From 5320f9c60d99e64d511573e53803fb2ba117ea98 Mon Sep 17 00:00:00 2001 From: Davis Plumlee Date: Mon, 30 Mar 2020 14:39:23 -0400 Subject: [PATCH 1/4] first rendition --- .../details/metadata/host_accordion.tsx | 36 ++++++++++++++----- 1 file changed, 27 insertions(+), 9 deletions(-) diff --git a/x-pack/plugins/endpoint/public/applications/endpoint/view/alerts/details/metadata/host_accordion.tsx b/x-pack/plugins/endpoint/public/applications/endpoint/view/alerts/details/metadata/host_accordion.tsx index edaba3725e027..8abd112255de0 100644 --- a/x-pack/plugins/endpoint/public/applications/endpoint/view/alerts/details/metadata/host_accordion.tsx +++ b/x-pack/plugins/endpoint/public/applications/endpoint/view/alerts/details/metadata/host_accordion.tsx @@ -6,32 +6,50 @@ import React, { memo, useMemo } from 'react'; import { i18n } from '@kbn/i18n'; import { EuiAccordion, EuiDescriptionList } from '@elastic/eui'; -import { Immutable, AlertData } from '../../../../../../../common/types'; +import { Immutable, AlertDetails } from '../../../../../../../common/types'; -export const HostAccordion = memo(({ alertData }: { alertData: Immutable }) => { +export const HostAccordion = memo(({ alertData }: { alertData: Immutable }) => { const columns = useMemo(() => { return [ { - title: i18n.translate('xpack.endpoint.application.endpoint.alertDetails.hostName', { - defaultMessage: 'Host Name', + title: i18n.translate('xpack.endpoint.application.endpoint.alertDetails.hostNameCurrent', { + defaultMessage: 'Host Name (Current)', + }), + description: alertData.state.host_metadata.host.hostname, + }, + { + title: i18n.translate('xpack.endpoint.application.endpoint.alertDetails.hostNameOriginal', { + defaultMessage: 'Host Name (At time of alert)', }), description: alertData.host.hostname, }, { - title: i18n.translate('xpack.endpoint.application.endpoint.alertDetails.hostIP', { - defaultMessage: 'Host IP', + title: i18n.translate('xpack.endpoint.application.endpoint.alertDetails.hostIPCurrent', { + defaultMessage: 'Host IP (Current)', + }), + description: alertData.state.host_metadata.host.ip.join(', '), + }, + { + title: i18n.translate('xpack.endpoint.application.endpoint.alertDetails.hostIPOriginal', { + defaultMessage: 'Host IP (At time of alert)', }), description: alertData.host.ip.join(', '), }, { title: i18n.translate('xpack.endpoint.application.endpoint.alertDetails.status', { - defaultMessage: 'Status', + defaultMessage: 'Status (Current)', }), description: 'TODO', }, { - title: i18n.translate('xpack.endpoint.application.endpoint.alertDetails.os', { - defaultMessage: 'OS', + title: i18n.translate('xpack.endpoint.application.endpoint.alertDetails.osCurrent', { + defaultMessage: 'OS (Current)', + }), + description: alertData.state.host_metadata.host.os.name, + }, + { + title: i18n.translate('xpack.endpoint.application.endpoint.alertDetails.osOriginal', { + defaultMessage: 'OS (At time of alert)', }), description: alertData.host.os.name, }, From 0023c3af2bd693ea5f2e749c420bf073886ff395 Mon Sep 17 00:00:00 2001 From: Davis Plumlee Date: Mon, 30 Mar 2020 18:01:07 -0400 Subject: [PATCH 2/4] adds hardcoded status --- .../alerts/details/metadata/host_accordion.tsx | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/x-pack/plugins/endpoint/public/applications/endpoint/view/alerts/details/metadata/host_accordion.tsx b/x-pack/plugins/endpoint/public/applications/endpoint/view/alerts/details/metadata/host_accordion.tsx index 8abd112255de0..036153329a941 100644 --- a/x-pack/plugins/endpoint/public/applications/endpoint/view/alerts/details/metadata/host_accordion.tsx +++ b/x-pack/plugins/endpoint/public/applications/endpoint/view/alerts/details/metadata/host_accordion.tsx @@ -6,6 +6,8 @@ import React, { memo, useMemo } from 'react'; import { i18n } from '@kbn/i18n'; import { EuiAccordion, EuiDescriptionList } from '@elastic/eui'; +import { EuiHealth, EuiText } from '@elastic/eui'; +import { FormattedMessage } from '@kbn/i18n/react'; import { Immutable, AlertDetails } from '../../../../../../../common/types'; export const HostAccordion = memo(({ alertData }: { alertData: Immutable }) => { @@ -37,9 +39,17 @@ export const HostAccordion = memo(({ alertData }: { alertData: Immutable + {' '} + + + ), }, { title: i18n.translate('xpack.endpoint.application.endpoint.alertDetails.osCurrent', { From 1f78123f2624a26c31bfdd39bc8cb58b65703dfc Mon Sep 17 00:00:00 2001 From: Davis Plumlee Date: Thu, 2 Apr 2020 02:17:44 -0400 Subject: [PATCH 3/4] adds alert version of host archive --- .../details/metadata/host_accordion.tsx | 2 +- .../test/functional/apps/endpoint/alerts.ts | 2 + .../alerts/host_api_feature/data.json.gz | Bin 0 -> 732 bytes .../alerts/host_api_feature/mappings.json | 156 ++++++++++++++++++ 4 files changed, 159 insertions(+), 1 deletion(-) create mode 100644 x-pack/test/functional/es_archives/endpoint/alerts/host_api_feature/data.json.gz create mode 100644 x-pack/test/functional/es_archives/endpoint/alerts/host_api_feature/mappings.json diff --git a/x-pack/plugins/endpoint/public/applications/endpoint/view/alerts/details/metadata/host_accordion.tsx b/x-pack/plugins/endpoint/public/applications/endpoint/view/alerts/details/metadata/host_accordion.tsx index 036153329a941..3f9fb8dd95ace 100644 --- a/x-pack/plugins/endpoint/public/applications/endpoint/view/alerts/details/metadata/host_accordion.tsx +++ b/x-pack/plugins/endpoint/public/applications/endpoint/view/alerts/details/metadata/host_accordion.tsx @@ -6,7 +6,7 @@ import React, { memo, useMemo } from 'react'; import { i18n } from '@kbn/i18n'; import { EuiAccordion, EuiDescriptionList } from '@elastic/eui'; -import { EuiHealth, EuiText } from '@elastic/eui'; +import { EuiHealth } from '@elastic/eui'; import { FormattedMessage } from '@kbn/i18n/react'; import { Immutable, AlertDetails } from '../../../../../../../common/types'; diff --git a/x-pack/test/functional/apps/endpoint/alerts.ts b/x-pack/test/functional/apps/endpoint/alerts.ts index 759574702c0f1..6a5a5cb5c32ad 100644 --- a/x-pack/test/functional/apps/endpoint/alerts.ts +++ b/x-pack/test/functional/apps/endpoint/alerts.ts @@ -16,6 +16,7 @@ export default function({ getPageObjects, getService }: FtrProviderContext) { this.tags(['ciGroup7']); before(async () => { await esArchiver.load('endpoint/alerts/api_feature'); + await esArchiver.load('endpoint/alerts/host_api_feature'); await pageObjects.common.navigateToUrlWithBrowserHistory('endpoint', '/alerts'); }); it('loads the Alert List Page', async () => { @@ -66,6 +67,7 @@ export default function({ getPageObjects, getService }: FtrProviderContext) { after(async () => { await esArchiver.unload('endpoint/alerts/api_feature'); + await esArchiver.unload('endpoint/alerts/host_api_feature'); }); }); } diff --git a/x-pack/test/functional/es_archives/endpoint/alerts/host_api_feature/data.json.gz b/x-pack/test/functional/es_archives/endpoint/alerts/host_api_feature/data.json.gz new file mode 100644 index 0000000000000000000000000000000000000000..94a96c54ee9cb66afbd74d89be6a774720c8c94e GIT binary patch literal 732 zcmV<20wet&iwFP!000021KpKNPuoBcfbaPgQO=CDJNxi%Pc@W^1FBjf6;)La`%K&> zag-NO#DDKPkdW8`B1A7pu@%qG?9S`kx$Shjz4^@~^geWZzH+^zTCg<3MJ>5aAL+C7 z_3F*}mk~KDj{T=xT%P|v|M4w;U#Zs`V;`<-r7-rBsvOV3^h0{nwZg1gOx@#_N%C=C