elastic · patrykkopycinski · Sep 7, 2020 · Aug 29, 2020 · Aug 29, 2020 · Aug 29, 2020
diff --git a/x-pack/plugins/security_solution/common/search_strategy/security_solution/index.ts b/x-pack/plugins/security_solution/common/search_strategy/security_solution/index.ts
@@ -21,6 +21,8 @@ import {
 } from './hosts';
 import {
  NetworkQueries,
+ NetworkDnsStrategyResponse,
+ NetworkDnsRequestOptions,
  NetworkTlsStrategyResponse,
  NetworkTlsRequestOptions,
  NetworkHttpStrategyResponse,
@@ -79,10 +81,12 @@ export type StrategyResponseType<T extends FactoryQueryTypes> = T extends HostsQ
  ? HostFirstLastSeenStrategyResponse
  : T extends HostsQueries.uncommonProcesses
  ? HostUncommonProcessesStrategyResponse
- : T extends NetworkQueries.tls
- ? NetworkTlsStrategyResponse
+ : T extends NetworkQueries.dns
+ ? NetworkDnsStrategyResponse
  : T extends NetworkQueries.http
  ? NetworkHttpStrategyResponse
+ : T extends NetworkQueries.tls
+ ? NetworkTlsStrategyResponse
  : T extends NetworkQueries.topCountries
  ? NetworkTopCountriesStrategyResponse
  : T extends NetworkQueries.topNFlow
@@ -101,10 +105,12 @@ export type StrategyRequestType<T extends FactoryQueryTypes> = T extends HostsQu
  ? HostFirstLastSeenRequestOptions
  : T extends HostsQueries.uncommonProcesses
  ? HostUncommonProcessesRequestOptions
- : T extends NetworkQueries.tls
- ? NetworkTlsRequestOptions
+ : T extends NetworkQueries.dns
+ ? NetworkDnsRequestOptions
  : T extends NetworkQueries.http
  ? NetworkHttpRequestOptions
+ : T extends NetworkQueries.tls
+ ? NetworkTlsRequestOptions
  : T extends NetworkQueries.topCountries
  ? NetworkTopCountriesRequestOptions
  : T extends NetworkQueries.topNFlow

diff --git a/...k/plugins/security_solution/common/search_strategy/security_solution/network/dns/index.ts b/...k/plugins/security_solution/common/search_strategy/security_solution/network/dns/index.ts
@@ -0,0 +1,65 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License;
+ * you may not use this file except in compliance with the Elastic License.
+ */
+
+import { IEsSearchResponse } from '../../../../../../../../src/plugins/data/common';
+import { CursorType, Inspect, Maybe, PageInfoPaginated, SortField } from '../../../common';
+import { RequestOptionsPaginated } from '../..';
+
+export enum NetworkDnsFields {
+ dnsName = 'dnsName',
+ queryCount = 'queryCount',
+ uniqueDomains = 'uniqueDomains',
+ dnsBytesIn = 'dnsBytesIn',
+ dnsBytesOut = 'dnsBytesOut',
+}
+
+export interface NetworkDnsRequestOptions extends RequestOptionsPaginated {
+ isPtrIncluded: boolean;
+ sort: SortField<NetworkDnsFields>;
+ stackByField?: Maybe<string>;
+}
+
+export interface NetworkDnsStrategyResponse extends IEsSearchResponse {
+ edges: NetworkDnsEdges[];
+ totalCount: number;
+ pageInfo: PageInfoPaginated;
+ inspect?: Maybe<Inspect>;
+ histogram?: Maybe<MatrixOverOrdinalHistogramData[]>;
+}
+
+export interface NetworkDnsEdges {
+ node: NetworkDnsItem;
+ cursor: CursorType;
+}
+
+export interface NetworkDnsItem {
+ _id?: Maybe<string>;
+ dnsBytesIn?: Maybe<number>;
+ dnsBytesOut?: Maybe<number>;
+ dnsName?: Maybe<string>;
+ queryCount?: Maybe<number>;
+ uniqueDomains?: Maybe<number>;
+}
+
+export interface MatrixOverOrdinalHistogramData {
+ x: string;
+ y: number;
+ g: string;
+}
+
+export interface NetworkDnsBuckets {
+ key: string;
+ doc_count: number;
+ unique_domains: {
+ value: number;
+ };
+ dns_bytes_in: {
+ value: number;
+ };
+ dns_bytes_out: {
+ value: number;
+ };
+}
diff --git a/x-pack/plugins/security_solution/common/search_strategy/security_solution/network/index.ts b/x-pack/plugins/security_solution/common/search_strategy/security_solution/network/index.ts
@@ -5,12 +5,14 @@
  */
 
