From 38f517ae9f38f3548591ba070f21657f20144b22 Mon Sep 17 00:00:00 2001 From: Tim Sullivan Date: Thu, 24 Sep 2020 08:54:34 -0700 Subject: [PATCH 01/89] [Reporting] TS changes to reference an interface instead of class as the logger object (#78359) * [Reporting] TS changes to reference an interface instead of class, making functions more shareable * rename the interface * less flexible interface --- .../plugins/reporting/server/browsers/download/clean.ts | 4 ++-- .../reporting/server/browsers/download/download.ts | 4 ++-- .../server/browsers/download/ensure_downloaded.ts | 6 +++--- x-pack/plugins/reporting/server/browsers/install.ts | 4 ++-- x-pack/plugins/reporting/server/lib/level_logger.ts | 9 ++++++++- 5 files changed, 17 insertions(+), 10 deletions(-) diff --git a/x-pack/plugins/reporting/server/browsers/download/clean.ts b/x-pack/plugins/reporting/server/browsers/download/clean.ts index 1a362be8568cd..3d840f445b76e 100644 --- a/x-pack/plugins/reporting/server/browsers/download/clean.ts +++ b/x-pack/plugins/reporting/server/browsers/download/clean.ts @@ -7,13 +7,13 @@ import del from 'del'; import { readdirSync } from 'fs'; import { resolve as resolvePath } from 'path'; -import { LevelLogger } from '../../lib'; +import { GenericLevelLogger } from '../../lib/level_logger'; import { asyncMap } from './util'; /** * Delete any file in the `dir` that is not in the expectedPaths */ -export async function clean(dir: string, expectedPaths: string[], logger: LevelLogger) { +export async function clean(dir: string, expectedPaths: string[], logger: GenericLevelLogger) { let filenames: string[]; try { filenames = await readdirSync(dir); diff --git a/x-pack/plugins/reporting/server/browsers/download/download.ts b/x-pack/plugins/reporting/server/browsers/download/download.ts index 30b50c32a7402..b4b303416facd 100644 --- a/x-pack/plugins/reporting/server/browsers/download/download.ts +++ b/x-pack/plugins/reporting/server/browsers/download/download.ts @@ -8,7 +8,7 @@ import Axios from 'axios'; import { createHash } from 'crypto'; import { closeSync, mkdirSync, openSync, writeSync } from 'fs'; import { dirname } from 'path'; -import { LevelLogger } from '../../lib'; +import { GenericLevelLogger } from '../../lib/level_logger'; /** * Download a url and calculate it's checksum @@ -16,7 +16,7 @@ import { LevelLogger } from '../../lib'; * @param {String} path * @return {Promise} checksum of the downloaded file */ -export async function download(url: string, path: string, logger: LevelLogger) { +export async function download(url: string, path: string, logger: GenericLevelLogger) { logger.info(`Downloading ${url} to ${path}`); const hash = createHash('md5'); diff --git a/x-pack/plugins/reporting/server/browsers/download/ensure_downloaded.ts b/x-pack/plugins/reporting/server/browsers/download/ensure_downloaded.ts index f56af15f5d76b..7c3cb7b1d76bb 100644 --- a/x-pack/plugins/reporting/server/browsers/download/ensure_downloaded.ts +++ b/x-pack/plugins/reporting/server/browsers/download/ensure_downloaded.ts @@ -7,7 +7,7 @@ import { existsSync } from 'fs'; import { resolve as resolvePath } from 'path'; import { BrowserDownload, chromium } from '../'; -import { LevelLogger } from '../../lib'; +import { GenericLevelLogger } from '../../lib/level_logger'; import { md5 } from './checksum'; import { clean } from './clean'; import { download } from './download'; @@ -18,7 +18,7 @@ import { asyncMap } from './util'; * download them if they are missing or their checksum is invalid * @return {Promise} */ -export async function ensureBrowserDownloaded(logger: LevelLogger) { +export async function ensureBrowserDownloaded(logger: GenericLevelLogger) { await ensureDownloaded([chromium], logger); } @@ -29,7 +29,7 @@ export async function ensureBrowserDownloaded(logger: LevelLogger) { * @param {BrowserSpec} browsers * @return {Promise} */ -async function ensureDownloaded(browsers: BrowserDownload[], logger: LevelLogger) { +async function ensureDownloaded(browsers: BrowserDownload[], logger: GenericLevelLogger) { await asyncMap(browsers, async (browser) => { const { archivesPath } = browser.paths; diff --git a/x-pack/plugins/reporting/server/browsers/install.ts b/x-pack/plugins/reporting/server/browsers/install.ts index 35cc5b6d8b7c2..350c988309a1f 100644 --- a/x-pack/plugins/reporting/server/browsers/install.ts +++ b/x-pack/plugins/reporting/server/browsers/install.ts @@ -8,7 +8,7 @@ import del from 'del'; import os from 'os'; import path from 'path'; import * as Rx from 'rxjs'; -import { LevelLogger } from '../lib'; +import { GenericLevelLogger } from '../lib/level_logger'; import { paths } from './chromium/paths'; import { ensureBrowserDownloaded } from './download'; // @ts-ignore @@ -46,7 +46,7 @@ export const getBinaryPath = ( * archive. If there is an error extracting the archive an `ExtractError` is thrown */ export function installBrowser( - logger: LevelLogger, + logger: GenericLevelLogger, chromiumPath: string = path.resolve(__dirname, '../../chromium'), platform: string = process.platform, architecture: string = os.arch() diff --git a/x-pack/plugins/reporting/server/lib/level_logger.ts b/x-pack/plugins/reporting/server/lib/level_logger.ts index d015d500363c1..9db5274a93db8 100644 --- a/x-pack/plugins/reporting/server/lib/level_logger.ts +++ b/x-pack/plugins/reporting/server/lib/level_logger.ts @@ -10,7 +10,14 @@ const trimStr = (toTrim: string) => { return typeof toTrim === 'string' ? toTrim.trim() : toTrim; }; -export class LevelLogger { +export interface GenericLevelLogger { + debug: (msg: string) => void; + info: (msg: string) => void; + warning: (msg: string) => void; + error: (msg: Error) => void; +} + +export class LevelLogger implements GenericLevelLogger { private _logger: LoggerFactory; private _tags: string[]; public warning: (msg: string, tags?: string[]) => void; From 0e1796acc5f4e41c9e51f5c6cda28a7f18139517 Mon Sep 17 00:00:00 2001 From: Liza Katz Date: Thu, 24 Sep 2020 18:59:27 +0300 Subject: [PATCH 02/89] [Search] Generic search request and response types (#78268) * Improve search types to support EQL strategy * doc * Update types.ts * update demo strategy Co-authored-by: Elastic Machine --- ...in-plugins-data-public.iessearchrequest.md | 3 +- ...ins-data-public.iessearchrequest.params.md | 11 ---- ...data-public.iessearchresponse.isrunning.md | 13 ----- ...n-plugins-data-public.iessearchresponse.md | 13 +---- ...ta-public.iessearchresponse.rawresponse.md | 11 ---- ...lugins-data-public.ikibanasearchrequest.md | 4 +- ...ata-public.ikibanasearchrequest.params.md} | 8 ++- ...public.ikibanasearchresponse.ispartial.md} | 4 +- ...-public.ikibanasearchresponse.isrunning.md | 13 +++++ ...ugins-data-public.ikibanasearchresponse.md | 5 +- ...ublic.ikibanasearchresponse.rawresponse.md | 11 ++++ ...-plugins-data-public.iscompleteresponse.md | 2 +- ...ugin-plugins-data-public.isearchgeneric.md | 2 +- ...gin-plugins-data-public.iserrorresponse.md | 2 +- ...n-plugins-data-public.ispartialresponse.md | 2 +- .../kibana-plugin-plugins-data-public.md | 2 +- ...ns-data-public.searchinterceptor.search.md | 4 +- ...in-plugins-data-server.iessearchrequest.md | 3 +- ...ins-data-server.iessearchrequest.params.md | 11 ---- ...data-server.iessearchresponse.ispartial.md | 13 ----- ...data-server.iessearchresponse.isrunning.md | 13 ----- ...n-plugins-data-server.iessearchresponse.md | 13 +---- ...ta-server.iessearchresponse.rawresponse.md | 11 ---- ...plugin-plugins-data-server.isearchsetup.md | 2 +- ...ver.isearchsetup.registersearchstrategy.md | 2 +- ...plugin-plugins-data-server.isearchstart.md | 4 +- ...plugins-data-server.isearchstart.search.md | 2 +- ...gin-plugins-data-server.isearchstrategy.md | 2 +- .../kibana-plugin-plugins-data-server.md | 2 +- .../search_examples/server/my_strategy.ts | 9 ++-- .../data/common/search/es_search/types.ts | 18 +------ .../data/common/search/es_search/utils.ts | 8 +-- src/plugins/data/common/search/index.ts | 1 - src/plugins/data/common/search/types.ts | 25 ++++++--- src/plugins/data/public/public.api.md | 34 ++++++------ .../data/public/search/search_interceptor.ts | 6 +-- .../data/server/search/routes/search.ts | 9 ++-- .../data/server/search/search_service.ts | 54 +++++++++++-------- src/plugins/data/server/search/types.ts | 18 +++---- src/plugins/data/server/server.api.md | 22 +++----- 40 files changed, 152 insertions(+), 240 deletions(-) delete mode 100644 docs/development/plugins/data/public/kibana-plugin-plugins-data-public.iessearchrequest.params.md delete mode 100644 docs/development/plugins/data/public/kibana-plugin-plugins-data-public.iessearchresponse.isrunning.md delete mode 100644 docs/development/plugins/data/public/kibana-plugin-plugins-data-public.iessearchresponse.rawresponse.md rename docs/development/plugins/data/public/{kibana-plugin-plugins-data-public.ikibanasearchrequest.debug.md => kibana-plugin-plugins-data-public.ikibanasearchrequest.params.md} (61%) rename docs/development/plugins/data/public/{kibana-plugin-plugins-data-public.iessearchresponse.ispartial.md => kibana-plugin-plugins-data-public.ikibanasearchresponse.ispartial.md} (50%) create mode 100644 docs/development/plugins/data/public/kibana-plugin-plugins-data-public.ikibanasearchresponse.isrunning.md create mode 100644 docs/development/plugins/data/public/kibana-plugin-plugins-data-public.ikibanasearchresponse.rawresponse.md delete mode 100644 docs/development/plugins/data/server/kibana-plugin-plugins-data-server.iessearchrequest.params.md delete mode 100644 docs/development/plugins/data/server/kibana-plugin-plugins-data-server.iessearchresponse.ispartial.md delete mode 100644 docs/development/plugins/data/server/kibana-plugin-plugins-data-server.iessearchresponse.isrunning.md delete mode 100644 docs/development/plugins/data/server/kibana-plugin-plugins-data-server.iessearchresponse.rawresponse.md diff --git a/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.iessearchrequest.md b/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.iessearchrequest.md index fee34378339af..45cd088ee1203 100644 --- a/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.iessearchrequest.md +++ b/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.iessearchrequest.md @@ -7,7 +7,7 @@ Signature: ```typescript -export interface IEsSearchRequest extends IKibanaSearchRequest +export interface IEsSearchRequest extends IKibanaSearchRequest ``` ## Properties @@ -15,5 +15,4 @@ export interface IEsSearchRequest extends IKibanaSearchRequest | Property | Type | Description | | --- | --- | --- | | [indexType](./kibana-plugin-plugins-data-public.iessearchrequest.indextype.md) | string | | -| [params](./kibana-plugin-plugins-data-public.iessearchrequest.params.md) | ISearchRequestParams | | diff --git a/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.iessearchrequest.params.md b/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.iessearchrequest.params.md deleted file mode 100644 index 24107faa28e8c..0000000000000 --- a/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.iessearchrequest.params.md +++ /dev/null @@ -1,11 +0,0 @@ - - -[Home](./index.md) > [kibana-plugin-plugins-data-public](./kibana-plugin-plugins-data-public.md) > [IEsSearchRequest](./kibana-plugin-plugins-data-public.iessearchrequest.md) > [params](./kibana-plugin-plugins-data-public.iessearchrequest.params.md) - -## IEsSearchRequest.params property - -Signature: - -```typescript -params?: ISearchRequestParams; -``` diff --git a/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.iessearchresponse.isrunning.md b/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.iessearchresponse.isrunning.md deleted file mode 100644 index 56fb1a7519811..0000000000000 --- a/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.iessearchresponse.isrunning.md +++ /dev/null @@ -1,13 +0,0 @@ - - -[Home](./index.md) > [kibana-plugin-plugins-data-public](./kibana-plugin-plugins-data-public.md) > [IEsSearchResponse](./kibana-plugin-plugins-data-public.iessearchresponse.md) > [isRunning](./kibana-plugin-plugins-data-public.iessearchresponse.isrunning.md) - -## IEsSearchResponse.isRunning property - -Indicates whether async search is still in flight - -Signature: - -```typescript -isRunning?: boolean; -``` diff --git a/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.iessearchresponse.md b/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.iessearchresponse.md index 7c9a6aa702463..c8a372edbdb85 100644 --- a/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.iessearchresponse.md +++ b/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.iessearchresponse.md @@ -2,19 +2,10 @@ [Home](./index.md) > [kibana-plugin-plugins-data-public](./kibana-plugin-plugins-data-public.md) > [IEsSearchResponse](./kibana-plugin-plugins-data-public.iessearchresponse.md) -## IEsSearchResponse interface +## IEsSearchResponse type Signature: ```typescript -export interface IEsSearchResponse extends IKibanaSearchResponse +export declare type IEsSearchResponse = IKibanaSearchResponse>; ``` - -## Properties - -| Property | Type | Description | -| --- | --- | --- | -| [isPartial](./kibana-plugin-plugins-data-public.iessearchresponse.ispartial.md) | boolean | Indicates whether the results returned are complete or partial | -| [isRunning](./kibana-plugin-plugins-data-public.iessearchresponse.isrunning.md) | boolean | Indicates whether async search is still in flight | -| [rawResponse](./kibana-plugin-plugins-data-public.iessearchresponse.rawresponse.md) | SearchResponse<Source> | | - diff --git a/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.iessearchresponse.rawresponse.md b/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.iessearchresponse.rawresponse.md deleted file mode 100644 index f4648143ebc2e..0000000000000 --- a/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.iessearchresponse.rawresponse.md +++ /dev/null @@ -1,11 +0,0 @@ - - -[Home](./index.md) > [kibana-plugin-plugins-data-public](./kibana-plugin-plugins-data-public.md) > [IEsSearchResponse](./kibana-plugin-plugins-data-public.iessearchresponse.md) > [rawResponse](./kibana-plugin-plugins-data-public.iessearchresponse.rawresponse.md) - -## IEsSearchResponse.rawResponse property - -Signature: - -```typescript -rawResponse: SearchResponse; -``` diff --git a/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.ikibanasearchrequest.md b/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.ikibanasearchrequest.md index 57e0fbe2c19a9..bba051037e29b 100644 --- a/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.ikibanasearchrequest.md +++ b/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.ikibanasearchrequest.md @@ -7,13 +7,13 @@ Signature: ```typescript -export interface IKibanaSearchRequest +export interface IKibanaSearchRequest ``` ## Properties | Property | Type | Description | | --- | --- | --- | -| [debug](./kibana-plugin-plugins-data-public.ikibanasearchrequest.debug.md) | boolean | Optionally tell search strategies to output debug information. | | [id](./kibana-plugin-plugins-data-public.ikibanasearchrequest.id.md) | string | An id can be used to uniquely identify this request. | +| [params](./kibana-plugin-plugins-data-public.ikibanasearchrequest.params.md) | Params | | diff --git a/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.ikibanasearchrequest.debug.md b/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.ikibanasearchrequest.params.md similarity index 61% rename from docs/development/plugins/data/public/kibana-plugin-plugins-data-public.ikibanasearchrequest.debug.md rename to docs/development/plugins/data/public/kibana-plugin-plugins-data-public.ikibanasearchrequest.params.md index cfb21a78557fd..b7e2006a66c14 100644 --- a/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.ikibanasearchrequest.debug.md +++ b/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.ikibanasearchrequest.params.md @@ -1,13 +1,11 @@ -[Home](./index.md) > [kibana-plugin-plugins-data-public](./kibana-plugin-plugins-data-public.md) > [IKibanaSearchRequest](./kibana-plugin-plugins-data-public.ikibanasearchrequest.md) > [debug](./kibana-plugin-plugins-data-public.ikibanasearchrequest.debug.md) +[Home](./index.md) > [kibana-plugin-plugins-data-public](./kibana-plugin-plugins-data-public.md) > [IKibanaSearchRequest](./kibana-plugin-plugins-data-public.ikibanasearchrequest.md) > [params](./kibana-plugin-plugins-data-public.ikibanasearchrequest.params.md) -## IKibanaSearchRequest.debug property - -Optionally tell search strategies to output debug information. +## IKibanaSearchRequest.params property Signature: ```typescript -debug?: boolean; +params?: Params; ``` diff --git a/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.iessearchresponse.ispartial.md b/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.ikibanasearchresponse.ispartial.md similarity index 50% rename from docs/development/plugins/data/public/kibana-plugin-plugins-data-public.iessearchresponse.ispartial.md rename to docs/development/plugins/data/public/kibana-plugin-plugins-data-public.ikibanasearchresponse.ispartial.md index 00a56c6fe9c31..702c774eb8818 100644 --- a/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.iessearchresponse.ispartial.md +++ b/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.ikibanasearchresponse.ispartial.md @@ -1,8 +1,8 @@ -[Home](./index.md) > [kibana-plugin-plugins-data-public](./kibana-plugin-plugins-data-public.md) > [IEsSearchResponse](./kibana-plugin-plugins-data-public.iessearchresponse.md) > [isPartial](./kibana-plugin-plugins-data-public.iessearchresponse.ispartial.md) +[Home](./index.md) > [kibana-plugin-plugins-data-public](./kibana-plugin-plugins-data-public.md) > [IKibanaSearchResponse](./kibana-plugin-plugins-data-public.ikibanasearchresponse.md) > [isPartial](./kibana-plugin-plugins-data-public.ikibanasearchresponse.ispartial.md) -## IEsSearchResponse.isPartial property +## IKibanaSearchResponse.isPartial property Indicates whether the results returned are complete or partial diff --git a/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.ikibanasearchresponse.isrunning.md b/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.ikibanasearchresponse.isrunning.md new file mode 100644 index 0000000000000..1e625ccff26f9 --- /dev/null +++ b/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.ikibanasearchresponse.isrunning.md @@ -0,0 +1,13 @@ + + +[Home](./index.md) > [kibana-plugin-plugins-data-public](./kibana-plugin-plugins-data-public.md) > [IKibanaSearchResponse](./kibana-plugin-plugins-data-public.ikibanasearchresponse.md) > [isRunning](./kibana-plugin-plugins-data-public.ikibanasearchresponse.isrunning.md) + +## IKibanaSearchResponse.isRunning property + +Indicates whether search is still in flight + +Signature: + +```typescript +isRunning?: boolean; +``` diff --git a/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.ikibanasearchresponse.md b/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.ikibanasearchresponse.md index f7dfd1ddd2f49..159dc8f4ada18 100644 --- a/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.ikibanasearchresponse.md +++ b/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.ikibanasearchresponse.md @@ -7,7 +7,7 @@ Signature: ```typescript -export interface IKibanaSearchResponse +export interface IKibanaSearchResponse ``` ## Properties @@ -15,6 +15,9 @@ export interface IKibanaSearchResponse | Property | Type | Description | | --- | --- | --- | | [id](./kibana-plugin-plugins-data-public.ikibanasearchresponse.id.md) | string | Some responses may contain a unique id to identify the request this response came from. | +| [isPartial](./kibana-plugin-plugins-data-public.ikibanasearchresponse.ispartial.md) | boolean | Indicates whether the results returned are complete or partial | +| [isRunning](./kibana-plugin-plugins-data-public.ikibanasearchresponse.isrunning.md) | boolean | Indicates whether search is still in flight | | [loaded](./kibana-plugin-plugins-data-public.ikibanasearchresponse.loaded.md) | number | If relevant to the search strategy, return a loaded number that represents how progress is indicated. | +| [rawResponse](./kibana-plugin-plugins-data-public.ikibanasearchresponse.rawresponse.md) | RawResponse | | | [total](./kibana-plugin-plugins-data-public.ikibanasearchresponse.total.md) | number | If relevant to the search strategy, return a total number that represents how progress is indicated. | diff --git a/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.ikibanasearchresponse.rawresponse.md b/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.ikibanasearchresponse.rawresponse.md new file mode 100644 index 0000000000000..865c7d795801b --- /dev/null +++ b/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.ikibanasearchresponse.rawresponse.md @@ -0,0 +1,11 @@ + + +[Home](./index.md) > [kibana-plugin-plugins-data-public](./kibana-plugin-plugins-data-public.md) > [IKibanaSearchResponse](./kibana-plugin-plugins-data-public.ikibanasearchresponse.md) > [rawResponse](./kibana-plugin-plugins-data-public.ikibanasearchresponse.rawresponse.md) + +## IKibanaSearchResponse.rawResponse property + +Signature: + +```typescript +rawResponse: RawResponse; +``` diff --git a/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.iscompleteresponse.md b/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.iscompleteresponse.md index 17acf4e0d1be8..e17e453ecb749 100644 --- a/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.iscompleteresponse.md +++ b/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.iscompleteresponse.md @@ -7,5 +7,5 @@ Signature: ```typescript -isCompleteResponse: (response?: IEsSearchResponse | undefined) => boolean | undefined +isCompleteResponse: (response?: IKibanaSearchResponse | undefined) => boolean | undefined ``` diff --git a/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.isearchgeneric.md b/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.isearchgeneric.md index 861b59e73ef04..025ca6681d39b 100644 --- a/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.isearchgeneric.md +++ b/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.isearchgeneric.md @@ -7,5 +7,5 @@ Signature: ```typescript -export declare type ISearchGeneric = (request: SearchStrategyRequest, options?: ISearchOptions) => Observable; +export declare type ISearchGeneric = (request: SearchStrategyRequest, options?: ISearchOptions) => Observable; ``` diff --git a/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.iserrorresponse.md b/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.iserrorresponse.md index 3f9b1d593870d..e4ac35f19e959 100644 --- a/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.iserrorresponse.md +++ b/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.iserrorresponse.md @@ -7,5 +7,5 @@ Signature: ```typescript -isErrorResponse: (response?: IEsSearchResponse | undefined) => boolean | undefined +isErrorResponse: (response?: IKibanaSearchResponse | undefined) => boolean | undefined ``` diff --git a/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.ispartialresponse.md b/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.ispartialresponse.md index 9f2f1bbf2f9e0..4b707ceeacc89 100644 --- a/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.ispartialresponse.md +++ b/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.ispartialresponse.md @@ -7,5 +7,5 @@ Signature: ```typescript -isPartialResponse: (response?: IEsSearchResponse | undefined) => boolean | undefined +isPartialResponse: (response?: IKibanaSearchResponse | undefined) => boolean | undefined ``` diff --git a/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.md b/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.md index 8625120d54848..0f45b5a727676 100644 --- a/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.md +++ b/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.md @@ -61,7 +61,6 @@ | [FieldMappingSpec](./kibana-plugin-plugins-data-public.fieldmappingspec.md) | | | [IDataPluginServices](./kibana-plugin-plugins-data-public.idatapluginservices.md) | | | [IEsSearchRequest](./kibana-plugin-plugins-data-public.iessearchrequest.md) | | -| [IEsSearchResponse](./kibana-plugin-plugins-data-public.iessearchresponse.md) | | | [IFieldSubType](./kibana-plugin-plugins-data-public.ifieldsubtype.md) | | | [IFieldType](./kibana-plugin-plugins-data-public.ifieldtype.md) | | | [IIndexPattern](./kibana-plugin-plugins-data-public.iindexpattern.md) | | @@ -152,6 +151,7 @@ | [Filter](./kibana-plugin-plugins-data-public.filter.md) | | | [IAggConfig](./kibana-plugin-plugins-data-public.iaggconfig.md) | AggConfig This class represents an aggregation, which is displayed in the left-hand nav of the Visualize app. | | [IAggType](./kibana-plugin-plugins-data-public.iaggtype.md) | | +| [IEsSearchResponse](./kibana-plugin-plugins-data-public.iessearchresponse.md) | | | [IFieldFormat](./kibana-plugin-plugins-data-public.ifieldformat.md) | | | [IFieldFormatsRegistry](./kibana-plugin-plugins-data-public.ifieldformatsregistry.md) | | | [IFieldParamType](./kibana-plugin-plugins-data-public.ifieldparamtype.md) | | diff --git a/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.searchinterceptor.search.md b/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.searchinterceptor.search.md index 1752d183a8737..1a71b5808f485 100644 --- a/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.searchinterceptor.search.md +++ b/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.searchinterceptor.search.md @@ -9,7 +9,7 @@ Searches using the given `search` method. Overrides the `AbortSignal` with one t Signature: ```typescript -search(request: IEsSearchRequest, options?: ISearchOptions): Observable; +search(request: IEsSearchRequest, options?: ISearchOptions): Observable; ``` ## Parameters @@ -21,5 +21,5 @@ search(request: IEsSearchRequest, options?: ISearchOptions): ObservableReturns: -`Observable` +`Observable` diff --git a/docs/development/plugins/data/server/kibana-plugin-plugins-data-server.iessearchrequest.md b/docs/development/plugins/data/server/kibana-plugin-plugins-data-server.iessearchrequest.md index 0dfa23eb64c1b..9141bcdd2e8d7 100644 --- a/docs/development/plugins/data/server/kibana-plugin-plugins-data-server.iessearchrequest.md +++ b/docs/development/plugins/data/server/kibana-plugin-plugins-data-server.iessearchrequest.md @@ -7,7 +7,7 @@ Signature: ```typescript -export interface IEsSearchRequest extends IKibanaSearchRequest +export interface IEsSearchRequest extends IKibanaSearchRequest ``` ## Properties @@ -15,5 +15,4 @@ export interface IEsSearchRequest extends IKibanaSearchRequest | Property | Type | Description | | --- | --- | --- | | [indexType](./kibana-plugin-plugins-data-server.iessearchrequest.indextype.md) | string | | -| [params](./kibana-plugin-plugins-data-server.iessearchrequest.params.md) | ISearchRequestParams | | diff --git a/docs/development/plugins/data/server/kibana-plugin-plugins-data-server.iessearchrequest.params.md b/docs/development/plugins/data/server/kibana-plugin-plugins-data-server.iessearchrequest.params.md deleted file mode 100644 index d65281973c951..0000000000000 --- a/docs/development/plugins/data/server/kibana-plugin-plugins-data-server.iessearchrequest.params.md +++ /dev/null @@ -1,11 +0,0 @@ - - -[Home](./index.md) > [kibana-plugin-plugins-data-server](./kibana-plugin-plugins-data-server.md) > [IEsSearchRequest](./kibana-plugin-plugins-data-server.iessearchrequest.md) > [params](./kibana-plugin-plugins-data-server.iessearchrequest.params.md) - -## IEsSearchRequest.params property - -Signature: - -```typescript -params?: ISearchRequestParams; -``` diff --git a/docs/development/plugins/data/server/kibana-plugin-plugins-data-server.iessearchresponse.ispartial.md b/docs/development/plugins/data/server/kibana-plugin-plugins-data-server.iessearchresponse.ispartial.md deleted file mode 100644 index fbddfc1cd9fc4..0000000000000 --- a/docs/development/plugins/data/server/kibana-plugin-plugins-data-server.iessearchresponse.ispartial.md +++ /dev/null @@ -1,13 +0,0 @@ - - -[Home](./index.md) > [kibana-plugin-plugins-data-server](./kibana-plugin-plugins-data-server.md) > [IEsSearchResponse](./kibana-plugin-plugins-data-server.iessearchresponse.md) > [isPartial](./kibana-plugin-plugins-data-server.iessearchresponse.ispartial.md) - -## IEsSearchResponse.isPartial property - -Indicates whether the results returned are complete or partial - -Signature: - -```typescript -isPartial?: boolean; -``` diff --git a/docs/development/plugins/data/server/kibana-plugin-plugins-data-server.iessearchresponse.isrunning.md b/docs/development/plugins/data/server/kibana-plugin-plugins-data-server.iessearchresponse.isrunning.md deleted file mode 100644 index 01f3982957d5c..0000000000000 --- a/docs/development/plugins/data/server/kibana-plugin-plugins-data-server.iessearchresponse.isrunning.md +++ /dev/null @@ -1,13 +0,0 @@ - - -[Home](./index.md) > [kibana-plugin-plugins-data-server](./kibana-plugin-plugins-data-server.md) > [IEsSearchResponse](./kibana-plugin-plugins-data-server.iessearchresponse.md) > [isRunning](./kibana-plugin-plugins-data-server.iessearchresponse.isrunning.md) - -## IEsSearchResponse.isRunning property - -Indicates whether async search is still in flight - -Signature: - -```typescript -isRunning?: boolean; -``` diff --git a/docs/development/plugins/data/server/kibana-plugin-plugins-data-server.iessearchresponse.md b/docs/development/plugins/data/server/kibana-plugin-plugins-data-server.iessearchresponse.md index 55c0399e90e2f..d333af1b278c2 100644 --- a/docs/development/plugins/data/server/kibana-plugin-plugins-data-server.iessearchresponse.md +++ b/docs/development/plugins/data/server/kibana-plugin-plugins-data-server.iessearchresponse.md @@ -2,19 +2,10 @@ [Home](./index.md) > [kibana-plugin-plugins-data-server](./kibana-plugin-plugins-data-server.md) > [IEsSearchResponse](./kibana-plugin-plugins-data-server.iessearchresponse.md) -## IEsSearchResponse interface +## IEsSearchResponse type Signature: ```typescript -export interface IEsSearchResponse extends IKibanaSearchResponse +export declare type IEsSearchResponse = IKibanaSearchResponse>; ``` - -## Properties - -| Property | Type | Description | -| --- | --- | --- | -| [isPartial](./kibana-plugin-plugins-data-server.iessearchresponse.ispartial.md) | boolean | Indicates whether the results returned are complete or partial | -| [isRunning](./kibana-plugin-plugins-data-server.iessearchresponse.isrunning.md) | boolean | Indicates whether async search is still in flight | -| [rawResponse](./kibana-plugin-plugins-data-server.iessearchresponse.rawresponse.md) | SearchResponse<Source> | | - diff --git a/docs/development/plugins/data/server/kibana-plugin-plugins-data-server.iessearchresponse.rawresponse.md b/docs/development/plugins/data/server/kibana-plugin-plugins-data-server.iessearchresponse.rawresponse.md deleted file mode 100644 index 9987debfa551c..0000000000000 --- a/docs/development/plugins/data/server/kibana-plugin-plugins-data-server.iessearchresponse.rawresponse.md +++ /dev/null @@ -1,11 +0,0 @@ - - -[Home](./index.md) > [kibana-plugin-plugins-data-server](./kibana-plugin-plugins-data-server.md) > [IEsSearchResponse](./kibana-plugin-plugins-data-server.iessearchresponse.md) > [rawResponse](./kibana-plugin-plugins-data-server.iessearchresponse.rawresponse.md) - -## IEsSearchResponse.rawResponse property - -Signature: - -```typescript -rawResponse: SearchResponse; -``` diff --git a/docs/development/plugins/data/server/kibana-plugin-plugins-data-server.isearchsetup.md b/docs/development/plugins/data/server/kibana-plugin-plugins-data-server.isearchsetup.md index ac2ae13372f7a..3e27140e8bc08 100644 --- a/docs/development/plugins/data/server/kibana-plugin-plugins-data-server.isearchsetup.md +++ b/docs/development/plugins/data/server/kibana-plugin-plugins-data-server.isearchsetup.md @@ -15,6 +15,6 @@ export interface ISearchSetup | Property | Type | Description | | --- | --- | --- | | [aggs](./kibana-plugin-plugins-data-server.isearchsetup.aggs.md) | AggsSetup | | -| [registerSearchStrategy](./kibana-plugin-plugins-data-server.isearchsetup.registersearchstrategy.md) | <SearchStrategyRequest extends IEsSearchRequest = IEsSearchRequest, SearchStrategyResponse extends IEsSearchResponse = IEsSearchResponse>(name: string, strategy: ISearchStrategy<SearchStrategyRequest, SearchStrategyResponse>) => void | Extension point exposed for other plugins to register their own search strategies. | +| [registerSearchStrategy](./kibana-plugin-plugins-data-server.isearchsetup.registersearchstrategy.md) | <SearchStrategyRequest extends IKibanaSearchRequest = IEsSearchRequest, SearchStrategyResponse extends IKibanaSearchResponse = IEsSearchResponse>(name: string, strategy: ISearchStrategy<SearchStrategyRequest, SearchStrategyResponse>) => void | Extension point exposed for other plugins to register their own search strategies. | | [usage](./kibana-plugin-plugins-data-server.isearchsetup.usage.md) | SearchUsage | Used internally for telemetry | diff --git a/docs/development/plugins/data/server/kibana-plugin-plugins-data-server.isearchsetup.registersearchstrategy.md b/docs/development/plugins/data/server/kibana-plugin-plugins-data-server.isearchsetup.registersearchstrategy.md index f20c6f4911062..81571d343495c 100644 --- a/docs/development/plugins/data/server/kibana-plugin-plugins-data-server.isearchsetup.registersearchstrategy.md +++ b/docs/development/plugins/data/server/kibana-plugin-plugins-data-server.isearchsetup.registersearchstrategy.md @@ -9,5 +9,5 @@ Extension point exposed for other plugins to register their own search strategie Signature: ```typescript -registerSearchStrategy: (name: string, strategy: ISearchStrategy) => void; +registerSearchStrategy: (name: string, strategy: ISearchStrategy) => void; ``` diff --git a/docs/development/plugins/data/server/kibana-plugin-plugins-data-server.isearchstart.md b/docs/development/plugins/data/server/kibana-plugin-plugins-data-server.isearchstart.md index 577532d22b3d3..b8b6ee1f0b28c 100644 --- a/docs/development/plugins/data/server/kibana-plugin-plugins-data-server.isearchstart.md +++ b/docs/development/plugins/data/server/kibana-plugin-plugins-data-server.isearchstart.md @@ -7,7 +7,7 @@ Signature: ```typescript -export interface ISearchStart +export interface ISearchStart ``` ## Properties @@ -16,5 +16,5 @@ export interface ISearchStartAggsStart | | | [getSearchStrategy](./kibana-plugin-plugins-data-server.isearchstart.getsearchstrategy.md) | (name: string) => ISearchStrategy<SearchStrategyRequest, SearchStrategyResponse> | Get other registered search strategies. For example, if a new strategy needs to use the already-registered ES search strategy, it can use this function to accomplish that. | -| [search](./kibana-plugin-plugins-data-server.isearchstart.search.md) | (context: RequestHandlerContext, request: IEsSearchRequest, options: ISearchOptions) => Promise<IEsSearchResponse> | | +| [search](./kibana-plugin-plugins-data-server.isearchstart.search.md) | (context: RequestHandlerContext, request: SearchStrategyRequest, options: ISearchOptions) => Promise<SearchStrategyResponse> | | diff --git a/docs/development/plugins/data/server/kibana-plugin-plugins-data-server.isearchstart.search.md b/docs/development/plugins/data/server/kibana-plugin-plugins-data-server.isearchstart.search.md index 33ca818afc769..fdcd4d6768db5 100644 --- a/docs/development/plugins/data/server/kibana-plugin-plugins-data-server.isearchstart.search.md +++ b/docs/development/plugins/data/server/kibana-plugin-plugins-data-server.isearchstart.search.md @@ -7,5 +7,5 @@ Signature: ```typescript -search: (context: RequestHandlerContext, request: IEsSearchRequest, options: ISearchOptions) => Promise; +search: (context: RequestHandlerContext, request: SearchStrategyRequest, options: ISearchOptions) => Promise; ``` diff --git a/docs/development/plugins/data/server/kibana-plugin-plugins-data-server.isearchstrategy.md b/docs/development/plugins/data/server/kibana-plugin-plugins-data-server.isearchstrategy.md index dc076455ab272..3d2caf417f3cb 100644 --- a/docs/development/plugins/data/server/kibana-plugin-plugins-data-server.isearchstrategy.md +++ b/docs/development/plugins/data/server/kibana-plugin-plugins-data-server.isearchstrategy.md @@ -9,7 +9,7 @@ Search strategy interface contains a search method that takes in a request and r Signature: ```typescript -export interface ISearchStrategy +export interface ISearchStrategy ``` ## Properties diff --git a/docs/development/plugins/data/server/kibana-plugin-plugins-data-server.md b/docs/development/plugins/data/server/kibana-plugin-plugins-data-server.md index 7113ac935907f..f1eecd6e49b02 100644 --- a/docs/development/plugins/data/server/kibana-plugin-plugins-data-server.md +++ b/docs/development/plugins/data/server/kibana-plugin-plugins-data-server.md @@ -46,7 +46,6 @@ | [FieldDescriptor](./kibana-plugin-plugins-data-server.fielddescriptor.md) | | | [FieldFormatConfig](./kibana-plugin-plugins-data-server.fieldformatconfig.md) | | | [IEsSearchRequest](./kibana-plugin-plugins-data-server.iessearchrequest.md) | | -| [IEsSearchResponse](./kibana-plugin-plugins-data-server.iessearchresponse.md) | | | [IFieldSubType](./kibana-plugin-plugins-data-server.ifieldsubtype.md) | | | [IFieldType](./kibana-plugin-plugins-data-server.ifieldtype.md) | | | [IndexPatternAttributes](./kibana-plugin-plugins-data-server.indexpatternattributes.md) | | @@ -92,6 +91,7 @@ | [Filter](./kibana-plugin-plugins-data-server.filter.md) | | | [IAggConfig](./kibana-plugin-plugins-data-server.iaggconfig.md) | AggConfig This class represents an aggregation, which is displayed in the left-hand nav of the Visualize app. | | [IAggType](./kibana-plugin-plugins-data-server.iaggtype.md) | | +| [IEsSearchResponse](./kibana-plugin-plugins-data-server.iessearchresponse.md) | | | [IFieldFormatsRegistry](./kibana-plugin-plugins-data-server.ifieldformatsregistry.md) | | | [IFieldParamType](./kibana-plugin-plugins-data-server.ifieldparamtype.md) | | | [IMetricAggType](./kibana-plugin-plugins-data-server.imetricaggtype.md) | | diff --git a/examples/search_examples/server/my_strategy.ts b/examples/search_examples/server/my_strategy.ts index a1116ddbd759b..1f59d0a5d8f3a 100644 --- a/examples/search_examples/server/my_strategy.ts +++ b/examples/search_examples/server/my_strategy.ts @@ -20,15 +20,16 @@ import { ISearchStrategy, PluginStart } from '../../../src/plugins/data/server'; import { IMyStrategyResponse, IMyStrategyRequest } from '../common'; -export const mySearchStrategyProvider = (data: PluginStart): ISearchStrategy => { +export const mySearchStrategyProvider = ( + data: PluginStart +): ISearchStrategy => { const es = data.search.getSearchStrategy('es'); return { - search: async (context, request, options): Promise => { - request.debug = true; + search: async (context, request, options) => { const esSearchRes = await es.search(context, request, options); return { ...esSearchRes, - cool: (request as IMyStrategyRequest).get_cool ? 'YES' : 'NOPE', + cool: request.get_cool ? 'YES' : 'NOPE', }; }, cancel: async (context, id) => { diff --git a/src/plugins/data/common/search/es_search/types.ts b/src/plugins/data/common/search/es_search/types.ts index 81124c1e095f7..b1c3e5cdd3960 100644 --- a/src/plugins/data/common/search/es_search/types.ts +++ b/src/plugins/data/common/search/es_search/types.ts @@ -37,22 +37,8 @@ export type ISearchRequestParams> = { trackTotalHits?: boolean; } & Search; -export interface IEsSearchRequest extends IKibanaSearchRequest { - params?: ISearchRequestParams; +export interface IEsSearchRequest extends IKibanaSearchRequest { indexType?: string; } -export interface IEsSearchResponse extends IKibanaSearchResponse { - /** - * Indicates whether async search is still in flight - */ - isRunning?: boolean; - /** - * Indicates whether the results returned are complete or partial - */ - isPartial?: boolean; - rawResponse: SearchResponse; -} - -export const isEsResponse = (response: any): response is IEsSearchResponse => - response && response.rawResponse; +export type IEsSearchResponse = IKibanaSearchResponse>; diff --git a/src/plugins/data/common/search/es_search/utils.ts b/src/plugins/data/common/search/es_search/utils.ts index 517a0c03cf5c8..ec66a3d3f923e 100644 --- a/src/plugins/data/common/search/es_search/utils.ts +++ b/src/plugins/data/common/search/es_search/utils.ts @@ -17,25 +17,25 @@ * under the License. */ -import { IEsSearchResponse } from './types'; +import { IKibanaSearchResponse } from '..'; /** * @returns true if response had an error while executing in ES */ -export const isErrorResponse = (response?: IEsSearchResponse) => { +export const isErrorResponse = (response?: IKibanaSearchResponse) => { return !response || (!response.isRunning && response.isPartial); }; /** * @returns true if response is completed successfully */ -export const isCompleteResponse = (response?: IEsSearchResponse) => { +export const isCompleteResponse = (response?: IKibanaSearchResponse) => { return response && !response.isRunning && !response.isPartial; }; /** * @returns true if request is still running an/d response contains partial results */ -export const isPartialResponse = (response?: IEsSearchResponse) => { +export const isPartialResponse = (response?: IKibanaSearchResponse) => { return response && response.isRunning && response.isPartial; }; diff --git a/src/plugins/data/common/search/index.ts b/src/plugins/data/common/search/index.ts index 2ec4afbc60d96..2ee0db384cf06 100644 --- a/src/plugins/data/common/search/index.ts +++ b/src/plugins/data/common/search/index.ts @@ -23,4 +23,3 @@ export * from './expressions'; export * from './search_source'; export * from './tabify'; export * from './types'; -export * from './es_search'; diff --git a/src/plugins/data/common/search/types.ts b/src/plugins/data/common/search/types.ts index 0a299b57275f8..c3943af5c6ff7 100644 --- a/src/plugins/data/common/search/types.ts +++ b/src/plugins/data/common/search/types.ts @@ -26,14 +26,14 @@ export type ISearch = ( ) => Observable; export type ISearchGeneric = < - SearchStrategyRequest extends IEsSearchRequest = IEsSearchRequest, - SearchStrategyResponse extends IEsSearchResponse = IEsSearchResponse + SearchStrategyRequest extends IKibanaSearchRequest = IEsSearchRequest, + SearchStrategyResponse extends IKibanaSearchResponse = IEsSearchResponse >( request: SearchStrategyRequest, options?: ISearchOptions ) => Observable; -export interface IKibanaSearchResponse { +export interface IKibanaSearchResponse { /** * Some responses may contain a unique id to identify the request this response came from. */ @@ -50,16 +50,25 @@ export interface IKibanaSearchResponse { * that represents how progress is indicated. */ loaded?: number; + + /** + * Indicates whether search is still in flight + */ + isRunning?: boolean; + + /** + * Indicates whether the results returned are complete or partial + */ + isPartial?: boolean; + + rawResponse: RawResponse; } -export interface IKibanaSearchRequest { +export interface IKibanaSearchRequest { /** * An id can be used to uniquely identify this request. */ id?: string; - /** - * Optionally tell search strategies to output debug information. - */ - debug?: boolean; + params?: Params; } diff --git a/src/plugins/data/public/public.api.md b/src/plugins/data/public/public.api.md index 28dfbf824470c..6b419f6995447 100644 --- a/src/plugins/data/public/public.api.md +++ b/src/plugins/data/public/public.api.md @@ -918,22 +918,15 @@ export interface IDataPluginServices extends Partial { // Warning: (ae-missing-release-tag) "IEsSearchRequest" is exported by the package, but it is missing a release tag (@alpha, @beta, @public, or @internal) // // @public (undocumented) -export interface IEsSearchRequest extends IKibanaSearchRequest { +export interface IEsSearchRequest extends IKibanaSearchRequest { // (undocumented) indexType?: string; - // (undocumented) - params?: ISearchRequestParams; } // Warning: (ae-missing-release-tag) "IEsSearchResponse" is exported by the package, but it is missing a release tag (@alpha, @beta, @public, or @internal) // // @public (undocumented) -export interface IEsSearchResponse extends IKibanaSearchResponse { - isPartial?: boolean; - isRunning?: boolean; - // (undocumented) - rawResponse: SearchResponse; -} +export type IEsSearchResponse = IKibanaSearchResponse>; // Warning: (ae-missing-release-tag) "IFieldFormat" is exported by the package, but it is missing a release tag (@alpha, @beta, @public, or @internal) // @@ -1062,17 +1055,22 @@ export interface IIndexPatternFieldList extends Array { // Warning: (ae-missing-release-tag) "IKibanaSearchRequest" is exported by the package, but it is missing a release tag (@alpha, @beta, @public, or @internal) // // @public (undocumented) -export interface IKibanaSearchRequest { - debug?: boolean; +export interface IKibanaSearchRequest { id?: string; + // (undocumented) + params?: Params; } // Warning: (ae-missing-release-tag) "IKibanaSearchResponse" is exported by the package, but it is missing a release tag (@alpha, @beta, @public, or @internal) // // @public (undocumented) -export interface IKibanaSearchResponse { +export interface IKibanaSearchResponse { id?: string; + isPartial?: boolean; + isRunning?: boolean; loaded?: number; + // (undocumented) + rawResponse: RawResponse; total?: number; } @@ -1420,7 +1418,7 @@ export type InputTimeRange = TimeRange | { // Warning: (ae-missing-release-tag) "isCompleteResponse" is exported by the package, but it is missing a release tag (@alpha, @beta, @public, or @internal) // // @public (undocumented) -export const isCompleteResponse: (response?: IEsSearchResponse | undefined) => boolean | undefined; +export const isCompleteResponse: (response?: IKibanaSearchResponse | undefined) => boolean | undefined; // Warning: (ae-missing-release-tag) "ISearch" is exported by the package, but it is missing a release tag (@alpha, @beta, @public, or @internal) // @@ -1430,7 +1428,7 @@ export type ISearch = (request: IKibanaSearchRequest, options?: ISearchOptions) // Warning: (ae-missing-release-tag) "ISearchGeneric" is exported by the package, but it is missing a release tag (@alpha, @beta, @public, or @internal) // // @public (undocumented) -export type ISearchGeneric = (request: SearchStrategyRequest, options?: ISearchOptions) => Observable; +export type ISearchGeneric = (request: SearchStrategyRequest, options?: ISearchOptions) => Observable; // Warning: (ae-missing-release-tag) "ISearchOptions" is exported by the package, but it is missing a release tag (@alpha, @beta, @public, or @internal) // @@ -1477,7 +1475,7 @@ export interface ISearchStartSearchSource { // Warning: (ae-missing-release-tag) "isErrorResponse" is exported by the package, but it is missing a release tag (@alpha, @beta, @public, or @internal) // // @public (undocumented) -export const isErrorResponse: (response?: IEsSearchResponse | undefined) => boolean | undefined; +export const isErrorResponse: (response?: IKibanaSearchResponse | undefined) => boolean | undefined; // Warning: (ae-missing-release-tag) "isFilter" is exported by the package, but it is missing a release tag (@alpha, @beta, @public, or @internal) // @@ -1492,7 +1490,7 @@ export const isFilters: (x: unknown) => x is Filter[]; // Warning: (ae-missing-release-tag) "isPartialResponse" is exported by the package, but it is missing a release tag (@alpha, @beta, @public, or @internal) // // @public (undocumented) -export const isPartialResponse: (response?: IEsSearchResponse | undefined) => boolean | undefined; +export const isPartialResponse: (response?: IKibanaSearchResponse | undefined) => boolean | undefined; // Warning: (ae-missing-release-tag) "isQuery" is exported by the package, but it is missing a release tag (@alpha, @beta, @public, or @internal) // @@ -2030,8 +2028,8 @@ export class SearchInterceptor { // @internal protected pendingCount$: BehaviorSubject; // @internal (undocumented) - protected runSearch(request: IEsSearchRequest, signal: AbortSignal, strategy?: string): Observable; - search(request: IEsSearchRequest, options?: ISearchOptions): Observable; + protected runSearch(request: IEsSearchRequest, signal: AbortSignal, strategy?: string): Observable; + search(request: IEsSearchRequest, options?: ISearchOptions): Observable; // @internal (undocumented) protected setupAbortSignal({ abortSignal, timeout, }: { abortSignal?: AbortSignal; diff --git a/src/plugins/data/public/search/search_interceptor.ts b/src/plugins/data/public/search/search_interceptor.ts index 888e12a4285b1..802ee6db9433e 100644 --- a/src/plugins/data/public/search/search_interceptor.ts +++ b/src/plugins/data/public/search/search_interceptor.ts @@ -35,7 +35,7 @@ import { getCombinedSignal, AbortError, IEsSearchRequest, - IEsSearchResponse, + IKibanaSearchResponse, ISearchOptions, ES_SEARCH_STRATEGY, } from '../../common'; @@ -91,7 +91,7 @@ export class SearchInterceptor { request: IEsSearchRequest, signal: AbortSignal, strategy?: string - ): Observable { + ): Observable { const { id, ...searchRequest } = request; const path = trimEnd(`/internal/search/${strategy || ES_SEARCH_STRATEGY}/${id || ''}`, '/'); const body = JSON.stringify(searchRequest); @@ -113,7 +113,7 @@ export class SearchInterceptor { public search( request: IEsSearchRequest, options?: ISearchOptions - ): Observable { + ): Observable { // Defer the following logic until `subscribe` is actually called return defer(() => { if (options?.abortSignal?.aborted) { diff --git a/src/plugins/data/server/search/routes/search.ts b/src/plugins/data/server/search/routes/search.ts index b5d5ec283767d..492ad4395b32a 100644 --- a/src/plugins/data/server/search/routes/search.ts +++ b/src/plugins/data/server/search/routes/search.ts @@ -22,7 +22,6 @@ import { IRouter } from 'src/core/server'; import { getRequestAbortedSignal } from '../../lib'; import { SearchRouteDependencies } from '../search_service'; import { shimHitsTotal } from './shim_hits_total'; -import { isEsResponse } from '../../../common'; export function registerSearchRoute( router: IRouter, @@ -62,11 +61,9 @@ export function registerSearchRoute( return res.ok({ body: { ...response, - ...(isEsResponse(response) - ? { - rawResponse: shimHitsTotal(response.rawResponse), - } - : {}), + ...