[SIEM] Create template timeline #63136
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
Pinging @elastic/siem (Team:SIEM) |
XavierM
reviewed
Apr 17, 2020
x-pack/legacy/plugins/siem/server/lib/timeline/pick_saved_timeline.ts
Outdated
Show resolved
Hide resolved
Should be alright now |
Sure, I'll do that in another PR. |
|
@elasticmachine merge upstream |
|
@elasticmachine merge upstream |
💚 Build SucceededHistory
To update your PR or re-run it, just comment with: |
angorayc
added a commit
to angorayc/kibana
that referenced
this pull request
Apr 29, 2020
* init routes for template timeline * create template timeline * add create/update timelines route * update api entry point * fix types * add template type * fix types * add types and template timeline id * fix types * update import timeline to handle template timeline * unit test * sudo code * remove class for savedobject * add template timeline version * clean up arguments * fix types for framework request * show filter in find * fix create template timeline * update mock data * handle missing timeline when exporting * update the order for timeline routes * update schemas * move type to common folder so we can re-use them on UI and server side * fix types + integrate persist with epic timeline * update all timeline when persit timeline * add timeline api readme * fix validation error * fix unit test * display error if unexpected format is given * fix issue with reftech all timeline query * fix flashing timeline while refetch * fix types * fix types * fix dependency * fix timeline deletion * remove redundant dependency * add i18n message * fix unit test Co-authored-by: Xavier Mouligneau <189600+XavierM@users.noreply.github.com> Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
gmmorris
added a commit
to gmmorris/kibana
that referenced
this pull request
Apr 29, 2020
* master: (60 commits) [SIEM] Create template timeline (elastic#63136) load react component lazily in so management section (elastic#64285) Cleanup .eslingignore and add target (elastic#64617) [Ingest] Support yaml variables in datasource (elastic#64459) typescript-ify portions of src/optimize (elastic#64688) [ngSanitize] add explicit dependencies to all uses of `ngSanitize` angular module (elastic#64546) Consolidate downloading plugin bundles to bootstrap script (elastic#64685) [Maps] disable edit layer button when flyout is open for add layer or map settings (elastic#64230) chore(NA): add async import into infra plugin to reduce apm bundle size (elastic#63292) [Maps] fix edit filter (elastic#64586) [SIEM][Detections] Adds large list support using REST endpoints Replace a number of any-ed styled(eui*) with accurate types (elastic#64555) [Endpoint] Recursive resolver children (elastic#61914) [ML] Fix new job wizard with multiple indices (elastic#64567) Use short URLs for legacy plugin deprecation warning (elastic#64540) [Uptime] Update uptime ml job id to limit to 64 char (elastic#64394) [Ingest] Fix GET /enrollment-api-keys/null error (elastic#64595) Consolidate cross-cutting concerns between region & coordinate maps in new maps_legacy plugin (elastic#64123) ES UI new platform cleanup (elastic#64332) [Event Log] use @timestamp field for queries (elastic#64391) ...
gmmorris
added a commit
to gmmorris/kibana
that referenced
this pull request
Apr 29, 2020
* alerting/np-migration: (64 commits) [ML] Changes Machine learning overview UI text (elastic#64625) [Uptime] Migrate client to New Platform (elastic#55086) Slim vis type timeseries (elastic#64631) [Telemetry] Fix inconsistent search behaviour in Advanced Settings (elastic#64510) removed unneeded dep and file [SIEM] Create template timeline (elastic#63136) load react component lazily in so management section (elastic#64285) Cleanup .eslingignore and add target (elastic#64617) [Ingest] Support yaml variables in datasource (elastic#64459) typescript-ify portions of src/optimize (elastic#64688) [ngSanitize] add explicit dependencies to all uses of `ngSanitize` angular module (elastic#64546) Consolidate downloading plugin bundles to bootstrap script (elastic#64685) [Maps] disable edit layer button when flyout is open for add layer or map settings (elastic#64230) chore(NA): add async import into infra plugin to reduce apm bundle size (elastic#63292) [Maps] fix edit filter (elastic#64586) [SIEM][Detections] Adds large list support using REST endpoints Replace a number of any-ed styled(eui*) with accurate types (elastic#64555) [Endpoint] Recursive resolver children (elastic#61914) [ML] Fix new job wizard with multiple indices (elastic#64567) Use short URLs for legacy plugin deprecation warning (elastic#64540) ...