 export * from './common';
+export * from './dns';
 export * from './http';
 export * from './tls';
 export * from './top_countries';
 export * from './top_n_flow';
 
 export enum NetworkQueries {
+ dns = 'dns',
  http = 'http',
  tls = 'tls',
  topCountries = 'topCountries',

diff --git a/...security_solution/common/search_strategy/security_solution/network/top_countries/index.ts b/...security_solution/common/search_strategy/security_solution/network/top_countries/index.ts
@@ -14,14 +14,6 @@ import {
  TopNetworkTablesEcsField,
 } from '../common';
 
-export enum NetworkDnsFields {
- dnsName = 'dnsName',
- queryCount = 'queryCount',
- uniqueDomains = 'uniqueDomains',
- dnsBytesIn = 'dnsBytesIn',
- dnsBytesOut = 'dnsBytesOut',
-}
-
 export enum FlowTarget {
  client = 'client',
  destination = 'destination',

diff --git a/x-pack/plugins/security_solution/public/network/containers/network_dns/histogram.ts b/x-pack/plugins/security_solution/public/network/containers/network_dns/histogram.ts
@@ -0,0 +1,65 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License;
+ * you may not use this file except in compliance with the Elastic License.
+ */
+
+import React from 'react';
+import { connect } from 'react-redux';
+import { compose } from 'redux';
+import { DocumentNode } from 'graphql';
+import { ScaleType } from '@elastic/charts';
+
+import { MatrixHistogram } from '../../../common/components/matrix_histogram';
+import {
+ MatrixHistogramOption,
+ GetSubTitle,
+} from '../../../common/components/matrix_histogram/types';
+import { UpdateDateRange } from '../../../common/components/charts/common';
+import { GlobalTimeArgs } from '../../../common/containers/use_global_time';
+import { withKibana } from '../../../common/lib/kibana';
+import { QueryTemplatePaginatedProps } from '../../../common/containers/query_template_paginated';
+import { DEFAULT_TABLE_ACTIVE_PAGE, DEFAULT_TABLE_LIMIT } from '../../../common/store/constants';
+import { networkModel, networkSelectors } from '../../store';
+import { State, inputsSelectors } from '../../../common/store';
+
+export const HISTOGRAM_ID = 'networkDnsHistogramQuery';
+
+interface DnsHistogramOwnProps extends QueryTemplatePaginatedProps {
+ dataKey: string | string[];
+ defaultStackByOption: MatrixHistogramOption;
+ errorMessage: string;
+ isDnsHistogram?: boolean;
+ query: DocumentNode;
+ scaleType: ScaleType;
+ setQuery: GlobalTimeArgs['setQuery'];
+ showLegend?: boolean;
+ stackByOptions: MatrixHistogramOption[];
+ subtitle?: string | GetSubTitle;
+ title: string;
+ type: networkModel.NetworkType;
+ updateDateRange: UpdateDateRange;
+ yTickFormatter?: (value: number) => string;
+}
+
+const makeMapHistogramStateToProps = () => {
+ const getNetworkDnsSelector = networkSelectors.dnsSelector();
+ const getQuery = inputsSelectors.globalQueryByIdSelector();
+ const mapStateToProps = (state: State, { id = HISTOGRAM_ID }: DnsHistogramOwnProps) => {
+ const { isInspected } = getQuery(state, id);
+ return {
+ ...getNetworkDnsSelector(state),
+ activePage: DEFAULT_TABLE_ACTIVE_PAGE,
+ limit: DEFAULT_TABLE_LIMIT,
+ isInspected,
+ id,
+ };
+ };
+
+ return mapStateToProps;
+};
+
+export const NetworkDnsHistogramQuery = compose<React.ComponentClass<DnsHistogramOwnProps>>(
+ connect(makeMapHistogramStateToProps),
+ withKibana
+)(MatrixHistogram);