{ + rawResponse: shimHitsTotal(response.rawResponse), + }, }, }); } catch (err) { diff --git a/src/plugins/data/server/search/search_service.ts b/src/plugins/data/server/search/search_service.ts index e19d3dd8a5451..90da8c5653ac1 100644 --- a/src/plugins/data/server/search/search_service.ts +++ b/src/plugins/data/server/search/search_service.ts @@ -40,12 +40,15 @@ import { UsageCollectionSetup } from '../../../usage_collection/server'; import { registerUsageCollector } from './collectors/register'; import { usageProvider } from './collectors/usage'; import { searchTelemetry } from '../saved_objects'; -import { IEsSearchRequest, IEsSearchResponse, ISearchOptions } from '../../common'; +import { + IKibanaSearchRequest, + IKibanaSearchResponse, + IEsSearchRequest, + IEsSearchResponse, + ISearchOptions, +} from '../../common'; -type StrategyMap< - SearchStrategyRequest extends IEsSearchRequest = IEsSearchRequest, - SearchStrategyResponse extends IEsSearchResponse = IEsSearchResponse -> = Record>; +type StrategyMap = Record>; /** @internal */ export interface SearchServiceSetupDependencies { @@ -67,7 +70,7 @@ export interface SearchRouteDependencies { export class SearchService implements Plugin { private readonly aggsService = new AggsService(); private defaultSearchStrategyName: string = ES_SEARCH_STRATEGY; - private searchStrategies: StrategyMap = {}; + private searchStrategies: StrategyMap = {}; constructor( private initializerContext: PluginInitializerContext, @@ -113,19 +116,6 @@ export class SearchService implements Plugin { usage, }; } - - private search( - context: RequestHandlerContext, - searchRequest: IEsSearchRequest, - options: ISearchOptions - ) { - return this.getSearchStrategy(options.strategy || this.defaultSearchStrategyName).search( - context, - searchRequest, - options - ); - } - public start( { uiSettings }: CoreStart, { fieldFormats }: SearchServiceStartDependencies @@ -135,7 +125,7 @@ export class SearchService implements Plugin { getSearchStrategy: this.getSearchStrategy, search: ( context: RequestHandlerContext, - searchRequest: IEsSearchRequest, + searchRequest: IKibanaSearchRequest, options: Record ) => { return this.search(context, searchRequest, options); @@ -148,8 +138,8 @@ export class SearchService implements Plugin { } private registerSearchStrategy = < - SearchStrategyRequest extends IEsSearchRequest = IEsSearchRequest, - SearchStrategyResponse extends IEsSearchResponse = IEsSearchResponse + SearchStrategyRequest extends IKibanaSearchRequest = IEsSearchRequest, + SearchStrategyResponse extends IKibanaSearchResponse = IEsSearchResponse >( name: string, strategy: ISearchStrategy @@ -158,7 +148,25 @@ export class SearchService implements Plugin { this.searchStrategies[name] = strategy; }; - private getSearchStrategy = (name: string): ISearchStrategy => { + private search = < + SearchStrategyRequest extends IKibanaSearchRequest = IEsSearchRequest, + SearchStrategyResponse extends IKibanaSearchResponse = IEsSearchResponse + >( + context: RequestHandlerContext, + searchRequest: SearchStrategyRequest, + options: ISearchOptions + ): Promise => { + return this.getSearchStrategy( + options.strategy || this.defaultSearchStrategyName + ).search(context, searchRequest, options); + }; + + private getSearchStrategy = < + SearchStrategyRequest extends IKibanaSearchRequest = IEsSearchRequest, + SearchStrategyResponse extends IKibanaSearchResponse = IEsSearchResponse + >( + name: string + ): ISearchStrategy => { this.logger.debug(`Get strategy ${name}`); const strategy = this.searchStrategies[name]; if (!strategy) { diff --git a/src/plugins/data/server/search/types.ts b/src/plugins/data/server/search/types.ts index aefdac2ab639f..4764bd77278ac 100644 --- a/src/plugins/data/server/search/types.ts +++ b/src/plugins/data/server/search/types.ts @@ -18,7 +18,7 @@ */ import { RequestHandlerContext } from '../../../../core/server'; -import { ISearchOptions } from '../../common/search'; +import { ISearchOptions, IKibanaSearchRequest, IKibanaSearchResponse } from '../../common/search'; import { AggsSetup, AggsStart } from './aggs'; import { SearchUsage } from './collectors'; import { IEsSearchRequest, IEsSearchResponse } from './es_search'; @@ -34,8 +34,8 @@ export interface ISearchSetup { * strategies. */ registerSearchStrategy: < - SearchStrategyRequest extends IEsSearchRequest = IEsSearchRequest, - SearchStrategyResponse extends IEsSearchResponse = IEsSearchResponse + SearchStrategyRequest extends IKibanaSearchRequest = IEsSearchRequest, + SearchStrategyResponse extends IKibanaSearchResponse = IEsSearchResponse >( name: string, strategy: ISearchStrategy @@ -53,8 +53,8 @@ export interface ISearchSetup { } export interface ISearchStart< - SearchStrategyRequest extends IEsSearchRequest = IEsSearchRequest, - SearchStrategyResponse extends IEsSearchResponse = IEsSearchResponse + SearchStrategyRequest extends IKibanaSearchRequest = IEsSearchRequest, + SearchStrategyResponse extends IKibanaSearchResponse = IEsSearchResponse > { aggs: AggsStart; /** @@ -66,9 +66,9 @@ export interface ISearchStart< ) => ISearchStrategy; search: ( context: RequestHandlerContext, - request: IEsSearchRequest, + request: SearchStrategyRequest, options: ISearchOptions - ) => Promise; + ) => Promise; } /** @@ -76,8 +76,8 @@ export interface ISearchStart< * that resolves to a response. */ export interface ISearchStrategy< - SearchStrategyRequest extends IEsSearchRequest = IEsSearchRequest, - SearchStrategyResponse extends IEsSearchResponse = IEsSearchResponse + SearchStrategyRequest extends IKibanaSearchRequest = IEsSearchRequest, + SearchStrategyResponse extends IKibanaSearchResponse = IEsSearchResponse > { search: ( context: RequestHandlerContext, diff --git a/src/plugins/data/server/server.api.md b/src/plugins/data/server/server.api.md index 6d4112543ce0e..f465ece697a70 100644 --- a/src/plugins/data/server/server.api.md +++ b/src/plugins/data/server/server.api.md @@ -527,28 +527,20 @@ export type IAggConfigs = AggConfigs; export type IAggType = AggType; // Warning: (ae-forgotten-export) The symbol "IKibanaSearchRequest" needs to be exported by the entry point index.d.ts +// Warning: (ae-forgotten-export) The symbol "ISearchRequestParams" needs to be exported by the entry point index.d.ts // Warning: (ae-missing-release-tag) "IEsSearchRequest" is exported by the package, but it is missing a release tag (@alpha, @beta, @public, or @internal) // // @public (undocumented) -export interface IEsSearchRequest extends IKibanaSearchRequest { +export interface IEsSearchRequest extends IKibanaSearchRequest { // (undocumented) indexType?: string; - // Warning: (ae-forgotten-export) The symbol "ISearchRequestParams" needs to be exported by the entry point index.d.ts - // - // (undocumented) - params?: ISearchRequestParams; } // Warning: (ae-forgotten-export) The symbol "IKibanaSearchResponse" needs to be exported by the entry point index.d.ts // Warning: (ae-missing-release-tag) "IEsSearchResponse" is exported by the package, but it is missing a release tag (@alpha, @beta, @public, or @internal) // // @public (undocumented) -export interface IEsSearchResponse extends IKibanaSearchResponse { - isPartial?: boolean; - isRunning?: boolean; - // (undocumented) - rawResponse: SearchResponse; -} +export type IEsSearchResponse = IKibanaSearchResponse>; // Warning: (ae-missing-release-tag) "IFieldFormatsRegistry" is exported by the package, but it is missing a release tag (@alpha, @beta, @public, or @internal) // @@ -824,14 +816,14 @@ export interface ISearchSetup { // // (undocumented) aggs: AggsSetup; - registerSearchStrategy: (name: string, strategy: ISearchStrategy) => void; + registerSearchStrategy: (name: string, strategy: ISearchStrategy) => void; usage?: SearchUsage; } // Warning: (ae-missing-release-tag) "ISearchStart" is exported by the package, but it is missing a release tag (@alpha, @beta, @public, or @internal) // // @public (undocumented) -export interface ISearchStart { +export interface ISearchStart { // Warning: (ae-forgotten-export) The symbol "AggsStart" needs to be exported by the entry point index.d.ts // // (undocumented) @@ -840,13 +832,13 @@ export interface ISearchStart Promise; + search: (context: RequestHandlerContext, request: SearchStrategyRequest, options: ISearchOptions) => Promise; } // Warning: (ae-missing-release-tag) "ISearchStrategy" is exported by the package, but it is missing a release tag (@alpha, @beta, @public, or @internal) // // @public -export interface ISearchStrategy { +export interface ISearchStrategy { // (undocumented) cancel?: (context: RequestHandlerContext, id: string) => Promise; // (undocumented) From 57d10144f9d9d661257d9eb86dad78b3bffab7cc Mon Sep 17 00:00:00 2001 From: Brandon Kobel Date: Thu, 24 Sep 2020 09:08:50 -0700 Subject: [PATCH 03/89] elasticsearch::Client#child performance improvements (#77836) * Updating the version of the elasticsearch-js Client * ES Client methods aren't implicitly bound to the Client anymore * Adjusting mocks to work with prototypical inheritance * Fixing effects of ping returning a Boolean, now. * Updating @elastic/elasticsearch to 7.9.1 * Responding to @restrry's feedback * Now with destructuring... --- package.json | 2 +- src/core/server/elasticsearch/client/mocks.ts | 57 +++++++++++++------ .../migrations/core/migration_es_client.ts | 2 +- .../server/plugin.ts | 6 +- yarn.lock | 8 +-- 5 files changed, 49 insertions(+), 26 deletions(-) diff --git a/package.json b/package.json index 6703b688b19fd..5345f8752d4af 100644 --- a/package.json +++ b/package.json @@ -118,7 +118,7 @@ "@babel/core": "^7.11.1", "@babel/register": "^7.10.5", "@elastic/datemath": "5.0.3", - "@elastic/elasticsearch": "7.9.0-rc.2", + "@elastic/elasticsearch": "7.9.1", "@elastic/eui": "29.0.0", "@elastic/good": "8.1.1-kibana2", "@elastic/numeral": "^2.5.0", diff --git a/src/core/server/elasticsearch/client/mocks.ts b/src/core/server/elasticsearch/client/mocks.ts index 6fb3dc090bfb4..fb2826c787718 100644 --- a/src/core/server/elasticsearch/client/mocks.ts +++ b/src/core/server/elasticsearch/client/mocks.ts @@ -31,6 +31,7 @@ const createInternalClientMock = (): DeeplyMockedKeys => { '_events', '_eventsCount', '_maxListeners', + 'constructor', 'name', 'serializer', 'connectionPool', @@ -38,35 +39,57 @@ const createInternalClientMock = (): DeeplyMockedKeys => { 'helpers', ]; + const getAllPropertyDescriptors = (obj: Record) => { + const descriptors = Object.entries(Object.getOwnPropertyDescriptors(obj)); + let prototype = Object.getPrototypeOf(obj); + while (prototype != null && prototype !== Object.prototype) { + descriptors.push(...Object.entries(Object.getOwnPropertyDescriptors(prototype))); + prototype = Object.getPrototypeOf(prototype); + } + return descriptors; + }; + const mockify = (obj: Record, omitted: string[] = []) => { - Object.keys(obj) - .filter((key) => !omitted.includes(key)) - .forEach((key) => { - const propType = typeof obj[key]; - if (propType === 'function') { + // the @elastic/elasticsearch::Client uses prototypical inheritance + // so we have to crawl up the prototype chain and get all descriptors + // to find everything that we should be mocking + const descriptors = getAllPropertyDescriptors(obj); + descriptors + .filter(([key]) => !omitted.includes(key)) + .forEach(([key, descriptor]) => { + if (typeof descriptor.value === 'function') { obj[key] = jest.fn(() => createSuccessTransportRequestPromise({})); - } else if (propType === 'object' && obj[key] != null) { - mockify(obj[key]); + } else if (typeof obj[key] === 'object' && obj[key] != null) { + mockify(obj[key], omitted); } }); }; mockify(client, omittedProps); - // client got some read-only (getter) properties - // so we need to extend it to override the getter-only props. - const mock: any = { ...client }; + client.close = jest.fn().mockReturnValue(Promise.resolve()); + client.child = jest.fn().mockImplementation(() => createInternalClientMock()); + + const mockGetter = (obj: Record, propertyName: string) => { + Object.defineProperty(obj, propertyName, { + configurable: true, + enumerable: false, + get: () => jest.fn(), + set: undefined, + }); + }; - mock.transport = { + // `on`, `off`, and `once` are properties without a setter. + // We can't `client.on = jest.fn()` because the following error will be thrown: + // TypeError: Cannot set property on of # which has only a getter + mockGetter(client, 'on'); + mockGetter(client, 'off'); + mockGetter(client, 'once'); + client.transport = { request: jest.fn(), }; - mock.close = jest.fn().mockReturnValue(Promise.resolve()); - mock.child = jest.fn().mockImplementation(() => createInternalClientMock()); - mock.on = jest.fn(); - mock.off = jest.fn(); - mock.once = jest.fn(); - return (mock as unknown) as DeeplyMockedKeys; + return client as DeeplyMockedKeys; }; export type ElasticsearchClientMock = DeeplyMockedKeys; diff --git a/src/core/server/saved_objects/migrations/core/migration_es_client.ts b/src/core/server/saved_objects/migrations/core/migration_es_client.ts index ff859057f8fe8..e8482e6352a82 100644 --- a/src/core/server/saved_objects/migrations/core/migration_es_client.ts +++ b/src/core/server/saved_objects/migrations/core/migration_es_client.ts @@ -80,7 +80,7 @@ export function createMigrationEsClient( throw new Error(`unknown ElasticsearchClient client method [${key}]`); } return await migrationRetryCallCluster( - () => fn(params, { maxRetries: 0, ...options }), + () => fn.call(client, params, { maxRetries: 0, ...options }), log, delay ); diff --git a/test/plugin_functional/plugins/elasticsearch_client_plugin/server/plugin.ts b/test/plugin_functional/plugins/elasticsearch_client_plugin/server/plugin.ts index 5e018ca7818d3..8b6c8a99c73e8 100644 --- a/test/plugin_functional/plugins/elasticsearch_client_plugin/server/plugin.ts +++ b/test/plugin_functional/plugins/elasticsearch_client_plugin/server/plugin.ts @@ -26,7 +26,7 @@ export class ElasticsearchClientPlugin implements Plugin { { path: '/api/elasticsearch_client_plugin/context/ping', validate: false }, async (context, req, res) => { const { body } = await context.core.elasticsearch.client.asInternalUser.ping(); - return res.ok({ body }); + return res.ok({ body: JSON.stringify(body) }); } ); router.get( @@ -34,14 +34,14 @@ export class ElasticsearchClientPlugin implements Plugin { async (context, req, res) => { const [coreStart] = await core.getStartServices(); const { body } = await coreStart.elasticsearch.client.asInternalUser.ping(); - return res.ok({ body }); + return res.ok({ body: JSON.stringify(body) }); } ); router.get( { path: '/api/elasticsearch_client_plugin/custom_client/ping', validate: false }, async (context, req, res) => { const { body } = await this.client!.asInternalUser.ping(); - return res.ok({ body }); + return res.ok({ body: JSON.stringify(body) }); } ); } diff --git a/yarn.lock b/yarn.lock index 06e735c5caf85..182eb90d5f7a4 100644 --- a/yarn.lock +++ b/yarn.lock @@ -1204,10 +1204,10 @@ pump "^3.0.0" secure-json-parse "^2.1.0" -"@elastic/elasticsearch@7.9.0-rc.2": - version "7.9.0-rc.2" - resolved "https://registry.yarnpkg.com/@elastic/elasticsearch/-/elasticsearch-7.9.0-rc.2.tgz#cbc935f30940a15484b5ec3758c9b1ef119a5e5c" - integrity sha512-1FKCQJVr7s/LasKq6VbrmbWCI0LjoPcnjgmh2vKPzC+yyEEHVoYlmEfR5wBRchK1meATTXZtDhCVF95+Q9kVbA== +"@elastic/elasticsearch@7.9.1": + version "7.9.1" + resolved "https://registry.yarnpkg.com/@elastic/elasticsearch/-/elasticsearch-7.9.1.tgz#40f1c38e8f70d783851c13be78a7cb346891c15e" + integrity sha512-NfPADbm9tRK/4ohpm9+aBtJ8WPKQqQaReyBKT225pi2oKQO1IzRlfM+OPplAvbhoH1efrSj1NKk27L+4BCrzXQ== dependencies: debug "^4.1.1" decompress-response "^4.2.0" From b8739c553bf781f50f0d27edffd9556179cdf4b8 Mon Sep 17 00:00:00 2001 From: Rashmi Kulkarni Date: Thu, 24 Sep 2020 09:12:41 -0700 Subject: [PATCH 04/89] test for dashboard drilldown (#78377) --- .../drilldowns/dashboard_to_dashboard_drilldown.ts | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/x-pack/test/functional/apps/dashboard/drilldowns/dashboard_to_dashboard_drilldown.ts b/x-pack/test/functional/apps/dashboard/drilldowns/dashboard_to_dashboard_drilldown.ts index c300412c393bc..43b88915b69d9 100644 --- a/x-pack/test/functional/apps/dashboard/drilldowns/dashboard_to_dashboard_drilldown.ts +++ b/x-pack/test/functional/apps/dashboard/drilldowns/dashboard_to_dashboard_drilldown.ts @@ -21,14 +21,20 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) { const retry = getService('retry'); const testSubjects = getService('testSubjects'); const filterBar = getService('filterBar'); + const security = getService('security'); describe('Dashboard to dashboard drilldown', function () { before(async () => { log.debug('Dashboard Drilldowns:initTests'); + await security.testUser.setRoles(['test_logstash_reader', 'global_dashboard_all']); await PageObjects.common.navigateToApp('dashboard'); await PageObjects.dashboard.preserveCrossAppState(); }); + after(async () => { + await security.testUser.restoreDefaults(); + }); + it('should create dashboard to dashboard drilldown, use it, and then delete it', async () => { await PageObjects.dashboard.gotoDashboardEditMode( dashboardDrilldownsManage.DASHBOARD_WITH_PIE_CHART_NAME From 179c7d996c22fd34cbd5ede8dbdd78c6eb384838 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Patryk=20Kopyci=C5=84ski?= Date: Thu, 24 Sep 2020 18:23:44 +0200 Subject: [PATCH 05/89] [Security Solution] Cleanup graphql (#78403) * [Security Solution] Cleanup graphql * cleanup * cleanup * fix types Co-authored-by: Elastic Machine --- .../common/ecs/network/index.ts | 5 - .../security_solution/network/common/index.ts | 11 + .../components/event_details/json_view.tsx | 6 +- .../common/components/event_details/types.ts | 4 +- .../components/last_event_time/index.test.tsx | 10 +- .../components/last_event_time/index.tsx | 3 +- .../components/matrix_histogram/utils.test.ts | 4 +- .../components/matrix_histogram/utils.ts | 6 +- .../last_event_time.gql_query.ts | 29 - .../containers/events/last_event_time/mock.ts | 52 +- .../matrix_histogram/index.gql_query.ts | 41 - .../public/common/mock/mock_detail_item.ts | 4 +- .../public/common/mock/timeline_results.ts | 11 +- .../components/alerts_table/actions.test.tsx | 15 + .../components/alerts_table/actions.tsx | 31 +- .../components/alerts_table/helpers.ts | 13 +- .../investigate_in_timeline_action.tsx | 14 +- .../components/alerts_table/types.ts | 2 + .../public/graphql/introspection.json | 10410 +++++----------- .../security_solution/public/graphql/types.ts | 4287 ++----- .../authentications/index.gql_query.ts | 74 - .../kpi_host_details/index.gql_query.tsx | 52 - .../containers/kpi_host_details/index.tsx | 93 - .../containers/kpi_hosts/index.gql_query.ts | 52 - .../public/hosts/pages/details/index.tsx | 3 +- .../public/hosts/pages/hosts.tsx | 2 +- .../network/components/direction/index.tsx | 2 +- .../__snapshots__/index.test.tsx.snap | 2 +- .../components/network_dns_table/columns.tsx | 2 +- .../network_dns_table/index.test.tsx | 26 +- .../components/network_dns_table/index.tsx | 216 +- .../components/network_dns_table/mock.ts | 345 +- .../__snapshots__/index.test.tsx.snap | 101 +- .../network_http_table/index.test.tsx | 26 +- .../components/network_http_table/mock.ts | 144 +- .../__snapshots__/index.test.tsx.snap | 12 +- .../network_top_n_flow_table/columns.tsx | 2 +- .../network_top_n_flow_table/index.test.tsx | 40 +- .../network_top_n_flow_table/index.tsx | 83 +- .../network_top_n_flow_table/mock.ts | 130 +- .../containers/kpi_network/index.gql_query.ts | 44 - .../containers/network_dns/index.gql_query.ts | 58 - .../network/containers/network_dns/index.tsx | 2 +- .../network_http/index.gql_query.ts | 57 - .../network/containers/network_http/index.tsx | 3 +- .../network_top_countries/index.gql_query.ts | 68 - .../network_top_n_flow/index.gql_query.ts | 98 - .../public/network/pages/details/index.tsx | 4 +- .../public/network/pages/network.tsx | 2 +- .../components/timeline/footer/index.test.tsx | 39 +- .../components/timeline/footer/mock.ts | 86 - .../containers/details/index.gql_query.ts | 33 - .../timelines/containers/index.gql_query.ts | 375 - .../server/graphql/authentications/index.ts | 8 - .../graphql/authentications/resolvers.ts | 35 - .../graphql/authentications/schema.gql.ts | 47 - .../server/graphql/events/index.ts | 8 - .../server/graphql/events/resolvers.ts | 105 - .../server/graphql/events/schema.gql.ts | 95 - .../security_solution/server/graphql/index.ts | 14 - .../server/graphql/kpi_hosts/index.ts | 8 - .../server/graphql/kpi_hosts/resolvers.ts | 45 - .../server/graphql/kpi_hosts/schema.gql.ts | 56 - .../server/graphql/kpi_network/index.ts | 8 - .../server/graphql/kpi_network/resolvers.ts | 35 - .../server/graphql/kpi_network/schema.gql.ts | 35 - .../server/graphql/matrix_histogram/index.ts | 8 - .../graphql/matrix_histogram/resolvers.ts | 39 - .../graphql/matrix_histogram/schema.gql.ts | 39 - .../server/graphql/network/index.ts | 8 - .../server/graphql/network/resolvers.ts | 83 - .../server/graphql/network/schema.gql.ts | 253 - .../security_solution/server/graphql/types.ts | 9367 ++++++-------- .../server/graphql/who_am_i/index.ts | 8 - .../server/graphql/who_am_i/resolvers.ts | 28 - .../server/graphql/who_am_i/schema.gql.ts | 19 - .../security_solution/server/init_server.ts | 15 - .../elasticsearch_adapter.test.ts | 135 - .../authentications/elasticsearch_adapter.ts | 119 - .../server/lib/authentications/index.ts | 21 - .../server/lib/authentications/query.dsl.ts | 121 - .../server/lib/authentications/types.ts | 62 - .../server/lib/compose/kibana.ts | 15 - .../lib/events/elasticsearch_adapter.test.ts | 549 - .../lib/events/elasticsearch_adapter.ts | 264 - .../server/lib/events/index.ts | 40 - .../server/lib/events/mock.ts | 3412 ----- .../server/lib/events/query.dsl.ts | 104 - .../lib/events/query.last_event_time.dsl.ts | 91 - .../server/lib/events/types.ts | 97 - .../server/lib/framework/types.ts | 7 - .../kpi_hosts/elasticsearch_adapter.test.ts | 282 - .../lib/kpi_hosts/elasticsearch_adapter.ts | 205 - .../server/lib/kpi_hosts/helpers.test.ts | 21 - .../server/lib/kpi_hosts/helpers.ts | 11 - .../server/lib/kpi_hosts/index.ts | 28 - .../server/lib/kpi_hosts/mock.ts | 606 - .../query_authentication.dsl.test.ts | 30 - .../lib/kpi_hosts/query_authentication.dsl.ts | 105 - .../server/lib/kpi_hosts/query_hosts.dsl.ts | 69 - .../kpi_hosts/query_unique_ips.dsl.test.ts | 24 - .../lib/kpi_hosts/query_unique_ips.dsl.ts | 87 - .../server/lib/kpi_hosts/types.ts | 126 - .../lib/kpi_network/elastic_adapter.test.ts | 147 - .../lib/kpi_network/elasticsearch_adapter.ts | 113 - .../server/lib/kpi_network/helpers.ts | 25 - .../server/lib/kpi_network/index.ts | 21 - .../server/lib/kpi_network/mock.ts | 335 - .../server/lib/kpi_network/query_dns.dsl.ts | 78 - .../lib/kpi_network/query_network_events.ts | 52 - .../kpi_network/query_tls_handshakes.dsl.ts | 78 - .../lib/kpi_network/query_unique_flow.ts | 59 - .../query_unique_private_ips.dsl.ts | 108 - .../server/lib/kpi_network/types.ts | 50 - .../matrix_histogram/elasticsearch_adapter.ts | 81 - .../elasticseatch_adapter.test.ts | 56 - .../server/lib/matrix_histogram/index.ts | 21 - .../server/lib/matrix_histogram/mock.ts | 118 - .../query.anomalies_over_time.dsl.ts | 78 - .../query.authentications_over_time.dsl.ts | 92 - .../query.events_over_time.dsl.ts | 93 - .../lib/matrix_histogram/query_alerts.dsl.ts | 121 - .../query_dns_histogram.dsl.ts | 84 - .../lib/matrix_histogram/translations.ts | 14 - .../server/lib/matrix_histogram/types.ts | 144 - .../server/lib/matrix_histogram/utils.ts | 50 - .../elastic_adapter.test.ts.snap | 1366 -- .../lib/network/elastic_adapter.test.ts | 171 - .../lib/network/elasticsearch_adapter.ts | 361 - .../server/lib/network/index.ts | 77 - .../server/lib/network/mock.ts | 1675 --- .../server/lib/network/query_dns.dsl.ts | 134 - .../server/lib/network/query_http.dsl.ts | 116 - .../lib/network/query_top_countries.dsl.ts | 153 - .../lib/network/query_top_n_flow.dsl.ts | 194 - .../server/lib/network/types.ts | 165 - .../security_solution/server/lib/types.ts | 12 - .../apis/security_solution/authentications.ts | 2 + .../apis/security_solution/index.js | 14 +- .../security_solution/kpi_host_details.ts | 2 + .../apis/security_solution/kpi_hosts.ts | 2 + .../apis/security_solution/kpi_network.ts | 2 + .../apis/security_solution/network_dns.ts | 5 + .../security_solution/network_top_n_flow.ts | 5 + .../apis/security_solution/timeline.ts | 2 + .../security_solution/timeline_details.ts | 3 + 146 files changed, 8597 insertions(+), 32113 deletions(-) delete mode 100644 x-pack/plugins/security_solution/public/common/containers/events/last_event_time/last_event_time.gql_query.ts delete mode 100644 x-pack/plugins/security_solution/public/common/containers/matrix_histogram/index.gql_query.ts delete mode 100644 x-pack/plugins/security_solution/public/hosts/containers/authentications/index.gql_query.ts delete mode 100644 x-pack/plugins/security_solution/public/hosts/containers/kpi_host_details/index.gql_query.tsx delete mode 100644 x-pack/plugins/security_solution/public/hosts/containers/kpi_host_details/index.tsx delete mode 100644 x-pack/plugins/security_solution/public/hosts/containers/kpi_hosts/index.gql_query.ts delete mode 100644 x-pack/plugins/security_solution/public/network/containers/kpi_network/index.gql_query.ts delete mode 100644 x-pack/plugins/security_solution/public/network/containers/network_dns/index.gql_query.ts delete mode 100644 x-pack/plugins/security_solution/public/network/containers/network_http/index.gql_query.ts delete mode 100644 x-pack/plugins/security_solution/public/network/containers/network_top_countries/index.gql_query.ts delete mode 100644 x-pack/plugins/security_solution/public/network/containers/network_top_n_flow/index.gql_query.ts delete mode 100644 x-pack/plugins/security_solution/public/timelines/components/timeline/footer/mock.ts delete mode 100644 x-pack/plugins/security_solution/public/timelines/containers/details/index.gql_query.ts delete mode 100644 x-pack/plugins/security_solution/public/timelines/containers/index.gql_query.ts delete mode 100644 x-pack/plugins/security_solution/server/graphql/authentications/index.ts delete mode 100644 x-pack/plugins/security_solution/server/graphql/authentications/resolvers.ts delete mode 100644 x-pack/plugins/security_solution/server/graphql/authentications/schema.gql.ts delete mode 100644 x-pack/plugins/security_solution/server/graphql/events/index.ts delete mode 100644 x-pack/plugins/security_solution/server/graphql/events/resolvers.ts delete mode 100644 x-pack/plugins/security_solution/server/graphql/events/schema.gql.ts delete mode 100644 x-pack/plugins/security_solution/server/graphql/kpi_hosts/index.ts delete mode 100644 x-pack/plugins/security_solution/server/graphql/kpi_hosts/resolvers.ts delete mode 100644 x-pack/plugins/security_solution/server/graphql/kpi_hosts/schema.gql.ts delete mode 100644 x-pack/plugins/security_solution/server/graphql/kpi_network/index.ts delete mode 100644 x-pack/plugins/security_solution/server/graphql/kpi_network/resolvers.ts delete mode 100644 x-pack/plugins/security_solution/server/graphql/kpi_network/schema.gql.ts delete mode 100644 x-pack/plugins/security_solution/server/graphql/matrix_histogram/index.ts delete mode 100644 x-pack/plugins/security_solution/server/graphql/matrix_histogram/resolvers.ts delete mode 100644 x-pack/plugins/security_solution/server/graphql/matrix_histogram/schema.gql.ts delete mode 100644 x-pack/plugins/security_solution/server/graphql/network/index.ts delete mode 100644 x-pack/plugins/security_solution/server/graphql/network/resolvers.ts delete mode 100644 x-pack/plugins/security_solution/server/graphql/network/schema.gql.ts delete mode 100644 x-pack/plugins/security_solution/server/graphql/who_am_i/index.ts delete mode 100644 x-pack/plugins/security_solution/server/graphql/who_am_i/resolvers.ts delete mode 100644 x-pack/plugins/security_solution/server/graphql/who_am_i/schema.gql.ts delete mode 100644 x-pack/plugins/security_solution/server/lib/authentications/elasticsearch_adapter.test.ts delete mode 100644 x-pack/plugins/security_solution/server/lib/authentications/elasticsearch_adapter.ts delete mode 100644 x-pack/plugins/security_solution/server/lib/authentications/index.ts delete mode 100644 x-pack/plugins/security_solution/server/lib/authentications/query.dsl.ts delete mode 100644 x-pack/plugins/security_solution/server/lib/authentications/types.ts delete mode 100644 x-pack/plugins/security_solution/server/lib/events/elasticsearch_adapter.test.ts delete mode 100644 x-pack/plugins/security_solution/server/lib/events/elasticsearch_adapter.ts delete mode 100644 x-pack/plugins/security_solution/server/lib/events/index.ts delete mode 100644 x-pack/plugins/security_solution/server/lib/events/mock.ts delete mode 100644 x-pack/plugins/security_solution/server/lib/events/query.dsl.ts delete mode 100644 x-pack/plugins/security_solution/server/lib/events/query.last_event_time.dsl.ts delete mode 100644 x-pack/plugins/security_solution/server/lib/events/types.ts delete mode 100644 x-pack/plugins/security_solution/server/lib/kpi_hosts/elasticsearch_adapter.test.ts delete mode 100644 x-pack/plugins/security_solution/server/lib/kpi_hosts/elasticsearch_adapter.ts delete mode 100644 x-pack/plugins/security_solution/server/lib/kpi_hosts/helpers.test.ts delete mode 100644 x-pack/plugins/security_solution/server/lib/kpi_hosts/helpers.ts delete mode 100644 x-pack/plugins/security_solution/server/lib/kpi_hosts/index.ts delete mode 100644 x-pack/plugins/security_solution/server/lib/kpi_hosts/mock.ts delete mode 100644 x-pack/plugins/security_solution/server/lib/kpi_hosts/query_authentication.dsl.test.ts delete mode 100644 x-pack/plugins/security_solution/server/lib/kpi_hosts/query_authentication.dsl.ts delete mode 100644 x-pack/plugins/security_solution/server/lib/kpi_hosts/query_hosts.dsl.ts delete mode 100644 x-pack/plugins/security_solution/server/lib/kpi_hosts/query_unique_ips.dsl.test.ts delete mode 100644 x-pack/plugins/security_solution/server/lib/kpi_hosts/query_unique_ips.dsl.ts delete mode 100644 x-pack/plugins/security_solution/server/lib/kpi_hosts/types.ts delete mode 100644 x-pack/plugins/security_solution/server/lib/kpi_network/elastic_adapter.test.ts delete mode 100644 x-pack/plugins/security_solution/server/lib/kpi_network/elasticsearch_adapter.ts delete mode 100644 x-pack/plugins/security_solution/server/lib/kpi_network/helpers.ts delete mode 100644 x-pack/plugins/security_solution/server/lib/kpi_network/index.ts delete mode 100644 x-pack/plugins/security_solution/server/lib/kpi_network/mock.ts delete mode 100644 x-pack/plugins/security_solution/server/lib/kpi_network/query_dns.dsl.ts delete mode 100644 x-pack/plugins/security_solution/server/lib/kpi_network/query_network_events.ts delete mode 100644 x-pack/plugins/security_solution/server/lib/kpi_network/query_tls_handshakes.dsl.ts delete mode 100644 x-pack/plugins/security_solution/server/lib/kpi_network/query_unique_flow.ts delete mode 100644 x-pack/plugins/security_solution/server/lib/kpi_network/query_unique_private_ips.dsl.ts delete mode 100644 x-pack/plugins/security_solution/server/lib/kpi_network/types.ts delete mode 100644 x-pack/plugins/security_solution/server/lib/matrix_histogram/elasticsearch_adapter.ts delete mode 100644 x-pack/plugins/security_solution/server/lib/matrix_histogram/elasticseatch_adapter.test.ts delete mode 100644 x-pack/plugins/security_solution/server/lib/matrix_histogram/index.ts delete mode 100644 x-pack/plugins/security_solution/server/lib/matrix_histogram/mock.ts delete mode 100644 x-pack/plugins/security_solution/server/lib/matrix_histogram/query.anomalies_over_time.dsl.ts delete mode 100644 x-pack/plugins/security_solution/server/lib/matrix_histogram/query.authentications_over_time.dsl.ts delete mode 100644 x-pack/plugins/security_solution/server/lib/matrix_histogram/query.events_over_time.dsl.ts delete mode 100644 x-pack/plugins/security_solution/server/lib/matrix_histogram/query_alerts.dsl.ts delete mode 100644 x-pack/plugins/security_solution/server/lib/matrix_histogram/query_dns_histogram.dsl.ts delete mode 100644 x-pack/plugins/security_solution/server/lib/matrix_histogram/translations.ts delete mode 100644 x-pack/plugins/security_solution/server/lib/matrix_histogram/types.ts delete mode 100644 x-pack/plugins/security_solution/server/lib/matrix_histogram/utils.ts delete mode 100644 x-pack/plugins/security_solution/server/lib/network/__snapshots__/elastic_adapter.test.ts.snap delete mode 100644 x-pack/plugins/security_solution/server/lib/network/elastic_adapter.test.ts delete mode 100644 x-pack/plugins/security_solution/server/lib/network/elasticsearch_adapter.ts delete mode 100644 x-pack/plugins/security_solution/server/lib/network/index.ts delete mode 100644 x-pack/plugins/security_solution/server/lib/network/mock.ts delete mode 100644 x-pack/plugins/security_solution/server/lib/network/query_dns.dsl.ts delete mode 100644 x-pack/plugins/security_solution/server/lib/network/query_http.dsl.ts delete mode 100644 x-pack/plugins/security_solution/server/lib/network/query_top_countries.dsl.ts delete mode 100644 x-pack/plugins/security_solution/server/lib/network/query_top_n_flow.dsl.ts delete mode 100644 x-pack/plugins/security_solution/server/lib/network/types.ts diff --git a/x-pack/plugins/security_solution/common/ecs/network/index.ts b/x-pack/plugins/security_solution/common/ecs/network/index.ts index c2fc3cb4b9f48..18f7583d12231 100644 --- a/x-pack/plugins/security_solution/common/ecs/network/index.ts +++ b/x-pack/plugins/security_solution/common/ecs/network/index.ts @@ -6,14 +6,9 @@ export interface NetworkEcs { bytes?: number[]; - community_id?: string[]; - direction?: string[]; - packets?: number[]; - protocol?: string[]; - transport?: string[]; } diff --git a/x-pack/plugins/security_solution/common/search_strategy/security_solution/network/common/index.ts b/x-pack/plugins/security_solution/common/search_strategy/security_solution/network/common/index.ts index 19521741c5f66..b557755b07a03 100644 --- a/x-pack/plugins/security_solution/common/search_strategy/security_solution/network/common/index.ts +++ b/x-pack/plugins/security_solution/common/search_strategy/security_solution/network/common/index.ts @@ -7,6 +7,17 @@ import { GeoEcs } from '../../../../ecs/geo'; import { Maybe } from '../../..'; +export enum NetworkDirectionEcs { + inbound = 'inbound', + outbound = 'outbound', + internal = 'internal', + external = 'external', + incoming = 'incoming', + outgoing = 'outgoing', + listening = 'listening', + unknown = 'unknown', +} + export enum NetworkTopTablesFields { bytes_in = 'bytes_in', bytes_out = 'bytes_out', diff --git a/x-pack/plugins/security_solution/public/common/components/event_details/json_view.tsx b/x-pack/plugins/security_solution/public/common/components/event_details/json_view.tsx index 1b8177b2038ae..168fe6e65564d 100644 --- a/x-pack/plugins/security_solution/public/common/components/event_details/json_view.tsx +++ b/x-pack/plugins/security_solution/public/common/components/event_details/json_view.tsx @@ -9,11 +9,11 @@ import { set } from '@elastic/safer-lodash-set/fp'; import React from 'react'; import styled from 'styled-components'; -import { DetailItem } from '../../../graphql/types'; +import { TimelineEventsDetailsItem } from '../../../../common/search_strategy'; import { omitTypenameAndEmpty } from '../../../timelines/components/timeline/body/helpers'; interface Props { - data: DetailItem[]; + data: TimelineEventsDetailsItem[]; } const JsonEditor = styled.div` @@ -40,5 +40,5 @@ export const JsonView = React.memo(({ data }) => ( JsonView.displayName = 'JsonView'; -export const buildJsonView = (data: DetailItem[]) => +export const buildJsonView = (data: TimelineEventsDetailsItem[]) => data.reduce((accumulator, item) => set(item.field, item.originalValue, accumulator), {}); diff --git a/x-pack/plugins/security_solution/public/common/components/event_details/types.ts b/x-pack/plugins/security_solution/public/common/components/event_details/types.ts index db53f411fa518..ed27a57745787 100644 --- a/x-pack/plugins/security_solution/public/common/components/event_details/types.ts +++ b/x-pack/plugins/security_solution/public/common/components/event_details/types.ts @@ -5,6 +5,6 @@ */ import { BrowserField } from '../../containers/source'; -import { DetailItem } from '../../../graphql/types'; +import { TimelineEventsDetailsItem } from '../../../../common/search_strategy'; -export type EventFieldsData = BrowserField & DetailItem; +export type EventFieldsData = BrowserField & TimelineEventsDetailsItem; diff --git a/x-pack/plugins/security_solution/public/common/components/last_event_time/index.test.tsx b/x-pack/plugins/security_solution/public/common/components/last_event_time/index.test.tsx index c2800b0705b43..cc0c4d4c837a3 100644 --- a/x-pack/plugins/security_solution/public/common/components/last_event_time/index.test.tsx +++ b/x-pack/plugins/security_solution/public/common/components/last_event_time/index.test.tsx @@ -7,7 +7,7 @@ import React from 'react'; import { getEmptyValue } from '../empty_value'; -import { LastEventIndexKey } from '../../../graphql/types'; +import { LastEventIndexKey } from '../../../../common/search_strategy'; import { mockLastEventTimeQuery } from '../../containers/events/last_event_time/mock'; import { useMountAppended } from '../../utils/use_mount_appended'; @@ -48,8 +48,8 @@ describe('Last Event Time Stat', () => { (useTimelineLastEventTime as jest.Mock).mockReturnValue([ false, { - lastSeen: mockLastEventTimeQuery[0].result.data!.source.LastEventTime.lastSeen, - errorMessage: mockLastEventTimeQuery[0].result.data!.source.LastEventTime.errorMessage, + lastSeen: mockLastEventTimeQuery.lastSeen, + errorMessage: mockLastEventTimeQuery.errorMessage, }, ]); const wrapper = mount( @@ -64,7 +64,7 @@ describe('Last Event Time Stat', () => { false, { lastSeen: 'something-invalid', - errorMessage: mockLastEventTimeQuery[0].result.data!.source.LastEventTime.errorMessage, + errorMessage: mockLastEventTimeQuery.errorMessage, }, ]); const wrapper = mount( @@ -80,7 +80,7 @@ describe('Last Event Time Stat', () => { false, { lastSeen: null, - errorMessage: mockLastEventTimeQuery[0].result.data!.source.LastEventTime.errorMessage, + errorMessage: mockLastEventTimeQuery.errorMessage, }, ]); const wrapper = mount( diff --git a/x-pack/plugins/security_solution/public/common/components/last_event_time/index.tsx b/x-pack/plugins/security_solution/public/common/components/last_event_time/index.tsx index d508040f84239..fe827b3ab324c 100644 --- a/x-pack/plugins/security_solution/public/common/components/last_event_time/index.tsx +++ b/x-pack/plugins/security_solution/public/common/components/last_event_time/index.tsx @@ -8,8 +8,7 @@ import { EuiIcon, EuiLoadingSpinner, EuiToolTip } from '@elastic/eui'; import { FormattedMessage } from '@kbn/i18n/react'; import React, { memo } from 'react'; -import { DocValueFields } from '../../../../common/search_strategy'; -import { LastEventIndexKey } from '../../../graphql/types'; +import { DocValueFields, LastEventIndexKey } from '../../../../common/search_strategy'; import { useTimelineLastEventTime } from '../../containers/events/last_event_time'; import { getEmptyTagValue } from '../empty_value'; import { FormattedRelativePreferenceDate } from '../formatted_date'; diff --git a/x-pack/plugins/security_solution/public/common/components/matrix_histogram/utils.test.ts b/x-pack/plugins/security_solution/public/common/components/matrix_histogram/utils.test.ts index 7a3f44d3ea729..03fa55a3c9fa6 100644 --- a/x-pack/plugins/security_solution/public/common/components/matrix_histogram/utils.test.ts +++ b/x-pack/plugins/security_solution/public/common/components/matrix_histogram/utils.test.ts @@ -13,7 +13,7 @@ import { } from './utils'; import { UpdateDateRange } from '../charts/common'; import { Position } from '@elastic/charts'; -import { MatrixOverTimeHistogramData } from '../../../graphql/types'; +import { MatrixHistogramData } from '../../../../common/search_strategy'; import { BarchartConfigs } from './types'; describe('utils', () => { @@ -77,7 +77,7 @@ describe('utils', () => { describe('formatToChartDataItem', () => { test('it should format data correctly', () => { - const data: [string, MatrixOverTimeHistogramData[]] = [ + const data: [string, MatrixHistogramData[]] = [ 'g1', [ { x: 1, y: 2, g: 'g1' }, diff --git a/x-pack/plugins/security_solution/public/common/components/matrix_histogram/utils.ts b/x-pack/plugins/security_solution/public/common/components/matrix_histogram/utils.ts index 9474929d35a51..5b5b56cf0ec45 100644 --- a/x-pack/plugins/security_solution/public/common/components/matrix_histogram/utils.ts +++ b/x-pack/plugins/security_solution/public/common/components/matrix_histogram/utils.ts @@ -8,7 +8,7 @@ import { get, groupBy, map, toPairs } from 'lodash/fp'; import { UpdateDateRange, ChartSeriesData } from '../charts/common'; import { MatrixHistogramMappingTypes, BarchartConfigs } from './types'; -import { MatrixOverTimeHistogramData } from '../../../graphql/types'; +import { MatrixHistogramData } from '../../../../common/search_strategy'; import { histogramDateTimeFormatter } from '../utils'; interface GetBarchartConfigsProps { @@ -84,14 +84,14 @@ export const defaultLegendColors = [ export const formatToChartDataItem = ([key, value]: [ string, - MatrixOverTimeHistogramData[] + MatrixHistogramData[] ]): ChartSeriesData => ({ key, value, }); export const getCustomChartData = ( - data: MatrixOverTimeHistogramData[] | null, + data: MatrixHistogramData[] | null, mapping?: MatrixHistogramMappingTypes ): ChartSeriesData[] => { if (!data) return []; diff --git a/x-pack/plugins/security_solution/public/common/containers/events/last_event_time/last_event_time.gql_query.ts b/x-pack/plugins/security_solution/public/common/containers/events/last_event_time/last_event_time.gql_query.ts deleted file mode 100644 index 36305ef0dc882..0000000000000 --- a/x-pack/plugins/security_solution/public/common/containers/events/last_event_time/last_event_time.gql_query.ts +++ /dev/null @@ -1,29 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import gql from 'graphql-tag'; - -export const LastEventTimeGqlQuery = gql` - query GetLastEventTimeQuery( - $sourceId: ID! - $indexKey: LastEventIndexKey! - $details: LastTimeDetails! - $defaultIndex: [String!]! - $docValueFields: [docValueFieldsInput!]! - ) { - source(id: $sourceId) { - id - LastEventTime( - indexKey: $indexKey - details: $details - defaultIndex: $defaultIndex - docValueFields: $docValueFields - ) { - lastSeen - } - } - } -`; diff --git a/x-pack/plugins/security_solution/public/common/containers/events/last_event_time/mock.ts b/x-pack/plugins/security_solution/public/common/containers/events/last_event_time/mock.ts index bdeb1db4e1b28..208c03b453e04 100644 --- a/x-pack/plugins/security_solution/public/common/containers/events/last_event_time/mock.ts +++ b/x-pack/plugins/security_solution/public/common/containers/events/last_event_time/mock.ts @@ -4,28 +4,9 @@ * you may not use this file except in compliance with the Elastic License. */ -import { DEFAULT_INDEX_PATTERN } from '../../../../../common/constants'; -import { GetLastEventTimeQuery, LastEventIndexKey } from '../../../../graphql/types'; - -import { LastEventTimeGqlQuery } from './last_event_time.gql_query'; - interface MockLastEventTimeQuery { - request: { - query: GetLastEventTimeQuery.Query; - variables: GetLastEventTimeQuery.Variables; - }; - result: { - data?: { - source: { - id: string; - LastEventTime: { - lastSeen: string | null; - errorMessage: string | null; - }; - }; - }; - errors?: [{ message: string }]; - }; + lastSeen: string | null; + errorMessage: string | null; } const getTimeTwelveMinutesAgo = () => { @@ -35,28 +16,7 @@ const getTimeTwelveMinutesAgo = () => { return new Date(twelveMinutes).toISOString(); }; -export const mockLastEventTimeQuery: MockLastEventTimeQuery[] = [ - { - request: { - query: LastEventTimeGqlQuery, - variables: { - sourceId: 'default', - indexKey: LastEventIndexKey.hosts, - details: {}, - defaultIndex: DEFAULT_INDEX_PATTERN, - docValueFields: [], - }, - }, - result: { - data: { - source: { - id: 'default', - LastEventTime: { - lastSeen: getTimeTwelveMinutesAgo(), - errorMessage: null, - }, - }, - }, - }, - }, -]; +export const mockLastEventTimeQuery: MockLastEventTimeQuery = { + lastSeen: getTimeTwelveMinutesAgo(), + errorMessage: null, +}; diff --git a/x-pack/plugins/security_solution/public/common/containers/matrix_histogram/index.gql_query.ts b/x-pack/plugins/security_solution/public/common/containers/matrix_histogram/index.gql_query.ts deleted file mode 100644 index 6fb729ca7e9a0..0000000000000 --- a/x-pack/plugins/security_solution/public/common/containers/matrix_histogram/index.gql_query.ts +++ /dev/null @@ -1,41 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import gql from 'graphql-tag'; - -export const MatrixHistogramGqlQuery = gql` - query GetMatrixHistogramQuery( - $defaultIndex: [String!]! - $filterQuery: String - $histogramType: HistogramType! - $inspect: Boolean! - $sourceId: ID! - $stackByField: String! - $timerange: TimerangeInput! - ) { - source(id: $sourceId) { - id - MatrixHistogram( - timerange: $timerange - filterQuery: $filterQuery - defaultIndex: $defaultIndex - stackByField: $stackByField - histogramType: $histogramType - ) { - matrixHistogramData { - x - y - g - } - totalCount - inspect @include(if: $inspect) { - dsl - response - } - } - } - } -`; diff --git a/x-pack/plugins/security_solution/public/common/mock/mock_detail_item.ts b/x-pack/plugins/security_solution/public/common/mock/mock_detail_item.ts index 2395010a0ba2e..c5d881c540eec 100644 --- a/x-pack/plugins/security_solution/public/common/mock/mock_detail_item.ts +++ b/x-pack/plugins/security_solution/public/common/mock/mock_detail_item.ts @@ -4,11 +4,11 @@ * you may not use this file except in compliance with the Elastic License. */ -import { DetailItem } from '../../graphql/types'; +import { TimelineEventsDetailsItem } from '../../../common/search_strategy'; export const mockDetailItemDataId = 'Y-6TfmcB0WOhS6qyMv3s'; -export const mockDetailItemData: DetailItem[] = [ +export const mockDetailItemData: TimelineEventsDetailsItem[] = [ { field: '_id', originalValue: 'pEMaMmkBUV60JmNWmWVi', diff --git a/x-pack/plugins/security_solution/public/common/mock/timeline_results.ts b/x-pack/plugins/security_solution/public/common/mock/timeline_results.ts index 6403a50ad4a1d..9f26fc22ede53 100644 --- a/x-pack/plugins/security_solution/public/common/mock/timeline_results.ts +++ b/x-pack/plugins/security_solution/public/common/mock/timeline_results.ts @@ -8,13 +8,8 @@ import { FilterStateStore } from '../../../../../../src/plugins/data/common/es_q import { TimelineId, TimelineType, TimelineStatus } from '../../../common/types/timeline'; import { OpenTimelineResult } from '../../timelines/components/open_timeline/types'; -import { - GetAllTimeline, - SortFieldTimeline, - TimelineResult, - Direction, - DetailItem, -} from '../../graphql/types'; +import { GetAllTimeline, SortFieldTimeline, TimelineResult, Direction } from '../../graphql/types'; +import { TimelineEventsDetailsItem } from '../../../common/search_strategy'; import { allTimelinesQuery } from '../../timelines/containers/all/index.gql_query'; import { CreateTimelineProps } from '../../detections/components/alerts_table/types'; import { TimelineModel } from '../../timelines/store/timeline/model'; @@ -2264,7 +2259,7 @@ export const defaultTimelineProps: CreateTimelineProps = { ruleNote: '# this is some markdown documentation', }; -export const mockTimelineDetails: DetailItem[] = [ +export const mockTimelineDetails: TimelineEventsDetailsItem[] = [ { field: 'host.name', values: ['apache'], diff --git a/x-pack/plugins/security_solution/public/detections/components/alerts_table/actions.test.tsx b/x-pack/plugins/security_solution/public/detections/components/alerts_table/actions.test.tsx index e3440f4158513..f326d5ad54ef2 100644 --- a/x-pack/plugins/security_solution/public/detections/components/alerts_table/actions.test.tsx +++ b/x-pack/plugins/security_solution/public/detections/components/alerts_table/actions.test.tsx @@ -15,10 +15,12 @@ import { apolloClient, mockTimelineApolloResult, mockTimelineDetailsApollo, + mockTimelineDetails, } from '../../../common/mock/'; import { CreateTimeline, UpdateTimelineLoading } from './types'; import { Ecs } from '../../../../common/ecs'; import { TimelineId, TimelineType, TimelineStatus } from '../../../../common/types/timeline'; +import { ISearchStart } from '../../../../../../../src/plugins/data/public'; jest.mock('apollo-client'); @@ -27,6 +29,7 @@ describe('alert actions', () => { const unix = moment(anchor).valueOf(); let createTimeline: CreateTimeline; let updateTimelineIsLoading: UpdateTimelineLoading; + let searchStrategyClient: ISearchStart; let clock: sinon.SinonFakeTimers; beforeEach(() => { @@ -39,6 +42,11 @@ describe('alert actions', () => { createTimeline = jest.fn() as jest.Mocked; updateTimelineIsLoading = jest.fn() as jest.Mocked; + searchStrategyClient = { + aggs: {} as ISearchStart['aggs'], + search: jest.fn().mockResolvedValue({ data: mockTimelineDetails }), + searchSource: {} as ISearchStart['searchSource'], + }; jest.spyOn(apolloClient, 'query').mockImplementation((obj) => { const id = get('variables.id', obj); @@ -64,6 +72,7 @@ describe('alert actions', () => { ecsData: mockEcsDataWithAlert, nonEcsData: [], updateTimelineIsLoading, + searchStrategyClient, }); expect(updateTimelineIsLoading).toHaveBeenCalledTimes(1); @@ -80,6 +89,7 @@ describe('alert actions', () => { ecsData: mockEcsDataWithAlert, nonEcsData: [], updateTimelineIsLoading, + searchStrategyClient, }); const expected = { from: '2018-11-05T18:58:25.937Z', @@ -268,6 +278,7 @@ describe('alert actions', () => { ecsData: mockEcsDataWithAlert, nonEcsData: [], updateTimelineIsLoading, + searchStrategyClient, }); const createTimelineArg = (createTimeline as jest.Mock).mock.calls[0][0]; @@ -297,6 +308,7 @@ describe('alert actions', () => { ecsData: mockEcsDataWithAlert, nonEcsData: [], updateTimelineIsLoading, + searchStrategyClient, }); const createTimelineArg = (createTimeline as jest.Mock).mock.calls[0][0]; @@ -315,6 +327,7 @@ describe('alert actions', () => { ecsData: mockEcsDataWithAlert, nonEcsData: [], updateTimelineIsLoading, + searchStrategyClient, }); expect(updateTimelineIsLoading).toHaveBeenCalledWith({ @@ -349,6 +362,7 @@ describe('alert actions', () => { ecsData: ecsDataMock, nonEcsData: [], updateTimelineIsLoading, + searchStrategyClient, }); expect(updateTimelineIsLoading).not.toHaveBeenCalled(); @@ -374,6 +388,7 @@ describe('alert actions', () => { ecsData: ecsDataMock, nonEcsData: [], updateTimelineIsLoading, + searchStrategyClient, }); expect(updateTimelineIsLoading).not.toHaveBeenCalled(); diff --git a/x-pack/plugins/security_solution/public/detections/components/alerts_table/actions.tsx b/x-pack/plugins/security_solution/public/detections/components/alerts_table/actions.tsx index 7f98d3b2f71de..0e2aee5abd42e 100644 --- a/x-pack/plugins/security_solution/public/detections/components/alerts_table/actions.tsx +++ b/x-pack/plugins/security_solution/public/detections/components/alerts_table/actions.tsx @@ -15,10 +15,13 @@ import { TimelineId, TimelineStatus, TimelineType } from '../../../../common/typ import { updateAlertStatus } from '../../containers/detection_engine/alerts/api'; import { SendAlertToTimelineActionProps, UpdateAlertStatusActionProps } from './types'; import { Ecs } from '../../../../common/ecs'; -import { GetOneTimeline, TimelineResult, GetTimelineDetailsQuery } from '../../../graphql/types'; +import { GetOneTimeline, TimelineResult } from '../../../graphql/types'; import { TimelineNonEcsData, TimelineEventsDetailsItem, + TimelineEventsDetailsRequestOptions, + TimelineEventsDetailsStrategyResponse, + TimelineEventsQueries, } from '../../../../common/search_strategy/timeline'; import { oneTimelineQuery } from '../../../timelines/containers/one/index.gql_query'; import { timelineDefaults } from '../../../timelines/store/timeline/defaults'; @@ -34,7 +37,6 @@ import { } from './helpers'; import { KueryFilterQueryKind } from '../../../common/store'; import { DataProvider } from '../../../timelines/components/timeline/data_providers/data_provider'; -import { timelineDetailsQuery } from '../../../timelines/containers/details/index.gql_query'; export const getUpdateAlertsQuery = (eventIds: Readonly) => { return { @@ -154,6 +156,7 @@ export const sendAlertToTimelineAction = async ({ ecsData, nonEcsData, updateTimelineIsLoading, + searchStrategyClient, }: SendAlertToTimelineActionProps) => { let openAlertInBasicTimeline = true; const noteContent = ecsData.signal?.rule?.note != null ? ecsData.signal?.rule?.note[0] : ''; @@ -172,24 +175,24 @@ export const sendAlertToTimelineAction = async ({ id: timelineId, }, }), - apolloClient.query({ - query: timelineDetailsQuery, - fetchPolicy: 'no-cache', - variables: { + searchStrategyClient.search< + TimelineEventsDetailsRequestOptions, + TimelineEventsDetailsStrategyResponse + >( + { defaultIndex: [], docValueFields: [], - eventId: ecsData._id, indexName: ecsData._index ?? '', - sourceId: 'default', + eventId: ecsData._id, + factoryQueryType: TimelineEventsQueries.details, }, - }), + { + strategy: 'securitySolutionTimelineSearchStrategy', + } + ), ]); const resultingTimeline: TimelineResult = getOr({}, 'data.getOneTimeline', responseTimeline); - const eventData: TimelineEventsDetailsItem[] = getOr( - [], - 'data.source.TimelineDetails.data', - eventDataResp - ); + const eventData: TimelineEventsDetailsItem[] = getOr([], 'data', eventDataResp); if (!isEmpty(resultingTimeline)) { const