angorayc
added a commit
that referenced
this pull request
Apr 29, 2020
* init routes for template timeline * create template timeline * add create/update timelines route * update api entry point * fix types * add template type * fix types * add types and template timeline id * fix types * update import timeline to handle template timeline * unit test * sudo code * remove class for savedobject * add template timeline version * clean up arguments * fix types for framework request * show filter in find * fix create template timeline * update mock data * handle missing timeline when exporting * update the order for timeline routes * update schemas * move type to common folder so we can re-use them on UI and server side * fix types + integrate persist with epic timeline * update all timeline when persit timeline * add timeline api readme * fix validation error * fix unit test * display error if unexpected format is given * fix issue with reftech all timeline query * fix flashing timeline while refetch * fix types * fix types * fix dependency * fix timeline deletion * remove redundant dependency * add i18n message * fix unit test Co-authored-by: Xavier Mouligneau <189600+XavierM@users.noreply.github.com> Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com> Co-authored-by: Xavier Mouligneau <189600+XavierM@users.noreply.github.com> Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
7 tasks
MindyRS
added
the
Team: SecuritySolution
|
Pinging @elastic/security-solution (Team: SecuritySolution) |
Update timeline apirequest body: Respose: Update timeline template apirequest body: Response: |
This was referenced Aug 7, 2023
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
Timeline apis
Create timeline api
POST /api/timeline
Authorization
Type: Basic Auth
username: Your Kibana username
password: Your Kibana password
Request header
Request body
{ "timeline": { "columns": [ { "columnHeaderType": "not-filtered", "id": "@timestamp" }, { "columnHeaderType": "not-filtered", "id": "message" }, { "columnHeaderType": "not-filtered", "id": "event.category" }, { "columnHeaderType": "not-filtered", "id": "event.action" }, { "columnHeaderType": "not-filtered", "id": "host.name" }, { "columnHeaderType": "not-filtered", "id": "source.ip" }, { "columnHeaderType": "not-filtered", "id": "destination.ip" }, { "columnHeaderType": "not-filtered", "id": "user.name" } ], "dataProviders": [], "description": "", "eventType": "all", "filters": [], "kqlMode": "filter", "kqlQuery": { "filterQuery": null }, "title": "abd", "dateRange": { "start": 1587370079200, "end": 1587456479201 }, "savedQueryId": null, "sort": { "columnId": "@timestamp", "sortDirection": "desc" } }, "timelineId":null, // Leave this as null "version":null // Leave this as null }Update timeline api
PATCH /api/timeline
Authorization
Type: Basic Auth
username: Your Kibana username
password: Your Kibana password
Request header
Request body
{ "timeline": { "columns": [ { "columnHeaderType": "not-filtered", "id": "@timestamp" }, { "columnHeaderType": "not-filtered", "id": "message" }, { "columnHeaderType": "not-filtered", "id": "event.category" }, { "columnHeaderType": "not-filtered", "id": "event.action" }, { "columnHeaderType": "not-filtered", "id": "host.name" }, { "columnHeaderType": "not-filtered", "id": "source.ip" }, { "columnHeaderType": "not-filtered", "id": "destination.ip" }, { "columnHeaderType": "not-filtered", "id": "user.name" } ], "dataProviders": [], "description": "", "eventType": "all", "filters": [], "kqlMode": "filter", "kqlQuery": { "filterQuery": null }, "title": "abd", "dateRange": { "start": 1587370079200, "end": 1587456479201 }, "savedQueryId": null, "sort": { "columnId": "@timestamp", "sortDirection": "desc" }, "created": 1587468588922, "createdBy": "casetester", "updated": 1587468588922, "updatedBy": "casetester", "timelineType": "default" }, "timelineId":"68ea5330-83c3-11ea-bff9-ab01dd7cb6cc", // Have to match the existing timeline savedObject id "version":"WzYwLDFd" // Have to match the existing timeline version }Create template timeline api
POST /api/timeline
Authorization
Type: Basic Auth
username: Your Kibana username
password: Your Kibana password
Request header
Request body