zj>2qiMw29^LUF=5V}c8Pv{qT|v1PMyC757&upXju0l32)EGH6_betMPaz$+K=+SB! zrn9md*QPRKneII--EEFq`@MVGq#Bm)W=FR1;RFj!G&_Y;R2ujRDWE7g2X(@*;FNzZ z@?y(}WH&aWRhlo$`Jj8cOtF>Yes803*LG^zir-CxnFrrYS<7@#%^H@qWbMIO`VYpA z;$Y;&pT%~n?t^pOdg^Qhn(G|64-_;y1mr4bRx_a#*|DmN_;Wj0N-|2)lama2zMF`8 zjj{|$dUR_^u}sm7a`~8=Ut33wjBB1HQV(dL9D;^a3rqG}RtZlOBZ+qMjZzp^3*)kBjhFol8_Nv=_l!wnR;Jzrj)&g&Nv-nH8-&`Z8`%r5rt+D zgP_1oonWLXOqDJ^W*kLw0G(Q8HJr2sAPP+EW>U7PMU^2F8B+(d$yss`tb>Rk4VVV+ zf`bHM(`5wSL*TC^my+j!P0o`SiTygQp2T&v!5i}GTD%S}{sXUCz07OwqK>&?fXc{p z+0y{lash-0V^Bq^Jb8xKcQ#E^%3i~(yZ$Ts!&I2bo@r`>B7`uITGkgLiK*WWg{Zk> zXgLpByvQq88BKE$5%&z!R0mAI_6oszo-%SUuPW3yS`BDG3Gk}HD*;VXj{v4oTSNUm OM(sbt^Zzdg3jhEPfL<^F literal 0 HcmV?d00001 diff --git a/x-pack/test/functional/es_archives/endpoint/alerts/host_api_feature/mappings.json b/x-pack/test/functional/es_archives/endpoint/alerts/host_api_feature/mappings.json new file mode 100644 index 0000000000000..61ddf3c4e65db --- /dev/null +++ b/x-pack/test/functional/es_archives/endpoint/alerts/host_api_feature/mappings.json @@ -0,0 +1,156 @@ +{ + "type": "index", + "value": { + "aliases": { + }, + "index": "endpoint-agent-1", + "mappings": { + "properties": { + "@timestamp": { + "type": "long" + }, + "agent": { + "properties": { + "id": { + "fields": { + "keyword": { + "ignore_above": 256, + "type": "keyword" + } + }, + "type": "text" + }, + "version": { + "fields": { + "keyword": { + "ignore_above": 256, + "type": "keyword" + } + }, + "type": "text" + } + } + }, + "endpoint": { + "properties": { + "policy": { + "properties": { + "id": { + "fields": { + "keyword": { + "ignore_above": 256, + "type": "keyword" + } + }, + "type": "text" + }, + "name": { + "fields": { + "keyword": { + "ignore_above": 256, + "type": "keyword" + } + }, + "type": "text" + } + } + } + } + }, + "event": { + "properties": { + "created": { + "type": "long" + } + } + }, + "host": { + "properties": { + "hostname": { + "fields": { + "keyword": { + "ignore_above": 256, + "type": "keyword" + } + }, + "type": "text" + }, + "id": { + "fields": { + "keyword": { + "ignore_above": 256, + "type": "keyword" + } + }, + "type": "text" + }, + "ip": { + "fields": { + "keyword": { + "ignore_above": 256, + "type": "keyword" + } + }, + "type": "text" + }, + "mac": { + "fields": { + "keyword": { + "ignore_above": 256, + "type": "keyword" + } + }, + "type": "text" + }, + "os": { + "properties": { + "full": { + "fields": { + "keyword": { + "ignore_above": 256, + "type": "keyword" + } + }, + "type": "text" + }, + "name": { + "fields": { + "keyword": { + "ignore_above": 256, + "type": "keyword" + } + }, + "type": "text" + }, + "variant": { + "fields": { + "keyword": { + "ignore_above": 256, + "type": "keyword" + } + }, + "type": "text" + }, + "version": { + "fields": { + "keyword": { + "ignore_above": 256, + "type": "keyword" + } + }, + "type": "text" + } + } + } + } + } + } + }, + "settings": { + "index": { + "number_of_replicas": "1", + "number_of_shards": "1" + } + } + } +} \ No newline at end of file From 363e153b7f3fc22a6eb9a8eea6d839f7ca0867ea Mon Sep 17 00:00:00 2001 From: Davis Plumlee Date: Thu, 2 Apr 2020 12:26:13 -0400 Subject: [PATCH 4/4] unskips tests --- .../alerts/details/metadata/host_accordion.tsx | 2 +- .../api_integration/apis/endpoint/alerts.ts | 18 +++++++++--------- 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/x-pack/plugins/endpoint/public/applications/endpoint/view/alerts/details/metadata/host_accordion.tsx b/x-pack/plugins/endpoint/public/applications/endpoint/view/alerts/details/metadata/host_accordion.tsx index 3f9fb8dd95ace..e332c96192fab 100644 --- a/x-pack/plugins/endpoint/public/applications/endpoint/view/alerts/details/metadata/host_accordion.tsx +++ b/x-pack/plugins/endpoint/public/applications/endpoint/view/alerts/details/metadata/host_accordion.tsx @@ -38,7 +38,7 @@ export const HostAccordion = memo(({ alertData }: { alertData: Immutable { before(async () => { await esArchiver.load('endpoint/alerts/api_feature'); - await esArchiver.load('endpoint/metadata/api_feature'); + await esArchiver.load('endpoint/alerts/host_api_feature'); const res = await es.search({ index: 'events-endpoint-1', body: ES_QUERY_MISSING, @@ -82,7 +82,7 @@ export default function({ getService }: FtrProviderContext) { after(async () => { await esArchiver.unload('endpoint/alerts/api_feature'); - await esArchiver.unload('endpoint/metadata/api_feature'); + await esArchiver.unload('endpoint/alerts/host_api_feature'); }); it('should not support POST requests', async () => { @@ -93,7 +93,7 @@ export default function({ getService }: FtrProviderContext) { .expect(404); }); - it.skip('should return one entry for each alert with default paging', async () => { + it('should return one entry for each alert with default paging', async () => { const { body } = await supertest .get('/api/endpoint/alerts') .set('kbn-xsrf', 'xxx') @@ -111,7 +111,7 @@ export default function({ getService }: FtrProviderContext) { expect(body.result_from_index).to.eql(0); }); - it.skip('should return the page_size and page_index specified in the query params', async () => { + it('should return the page_size and page_index specified in the query params', async () => { const pageSize = 1; const pageIndex = 1; const { body } = await supertest @@ -140,7 +140,7 @@ export default function({ getService }: FtrProviderContext) { .expect(200); body = response.body; }); - it.skip('should return accurate total counts', async () => { + it('should return accurate total counts', async () => { expect(body.total).to.eql(numberOfAlertsInFixture); /** * Nothing was returned due to pagination. @@ -160,7 +160,7 @@ export default function({ getService }: FtrProviderContext) { expect(body.message).to.contain('Value must be equal to or greater than [1]'); }); - it.skip('should return links to the next and previous pages using cursor-based pagination', async () => { + it('should return links to the next and previous pages using cursor-based pagination', async () => { const { body } = await supertest .get('/api/endpoint/alerts?page_index=0') .set('kbn-xsrf', 'xxx') @@ -346,7 +346,7 @@ export default function({ getService }: FtrProviderContext) { expect(valid).to.eql(true); }); - it.skip('should filter results of alert data using rison-encoded filters', async () => { + it('should filter results of alert data using rison-encoded filters', async () => { const hostname = 'Host-abmfhmc5ku'; const { body } = await supertest .get( @@ -361,7 +361,7 @@ export default function({ getService }: FtrProviderContext) { expect(body.result_from_index).to.eql(0); }); - it.skip('should filter results of alert data using KQL', async () => { + it('should filter results of alert data using KQL', async () => { const agentID = '7cf9f7a3-28a6-4d1e-bb45-005aa28f18d0'; const { body } = await supertest .get( @@ -376,7 +376,7 @@ export default function({ getService }: FtrProviderContext) { expect(body.result_from_index).to.eql(0); }); - it.skip('should return alert details by id, getting last alert', async () => { + it('should return alert details by id, getting last alert', async () => { const documentID = 'zbNm0HABdD75WLjLYgcB'; const prevDocumentID = '2rNm0HABdD75WLjLYgcU'; const { body } = await supertest