Skip to content

Commit

Permalink
[Security Solution] Init Osquery plugin (#87109)
Browse files Browse the repository at this point in the history
  • Loading branch information
patrykkopycinski authored Jan 28, 2021
1 parent 9b5e41a commit d7028e1
Show file tree
Hide file tree
Showing 107 changed files with 4,618 additions and 0 deletions.
26 changes: 26 additions & 0 deletions .eslintrc.js
Original file line number Diff line number Diff line change
Expand Up @@ -1192,6 +1192,32 @@ module.exports = {
},
},

/**
* Osquery overrides
*/
{
extends: ['eslint:recommended', 'plugin:react/recommended'],
plugins: ['react'],
files: ['x-pack/plugins/osquery/**/*.{js,mjs,ts,tsx}'],
rules: {
'arrow-body-style': ['error', 'as-needed'],
'prefer-arrow-callback': 'error',
'no-unused-vars': 'off',
'react/prop-types': 'off',
},
},
{
// typescript and javascript for front end react performance
files: ['x-pack/plugins/osquery/public/**/!(*.test).{js,mjs,ts,tsx}'],
plugins: ['react', 'react-perf'],
rules: {
'react-perf/jsx-no-new-object-as-prop': 'error',
'react-perf/jsx-no-new-array-as-prop': 'error',
'react-perf/jsx-no-new-function-as-prop': 'error',
'react/jsx-no-bind': 'error',
},
},

/**
* Prettier disables all conflicting rules, listing as last override so it takes precedence
*/
Expand Down
3 changes: 3 additions & 0 deletions .github/CODEOWNERS
Validating CODEOWNERS rules …
Original file line number Diff line number Diff line change
Expand Up @@ -330,6 +330,9 @@ x-pack/plugins/telemetry_collection_xpack/schema/xpack_plugins.json @elastic/kib
# Security Intelligence And Analytics
/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules @elastic/security-intelligence-analytics

# Security Asset Management
/x-pack/plugins/osquery @elastic/security-asset-management

# Design (at the bottom for specificity of SASS files)
**/*.scss @elastic/kibana-design
#CC# /packages/kbn-ui-framework/ @elastic/kibana-design
Expand Down
4 changes: 4 additions & 0 deletions docs/developer/plugin-list.asciidoc
Original file line number Diff line number Diff line change
Expand Up @@ -460,6 +460,10 @@ Elastic.
|This plugin provides shared components and services for use across observability solutions, as well as the observability landing page UI.
|{kib-repo}blob/{branch}/x-pack/plugins/osquery/README.md[osquery]
|This plugin adds extended support to Security Solution Fleet Osquery integration
|{kib-repo}blob/{branch}/x-pack/plugins/painless_lab/README.md[painlessLab]
|This plugin helps users learn how to use the Painless scripting language.
Expand Down
1 change: 1 addition & 0 deletions packages/kbn-optimizer/limits.yml
Original file line number Diff line number Diff line change
Expand Up @@ -103,4 +103,5 @@ pageLoadAssetSize:
stackAlerts: 29684
presentationUtil: 28545
spacesOss: 18817
osquery: 107090
mapsFileUpload: 23775
1 change: 1 addition & 0 deletions x-pack/.i18nrc.json
Original file line number Diff line number Diff line change
Expand Up @@ -38,6 +38,7 @@
"xpack.maps": ["plugins/maps"],
"xpack.ml": ["plugins/ml"],
"xpack.monitoring": ["plugins/monitoring"],
"xpack.osquery": ["plugins/osquery"],
"xpack.painlessLab": "plugins/painless_lab",
"xpack.remoteClusters": "plugins/remote_clusters",
"xpack.reporting": ["plugins/reporting"],
Expand Down
9 changes: 9 additions & 0 deletions x-pack/plugins/osquery/README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
# osquery

This plugin adds extended support to Security Solution Fleet Osquery integration

---

## Development

See the [kibana contributing guide](https://github.com/elastic/kibana/blob/master/CONTRIBUTING.md) for instructions setting up your development environment.
8 changes: 8 additions & 0 deletions x-pack/plugins/osquery/common/constants.ts
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License;
* you may not use this file except in compliance with the Elastic License.
*/

export const DEFAULT_MAX_TABLE_QUERY_SIZE = 10000;
export const DEFAULT_DARK_MODE = 'theme:darkMode';
9 changes: 9 additions & 0 deletions x-pack/plugins/osquery/common/ecs/agent/index.ts
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License;
* you may not use this file except in compliance with the Elastic License.
*/