{ "timeline": { "columns": [ { "columnHeaderType": "not-filtered", "id": "@timestamp" }, { "columnHeaderType": "not-filtered", "id": "message" }, { "columnHeaderType": "not-filtered", "id": "event.category" }, { "columnHeaderType": "not-filtered", "id": "event.action" }, { "columnHeaderType": "not-filtered", "id": "host.name" }, { "columnHeaderType": "not-filtered", "id": "source.ip" }, { "columnHeaderType": "not-filtered", "id": "destination.ip" }, { "columnHeaderType": "not-filtered", "id": "user.name" } ], "dataProviders": [ ], "description": "", "eventType": "all", "filters": [ ], "kqlMode": "filter", "kqlQuery": { "filterQuery": null }, "title": "abd", "dateRange": { "start": 1587370079200, "end": 1587456479201 }, "savedQueryId": null, "sort": { "columnId": "@timestamp", "sortDirection": "desc" }, "timelineType": "template" // This is the difference between create timeline }, "timelineId":null, // Leave this as null "version":null // Leave this as null }Update template timeline api
PATCH /api/timeline
Authorization
Type: Basic Auth
username: Your Kibana username
password: Your Kibana password
Request header
Request body
{ "timeline": { "columns": [ { "columnHeaderType": "not-filtered", "id": "@timestamp" }, { "columnHeaderType": "not-filtered", "id": "message" }, { "columnHeaderType": "not-filtered", "id": "event.category" }, { "columnHeaderType": "not-filtered", "id": "event.action" }, { "columnHeaderType": "not-filtered", "id": "host.name" }, { "columnHeaderType": "not-filtered", "id": "source.ip" }, { "columnHeaderType": "not-filtered", "id": "destination.ip" }, { "columnHeaderType": "not-filtered", "id": "user.name" } ], "dataProviders": [], "description": "", "eventType": "all", "filters": [], "kqlMode": "filter", "kqlQuery": { "filterQuery": null }, "title": "abd", "dateRange": { "start": 1587370079200, "end": 1587456479201 }, "savedQueryId": null, "sort": { "columnId": "@timestamp", "sortDirection": "desc" }, "timelineType": "template", "created": 1587473119992, "createdBy": "casetester", "updated": 1587473119992, "updatedBy": "casetester", "templateTimelineId": "745d0316-6af7-43bf-afd6-9747119754fb", // Please provide the existing template timeline id "templateTimelineVersion": 2 // Please provide a template timeline version grater than existing one }, "timelineId":"f5a4bd10-83cd-11ea-bf78-0547a65f1281", // This is a must as well "version":"Wzg2LDFd" // Please provide the existing timeline version }Implementation details:
Add a post and a patch endpoints to create/update timeline - (Refactor) Move away from graphQL to request handler.
case 1 Create timeline - POST:
undefined/null) => Create a new timelineUPDATE timeline with POST is not allowed, please use PATCH insteadcase 2 Update timeline - PATCH - Timeline is not allowed to be updated via import timeline ATM:
if timeline-id is NOT provided (timeline-id is
undefined/null) =>CREATE timeline with PATCH is not allowed, please use POST insteadif timeline-id is provided (timeline-id`) => Check if the timeline id exists or not?
CREATE timeline with PATCH is not allowed, please use POST insteadtimelineTypefield to timeline saved object mapping - can bedefaultortemplate.create template timelineby adding thetimelineTypeand template timeline id argument.Keep globalNote and favourite for template timeline
case 1 Create template timeline - POST:
undefined/null) => Create a new template timelineUPDATE template timeline with POST is not allowed, please use PATCH insteadcase 2 Update template timeline - PATCH - Template Timeline is not allowed to be updated via import timeline ATM:
TimelineVersion conflict: The given version template timeline id not match with existing timelineTimeline id doesn't match with existing template timelineCREATE template timeline with PATCH is not allowed, please use POST instead"Template timelineVersion conflict: The given version is older then existing version"CREATE template timeline with PATCH is not allowed, please use POST insteadtimelineTypeandtemplate timeline idcase 1 timeline-id is provided
case 2 timeline id is NOT provided
timelineTypeandtemplate timeline idChecklist
Delete any items that are not applicable to this PR.
This was checked for keyboard-only and screenreader accessibilityThis renders correctly on smaller devices using a responsive layout. (You can test this in your browserThis was checked for cross-browser compatibility, including a check against IE11For maintainers
This was checked for breaking API changes and was labeled appropriately