timelineTemplate: TimelineResult = omitTypenameInTimeline(resultingTimeline); openAlertInBasicTimeline = false; diff --git a/x-pack/plugins/security_solution/public/detections/components/alerts_table/helpers.ts b/x-pack/plugins/security_solution/public/detections/components/alerts_table/helpers.ts index 20c233a03a8cf..b386ce0c9631b 100644 --- a/x-pack/plugins/security_solution/public/detections/components/alerts_table/helpers.ts +++ b/x-pack/plugins/security_solution/public/detections/components/alerts_table/helpers.ts @@ -11,7 +11,8 @@ import { DataProviderType, DataProvidersAnd, } from '../../../timelines/components/timeline/data_providers/data_provider'; -import { DetailItem, TimelineType } from '../../../graphql/types'; +import { TimelineEventsDetailsItem } from '../../../../common/search_strategy'; +import { TimelineType } from '../../../graphql/types'; interface FindValueToChangeInQuery { field: string; @@ -49,7 +50,7 @@ const templateFields = [ */ export const getStringArray = ( field: string, - data: DetailItem[], + data: TimelineEventsDetailsItem[], localConsole = console ): string[] => { const value: unknown | undefined = data.find((d) => d.field === field)?.values ?? null; @@ -108,7 +109,7 @@ export const findValueToChangeInQuery = ( export const replaceTemplateFieldFromQuery = ( query: string, - eventData: DetailItem[], + eventData: TimelineEventsDetailsItem[], timelineType: TimelineType = TimelineType.default ): string => { if (timelineType === TimelineType.default) { @@ -132,7 +133,7 @@ export const replaceTemplateFieldFromQuery = ( export const replaceTemplateFieldFromMatchFilters = ( filters: Filter[], - eventData: DetailItem[] + eventData: TimelineEventsDetailsItem[] ): Filter[] => filters.map((filter) => { if ( @@ -151,7 +152,7 @@ export const replaceTemplateFieldFromMatchFilters = ( export const reformatDataProviderWithNewValue = ( dataProvider: T, - eventData: DetailItem[], + eventData: TimelineEventsDetailsItem[], timelineType: TimelineType = TimelineType.default ): T => { // Support for legacy "template-like" timeline behavior that is using hardcoded list of templateFields @@ -201,7 +202,7 @@ export const reformatDataProviderWithNewValue = dataProviders.map((dataProvider) => { diff --git a/x-pack/plugins/security_solution/public/detections/components/alerts_table/timeline_actions/investigate_in_timeline_action.tsx b/x-pack/plugins/security_solution/public/detections/components/alerts_table/timeline_actions/investigate_in_timeline_action.tsx index f4649b016f67c..8960b7a76660b 100644 --- a/x-pack/plugins/security_solution/public/detections/components/alerts_table/timeline_actions/investigate_in_timeline_action.tsx +++ b/x-pack/plugins/security_solution/public/detections/components/alerts_table/timeline_actions/investigate_in_timeline_action.tsx @@ -7,6 +7,7 @@ import React, { useCallback } from 'react'; import { useDispatch } from 'react-redux'; +import { useKibana } from '../../../../common/lib/kibana'; import { TimelineId } from '../../../../../common/types/timeline'; import { Ecs } from '../../../../../common/ecs'; import { TimelineNonEcsData } from '../../../../../common/search_strategy/timeline'; @@ -30,6 +31,9 @@ const InvestigateInTimelineActionComponent: React.FC { + const { + data: { search: searchStrategyClient }, + } = useKibana().services; const dispatch = useDispatch(); const apolloClient = useApolloClient(); @@ -66,9 +70,17 @@ const InvestigateInTimelineActionComponent: React.FC void; diff --git a/x-pack/plugins/security_solution/public/graphql/introspection.json b/x-pack/plugins/security_solution/public/graphql/introspection.json index ece0712414349..8d780137b847c 100644 --- a/x-pack/plugins/security_solution/public/graphql/introspection.json +++ b/x-pack/plugins/security_solution/public/graphql/introspection.json @@ -683,9 +683,15 @@ "deprecationReason": null }, { - "name": "Authentications", - "description": "Gets Authentication success and failures based on a timerange", + "name": "Hosts", + "description": "Gets Hosts based on timerange and specified criteria, or all events in the timerange if no criteria is specified", "args": [ + { + "name": "id", + "description": "", + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "defaultValue": null + }, { "name": "timerange", "description": "", @@ -710,6 +716,16 @@ }, "defaultValue": null }, + { + "name": "sort", + "description": "", + "type": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "INPUT_OBJECT", "name": "HostsSortField", "ofType": null } + }, + "defaultValue": null + }, { "name": "filterQuery", "description": "", @@ -760,65 +776,41 @@ "type": { "kind": "NON_NULL", "name": null, - "ofType": { "kind": "OBJECT", "name": "AuthenticationsData", "ofType": null } + "ofType": { "kind": "OBJECT", "name": "HostsData", "ofType": null } }, "isDeprecated": false, "deprecationReason": null }, { - "name": "Timeline", + "name": "HostOverview", "description": "", "args": [ { - "name": "pagination", + "name": "id", "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "INPUT_OBJECT", "name": "PaginationInput", "ofType": null } - }, + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, "defaultValue": null }, { - "name": "sortField", + "name": "hostName", "description": "", "type": { "kind": "NON_NULL", "name": null, - "ofType": { "kind": "INPUT_OBJECT", "name": "SortField", "ofType": null } + "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } }, "defaultValue": null }, { - "name": "fieldRequested", + "name": "timerange", "description": "", "type": { "kind": "NON_NULL", "name": null, - "ofType": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } - } - } + "ofType": { "kind": "INPUT_OBJECT", "name": "TimerangeInput", "ofType": null } }, "defaultValue": null }, - { - "name": "timerange", - "description": "", - "type": { "kind": "INPUT_OBJECT", "name": "TimerangeInput", "ofType": null }, - "defaultValue": null - }, - { - "name": "filterQuery", - "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null - }, { "name": "defaultIndex", "description": "", @@ -836,54 +828,28 @@ } }, "defaultValue": null - }, - { - "name": "docValueFields", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { - "kind": "INPUT_OBJECT", - "name": "docValueFieldsInput", - "ofType": null - } - } - } - }, - "defaultValue": null } ], "type": { "kind": "NON_NULL", "name": null, - "ofType": { "kind": "OBJECT", "name": "TimelineData", "ofType": null } + "ofType": { "kind": "OBJECT", "name": "HostItem", "ofType": null } }, "isDeprecated": false, "deprecationReason": null }, { - "name": "TimelineDetails", + "name": "HostFirstLastSeen", "description": "", "args": [ { - "name": "eventId", + "name": "id", "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } - }, + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, "defaultValue": null }, { - "name": "indexName", + "name": "hostName", "description": "", "type": { "kind": "NON_NULL", @@ -936,41 +902,140 @@ "type": { "kind": "NON_NULL", "name": null, - "ofType": { "kind": "OBJECT", "name": "TimelineDetailsData", "ofType": null } + "ofType": { "kind": "OBJECT", "name": "FirstLastSeenHost", "ofType": null } + }, + "isDeprecated": false, + "deprecationReason": null + } + ], + "inputFields": null, + "interfaces": [], + "enumValues": null, + "possibleTypes": null + }, + { + "kind": "OBJECT", + "name": "SourceConfiguration", + "description": "A set of configuration options for a security data source", + "fields": [ + { + "name": "fields", + "description": "The field mapping to use for this source", + "args": [], + "type": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "OBJECT", "name": "SourceFields", "ofType": null } + }, + "isDeprecated": false, + "deprecationReason": null + } + ], + "inputFields": null, + "interfaces": [], + "enumValues": null, + "possibleTypes": null + }, + { + "kind": "OBJECT", + "name": "SourceFields", + "description": "A mapping of semantic fields to their document counterparts", + "fields": [ + { + "name": "container", + "description": "The field to identify a container by", + "args": [], + "type": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } }, "isDeprecated": false, "deprecationReason": null }, { - "name": "LastEventTime", - "description": "", - "args": [ - { - "name": "id", - "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null - }, - { - "name": "indexKey", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "ENUM", "name": "LastEventIndexKey", "ofType": null } - }, - "defaultValue": null - }, - { - "name": "details", - "description": "", - "type": { + "name": "host", + "description": "The fields to identify a host by", + "args": [], + "type": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } + }, + "isDeprecated": false, + "deprecationReason": null + }, + { + "name": "message", + "description": "The fields that may contain the log event message. The first field found win.", + "args": [], + "type": { + "kind": "NON_NULL", + "name": null, + "ofType": { + "kind": "LIST", + "name": null, + "ofType": { "kind": "NON_NULL", "name": null, - "ofType": { "kind": "INPUT_OBJECT", "name": "LastTimeDetails", "ofType": null } - }, - "defaultValue": null - }, + "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } + } + } + }, + "isDeprecated": false, + "deprecationReason": null + }, + { + "name": "pod", + "description": "The field to identify a pod by", + "args": [], + "type": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } + }, + "isDeprecated": false, + "deprecationReason": null + }, + { + "name": "tiebreaker", + "description": "The field to use as a tiebreaker for log events that have identical timestamps", + "args": [], + "type": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } + }, + "isDeprecated": false, + "deprecationReason": null + }, + { + "name": "timestamp", + "description": "The field to use as a timestamp for metrics and logs", + "args": [], + "type": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } + }, + "isDeprecated": false, + "deprecationReason": null + } + ], + "inputFields": null, + "interfaces": [], + "enumValues": null, + "possibleTypes": null + }, + { + "kind": "OBJECT", + "name": "SourceStatus", + "description": "The status of an infrastructure data source", + "fields": [ + { + "name": "indicesExist", + "description": "Whether the configured alias or wildcard pattern resolve to any auditbeat indices", + "args": [ { "name": "defaultIndex", "description": "", @@ -988,9 +1053,22 @@ } }, "defaultValue": null - }, + } + ], + "type": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "SCALAR", "name": "Boolean", "ofType": null } + }, + "isDeprecated": false, + "deprecationReason": null + }, + { + "name": "indexFields", + "description": "The list of fields defined in the index mappings", + "args": [ { - "name": "docValueFields", + "name": "defaultIndex", "description": "", "type": { "kind": "NON_NULL", @@ -1001,11 +1079,7 @@ "ofType": { "kind": "NON_NULL", "name": null, - "ofType": { - "kind": "INPUT_OBJECT", - "name": "docValueFieldsInput", - "ofType": null - } + "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } } } }, @@ -1015,2451 +1089,16 @@ "type": { "kind": "NON_NULL", "name": null, - "ofType": { "kind": "OBJECT", "name": "LastEventTimeData", "ofType": null } - }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "Hosts", - "description": "Gets Hosts based on timerange and specified criteria, or all events in the timerange if no criteria is specified", - "args": [ - { - "name": "id", - "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null - }, - { - "name": "timerange", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "INPUT_OBJECT", "name": "TimerangeInput", "ofType": null } - }, - "defaultValue": null - }, - { - "name": "pagination", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { - "kind": "INPUT_OBJECT", - "name": "PaginationInputPaginated", - "ofType": null - } - }, - "defaultValue": null - }, - { - "name": "sort", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "INPUT_OBJECT", "name": "HostsSortField", "ofType": null } - }, - "defaultValue": null - }, - { - "name": "filterQuery", - "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null - }, - { - "name": "defaultIndex", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } - } - } - }, - "defaultValue": null - }, - { - "name": "docValueFields", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { - "kind": "INPUT_OBJECT", - "name": "docValueFieldsInput", - "ofType": null - } - } - } - }, - "defaultValue": null - } - ], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "HostsData", "ofType": null } - }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "HostOverview", - "description": "", - "args": [ - { - "name": "id", - "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null - }, - { - "name": "hostName", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } - }, - "defaultValue": null - }, - { - "name": "timerange", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "INPUT_OBJECT", "name": "TimerangeInput", "ofType": null } - }, - "defaultValue": null - }, - { - "name": "defaultIndex", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } - } - } - }, - "defaultValue": null - } - ], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "HostItem", "ofType": null } - }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "HostFirstLastSeen", - "description": "", - "args": [ - { - "name": "id", - "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null - }, - { - "name": "hostName", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } - }, - "defaultValue": null - }, - { - "name": "defaultIndex", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } - } - } - }, - "defaultValue": null - }, - { - "name": "docValueFields", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { - "kind": "INPUT_OBJECT", - "name": "docValueFieldsInput", - "ofType": null - } - } - } - }, - "defaultValue": null - } - ], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "FirstLastSeenHost", "ofType": null } - }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "KpiNetwork", - "description": "", - "args": [ - { - "name": "id", - "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null - }, - { - "name": "timerange", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "INPUT_OBJECT", "name": "TimerangeInput", "ofType": null } - }, - "defaultValue": null - }, - { - "name": "filterQuery", - "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null - }, - { - "name": "defaultIndex", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } - } - } - }, - "defaultValue": null - } - ], - "type": { "kind": "OBJECT", "name": "KpiNetworkData", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "KpiHosts", - "description": "", - "args": [ - { - "name": "id", - "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null - }, - { - "name": "timerange", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "INPUT_OBJECT", "name": "TimerangeInput", "ofType": null } - }, - "defaultValue": null - }, - { - "name": "filterQuery", - "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null - }, - { - "name": "defaultIndex", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } - } - } - }, - "defaultValue": null - } - ], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "KpiHostsData", "ofType": null } - }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "KpiHostDetails", - "description": "", - "args": [ - { - "name": "id", - "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null - }, - { - "name": "timerange", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "INPUT_OBJECT", "name": "TimerangeInput", "ofType": null } - }, - "defaultValue": null - }, - { - "name": "filterQuery", - "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null - }, - { - "name": "defaultIndex", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } - } - } - }, - "defaultValue": null - } - ], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "KpiHostDetailsData", "ofType": null } - }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "MatrixHistogram", - "description": "", - "args": [ - { - "name": "filterQuery", - "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null - }, - { - "name": "defaultIndex", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } - } - } - }, - "defaultValue": null - }, - { - "name": "timerange", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "INPUT_OBJECT", "name": "TimerangeInput", "ofType": null } - }, - "defaultValue": null - }, - { - "name": "stackByField", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } - }, - "defaultValue": null - }, - { - "name": "histogramType", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "ENUM", "name": "HistogramType", "ofType": null } - }, - "defaultValue": null - } - ], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "MatrixHistogramOverTimeData", "ofType": null } - }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "NetworkTopCountries", - "description": "", - "args": [ - { - "name": "id", - "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null - }, - { - "name": "filterQuery", - "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null - }, - { - "name": "ip", - "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null - }, - { - "name": "flowTarget", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "ENUM", "name": "FlowTargetSourceDest", "ofType": null } - }, - "defaultValue": null - }, - { - "name": "pagination", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { - "kind": "INPUT_OBJECT", - "name": "PaginationInputPaginated", - "ofType": null - } - }, - "defaultValue": null - }, - { - "name": "sort", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { - "kind": "INPUT_OBJECT", - "name": "NetworkTopTablesSortField", - "ofType": null - } - }, - "defaultValue": null - }, - { - "name": "timerange", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "INPUT_OBJECT", "name": "TimerangeInput", "ofType": null } - }, - "defaultValue": null - }, - { - "name": "defaultIndex", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } - } - } - }, - "defaultValue": null - } - ], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "NetworkTopCountriesData", "ofType": null } - }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "NetworkTopNFlow", - "description": "", - "args": [ - { - "name": "id", - "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null - }, - { - "name": "filterQuery", - "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null - }, - { - "name": "ip", - "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null - }, - { - "name": "flowTarget", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "ENUM", "name": "FlowTargetSourceDest", "ofType": null } - }, - "defaultValue": null - }, - { - "name": "pagination", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { - "kind": "INPUT_OBJECT", - "name": "PaginationInputPaginated", - "ofType": null - } - }, - "defaultValue": null - }, - { - "name": "sort", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { - "kind": "INPUT_OBJECT", - "name": "NetworkTopTablesSortField", - "ofType": null - } - }, - "defaultValue": null - }, - { - "name": "timerange", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "INPUT_OBJECT", "name": "TimerangeInput", "ofType": null } - }, - "defaultValue": null - }, - { - "name": "defaultIndex", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } - } - } - }, - "defaultValue": null - } - ], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "NetworkTopNFlowData", "ofType": null } - }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "NetworkDns", - "description": "", - "args": [ - { - "name": "filterQuery", - "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null - }, - { - "name": "id", - "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null - }, - { - "name": "isPtrIncluded", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "Boolean", "ofType": null } - }, - "defaultValue": null - }, - { - "name": "pagination", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { - "kind": "INPUT_OBJECT", - "name": "PaginationInputPaginated", - "ofType": null - } - }, - "defaultValue": null - }, - { - "name": "sort", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { - "kind": "INPUT_OBJECT", - "name": "NetworkDnsSortField", - "ofType": null - } - }, - "defaultValue": null - }, - { - "name": "stackByField", - "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null - }, - { - "name": "timerange", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "INPUT_OBJECT", "name": "TimerangeInput", "ofType": null } - }, - "defaultValue": null - }, - { - "name": "defaultIndex", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } - } - } - }, - "defaultValue": null - } - ], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "NetworkDnsData", "ofType": null } - }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "NetworkDnsHistogram", - "description": "", - "args": [ - { - "name": "filterQuery", - "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null - }, - { - "name": "defaultIndex", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } - } - } - }, - "defaultValue": null - }, - { - "name": "timerange", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "INPUT_OBJECT", "name": "TimerangeInput", "ofType": null } - }, - "defaultValue": null - }, - { - "name": "stackByField", - "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null - }, - { - "name": "docValueFields", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { - "kind": "INPUT_OBJECT", - "name": "docValueFieldsInput", - "ofType": null - } - } - } - }, - "defaultValue": null - } - ], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "NetworkDsOverTimeData", "ofType": null } - }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "NetworkHttp", - "description": "", - "args": [ - { - "name": "id", - "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null - }, - { - "name": "filterQuery", - "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null - }, - { - "name": "ip", - "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null - }, - { - "name": "pagination", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { - "kind": "INPUT_OBJECT", - "name": "PaginationInputPaginated", - "ofType": null - } - }, - "defaultValue": null - }, - { - "name": "sort", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { - "kind": "INPUT_OBJECT", - "name": "NetworkHttpSortField", - "ofType": null - } - }, - "defaultValue": null - }, - { - "name": "timerange", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "INPUT_OBJECT", "name": "TimerangeInput", "ofType": null } - }, - "defaultValue": null - }, - { - "name": "defaultIndex", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } - } - } - }, - "defaultValue": null - } - ], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "NetworkHttpData", "ofType": null } - }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "whoAmI", - "description": "Just a simple example to get the app name", - "args": [], - "type": { "kind": "OBJECT", "name": "SayMyName", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "SourceConfiguration", - "description": "A set of configuration options for a security data source", - "fields": [ - { - "name": "fields", - "description": "The field mapping to use for this source", - "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "SourceFields", "ofType": null } - }, - "isDeprecated": false, - "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "SourceFields", - "description": "A mapping of semantic fields to their document counterparts", - "fields": [ - { - "name": "container", - "description": "The field to identify a container by", - "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } - }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "host", - "description": "The fields to identify a host by", - "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } - }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "message", - "description": "The fields that may contain the log event message. The first field found win.", - "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } - } - } - }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "pod", - "description": "The field to identify a pod by", - "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } - }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "tiebreaker", - "description": "The field to use as a tiebreaker for log events that have identical timestamps", - "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } - }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "timestamp", - "description": "The field to use as a timestamp for metrics and logs", - "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } - }, - "isDeprecated": false, - "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "SourceStatus", - "description": "The status of an infrastructure data source", - "fields": [ - { - "name": "indicesExist", - "description": "Whether the configured alias or wildcard pattern resolve to any auditbeat indices", - "args": [ - { - "name": "defaultIndex", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } - } - } - }, - "defaultValue": null - } - ], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "Boolean", "ofType": null } - }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "indexFields", - "description": "The list of fields defined in the index mappings", - "args": [ - { - "name": "defaultIndex", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } - } - } - }, - "defaultValue": null - } - ], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } - } - } - }, - "isDeprecated": false, - "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "SCALAR", - "name": "Boolean", - "description": "The `Boolean` scalar type represents `true` or `false`.", - "fields": null, - "inputFields": null, - "interfaces": null, - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "INPUT_OBJECT", - "name": "TimerangeInput", - "description": "", - "fields": null, - "inputFields": [ - { - "name": "interval", - "description": "The interval string to use for last bucket. The format is '{value}{unit}'. For example '5m' would return the metrics for the last 5 minutes of the timespan.", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } - }, - "defaultValue": null - }, - { - "name": "to", - "description": "The end of the timerange", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } - }, - "defaultValue": null - }, - { - "name": "from", - "description": "The beginning of the timerange", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } - }, - "defaultValue": null - } - ], - "interfaces": null, - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "INPUT_OBJECT", - "name": "PaginationInputPaginated", - "description": "", - "fields": null, - "inputFields": [ - { - "name": "activePage", - "description": "The activePage parameter defines the page of results you want to fetch", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "Float", "ofType": null } - }, - "defaultValue": null - }, - { - "name": "cursorStart", - "description": "The cursorStart parameter defines the start of the results to be displayed", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "Float", "ofType": null } - }, - "defaultValue": null - }, - { - "name": "fakePossibleCount", - "description": "The fakePossibleCount parameter determines the total count in order to show 5 additional pages", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "Float", "ofType": null } - }, - "defaultValue": null - }, - { - "name": "querySize", - "description": "The querySize parameter is the number of items to be returned", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "Float", "ofType": null } - }, - "defaultValue": null - } - ], - "interfaces": null, - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "INPUT_OBJECT", - "name": "docValueFieldsInput", - "description": "", - "fields": null, - "inputFields": [ - { - "name": "field", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } - }, - "defaultValue": null - }, - { - "name": "format", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } - }, - "defaultValue": null - } - ], - "interfaces": null, - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "AuthenticationsData", - "description": "", - "fields": [ - { - "name": "edges", - "description": "", - "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "AuthenticationsEdges", "ofType": null } - } - } - }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "totalCount", - "description": "", - "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "Float", "ofType": null } - }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "pageInfo", - "description": "", - "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "PageInfoPaginated", "ofType": null } - }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "inspect", - "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "Inspect", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "AuthenticationsEdges", - "description": "", - "fields": [ - { - "name": "node", - "description": "", - "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "AuthenticationItem", "ofType": null } - }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "cursor", - "description": "", - "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "CursorType", "ofType": null } - }, - "isDeprecated": false, - "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "AuthenticationItem", - "description": "", - "fields": [ - { - "name": "_id", - "description": "", - "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } - }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "failures", - "description": "", - "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "Float", "ofType": null } - }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "successes", - "description": "", - "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "Float", "ofType": null } - }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "user", - "description": "", - "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "UserEcsFields", "ofType": null } - }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "lastSuccess", - "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "LastSourceHost", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "lastFailure", - "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "LastSourceHost", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "UserEcsFields", - "description": "", - "fields": [ - { - "name": "domain", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "id", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "name", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "full_name", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "email", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "hash", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "group", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "SCALAR", - "name": "ToStringArray", - "description": "", - "fields": null, - "inputFields": null, - "interfaces": null, - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "LastSourceHost", - "description": "", - "fields": [ - { - "name": "timestamp", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "Date", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "source", - "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "SourceEcsFields", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "host", - "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "HostEcsFields", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "SCALAR", - "name": "Date", - "description": "", - "fields": null, - "inputFields": null, - "interfaces": null, - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "SourceEcsFields", - "description": "", - "fields": [ - { - "name": "bytes", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "ip", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "port", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "domain", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "geo", - "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "GeoEcsFields", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "packets", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "SCALAR", - "name": "ToNumberArray", - "description": "", - "fields": null, - "inputFields": null, - "interfaces": null, - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "GeoEcsFields", - "description": "", - "fields": [ - { - "name": "city_name", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "continent_name", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "country_iso_code", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "country_name", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "location", - "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "Location", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "region_iso_code", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "region_name", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "Location", - "description": "", - "fields": [ - { - "name": "lon", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "lat", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "HostEcsFields", - "description": "", - "fields": [ - { - "name": "architecture", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "id", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "ip", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "mac", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "name", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "os", - "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "OsEcsFields", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "type", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "OsEcsFields", - "description": "", - "fields": [ - { - "name": "platform", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "name", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "full", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "family", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "version", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "kernel", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "CursorType", - "description": "", - "fields": [ - { - "name": "value", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "tiebreaker", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "PageInfoPaginated", - "description": "", - "fields": [ - { - "name": "activePage", - "description": "", - "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "Float", "ofType": null } - }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "fakeTotalCount", - "description": "", - "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "Float", "ofType": null } - }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "showMorePagesIndicator", - "description": "", - "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "Boolean", "ofType": null } - }, - "isDeprecated": false, - "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "Inspect", - "description": "", - "fields": [ - { - "name": "dsl", - "description": "", - "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } - } - } - }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "response", - "description": "", - "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } - } - } - }, - "isDeprecated": false, - "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "INPUT_OBJECT", - "name": "PaginationInput", - "description": "", - "fields": null, - "inputFields": [ - { - "name": "limit", - "description": "The limit parameter allows you to configure the maximum amount of items to be returned", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "Float", "ofType": null } - }, - "defaultValue": null - }, - { - "name": "cursor", - "description": "The cursor parameter defines the next result you want to fetch", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null - }, - { - "name": "tiebreaker", - "description": "The tiebreaker parameter allow to be more precise to fetch the next item", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null - } - ], - "interfaces": null, - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "INPUT_OBJECT", - "name": "SortField", - "description": "", - "fields": null, - "inputFields": [ - { - "name": "sortFieldId", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } - }, - "defaultValue": null - }, - { - "name": "direction", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "ENUM", "name": "Direction", "ofType": null } - }, - "defaultValue": null - } - ], - "interfaces": null, - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "TimelineData", - "description": "", - "fields": [ - { - "name": "edges", - "description": "", - "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "TimelineEdges", "ofType": null } - } - } - }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "totalCount", - "description": "", - "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "Float", "ofType": null } - }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "pageInfo", - "description": "", - "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "PageInfo", "ofType": null } - }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "inspect", - "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "Inspect", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "TimelineEdges", - "description": "", - "fields": [ - { - "name": "node", - "description": "", - "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "TimelineItem", "ofType": null } - }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "cursor", - "description": "", - "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "CursorType", "ofType": null } - }, - "isDeprecated": false, - "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "TimelineItem", - "description": "", - "fields": [ - { - "name": "_id", - "description": "", - "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } - }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "_index", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "data", - "description": "", - "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "TimelineNonEcsData", "ofType": null } - } - } - }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "ecs", - "description": "", - "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "ECS", "ofType": null } - }, - "isDeprecated": false, - "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "TimelineNonEcsData", - "description": "", - "fields": [ - { - "name": "field", - "description": "", - "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } - }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "value", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "ECS", - "description": "", - "fields": [ - { - "name": "_id", - "description": "", - "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } - }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "_index", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "agent", - "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "AgentEcsField", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "auditd", - "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "AuditdEcsFields", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "destination", - "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "DestinationEcsFields", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "dns", - "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "DnsEcsFields", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "endgame", - "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "EndgameEcsFields", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "event", - "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "EventEcsFields", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "geo", - "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "GeoEcsFields", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "host", - "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "HostEcsFields", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "network", - "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "NetworkEcsField", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "rule", - "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "RuleEcsField", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "signal", - "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "SignalField", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "source", - "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "SourceEcsFields", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "suricata", - "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "SuricataEcsFields", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "tls", - "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "TlsEcsFields", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "zeek", - "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "ZeekEcsFields", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "http", - "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "HttpEcsFields", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "url", - "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "UrlEcsFields", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "timestamp", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "Date", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "message", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "user", - "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "UserEcsFields", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "winlog", - "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "WinlogEcsFields", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "process", - "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "ProcessEcsFields", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "file", - "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "FileFields", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "system", - "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "SystemEcsField", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "AgentEcsField", - "description": "", - "fields": [ - { - "name": "type", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "ofType": { + "kind": "LIST", + "name": null, + "ofType": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } + } + } + }, "isDeprecated": false, "deprecationReason": null } @@ -3470,262 +1109,246 @@ "possibleTypes": null }, { - "kind": "OBJECT", - "name": "AuditdEcsFields", - "description": "", - "fields": [ - { - "name": "result", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "session", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "data", - "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "AuditdData", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "summary", - "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "Summary", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "sequence", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - } - ], + "kind": "SCALAR", + "name": "Boolean", + "description": "The `Boolean` scalar type represents `true` or `false`.", + "fields": null, "inputFields": null, - "interfaces": [], + "interfaces": null, "enumValues": null, "possibleTypes": null }, { - "kind": "OBJECT", - "name": "AuditdData", + "kind": "INPUT_OBJECT", + "name": "TimerangeInput", "description": "", - "fields": [ - { - "name": "acct", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null + "fields": null, + "inputFields": [ + { + "name": "interval", + "description": "The interval string to use for last bucket. The format is '{value}{unit}'. For example '5m' would return the metrics for the last 5 minutes of the timespan.", + "type": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } + }, + "defaultValue": null }, { - "name": "terminal", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null + "name": "to", + "description": "The end of the timerange", + "type": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } + }, + "defaultValue": null }, { - "name": "op", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null + "name": "from", + "description": "The beginning of the timerange", + "type": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } + }, + "defaultValue": null } ], - "inputFields": null, - "interfaces": [], + "interfaces": null, "enumValues": null, "possibleTypes": null }, { - "kind": "OBJECT", - "name": "Summary", + "kind": "INPUT_OBJECT", + "name": "PaginationInputPaginated", "description": "", - "fields": [ - { - "name": "actor", - "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "PrimarySecondary", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, + "fields": null, + "inputFields": [ { - "name": "object", - "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "PrimarySecondary", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null + "name": "activePage", + "description": "The activePage parameter defines the page of results you want to fetch", + "type": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "SCALAR", "name": "Float", "ofType": null } + }, + "defaultValue": null }, { - "name": "how", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null + "name": "cursorStart", + "description": "The cursorStart parameter defines the start of the results to be displayed", + "type": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "SCALAR", "name": "Float", "ofType": null } + }, + "defaultValue": null }, { - "name": "message_type", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null + "name": "fakePossibleCount", + "description": "The fakePossibleCount parameter determines the total count in order to show 5 additional pages", + "type": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "SCALAR", "name": "Float", "ofType": null } + }, + "defaultValue": null }, { - "name": "sequence", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null + "name": "querySize", + "description": "The querySize parameter is the number of items to be returned", + "type": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "SCALAR", "name": "Float", "ofType": null } + }, + "defaultValue": null } ], - "inputFields": null, - "interfaces": [], + "interfaces": null, "enumValues": null, "possibleTypes": null }, { - "kind": "OBJECT", - "name": "PrimarySecondary", + "kind": "INPUT_OBJECT", + "name": "HostsSortField", "description": "", - "fields": [ - { - "name": "primary", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, + "fields": null, + "inputFields": [ { - "name": "secondary", + "name": "field", "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null + "type": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "ENUM", "name": "HostsFields", "ofType": null } + }, + "defaultValue": null }, { - "name": "type", + "name": "direction", "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null + "type": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "ENUM", "name": "Direction", "ofType": null } + }, + "defaultValue": null } ], - "inputFields": null, - "interfaces": [], + "interfaces": null, "enumValues": null, "possibleTypes": null }, { - "kind": "OBJECT", - "name": "DestinationEcsFields", + "kind": "ENUM", + "name": "HostsFields", "description": "", - "fields": [ - { - "name": "bytes", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "ip", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, + "fields": null, + "inputFields": null, + "interfaces": null, + "enumValues": [ { - "name": "port", + "name": "hostName", "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "domain", + "name": "lastSeen", "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null - }, + } + ], + "possibleTypes": null + }, + { + "kind": "INPUT_OBJECT", + "name": "docValueFieldsInput", + "description": "", + "fields": null, + "inputFields": [ { - "name": "geo", + "name": "field", "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "GeoEcsFields", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null + "type": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } + }, + "defaultValue": null }, { - "name": "packets", + "name": "format", "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null + "type": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } + }, + "defaultValue": null } ], - "inputFields": null, - "interfaces": [], + "interfaces": null, "enumValues": null, "possibleTypes": null }, { "kind": "OBJECT", - "name": "DnsEcsFields", + "name": "HostsData", "description": "", "fields": [ { - "name": "question", + "name": "edges", "description": "", "args": [], - "type": { "kind": "OBJECT", "name": "DnsQuestionData", "ofType": null }, + "type": { + "kind": "NON_NULL", + "name": null, + "ofType": { + "kind": "LIST", + "name": null, + "ofType": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "OBJECT", "name": "HostsEdges", "ofType": null } + } + } + }, + "isDeprecated": false, + "deprecationReason": null + }, + { + "name": "totalCount", + "description": "", + "args": [], + "type": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "SCALAR", "name": "Float", "ofType": null } + }, "isDeprecated": false, "deprecationReason": null }, { - "name": "resolved_ip", + "name": "pageInfo", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "type": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "OBJECT", "name": "PageInfoPaginated", "ofType": null } + }, "isDeprecated": false, "deprecationReason": null }, { - "name": "response_code", + "name": "inspect", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "type": { "kind": "OBJECT", "name": "Inspect", "ofType": null }, "isDeprecated": false, "deprecationReason": null } @@ -3737,22 +1360,30 @@ }, { "kind": "OBJECT", - "name": "DnsQuestionData", + "name": "HostsEdges", "description": "", "fields": [ { - "name": "name", + "name": "node", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "type": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "OBJECT", "name": "HostItem", "ofType": null } + }, "isDeprecated": false, "deprecationReason": null }, { - "name": "type", + "name": "cursor", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "type": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "OBJECT", "name": "CursorType", "ofType": null } + }, "isDeprecated": false, "deprecationReason": null } @@ -3764,110 +1395,105 @@ }, { "kind": "OBJECT", - "name": "EndgameEcsFields", + "name": "HostItem", "description": "", "fields": [ { - "name": "exit_code", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "file_name", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "file_path", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "logon_type", + "name": "_id", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "parent_process_name", + "name": "cloud", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "type": { "kind": "OBJECT", "name": "CloudFields", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "pid", + "name": "endpoint", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, + "type": { "kind": "OBJECT", "name": "EndpointFields", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "process_name", + "name": "host", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "type": { "kind": "OBJECT", "name": "HostEcsFields", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "subject_domain_name", + "name": "inspect", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "type": { "kind": "OBJECT", "name": "Inspect", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "subject_logon_id", + "name": "lastSeen", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "type": { "kind": "SCALAR", "name": "Date", "ofType": null }, "isDeprecated": false, "deprecationReason": null - }, + } + ], + "inputFields": null, + "interfaces": [], + "enumValues": null, + "possibleTypes": null + }, + { + "kind": "OBJECT", + "name": "CloudFields", + "description": "", + "fields": [ { - "name": "subject_user_name", + "name": "instance", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "type": { "kind": "OBJECT", "name": "CloudInstance", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "target_domain_name", + "name": "machine", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "type": { "kind": "OBJECT", "name": "CloudMachine", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "target_logon_id", + "name": "provider", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "type": { + "kind": "LIST", + "name": null, + "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } + }, "isDeprecated": false, "deprecationReason": null }, { - "name": "target_user_name", + "name": "region", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "type": { + "kind": "LIST", + "name": null, + "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } + }, "isDeprecated": false, "deprecationReason": null } @@ -3879,67 +1505,116 @@ }, { "kind": "OBJECT", - "name": "EventEcsFields", + "name": "CloudInstance", "description": "", "fields": [ { - "name": "action", + "name": "id", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "type": { + "kind": "LIST", + "name": null, + "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } + }, "isDeprecated": false, "deprecationReason": null - }, + } + ], + "inputFields": null, + "interfaces": [], + "enumValues": null, + "possibleTypes": null + }, + { + "kind": "OBJECT", + "name": "CloudMachine", + "description": "", + "fields": [ { - "name": "category", + "name": "type", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "type": { + "kind": "LIST", + "name": null, + "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } + }, "isDeprecated": false, "deprecationReason": null - }, + } + ], + "inputFields": null, + "interfaces": [], + "enumValues": null, + "possibleTypes": null + }, + { + "kind": "OBJECT", + "name": "EndpointFields", + "description": "", + "fields": [ { - "name": "code", + "name": "endpointPolicy", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "created", + "name": "sensorVersion", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToDateArray", "ofType": null }, + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "dataset", + "name": "policyStatus", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "type": { "kind": "ENUM", "name": "HostPolicyResponseActionStatus", "ofType": null }, "isDeprecated": false, "deprecationReason": null - }, + } + ], + "inputFields": null, + "interfaces": [], + "enumValues": null, + "possibleTypes": null + }, + { + "kind": "ENUM", + "name": "HostPolicyResponseActionStatus", + "description": "", + "fields": null, + "inputFields": null, + "interfaces": null, + "enumValues": [ { - "name": "duration", + "name": "success", "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "end", + "name": "failure", "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToDateArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, + { "name": "warning", "description": "", "isDeprecated": false, "deprecationReason": null } + ], + "possibleTypes": null + }, + { + "kind": "OBJECT", + "name": "HostEcsFields", + "description": "", + "fields": [ { - "name": "hash", + "name": "architecture", "description": "", "args": [], "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, @@ -3955,23 +1630,7 @@ "deprecationReason": null }, { - "name": "kind", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "module", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "original", + "name": "ip", "description": "", "args": [], "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, @@ -3979,7 +1638,7 @@ "deprecationReason": null }, { - "name": "outcome", + "name": "mac", "description": "", "args": [], "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, @@ -3987,42 +1646,18 @@ "deprecationReason": null }, { - "name": "risk_score", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "risk_score_norm", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "severity", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "start", + "name": "name", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToDateArray", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "timezone", + "name": "os", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "type": { "kind": "OBJECT", "name": "OsEcsFields", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, @@ -4042,7 +1677,7 @@ }, { "kind": "SCALAR", - "name": "ToDateArray", + "name": "ToStringArray", "description": "", "fields": null, "inputFields": null, @@ -4052,19 +1687,19 @@ }, { "kind": "OBJECT", - "name": "NetworkEcsField", + "name": "OsEcsFields", "description": "", "fields": [ { - "name": "bytes", + "name": "platform", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "community_id", + "name": "name", "description": "", "args": [], "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, @@ -4072,7 +1707,7 @@ "deprecationReason": null }, { - "name": "direction", + "name": "full", "description": "", "args": [], "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, @@ -4080,15 +1715,15 @@ "deprecationReason": null }, { - "name": "packets", + "name": "family", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "protocol", + "name": "version", "description": "", "args": [], "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, @@ -4096,7 +1731,7 @@ "deprecationReason": null }, { - "name": "transport", + "name": "kernel", "description": "", "args": [], "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, @@ -4111,14 +1746,46 @@ }, { "kind": "OBJECT", - "name": "RuleEcsField", + "name": "Inspect", "description": "", "fields": [ { - "name": "reference", + "name": "dsl", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "type": { + "kind": "NON_NULL", + "name": null, + "ofType": { + "kind": "LIST", + "name": null, + "ofType": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } + } + } + }, + "isDeprecated": false, + "deprecationReason": null + }, + { + "name": "response", + "description": "", + "args": [], + "type": { + "kind": "NON_NULL", + "name": null, + "ofType": { + "kind": "LIST", + "name": null, + "ofType": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } + } + } + }, "isDeprecated": false, "deprecationReason": null } @@ -4128,32 +1795,34 @@ "enumValues": null, "possibleTypes": null }, + { + "kind": "SCALAR", + "name": "Date", + "description": "", + "fields": null, + "inputFields": null, + "interfaces": null, + "enumValues": null, + "possibleTypes": null + }, { "kind": "OBJECT", - "name": "SignalField", + "name": "CursorType", "description": "", "fields": [ { - "name": "rule", - "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "RuleField", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "original_time", + "name": "value", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "status", + "name": "tiebreaker", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, "isDeprecated": false, "deprecationReason": null } @@ -4165,210 +1834,208 @@ }, { "kind": "OBJECT", - "name": "RuleField", + "name": "PageInfoPaginated", "description": "", "fields": [ { - "name": "id", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "rule_id", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "false_positives", + "name": "activePage", "description": "", "args": [], "type": { "kind": "NON_NULL", "name": null, - "ofType": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } - } - } + "ofType": { "kind": "SCALAR", "name": "Float", "ofType": null } }, "isDeprecated": false, "deprecationReason": null }, { - "name": "saved_id", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "timeline_id", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "timeline_title", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "max_signals", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "risk_score", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "output_index", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "description", + "name": "fakeTotalCount", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "type": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "SCALAR", "name": "Float", "ofType": null } + }, "isDeprecated": false, "deprecationReason": null }, { - "name": "from", + "name": "showMorePagesIndicator", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "type": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "SCALAR", "name": "Boolean", "ofType": null } + }, "isDeprecated": false, "deprecationReason": null - }, + } + ], + "inputFields": null, + "interfaces": [], + "enumValues": null, + "possibleTypes": null + }, + { + "kind": "OBJECT", + "name": "FirstLastSeenHost", + "description": "", + "fields": [ { - "name": "immutable", + "name": "inspect", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToBooleanArray", "ofType": null }, + "type": { "kind": "OBJECT", "name": "Inspect", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "index", + "name": "firstSeen", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "type": { "kind": "SCALAR", "name": "Date", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "interval", + "name": "lastSeen", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "type": { "kind": "SCALAR", "name": "Date", "ofType": null }, "isDeprecated": false, "deprecationReason": null - }, + } + ], + "inputFields": null, + "interfaces": [], + "enumValues": null, + "possibleTypes": null + }, + { + "kind": "OBJECT", + "name": "TimelineResult", + "description": "", + "fields": [ { - "name": "language", + "name": "columns", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "type": { + "kind": "LIST", + "name": null, + "ofType": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "OBJECT", "name": "ColumnHeaderResult", "ofType": null } + } + }, "isDeprecated": false, "deprecationReason": null }, { - "name": "query", + "name": "created", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "references", + "name": "createdBy", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "severity", + "name": "dataProviders", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "type": { + "kind": "LIST", + "name": null, + "ofType": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "OBJECT", "name": "DataProviderResult", "ofType": null } + } + }, "isDeprecated": false, "deprecationReason": null }, { - "name": "tags", + "name": "dateRange", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "type": { "kind": "OBJECT", "name": "DateRangePickerResult", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "threat", + "name": "description", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToAny", "ofType": null }, + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "type", + "name": "eventIdToNoteIds", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "type": { + "kind": "LIST", + "name": null, + "ofType": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "OBJECT", "name": "NoteResult", "ofType": null } + } + }, "isDeprecated": false, "deprecationReason": null }, { - "name": "size", + "name": "eventType", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "to", + "name": "excludedRowRendererIds", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "type": { + "kind": "LIST", + "name": null, + "ofType": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "ENUM", "name": "RowRendererId", "ofType": null } + } + }, "isDeprecated": false, "deprecationReason": null }, { - "name": "enabled", + "name": "favorite", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToBooleanArray", "ofType": null }, + "type": { + "kind": "LIST", + "name": null, + "ofType": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "OBJECT", "name": "FavoriteTimelineResult", "ofType": null } + } + }, "isDeprecated": false, "deprecationReason": null }, @@ -4376,226 +2043,207 @@ "name": "filters", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToAny", "ofType": null }, + "type": { + "kind": "LIST", + "name": null, + "ofType": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "OBJECT", "name": "FilterTimelineResult", "ofType": null } + } + }, "isDeprecated": false, "deprecationReason": null }, { - "name": "created_at", + "name": "kqlMode", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "updated_at", + "name": "kqlQuery", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "type": { "kind": "OBJECT", "name": "SerializedFilterQueryResult", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "created_by", + "name": "indexNames", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "type": { + "kind": "LIST", + "name": null, + "ofType": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } + } + }, "isDeprecated": false, "deprecationReason": null }, { - "name": "updated_by", + "name": "notes", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "type": { + "kind": "LIST", + "name": null, + "ofType": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "OBJECT", "name": "NoteResult", "ofType": null } + } + }, "isDeprecated": false, "deprecationReason": null }, { - "name": "version", + "name": "noteIds", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "type": { + "kind": "LIST", + "name": null, + "ofType": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } + } + }, "isDeprecated": false, "deprecationReason": null }, { - "name": "note", + "name": "pinnedEventIds", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "type": { + "kind": "LIST", + "name": null, + "ofType": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } + } + }, "isDeprecated": false, "deprecationReason": null }, { - "name": "threshold", + "name": "pinnedEventsSaveObject", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToAny", "ofType": null }, + "type": { + "kind": "LIST", + "name": null, + "ofType": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "OBJECT", "name": "PinnedEvent", "ofType": null } + } + }, "isDeprecated": false, "deprecationReason": null }, { - "name": "exceptions_list", + "name": "savedQueryId", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToAny", "ofType": null }, + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, "isDeprecated": false, "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "SCALAR", - "name": "ToBooleanArray", - "description": "", - "fields": null, - "inputFields": null, - "interfaces": null, - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "SCALAR", - "name": "ToAny", - "description": "", - "fields": null, - "inputFields": null, - "interfaces": null, - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "SuricataEcsFields", - "description": "", - "fields": [ + }, { - "name": "eve", + "name": "savedObjectId", "description": "", "args": [], - "type": { "kind": "OBJECT", "name": "SuricataEveData", "ofType": null }, + "type": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } + }, "isDeprecated": false, "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "SuricataEveData", - "description": "", - "fields": [ + }, { - "name": "alert", + "name": "sort", "description": "", "args": [], - "type": { "kind": "OBJECT", "name": "SuricataAlertData", "ofType": null }, + "type": { "kind": "OBJECT", "name": "SortTimelineResult", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "flow_id", + "name": "status", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, + "type": { "kind": "ENUM", "name": "TimelineStatus", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "proto", + "name": "title", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, "isDeprecated": false, "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "SuricataAlertData", - "description": "", - "fields": [ + }, { - "name": "signature", + "name": "templateTimelineId", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "signature_id", + "name": "templateTimelineVersion", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, + "type": { "kind": "SCALAR", "name": "Int", "ofType": null }, "isDeprecated": false, "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "TlsEcsFields", - "description": "", - "fields": [ + }, { - "name": "client_certificate", + "name": "timelineType", "description": "", "args": [], - "type": { "kind": "OBJECT", "name": "TlsClientCertificateData", "ofType": null }, + "type": { "kind": "ENUM", "name": "TimelineType", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "fingerprints", + "name": "updated", "description": "", "args": [], - "type": { "kind": "OBJECT", "name": "TlsFingerprintsData", "ofType": null }, + "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "server_certificate", + "name": "updatedBy", "description": "", "args": [], - "type": { "kind": "OBJECT", "name": "TlsServerCertificateData", "ofType": null }, + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, "isDeprecated": false, - "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "TlsClientCertificateData", - "description": "", - "fields": [ + "deprecationReason": null + }, { - "name": "fingerprint", + "name": "version", "description": "", "args": [], - "type": { "kind": "OBJECT", "name": "FingerprintData", "ofType": null }, + "type": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } + }, "isDeprecated": false, "deprecationReason": null } @@ -4607,138 +2255,102 @@ }, { "kind": "OBJECT", - "name": "FingerprintData", + "name": "ColumnHeaderResult", "description": "", "fields": [ { - "name": "sha1", + "name": "aggregatable", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "type": { "kind": "SCALAR", "name": "Boolean", "ofType": null }, "isDeprecated": false, "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "TlsFingerprintsData", - "description": "", - "fields": [ + }, { - "name": "ja3", + "name": "category", "description": "", "args": [], - "type": { "kind": "OBJECT", "name": "TlsJa3Data", "ofType": null }, + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, "isDeprecated": false, "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "TlsJa3Data", - "description": "", - "fields": [ + }, { - "name": "hash", + "name": "columnHeaderType", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, "isDeprecated": false, "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "TlsServerCertificateData", - "description": "", - "fields": [ + }, { - "name": "fingerprint", + "name": "description", "description": "", "args": [], - "type": { "kind": "OBJECT", "name": "FingerprintData", "ofType": null }, + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, "isDeprecated": false, "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "ZeekEcsFields", - "description": "", - "fields": [ + }, { - "name": "session_id", + "name": "example", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "connection", + "name": "indexes", "description": "", "args": [], - "type": { "kind": "OBJECT", "name": "ZeekConnectionData", "ofType": null }, + "type": { + "kind": "LIST", + "name": null, + "ofType": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } + } + }, "isDeprecated": false, "deprecationReason": null }, { - "name": "notice", + "name": "id", "description": "", "args": [], - "type": { "kind": "OBJECT", "name": "ZeekNoticeData", "ofType": null }, + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "dns", + "name": "name", "description": "", "args": [], - "type": { "kind": "OBJECT", "name": "ZeekDnsData", "ofType": null }, + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "http", + "name": "placeholder", "description": "", "args": [], - "type": { "kind": "OBJECT", "name": "ZeekHttpData", "ofType": null }, + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "files", + "name": "searchable", "description": "", "args": [], - "type": { "kind": "OBJECT", "name": "ZeekFileData", "ofType": null }, + "type": { "kind": "SCALAR", "name": "Boolean", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "ssl", + "name": "type", "description": "", "args": [], - "type": { "kind": "OBJECT", "name": "ZeekSslData", "ofType": null }, + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, "isDeprecated": false, "deprecationReason": null } @@ -4750,46 +2362,78 @@ }, { "kind": "OBJECT", - "name": "ZeekConnectionData", + "name": "DataProviderResult", "description": "", "fields": [ { - "name": "local_resp", + "name": "id", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToBooleanArray", "ofType": null }, + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "local_orig", + "name": "name", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToBooleanArray", "ofType": null }, + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "missed_bytes", + "name": "enabled", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, + "type": { "kind": "SCALAR", "name": "Boolean", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "state", + "name": "excluded", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "type": { "kind": "SCALAR", "name": "Boolean", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "history", + "name": "kqlQuery", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null + }, + { + "name": "queryMatch", + "description": "", + "args": [], + "type": { "kind": "OBJECT", "name": "QueryMatchResult", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null + }, + { + "name": "type", + "description": "", + "args": [], + "type": { "kind": "ENUM", "name": "DataProviderType", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null + }, + { + "name": "and", + "description": "", + "args": [], + "type": { + "kind": "LIST", + "name": null, + "ofType": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "OBJECT", "name": "DataProviderResult", "ofType": null } + } + }, "isDeprecated": false, "deprecationReason": null } @@ -4801,212 +2445,210 @@ }, { "kind": "OBJECT", - "name": "ZeekNoticeData", + "name": "QueryMatchResult", "description": "", "fields": [ { - "name": "suppress_for", + "name": "field", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "msg", + "name": "displayField", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "note", + "name": "value", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "sub", + "name": "displayValue", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "dst", + "name": "operator", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, "isDeprecated": false, "deprecationReason": null - }, + } + ], + "inputFields": null, + "interfaces": [], + "enumValues": null, + "possibleTypes": null + }, + { + "kind": "ENUM", + "name": "DataProviderType", + "description": "", + "fields": null, + "inputFields": null, + "interfaces": null, + "enumValues": [ { - "name": "dropped", + "name": "default", "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToBooleanArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "peer_descr", + "name": "template", "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null } ], - "inputFields": null, - "interfaces": [], - "enumValues": null, "possibleTypes": null }, { "kind": "OBJECT", - "name": "ZeekDnsData", + "name": "DateRangePickerResult", "description": "", "fields": [ { - "name": "AA", + "name": "start", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToBooleanArray", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToAny", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "qclass_name", + "name": "end", + "description": "", + "args": [], + "type": { "kind": "SCALAR", "name": "ToAny", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null + } + ], + "inputFields": null, + "interfaces": [], + "enumValues": null, + "possibleTypes": null + }, + { + "kind": "SCALAR", + "name": "ToAny", + "description": "", + "fields": null, + "inputFields": null, + "interfaces": null, + "enumValues": null, + "possibleTypes": null + }, + { + "kind": "ENUM", + "name": "RowRendererId", + "description": "", + "fields": null, + "inputFields": null, + "interfaces": null, + "enumValues": [ + { "name": "auditd", "description": "", "isDeprecated": false, "deprecationReason": null }, + { + "name": "auditd_file", "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "RD", + "name": "netflow", "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToBooleanArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, + { "name": "plain", "description": "", "isDeprecated": false, "deprecationReason": null }, { - "name": "qtype_name", + "name": "suricata", "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, + { "name": "system", "description": "", "isDeprecated": false, "deprecationReason": null }, { - "name": "rejected", + "name": "system_dns", "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToBooleanArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "qtype", + "name": "system_endgame_process", "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "query", + "name": "system_file", "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "trans_id", + "name": "system_fim", "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "qclass", + "name": "system_security_event", "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "RA", + "name": "system_socket", "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToBooleanArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, - { - "name": "TC", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToBooleanArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - } + { "name": "zeek", "description": "", "isDeprecated": false, "deprecationReason": null } ], - "inputFields": null, - "interfaces": [], - "enumValues": null, "possibleTypes": null }, { "kind": "OBJECT", - "name": "ZeekHttpData", + "name": "FavoriteTimelineResult", "description": "", "fields": [ { - "name": "resp_mime_types", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "trans_depth", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "status_msg", + "name": "fullName", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "resp_fuids", + "name": "userName", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "tags", + "name": "favoriteDate", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, "isDeprecated": false, "deprecationReason": null } @@ -5018,193 +2660,161 @@ }, { "kind": "OBJECT", - "name": "ZeekFileData", + "name": "FilterTimelineResult", "description": "", "fields": [ { - "name": "session_ids", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "timedout", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToBooleanArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "local_orig", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToBooleanArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "tx_host", + "name": "exists", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "source", + "name": "meta", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "type": { "kind": "OBJECT", "name": "FilterMetaTimelineResult", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "is_orig", + "name": "match_all", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToBooleanArray", "ofType": null }, + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "overflow_bytes", + "name": "missing", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "sha1", + "name": "query", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "duration", + "name": "range", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "depth", + "name": "script", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, "isDeprecated": false, "deprecationReason": null - }, + } + ], + "inputFields": null, + "interfaces": [], + "enumValues": null, + "possibleTypes": null + }, + { + "kind": "OBJECT", + "name": "FilterMetaTimelineResult", + "description": "", + "fields": [ { - "name": "analyzers", + "name": "alias", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "mime_type", + "name": "controlledBy", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "rx_host", + "name": "disabled", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "type": { "kind": "SCALAR", "name": "Boolean", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "total_bytes", + "name": "field", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "fuid", + "name": "formattedValue", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "seen_bytes", + "name": "index", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "missing_bytes", + "name": "key", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "md5", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "ZeekSslData", - "description": "", - "fields": [ - { - "name": "cipher", + "name": "negate", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "type": { "kind": "SCALAR", "name": "Boolean", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "established", + "name": "params", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToBooleanArray", "ofType": null }, + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "resumed", + "name": "type", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToBooleanArray", "ofType": null }, + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "version", + "name": "value", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, "isDeprecated": false, "deprecationReason": null } @@ -5216,30 +2826,14 @@ }, { "kind": "OBJECT", - "name": "HttpEcsFields", + "name": "SerializedFilterQueryResult", "description": "", "fields": [ { - "name": "version", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "request", - "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "HttpRequestData", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "response", + "name": "filterQuery", "description": "", "args": [], - "type": { "kind": "OBJECT", "name": "HttpResponseData", "ofType": null }, + "type": { "kind": "OBJECT", "name": "SerializedKueryQueryResult", "ofType": null }, "isDeprecated": false, "deprecationReason": null } @@ -5251,38 +2845,22 @@ }, { "kind": "OBJECT", - "name": "HttpRequestData", + "name": "SerializedKueryQueryResult", "description": "", "fields": [ { - "name": "method", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "body", - "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "HttpBodyData", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "referrer", + "name": "kuery", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "type": { "kind": "OBJECT", "name": "KueryFilterQueryResult", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "bytes", + "name": "serializedQuery", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, "isDeprecated": false, "deprecationReason": null } @@ -5294,22 +2872,22 @@ }, { "kind": "OBJECT", - "name": "HttpBodyData", + "name": "KueryFilterQueryResult", "description": "", "fields": [ { - "name": "content", + "name": "kind", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "bytes", + "name": "expression", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, "isDeprecated": false, "deprecationReason": null } @@ -5321,218 +2899,504 @@ }, { "kind": "OBJECT", - "name": "HttpResponseData", + "name": "SortTimelineResult", "description": "", "fields": [ { - "name": "status_code", + "name": "columnId", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "body", + "name": "sortDirection", "description": "", "args": [], - "type": { "kind": "OBJECT", "name": "HttpBodyData", "ofType": null }, + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, "isDeprecated": false, "deprecationReason": null - }, + } + ], + "inputFields": null, + "interfaces": [], + "enumValues": null, + "possibleTypes": null + }, + { + "kind": "ENUM", + "name": "TimelineStatus", + "description": "", + "fields": null, + "inputFields": null, + "interfaces": null, + "enumValues": [ + { "name": "active", "description": "", "isDeprecated": false, "deprecationReason": null }, + { "name": "draft", "description": "", "isDeprecated": false, "deprecationReason": null }, { - "name": "bytes", + "name": "immutable", "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null } ], + "possibleTypes": null + }, + { + "kind": "SCALAR", + "name": "Int", + "description": "The `Int` scalar type represents non-fractional signed whole numeric values. Int can represent values between -(2^31) and 2^31 - 1. ", + "fields": null, "inputFields": null, - "interfaces": [], + "interfaces": null, "enumValues": null, "possibleTypes": null }, { - "kind": "OBJECT", - "name": "UrlEcsFields", + "kind": "ENUM", + "name": "TimelineType", "description": "", - "fields": [ + "fields": null, + "inputFields": null, + "interfaces": null, + "enumValues": [ { - "name": "domain", + "name": "default", "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "original", + "name": "template", "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null + } + ], + "possibleTypes": null + }, + { + "kind": "INPUT_OBJECT", + "name": "PageInfoTimeline", + "description": "", + "fields": null, + "inputFields": [ + { + "name": "pageIndex", + "description": "", + "type": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "SCALAR", "name": "Float", "ofType": null } + }, + "defaultValue": null }, { - "name": "username", + "name": "pageSize", "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null + "type": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "SCALAR", "name": "Float", "ofType": null } + }, + "defaultValue": null + } + ], + "interfaces": null, + "enumValues": null, + "possibleTypes": null + }, + { + "kind": "INPUT_OBJECT", + "name": "SortTimeline", + "description": "", + "fields": null, + "inputFields": [ + { + "name": "sortField", + "description": "", + "type": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "ENUM", "name": "SortFieldTimeline", "ofType": null } + }, + "defaultValue": null }, { - "name": "password", + "name": "sortOrder", "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null + "type": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "ENUM", "name": "Direction", "ofType": null } + }, + "defaultValue": null } ], - "inputFields": null, - "interfaces": [], + "interfaces": null, "enumValues": null, "possibleTypes": null }, { - "kind": "OBJECT", - "name": "WinlogEcsFields", + "kind": "ENUM", + "name": "SortFieldTimeline", "description": "", - "fields": [ + "fields": null, + "inputFields": null, + "interfaces": null, + "enumValues": [ + { "name": "title", "description": "", "isDeprecated": false, "deprecationReason": null }, { - "name": "event_id", + "name": "description", "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null - } + }, + { + "name": "updated", + "description": "", + "isDeprecated": false, + "deprecationReason": null + }, + { "name": "created", "description": "", "isDeprecated": false, "deprecationReason": null } ], - "inputFields": null, - "interfaces": [], - "enumValues": null, "possibleTypes": null }, { "kind": "OBJECT", - "name": "ProcessEcsFields", + "name": "ResponseTimelines", "description": "", "fields": [ { - "name": "hash", + "name": "timeline", "description": "", "args": [], - "type": { "kind": "OBJECT", "name": "ProcessHashData", "ofType": null }, + "type": { + "kind": "NON_NULL", + "name": null, + "ofType": { + "kind": "LIST", + "name": null, + "ofType": { "kind": "OBJECT", "name": "TimelineResult", "ofType": null } + } + }, "isDeprecated": false, "deprecationReason": null }, { - "name": "pid", + "name": "totalCount", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, + "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "name", + "name": "defaultTimelineCount", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "ppid", + "name": "templateTimelineCount", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, + "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "args", + "name": "elasticTemplateTimelineCount", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null + }, + { + "name": "customTemplateTimelineCount", + "description": "", + "args": [], + "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null + }, + { + "name": "favoriteCount", + "description": "", + "args": [], + "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null + } + ], + "inputFields": null, + "interfaces": [], + "enumValues": null, + "possibleTypes": null + }, + { + "kind": "OBJECT", + "name": "Mutation", + "description": "", + "fields": [ + { + "name": "persistNote", + "description": "Persists a note", + "args": [ + { + "name": "noteId", + "description": "", + "type": { "kind": "SCALAR", "name": "ID", "ofType": null }, + "defaultValue": null + }, + { + "name": "version", + "description": "", + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "defaultValue": null + }, + { + "name": "note", + "description": "", + "type": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "INPUT_OBJECT", "name": "NoteInput", "ofType": null } + }, + "defaultValue": null + } + ], + "type": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "OBJECT", "name": "ResponseNote", "ofType": null } + }, "isDeprecated": false, "deprecationReason": null }, { - "name": "entity_id", + "name": "deleteNote", "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "args": [ + { + "name": "id", + "description": "", + "type": { + "kind": "NON_NULL", + "name": null, + "ofType": { + "kind": "LIST", + "name": null, + "ofType": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "SCALAR", "name": "ID", "ofType": null } + } + } + }, + "defaultValue": null + } + ], + "type": { "kind": "SCALAR", "name": "Boolean", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "executable", + "name": "deleteNoteByTimelineId", "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "args": [ + { + "name": "timelineId", + "description": "", + "type": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "SCALAR", "name": "ID", "ofType": null } + }, + "defaultValue": null + }, + { + "name": "version", + "description": "", + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "defaultValue": null + } + ], + "type": { "kind": "SCALAR", "name": "Boolean", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "title", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "name": "persistPinnedEventOnTimeline", + "description": "Persists a pinned event in a timeline", + "args": [ + { + "name": "pinnedEventId", + "description": "", + "type": { "kind": "SCALAR", "name": "ID", "ofType": null }, + "defaultValue": null + }, + { + "name": "eventId", + "description": "", + "type": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "SCALAR", "name": "ID", "ofType": null } + }, + "defaultValue": null + }, + { + "name": "timelineId", + "description": "", + "type": { "kind": "SCALAR", "name": "ID", "ofType": null }, + "defaultValue": null + } + ], + "type": { "kind": "OBJECT", "name": "PinnedEvent", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "thread", - "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "Thread", "ofType": null }, + "name": "deletePinnedEventOnTimeline", + "description": "Remove a pinned events in a timeline", + "args": [ + { + "name": "id", + "description": "", + "type": { + "kind": "NON_NULL", + "name": null, + "ofType": { + "kind": "LIST", + "name": null, + "ofType": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "SCALAR", "name": "ID", "ofType": null } + } + } + }, + "defaultValue": null + } + ], + "type": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "SCALAR", "name": "Boolean", "ofType": null } + }, "isDeprecated": false, "deprecationReason": null }, { - "name": "working_directory", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "name": "deleteAllPinnedEventsOnTimeline", + "description": "Remove all pinned events in a timeline", + "args": [ + { + "name": "timelineId", + "description": "", + "type": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "SCALAR", "name": "ID", "ofType": null } + }, + "defaultValue": null + } + ], + "type": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "SCALAR", "name": "Boolean", "ofType": null } + }, "isDeprecated": false, "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "ProcessHashData", - "description": "", - "fields": [ + }, { - "name": "md5", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "name": "persistTimeline", + "description": "Persists a timeline", + "args": [ + { + "name": "id", + "description": "", + "type": { "kind": "SCALAR", "name": "ID", "ofType": null }, + "defaultValue": null + }, + { + "name": "version", + "description": "", + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "defaultValue": null + }, + { + "name": "timeline", + "description": "", + "type": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "INPUT_OBJECT", "name": "TimelineInput", "ofType": null } + }, + "defaultValue": null + } + ], + "type": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "OBJECT", "name": "ResponseTimeline", "ofType": null } + }, "isDeprecated": false, "deprecationReason": null }, { - "name": "sha1", + "name": "persistFavorite", "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "args": [ + { + "name": "timelineId", + "description": "", + "type": { "kind": "SCALAR", "name": "ID", "ofType": null }, + "defaultValue": null + } + ], + "type": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "OBJECT", "name": "ResponseFavoriteTimeline", "ofType": null } + }, "isDeprecated": false, "deprecationReason": null }, { - "name": "sha256", + "name": "deleteTimeline", "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "args": [ + { + "name": "id", + "description": "", + "type": { + "kind": "NON_NULL", + "name": null, + "ofType": { + "kind": "LIST", + "name": null, + "ofType": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "SCALAR", "name": "ID", "ofType": null } + } + } + }, + "defaultValue": null + } + ], + "type": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "SCALAR", "name": "Boolean", "ofType": null } + }, "isDeprecated": false, "deprecationReason": null } @@ -5543,524 +3407,416 @@ "possibleTypes": null }, { - "kind": "OBJECT", - "name": "Thread", + "kind": "INPUT_OBJECT", + "name": "NoteInput", "description": "", - "fields": [ + "fields": null, + "inputFields": [ { - "name": "id", + "name": "eventId", "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "defaultValue": null }, { - "name": "start", + "name": "note", "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "defaultValue": null + }, + { + "name": "timelineId", + "description": "", + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "defaultValue": null } ], - "inputFields": null, - "interfaces": [], + "interfaces": null, "enumValues": null, "possibleTypes": null }, { "kind": "OBJECT", - "name": "FileFields", + "name": "ResponseNote", "description": "", "fields": [ { - "name": "name", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "path", + "name": "code", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "target_path", + "name": "message", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "extension", + "name": "note", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "type": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "OBJECT", "name": "NoteResult", "ofType": null } + }, "isDeprecated": false, "deprecationReason": null - }, + } + ], + "inputFields": null, + "interfaces": [], + "enumValues": null, + "possibleTypes": null + }, + { + "kind": "INPUT_OBJECT", + "name": "TimelineInput", + "description": "", + "fields": null, + "inputFields": [ { - "name": "type", + "name": "columns", "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null + "type": { + "kind": "LIST", + "name": null, + "ofType": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "INPUT_OBJECT", "name": "ColumnHeaderInput", "ofType": null } + } + }, + "defaultValue": null }, { - "name": "device", + "name": "dataProviders", "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null + "type": { + "kind": "LIST", + "name": null, + "ofType": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "INPUT_OBJECT", "name": "DataProviderInput", "ofType": null } + } + }, + "defaultValue": null }, { - "name": "inode", + "name": "description", "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "defaultValue": null }, { - "name": "uid", + "name": "eventType", "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "defaultValue": null }, { - "name": "owner", + "name": "excludedRowRendererIds", "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null + "type": { + "kind": "LIST", + "name": null, + "ofType": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "ENUM", "name": "RowRendererId", "ofType": null } + } + }, + "defaultValue": null }, { - "name": "gid", + "name": "filters", "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null + "type": { + "kind": "LIST", + "name": null, + "ofType": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "INPUT_OBJECT", "name": "FilterTimelineInput", "ofType": null } + } + }, + "defaultValue": null }, { - "name": "group", + "name": "kqlMode", "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "defaultValue": null }, { - "name": "mode", + "name": "kqlQuery", "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null + "type": { + "kind": "INPUT_OBJECT", + "name": "SerializedFilterQueryInput", + "ofType": null + }, + "defaultValue": null }, { - "name": "size", + "name": "indexNames", "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null + "type": { + "kind": "LIST", + "name": null, + "ofType": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } + } + }, + "defaultValue": null }, { - "name": "mtime", + "name": "title", "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToDateArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "defaultValue": null }, { - "name": "ctime", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToDateArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "SystemEcsField", - "description": "", - "fields": [ - { - "name": "audit", + "name": "templateTimelineId", "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "AuditEcsFields", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "defaultValue": null }, { - "name": "auth", - "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "AuthEcsFields", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "AuditEcsFields", - "description": "", - "fields": [ - { - "name": "package", - "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "PackageEcsFields", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "PackageEcsFields", - "description": "", - "fields": [ - { - "name": "arch", + "name": "templateTimelineVersion", "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null + "type": { "kind": "SCALAR", "name": "Int", "ofType": null }, + "defaultValue": null }, { - "name": "entity_id", + "name": "timelineType", "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null + "type": { "kind": "ENUM", "name": "TimelineType", "ofType": null }, + "defaultValue": null }, { - "name": "name", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null + "name": "dateRange", + "description": "", + "type": { "kind": "INPUT_OBJECT", "name": "DateRangePickerInput", "ofType": null }, + "defaultValue": null }, { - "name": "size", + "name": "savedQueryId", "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "defaultValue": null }, { - "name": "summary", + "name": "sort", "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null + "type": { "kind": "INPUT_OBJECT", "name": "SortTimelineInput", "ofType": null }, + "defaultValue": null }, { - "name": "version", + "name": "status", "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null + "type": { "kind": "ENUM", "name": "TimelineStatus", "ofType": null }, + "defaultValue": null } ], - "inputFields": null, - "interfaces": [], + "interfaces": null, "enumValues": null, "possibleTypes": null }, { - "kind": "OBJECT", - "name": "AuthEcsFields", + "kind": "INPUT_OBJECT", + "name": "ColumnHeaderInput", "description": "", - "fields": [ + "fields": null, + "inputFields": [ { - "name": "ssh", + "name": "aggregatable", "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "SshEcsFields", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "SshEcsFields", - "description": "", - "fields": [ + "type": { "kind": "SCALAR", "name": "Boolean", "ofType": null }, + "defaultValue": null + }, { - "name": "method", + "name": "category", "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "defaultValue": null }, { - "name": "signature", + "name": "columnHeaderType", "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "PageInfo", - "description": "", - "fields": [ + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "defaultValue": null + }, { - "name": "endCursor", + "name": "description", "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "CursorType", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "defaultValue": null }, { - "name": "hasNextPage", + "name": "example", "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "Boolean", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "TimelineDetailsData", - "description": "", - "fields": [ + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "defaultValue": null + }, { - "name": "data", + "name": "indexes", "description": "", - "args": [], "type": { "kind": "LIST", "name": null, "ofType": { "kind": "NON_NULL", "name": null, - "ofType": { "kind": "OBJECT", "name": "DetailItem", "ofType": null } + "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } } }, - "isDeprecated": false, - "deprecationReason": null + "defaultValue": null }, { - "name": "inspect", + "name": "id", "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "Inspect", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "DetailItem", - "description": "", - "fields": [ + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "defaultValue": null + }, { - "name": "field", + "name": "name", "description": "", - "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } - }, - "isDeprecated": false, - "deprecationReason": null + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "defaultValue": null }, { - "name": "values", + "name": "placeholder", "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "defaultValue": null }, { - "name": "originalValue", + "name": "searchable", "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "EsValue", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null + "type": { "kind": "SCALAR", "name": "Boolean", "ofType": null }, + "defaultValue": null + }, + { + "name": "type", + "description": "", + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "defaultValue": null } ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "SCALAR", - "name": "EsValue", - "description": "", - "fields": null, - "inputFields": null, "interfaces": null, "enumValues": null, "possibleTypes": null }, { - "kind": "ENUM", - "name": "LastEventIndexKey", + "kind": "INPUT_OBJECT", + "name": "DataProviderInput", "description": "", "fields": null, - "inputFields": null, - "interfaces": null, - "enumValues": [ + "inputFields": [ { - "name": "hostDetails", + "name": "id", "description": "", - "isDeprecated": false, - "deprecationReason": null + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "defaultValue": null }, - { "name": "hosts", "description": "", "isDeprecated": false, "deprecationReason": null }, { - "name": "ipDetails", + "name": "name", "description": "", - "isDeprecated": false, - "deprecationReason": null + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "defaultValue": null }, - { "name": "network", "description": "", "isDeprecated": false, "deprecationReason": null } - ], - "possibleTypes": null - }, - { - "kind": "INPUT_OBJECT", - "name": "LastTimeDetails", - "description": "", - "fields": null, - "inputFields": [ { - "name": "hostName", + "name": "enabled", "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "type": { "kind": "SCALAR", "name": "Boolean", "ofType": null }, "defaultValue": null }, { - "name": "ip", + "name": "excluded", + "description": "", + "type": { "kind": "SCALAR", "name": "Boolean", "ofType": null }, + "defaultValue": null + }, + { + "name": "kqlQuery", "description": "", "type": { "kind": "SCALAR", "name": "String", "ofType": null }, "defaultValue": null - } - ], - "interfaces": null, - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "LastEventTimeData", - "description": "", - "fields": [ + }, { - "name": "lastSeen", + "name": "queryMatch", "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "Date", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null + "type": { "kind": "INPUT_OBJECT", "name": "QueryMatchInput", "ofType": null }, + "defaultValue": null }, { - "name": "inspect", + "name": "and", "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "Inspect", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null + "type": { + "kind": "LIST", + "name": null, + "ofType": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "INPUT_OBJECT", "name": "DataProviderInput", "ofType": null } + } + }, + "defaultValue": null + }, + { + "name": "type", + "description": "", + "type": { "kind": "ENUM", "name": "DataProviderType", "ofType": null }, + "defaultValue": null } ], - "inputFields": null, - "interfaces": [], + "interfaces": null, "enumValues": null, "possibleTypes": null }, { "kind": "INPUT_OBJECT", - "name": "HostsSortField", + "name": "QueryMatchInput", "description": "", "fields": null, "inputFields": [ { "name": "field", "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "ENUM", "name": "HostsFields", "ofType": null } - }, + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, "defaultValue": null }, { - "name": "direction", + "name": "displayField", "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "ENUM", "name": "Direction", "ofType": null } - }, + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "defaultValue": null + }, + { + "name": "value", + "description": "", + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "defaultValue": null + }, + { + "name": "displayValue", + "description": "", + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "defaultValue": null + }, + { + "name": "operator", + "description": "", + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, "defaultValue": null } ], @@ -6069,399 +3825,251 @@ "possibleTypes": null }, { - "kind": "ENUM", - "name": "HostsFields", + "kind": "INPUT_OBJECT", + "name": "FilterTimelineInput", "description": "", "fields": null, - "inputFields": null, - "interfaces": null, - "enumValues": [ + "inputFields": [ { - "name": "hostName", + "name": "exists", "description": "", - "isDeprecated": false, - "deprecationReason": null + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "defaultValue": null }, { - "name": "lastSeen", - "description": "", - "isDeprecated": false, - "deprecationReason": null - } - ], - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "HostsData", - "description": "", - "fields": [ - { - "name": "edges", + "name": "meta", "description": "", - "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "HostsEdges", "ofType": null } - } - } - }, - "isDeprecated": false, - "deprecationReason": null + "type": { "kind": "INPUT_OBJECT", "name": "FilterMetaTimelineInput", "ofType": null }, + "defaultValue": null }, { - "name": "totalCount", + "name": "match_all", "description": "", - "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "Float", "ofType": null } - }, - "isDeprecated": false, - "deprecationReason": null + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "defaultValue": null }, { - "name": "pageInfo", + "name": "missing", "description": "", - "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "PageInfoPaginated", "ofType": null } - }, - "isDeprecated": false, - "deprecationReason": null + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "defaultValue": null }, { - "name": "inspect", + "name": "query", "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "Inspect", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "HostsEdges", - "description": "", - "fields": [ + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "defaultValue": null + }, { - "name": "node", + "name": "range", "description": "", - "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "HostItem", "ofType": null } - }, - "isDeprecated": false, - "deprecationReason": null + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "defaultValue": null }, { - "name": "cursor", + "name": "script", "description": "", - "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "CursorType", "ofType": null } - }, - "isDeprecated": false, - "deprecationReason": null + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "defaultValue": null } ], - "inputFields": null, - "interfaces": [], + "interfaces": null, "enumValues": null, "possibleTypes": null }, { - "kind": "OBJECT", - "name": "HostItem", + "kind": "INPUT_OBJECT", + "name": "FilterMetaTimelineInput", "description": "", - "fields": [ + "fields": null, + "inputFields": [ { - "name": "_id", + "name": "alias", "description": "", - "args": [], "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null + "defaultValue": null }, { - "name": "cloud", + "name": "controlledBy", "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "CloudFields", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "defaultValue": null }, { - "name": "endpoint", + "name": "disabled", "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "EndpointFields", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null + "type": { "kind": "SCALAR", "name": "Boolean", "ofType": null }, + "defaultValue": null }, { - "name": "host", + "name": "field", "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "HostEcsFields", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "defaultValue": null }, { - "name": "inspect", + "name": "formattedValue", "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "Inspect", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "defaultValue": null }, { - "name": "lastSeen", + "name": "index", "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "Date", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "CloudFields", - "description": "", - "fields": [ + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "defaultValue": null + }, { - "name": "instance", + "name": "key", "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "CloudInstance", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "defaultValue": null }, { - "name": "machine", + "name": "negate", "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "CloudMachine", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null + "type": { "kind": "SCALAR", "name": "Boolean", "ofType": null }, + "defaultValue": null }, { - "name": "provider", + "name": "params", "description": "", - "args": [], - "type": { - "kind": "LIST", - "name": null, - "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } - }, - "isDeprecated": false, - "deprecationReason": null + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "defaultValue": null }, { - "name": "region", + "name": "type", "description": "", - "args": [], - "type": { - "kind": "LIST", - "name": null, - "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } - }, - "isDeprecated": false, - "deprecationReason": null + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "defaultValue": null + }, + { + "name": "value", + "description": "", + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "defaultValue": null } ], - "inputFields": null, - "interfaces": [], + "interfaces": null, "enumValues": null, "possibleTypes": null }, { - "kind": "OBJECT", - "name": "CloudInstance", + "kind": "INPUT_OBJECT", + "name": "SerializedFilterQueryInput", "description": "", - "fields": [ + "fields": null, + "inputFields": [ { - "name": "id", + "name": "filterQuery", "description": "", - "args": [], - "type": { - "kind": "LIST", - "name": null, - "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } - }, - "isDeprecated": false, - "deprecationReason": null + "type": { "kind": "INPUT_OBJECT", "name": "SerializedKueryQueryInput", "ofType": null }, + "defaultValue": null } ], - "inputFields": null, - "interfaces": [], + "interfaces": null, "enumValues": null, "possibleTypes": null }, { - "kind": "OBJECT", - "name": "CloudMachine", + "kind": "INPUT_OBJECT", + "name": "SerializedKueryQueryInput", "description": "", - "fields": [ + "fields": null, + "inputFields": [ { - "name": "type", + "name": "kuery", "description": "", - "args": [], - "type": { - "kind": "LIST", - "name": null, - "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } - }, - "isDeprecated": false, - "deprecationReason": null + "type": { "kind": "INPUT_OBJECT", "name": "KueryFilterQueryInput", "ofType": null }, + "defaultValue": null + }, + { + "name": "serializedQuery", + "description": "", + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "defaultValue": null } ], - "inputFields": null, - "interfaces": [], + "interfaces": null, "enumValues": null, "possibleTypes": null }, { - "kind": "OBJECT", - "name": "EndpointFields", + "kind": "INPUT_OBJECT", + "name": "KueryFilterQueryInput", "description": "", - "fields": [ + "fields": null, + "inputFields": [ { - "name": "endpointPolicy", + "name": "kind", "description": "", - "args": [], "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null + "defaultValue": null }, { - "name": "sensorVersion", + "name": "expression", "description": "", - "args": [], "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "policyStatus", - "description": "", - "args": [], - "type": { "kind": "ENUM", "name": "HostPolicyResponseActionStatus", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null + "defaultValue": null } ], - "inputFields": null, - "interfaces": [], + "interfaces": null, "enumValues": null, "possibleTypes": null }, { - "kind": "ENUM", - "name": "HostPolicyResponseActionStatus", + "kind": "INPUT_OBJECT", + "name": "DateRangePickerInput", "description": "", "fields": null, - "inputFields": null, - "interfaces": null, - "enumValues": [ + "inputFields": [ { - "name": "success", + "name": "start", "description": "", - "isDeprecated": false, - "deprecationReason": null + "type": { "kind": "SCALAR", "name": "ToAny", "ofType": null }, + "defaultValue": null }, { - "name": "failure", + "name": "end", "description": "", - "isDeprecated": false, - "deprecationReason": null - }, - { "name": "warning", "description": "", "isDeprecated": false, "deprecationReason": null } + "type": { "kind": "SCALAR", "name": "ToAny", "ofType": null }, + "defaultValue": null + } ], + "interfaces": null, + "enumValues": null, "possibleTypes": null }, { - "kind": "OBJECT", - "name": "FirstLastSeenHost", + "kind": "INPUT_OBJECT", + "name": "SortTimelineInput", "description": "", - "fields": [ - { - "name": "inspect", - "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "Inspect", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, + "fields": null, + "inputFields": [ { - "name": "firstSeen", + "name": "columnId", "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "Date", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "defaultValue": null }, { - "name": "lastSeen", + "name": "sortDirection", "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "Date", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "defaultValue": null } ], - "inputFields": null, - "interfaces": [], + "interfaces": null, "enumValues": null, "possibleTypes": null }, { "kind": "OBJECT", - "name": "KpiNetworkData", + "name": "ResponseTimeline", "description": "", "fields": [ { - "name": "networkEvents", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "uniqueFlowId", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "uniqueSourcePrivateIps", + "name": "code", "description": "", "args": [], "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, @@ -6469,95 +4077,24 @@ "deprecationReason": null }, { - "name": "uniqueSourcePrivateIpsHistogram", - "description": "", - "args": [], - "type": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "KpiNetworkHistogramData", "ofType": null } - } - }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "uniqueDestinationPrivateIps", + "name": "message", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "uniqueDestinationPrivateIpsHistogram", + "name": "timeline", "description": "", "args": [], "type": { - "kind": "LIST", + "kind": "NON_NULL", "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "KpiNetworkHistogramData", "ofType": null } - } + "ofType": { "kind": "OBJECT", "name": "TimelineResult", "ofType": null } }, "isDeprecated": false, "deprecationReason": null - }, - { - "name": "dnsQueries", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "tlsHandshakes", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "inspect", - "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "Inspect", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "KpiNetworkHistogramData", - "description": "", - "fields": [ - { - "name": "x", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "y", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null } ], "inputFields": null, @@ -6567,67 +4104,51 @@ }, { "kind": "OBJECT", - "name": "KpiHostsData", - "description": "", - "fields": [ - { - "name": "hosts", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, + "name": "ResponseFavoriteTimeline", + "description": "", + "fields": [ { - "name": "hostsHistogram", + "name": "code", "description": "", "args": [], - "type": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "KpiHostHistogramData", "ofType": null } - } - }, + "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "authSuccess", + "name": "message", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "authSuccessHistogram", + "name": "savedObjectId", "description": "", "args": [], "type": { - "kind": "LIST", + "kind": "NON_NULL", "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "KpiHostHistogramData", "ofType": null } - } + "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } }, "isDeprecated": false, "deprecationReason": null }, { - "name": "authFailure", + "name": "version", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, + "type": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } + }, "isDeprecated": false, "deprecationReason": null }, { - "name": "authFailureHistogram", + "name": "favorite", "description": "", "args": [], "type": { @@ -6636,92 +4157,88 @@ "ofType": { "kind": "NON_NULL", "name": null, - "ofType": { "kind": "OBJECT", "name": "KpiHostHistogramData", "ofType": null } + "ofType": { "kind": "OBJECT", "name": "FavoriteTimelineResult", "ofType": null } } }, "isDeprecated": false, "deprecationReason": null - }, - { - "name": "uniqueSourceIps", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, + } + ], + "inputFields": null, + "interfaces": [], + "enumValues": null, + "possibleTypes": null + }, + { + "kind": "OBJECT", + "name": "__Schema", + "description": "A GraphQL Schema defines the capabilities of a GraphQL server. It exposes all available types and directives on the server, as well as the entry points for query, mutation, and subscription operations.", + "fields": [ { - "name": "uniqueSourceIpsHistogram", - "description": "", + "name": "types", + "description": "A list of all types supported by this server.", "args": [], "type": { - "kind": "LIST", + "kind": "NON_NULL", "name": null, "ofType": { - "kind": "NON_NULL", + "kind": "LIST", "name": null, - "ofType": { "kind": "OBJECT", "name": "KpiHostHistogramData", "ofType": null } + "ofType": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "OBJECT", "name": "__Type", "ofType": null } + } } }, "isDeprecated": false, "deprecationReason": null }, { - "name": "uniqueDestinationIps", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "uniqueDestinationIpsHistogram", - "description": "", + "name": "queryType", + "description": "The type that query operations will be rooted at.", "args": [], "type": { - "kind": "LIST", + "kind": "NON_NULL", "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "KpiHostHistogramData", "ofType": null } - } + "ofType": { "kind": "OBJECT", "name": "__Type", "ofType": null } }, "isDeprecated": false, "deprecationReason": null }, { - "name": "inspect", - "description": "", + "name": "mutationType", + "description": "If this server supports mutation, the type that mutation operations will be rooted at.", "args": [], - "type": { "kind": "OBJECT", "name": "Inspect", "ofType": null }, + "type": { "kind": "OBJECT", "name": "__Type", "ofType": null }, "isDeprecated": false, "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "KpiHostHistogramData", - "description": "", - "fields": [ + }, { - "name": "x", - "description": "", + "name": "subscriptionType", + "description": "If this server support subscription, the type that subscription operations will be rooted at.", "args": [], - "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, + "type": { "kind": "OBJECT", "name": "__Type", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "y", - "description": "", + "name": "directives", + "description": "A list of all directives supported by this server.", "args": [], - "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, + "type": { + "kind": "NON_NULL", + "name": null, + "ofType": { + "kind": "LIST", + "name": null, + "ofType": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "OBJECT", "name": "__Directive", "ofType": null } + } + } + }, "isDeprecated": false, "deprecationReason": null } @@ -6733,68 +4250,63 @@ }, { "kind": "OBJECT", - "name": "KpiHostDetailsData", - "description": "", + "name": "__Type", + "description": "The fundamental unit of any GraphQL Schema is the type. There are many kinds of types in GraphQL as represented by the `__TypeKind` enum.\n\nDepending on the kind of a type, certain fields describe information about that type. Scalar types provide no information beyond a name and description, while Enum types provide their values. Object and Interface types provide the fields they describe. Abstract types, Union and Interface, provide the Object types possible at runtime. List and NonNull types compose other types.", "fields": [ { - "name": "authSuccess", - "description": "", + "name": "kind", + "description": null, "args": [], - "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, + "type": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "ENUM", "name": "__TypeKind", "ofType": null } + }, "isDeprecated": false, "deprecationReason": null }, { - "name": "authSuccessHistogram", - "description": "", + "name": "name", + "description": null, "args": [], - "type": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "KpiHostHistogramData", "ofType": null } - } - }, + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "authFailure", - "description": "", + "name": "description", + "description": null, "args": [], - "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "authFailureHistogram", - "description": "", - "args": [], + "name": "fields", + "description": null, + "args": [ + { + "name": "includeDeprecated", + "description": null, + "type": { "kind": "SCALAR", "name": "Boolean", "ofType": null }, + "defaultValue": "false" + } + ], "type": { "kind": "LIST", "name": null, "ofType": { "kind": "NON_NULL", "name": null, - "ofType": { "kind": "OBJECT", "name": "KpiHostHistogramData", "ofType": null } + "ofType": { "kind": "OBJECT", "name": "__Field", "ofType": null } } }, "isDeprecated": false, "deprecationReason": null }, { - "name": "uniqueSourceIps", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "uniqueSourceIpsHistogram", - "description": "", + "name": "interfaces", + "description": null, "args": [], "type": { "kind": "LIST", @@ -6802,23 +4314,15 @@ "ofType": { "kind": "NON_NULL", "name": null, - "ofType": { "kind": "OBJECT", "name": "KpiHostHistogramData", "ofType": null } + "ofType": { "kind": "OBJECT", "name": "__Type", "ofType": null } } }, "isDeprecated": false, "deprecationReason": null }, { - "name": "uniqueDestinationIps", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "uniqueDestinationIpsHistogram", - "description": "", + "name": "possibleTypes", + "description": null, "args": [], "type": { "kind": "LIST", @@ -6826,133 +4330,56 @@ "ofType": { "kind": "NON_NULL", "name": null, - "ofType": { "kind": "OBJECT", "name": "KpiHostHistogramData", "ofType": null } + "ofType": { "kind": "OBJECT", "name": "__Type", "ofType": null } } }, "isDeprecated": false, "deprecationReason": null }, { - "name": "inspect", - "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "Inspect", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "ENUM", - "name": "HistogramType", - "description": "", - "fields": null, - "inputFields": null, - "interfaces": null, - "enumValues": [ - { - "name": "authentications", - "description": "", - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "anomalies", - "description": "", - "isDeprecated": false, - "deprecationReason": null - }, - { "name": "events", "description": "", "isDeprecated": false, "deprecationReason": null }, - { "name": "alerts", "description": "", "isDeprecated": false, "deprecationReason": null }, - { "name": "dns", "description": "", "isDeprecated": false, "deprecationReason": null } - ], - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "MatrixHistogramOverTimeData", - "description": "", - "fields": [ - { - "name": "inspect", - "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "Inspect", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "matrixHistogramData", - "description": "", - "args": [], + "name": "enumValues", + "description": null, + "args": [ + { + "name": "includeDeprecated", + "description": null, + "type": { "kind": "SCALAR", "name": "Boolean", "ofType": null }, + "defaultValue": "false" + } + ], "type": { - "kind": "NON_NULL", + "kind": "LIST", "name": null, "ofType": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { - "kind": "OBJECT", - "name": "MatrixOverTimeHistogramData", - "ofType": null - } - } + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "OBJECT", "name": "__EnumValue", "ofType": null } } }, "isDeprecated": false, "deprecationReason": null }, { - "name": "totalCount", - "description": "", + "name": "inputFields", + "description": null, "args": [], "type": { - "kind": "NON_NULL", + "kind": "LIST", "name": null, - "ofType": { "kind": "SCALAR", "name": "Float", "ofType": null } + "ofType": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "OBJECT", "name": "__InputValue", "ofType": null } + } }, "isDeprecated": false, "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "MatrixOverTimeHistogramData", - "description": "", - "fields": [ - { - "name": "x", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "y", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null }, { - "name": "g", - "description": "", + "name": "ofType", + "description": null, "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "type": { "kind": "OBJECT", "name": "__Type", "ofType": null }, "isDeprecated": false, "deprecationReason": null } @@ -6964,83 +4391,57 @@ }, { "kind": "ENUM", - "name": "FlowTargetSourceDest", - "description": "", + "name": "__TypeKind", + "description": "An enum describing what kind of type a given `__Type` is.", "fields": null, "inputFields": null, "interfaces": null, "enumValues": [ { - "name": "destination", - "description": "", + "name": "SCALAR", + "description": "Indicates this type is a scalar.", "isDeprecated": false, "deprecationReason": null }, - { "name": "source", "description": "", "isDeprecated": false, "deprecationReason": null } - ], - "possibleTypes": null - }, - { - "kind": "INPUT_OBJECT", - "name": "NetworkTopTablesSortField", - "description": "", - "fields": null, - "inputFields": [ { - "name": "field", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "ENUM", "name": "NetworkTopTablesFields", "ofType": null } - }, - "defaultValue": null + "name": "OBJECT", + "description": "Indicates this type is an object. `fields` and `interfaces` are valid fields.", + "isDeprecated": false, + "deprecationReason": null }, { - "name": "direction", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "ENUM", "name": "Direction", "ofType": null } - }, - "defaultValue": null - } - ], - "interfaces": null, - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "ENUM", - "name": "NetworkTopTablesFields", - "description": "", - "fields": null, - "inputFields": null, - "interfaces": null, - "enumValues": [ + "name": "INTERFACE", + "description": "Indicates this type is an interface. `fields` and `possibleTypes` are valid fields.", + "isDeprecated": false, + "deprecationReason": null + }, { - "name": "bytes_in", - "description": "", + "name": "UNION", + "description": "Indicates this type is a union. `possibleTypes` is a valid field.", "isDeprecated": false, "deprecationReason": null }, { - "name": "bytes_out", - "description": "", + "name": "ENUM", + "description": "Indicates this type is an enum. `enumValues` is a valid field.", "isDeprecated": false, "deprecationReason": null }, - { "name": "flows", "description": "", "isDeprecated": false, "deprecationReason": null }, { - "name": "destination_ips", - "description": "", + "name": "INPUT_OBJECT", + "description": "Indicates this type is an input object. `inputFields` is a valid field.", "isDeprecated": false, "deprecationReason": null }, { - "name": "source_ips", - "description": "", + "name": "LIST", + "description": "Indicates this type is a list. `ofType` is a valid field.", + "isDeprecated": false, + "deprecationReason": null + }, + { + "name": "NON_NULL", + "description": "Indicates this type is a non-null. `ofType` is a valid field.", "isDeprecated": false, "deprecationReason": null } @@ -7049,136 +4450,78 @@ }, { "kind": "OBJECT", - "name": "NetworkTopCountriesData", - "description": "", + "name": "__Field", + "description": "Object and Interface types are described by a list of Fields, each of which has a name, potentially a list of arguments, and a return type.", "fields": [ { - "name": "edges", - "description": "", + "name": "name", + "description": null, "args": [], "type": { "kind": "NON_NULL", "name": null, - "ofType": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "NetworkTopCountriesEdges", "ofType": null } - } - } + "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } }, "isDeprecated": false, "deprecationReason": null }, { - "name": "totalCount", - "description": "", + "name": "description", + "description": null, "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "Float", "ofType": null } - }, + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "pageInfo", - "description": "", + "name": "args", + "description": null, "args": [], "type": { "kind": "NON_NULL", "name": null, - "ofType": { "kind": "OBJECT", "name": "PageInfoPaginated", "ofType": null } + "ofType": { + "kind": "LIST", + "name": null, + "ofType": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "OBJECT", "name": "__InputValue", "ofType": null } + } + } }, "isDeprecated": false, "deprecationReason": null }, { - "name": "inspect", - "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "Inspect", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "NetworkTopCountriesEdges", - "description": "", - "fields": [ - { - "name": "node", - "description": "", + "name": "type", + "description": null, "args": [], "type": { "kind": "NON_NULL", "name": null, - "ofType": { "kind": "OBJECT", "name": "NetworkTopCountriesItem", "ofType": null } + "ofType": { "kind": "OBJECT", "name": "__Type", "ofType": null } }, "isDeprecated": false, "deprecationReason": null }, { - "name": "cursor", - "description": "", + "name": "isDeprecated", + "description": null, "args": [], "type": { "kind": "NON_NULL", "name": null, - "ofType": { "kind": "OBJECT", "name": "CursorType", "ofType": null } + "ofType": { "kind": "SCALAR", "name": "Boolean", "ofType": null } }, "isDeprecated": false, "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "NetworkTopCountriesItem", - "description": "", - "fields": [ - { - "name": "_id", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "source", - "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "TopCountriesItemSource", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "destination", - "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "TopCountriesItemDestination", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null }, { - "name": "network", - "description": "", + "name": "deprecationReason", + "description": null, "args": [], - "type": { "kind": "OBJECT", "name": "TopNetworkTablesEcsField", "ofType": null }, + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, "isDeprecated": false, "deprecationReason": null } @@ -7190,73 +4533,46 @@ }, { "kind": "OBJECT", - "name": "TopCountriesItemSource", - "description": "", + "name": "__InputValue", + "description": "Arguments provided to Fields or Directives and the input fields of an InputObject are represented as Input Values which describe their type and optionally a default value.", "fields": [ { - "name": "country", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "destination_ips", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "flows", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "location", - "description": "", + "name": "name", + "description": null, "args": [], - "type": { "kind": "OBJECT", "name": "GeoItem", "ofType": null }, + "type": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } + }, "isDeprecated": false, "deprecationReason": null }, { - "name": "source_ips", - "description": "", + "name": "description", + "description": null, "args": [], - "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, "isDeprecated": false, "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "GeoItem", - "description": "", - "fields": [ + }, { - "name": "geo", - "description": "", + "name": "type", + "description": null, "args": [], - "type": { "kind": "OBJECT", "name": "GeoEcsFields", "ofType": null }, + "type": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "OBJECT", "name": "__Type", "ofType": null } + }, "isDeprecated": false, "deprecationReason": null }, { - "name": "flowTarget", - "description": "", + "name": "defaultValue", + "description": "A GraphQL-formatted string representing the default value for this input value.", "args": [], - "type": { "kind": "ENUM", "name": "FlowTargetSourceDest", "ofType": null }, + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, "isDeprecated": false, "deprecationReason": null } @@ -7268,46 +4584,46 @@ }, { "kind": "OBJECT", - "name": "TopCountriesItemDestination", - "description": "", + "name": "__EnumValue", + "description": "One possible value for a given Enum. Enum values are unique values, not a placeholder for a string or numeric value. However an Enum value is returned in a JSON response as a string.", "fields": [ { - "name": "country", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "destination_ips", - "description": "", + "name": "name", + "description": null, "args": [], - "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, + "type": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } + }, "isDeprecated": false, "deprecationReason": null }, { - "name": "flows", - "description": "", + "name": "description", + "description": null, "args": [], - "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "location", - "description": "", + "name": "isDeprecated", + "description": null, "args": [], - "type": { "kind": "OBJECT", "name": "GeoItem", "ofType": null }, + "type": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "SCALAR", "name": "Boolean", "ofType": null } + }, "isDeprecated": false, "deprecationReason": null }, { - "name": "source_ips", - "description": "", + "name": "deprecationReason", + "description": null, "args": [], - "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, "isDeprecated": false, "deprecationReason": null } @@ -7319,39 +4635,32 @@ }, { "kind": "OBJECT", - "name": "TopNetworkTablesEcsField", - "description": "", + "name": "__Directive", + "description": "A Directive provides a way to describe alternate runtime execution and type validation behavior in a GraphQL document.\n\nIn some cases, you need to provide options to alter GraphQL's execution behavior in ways field arguments will not suffice, such as conditionally including or skipping a field. Directives provide this by describing additional information to the executor.", "fields": [ { - "name": "bytes_in", - "description": "", + "name": "name", + "description": null, "args": [], - "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, + "type": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } + }, "isDeprecated": false, "deprecationReason": null }, { - "name": "bytes_out", - "description": "", + "name": "description", + "description": null, "args": [], - "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, "isDeprecated": false, "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "NetworkTopNFlowData", - "description": "", - "fields": [ + }, { - "name": "edges", - "description": "", + "name": "locations", + "description": null, "args": [], "type": { "kind": "NON_NULL", @@ -7362,7 +4671,7 @@ "ofType": { "kind": "NON_NULL", "name": null, - "ofType": { "kind": "OBJECT", "name": "NetworkTopNFlowEdges", "ofType": null } + "ofType": { "kind": "ENUM", "name": "__DirectiveLocation", "ofType": null } } } }, @@ -7370,71 +4679,60 @@ "deprecationReason": null }, { - "name": "totalCount", - "description": "", + "name": "args", + "description": null, "args": [], "type": { "kind": "NON_NULL", "name": null, - "ofType": { "kind": "SCALAR", "name": "Float", "ofType": null } + "ofType": { + "kind": "LIST", + "name": null, + "ofType": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "OBJECT", "name": "__InputValue", "ofType": null } + } + } }, "isDeprecated": false, "deprecationReason": null }, { - "name": "pageInfo", - "description": "", + "name": "onOperation", + "description": null, "args": [], "type": { "kind": "NON_NULL", "name": null, - "ofType": { "kind": "OBJECT", "name": "PageInfoPaginated", "ofType": null } + "ofType": { "kind": "SCALAR", "name": "Boolean", "ofType": null } }, - "isDeprecated": false, - "deprecationReason": null + "isDeprecated": true, + "deprecationReason": "Use `locations`." }, { - "name": "inspect", - "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "Inspect", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "NetworkTopNFlowEdges", - "description": "", - "fields": [ - { - "name": "node", - "description": "", + "name": "onFragment", + "description": null, "args": [], "type": { "kind": "NON_NULL", "name": null, - "ofType": { "kind": "OBJECT", "name": "NetworkTopNFlowItem", "ofType": null } + "ofType": { "kind": "SCALAR", "name": "Boolean", "ofType": null } }, - "isDeprecated": false, - "deprecationReason": null + "isDeprecated": true, + "deprecationReason": "Use `locations`." }, { - "name": "cursor", - "description": "", + "name": "onField", + "description": null, "args": [], "type": { "kind": "NON_NULL", "name": null, - "ofType": { "kind": "OBJECT", "name": "CursorType", "ofType": null } + "ofType": { "kind": "SCALAR", "name": "Boolean", "ofType": null } }, - "isDeprecated": false, - "deprecationReason": null + "isDeprecated": true, + "deprecationReason": "Use `locations`." } ], "inputFields": null, @@ -7443,496 +4741,288 @@ "possibleTypes": null }, { - "kind": "OBJECT", - "name": "NetworkTopNFlowItem", - "description": "", - "fields": [ + "kind": "ENUM", + "name": "__DirectiveLocation", + "description": "A Directive can be adjacent to many parts of the GraphQL language, a __DirectiveLocation describes one such possible adjacencies.", + "fields": null, + "inputFields": null, + "interfaces": null, + "enumValues": [ { - "name": "_id", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "name": "QUERY", + "description": "Location adjacent to a query operation.", "isDeprecated": false, "deprecationReason": null }, { - "name": "source", - "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "TopNFlowItemSource", "ofType": null }, + "name": "MUTATION", + "description": "Location adjacent to a mutation operation.", "isDeprecated": false, "deprecationReason": null }, { - "name": "destination", - "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "TopNFlowItemDestination", "ofType": null }, + "name": "SUBSCRIPTION", + "description": "Location adjacent to a subscription operation.", "isDeprecated": false, "deprecationReason": null }, { - "name": "network", - "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "TopNetworkTablesEcsField", "ofType": null }, + "name": "FIELD", + "description": "Location adjacent to a field.", "isDeprecated": false, "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "TopNFlowItemSource", - "description": "", - "fields": [ + }, { - "name": "autonomous_system", - "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "AutonomousSystemItem", "ofType": null }, + "name": "FRAGMENT_DEFINITION", + "description": "Location adjacent to a fragment definition.", "isDeprecated": false, "deprecationReason": null }, { - "name": "domain", - "description": "", - "args": [], - "type": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } - } - }, + "name": "FRAGMENT_SPREAD", + "description": "Location adjacent to a fragment spread.", "isDeprecated": false, "deprecationReason": null }, { - "name": "ip", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "name": "INLINE_FRAGMENT", + "description": "Location adjacent to an inline fragment.", "isDeprecated": false, "deprecationReason": null }, { - "name": "location", - "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "GeoItem", "ofType": null }, + "name": "SCHEMA", + "description": "Location adjacent to a schema definition.", "isDeprecated": false, "deprecationReason": null }, { - "name": "flows", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, + "name": "SCALAR", + "description": "Location adjacent to a scalar definition.", "isDeprecated": false, "deprecationReason": null }, { - "name": "destination_ips", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, + "name": "OBJECT", + "description": "Location adjacent to an object type definition.", "isDeprecated": false, - "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "AutonomousSystemItem", - "description": "", - "fields": [ + "deprecationReason": null + }, { - "name": "name", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "name": "FIELD_DEFINITION", + "description": "Location adjacent to a field definition.", "isDeprecated": false, "deprecationReason": null }, { - "name": "number", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, + "name": "ARGUMENT_DEFINITION", + "description": "Location adjacent to an argument definition.", "isDeprecated": false, "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "TopNFlowItemDestination", - "description": "", - "fields": [ + }, { - "name": "autonomous_system", - "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "AutonomousSystemItem", "ofType": null }, + "name": "INTERFACE", + "description": "Location adjacent to an interface definition.", "isDeprecated": false, "deprecationReason": null }, { - "name": "domain", - "description": "", - "args": [], - "type": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } - } - }, + "name": "UNION", + "description": "Location adjacent to a union definition.", "isDeprecated": false, "deprecationReason": null }, { - "name": "ip", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "name": "ENUM", + "description": "Location adjacent to an enum definition.", "isDeprecated": false, "deprecationReason": null }, { - "name": "location", - "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "GeoItem", "ofType": null }, + "name": "ENUM_VALUE", + "description": "Location adjacent to an enum value definition.", "isDeprecated": false, "deprecationReason": null }, { - "name": "flows", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, + "name": "INPUT_OBJECT", + "description": "Location adjacent to an input object type definition.", "isDeprecated": false, "deprecationReason": null }, { - "name": "source_ips", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, + "name": "INPUT_FIELD_DEFINITION", + "description": "Location adjacent to an input object field definition.", "isDeprecated": false, "deprecationReason": null } ], - "inputFields": null, - "interfaces": [], - "enumValues": null, "possibleTypes": null }, { - "kind": "INPUT_OBJECT", - "name": "NetworkDnsSortField", + "kind": "SCALAR", + "name": "ToStringArrayNoNullable", "description": "", "fields": null, - "inputFields": [ - { - "name": "field", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "ENUM", "name": "NetworkDnsFields", "ofType": null } - }, - "defaultValue": null - }, - { - "name": "direction", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "ENUM", "name": "Direction", "ofType": null } - }, - "defaultValue": null - } - ], + "inputFields": null, "interfaces": null, "enumValues": null, "possibleTypes": null }, { - "kind": "ENUM", - "name": "NetworkDnsFields", + "kind": "OBJECT", + "name": "EventEcsFields", "description": "", - "fields": null, - "inputFields": null, - "interfaces": null, - "enumValues": [ - { - "name": "dnsName", - "description": "", - "isDeprecated": false, - "deprecationReason": null - }, + "fields": [ { - "name": "queryCount", + "name": "action", "description": "", + "args": [], + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "uniqueDomains", + "name": "category", "description": "", + "args": [], + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "dnsBytesIn", + "name": "code", "description": "", + "args": [], + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "dnsBytesOut", - "description": "", - "isDeprecated": false, - "deprecationReason": null - } - ], - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "NetworkDnsData", - "description": "", - "fields": [ - { - "name": "edges", + "name": "created", "description": "", "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "NetworkDnsEdges", "ofType": null } - } - } - }, + "type": { "kind": "SCALAR", "name": "ToDateArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "totalCount", + "name": "dataset", "description": "", "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "Float", "ofType": null } - }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "pageInfo", + "name": "duration", "description": "", "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "PageInfoPaginated", "ofType": null } - }, + "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "inspect", + "name": "end", "description": "", "args": [], - "type": { "kind": "OBJECT", "name": "Inspect", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToDateArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "histogram", + "name": "hash", "description": "", "args": [], - "type": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { - "kind": "OBJECT", - "name": "MatrixOverOrdinalHistogramData", - "ofType": null - } - } - }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "NetworkDnsEdges", - "description": "", - "fields": [ + }, { - "name": "node", + "name": "id", "description": "", "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "NetworkDnsItem", "ofType": null } - }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "cursor", + "name": "kind", "description": "", "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "CursorType", "ofType": null } - }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "NetworkDnsItem", - "description": "", - "fields": [ + }, { - "name": "_id", + "name": "module", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "dnsBytesIn", + "name": "original", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "dnsBytesOut", + "name": "outcome", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "dnsName", + "name": "risk_score", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "queryCount", + "name": "risk_score_norm", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "uniqueDomains", + "name": "severity", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "MatrixOverOrdinalHistogramData", - "description": "", - "fields": [ + }, { - "name": "x", + "name": "start", "description": "", "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } - }, + "type": { "kind": "SCALAR", "name": "ToDateArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "y", + "name": "timezone", "description": "", "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "Float", "ofType": null } - }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "g", + "name": "type", "description": "", "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } - }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null } @@ -7942,52 +5032,44 @@ "enumValues": null, "possibleTypes": null }, + { + "kind": "SCALAR", + "name": "ToDateArray", + "description": "", + "fields": null, + "inputFields": null, + "interfaces": null, + "enumValues": null, + "possibleTypes": null + }, + { + "kind": "SCALAR", + "name": "ToNumberArray", + "description": "", + "fields": null, + "inputFields": null, + "interfaces": null, + "enumValues": null, + "possibleTypes": null + }, { "kind": "OBJECT", - "name": "NetworkDsOverTimeData", + "name": "Location", "description": "", "fields": [ { - "name": "inspect", - "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "Inspect", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "matrixHistogramData", + "name": "lon", "description": "", "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { - "kind": "OBJECT", - "name": "MatrixOverTimeHistogramData", - "ofType": null - } - } - } - }, + "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "totalCount", + "name": "lat", "description": "", "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "Float", "ofType": null } - }, + "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null } @@ -7997,116 +5079,64 @@ "enumValues": null, "possibleTypes": null }, - { - "kind": "INPUT_OBJECT", - "name": "NetworkHttpSortField", - "description": "", - "fields": null, - "inputFields": [ - { - "name": "direction", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "ENUM", "name": "Direction", "ofType": null } - }, - "defaultValue": null - } - ], - "interfaces": null, - "enumValues": null, - "possibleTypes": null - }, { "kind": "OBJECT", - "name": "NetworkHttpData", + "name": "GeoEcsFields", "description": "", "fields": [ { - "name": "edges", + "name": "city_name", "description": "", "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "NetworkHttpEdges", "ofType": null } - } - } - }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "totalCount", + "name": "continent_name", "description": "", "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "Float", "ofType": null } - }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "pageInfo", + "name": "country_iso_code", "description": "", "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "PageInfoPaginated", "ofType": null } - }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "inspect", + "name": "country_name", "description": "", "args": [], - "type": { "kind": "OBJECT", "name": "Inspect", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "NetworkHttpEdges", - "description": "", - "fields": [ + }, { - "name": "node", + "name": "location", "description": "", "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "NetworkHttpItem", "ofType": null } - }, + "type": { "kind": "OBJECT", "name": "Location", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "cursor", + "name": "region_iso_code", "description": "", "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "CursorType", "ofType": null } - }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null + }, + { + "name": "region_name", + "description": "", + "args": [], + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null } @@ -8118,106 +5148,81 @@ }, { "kind": "OBJECT", - "name": "NetworkHttpItem", + "name": "PrimarySecondary", "description": "", "fields": [ { - "name": "_id", + "name": "primary", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "domains", + "name": "secondary", "description": "", "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } - } - } - }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "lastHost", + "name": "type", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null - }, + } + ], + "inputFields": null, + "interfaces": [], + "enumValues": null, + "possibleTypes": null + }, + { + "kind": "OBJECT", + "name": "Summary", + "description": "", + "fields": [ { - "name": "lastSourceIp", + "name": "actor", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "type": { "kind": "OBJECT", "name": "PrimarySecondary", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "methods", + "name": "object", "description": "", "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } - } - } - }, + "type": { "kind": "OBJECT", "name": "PrimarySecondary", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "path", + "name": "how", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "requestCount", + "name": "message_type", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "statuses", + "name": "sequence", "description": "", "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } - } - } - }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null } @@ -8229,18 +5234,14 @@ }, { "kind": "OBJECT", - "name": "SayMyName", + "name": "AgentEcsField", "description": "", "fields": [ { - "name": "appName", - "description": "The id of the source", + "name": "type", + "description": "", "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } - }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null } @@ -8251,335 +5252,294 @@ "possibleTypes": null }, { - "kind": "OBJECT", - "name": "TimelineResult", - "description": "", - "fields": [ - { - "name": "columns", - "description": "", - "args": [], - "type": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "ColumnHeaderResult", "ofType": null } - } - }, + "kind": "OBJECT", + "name": "AuditdData", + "description": "", + "fields": [ + { + "name": "acct", + "description": "", + "args": [], + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "created", + "name": "terminal", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "createdBy", + "name": "op", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null - }, + } + ], + "inputFields": null, + "interfaces": [], + "enumValues": null, + "possibleTypes": null + }, + { + "kind": "OBJECT", + "name": "AuditdEcsFields", + "description": "", + "fields": [ { - "name": "dataProviders", + "name": "result", "description": "", "args": [], - "type": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "DataProviderResult", "ofType": null } - } - }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "dateRange", + "name": "session", "description": "", "args": [], - "type": { "kind": "OBJECT", "name": "DateRangePickerResult", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "description", + "name": "data", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "type": { "kind": "OBJECT", "name": "AuditdData", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "eventIdToNoteIds", + "name": "summary", "description": "", "args": [], - "type": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "NoteResult", "ofType": null } - } - }, + "type": { "kind": "OBJECT", "name": "Summary", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "eventType", + "name": "sequence", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null - }, + } + ], + "inputFields": null, + "interfaces": [], + "enumValues": null, + "possibleTypes": null + }, + { + "kind": "OBJECT", + "name": "Thread", + "description": "", + "fields": [ { - "name": "excludedRowRendererIds", + "name": "id", "description": "", "args": [], - "type": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "ENUM", "name": "RowRendererId", "ofType": null } - } - }, + "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "favorite", + "name": "start", "description": "", "args": [], - "type": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "FavoriteTimelineResult", "ofType": null } - } - }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null - }, + } + ], + "inputFields": null, + "interfaces": [], + "enumValues": null, + "possibleTypes": null + }, + { + "kind": "OBJECT", + "name": "ProcessHashData", + "description": "", + "fields": [ { - "name": "filters", + "name": "md5", "description": "", "args": [], - "type": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "FilterTimelineResult", "ofType": null } - } - }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "kqlMode", + "name": "sha1", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "kqlQuery", + "name": "sha256", "description": "", "args": [], - "type": { "kind": "OBJECT", "name": "SerializedFilterQueryResult", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null - }, + } + ], + "inputFields": null, + "interfaces": [], + "enumValues": null, + "possibleTypes": null + }, + { + "kind": "OBJECT", + "name": "ProcessEcsFields", + "description": "", + "fields": [ { - "name": "indexNames", + "name": "hash", "description": "", "args": [], - "type": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } - } - }, + "type": { "kind": "OBJECT", "name": "ProcessHashData", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "notes", + "name": "pid", "description": "", "args": [], - "type": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "NoteResult", "ofType": null } - } - }, + "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "noteIds", + "name": "name", "description": "", "args": [], - "type": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } - } - }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "pinnedEventIds", + "name": "ppid", "description": "", "args": [], - "type": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } - } - }, + "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "pinnedEventsSaveObject", + "name": "args", "description": "", "args": [], - "type": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "PinnedEvent", "ofType": null } - } - }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "savedQueryId", + "name": "entity_id", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "savedObjectId", + "name": "executable", "description": "", "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } - }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "sort", + "name": "title", "description": "", "args": [], - "type": { "kind": "OBJECT", "name": "SortTimelineResult", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "status", + "name": "thread", "description": "", "args": [], - "type": { "kind": "ENUM", "name": "TimelineStatus", "ofType": null }, + "type": { "kind": "OBJECT", "name": "Thread", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "title", + "name": "working_directory", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null - }, + } + ], + "inputFields": null, + "interfaces": [], + "enumValues": null, + "possibleTypes": null + }, + { + "kind": "OBJECT", + "name": "SourceEcsFields", + "description": "", + "fields": [ { - "name": "templateTimelineId", + "name": "bytes", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "templateTimelineVersion", + "name": "ip", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "Int", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "timelineType", + "name": "port", "description": "", "args": [], - "type": { "kind": "ENUM", "name": "TimelineType", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "updated", + "name": "domain", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "updatedBy", + "name": "geo", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "type": { "kind": "OBJECT", "name": "GeoEcsFields", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "version", + "name": "packets", "description": "", "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } - }, + "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null } @@ -8591,102 +5551,116 @@ }, { "kind": "OBJECT", - "name": "ColumnHeaderResult", + "name": "DestinationEcsFields", "description": "", "fields": [ { - "name": "aggregatable", + "name": "bytes", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "Boolean", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "category", + "name": "ip", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "columnHeaderType", + "name": "port", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "description", + "name": "domain", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "example", + "name": "geo", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "type": { "kind": "OBJECT", "name": "GeoEcsFields", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "indexes", + "name": "packets", "description": "", "args": [], - "type": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } - } - }, + "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null - }, + } + ], + "inputFields": null, + "interfaces": [], + "enumValues": null, + "possibleTypes": null + }, + { + "kind": "OBJECT", + "name": "DnsQuestionData", + "description": "", + "fields": [ { - "name": "id", + "name": "name", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "name", + "name": "type", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null - }, + } + ], + "inputFields": null, + "interfaces": [], + "enumValues": null, + "possibleTypes": null + }, + { + "kind": "OBJECT", + "name": "DnsEcsFields", + "description": "", + "fields": [ { - "name": "placeholder", + "name": "question", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "type": { "kind": "OBJECT", "name": "DnsQuestionData", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "searchable", + "name": "resolved_ip", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "Boolean", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "type", + "name": "response_code", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null } @@ -8698,129 +5672,110 @@ }, { "kind": "OBJECT", - "name": "DataProviderResult", + "name": "EndgameEcsFields", "description": "", "fields": [ { - "name": "id", + "name": "exit_code", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "name", + "name": "file_name", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "enabled", + "name": "file_path", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "Boolean", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "excluded", + "name": "logon_type", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "Boolean", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "kqlQuery", + "name": "parent_process_name", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "queryMatch", + "name": "pid", "description": "", "args": [], - "type": { "kind": "OBJECT", "name": "QueryMatchResult", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "type", + "name": "process_name", "description": "", "args": [], - "type": { "kind": "ENUM", "name": "DataProviderType", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "and", + "name": "subject_domain_name", "description": "", "args": [], - "type": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "DataProviderResult", "ofType": null } - } - }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "QueryMatchResult", - "description": "", - "fields": [ + }, { - "name": "field", + "name": "subject_logon_id", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "displayField", + "name": "subject_user_name", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "value", + "name": "target_domain_name", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "displayValue", + "name": "target_logon_id", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "operator", + "name": "target_user_name", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null } @@ -8830,151 +5785,97 @@ "enumValues": null, "possibleTypes": null }, - { - "kind": "ENUM", - "name": "DataProviderType", - "description": "", - "fields": null, - "inputFields": null, - "interfaces": null, - "enumValues": [ - { - "name": "default", - "description": "", - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "template", - "description": "", - "isDeprecated": false, - "deprecationReason": null - } - ], - "possibleTypes": null - }, { "kind": "OBJECT", - "name": "DateRangePickerResult", + "name": "SuricataAlertData", "description": "", "fields": [ { - "name": "start", + "name": "signature", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToAny", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "end", + "name": "signature_id", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToAny", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null } ], "inputFields": null, "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "ENUM", - "name": "RowRendererId", - "description": "", - "fields": null, - "inputFields": null, - "interfaces": null, - "enumValues": [ - { "name": "auditd", "description": "", "isDeprecated": false, "deprecationReason": null }, - { - "name": "auditd_file", - "description": "", - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "netflow", - "description": "", - "isDeprecated": false, - "deprecationReason": null - }, - { "name": "plain", "description": "", "isDeprecated": false, "deprecationReason": null }, - { - "name": "suricata", - "description": "", - "isDeprecated": false, - "deprecationReason": null - }, - { "name": "system", "description": "", "isDeprecated": false, "deprecationReason": null }, - { - "name": "system_dns", - "description": "", - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "system_endgame_process", - "description": "", - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "system_file", - "description": "", - "isDeprecated": false, - "deprecationReason": null - }, + "enumValues": null, + "possibleTypes": null + }, + { + "kind": "OBJECT", + "name": "SuricataEveData", + "description": "", + "fields": [ { - "name": "system_fim", + "name": "alert", "description": "", + "args": [], + "type": { "kind": "OBJECT", "name": "SuricataAlertData", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "system_security_event", + "name": "flow_id", "description": "", + "args": [], + "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "system_socket", + "name": "proto", "description": "", + "args": [], + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null - }, - { "name": "zeek", "description": "", "isDeprecated": false, "deprecationReason": null } + } ], + "inputFields": null, + "interfaces": [], + "enumValues": null, "possibleTypes": null }, { "kind": "OBJECT", - "name": "FavoriteTimelineResult", + "name": "SuricataEcsFields", "description": "", "fields": [ { - "name": "fullName", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "userName", + "name": "eve", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "type": { "kind": "OBJECT", "name": "SuricataEveData", "ofType": null }, "isDeprecated": false, "deprecationReason": null - }, + } + ], + "inputFields": null, + "interfaces": [], + "enumValues": null, + "possibleTypes": null + }, + { + "kind": "OBJECT", + "name": "TlsJa3Data", + "description": "", + "fields": [ { - "name": "favoriteDate", + "name": "hash", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null } @@ -8986,62 +5887,106 @@ }, { "kind": "OBJECT", - "name": "FilterTimelineResult", + "name": "FingerprintData", "description": "", "fields": [ { - "name": "exists", + "name": "sha1", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null - }, + } + ], + "inputFields": null, + "interfaces": [], + "enumValues": null, + "possibleTypes": null + }, + { + "kind": "OBJECT", + "name": "TlsClientCertificateData", + "description": "", + "fields": [ { - "name": "meta", + "name": "fingerprint", "description": "", "args": [], - "type": { "kind": "OBJECT", "name": "FilterMetaTimelineResult", "ofType": null }, + "type": { "kind": "OBJECT", "name": "FingerprintData", "ofType": null }, "isDeprecated": false, "deprecationReason": null - }, + } + ], + "inputFields": null, + "interfaces": [], + "enumValues": null, + "possibleTypes": null + }, + { + "kind": "OBJECT", + "name": "TlsServerCertificateData", + "description": "", + "fields": [ { - "name": "match_all", + "name": "fingerprint", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "type": { "kind": "OBJECT", "name": "FingerprintData", "ofType": null }, "isDeprecated": false, "deprecationReason": null - }, + } + ], + "inputFields": null, + "interfaces": [], + "enumValues": null, + "possibleTypes": null + }, + { + "kind": "OBJECT", + "name": "TlsFingerprintsData", + "description": "", + "fields": [ { - "name": "missing", + "name": "ja3", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "type": { "kind": "OBJECT", "name": "TlsJa3Data", "ofType": null }, "isDeprecated": false, "deprecationReason": null - }, + } + ], + "inputFields": null, + "interfaces": [], + "enumValues": null, + "possibleTypes": null + }, + { + "kind": "OBJECT", + "name": "TlsEcsFields", + "description": "", + "fields": [ { - "name": "query", + "name": "client_certificate", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "type": { "kind": "OBJECT", "name": "TlsClientCertificateData", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "range", + "name": "fingerprints", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "type": { "kind": "OBJECT", "name": "TlsFingerprintsData", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "script", + "name": "server_certificate", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "type": { "kind": "OBJECT", "name": "TlsServerCertificateData", "ofType": null }, "isDeprecated": false, "deprecationReason": null } @@ -9053,94 +5998,123 @@ }, { "kind": "OBJECT", - "name": "FilterMetaTimelineResult", + "name": "ZeekConnectionData", "description": "", "fields": [ { - "name": "alias", + "name": "local_resp", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToBooleanArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "controlledBy", + "name": "local_orig", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToBooleanArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "disabled", + "name": "missed_bytes", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "Boolean", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "field", + "name": "state", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "formattedValue", + "name": "history", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null + } + ], + "inputFields": null, + "interfaces": [], + "enumValues": null, + "possibleTypes": null + }, + { + "kind": "SCALAR", + "name": "ToBooleanArray", + "description": "", + "fields": null, + "inputFields": null, + "interfaces": null, + "enumValues": null, + "possibleTypes": null + }, + { + "kind": "OBJECT", + "name": "ZeekNoticeData", + "description": "", + "fields": [ + { + "name": "suppress_for", + "description": "", + "args": [], + "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "index", + "name": "msg", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "key", + "name": "note", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "negate", + "name": "sub", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "Boolean", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "params", + "name": "dst", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "type", + "name": "dropped", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToBooleanArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "value", + "name": "peer_descr", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null } @@ -9152,577 +6126,303 @@ }, { "kind": "OBJECT", - "name": "SerializedFilterQueryResult", + "name": "ZeekDnsData", "description": "", "fields": [ { - "name": "filterQuery", + "name": "AA", "description": "", "args": [], - "type": { "kind": "OBJECT", "name": "SerializedKueryQueryResult", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToBooleanArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "SerializedKueryQueryResult", - "description": "", - "fields": [ + }, { - "name": "kuery", + "name": "qclass_name", "description": "", "args": [], - "type": { "kind": "OBJECT", "name": "KueryFilterQueryResult", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "serializedQuery", + "name": "RD", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToBooleanArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "KueryFilterQueryResult", - "description": "", - "fields": [ + }, { - "name": "kind", + "name": "qtype_name", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "expression", + "name": "rejected", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToBooleanArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "SortTimelineResult", - "description": "", - "fields": [ + }, { - "name": "columnId", + "name": "qtype", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "sortDirection", + "name": "query", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "ENUM", - "name": "TimelineStatus", - "description": "", - "fields": null, - "inputFields": null, - "interfaces": null, - "enumValues": [ - { "name": "active", "description": "", "isDeprecated": false, "deprecationReason": null }, - { "name": "draft", "description": "", "isDeprecated": false, "deprecationReason": null }, + }, { - "name": "immutable", + "name": "trans_id", "description": "", + "args": [], + "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null - } - ], - "possibleTypes": null - }, - { - "kind": "SCALAR", - "name": "Int", - "description": "The `Int` scalar type represents non-fractional signed whole numeric values. Int can represent values between -(2^31) and 2^31 - 1. ", - "fields": null, - "inputFields": null, - "interfaces": null, - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "ENUM", - "name": "TimelineType", - "description": "", - "fields": null, - "inputFields": null, - "interfaces": null, - "enumValues": [ + }, { - "name": "default", + "name": "qclass", "description": "", + "args": [], + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "template", + "name": "RA", "description": "", + "args": [], + "type": { "kind": "SCALAR", "name": "ToBooleanArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null - } - ], - "possibleTypes": null - }, - { - "kind": "INPUT_OBJECT", - "name": "PageInfoTimeline", - "description": "", - "fields": null, - "inputFields": [ - { - "name": "pageIndex", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "Float", "ofType": null } - }, - "defaultValue": null }, { - "name": "pageSize", + "name": "TC", "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "Float", "ofType": null } - }, - "defaultValue": null + "args": [], + "type": { "kind": "SCALAR", "name": "ToBooleanArray", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null } ], - "interfaces": null, + "inputFields": null, + "interfaces": [], "enumValues": null, "possibleTypes": null }, { - "kind": "INPUT_OBJECT", - "name": "SortTimeline", + "kind": "OBJECT", + "name": "FileFields", "description": "", - "fields": null, - "inputFields": [ + "fields": [ { - "name": "sortField", + "name": "name", "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "ENUM", "name": "SortFieldTimeline", "ofType": null } - }, - "defaultValue": null + "args": [], + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null }, { - "name": "sortOrder", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "ENUM", "name": "Direction", "ofType": null } - }, - "defaultValue": null - } - ], - "interfaces": null, - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "ENUM", - "name": "SortFieldTimeline", - "description": "", - "fields": null, - "inputFields": null, - "interfaces": null, - "enumValues": [ - { "name": "title", "description": "", "isDeprecated": false, "deprecationReason": null }, - { - "name": "description", + "name": "path", "description": "", + "args": [], + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "updated", + "name": "target_path", "description": "", + "args": [], + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, - { "name": "created", "description": "", "isDeprecated": false, "deprecationReason": null } - ], - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "ResponseTimelines", - "description": "", - "fields": [ { - "name": "timeline", + "name": "extension", "description": "", "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { - "kind": "LIST", - "name": null, - "ofType": { "kind": "OBJECT", "name": "TimelineResult", "ofType": null } - } - }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "totalCount", + "name": "type", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "defaultTimelineCount", + "name": "device", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "templateTimelineCount", + "name": "inode", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "elasticTemplateTimelineCount", + "name": "uid", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "customTemplateTimelineCount", + "name": "owner", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "favoriteCount", + "name": "gid", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "Mutation", - "description": "", - "fields": [ + }, { - "name": "persistNote", - "description": "Persists a note", - "args": [ - { - "name": "noteId", - "description": "", - "type": { "kind": "SCALAR", "name": "ID", "ofType": null }, - "defaultValue": null - }, - { - "name": "version", - "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null - }, - { - "name": "note", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "INPUT_OBJECT", "name": "NoteInput", "ofType": null } - }, - "defaultValue": null - } - ], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "ResponseNote", "ofType": null } - }, + "name": "group", + "description": "", + "args": [], + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "deleteNote", + "name": "mode", "description": "", - "args": [ - { - "name": "id", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "ID", "ofType": null } - } - } - }, - "defaultValue": null - } - ], - "type": { "kind": "SCALAR", "name": "Boolean", "ofType": null }, + "args": [], + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "deleteNoteByTimelineId", + "name": "size", "description": "", - "args": [ - { - "name": "timelineId", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "ID", "ofType": null } - }, - "defaultValue": null - }, - { - "name": "version", - "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null - } - ], - "type": { "kind": "SCALAR", "name": "Boolean", "ofType": null }, + "args": [], + "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "persistPinnedEventOnTimeline", - "description": "Persists a pinned event in a timeline", - "args": [ - { - "name": "pinnedEventId", - "description": "", - "type": { "kind": "SCALAR", "name": "ID", "ofType": null }, - "defaultValue": null - }, - { - "name": "eventId", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "ID", "ofType": null } - }, - "defaultValue": null - }, - { - "name": "timelineId", - "description": "", - "type": { "kind": "SCALAR", "name": "ID", "ofType": null }, - "defaultValue": null - } - ], - "type": { "kind": "OBJECT", "name": "PinnedEvent", "ofType": null }, + "name": "mtime", + "description": "", + "args": [], + "type": { "kind": "SCALAR", "name": "ToDateArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "deletePinnedEventOnTimeline", - "description": "Remove a pinned events in a timeline", - "args": [ - { - "name": "id", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "ID", "ofType": null } - } - } - }, - "defaultValue": null - } - ], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "Boolean", "ofType": null } - }, + "name": "ctime", + "description": "", + "args": [], + "type": { "kind": "SCALAR", "name": "ToDateArray", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null + } + ], + "inputFields": null, + "interfaces": [], + "enumValues": null, + "possibleTypes": null + }, + { + "kind": "OBJECT", + "name": "ZeekHttpData", + "description": "", + "fields": [ + { + "name": "resp_mime_types", + "description": "", + "args": [], + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "deleteAllPinnedEventsOnTimeline", - "description": "Remove all pinned events in a timeline", - "args": [ - { - "name": "timelineId", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "ID", "ofType": null } - }, - "defaultValue": null - } - ], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "Boolean", "ofType": null } - }, + "name": "trans_depth", + "description": "", + "args": [], + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "persistTimeline", - "description": "Persists a timeline", - "args": [ - { - "name": "id", - "description": "", - "type": { "kind": "SCALAR", "name": "ID", "ofType": null }, - "defaultValue": null - }, - { - "name": "version", - "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null - }, - { - "name": "timeline", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "INPUT_OBJECT", "name": "TimelineInput", "ofType": null } - }, - "defaultValue": null - } - ], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "ResponseTimeline", "ofType": null } - }, + "name": "status_msg", + "description": "", + "args": [], + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "persistFavorite", + "name": "resp_fuids", "description": "", - "args": [ - { - "name": "timelineId", - "description": "", - "type": { "kind": "SCALAR", "name": "ID", "ofType": null }, - "defaultValue": null - } - ], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "ResponseFavoriteTimeline", "ofType": null } - }, + "args": [], + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "deleteTimeline", + "name": "tags", "description": "", - "args": [ - { - "name": "id", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "ID", "ofType": null } - } - } - }, - "defaultValue": null - } - ], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "Boolean", "ofType": null } - }, + "args": [], + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null + } + ], + "inputFields": null, + "interfaces": [], + "enumValues": null, + "possibleTypes": null + }, + { + "kind": "OBJECT", + "name": "HttpBodyData", + "description": "", + "fields": [ + { + "name": "content", + "description": "", + "args": [], + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null + }, + { + "name": "bytes", + "description": "", + "args": [], + "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null } @@ -9733,64 +6433,74 @@ "possibleTypes": null }, { - "kind": "INPUT_OBJECT", - "name": "NoteInput", + "kind": "OBJECT", + "name": "HttpRequestData", "description": "", - "fields": null, - "inputFields": [ + "fields": [ { - "name": "eventId", + "name": "method", "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null + "args": [], + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null }, { - "name": "note", + "name": "body", "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null + "args": [], + "type": { "kind": "OBJECT", "name": "HttpBodyData", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null }, { - "name": "timelineId", + "name": "referrer", "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null + "args": [], + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null + }, + { + "name": "bytes", + "description": "", + "args": [], + "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null } ], - "interfaces": null, + "inputFields": null, + "interfaces": [], "enumValues": null, "possibleTypes": null }, { "kind": "OBJECT", - "name": "ResponseNote", + "name": "HttpResponseData", "description": "", "fields": [ { - "name": "code", + "name": "status_code", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "message", + "name": "body", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "type": { "kind": "OBJECT", "name": "HttpBodyData", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "note", + "name": "bytes", "description": "", "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "NoteResult", "ofType": null } - }, + "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null } @@ -9801,624 +6511,608 @@ "possibleTypes": null }, { - "kind": "INPUT_OBJECT", - "name": "TimelineInput", + "kind": "OBJECT", + "name": "HttpEcsFields", "description": "", - "fields": null, - "inputFields": [ - { - "name": "columns", - "description": "", - "type": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "INPUT_OBJECT", "name": "ColumnHeaderInput", "ofType": null } - } - }, - "defaultValue": null - }, - { - "name": "dataProviders", - "description": "", - "type": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "INPUT_OBJECT", "name": "DataProviderInput", "ofType": null } - } - }, - "defaultValue": null - }, - { - "name": "description", - "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null - }, - { - "name": "eventType", - "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null - }, - { - "name": "excludedRowRendererIds", - "description": "", - "type": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "ENUM", "name": "RowRendererId", "ofType": null } - } - }, - "defaultValue": null - }, - { - "name": "filters", - "description": "", - "type": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "INPUT_OBJECT", "name": "FilterTimelineInput", "ofType": null } - } - }, - "defaultValue": null - }, - { - "name": "kqlMode", - "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null - }, - { - "name": "kqlQuery", - "description": "", - "type": { - "kind": "INPUT_OBJECT", - "name": "SerializedFilterQueryInput", - "ofType": null - }, - "defaultValue": null - }, - { - "name": "indexNames", - "description": "", - "type": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } - } - }, - "defaultValue": null - }, - { - "name": "title", - "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null - }, + "fields": [ { - "name": "templateTimelineId", + "name": "version", "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null + "args": [], + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null }, { - "name": "templateTimelineVersion", + "name": "request", "description": "", - "type": { "kind": "SCALAR", "name": "Int", "ofType": null }, - "defaultValue": null + "args": [], + "type": { "kind": "OBJECT", "name": "HttpRequestData", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null }, { - "name": "timelineType", + "name": "response", "description": "", - "type": { "kind": "ENUM", "name": "TimelineType", "ofType": null }, - "defaultValue": null - }, + "args": [], + "type": { "kind": "OBJECT", "name": "HttpResponseData", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null + } + ], + "inputFields": null, + "interfaces": [], + "enumValues": null, + "possibleTypes": null + }, + { + "kind": "OBJECT", + "name": "UrlEcsFields", + "description": "", + "fields": [ { - "name": "dateRange", + "name": "domain", "description": "", - "type": { "kind": "INPUT_OBJECT", "name": "DateRangePickerInput", "ofType": null }, - "defaultValue": null + "args": [], + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null }, { - "name": "savedQueryId", + "name": "original", "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null + "args": [], + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null }, { - "name": "sort", + "name": "username", "description": "", - "type": { "kind": "INPUT_OBJECT", "name": "SortTimelineInput", "ofType": null }, - "defaultValue": null + "args": [], + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null }, { - "name": "status", + "name": "password", "description": "", - "type": { "kind": "ENUM", "name": "TimelineStatus", "ofType": null }, - "defaultValue": null + "args": [], + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null } ], - "interfaces": null, + "inputFields": null, + "interfaces": [], "enumValues": null, "possibleTypes": null }, { - "kind": "INPUT_OBJECT", - "name": "ColumnHeaderInput", + "kind": "OBJECT", + "name": "ZeekFileData", "description": "", - "fields": null, - "inputFields": [ + "fields": [ { - "name": "aggregatable", + "name": "session_ids", "description": "", - "type": { "kind": "SCALAR", "name": "Boolean", "ofType": null }, - "defaultValue": null + "args": [], + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null }, { - "name": "category", + "name": "timedout", "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null + "args": [], + "type": { "kind": "SCALAR", "name": "ToBooleanArray", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null }, { - "name": "columnHeaderType", + "name": "local_orig", "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null + "args": [], + "type": { "kind": "SCALAR", "name": "ToBooleanArray", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null }, { - "name": "description", + "name": "tx_host", "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null + "args": [], + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null }, { - "name": "example", + "name": "source", "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null + "args": [], + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null }, { - "name": "indexes", + "name": "is_orig", "description": "", - "type": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } - } - }, - "defaultValue": null + "args": [], + "type": { "kind": "SCALAR", "name": "ToBooleanArray", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null }, { - "name": "id", + "name": "overflow_bytes", "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null + "args": [], + "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null }, { - "name": "name", + "name": "sha1", "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null + "args": [], + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null }, { - "name": "placeholder", + "name": "duration", "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null + "args": [], + "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null }, { - "name": "searchable", + "name": "depth", "description": "", - "type": { "kind": "SCALAR", "name": "Boolean", "ofType": null }, - "defaultValue": null + "args": [], + "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null }, { - "name": "type", - "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null - } - ], - "interfaces": null, - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "INPUT_OBJECT", - "name": "DataProviderInput", - "description": "", - "fields": null, - "inputFields": [ - { - "name": "id", + "name": "analyzers", "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null + "args": [], + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null }, { - "name": "name", + "name": "mime_type", "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null + "args": [], + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null }, { - "name": "enabled", + "name": "rx_host", "description": "", - "type": { "kind": "SCALAR", "name": "Boolean", "ofType": null }, - "defaultValue": null + "args": [], + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null }, { - "name": "excluded", + "name": "total_bytes", "description": "", - "type": { "kind": "SCALAR", "name": "Boolean", "ofType": null }, - "defaultValue": null + "args": [], + "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null }, { - "name": "kqlQuery", + "name": "fuid", "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null + "args": [], + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null }, { - "name": "queryMatch", + "name": "seen_bytes", "description": "", - "type": { "kind": "INPUT_OBJECT", "name": "QueryMatchInput", "ofType": null }, - "defaultValue": null + "args": [], + "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null }, { - "name": "and", + "name": "missing_bytes", "description": "", - "type": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "INPUT_OBJECT", "name": "DataProviderInput", "ofType": null } - } - }, - "defaultValue": null + "args": [], + "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null }, { - "name": "type", + "name": "md5", "description": "", - "type": { "kind": "ENUM", "name": "DataProviderType", "ofType": null }, - "defaultValue": null + "args": [], + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null } ], - "interfaces": null, + "inputFields": null, + "interfaces": [], "enumValues": null, "possibleTypes": null }, { - "kind": "INPUT_OBJECT", - "name": "QueryMatchInput", + "kind": "OBJECT", + "name": "ZeekSslData", "description": "", - "fields": null, - "inputFields": [ - { - "name": "field", - "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null - }, + "fields": [ { - "name": "displayField", + "name": "cipher", "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null + "args": [], + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null }, { - "name": "value", + "name": "established", "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null + "args": [], + "type": { "kind": "SCALAR", "name": "ToBooleanArray", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null }, { - "name": "displayValue", + "name": "resumed", "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null + "args": [], + "type": { "kind": "SCALAR", "name": "ToBooleanArray", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null }, { - "name": "operator", + "name": "version", "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null + "args": [], + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null } ], - "interfaces": null, + "inputFields": null, + "interfaces": [], "enumValues": null, "possibleTypes": null }, { - "kind": "INPUT_OBJECT", - "name": "FilterTimelineInput", + "kind": "OBJECT", + "name": "ZeekEcsFields", "description": "", - "fields": null, - "inputFields": [ + "fields": [ { - "name": "exists", + "name": "session_id", "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null + "args": [], + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null }, { - "name": "meta", + "name": "connection", "description": "", - "type": { "kind": "INPUT_OBJECT", "name": "FilterMetaTimelineInput", "ofType": null }, - "defaultValue": null + "args": [], + "type": { "kind": "OBJECT", "name": "ZeekConnectionData", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null }, { - "name": "match_all", - "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null + "name": "notice", + "description": "", + "args": [], + "type": { "kind": "OBJECT", "name": "ZeekNoticeData", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null }, { - "name": "missing", + "name": "dns", "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null + "args": [], + "type": { "kind": "OBJECT", "name": "ZeekDnsData", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null }, { - "name": "query", + "name": "http", "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null + "args": [], + "type": { "kind": "OBJECT", "name": "ZeekHttpData", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null }, { - "name": "range", + "name": "files", "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null + "args": [], + "type": { "kind": "OBJECT", "name": "ZeekFileData", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null }, { - "name": "script", + "name": "ssl", "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null + "args": [], + "type": { "kind": "OBJECT", "name": "ZeekSslData", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null } ], - "interfaces": null, + "inputFields": null, + "interfaces": [], "enumValues": null, "possibleTypes": null }, { - "kind": "INPUT_OBJECT", - "name": "FilterMetaTimelineInput", + "kind": "OBJECT", + "name": "UserEcsFields", "description": "", - "fields": null, - "inputFields": [ - { - "name": "alias", - "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null - }, - { - "name": "controlledBy", - "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null - }, - { - "name": "disabled", - "description": "", - "type": { "kind": "SCALAR", "name": "Boolean", "ofType": null }, - "defaultValue": null - }, - { - "name": "field", - "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null - }, + "fields": [ { - "name": "formattedValue", + "name": "domain", "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null + "args": [], + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null }, { - "name": "index", + "name": "id", "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null + "args": [], + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null }, { - "name": "key", + "name": "name", "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null + "args": [], + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null }, { - "name": "negate", + "name": "full_name", "description": "", - "type": { "kind": "SCALAR", "name": "Boolean", "ofType": null }, - "defaultValue": null + "args": [], + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null }, { - "name": "params", + "name": "email", "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null + "args": [], + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null }, { - "name": "type", + "name": "hash", "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null + "args": [], + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null }, { - "name": "value", + "name": "group", "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null + "args": [], + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null } ], - "interfaces": null, + "inputFields": null, + "interfaces": [], "enumValues": null, "possibleTypes": null }, { - "kind": "INPUT_OBJECT", - "name": "SerializedFilterQueryInput", + "kind": "OBJECT", + "name": "WinlogEcsFields", "description": "", - "fields": null, - "inputFields": [ + "fields": [ { - "name": "filterQuery", + "name": "event_id", "description": "", - "type": { "kind": "INPUT_OBJECT", "name": "SerializedKueryQueryInput", "ofType": null }, - "defaultValue": null + "args": [], + "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null } ], - "interfaces": null, + "inputFields": null, + "interfaces": [], "enumValues": null, "possibleTypes": null }, { - "kind": "INPUT_OBJECT", - "name": "SerializedKueryQueryInput", + "kind": "OBJECT", + "name": "NetworkEcsField", "description": "", - "fields": null, - "inputFields": [ + "fields": [ { - "name": "kuery", + "name": "bytes", "description": "", - "type": { "kind": "INPUT_OBJECT", "name": "KueryFilterQueryInput", "ofType": null }, - "defaultValue": null + "args": [], + "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null }, { - "name": "serializedQuery", + "name": "community_id", "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null - } - ], - "interfaces": null, - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "INPUT_OBJECT", - "name": "KueryFilterQueryInput", - "description": "", - "fields": null, - "inputFields": [ + "args": [], + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null + }, { - "name": "kind", + "name": "direction", "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null + "args": [], + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null }, { - "name": "expression", + "name": "packets", "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null + "args": [], + "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null + }, + { + "name": "protocol", + "description": "", + "args": [], + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null + }, + { + "name": "transport", + "description": "", + "args": [], + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null } ], - "interfaces": null, + "inputFields": null, + "interfaces": [], "enumValues": null, "possibleTypes": null }, { - "kind": "INPUT_OBJECT", - "name": "DateRangePickerInput", + "kind": "OBJECT", + "name": "PackageEcsFields", "description": "", - "fields": null, - "inputFields": [ + "fields": [ + { + "name": "arch", + "description": "", + "args": [], + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null + }, + { + "name": "entity_id", + "description": "", + "args": [], + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null + }, + { + "name": "name", + "description": "", + "args": [], + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null + }, + { + "name": "size", + "description": "", + "args": [], + "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null + }, { - "name": "start", + "name": "summary", "description": "", - "type": { "kind": "SCALAR", "name": "ToAny", "ofType": null }, - "defaultValue": null + "args": [], + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null }, { - "name": "end", + "name": "version", "description": "", - "type": { "kind": "SCALAR", "name": "ToAny", "ofType": null }, - "defaultValue": null + "args": [], + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null } ], - "interfaces": null, + "inputFields": null, + "interfaces": [], "enumValues": null, "possibleTypes": null }, { - "kind": "INPUT_OBJECT", - "name": "SortTimelineInput", + "kind": "OBJECT", + "name": "AuditEcsFields", "description": "", - "fields": null, - "inputFields": [ - { - "name": "columnId", - "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null - }, + "fields": [ { - "name": "sortDirection", + "name": "package", "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null + "args": [], + "type": { "kind": "OBJECT", "name": "PackageEcsFields", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null } ], - "interfaces": null, + "inputFields": null, + "interfaces": [], "enumValues": null, "possibleTypes": null }, { "kind": "OBJECT", - "name": "ResponseTimeline", + "name": "SshEcsFields", "description": "", "fields": [ { - "name": "code", + "name": "method", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "message", + "name": "signature", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null - }, + } + ], + "inputFields": null, + "interfaces": [], + "enumValues": null, + "possibleTypes": null + }, + { + "kind": "OBJECT", + "name": "AuthEcsFields", + "description": "", + "fields": [ { - "name": "timeline", + "name": "ssh", "description": "", "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "TimelineResult", "ofType": null } - }, + "type": { "kind": "OBJECT", "name": "SshEcsFields", "ofType": null }, "isDeprecated": false, "deprecationReason": null } @@ -10430,80 +7124,56 @@ }, { "kind": "OBJECT", - "name": "ResponseFavoriteTimeline", + "name": "SystemEcsField", "description": "", "fields": [ { - "name": "code", + "name": "audit", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, + "type": { "kind": "OBJECT", "name": "AuditEcsFields", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "message", + "name": "auth", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "type": { "kind": "OBJECT", "name": "AuthEcsFields", "ofType": null }, "isDeprecated": false, "deprecationReason": null - }, + } + ], + "inputFields": null, + "interfaces": [], + "enumValues": null, + "possibleTypes": null + }, + { + "kind": "OBJECT", + "name": "RuleField", + "description": "", + "fields": [ { - "name": "savedObjectId", + "name": "id", "description": "", "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } - }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "version", + "name": "rule_id", "description": "", "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } - }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "favorite", + "name": "false_positives", "description": "", "args": [], - "type": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "FavoriteTimelineResult", "ofType": null } - } - }, - "isDeprecated": false, - "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "__Schema", - "description": "A GraphQL Schema defines the capabilities of a GraphQL server. It exposes all available types and directives on the server, as well as the entry points for query, mutation, and subscription operations.", - "fields": [ - { - "name": "types", - "description": "A list of all types supported by this server.", - "args": [], "type": { "kind": "NON_NULL", "name": null, @@ -10513,7 +7183,7 @@ "ofType": { "kind": "NON_NULL", "name": null, - "ofType": { "kind": "OBJECT", "name": "__Type", "ofType": null } + "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } } } }, @@ -10521,384 +7191,242 @@ "deprecationReason": null }, { - "name": "queryType", - "description": "The type that query operations will be rooted at.", + "name": "saved_id", + "description": "", "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "__Type", "ofType": null } - }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "mutationType", - "description": "If this server supports mutation, the type that mutation operations will be rooted at.", + "name": "timeline_id", + "description": "", "args": [], - "type": { "kind": "OBJECT", "name": "__Type", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "subscriptionType", - "description": "If this server support subscription, the type that subscription operations will be rooted at.", + "name": "timeline_title", + "description": "", "args": [], - "type": { "kind": "OBJECT", "name": "__Type", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "directives", - "description": "A list of all directives supported by this server.", + "name": "max_signals", + "description": "", "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "__Directive", "ofType": null } - } - } - }, + "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "__Type", - "description": "The fundamental unit of any GraphQL Schema is the type. There are many kinds of types in GraphQL as represented by the `__TypeKind` enum.