule.stepAboutRuleForm.buildingBlockLabel', { diff --git a/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/all/__mocks__/mock.ts b/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/all/__mocks__/mock.ts index 5d84cf5314029..10d969ae7e6e8 100644 --- a/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/all/__mocks__/mock.ts +++ b/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/all/__mocks__/mock.ts @@ -167,6 +167,7 @@ export const mockRuleWithEverything = (id: string): Rule => ({ export const mockAboutStepRule = (isNew = false): AboutStepRule => ({ isNew, author: ['Elastic'], + isAssociatedToEndpointList: false, isBuildingBlock: false, timestampOverride: '', ruleNameOverride: '', diff --git a/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/create/helpers.ts b/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/create/helpers.ts index c419dd142cfbe..226fa5313e34f 100644 --- a/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/create/helpers.ts +++ b/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/create/helpers.ts @@ -153,6 +153,7 @@ export const formatAboutStepData = (aboutStepData: AboutStepRule): AboutStepRule riskScore, severity, threat, + isAssociatedToEndpointList, isBuildingBlock, isNew, note, @@ -163,6 +164,13 @@ export const formatAboutStepData = (aboutStepData: AboutStepRule): AboutStepRule const resp = { author: author.filter((item) => !isEmpty(item)), ...(isBuildingBlock ? { building_block_type: 'default' } : {}), + ...(isAssociatedToEndpointList + ? { + exceptions_list: [ + { id: 'endpoint_list', namespace_type: 'agnostic', type: 'endpoint' }, + ] as AboutStepRuleJson['exceptions_list'], + } + : {}), false_positives: falsePositives.filter((item) => !isEmpty(item)), references: references.filter((item) => !isEmpty(item)), risk_score: riskScore.value, diff --git a/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/helpers.test.tsx b/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/helpers.test.tsx index 590643f8236ee..c01317e4f48c5 100644 --- a/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/helpers.test.tsx +++ b/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/helpers.test.tsx @@ -83,10 +83,12 @@ describe('rule helpers', () => { title: 'Titled timeline', }, }; - const aboutRuleStepData = { + + const aboutRuleStepData: AboutStepRule = { author: [], description: '24/7', falsePositives: ['test'], + isAssociatedToEndpointList: false, isBuildingBlock: false, isNew: false, license: 'Elastic License', diff --git a/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/helpers.tsx b/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/helpers.tsx index 6541b92f575c1..5df711ea7cd8e 100644 --- a/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/helpers.tsx +++ b/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/helpers.tsx @@ -122,6 +122,7 @@ export const getAboutStepsData = (rule: Rule, detailsView: boolean): AboutStepRu const { author, building_block_type: buildingBlockType, + exceptions_list: exceptionsList, license, risk_score_mapping: riskScoreMapping, rule_name_override: ruleNameOverride, @@ -138,6 +139,7 @@ export const getAboutStepsData = (rule: Rule, detailsView: boolean): AboutStepRu return { isNew: false, author, + isAssociatedToEndpointList: exceptionsList?.some(({ id }) => id === 'endpoint_list') ?? false, isBuildingBlock: buildingBlockType !== undefined, license: license ?? '', ruleNameOverride: ruleNameOverride ?? '', diff --git a/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/types.ts b/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/types.ts index b501536e5b387..23715a88efc7b 100644 --- a/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/types.ts +++ b/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/types.ts @@ -20,6 +20,7 @@ import { SeverityMapping, TimestampOverride, } from '../../../../../common/detection_engine/schemas/common/schemas'; +import { List } from '../../../../../common/detection_engine/schemas/types'; export interface EuiBasicTableSortTypes { field: string; @@ -65,6 +66,7 @@ export interface AboutStepRule extends StepRuleData { author: string[]; name: string; description: string; + isAssociatedToEndpointList: boolean; isBuildingBlock: boolean; severity: AboutStepSeverity; riskScore: AboutStepRiskScore; @@ -136,6 +138,7 @@ export interface DefineStepRuleJson { export interface AboutStepRuleJson { author: Author; building_block_type?: BuildingBlockType; + exceptions_list?: List[]; name: string; description: string; license: License;