export interface AgentEcs {
type?: string[];
}
33 changes: 33 additions & 0 deletions x-pack/plugins/osquery/common/ecs/auditd/index.ts
Original file line number Diff line number Diff line change
@@ -0,0 +1,33 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License;
* you may not use this file except in compliance with the Elastic License.
*/

export interface AuditdEcs {
result?: string[];
session?: string[];
data?: AuditdDataEcs;
summary?: SummaryEcs;
sequence?: string[];
}

export interface AuditdDataEcs {
acct?: string[];
terminal?: string[];
op?: string[];
}

export interface SummaryEcs {
actor?: PrimarySecondaryEcs;
object?: PrimarySecondaryEcs;
how?: string[];
message_type?: string[];
sequence?: string[];
}

export interface PrimarySecondaryEcs {
primary?: string[];
secondary?: string[];
type?: string[];
}
20 changes: 20 additions & 0 deletions x-pack/plugins/osquery/common/ecs/cloud/index.ts
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License;
* you may not use this file except in compliance with the Elastic License.
*/

export interface CloudEcs {
instance?: CloudInstanceEcs;
machine?: CloudMachineEcs;
provider?: string[];
region?: string[];
}

export interface CloudMachineEcs {
type?: string[];
}

export interface CloudInstanceEcs {
id?: string[];
}
16 changes: 16 additions & 0 deletions x-pack/plugins/osquery/common/ecs/destination/index.ts
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License;
* you may not use this file except in compliance with the Elastic License.
*/

import { GeoEcs } from '../geo';

export interface DestinationEcs {
bytes?: number[];
ip?: string[];
port?: number[];
domain?: string[];
geo?: GeoEcs;
packets?: number[];
}
16 changes: 16 additions & 0 deletions x-pack/plugins/osquery/common/ecs/dns/index.ts
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License;
* you may not use this file except in compliance with the Elastic License.
*/

export interface DnsEcs {
question?: DnsQuestionEcs;
resolved_ip?: string[];
response_code?: string[];
}

export interface DnsQuestionEcs {
name?: string[];
type?: string[];
}
56 changes: 56 additions & 0 deletions x-pack/plugins/osquery/common/ecs/ecs_fields/extend_map.test.ts
Original file line number Diff line number Diff line change
@@ -0,0 +1,56 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License;
* you may not use this file except in compliance with the Elastic License.
*/

import { extendMap } from './extend_map';

describe('ecs_fields test', () => {
describe('extendMap', () => {
test('it should extend a record', () => {
const osFieldsMap: Readonly<Record<string, string>> = {
'os.platform': 'os.platform',
'os.full': 'os.full',
'os.family': 'os.family',
'os.version': 'os.version',
'os.kernel': 'os.kernel',
};
const expected: Record<string, string> = {
'host.os.family': 'host.os.family',
'host.os.full': 'host.os.full',
'host.os.kernel': 'host.os.kernel',
'host.os.platform': 'host.os.platform',
'host.os.version': 'host.os.version',
};
expect(extendMap('host', osFieldsMap)).toEqual(expected);
});

test('it should extend a sample hosts record', () => {
const hostMap: Record<string, string> = {
'host.id': 'host.id',
'host.ip': 'host.ip',
'host.name': 'host.name',
};
const osFieldsMap: Readonly<Record<string, string>> = {
'os.platform': 'os.platform',
'os.full': 'os.full',
'os.family': 'os.family',
'os.version': 'os.version',
'os.kernel': 'os.kernel',
};
const expected: Record<string, string> = {
'host.id': 'host.id',
'host.ip': 'host.ip',
'host.name': 'host.name',
'host.os.family': 'host.os.family',
'host.os.full': 'host.os.full',
'host.os.kernel': 'host.os.kernel',
'host.os.platform': 'host.os.platform',
'host.os.version': 'host.os.version',
};
const output = { ...hostMap, ...extendMap('host', osFieldsMap) };
expect(output).toEqual(expected);
});
});
});
14 changes: 14 additions & 0 deletions x-pack/plugins/osquery/common/ecs/ecs_fields/extend_map.ts
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License;
* you may not use this file except in compliance with the Elastic License.
*/

export const extendMap = (
path: string,
map: Readonly<Record<string, string>>
): Readonly<Record<string, string>> =>
Object.entries(map).reduce<Record<string, string>>((accum, [key, value]) => {
accum[`${path}.${key}`] = `${path}.${value}`;
return accum;
}, {});
Loading

0 comments on commit d7028e1

Please sign in to comment.