\n\nDepending on the kind of a type, certain fields describe information about that type. Scalar types provide no information beyond a name and description, while Enum types provide their values. Object and Interface types provide the fields they describe. Abstract types, Union and Interface, provide the Object types possible at runtime. List and NonNull types compose other types.", - "fields": [ + }, { - "name": "kind", - "description": null, + "name": "risk_score", + "description": "", "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "ENUM", "name": "__TypeKind", "ofType": null } - }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "name", - "description": null, + "name": "output_index", + "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { "name": "description", - "description": null, + "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "fields", - "description": null, - "args": [ - { - "name": "includeDeprecated", - "description": null, - "type": { "kind": "SCALAR", "name": "Boolean", "ofType": null }, - "defaultValue": "false" - } - ], - "type": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "__Field", "ofType": null } - } - }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "interfaces", - "description": null, + "name": "from", + "description": "", "args": [], - "type": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "__Type", "ofType": null } - } - }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "possibleTypes", - "description": null, + "name": "immutable", + "description": "", "args": [], - "type": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "__Type", "ofType": null } - } - }, + "type": { "kind": "SCALAR", "name": "ToBooleanArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "enumValues", - "description": null, - "args": [ - { - "name": "includeDeprecated", - "description": null, - "type": { "kind": "SCALAR", "name": "Boolean", "ofType": null }, - "defaultValue": "false" - } - ], - "type": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "__EnumValue", "ofType": null } - } - }, + "name": "index", + "description": "", + "args": [], + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "inputFields", - "description": null, + "name": "interval", + "description": "", "args": [], - "type": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "__InputValue", "ofType": null } - } - }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "ofType", - "description": null, + "name": "language", + "description": "", "args": [], - "type": { "kind": "OBJECT", "name": "__Type", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "ENUM", - "name": "__TypeKind", - "description": "An enum describing what kind of type a given `__Type` is.", - "fields": null, - "inputFields": null, - "interfaces": null, - "enumValues": [ + }, { - "name": "SCALAR", - "description": "Indicates this type is a scalar.", + "name": "query", + "description": "", + "args": [], + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "OBJECT", - "description": "Indicates this type is an object. `fields` and `interfaces` are valid fields.", + "name": "references", + "description": "", + "args": [], + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "INTERFACE", - "description": "Indicates this type is an interface. `fields` and `possibleTypes` are valid fields.", + "name": "severity", + "description": "", + "args": [], + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "UNION", - "description": "Indicates this type is a union. `possibleTypes` is a valid field.", + "name": "tags", + "description": "", + "args": [], + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "ENUM", - "description": "Indicates this type is an enum. `enumValues` is a valid field.", + "name": "threat", + "description": "", + "args": [], + "type": { "kind": "SCALAR", "name": "ToAny", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "INPUT_OBJECT", - "description": "Indicates this type is an input object. `inputFields` is a valid field.", + "name": "type", + "description": "", + "args": [], + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "LIST", - "description": "Indicates this type is a list. `ofType` is a valid field.", + "name": "size", + "description": "", + "args": [], + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "NON_NULL", - "description": "Indicates this type is a non-null. `ofType` is a valid field.", + "name": "to", + "description": "", + "args": [], + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null - } - ], - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "__Field", - "description": "Object and Interface types are described by a list of Fields, each of which has a name, potentially a list of arguments, and a return type.", - "fields": [ + }, { - "name": "name", - "description": null, + "name": "enabled", + "description": "", "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } - }, + "type": { "kind": "SCALAR", "name": "ToBooleanArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "description", - "description": null, + "name": "filters", + "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToAny", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "args", - "description": null, + "name": "created_at", + "description": "", "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "__InputValue", "ofType": null } - } - } - }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "type", - "description": null, + "name": "updated_at", + "description": "", "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "__Type", "ofType": null } - }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "isDeprecated", - "description": null, + "name": "created_by", + "description": "", "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "Boolean", "ofType": null } - }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "deprecationReason", - "description": null, + "name": "updated_by", + "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "__InputValue", - "description": "Arguments provided to Fields or Directives and the input fields of an InputObject are represented as Input Values which describe their type and optionally a default value.", - "fields": [ + }, { - "name": "name", - "description": null, + "name": "version", + "description": "", "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } - }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "description", - "description": null, + "name": "note", + "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "type", - "description": null, + "name": "threshold", + "description": "", "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "__Type", "ofType": null } - }, + "type": { "kind": "SCALAR", "name": "ToAny", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "defaultValue", - "description": "A GraphQL-formatted string representing the default value for this input value.", + "name": "exceptions_list", + "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToAny", "ofType": null }, "isDeprecated": false, "deprecationReason": null } @@ -10910,46 +7438,49 @@ }, { "kind": "OBJECT", - "name": "__EnumValue", - "description": "One possible value for a given Enum. Enum values are unique values, not a placeholder for a string or numeric value. However an Enum value is returned in a JSON response as a string.", + "name": "SignalField", + "description": "", "fields": [ { - "name": "name", - "description": null, + "name": "rule", + "description": "", "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } - }, + "type": { "kind": "OBJECT", "name": "RuleField", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "description", - "description": null, + "name": "original_time", + "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "isDeprecated", - "description": null, + "name": "status", + "description": "", "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "Boolean", "ofType": null } - }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null - }, + } + ], + "inputFields": null, + "interfaces": [], + "enumValues": null, + "possibleTypes": null + }, + { + "kind": "OBJECT", + "name": "RuleEcsField", + "description": "", + "fields": [ { - "name": "deprecationReason", - "description": null, + "name": "reference", + "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null } @@ -10961,12 +7492,12 @@ }, { "kind": "OBJECT", - "name": "__Directive", - "description": "A Directive provides a way to describe alternate runtime execution and type validation behavior in a GraphQL document.\n\nIn some cases, you need to provide options to alter GraphQL's execution behavior in ways field arguments will not suffice, such as conditionally including or skipping a field. Directives provide this by describing additional information to the executor.", + "name": "ECS", + "description": "", "fields": [ { - "name": "name", - "description": null, + "name": "_id", + "description": "", "args": [], "type": { "kind": "NON_NULL", @@ -10977,250 +7508,202 @@ "deprecationReason": null }, { - "name": "description", - "description": null, + "name": "_index", + "description": "", "args": [], "type": { "kind": "SCALAR", "name": "String", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "locations", - "description": null, + "name": "agent", + "description": "", "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "ENUM", "name": "__DirectiveLocation", "ofType": null } - } - } - }, + "type": { "kind": "OBJECT", "name": "AgentEcsField", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "args", - "description": null, + "name": "auditd", + "description": "", "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "__InputValue", "ofType": null } - } - } - }, + "type": { "kind": "OBJECT", "name": "AuditdEcsFields", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "onOperation", - "description": null, - "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "Boolean", "ofType": null } - }, - "isDeprecated": true, - "deprecationReason": "Use `locations`." - }, - { - "name": "onFragment", - "description": null, + "name": "destination", + "description": "", "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "Boolean", "ofType": null } - }, - "isDeprecated": true, - "deprecationReason": "Use `locations`." + "type": { "kind": "OBJECT", "name": "DestinationEcsFields", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null }, { - "name": "onField", - "description": null, + "name": "dns", + "description": "", "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "Boolean", "ofType": null } - }, - "isDeprecated": true, - "deprecationReason": "Use `locations`." - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "ENUM", - "name": "__DirectiveLocation", - "description": "A Directive can be adjacent to many parts of the GraphQL language, a __DirectiveLocation describes one such possible adjacencies.", - "fields": null, - "inputFields": null, - "interfaces": null, - "enumValues": [ - { - "name": "QUERY", - "description": "Location adjacent to a query operation.", + "type": { "kind": "OBJECT", "name": "DnsEcsFields", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "MUTATION", - "description": "Location adjacent to a mutation operation.", + "name": "endgame", + "description": "", + "args": [], + "type": { "kind": "OBJECT", "name": "EndgameEcsFields", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "SUBSCRIPTION", - "description": "Location adjacent to a subscription operation.", + "name": "event", + "description": "", + "args": [], + "type": { "kind": "OBJECT", "name": "EventEcsFields", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "FIELD", - "description": "Location adjacent to a field.", + "name": "geo", + "description": "", + "args": [], + "type": { "kind": "OBJECT", "name": "GeoEcsFields", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "FRAGMENT_DEFINITION", - "description": "Location adjacent to a fragment definition.", + "name": "host", + "description": "", + "args": [], + "type": { "kind": "OBJECT", "name": "HostEcsFields", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "FRAGMENT_SPREAD", - "description": "Location adjacent to a fragment spread.", + "name": "network", + "description": "", + "args": [], + "type": { "kind": "OBJECT", "name": "NetworkEcsField", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "INLINE_FRAGMENT", - "description": "Location adjacent to an inline fragment.", + "name": "rule", + "description": "", + "args": [], + "type": { "kind": "OBJECT", "name": "RuleEcsField", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "SCHEMA", - "description": "Location adjacent to a schema definition.", + "name": "signal", + "description": "", + "args": [], + "type": { "kind": "OBJECT", "name": "SignalField", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "SCALAR", - "description": "Location adjacent to a scalar definition.", + "name": "source", + "description": "", + "args": [], + "type": { "kind": "OBJECT", "name": "SourceEcsFields", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "OBJECT", - "description": "Location adjacent to an object type definition.", + "name": "suricata", + "description": "", + "args": [], + "type": { "kind": "OBJECT", "name": "SuricataEcsFields", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "FIELD_DEFINITION", - "description": "Location adjacent to a field definition.", + "name": "tls", + "description": "", + "args": [], + "type": { "kind": "OBJECT", "name": "TlsEcsFields", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "ARGUMENT_DEFINITION", - "description": "Location adjacent to an argument definition.", + "name": "zeek", + "description": "", + "args": [], + "type": { "kind": "OBJECT", "name": "ZeekEcsFields", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "INTERFACE", - "description": "Location adjacent to an interface definition.", + "name": "http", + "description": "", + "args": [], + "type": { "kind": "OBJECT", "name": "HttpEcsFields", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "UNION", - "description": "Location adjacent to a union definition.", + "name": "url", + "description": "", + "args": [], + "type": { "kind": "OBJECT", "name": "UrlEcsFields", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "ENUM", - "description": "Location adjacent to an enum definition.", + "name": "timestamp", + "description": "", + "args": [], + "type": { "kind": "SCALAR", "name": "Date", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "ENUM_VALUE", - "description": "Location adjacent to an enum value definition.", + "name": "message", + "description": "", + "args": [], + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "INPUT_OBJECT", - "description": "Location adjacent to an input object type definition.", + "name": "user", + "description": "", + "args": [], + "type": { "kind": "OBJECT", "name": "UserEcsFields", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "INPUT_FIELD_DEFINITION", - "description": "Location adjacent to an input object field definition.", - "isDeprecated": false, - "deprecationReason": null - } - ], - "possibleTypes": null - }, - { - "kind": "SCALAR", - "name": "ToStringArrayNoNullable", - "description": "", - "fields": null, - "inputFields": null, - "interfaces": null, - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "EcsEdges", - "description": "", - "fields": [ + "name": "winlog", + "description": "", + "args": [], + "type": { "kind": "OBJECT", "name": "WinlogEcsFields", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null + }, { - "name": "node", + "name": "process", "description": "", "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "ECS", "ofType": null } - }, + "type": { "kind": "OBJECT", "name": "ProcessEcsFields", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "cursor", + "name": "file", "description": "", "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "CursorType", "ofType": null } - }, + "type": { "kind": "OBJECT", "name": "FileFields", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null + }, + { + "name": "system", + "description": "", + "args": [], + "type": { "kind": "OBJECT", "name": "SystemEcsField", "ofType": null }, "isDeprecated": false, "deprecationReason": null } @@ -11232,60 +7715,32 @@ }, { "kind": "OBJECT", - "name": "EventsTimelineData", + "name": "EcsEdges", "description": "", "fields": [ { - "name": "edges", - "description": "", - "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "EcsEdges", "ofType": null } - } - } - }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "totalCount", + "name": "node", "description": "", "args": [], "type": { "kind": "NON_NULL", "name": null, - "ofType": { "kind": "SCALAR", "name": "Float", "ofType": null } + "ofType": { "kind": "OBJECT", "name": "ECS", "ofType": null } }, "isDeprecated": false, "deprecationReason": null }, { - "name": "pageInfo", + "name": "cursor", "description": "", "args": [], "type": { "kind": "NON_NULL", "name": null, - "ofType": { "kind": "OBJECT", "name": "PageInfo", "ofType": null } + "ofType": { "kind": "OBJECT", "name": "CursorType", "ofType": null } }, "isDeprecated": false, "deprecationReason": null - }, - { - "name": "inspect", - "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "Inspect", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null } ], "inputFields": null, @@ -11427,108 +7882,6 @@ "enumValues": null, "possibleTypes": null }, - { - "kind": "ENUM", - "name": "NetworkDirectionEcs", - "description": "", - "fields": null, - "inputFields": null, - "interfaces": null, - "enumValues": [ - { - "name": "inbound", - "description": "", - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "outbound", - "description": "", - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "internal", - "description": "", - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "external", - "description": "", - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "incoming", - "description": "", - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "outgoing", - "description": "", - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "listening", - "description": "", - "isDeprecated": false, - "deprecationReason": null - }, - { "name": "unknown", "description": "", "isDeprecated": false, "deprecationReason": null } - ], - "possibleTypes": null - }, - { - "kind": "ENUM", - "name": "NetworkHttpFields", - "description": "", - "fields": null, - "inputFields": null, - "interfaces": null, - "enumValues": [ - { - "name": "domains", - "description": "", - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "lastHost", - "description": "", - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "lastSourceIp", - "description": "", - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "methods", - "description": "", - "isDeprecated": false, - "deprecationReason": null - }, - { "name": "path", "description": "", "isDeprecated": false, "deprecationReason": null }, - { - "name": "requestCount", - "description": "", - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "statuses", - "description": "", - "isDeprecated": false, - "deprecationReason": null - } - ], - "possibleTypes": null - }, { "kind": "SCALAR", "name": "ToIFieldSubTypeNonNullable", @@ -11666,6 +8019,39 @@ "enumValues": null, "possibleTypes": null }, + { + "kind": "INPUT_OBJECT", + "name": "PaginationInput", + "description": "", + "fields": null, + "inputFields": [ + { + "name": "limit", + "description": "The limit parameter allows you to configure the maximum amount of items to be returned", + "type": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "SCALAR", "name": "Float", "ofType": null } + }, + "defaultValue": null + }, + { + "name": "cursor", + "description": "The cursor parameter defines the next result you want to fetch", + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "defaultValue": null + }, + { + "name": "tiebreaker", + "description": "The tiebreaker parameter allow to be more precise to fetch the next item", + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "defaultValue": null + } + ], + "interfaces": null, + "enumValues": null, + "possibleTypes": null + }, { "kind": "ENUM", "name": "FlowTarget", @@ -11686,6 +8072,24 @@ ], "possibleTypes": null }, + { + "kind": "ENUM", + "name": "FlowTargetSourceDest", + "description": "", + "fields": null, + "inputFields": null, + "interfaces": null, + "enumValues": [ + { + "name": "destination", + "description": "", + "isDeprecated": false, + "deprecationReason": null + }, + { "name": "source", "description": "", "isDeprecated": false, "deprecationReason": null } + ], + "possibleTypes": null + }, { "kind": "ENUM", "name": "FlowDirection", @@ -11709,6 +8113,64 @@ ], "possibleTypes": null }, + { + "kind": "INPUT_OBJECT", + "name": "SortField", + "description": "", + "fields": null, + "inputFields": [ + { + "name": "sortFieldId", + "description": "", + "type": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } + }, + "defaultValue": null + }, + { + "name": "direction", + "description": "", + "type": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "ENUM", "name": "Direction", "ofType": null } + }, + "defaultValue": null + } + ], + "interfaces": null, + "enumValues": null, + "possibleTypes": null + }, + { + "kind": "OBJECT", + "name": "PageInfo", + "description": "", + "fields": [ + { + "name": "endCursor", + "description": "", + "args": [], + "type": { "kind": "OBJECT", "name": "CursorType", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null + }, + { + "name": "hasNextPage", + "description": "", + "args": [], + "type": { "kind": "SCALAR", "name": "Boolean", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null + } + ], + "inputFields": null, + "interfaces": [], + "enumValues": null, + "possibleTypes": null + }, { "kind": "INPUT_OBJECT", "name": "FavoriteTimelineInput", diff --git a/x-pack/plugins/security_solution/public/graphql/types.ts b/x-pack/plugins/security_solution/public/graphql/types.ts index 1083583cb133c..df8333ea63055 100644 --- a/x-pack/plugins/security_solution/public/graphql/types.ts +++ b/x-pack/plugins/security_solution/public/graphql/types.ts @@ -40,53 +40,16 @@ export interface PaginationInputPaginated { querySize: number; } -export interface DocValueFieldsInput { - field: string; - - format: string; -} - -export interface PaginationInput { - /** The limit parameter allows you to configure the maximum amount of items to be returned */ - limit: number; - /** The cursor parameter defines the next result you want to fetch */ - cursor?: Maybe; - /** The tiebreaker parameter allow to be more precise to fetch the next item */ - tiebreaker?: Maybe; -} - -export interface SortField { - sortFieldId: string; - - direction: Direction; -} - -export interface LastTimeDetails { - hostName?: Maybe; - - ip?: Maybe; -} - export interface HostsSortField { field: HostsFields; direction: Direction; } -export interface NetworkTopTablesSortField { - field: NetworkTopTablesFields; - - direction: Direction; -} - -export interface NetworkDnsSortField { - field: NetworkDnsFields; - - direction: Direction; -} +export interface DocValueFieldsInput { + field: string; -export interface NetworkHttpSortField { - direction: Direction; + format: string; } export interface PageInfoTimeline { @@ -267,6 +230,21 @@ export interface SortTimelineInput { sortDirection?: Maybe; } +export interface PaginationInput { + /** The limit parameter allows you to configure the maximum amount of items to be returned */ + limit: number; + /** The cursor parameter defines the next result you want to fetch */ + cursor?: Maybe; + /** The tiebreaker parameter allow to be more precise to fetch the next item */ + tiebreaker?: Maybe; +} + +export interface SortField { + sortFieldId: string; + + direction: Direction; +} + export interface FavoriteTimelineInput { fullName?: Maybe; @@ -285,13 +263,6 @@ export enum Direction { desc = 'desc', } -export enum LastEventIndexKey { - hostDetails = 'hostDetails', - hosts = 'hosts', - ipDetails = 'ipDetails', - network = 'network', -} - export enum HostsFields { hostName = 'hostName', lastSeen = 'lastSeen', @@ -303,35 +274,6 @@ export enum HostPolicyResponseActionStatus { warning = 'warning', } -export enum HistogramType { - authentications = 'authentications', - anomalies = 'anomalies', - events = 'events', - alerts = 'alerts', - dns = 'dns', -} - -export enum FlowTargetSourceDest { - destination = 'destination', - source = 'source', -} - -export enum NetworkTopTablesFields { - bytes_in = 'bytes_in', - bytes_out = 'bytes_out', - flows = 'flows', - destination_ips = 'destination_ips', - source_ips = 'source_ips', -} - -export enum NetworkDnsFields { - dnsName = 'dnsName', - queryCount = 'queryCount', - uniqueDomains = 'uniqueDomains', - dnsBytesIn = 'dnsBytesIn', - dnsBytesOut = 'dnsBytesOut', -} - export enum DataProviderType { default = 'default', template = 'template', @@ -371,27 +313,6 @@ export enum SortFieldTimeline { created = 'created', } -export enum NetworkDirectionEcs { - inbound = 'inbound', - outbound = 'outbound', - internal = 'internal', - external = 'external', - incoming = 'incoming', - outgoing = 'outgoing', - listening = 'listening', - unknown = 'unknown', -} - -export enum NetworkHttpFields { - domains = 'domains', - lastHost = 'lastHost', - lastSourceIp = 'lastSourceIp', - methods = 'methods', - path = 'path', - requestCount = 'requestCount', - statuses = 'statuses', -} - export enum FlowTarget { client = 'client', destination = 'destination', @@ -399,6 +320,11 @@ export enum FlowTarget { source = 'source', } +export enum FlowTargetSourceDest { + destination = 'destination', + source = 'source', +} + export enum FlowDirection { uniDirectional = 'uniDirectional', biDirectional = 'biDirectional', @@ -408,17 +334,15 @@ export type ToStringArray = string[]; export type Date = string; -export type ToNumberArray = number[]; - -export type ToDateArray = string[]; +export type ToAny = any; -export type ToBooleanArray = boolean[]; +export type ToStringArrayNoNullable = any; -export type ToAny = any; +export type ToDateArray = string[]; -export type EsValue = any; +export type ToNumberArray = number[]; -export type ToStringArrayNoNullable = any; +export type ToBooleanArray = boolean[]; export type ToIFieldSubTypeNonNullable = any; @@ -509,40 +433,12 @@ export interface Source { configuration: SourceConfiguration; /** The status of the source */ status: SourceStatus; - /** Gets Authentication success and failures based on a timerange */ - Authentications: AuthenticationsData; - - Timeline: TimelineData; - - TimelineDetails: TimelineDetailsData; - - LastEventTime: LastEventTimeData; /** Gets Hosts based on timerange and specified criteria, or all events in the timerange if no criteria is specified */ Hosts: HostsData; HostOverview: HostItem; HostFirstLastSeen: FirstLastSeenHost; - - KpiNetwork?: Maybe; - - KpiHosts: KpiHostsData; - - KpiHostDetails: KpiHostDetailsData; - - MatrixHistogram: MatrixHistogramOverTimeData; - - NetworkTopCountries: NetworkTopCountriesData; - - NetworkTopNFlow: NetworkTopNFlowData; - - NetworkDns: NetworkDnsData; - - NetworkDnsHistogram: NetworkDsOverTimeData; - - NetworkHttp: NetworkHttpData; - /** Just a simple example to get the app name */ - whoAmI?: Maybe; } /** A set of configuration options for a security data source */ @@ -575,8 +471,8 @@ export interface SourceStatus { indexFields: string[]; } -export interface AuthenticationsData { - edges: AuthenticationsEdges[]; +export interface HostsData { + edges: HostsEdges[]; totalCount: number; @@ -585,84 +481,50 @@ export interface AuthenticationsData { inspect?: Maybe; } -export interface AuthenticationsEdges { - node: AuthenticationItem; +export interface HostsEdges { + node: HostItem; cursor: CursorType; } -export interface AuthenticationItem { - _id: string; +export interface HostItem { + _id?: Maybe; - failures: number; + cloud?: Maybe; - successes: number; + endpoint?: Maybe; - user: UserEcsFields; + host?: Maybe; - lastSuccess?: Maybe; + inspect?: Maybe; - lastFailure?: Maybe; + lastSeen?: Maybe; } -export interface UserEcsFields { - domain?: Maybe; - - id?: Maybe; - - name?: Maybe; - - full_name?: Maybe; +export interface CloudFields { + instance?: Maybe; - email?: Maybe; + machine?: Maybe; - hash?: Maybe; + provider?: Maybe<(Maybe)[]>; - group?: Maybe; + region?: Maybe<(Maybe)[]>; } -export interface LastSourceHost { - timestamp?: Maybe; - - source?: Maybe; - - host?: Maybe; +export interface CloudInstance { + id?: Maybe<(Maybe)[]>; } -export interface SourceEcsFields { - bytes?: Maybe; - - ip?: Maybe; - - port?: Maybe; - - domain?: Maybe; - - geo?: Maybe; - - packets?: Maybe; +export interface CloudMachine { + type?: Maybe<(Maybe)[]>; } -export interface GeoEcsFields { - city_name?: Maybe; - - continent_name?: Maybe; - - country_iso_code?: Maybe; - - country_name?: Maybe; - - location?: Maybe; - - region_iso_code?: Maybe; - - region_name?: Maybe; -} +export interface EndpointFields { + endpointPolicy?: Maybe; -export interface Location { - lon?: Maybe; + sensorVersion?: Maybe; - lat?: Maybe; + policyStatus?: Maybe; } export interface HostEcsFields { @@ -695,6 +557,12 @@ export interface OsEcsFields { kernel?: Maybe; } +export interface Inspect { + dsl: string[]; + + response: string[]; +} + export interface CursorType { value?: Maybe; @@ -709,196 +577,267 @@ export interface PageInfoPaginated { showMorePagesIndicator: boolean; } -export interface Inspect { - dsl: string[]; +export interface FirstLastSeenHost { + inspect?: Maybe; - response: string[]; + firstSeen?: Maybe; + + lastSeen?: Maybe; } -export interface TimelineData { - edges: TimelineEdges[]; +export interface TimelineResult { + columns?: Maybe; - totalCount: number; + created?: Maybe; - pageInfo: PageInfo; + createdBy?: Maybe; - inspect?: Maybe; -} + dataProviders?: Maybe; -export interface TimelineEdges { - node: TimelineItem; + dateRange?: Maybe; - cursor: CursorType; -} + description?: Maybe; -export interface TimelineItem { - _id: string; + eventIdToNoteIds?: Maybe; - _index?: Maybe; + eventType?: Maybe; - data: TimelineNonEcsData[]; + excludedRowRendererIds?: Maybe; - ecs: Ecs; -} + favorite?: Maybe; -export interface TimelineNonEcsData { - field: string; + filters?: Maybe; - value?: Maybe; -} + kqlMode?: Maybe; -export interface Ecs { - _id: string; + kqlQuery?: Maybe; - _index?: Maybe; + indexNames?: Maybe; - agent?: Maybe; + notes?: Maybe; - auditd?: Maybe; + noteIds?: Maybe; - destination?: Maybe; + pinnedEventIds?: Maybe; - dns?: Maybe; + pinnedEventsSaveObject?: Maybe; - endgame?: Maybe; + savedQueryId?: Maybe; - event?: Maybe; + savedObjectId: string; - geo?: Maybe; + sort?: Maybe; - host?: Maybe; + status?: Maybe; - network?: Maybe; + title?: Maybe; - rule?: Maybe; + templateTimelineId?: Maybe; - signal?: Maybe; + templateTimelineVersion?: Maybe; - source?: Maybe; + timelineType?: Maybe; - suricata?: Maybe; + updated?: Maybe; - tls?: Maybe; + updatedBy?: Maybe; - zeek?: Maybe; + version: string; +} - http?: Maybe; +export interface ColumnHeaderResult { + aggregatable?: Maybe; - url?: Maybe; + category?: Maybe; - timestamp?: Maybe; + columnHeaderType?: Maybe; - message?: Maybe; + description?: Maybe; - user?: Maybe; + example?: Maybe; - winlog?: Maybe; + indexes?: Maybe; - process?: Maybe; + id?: Maybe; - file?: Maybe; + name?: Maybe; - system?: Maybe; -} + placeholder?: Maybe; -export interface AgentEcsField { - type?: Maybe; + searchable?: Maybe; + + type?: Maybe; } -export interface AuditdEcsFields { - result?: Maybe; +export interface DataProviderResult { + id?: Maybe; - session?: Maybe; + name?: Maybe; - data?: Maybe; + enabled?: Maybe; - summary?: Maybe; + excluded?: Maybe; - sequence?: Maybe; + kqlQuery?: Maybe; + + queryMatch?: Maybe; + + type?: Maybe; + + and?: Maybe; } -export interface AuditdData { - acct?: Maybe; +export interface QueryMatchResult { + field?: Maybe; - terminal?: Maybe; + displayField?: Maybe; - op?: Maybe; + value?: Maybe; + + displayValue?: Maybe; + + operator?: Maybe; } -export interface Summary { - actor?: Maybe; +export interface DateRangePickerResult { + start?: Maybe; - object?: Maybe; + end?: Maybe; +} - how?: Maybe; +export interface FavoriteTimelineResult { + fullName?: Maybe; - message_type?: Maybe; + userName?: Maybe; - sequence?: Maybe; + favoriteDate?: Maybe; } -export interface PrimarySecondary { - primary?: Maybe; +export interface FilterTimelineResult { + exists?: Maybe; - secondary?: Maybe; + meta?: Maybe; - type?: Maybe; + match_all?: Maybe; + + missing?: Maybe; + + query?: Maybe; + + range?: Maybe; + + script?: Maybe; } -export interface DestinationEcsFields { - bytes?: Maybe; +export interface FilterMetaTimelineResult { + alias?: Maybe; - ip?: Maybe; + controlledBy?: Maybe; - port?: Maybe; + disabled?: Maybe; - domain?: Maybe; + field?: Maybe; - geo?: Maybe; + formattedValue?: Maybe; - packets?: Maybe; + index?: Maybe; + + key?: Maybe; + + negate?: Maybe; + + params?: Maybe; + + type?: Maybe; + + value?: Maybe; } -export interface DnsEcsFields { - question?: Maybe; +export interface SerializedFilterQueryResult { + filterQuery?: Maybe; +} - resolved_ip?: Maybe; +export interface SerializedKueryQueryResult { + kuery?: Maybe; - response_code?: Maybe; + serializedQuery?: Maybe; } -export interface DnsQuestionData { - name?: Maybe; +export interface KueryFilterQueryResult { + kind?: Maybe; - type?: Maybe; + expression?: Maybe; } -export interface EndgameEcsFields { - exit_code?: Maybe; +export interface SortTimelineResult { + columnId?: Maybe; - file_name?: Maybe; + sortDirection?: Maybe; +} - file_path?: Maybe; +export interface ResponseTimelines { + timeline: (Maybe)[]; - logon_type?: Maybe; + totalCount?: Maybe; - parent_process_name?: Maybe; + defaultTimelineCount?: Maybe; - pid?: Maybe; + templateTimelineCount?: Maybe; - process_name?: Maybe; + elasticTemplateTimelineCount?: Maybe; - subject_domain_name?: Maybe; + customTemplateTimelineCount?: Maybe; - subject_logon_id?: Maybe; + favoriteCount?: Maybe; +} - subject_user_name?: Maybe; +export interface Mutation { + /** Persists a note */ + persistNote: ResponseNote; - target_domain_name?: Maybe; + deleteNote?: Maybe; - target_logon_id?: Maybe; + deleteNoteByTimelineId?: Maybe; + /** Persists a pinned event in a timeline */ + persistPinnedEventOnTimeline?: Maybe; + /** Remove a pinned events in a timeline */ + deletePinnedEventOnTimeline: boolean; + /** Remove all pinned events in a timeline */ + deleteAllPinnedEventsOnTimeline: boolean; + /** Persists a timeline */ + persistTimeline: ResponseTimeline; - target_user_name?: Maybe; + persistFavorite: ResponseFavoriteTimeline; + + deleteTimeline: boolean; +} + +export interface ResponseNote { + code?: Maybe; + + message?: Maybe; + + note: NoteResult; +} + +export interface ResponseTimeline { + code?: Maybe; + + message?: Maybe; + + timeline: TimelineResult; +} + +export interface ResponseFavoriteTimeline { + code?: Maybe; + + message?: Maybe; + + savedObjectId: string; + + version: string; + + favorite?: Maybe; } export interface EventEcsFields { @@ -941,110 +880,176 @@ export interface EventEcsFields { type?: Maybe; } -export interface NetworkEcsField { - bytes?: Maybe; - - community_id?: Maybe; +export interface Location { + lon?: Maybe; - direction?: Maybe; + lat?: Maybe; +} - packets?: Maybe; +export interface GeoEcsFields { + city_name?: Maybe; - protocol?: Maybe; + continent_name?: Maybe; - transport?: Maybe; -} + country_iso_code?: Maybe; -export interface RuleEcsField { - reference?: Maybe; -} + country_name?: Maybe; -export interface SignalField { - rule?: Maybe; + location?: Maybe; - original_time?: Maybe; + region_iso_code?: Maybe; - status?: Maybe; + region_name?: Maybe; } -export interface RuleField { - id?: Maybe; +export interface PrimarySecondary { + primary?: Maybe; - rule_id?: Maybe; + secondary?: Maybe; - false_positives: string[]; + type?: Maybe; +} - saved_id?: Maybe; +export interface Summary { + actor?: Maybe; - timeline_id?: Maybe; + object?: Maybe; - timeline_title?: Maybe; + how?: Maybe; - max_signals?: Maybe; + message_type?: Maybe; - risk_score?: Maybe; + sequence?: Maybe; +} - output_index?: Maybe; +export interface AgentEcsField { + type?: Maybe; +} - description?: Maybe; +export interface AuditdData { + acct?: Maybe; - from?: Maybe; + terminal?: Maybe; - immutable?: Maybe; + op?: Maybe; +} - index?: Maybe; +export interface AuditdEcsFields { + result?: Maybe; - interval?: Maybe; + session?: Maybe; - language?: Maybe; + data?: Maybe; - query?: Maybe; + summary?: Maybe; - references?: Maybe; + sequence?: Maybe; +} - severity?: Maybe; +export interface Thread { + id?: Maybe; - tags?: Maybe; + start?: Maybe; +} - threat?: Maybe; +export interface ProcessHashData { + md5?: Maybe; - type?: Maybe; + sha1?: Maybe; - size?: Maybe; + sha256?: Maybe; +} - to?: Maybe; +export interface ProcessEcsFields { + hash?: Maybe; - enabled?: Maybe; + pid?: Maybe; - filters?: Maybe; + name?: Maybe; - created_at?: Maybe; + ppid?: Maybe; - updated_at?: Maybe; + args?: Maybe; - created_by?: Maybe; + entity_id?: Maybe; - updated_by?: Maybe; + executable?: Maybe; - version?: Maybe; + title?: Maybe; - note?: Maybe; + thread?: Maybe; - threshold?: Maybe; + working_directory?: Maybe; +} - exceptions_list?: Maybe; +export interface SourceEcsFields { + bytes?: Maybe; + + ip?: Maybe; + + port?: Maybe; + + domain?: Maybe; + + geo?: Maybe; + + packets?: Maybe; } -export interface SuricataEcsFields { - eve?: Maybe; +export interface DestinationEcsFields { + bytes?: Maybe; + + ip?: Maybe; + + port?: Maybe; + + domain?: Maybe; + + geo?: Maybe; + + packets?: Maybe; } -export interface SuricataEveData { - alert?: Maybe; +export interface DnsQuestionData { + name?: Maybe; - flow_id?: Maybe; + type?: Maybe; +} - proto?: Maybe; +export interface DnsEcsFields { + question?: Maybe; + + resolved_ip?: Maybe; + + response_code?: Maybe; +} + +export interface EndgameEcsFields { + exit_code?: Maybe; + + file_name?: Maybe; + + file_path?: Maybe; + + logon_type?: Maybe; + + parent_process_name?: Maybe; + + pid?: Maybe; + + process_name?: Maybe; + + subject_domain_name?: Maybe; + + subject_logon_id?: Maybe; + + subject_user_name?: Maybe; + + target_domain_name?: Maybe; + + target_logon_id?: Maybe; + + target_user_name?: Maybe; } export interface SuricataAlertData { @@ -1053,48 +1058,44 @@ export interface SuricataAlertData { signature_id?: Maybe; } -export interface TlsEcsFields { - client_certificate?: Maybe; +export interface SuricataEveData { + alert?: Maybe; - fingerprints?: Maybe; + flow_id?: Maybe; - server_certificate?: Maybe; + proto?: Maybe; } -export interface TlsClientCertificateData { - fingerprint?: Maybe; +export interface SuricataEcsFields { + eve?: Maybe; } -export interface FingerprintData { - sha1?: Maybe; +export interface TlsJa3Data { + hash?: Maybe; } -export interface TlsFingerprintsData { - ja3?: Maybe; +export interface FingerprintData { + sha1?: Maybe; } -export interface TlsJa3Data { - hash?: Maybe; +export interface TlsClientCertificateData { + fingerprint?: Maybe; } export interface TlsServerCertificateData { fingerprint?: Maybe; } -export interface ZeekEcsFields { - session_id?: Maybe; - - connection?: Maybe; - - notice?: Maybe; - - dns?: Maybe; +export interface TlsFingerprintsData { + ja3?: Maybe; +} - http?: Maybe; +export interface TlsEcsFields { + client_certificate?: Maybe; - files?: Maybe; + fingerprints?: Maybe; - ssl?: Maybe; + server_certificate?: Maybe; } export interface ZeekConnectionData { @@ -1149,6 +1150,38 @@ export interface ZeekDnsData { TC?: Maybe; } +export interface FileFields { + name?: Maybe; + + path?: Maybe; + + target_path?: Maybe; + + extension?: Maybe; + + type?: Maybe; + + device?: Maybe; + + inode?: Maybe; + + uid?: Maybe; + + owner?: Maybe; + + gid?: Maybe; + + group?: Maybe; + + mode?: Maybe; + + size?: Maybe; + + mtime?: Maybe; + + ctime?: Maybe; +} + export interface ZeekHttpData { resp_mime_types?: Maybe; @@ -1161,6 +1194,48 @@ export interface ZeekHttpData { tags?: Maybe; } +export interface HttpBodyData { + content?: Maybe; + + bytes?: Maybe; +} + +export interface HttpRequestData { + method?: Maybe; + + body?: Maybe; + + referrer?: Maybe; + + bytes?: Maybe; +} + +export interface HttpResponseData { + status_code?: Maybe; + + body?: Maybe; + + bytes?: Maybe; +} + +export interface HttpEcsFields { + version?: Maybe; + + request?: Maybe; + + response?: Maybe; +} + +export interface UrlEcsFields { + domain?: Maybe; + + original?: Maybe; + + username?: Maybe; + + password?: Maybe; +} + export interface ZeekFileData { session_ids?: Maybe; @@ -1209,128 +1284,54 @@ export interface ZeekSslData { version?: Maybe; } -export interface HttpEcsFields { - version?: Maybe; +export interface ZeekEcsFields { + session_id?: Maybe; - request?: Maybe; + connection?: Maybe; - response?: Maybe; -} + notice?: Maybe; -export interface HttpRequestData { - method?: Maybe; + dns?: Maybe; - body?: Maybe; + http?: Maybe; - referrer?: Maybe; + files?: Maybe; - bytes?: Maybe; + ssl?: Maybe; } -export interface HttpBodyData { - content?: Maybe; +export interface UserEcsFields { + domain?: Maybe; - bytes?: Maybe; -} + id?: Maybe; -export interface HttpResponseData { - status_code?: Maybe; + name?: Maybe; - body?: Maybe; + full_name?: Maybe; - bytes?: Maybe; -} + email?: Maybe; -export interface UrlEcsFields { - domain?: Maybe; + hash?: Maybe; - original?: Maybe; - - username?: Maybe; - - password?: Maybe; -} + group?: Maybe; +} export interface WinlogEcsFields { event_id?: Maybe; } -export interface ProcessEcsFields { - hash?: Maybe; - - pid?: Maybe; - - name?: Maybe; - - ppid?: Maybe; - - args?: Maybe; - - entity_id?: Maybe; - - executable?: Maybe; - - title?: Maybe; - - thread?: Maybe; - - working_directory?: Maybe; -} - -export interface ProcessHashData { - md5?: Maybe; - - sha1?: Maybe; - - sha256?: Maybe; -} - -export interface Thread { - id?: Maybe; - - start?: Maybe; -} - -export interface FileFields { - name?: Maybe; - - path?: Maybe; - - target_path?: Maybe; - - extension?: Maybe; - - type?: Maybe; - - device?: Maybe; - - inode?: Maybe; - - uid?: Maybe; - - owner?: Maybe; - - gid?: Maybe; - - group?: Maybe; - - mode?: Maybe; - - size?: Maybe; +export interface NetworkEcsField { + bytes?: Maybe; - mtime?: Maybe; + community_id?: Maybe; - ctime?: Maybe; -} + direction?: Maybe; -export interface SystemEcsField { - audit?: Maybe; + packets?: Maybe; - auth?: Maybe; -} + protocol?: Maybe; -export interface AuditEcsFields { - package?: Maybe; + transport?: Maybe; } export interface PackageEcsFields { @@ -1347,8 +1348,8 @@ export interface PackageEcsFields { version?: Maybe; } -export interface AuthEcsFields { - ssh?: Maybe; +export interface AuditEcsFields { + package?: Maybe; } export interface SshEcsFields { @@ -1357,3188 +1358,760 @@ export interface SshEcsFields { signature?: Maybe; } -export interface PageInfo { - endCursor?: Maybe; - - hasNextPage?: Maybe; +export interface AuthEcsFields { + ssh?: Maybe; } -export interface TimelineDetailsData { - data?: Maybe; +export interface SystemEcsField { + audit?: Maybe; - inspect?: Maybe; + auth?: Maybe; } -export interface DetailItem { - field: string; - - values?: Maybe; - - originalValue?: Maybe; -} +export interface RuleField { + id?: Maybe; -export interface LastEventTimeData { - lastSeen?: Maybe; + rule_id?: Maybe; - inspect?: Maybe; -} + false_positives: string[]; -export interface HostsData { - edges: HostsEdges[]; + saved_id?: Maybe; - totalCount: number; + timeline_id?: Maybe; - pageInfo: PageInfoPaginated; + timeline_title?: Maybe; - inspect?: Maybe; -} + max_signals?: Maybe; -export interface HostsEdges { - node: HostItem; + risk_score?: Maybe; - cursor: CursorType; -} + output_index?: Maybe; -export interface HostItem { - _id?: Maybe; + description?: Maybe; - cloud?: Maybe; + from?: Maybe; - endpoint?: Maybe; + immutable?: Maybe; - host?: Maybe; + index?: Maybe; - inspect?: Maybe; + interval?: Maybe; - lastSeen?: Maybe; -} + language?: Maybe; -export interface CloudFields { - instance?: Maybe; + query?: Maybe; - machine?: Maybe; + references?: Maybe; - provider?: Maybe<(Maybe)[]>; + severity?: Maybe; - region?: Maybe<(Maybe)[]>; -} + tags?: Maybe; -export interface CloudInstance { - id?: Maybe<(Maybe)[]>; -} + threat?: Maybe; -export interface CloudMachine { - type?: Maybe<(Maybe)[]>; -} + type?: Maybe; -export interface EndpointFields { - endpointPolicy?: Maybe; + size?: Maybe; - sensorVersion?: Maybe; + to?: Maybe; - policyStatus?: Maybe; -} + enabled?: Maybe; -export interface FirstLastSeenHost { - inspect?: Maybe; + filters?: Maybe; - firstSeen?: Maybe; + created_at?: Maybe; - lastSeen?: Maybe; -} + updated_at?: Maybe; -export interface KpiNetworkData { - networkEvents?: Maybe; + created_by?: Maybe; - uniqueFlowId?: Maybe; + updated_by?: Maybe; - uniqueSourcePrivateIps?: Maybe; + version?: Maybe; - uniqueSourcePrivateIpsHistogram?: Maybe; + note?: Maybe; - uniqueDestinationPrivateIps?: Maybe; + threshold?: Maybe; - uniqueDestinationPrivateIpsHistogram?: Maybe; + exceptions_list?: Maybe; +} - dnsQueries?: Maybe; +export interface SignalField { + rule?: Maybe; - tlsHandshakes?: Maybe; + original_time?: Maybe; - inspect?: Maybe; + status?: Maybe; } -export interface KpiNetworkHistogramData { - x?: Maybe; - - y?: Maybe; +export interface RuleEcsField { + reference?: Maybe; } -export interface KpiHostsData { - hosts?: Maybe; - - hostsHistogram?: Maybe; - - authSuccess?: Maybe; - - authSuccessHistogram?: Maybe; - - authFailure?: Maybe; - - authFailureHistogram?: Maybe; - - uniqueSourceIps?: Maybe; +export interface Ecs { + _id: string; - uniqueSourceIpsHistogram?: Maybe; + _index?: Maybe; - uniqueDestinationIps?: Maybe; + agent?: Maybe; - uniqueDestinationIpsHistogram?: Maybe; + auditd?: Maybe; - inspect?: Maybe; -} + destination?: Maybe; -export interface KpiHostHistogramData { - x?: Maybe; + dns?: Maybe; - y?: Maybe; -} + endgame?: Maybe; -export interface KpiHostDetailsData { - authSuccess?: Maybe; + event?: Maybe; - authSuccessHistogram?: Maybe; + geo?: Maybe; - authFailure?: Maybe; + host?: Maybe; - authFailureHistogram?: Maybe; + network?: Maybe; - uniqueSourceIps?: Maybe; + rule?: Maybe; - uniqueSourceIpsHistogram?: Maybe; + signal?: Maybe; - uniqueDestinationIps?: Maybe; + source?: Maybe; - uniqueDestinationIpsHistogram?: Maybe; + suricata?: Maybe; - inspect?: Maybe; -} + tls?: Maybe; -export interface MatrixHistogramOverTimeData { - inspect?: Maybe; + zeek?: Maybe; - matrixHistogramData: MatrixOverTimeHistogramData[]; + http?: Maybe; - totalCount: number; -} + url?: Maybe; -export interface MatrixOverTimeHistogramData { - x?: Maybe; + timestamp?: Maybe; - y?: Maybe; + message?: Maybe; - g?: Maybe; -} + user?: Maybe; -export interface NetworkTopCountriesData { - edges: NetworkTopCountriesEdges[]; + winlog?: Maybe; - totalCount: number; + process?: Maybe; - pageInfo: PageInfoPaginated; + file?: Maybe; - inspect?: Maybe; + system?: Maybe; } -export interface NetworkTopCountriesEdges { - node: NetworkTopCountriesItem; +export interface EcsEdges { + node: Ecs; cursor: CursorType; } -export interface NetworkTopCountriesItem { - _id?: Maybe; - - source?: Maybe; - - destination?: Maybe; - - network?: Maybe; -} +export interface OsFields { + platform?: Maybe; -export interface TopCountriesItemSource { - country?: Maybe; + name?: Maybe; - destination_ips?: Maybe; + full?: Maybe; - flows?: Maybe; + family?: Maybe; - location?: Maybe; + version?: Maybe; - source_ips?: Maybe; + kernel?: Maybe; } -export interface GeoItem { - geo?: Maybe; +export interface HostFields { + architecture?: Maybe; - flowTarget?: Maybe; -} + id?: Maybe; -export interface TopCountriesItemDestination { - country?: Maybe; + ip?: Maybe<(Maybe)[]>; - destination_ips?: Maybe; + mac?: Maybe<(Maybe)[]>; - flows?: Maybe; + name?: Maybe; - location?: Maybe; + os?: Maybe; - source_ips?: Maybe; + type?: Maybe; } -export interface TopNetworkTablesEcsField { - bytes_in?: Maybe; - - bytes_out?: Maybe; -} - -export interface NetworkTopNFlowData { - edges: NetworkTopNFlowEdges[]; - - totalCount: number; +/** A descriptor of a field in an index */ +export interface IndexField { + /** Where the field belong */ + category: string; + /** Example of field's value */ + example?: Maybe; + /** whether the field's belong to an alias index */ + indexes: (Maybe)[]; + /** The name of the field */ + name: string; + /** The type of the field's values as recognized by Kibana */ + type: string; + /** Whether the field's values can be efficiently searched for */ + searchable: boolean; + /** Whether the field's values can be aggregated */ + aggregatable: boolean; + /** Description of the field */ + description?: Maybe; - pageInfo: PageInfoPaginated; + format?: Maybe; + /** the elastic type as mapped in the index */ + esTypes?: Maybe; - inspect?: Maybe; + subType?: Maybe; } -export interface NetworkTopNFlowEdges { - node: NetworkTopNFlowItem; +export interface PageInfo { + endCursor?: Maybe; - cursor: CursorType; + hasNextPage?: Maybe; } -export interface NetworkTopNFlowItem { - _id?: Maybe; - - source?: Maybe; - - destination?: Maybe; +// ==================================================== +// Arguments +// ==================================================== - network?: Maybe; +export interface GetNoteQueryArgs { + id: string; } - -export interface TopNFlowItemSource { - autonomous_system?: Maybe; - - domain?: Maybe; - - ip?: Maybe; - - location?: Maybe; - - flows?: Maybe; - - destination_ips?: Maybe; +export interface GetNotesByTimelineIdQueryArgs { + timelineId: string; } - -export interface AutonomousSystemItem { - name?: Maybe; - - number?: Maybe; +export interface GetNotesByEventIdQueryArgs { + eventId: string; } +export interface GetAllNotesQueryArgs { + pageInfo?: Maybe; -export interface TopNFlowItemDestination { - autonomous_system?: Maybe; - - domain?: Maybe; - - ip?: Maybe; - - location?: Maybe; - - flows?: Maybe; + search?: Maybe; - source_ips?: Maybe; + sort?: Maybe; } +export interface GetAllPinnedEventsByTimelineIdQueryArgs { + timelineId: string; +} +export interface SourceQueryArgs { + /** The id of the source */ + id: string; +} +export interface GetOneTimelineQueryArgs { + id: string; +} +export interface GetAllTimelineQueryArgs { + pageInfo: PageInfoTimeline; -export interface NetworkDnsData { - edges: NetworkDnsEdges[]; - - totalCount: number; - - pageInfo: PageInfoPaginated; + search?: Maybe; - inspect?: Maybe; + sort?: Maybe; - histogram?: Maybe; -} + onlyUserFavorite?: Maybe; -export interface NetworkDnsEdges { - node: NetworkDnsItem; + timelineType?: Maybe; - cursor: CursorType; + status?: Maybe; } +export interface HostsSourceArgs { + id?: Maybe; -export interface NetworkDnsItem { - _id?: Maybe; + timerange: TimerangeInput; - dnsBytesIn?: Maybe; + pagination: PaginationInputPaginated; - dnsBytesOut?: Maybe; + sort: HostsSortField; - dnsName?: Maybe; + filterQuery?: Maybe; - queryCount?: Maybe; + defaultIndex: string[]; - uniqueDomains?: Maybe; + docValueFields: DocValueFieldsInput[]; } +export interface HostOverviewSourceArgs { + id?: Maybe; -export interface MatrixOverOrdinalHistogramData { - x: string; + hostName: string; - y: number; + timerange: TimerangeInput; - g: string; + defaultIndex: string[]; } +export interface HostFirstLastSeenSourceArgs { + id?: Maybe; -export interface NetworkDsOverTimeData { - inspect?: Maybe; + hostName: string; - matrixHistogramData: MatrixOverTimeHistogramData[]; + defaultIndex: string[]; - totalCount: number; + docValueFields: DocValueFieldsInput[]; } - -export interface NetworkHttpData { - edges: NetworkHttpEdges[]; - - totalCount: number; - - pageInfo: PageInfoPaginated; - - inspect?: Maybe; +export interface IndicesExistSourceStatusArgs { + defaultIndex: string[]; } - -export interface NetworkHttpEdges { - node: NetworkHttpItem; - - cursor: CursorType; +export interface IndexFieldsSourceStatusArgs { + defaultIndex: string[]; } +export interface PersistNoteMutationArgs { + noteId?: Maybe; -export interface NetworkHttpItem { - _id?: Maybe; - - domains: string[]; - - lastHost?: Maybe; - - lastSourceIp?: Maybe; - - methods: string[]; - - path?: Maybe; - - requestCount?: Maybe; + version?: Maybe; - statuses: string[]; + note: NoteInput; } - -export interface SayMyName { - /** The id of the source */ - appName: string; +export interface DeleteNoteMutationArgs { + id: string[]; } +export interface DeleteNoteByTimelineIdMutationArgs { + timelineId: string; -export interface TimelineResult { - columns?: Maybe; - - created?: Maybe; - - createdBy?: Maybe; - - dataProviders?: Maybe; - - dateRange?: Maybe; - - description?: Maybe; - - eventIdToNoteIds?: Maybe; - - eventType?: Maybe; - - excludedRowRendererIds?: Maybe; - - favorite?: Maybe; - - filters?: Maybe; - - kqlMode?: Maybe; - - kqlQuery?: Maybe; - - indexNames?: Maybe; - - notes?: Maybe; - - noteIds?: Maybe; - - pinnedEventIds?: Maybe; - - pinnedEventsSaveObject?: Maybe; - - savedQueryId?: Maybe; - - savedObjectId: string; - - sort?: Maybe; + version?: Maybe; +} +export interface PersistPinnedEventOnTimelineMutationArgs { + pinnedEventId?: Maybe; - status?: Maybe; + eventId: string; - title?: Maybe; + timelineId?: Maybe; +} +export interface DeletePinnedEventOnTimelineMutationArgs { + id: string[]; +} +export interface DeleteAllPinnedEventsOnTimelineMutationArgs { + timelineId: string; +} +export interface PersistTimelineMutationArgs { + id?: Maybe; - templateTimelineId?: Maybe; + version?: Maybe; - templateTimelineVersion?: Maybe; + timeline: TimelineInput; +} +export interface PersistFavoriteMutationArgs { + timelineId?: Maybe; +} +export interface DeleteTimelineMutationArgs { + id: string[]; +} - timelineType?: Maybe; +// ==================================================== +// Documents +// ==================================================== - updated?: Maybe; +export namespace GetHostOverviewQuery { + export type Variables = { + sourceId: string; + hostName: string; + timerange: TimerangeInput; + defaultIndex: string[]; + inspect: boolean; + }; - updatedBy?: Maybe; + export type Query = { + __typename?: 'Query'; - version: string; -} + source: Source; + }; -export interface ColumnHeaderResult { - aggregatable?: Maybe; + export type Source = { + __typename?: 'Source'; - category?: Maybe; + id: string; - columnHeaderType?: Maybe; + HostOverview: HostOverview; + }; - description?: Maybe; + export type HostOverview = { + __typename?: 'HostItem'; - example?: Maybe; + _id: Maybe; - indexes?: Maybe; + host: Maybe; - id?: Maybe; + cloud: Maybe; - name?: Maybe; + inspect: Maybe; - placeholder?: Maybe; + endpoint: Maybe; + }; - searchable?: Maybe; + export type Host = { + __typename?: 'HostEcsFields'; - type?: Maybe; -} - -export interface DataProviderResult { - id?: Maybe; - - name?: Maybe; - - enabled?: Maybe; - - excluded?: Maybe; - - kqlQuery?: Maybe; - - queryMatch?: Maybe; - - type?: Maybe; - - and?: Maybe; -} - -export interface QueryMatchResult { - field?: Maybe; - - displayField?: Maybe; - - value?: Maybe; - - displayValue?: Maybe; - - operator?: Maybe; -} - -export interface DateRangePickerResult { - start?: Maybe; - - end?: Maybe; -} - -export interface FavoriteTimelineResult { - fullName?: Maybe; - - userName?: Maybe; - - favoriteDate?: Maybe; -} - -export interface FilterTimelineResult { - exists?: Maybe; - - meta?: Maybe; - - match_all?: Maybe; - - missing?: Maybe; - - query?: Maybe; - - range?: Maybe; - - script?: Maybe; -} - -export interface FilterMetaTimelineResult { - alias?: Maybe; - - controlledBy?: Maybe; - - disabled?: Maybe; - - field?: Maybe; - - formattedValue?: Maybe; - - index?: Maybe; - - key?: Maybe; - - negate?: Maybe; - - params?: Maybe; - - type?: Maybe; - - value?: Maybe; -} - -export interface SerializedFilterQueryResult { - filterQuery?: Maybe; -} - -export interface SerializedKueryQueryResult { - kuery?: Maybe; - - serializedQuery?: Maybe; -} - -export interface KueryFilterQueryResult { - kind?: Maybe; - - expression?: Maybe; -} - -export interface SortTimelineResult { - columnId?: Maybe; - - sortDirection?: Maybe; -} - -export interface ResponseTimelines { - timeline: (Maybe)[]; - - totalCount?: Maybe; - - defaultTimelineCount?: Maybe; - - templateTimelineCount?: Maybe; - - elasticTemplateTimelineCount?: Maybe; - - customTemplateTimelineCount?: Maybe; - - favoriteCount?: Maybe; -} - -export interface Mutation { - /** Persists a note */ - persistNote: ResponseNote; - - deleteNote?: Maybe; - - deleteNoteByTimelineId?: Maybe; - /** Persists a pinned event in a timeline */ - persistPinnedEventOnTimeline?: Maybe; - /** Remove a pinned events in a timeline */ - deletePinnedEventOnTimeline: boolean; - /** Remove all pinned events in a timeline */ - deleteAllPinnedEventsOnTimeline: boolean; - /** Persists a timeline */ - persistTimeline: ResponseTimeline; - - persistFavorite: ResponseFavoriteTimeline; - - deleteTimeline: boolean; -} - -export interface ResponseNote { - code?: Maybe; - - message?: Maybe; - - note: NoteResult; -} - -export interface ResponseTimeline { - code?: Maybe; - - message?: Maybe; - - timeline: TimelineResult; -} - -export interface ResponseFavoriteTimeline { - code?: Maybe; - - message?: Maybe; - - savedObjectId: string; - - version: string; - - favorite?: Maybe; -} - -export interface EcsEdges { - node: Ecs; - - cursor: CursorType; -} - -export interface EventsTimelineData { - edges: EcsEdges[]; - - totalCount: number; - - pageInfo: PageInfo; - - inspect?: Maybe; -} - -export interface OsFields { - platform?: Maybe; - - name?: Maybe; - - full?: Maybe; - - family?: Maybe; - - version?: Maybe; - - kernel?: Maybe; -} - -export interface HostFields { - architecture?: Maybe; - - id?: Maybe; - - ip?: Maybe<(Maybe)[]>; - - mac?: Maybe<(Maybe)[]>; - - name?: Maybe; - - os?: Maybe; - - type?: Maybe; -} - -/** A descriptor of a field in an index */ -export interface IndexField { - /** Where the field belong */ - category: string; - /** Example of field's value */ - example?: Maybe; - /** whether the field's belong to an alias index */ - indexes: (Maybe)[]; - /** The name of the field */ - name: string; - /** The type of the field's values as recognized by Kibana */ - type: string; - /** Whether the field's values can be efficiently searched for */ - searchable: boolean; - /** Whether the field's values can be aggregated */ - aggregatable: boolean; - /** Description of the field */ - description?: Maybe; - - format?: Maybe; - /** the elastic type as mapped in the index */ - esTypes?: Maybe; - - subType?: Maybe; -} - -// ==================================================== -// Arguments -// ==================================================== - -export interface GetNoteQueryArgs { - id: string; -} -export interface GetNotesByTimelineIdQueryArgs { - timelineId: string; -} -export interface GetNotesByEventIdQueryArgs { - eventId: string; -} -export interface GetAllNotesQueryArgs { - pageInfo?: Maybe; - - search?: Maybe; - - sort?: Maybe; -} -export interface GetAllPinnedEventsByTimelineIdQueryArgs { - timelineId: string; -} -export interface SourceQueryArgs { - /** The id of the source */ - id: string; -} -export interface GetOneTimelineQueryArgs { - id: string; -} -export interface GetAllTimelineQueryArgs { - pageInfo: PageInfoTimeline; - - search?: Maybe; - - sort?: Maybe; - - onlyUserFavorite?: Maybe; - - timelineType?: Maybe; - - status?: Maybe; -} -export interface AuthenticationsSourceArgs { - timerange: TimerangeInput; - - pagination: PaginationInputPaginated; - - filterQuery?: Maybe; - - defaultIndex: string[]; - - docValueFields: DocValueFieldsInput[]; -} -export interface TimelineSourceArgs { - pagination: PaginationInput; - - sortField: SortField; - - fieldRequested: string[]; - - timerange?: Maybe; - - filterQuery?: Maybe; - - defaultIndex: string[]; - - docValueFields: DocValueFieldsInput[]; -} -export interface TimelineDetailsSourceArgs { - eventId: string; - - indexName: string; - - defaultIndex: string[]; - - docValueFields: DocValueFieldsInput[]; -} -export interface LastEventTimeSourceArgs { - id?: Maybe; - - indexKey: LastEventIndexKey; - - details: LastTimeDetails; - - defaultIndex: string[]; - - docValueFields: DocValueFieldsInput[]; -} -export interface HostsSourceArgs { - id?: Maybe; - - timerange: TimerangeInput; - - pagination: PaginationInputPaginated; - - sort: HostsSortField; - - filterQuery?: Maybe; - - defaultIndex: string[]; - - docValueFields: DocValueFieldsInput[]; -} -export interface HostOverviewSourceArgs { - id?: Maybe; - - hostName: string; - - timerange: TimerangeInput; - - defaultIndex: string[]; -} -export interface HostFirstLastSeenSourceArgs { - id?: Maybe; - - hostName: string; - - defaultIndex: string[]; - - docValueFields: DocValueFieldsInput[]; -} -export interface KpiNetworkSourceArgs { - id?: Maybe; - - timerange: TimerangeInput; - - filterQuery?: Maybe; - - defaultIndex: string[]; -} -export interface KpiHostsSourceArgs { - id?: Maybe; - - timerange: TimerangeInput; - - filterQuery?: Maybe; - - defaultIndex: string[]; -} -export interface KpiHostDetailsSourceArgs { - id?: Maybe; - - timerange: TimerangeInput; - - filterQuery?: Maybe; - - defaultIndex: string[]; -} -export interface MatrixHistogramSourceArgs { - filterQuery?: Maybe; - - defaultIndex: string[]; - - timerange: TimerangeInput; - - stackByField: string; - - histogramType: HistogramType; -} -export interface NetworkTopCountriesSourceArgs { - id?: Maybe; - - filterQuery?: Maybe; - - ip?: Maybe; - - flowTarget: FlowTargetSourceDest; - - pagination: PaginationInputPaginated; - - sort: NetworkTopTablesSortField; - - timerange: TimerangeInput; - - defaultIndex: string[]; -} -export interface NetworkTopNFlowSourceArgs { - id?: Maybe; - - filterQuery?: Maybe; - - ip?: Maybe; - - flowTarget: FlowTargetSourceDest; - - pagination: PaginationInputPaginated; - - sort: NetworkTopTablesSortField; - - timerange: TimerangeInput; - - defaultIndex: string[]; -} -export interface NetworkDnsSourceArgs { - filterQuery?: Maybe; - - id?: Maybe; - - isPtrIncluded: boolean; - - pagination: PaginationInputPaginated; - - sort: NetworkDnsSortField; - - stackByField?: Maybe; - - timerange: TimerangeInput; - - defaultIndex: string[]; -} -export interface NetworkDnsHistogramSourceArgs { - filterQuery?: Maybe; - - defaultIndex: string[]; - - timerange: TimerangeInput; - - stackByField?: Maybe; - - docValueFields: DocValueFieldsInput[]; -} -export interface NetworkHttpSourceArgs { - id?: Maybe; - - filterQuery?: Maybe; - - ip?: Maybe; - - pagination: PaginationInputPaginated; - - sort: NetworkHttpSortField; - - timerange: TimerangeInput; - - defaultIndex: string[]; -} -export interface IndicesExistSourceStatusArgs { - defaultIndex: string[]; -} -export interface IndexFieldsSourceStatusArgs { - defaultIndex: string[]; -} -export interface PersistNoteMutationArgs { - noteId?: Maybe; - - version?: Maybe; - - note: NoteInput; -} -export interface DeleteNoteMutationArgs { - id: string[]; -} -export interface DeleteNoteByTimelineIdMutationArgs { - timelineId: string; - - version?: Maybe; -} -export interface PersistPinnedEventOnTimelineMutationArgs { - pinnedEventId?: Maybe; - - eventId: string; - - timelineId?: Maybe; -} -export interface DeletePinnedEventOnTimelineMutationArgs { - id: string[]; -} -export interface DeleteAllPinnedEventsOnTimelineMutationArgs { - timelineId: string; -} -export interface PersistTimelineMutationArgs { - id?: Maybe; - - version?: Maybe; - - timeline: TimelineInput; -} -export interface PersistFavoriteMutationArgs { - timelineId?: Maybe; -} -export interface DeleteTimelineMutationArgs { - id: string[]; -} - -// ==================================================== -// Documents -// ==================================================== - -export namespace GetLastEventTimeQuery { - export type Variables = { - sourceId: string; - indexKey: LastEventIndexKey; - details: LastTimeDetails; - defaultIndex: string[]; - docValueFields: DocValueFieldsInput[]; - }; - - export type Query = { - __typename?: 'Query'; - - source: Source; - }; - - export type Source = { - __typename?: 'Source'; - - id: string; - - LastEventTime: LastEventTime; - }; - - export type LastEventTime = { - __typename?: 'LastEventTimeData'; - - lastSeen: Maybe; - }; -} - -export namespace GetMatrixHistogramQuery { - export type Variables = { - defaultIndex: string[]; - filterQuery?: Maybe; - histogramType: HistogramType; - inspect: boolean; - sourceId: string; - stackByField: string; - timerange: TimerangeInput; - }; - - export type Query = { - __typename?: 'Query'; - - source: Source; - }; - - export type Source = { - __typename?: 'Source'; - - id: string; - - MatrixHistogram: MatrixHistogram; - }; - - export type MatrixHistogram = { - __typename?: 'MatrixHistogramOverTimeData'; - - matrixHistogramData: MatrixHistogramData[]; - - totalCount: number; - - inspect: Maybe; - }; - - export type MatrixHistogramData = { - __typename?: 'MatrixOverTimeHistogramData'; - - x: Maybe; - - y: Maybe; - - g: Maybe; - }; - - export type Inspect = { - __typename?: 'Inspect'; - - dsl: string[]; - - response: string[]; - }; -} - -export namespace GetAuthenticationsQuery { - export type Variables = { - sourceId: string; - timerange: TimerangeInput; - pagination: PaginationInputPaginated; - filterQuery?: Maybe; - defaultIndex: string[]; - inspect: boolean; - docValueFields: DocValueFieldsInput[]; - }; - - export type Query = { - __typename?: 'Query'; - - source: Source; - }; - - export type Source = { - __typename?: 'Source'; - - id: string; - - Authentications: Authentications; - }; - - export type Authentications = { - __typename?: 'AuthenticationsData'; - - totalCount: number; - - edges: Edges[]; - - pageInfo: PageInfo; - - inspect: Maybe; - }; - - export type Edges = { - __typename?: 'AuthenticationsEdges'; - - node: Node; - - cursor: Cursor; - }; - - export type Node = { - __typename?: 'AuthenticationItem'; - - _id: string; - - failures: number; - - successes: number; - - user: User; - - lastSuccess: Maybe; - - lastFailure: Maybe; - }; - - export type User = { - __typename?: 'UserEcsFields'; - - name: Maybe; - }; - - export type LastSuccess = { - __typename?: 'LastSourceHost'; - - timestamp: Maybe; - - source: Maybe<_Source>; - - host: Maybe; - }; - - export type _Source = { - __typename?: 'SourceEcsFields'; - - ip: Maybe; - }; - - export type Host = { - __typename?: 'HostEcsFields'; - - id: Maybe; - - name: Maybe; - }; - - export type LastFailure = { - __typename?: 'LastSourceHost'; - - timestamp: Maybe; - - source: Maybe<__Source>; - - host: Maybe<_Host>; - }; - - export type __Source = { - __typename?: 'SourceEcsFields'; - - ip: Maybe; - }; - - export type _Host = { - __typename?: 'HostEcsFields'; - - id: Maybe; - - name: Maybe; - }; - - export type Cursor = { - __typename?: 'CursorType'; - - value: Maybe; - }; - - export type PageInfo = { - __typename?: 'PageInfoPaginated'; - - activePage: number; - - fakeTotalCount: number; - - showMorePagesIndicator: boolean; - }; - - export type Inspect = { - __typename?: 'Inspect'; - - dsl: string[]; - - response: string[]; - }; -} - -export namespace GetHostOverviewQuery { - export type Variables = { - sourceId: string; - hostName: string; - timerange: TimerangeInput; - defaultIndex: string[]; - inspect: boolean; - }; - - export type Query = { - __typename?: 'Query'; - - source: Source; - }; - - export type Source = { - __typename?: 'Source'; - - id: string; - - HostOverview: HostOverview; - }; - - export type HostOverview = { - __typename?: 'HostItem'; - - _id: Maybe; - - host: Maybe; - - cloud: Maybe; - - inspect: Maybe; - - endpoint: Maybe; - }; - - export type Host = { - __typename?: 'HostEcsFields'; - - architecture: Maybe; - - id: Maybe; - - ip: Maybe; - - mac: Maybe; - - name: Maybe; - - os: Maybe; - - type: Maybe; - }; - - export type Os = { - __typename?: 'OsEcsFields'; - - family: Maybe; - - name: Maybe; - - platform: Maybe; - - version: Maybe; - }; - - export type Cloud = { - __typename?: 'CloudFields'; - - instance: Maybe; - - machine: Maybe; - - provider: Maybe<(Maybe)[]>; - - region: Maybe<(Maybe)[]>; - }; - - export type Instance = { - __typename?: 'CloudInstance'; - - id: Maybe<(Maybe)[]>; - }; - - export type Machine = { - __typename?: 'CloudMachine'; - - type: Maybe<(Maybe)[]>; - }; - - export type Inspect = { - __typename?: 'Inspect'; - - dsl: string[]; - - response: string[]; - }; - - export type Endpoint = { - __typename?: 'EndpointFields'; - - endpointPolicy: Maybe; - - policyStatus: Maybe; - - sensorVersion: Maybe; - }; -} - -export namespace GetHostFirstLastSeenQuery { - export type Variables = { - sourceId: string; - hostName: string; - defaultIndex: string[]; - docValueFields: DocValueFieldsInput[]; - }; - - export type Query = { - __typename?: 'Query'; - - source: Source; - }; - - export type Source = { - __typename?: 'Source'; - - id: string; - - HostFirstLastSeen: HostFirstLastSeen; - }; - - export type HostFirstLastSeen = { - __typename?: 'FirstLastSeenHost'; - - firstSeen: Maybe; - - lastSeen: Maybe; - }; -} - -export namespace GetHostsTableQuery { - export type Variables = { - sourceId: string; - timerange: TimerangeInput; - pagination: PaginationInputPaginated; - sort: HostsSortField; - filterQuery?: Maybe; - defaultIndex: string[]; - inspect: boolean; - docValueFields: DocValueFieldsInput[]; - }; - - export type Query = { - __typename?: 'Query'; - - source: Source; - }; - - export type Source = { - __typename?: 'Source'; - - id: string; - - Hosts: Hosts; - }; - - export type Hosts = { - __typename?: 'HostsData'; - - totalCount: number; - - edges: Edges[]; - - pageInfo: PageInfo; - - inspect: Maybe; - }; - - export type Edges = { - __typename?: 'HostsEdges'; - - node: Node; - - cursor: Cursor; - }; - - export type Node = { - __typename?: 'HostItem'; - - _id: Maybe; - - lastSeen: Maybe; - - host: Maybe; - }; - - export type Host = { - __typename?: 'HostEcsFields'; - - id: Maybe; - - name: Maybe; - - os: Maybe; - }; - - export type Os = { - __typename?: 'OsEcsFields'; - - name: Maybe; - - version: Maybe; - }; - - export type Cursor = { - __typename?: 'CursorType'; - - value: Maybe; - }; - - export type PageInfo = { - __typename?: 'PageInfoPaginated'; - - activePage: number; - - fakeTotalCount: number; - - showMorePagesIndicator: boolean; - }; - - export type Inspect = { - __typename?: 'Inspect'; - - dsl: string[]; - - response: string[]; - }; -} - -export namespace GetKpiHostDetailsQuery { - export type Variables = { - sourceId: string; - timerange: TimerangeInput; - filterQuery?: Maybe; - defaultIndex: string[]; - inspect: boolean; - }; - - export type Query = { - __typename?: 'Query'; - - source: Source; - }; - - export type Source = { - __typename?: 'Source'; - - id: string; - - KpiHostDetails: KpiHostDetails; - }; - - export type KpiHostDetails = { - __typename?: 'KpiHostDetailsData'; - - authSuccess: Maybe; - - authSuccessHistogram: Maybe; - - authFailure: Maybe; - - authFailureHistogram: Maybe; - - uniqueSourceIps: Maybe; - - uniqueSourceIpsHistogram: Maybe; - - uniqueDestinationIps: Maybe; - - uniqueDestinationIpsHistogram: Maybe; - - inspect: Maybe; - }; - - export type AuthSuccessHistogram = KpiHostDetailsChartFields.Fragment; - - export type AuthFailureHistogram = KpiHostDetailsChartFields.Fragment; - - export type UniqueSourceIpsHistogram = KpiHostDetailsChartFields.Fragment; - - export type UniqueDestinationIpsHistogram = KpiHostDetailsChartFields.Fragment; - - export type Inspect = { - __typename?: 'Inspect'; - - dsl: string[]; - - response: string[]; - }; -} - -export namespace GetKpiHostsQuery { - export type Variables = { - sourceId: string; - timerange: TimerangeInput; - filterQuery?: Maybe; - defaultIndex: string[]; - inspect: boolean; - }; - - export type Query = { - __typename?: 'Query'; - - source: Source; - }; - - export type Source = { - __typename?: 'Source'; - - id: string; - - KpiHosts: KpiHosts; - }; - - export type KpiHosts = { - __typename?: 'KpiHostsData'; - - hosts: Maybe; - - hostsHistogram: Maybe; - - authSuccess: Maybe; - - authSuccessHistogram: Maybe; - - authFailure: Maybe; - - authFailureHistogram: Maybe; - - uniqueSourceIps: Maybe; - - uniqueSourceIpsHistogram: Maybe; - - uniqueDestinationIps: Maybe; - - uniqueDestinationIpsHistogram: Maybe; - - inspect: Maybe; - }; - - export type HostsHistogram = KpiHostChartFields.Fragment; - - export type AuthSuccessHistogram = KpiHostChartFields.Fragment; - - export type AuthFailureHistogram = KpiHostChartFields.Fragment; - - export type UniqueSourceIpsHistogram = KpiHostChartFields.Fragment; - - export type UniqueDestinationIpsHistogram = KpiHostChartFields.Fragment; - - export type Inspect = { - __typename?: 'Inspect'; - - dsl: string[]; - - response: string[]; - }; -} - -export namespace GetKpiNetworkQuery { - export type Variables = { - sourceId: string; - timerange: TimerangeInput; - filterQuery?: Maybe; - defaultIndex: string[]; - inspect: boolean; - }; - - export type Query = { - __typename?: 'Query'; - - source: Source; - }; - - export type Source = { - __typename?: 'Source'; - - id: string; - - KpiNetwork: Maybe; - }; - - export type KpiNetwork = { - __typename?: 'KpiNetworkData'; - - networkEvents: Maybe; - - uniqueFlowId: Maybe; - - uniqueSourcePrivateIps: Maybe; - - uniqueSourcePrivateIpsHistogram: Maybe; - - uniqueDestinationPrivateIps: Maybe; - - uniqueDestinationPrivateIpsHistogram: Maybe; - - dnsQueries: Maybe; - - tlsHandshakes: Maybe; - - inspect: Maybe; - }; - - export type UniqueSourcePrivateIpsHistogram = KpiNetworkChartFields.Fragment; - - export type UniqueDestinationPrivateIpsHistogram = KpiNetworkChartFields.Fragment; - - export type Inspect = { - __typename?: 'Inspect'; - - dsl: string[]; - - response: string[]; - }; -} - -export namespace GetNetworkDnsQuery { - export type Variables = { - defaultIndex: string[]; - filterQuery?: Maybe; - inspect: boolean; - isPtrIncluded: boolean; - pagination: PaginationInputPaginated; - sort: NetworkDnsSortField; - sourceId: string; - stackByField?: Maybe; - timerange: TimerangeInput; - }; - - export type Query = { - __typename?: 'Query'; - - source: Source; - }; - - export type Source = { - __typename?: 'Source'; - - id: string; - - NetworkDns: NetworkDns; - }; - - export type NetworkDns = { - __typename?: 'NetworkDnsData'; - - totalCount: number; - - edges: Edges[]; - - pageInfo: PageInfo; - - inspect: Maybe; - }; - - export type Edges = { - __typename?: 'NetworkDnsEdges'; - - node: Node; - - cursor: Cursor; - }; - - export type Node = { - __typename?: 'NetworkDnsItem'; - - _id: Maybe; - - dnsBytesIn: Maybe; - - dnsBytesOut: Maybe; - - dnsName: Maybe; - - queryCount: Maybe; - - uniqueDomains: Maybe; - }; - - export type Cursor = { - __typename?: 'CursorType'; - - value: Maybe; - }; - - export type PageInfo = { - __typename?: 'PageInfoPaginated'; - - activePage: number; - - fakeTotalCount: number; - - showMorePagesIndicator: boolean; - }; - - export type Inspect = { - __typename?: 'Inspect'; - - dsl: string[]; - - response: string[]; - }; -} - -export namespace GetNetworkHttpQuery { - export type Variables = { - sourceId: string; - ip?: Maybe; - filterQuery?: Maybe; - pagination: PaginationInputPaginated; - sort: NetworkHttpSortField; - timerange: TimerangeInput; - defaultIndex: string[]; - inspect: boolean; - }; - - export type Query = { - __typename?: 'Query'; - - source: Source; - }; - - export type Source = { - __typename?: 'Source'; - - id: string; - - NetworkHttp: NetworkHttp; - }; - - export type NetworkHttp = { - __typename?: 'NetworkHttpData'; - - totalCount: number; - - edges: Edges[]; - - pageInfo: PageInfo; - - inspect: Maybe; - }; - - export type Edges = { - __typename?: 'NetworkHttpEdges'; - - node: Node; - - cursor: Cursor; - }; - - export type Node = { - __typename?: 'NetworkHttpItem'; - - domains: string[]; - - lastHost: Maybe; - - lastSourceIp: Maybe; - - methods: string[]; - - path: Maybe; - - requestCount: Maybe; - - statuses: string[]; - }; - - export type Cursor = { - __typename?: 'CursorType'; - - value: Maybe; - }; - - export type PageInfo = { - __typename?: 'PageInfoPaginated'; - - activePage: number; - - fakeTotalCount: number; - - showMorePagesIndicator: boolean; - }; - - export type Inspect = { - __typename?: 'Inspect'; - - dsl: string[]; - - response: string[]; - }; -} - -export namespace GetNetworkTopCountriesQuery { - export type Variables = { - sourceId: string; - ip?: Maybe; - filterQuery?: Maybe; - pagination: PaginationInputPaginated; - sort: NetworkTopTablesSortField; - flowTarget: FlowTargetSourceDest; - timerange: TimerangeInput; - defaultIndex: string[]; - inspect: boolean; - }; - - export type Query = { - __typename?: 'Query'; - - source: Source; - }; - - export type Source = { - __typename?: 'Source'; - - id: string; - - NetworkTopCountries: NetworkTopCountries; - }; - - export type NetworkTopCountries = { - __typename?: 'NetworkTopCountriesData'; - - totalCount: number; - - edges: Edges[]; - - pageInfo: PageInfo; - - inspect: Maybe; - }; - - export type Edges = { - __typename?: 'NetworkTopCountriesEdges'; - - node: Node; - - cursor: Cursor; - }; - - export type Node = { - __typename?: 'NetworkTopCountriesItem'; - - source: Maybe<_Source>; - - destination: Maybe; - - network: Maybe; - }; - - export type _Source = { - __typename?: 'TopCountriesItemSource'; - - country: Maybe; - - destination_ips: Maybe; - - flows: Maybe; - - source_ips: Maybe; - }; - - export type Destination = { - __typename?: 'TopCountriesItemDestination'; - - country: Maybe; - - destination_ips: Maybe; - - flows: Maybe; - - source_ips: Maybe; - }; - - export type Network = { - __typename?: 'TopNetworkTablesEcsField'; - - bytes_in: Maybe; - - bytes_out: Maybe; - }; - - export type Cursor = { - __typename?: 'CursorType'; - - value: Maybe; - }; - - export type PageInfo = { - __typename?: 'PageInfoPaginated'; - - activePage: number; - - fakeTotalCount: number; - - showMorePagesIndicator: boolean; - }; - - export type Inspect = { - __typename?: 'Inspect'; - - dsl: string[]; - - response: string[]; - }; -} - -export namespace GetNetworkTopNFlowQuery { - export type Variables = { - sourceId: string; - ip?: Maybe; - filterQuery?: Maybe; - pagination: PaginationInputPaginated; - sort: NetworkTopTablesSortField; - flowTarget: FlowTargetSourceDest; - timerange: TimerangeInput; - defaultIndex: string[]; - inspect: boolean; - }; - - export type Query = { - __typename?: 'Query'; - - source: Source; - }; - - export type Source = { - __typename?: 'Source'; - - id: string; - - NetworkTopNFlow: NetworkTopNFlow; - }; - - export type NetworkTopNFlow = { - __typename?: 'NetworkTopNFlowData'; - - totalCount: number; - - edges: Edges[]; - - pageInfo: PageInfo; - - inspect: Maybe; - }; - - export type Edges = { - __typename?: 'NetworkTopNFlowEdges'; - - node: Node; - - cursor: Cursor; - }; - - export type Node = { - __typename?: 'NetworkTopNFlowItem'; - - source: Maybe<_Source>; - - destination: Maybe; - - network: Maybe; - }; - - export type _Source = { - __typename?: 'TopNFlowItemSource'; - - autonomous_system: Maybe; - - domain: Maybe; - - ip: Maybe; - - location: Maybe; - - flows: Maybe; - - destination_ips: Maybe; - }; - - export type AutonomousSystem = { - __typename?: 'AutonomousSystemItem'; - - name: Maybe; - - number: Maybe; - }; - - export type Location = { - __typename?: 'GeoItem'; - - geo: Maybe; - - flowTarget: Maybe; - }; - - export type Geo = { - __typename?: 'GeoEcsFields'; - - continent_name: Maybe; - - country_name: Maybe; - - country_iso_code: Maybe; - - city_name: Maybe; - - region_iso_code: Maybe; - - region_name: Maybe; - }; - - export type Destination = { - __typename?: 'TopNFlowItemDestination'; - - autonomous_system: Maybe<_AutonomousSystem>; - - domain: Maybe; - - ip: Maybe; - - location: Maybe<_Location>; - - flows: Maybe; - - source_ips: Maybe; - }; - - export type _AutonomousSystem = { - __typename?: 'AutonomousSystemItem'; - - name: Maybe; - - number: Maybe; - }; - - export type _Location = { - __typename?: 'GeoItem'; - - geo: Maybe<_Geo>; - - flowTarget: Maybe; - }; - - export type _Geo = { - __typename?: 'GeoEcsFields'; - - continent_name: Maybe; - - country_name: Maybe; - - country_iso_code: Maybe; - - city_name: Maybe; - - region_iso_code: Maybe; - - region_name: Maybe; - }; - - export type Network = { - __typename?: 'TopNetworkTablesEcsField'; - - bytes_in: Maybe; - - bytes_out: Maybe; - }; - - export type Cursor = { - __typename?: 'CursorType'; - - value: Maybe; - }; - - export type PageInfo = { - __typename?: 'PageInfoPaginated'; - - activePage: number; - - fakeTotalCount: number; - - showMorePagesIndicator: boolean; - }; - - export type Inspect = { - __typename?: 'Inspect'; - - dsl: string[]; - - response: string[]; - }; -} - -export namespace GetAllTimeline { - export type Variables = { - pageInfo: PageInfoTimeline; - search?: Maybe; - sort?: Maybe; - onlyUserFavorite?: Maybe; - timelineType?: Maybe; - status?: Maybe; - }; - - export type Query = { - __typename?: 'Query'; - - getAllTimeline: GetAllTimeline; - }; - - export type GetAllTimeline = { - __typename?: 'ResponseTimelines'; - - totalCount: Maybe; - - defaultTimelineCount: Maybe; - - templateTimelineCount: Maybe; - - elasticTemplateTimelineCount: Maybe; - - customTemplateTimelineCount: Maybe; - - favoriteCount: Maybe; - - timeline: (Maybe)[]; - }; - - export type Timeline = { - __typename?: 'TimelineResult'; - - savedObjectId: string; - - description: Maybe; - - favorite: Maybe; - - eventIdToNoteIds: Maybe; - - excludedRowRendererIds: Maybe; - - notes: Maybe; - - noteIds: Maybe; - - pinnedEventIds: Maybe; - - status: Maybe; - - title: Maybe; - - timelineType: Maybe; - - templateTimelineId: Maybe; - - templateTimelineVersion: Maybe; - - created: Maybe; - - createdBy: Maybe; - - updated: Maybe; - - updatedBy: Maybe; - - version: string; - }; - - export type Favorite = { - __typename?: 'FavoriteTimelineResult'; - - fullName: Maybe; - - userName: Maybe; - - favoriteDate: Maybe; - }; - - export type EventIdToNoteIds = { - __typename?: 'NoteResult'; - - eventId: Maybe; - - note: Maybe; - - timelineId: Maybe; - - noteId: string; - - created: Maybe; - - createdBy: Maybe; - - timelineVersion: Maybe; - - updated: Maybe; - - updatedBy: Maybe; - - version: Maybe; - }; - - export type Notes = { - __typename?: 'NoteResult'; - - eventId: Maybe; - - note: Maybe; - - timelineId: Maybe; - - timelineVersion: Maybe; - - noteId: string; - - created: Maybe; - - createdBy: Maybe; - - updated: Maybe; - - updatedBy: Maybe; - - version: Maybe; - }; -} - -export namespace DeleteTimelineMutation { - export type Variables = { - id: string[]; - }; - - export type Mutation = { - __typename?: 'Mutation'; - - deleteTimeline: boolean; - }; -} - -export namespace GetTimelineDetailsQuery { - export type Variables = { - sourceId: string; - eventId: string; - indexName: string; - defaultIndex: string[]; - docValueFields: DocValueFieldsInput[]; - }; - - export type Query = { - __typename?: 'Query'; - - source: Source; - }; - - export type Source = { - __typename?: 'Source'; - - id: string; - - TimelineDetails: TimelineDetails; - }; - - export type TimelineDetails = { - __typename?: 'TimelineDetailsData'; - - data: Maybe; - }; - - export type Data = { - __typename?: 'DetailItem'; - - field: string; - - values: Maybe; - - originalValue: Maybe; - }; -} - -export namespace PersistTimelineFavoriteMutation { - export type Variables = { - timelineId?: Maybe; - }; - - export type Mutation = { - __typename?: 'Mutation'; - - persistFavorite: PersistFavorite; - }; - - export type PersistFavorite = { - __typename?: 'ResponseFavoriteTimeline'; - - savedObjectId: string; - - version: string; - - favorite: Maybe; - }; - - export type Favorite = { - __typename?: 'FavoriteTimelineResult'; - - fullName: Maybe; - - userName: Maybe; - - favoriteDate: Maybe; - }; -} - -export namespace GetTimelineQuery { - export type Variables = { - sourceId: string; - fieldRequested: string[]; - pagination: PaginationInput; - sortField: SortField; - filterQuery?: Maybe; - defaultIndex: string[]; - inspect: boolean; - docValueFields: DocValueFieldsInput[]; - timerange: TimerangeInput; - }; - - export type Query = { - __typename?: 'Query'; - - source: Source; - }; - - export type Source = { - __typename?: 'Source'; - - id: string; - - Timeline: Timeline; - }; - - export type Timeline = { - __typename?: 'TimelineData'; - - totalCount: number; - - inspect: Maybe; - - pageInfo: PageInfo; - - edges: Edges[]; - }; - - export type Inspect = { - __typename?: 'Inspect'; - - dsl: string[]; - - response: string[]; - }; - - export type PageInfo = { - __typename?: 'PageInfo'; - - endCursor: Maybe; - - hasNextPage: Maybe; - }; - - export type EndCursor = { - __typename?: 'CursorType'; - - value: Maybe; - - tiebreaker: Maybe; - }; - - export type Edges = { - __typename?: 'TimelineEdges'; - - node: Node; - }; - - export type Node = { - __typename?: 'TimelineItem'; - - _id: string; - - _index: Maybe; - - data: Data[]; - - ecs: Ecs; - }; - - export type Data = { - __typename?: 'TimelineNonEcsData'; - - field: string; - - value: Maybe; - }; - - export type Ecs = { - __typename?: 'ECS'; - - _id: string; - - _index: Maybe; - - timestamp: Maybe; - - message: Maybe; - - system: Maybe; - - event: Maybe; - - agent: Maybe; - - auditd: Maybe; - - file: Maybe; - - host: Maybe; - - rule: Maybe; - - source: Maybe<_Source>; - - destination: Maybe; - - dns: Maybe; - - endgame: Maybe; - - geo: Maybe<__Geo>; - - signal: Maybe; - - suricata: Maybe; - - network: Maybe; - - http: Maybe; - - tls: Maybe; - - url: Maybe; - - user: Maybe; - - winlog: Maybe; - - process: Maybe; - - zeek: Maybe; - }; - - export type System = { - __typename?: 'SystemEcsField'; - - auth: Maybe; - - audit: Maybe; - }; - - export type Auth = { - __typename?: 'AuthEcsFields'; - - ssh: Maybe; - }; - - export type Ssh = { - __typename?: 'SshEcsFields'; - - signature: Maybe; - - method: Maybe; - }; - - export type Audit = { - __typename?: 'AuditEcsFields'; - - package: Maybe; - }; - - export type Package = { - __typename?: 'PackageEcsFields'; - - arch: Maybe; - - entity_id: Maybe; - - name: Maybe; - - size: Maybe; - - summary: Maybe; - - version: Maybe; - }; - - export type Event = { - __typename?: 'EventEcsFields'; - - action: Maybe; - - category: Maybe; - - code: Maybe; - - created: Maybe; - - dataset: Maybe; - - duration: Maybe; - - end: Maybe; - - hash: Maybe; - - id: Maybe; - - kind: Maybe; - - module: Maybe; - - original: Maybe; - - outcome: Maybe; - - risk_score: Maybe; - - risk_score_norm: Maybe; - - severity: Maybe; - - start: Maybe; - - timezone: Maybe; - - type: Maybe; - }; - - export type Agent = { - __typename?: 'AgentEcsField'; - - type: Maybe; - }; - - export type Auditd = { - __typename?: 'AuditdEcsFields'; - - result: Maybe; - - session: Maybe; - - data: Maybe<_Data>; - - summary: Maybe; - }; - - export type _Data = { - __typename?: 'AuditdData'; - - acct: Maybe; - - terminal: Maybe; - - op: Maybe; - }; - - export type Summary = { - __typename?: 'Summary'; - - actor: Maybe; - - object: Maybe; - - how: Maybe; - - message_type: Maybe; - - sequence: Maybe; - }; - - export type Actor = { - __typename?: 'PrimarySecondary'; - - primary: Maybe; - - secondary: Maybe; - }; - - export type Object = { - __typename?: 'PrimarySecondary'; - - primary: Maybe; - - secondary: Maybe; - - type: Maybe; - }; - - export type File = { - __typename?: 'FileFields'; - - name: Maybe; - - path: Maybe; - - target_path: Maybe; - - extension: Maybe; - - type: Maybe; - - device: Maybe; - - inode: Maybe; - - uid: Maybe; - - owner: Maybe; - - gid: Maybe; - - group: Maybe; - - mode: Maybe; - - size: Maybe; - - mtime: Maybe; - - ctime: Maybe; - }; - - export type Host = { - __typename?: 'HostEcsFields'; - - id: Maybe; - - name: Maybe; - - ip: Maybe; - }; - - export type Rule = { - __typename?: 'RuleEcsField'; - - reference: Maybe; - }; - - export type _Source = { - __typename?: 'SourceEcsFields'; - - bytes: Maybe; - - ip: Maybe; - - packets: Maybe; - - port: Maybe; - - geo: Maybe; - }; - - export type Geo = { - __typename?: 'GeoEcsFields'; - - continent_name: Maybe; - - country_name: Maybe; - - country_iso_code: Maybe; - - city_name: Maybe; - - region_iso_code: Maybe; - - region_name: Maybe; - }; - - export type Destination = { - __typename?: 'DestinationEcsFields'; - - bytes: Maybe; - - ip: Maybe; - - packets: Maybe; - - port: Maybe; - - geo: Maybe<_Geo>; - }; - - export type _Geo = { - __typename?: 'GeoEcsFields'; - - continent_name: Maybe; - - country_name: Maybe; - - country_iso_code: Maybe; - - city_name: Maybe; - - region_iso_code: Maybe; - - region_name: Maybe; - }; - - export type Dns = { - __typename?: 'DnsEcsFields'; - - question: Maybe; - - resolved_ip: Maybe; - - response_code: Maybe; - }; - - export type Question = { - __typename?: 'DnsQuestionData'; - - name: Maybe; - - type: Maybe; - }; - - export type Endgame = { - __typename?: 'EndgameEcsFields'; - - exit_code: Maybe; - - file_name: Maybe; - - file_path: Maybe; - - logon_type: Maybe; - - parent_process_name: Maybe; - - pid: Maybe; - - process_name: Maybe; - - subject_domain_name: Maybe; - - subject_logon_id: Maybe; - - subject_user_name: Maybe; - - target_domain_name: Maybe; - - target_logon_id: Maybe; - - target_user_name: Maybe; - }; - - export type __Geo = { - __typename?: 'GeoEcsFields'; - - region_name: Maybe; - - country_iso_code: Maybe; - }; - - export type Signal = { - __typename?: 'SignalField'; - - status: Maybe; - - original_time: Maybe; - - rule: Maybe<_Rule>; - }; - - export type _Rule = { - __typename?: 'RuleField'; + architecture: Maybe; id: Maybe; - saved_id: Maybe; - - timeline_id: Maybe; + ip: Maybe; - timeline_title: Maybe; + mac: Maybe; - output_index: Maybe; + name: Maybe; - from: Maybe; + os: Maybe; - index: Maybe; + type: Maybe; + }; - language: Maybe; + export type Os = { + __typename?: 'OsEcsFields'; - query: Maybe; + family: Maybe; - to: Maybe; + name: Maybe; - filters: Maybe; + platform: Maybe; - note: Maybe; + version: Maybe; + }; - type: Maybe; + export type Cloud = { + __typename?: 'CloudFields'; - threshold: Maybe; + instance: Maybe; - exceptions_list: Maybe; - }; + machine: Maybe; - export type Suricata = { - __typename?: 'SuricataEcsFields'; + provider: Maybe<(Maybe)[]>; - eve: Maybe; + region: Maybe<(Maybe)[]>; }; - export type Eve = { - __typename?: 'SuricataEveData'; + export type Instance = { + __typename?: 'CloudInstance'; - proto: Maybe; + id: Maybe<(Maybe)[]>; + }; - flow_id: Maybe; + export type Machine = { + __typename?: 'CloudMachine'; - alert: Maybe; + type: Maybe<(Maybe)[]>; }; - export type Alert = { - __typename?: 'SuricataAlertData'; + export type Inspect = { + __typename?: 'Inspect'; - signature: Maybe; + dsl: string[]; - signature_id: Maybe; + response: string[]; }; - export type Network = { - __typename?: 'NetworkEcsField'; + export type Endpoint = { + __typename?: 'EndpointFields'; - bytes: Maybe; + endpointPolicy: Maybe; - community_id: Maybe; + policyStatus: Maybe; - direction: Maybe; + sensorVersion: Maybe; + }; +} - packets: Maybe; +export namespace GetHostFirstLastSeenQuery { + export type Variables = { + sourceId: string; + hostName: string; + defaultIndex: string[]; + docValueFields: DocValueFieldsInput[]; + }; - protocol: Maybe; + export type Query = { + __typename?: 'Query'; - transport: Maybe; + source: Source; }; - export type Http = { - __typename?: 'HttpEcsFields'; - - version: Maybe; + export type Source = { + __typename?: 'Source'; - request: Maybe; + id: string; - response: Maybe; + HostFirstLastSeen: HostFirstLastSeen; }; - export type Request = { - __typename?: 'HttpRequestData'; - - method: Maybe; + export type HostFirstLastSeen = { + __typename?: 'FirstLastSeenHost'; - body: Maybe; + firstSeen: Maybe; - referrer: Maybe; + lastSeen: Maybe; }; +} - export type Body = { - __typename?: 'HttpBodyData'; +export namespace GetHostsTableQuery { + export type Variables = { + sourceId: string; + timerange: TimerangeInput; + pagination: PaginationInputPaginated; + sort: HostsSortField; + filterQuery?: Maybe; + defaultIndex: string[]; + inspect: boolean; + docValueFields: DocValueFieldsInput[]; + }; - bytes: Maybe; + export type Query = { + __typename?: 'Query'; - content: Maybe; + source: Source; }; - export type Response = { - __typename?: 'HttpResponseData'; + export type Source = { + __typename?: 'Source'; - status_code: Maybe; + id: string; - body: Maybe<_Body>; + Hosts: Hosts; }; - export type _Body = { - __typename?: 'HttpBodyData'; + export type Hosts = { + __typename?: 'HostsData'; - bytes: Maybe; + totalCount: number; - content: Maybe; - }; + edges: Edges[]; + + pageInfo: PageInfo; - export type Tls = { - __typename?: 'TlsEcsFields'; + inspect: Maybe; + }; - client_certificate: Maybe; + export type Edges = { + __typename?: 'HostsEdges'; - fingerprints: Maybe; + node: Node; - server_certificate: Maybe; + cursor: Cursor; }; - export type ClientCertificate = { - __typename?: 'TlsClientCertificateData'; + export type Node = { + __typename?: 'HostItem'; - fingerprint: Maybe; - }; + _id: Maybe; - export type Fingerprint = { - __typename?: 'FingerprintData'; + lastSeen: Maybe; - sha1: Maybe; + host: Maybe; }; - export type Fingerprints = { - __typename?: 'TlsFingerprintsData'; + export type Host = { + __typename?: 'HostEcsFields'; - ja3: Maybe; - }; + id: Maybe; - export type Ja3 = { - __typename?: 'TlsJa3Data'; + name: Maybe; - hash: Maybe; + os: Maybe; }; - export type ServerCertificate = { - __typename?: 'TlsServerCertificateData'; + export type Os = { + __typename?: 'OsEcsFields'; + + name: Maybe; - fingerprint: Maybe<_Fingerprint>; + version: Maybe; }; - export type _Fingerprint = { - __typename?: 'FingerprintData'; + export type Cursor = { + __typename?: 'CursorType'; - sha1: Maybe; + value: Maybe; }; - export type Url = { - __typename?: 'UrlEcsFields'; - - original: Maybe; + export type PageInfo = { + __typename?: 'PageInfoPaginated'; - domain: Maybe; + activePage: number; - username: Maybe; + fakeTotalCount: number; - password: Maybe; + showMorePagesIndicator: boolean; }; - export type User = { - __typename?: 'UserEcsFields'; + export type Inspect = { + __typename?: 'Inspect'; - domain: Maybe; + dsl: string[]; - name: Maybe; + response: string[]; }; +} - export type Winlog = { - __typename?: 'WinlogEcsFields'; - - event_id: Maybe; +export namespace GetAllTimeline { + export type Variables = { + pageInfo: PageInfoTimeline; + search?: Maybe; + sort?: Maybe; + onlyUserFavorite?: Maybe; + timelineType?: Maybe; + status?: Maybe; }; - export type Process = { - __typename?: 'ProcessEcsFields'; + export type Query = { + __typename?: 'Query'; - hash: Maybe; + getAllTimeline: GetAllTimeline; + }; - pid: Maybe; + export type GetAllTimeline = { + __typename?: 'ResponseTimelines'; - name: Maybe; + totalCount: Maybe; - ppid: Maybe; + defaultTimelineCount: Maybe; - args: Maybe; + templateTimelineCount: Maybe; - entity_id: Maybe; + elasticTemplateTimelineCount: Maybe; - executable: Maybe; + customTemplateTimelineCount: Maybe; - title: Maybe; + favoriteCount: Maybe; - working_directory: Maybe; + timeline: (Maybe)[]; }; - export type Hash = { - __typename?: 'ProcessHashData'; - - md5: Maybe; - - sha1: Maybe; - - sha256: Maybe; - }; + export type Timeline = { + __typename?: 'TimelineResult'; - export type Zeek = { - __typename?: 'ZeekEcsFields'; + savedObjectId: string; - session_id: Maybe; + description: Maybe; - connection: Maybe; + favorite: Maybe; - notice: Maybe; + eventIdToNoteIds: Maybe; - dns: Maybe<_Dns>; + excludedRowRendererIds: Maybe; - http: Maybe<_Http>; + notes: Maybe; - files: Maybe; + noteIds: Maybe; - ssl: Maybe; - }; + pinnedEventIds: Maybe; - export type Connection = { - __typename?: 'ZeekConnectionData'; + status: Maybe; - local_resp: Maybe; + title: Maybe; - local_orig: Maybe; + timelineType: Maybe; - missed_bytes: Maybe; + templateTimelineId: Maybe; - state: Maybe; + templateTimelineVersion: Maybe; - history: Maybe; - }; + created: Maybe; - export type Notice = { - __typename?: 'ZeekNoticeData'; + createdBy: Maybe; - suppress_for: Maybe; + updated: Maybe; - msg: Maybe; + updatedBy: Maybe; - note: Maybe; + version: string; + }; - sub: Maybe; + export type Favorite = { + __typename?: 'FavoriteTimelineResult'; - dst: Maybe; + fullName: Maybe; - dropped: Maybe; + userName: Maybe; - peer_descr: Maybe; + favoriteDate: Maybe; }; - export type _Dns = { - __typename?: 'ZeekDnsData'; - - AA: Maybe; + export type EventIdToNoteIds = { + __typename?: 'NoteResult'; - qclass_name: Maybe; + eventId: Maybe; - RD: Maybe; + note: Maybe; - qtype_name: Maybe; + timelineId: Maybe; - rejected: Maybe; + noteId: string; - qtype: Maybe; + created: Maybe; - query: Maybe; + createdBy: Maybe; - trans_id: Maybe; + timelineVersion: Maybe; - qclass: Maybe; + updated: Maybe; - RA: Maybe; + updatedBy: Maybe; - TC: Maybe; + version: Maybe; }; - export type _Http = { - __typename?: 'ZeekHttpData'; - - resp_mime_types: Maybe; - - trans_depth: Maybe; - - status_msg: Maybe; - - resp_fuids: Maybe; + export type Notes = { + __typename?: 'NoteResult'; - tags: Maybe; - }; + eventId: Maybe; - export type Files = { - __typename?: 'ZeekFileData'; + note: Maybe; - session_ids: Maybe; + timelineId: Maybe; - timedout: Maybe; + timelineVersion: Maybe; - local_orig: Maybe; + noteId: string; - tx_host: Maybe; + created: Maybe; - source: Maybe; + createdBy: Maybe; - is_orig: Maybe; + updated: Maybe; - overflow_bytes: Maybe; + updatedBy: Maybe; - sha1: Maybe; + version: Maybe; + }; +} - duration: Maybe; +export namespace DeleteTimelineMutation { + export type Variables = { + id: string[]; + }; - depth: Maybe; + export type Mutation = { + __typename?: 'Mutation'; - analyzers: Maybe; + deleteTimeline: boolean; + }; +} - mime_type: Maybe; +export namespace PersistTimelineFavoriteMutation { + export type Variables = { + timelineId?: Maybe; + }; - rx_host: Maybe; + export type Mutation = { + __typename?: 'Mutation'; - total_bytes: Maybe; + persistFavorite: PersistFavorite; + }; - fuid: Maybe; + export type PersistFavorite = { + __typename?: 'ResponseFavoriteTimeline'; - seen_bytes: Maybe; + savedObjectId: string; - missing_bytes: Maybe; + version: string; - md5: Maybe; + favorite: Maybe; }; - export type Ssl = { - __typename?: 'ZeekSslData'; - - cipher: Maybe; + export type Favorite = { + __typename?: 'FavoriteTimelineResult'; - established: Maybe; + fullName: Maybe; - resumed: Maybe; + userName: Maybe; - version: Maybe; + favoriteDate: Maybe; }; } @@ -5199,33 +2772,3 @@ export namespace PersistTimelinePinnedEventMutation { version: Maybe; }; } - -export namespace KpiHostDetailsChartFields { - export type Fragment = { - __typename?: 'KpiHostHistogramData'; - - x: Maybe; - - y: Maybe; - }; -} - -export namespace KpiHostChartFields { - export type Fragment = { - __typename?: 'KpiHostHistogramData'; - - x: Maybe; - - y: Maybe; - }; -} - -export namespace KpiNetworkChartFields { - export type Fragment = { - __typename?: 'KpiNetworkHistogramData'; - - x: Maybe; - - y: Maybe; - }; -} diff --git a/x-pack/plugins/security_solution/public/hosts/containers/authentications/index.gql_query.ts b/x-pack/plugins/security_solution/public/hosts/containers/authentications/index.gql_query.ts deleted file mode 100644 index c68816b34c175..0000000000000 --- a/x-pack/plugins/security_solution/public/hosts/containers/authentications/index.gql_query.ts +++ /dev/null @@ -1,74 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import gql from 'graphql-tag'; - -export const authenticationsQuery = gql` - query GetAuthenticationsQuery( - $sourceId: ID! - $timerange: TimerangeInput! - $pagination: PaginationInputPaginated! - $filterQuery: String - $defaultIndex: [String!]! - $inspect: Boolean! - $docValueFields: [docValueFieldsInput!]! - ) { - source(id: $sourceId) { - id - Authentications( - timerange: $timerange - pagination: $pagination - filterQuery: $filterQuery - defaultIndex: $defaultIndex - docValueFields: $docValueFields - ) { - totalCount - edges { - node { - _id - failures - successes - user { - name - } - lastSuccess { - timestamp - source { - ip - } - host { - id - name - } - } - lastFailure { - timestamp - source { - ip - } - host { - id - name - } - } - } - cursor { - value - } - } - pageInfo { - activePage - fakeTotalCount - showMorePagesIndicator - } - inspect @include(if: $inspect) { - dsl - response - } - } - } - } -`; diff --git a/x-pack/plugins/security_solution/public/hosts/containers/kpi_host_details/index.gql_query.tsx b/x-pack/plugins/security_solution/public/hosts/containers/kpi_host_details/index.gql_query.tsx deleted file mode 100644 index 077f49c4bdfa6..0000000000000 --- a/x-pack/plugins/security_solution/public/hosts/containers/kpi_host_details/index.gql_query.tsx +++ /dev/null @@ -1,52 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import gql from 'graphql-tag'; - -export const kpiHostDetailsQuery = gql` - fragment KpiHostDetailsChartFields on KpiHostHistogramData { - x - y - } - - query GetKpiHostDetailsQuery( - $sourceId: ID! - $timerange: TimerangeInput! - $filterQuery: String - $defaultIndex: [String!]! - $inspect: Boolean! - ) { - source(id: $sourceId) { - id - KpiHostDetails( - timerange: $timerange - filterQuery: $filterQuery - defaultIndex: $defaultIndex - ) { - authSuccess - authSuccessHistogram { - ...KpiHostDetailsChartFields - } - authFailure - authFailureHistogram { - ...KpiHostDetailsChartFields - } - uniqueSourceIps - uniqueSourceIpsHistogram { - ...KpiHostDetailsChartFields - } - uniqueDestinationIps - uniqueDestinationIpsHistogram { - ...KpiHostDetailsChartFields - } - inspect @include(if: $inspect) { - dsl - response - } - } - } - } -`; diff --git a/x-pack/plugins/security_solution/public/hosts/containers/kpi_host_details/index.tsx b/x-pack/plugins/security_solution/public/hosts/containers/kpi_host_details/index.tsx deleted file mode 100644 index 26e4eaf9ea82e..0000000000000 --- a/x-pack/plugins/security_solution/public/hosts/containers/kpi_host_details/index.tsx +++ /dev/null @@ -1,93 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import { getOr } from 'lodash/fp'; -import React from 'react'; -import { Query } from 'react-apollo'; -import { connect, ConnectedProps } from 'react-redux'; - -import { KpiHostDetailsData, GetKpiHostDetailsQuery } from '../../../graphql/types'; -import { inputsModel, inputsSelectors, State } from '../../../common/store'; -import { createFilter, getDefaultFetchPolicy } from '../../../common/containers/helpers'; -import { QueryTemplateProps } from '../../../common/containers/query_template'; - -import { kpiHostDetailsQuery } from './index.gql_query'; - -const ID = 'kpiHostDetailsQuery'; - -export interface KpiHostDetailsArgs { - id: string; - inspect: inputsModel.InspectQuery; - kpiHostDetails: KpiHostDetailsData; - loading: boolean; - refetch: inputsModel.Refetch; -} - -export interface QueryKpiHostDetailsProps extends QueryTemplateProps { - children: (args: KpiHostDetailsArgs) => React.ReactNode; -} - -const KpiHostDetailsComponentQuery = React.memo( - ({ - id = ID, - children, - endDate, - filterQuery, - indexNames, - isInspected, - skip, - sourceId, - startDate, - }) => ( - - query={kpiHostDetailsQuery} - fetchPolicy={getDefaultFetchPolicy()} - notifyOnNetworkStatusChange - skip={skip} - variables={{ - sourceId, - timerange: { - interval: '12h', - from: startDate!, - to: endDate!, - }, - filterQuery: createFilter(filterQuery), - defaultIndex: indexNames ?? [], - inspect: isInspected, - }} - > - {({ data, loading, refetch }) => { - const kpiHostDetails = getOr({}, `source.KpiHostDetails`, data); - return children({ - id, - inspect: getOr(null, 'source.KpiHostDetails.inspect', data), - kpiHostDetails, - loading, - refetch, - }); - }} - - ) -); - -KpiHostDetailsComponentQuery.displayName = 'KpiHostDetailsComponentQuery'; - -const makeMapStateToProps = () => { - const getQuery = inputsSelectors.globalQueryByIdSelector(); - const mapStateToProps = (state: State, { id = ID }: QueryKpiHostDetailsProps) => { - const { isInspected } = getQuery(state, id); - return { - isInspected, - }; - }; - return mapStateToProps; -}; - -const connector = connect(makeMapStateToProps); - -type PropsFromRedux = ConnectedProps; - -export const KpiHostDetailsQuery = connector(KpiHostDetailsComponentQuery); diff --git a/x-pack/plugins/security_solution/public/hosts/containers/kpi_hosts/index.gql_query.ts b/x-pack/plugins/security_solution/public/hosts/containers/kpi_hosts/index.gql_query.ts deleted file mode 100644 index 37d54455db1fd..0000000000000 --- a/x-pack/plugins/security_solution/public/hosts/containers/kpi_hosts/index.gql_query.ts +++ /dev/null @@ -1,52 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import gql from 'graphql-tag'; - -export const kpiHostsQuery = gql` - fragment KpiHostChartFields on KpiHostHistogramData { - x - y - } - - query GetKpiHostsQuery( - $sourceId: ID! - $timerange: TimerangeInput! - $filterQuery: String - $defaultIndex: [String!]! - $inspect: Boolean! - ) { - source(id: $sourceId) { - id - KpiHosts(timerange: $timerange, filterQuery: $filterQuery, defaultIndex: $defaultIndex) { - hosts - hostsHistogram { - ...KpiHostChartFields - } - authSuccess - authSuccessHistogram { - ...KpiHostChartFields - } - authFailure - authFailureHistogram { - ...KpiHostChartFields - } - uniqueSourceIps - uniqueSourceIpsHistogram { - ...KpiHostChartFields - } - uniqueDestinationIps - uniqueDestinationIpsHistogram { - ...KpiHostChartFields - } - inspect @include(if: $inspect) { - dsl - response - } - } - } - } -`; diff --git a/x-pack/plugins/security_solution/public/hosts/pages/details/index.tsx b/x-pack/plugins/security_solution/public/hosts/pages/details/index.tsx index 55b2b529000be..a8b46769b7363 100644 --- a/x-pack/plugins/security_solution/public/hosts/pages/details/index.tsx +++ b/x-pack/plugins/security_solution/public/hosts/pages/details/index.tsx @@ -9,7 +9,7 @@ import { noop } from 'lodash/fp'; import React, { useEffect, useCallback, useMemo } from 'react'; import { connect, ConnectedProps } from 'react-redux'; -import { HostItem } from '../../../../common/search_strategy'; +import { HostItem, LastEventIndexKey } from '../../../../common/search_strategy'; import { SecurityPageName } from '../../../app/types'; import { UpdateDateRange } from '../../../common/components/charts/common'; import { FiltersGlobal } from '../../../common/components/filters_global'; @@ -28,7 +28,6 @@ import { SiemSearchBar } from '../../../common/components/search_bar'; import { WrapperPage } from '../../../common/components/wrapper_page'; import { HostOverviewByNameQuery } from '../../containers/hosts/details'; import { useGlobalTime } from '../../../common/containers/use_global_time'; -import { LastEventIndexKey } from '../../../graphql/types'; import { useKibana } from '../../../common/lib/kibana'; import { convertToBuildEsQuery } from '../../../common/lib/keury'; import { inputsSelectors, State } from '../../../common/store'; diff --git a/x-pack/plugins/security_solution/public/hosts/pages/hosts.tsx b/x-pack/plugins/security_solution/public/hosts/pages/hosts.tsx index ea8cf11e7595a..4835f7eff5b6f 100644 --- a/x-pack/plugins/security_solution/public/hosts/pages/hosts.tsx +++ b/x-pack/plugins/security_solution/public/hosts/pages/hosts.tsx @@ -23,7 +23,7 @@ import { WrapperPage } from '../../common/components/wrapper_page'; import { useFullScreen } from '../../common/containers/use_full_screen'; import { useGlobalTime } from '../../common/containers/use_global_time'; import { TimelineId } from '../../../common/types/timeline'; -import { LastEventIndexKey } from '../../graphql/types'; +import { LastEventIndexKey } from '../../../common/search_strategy'; import { useKibana } from '../../common/lib/kibana'; import { convertToBuildEsQuery } from '../../common/lib/keury'; import { inputsSelectors, State } from '../../common/store'; diff --git a/x-pack/plugins/security_solution/public/network/components/direction/index.tsx b/x-pack/plugins/security_solution/public/network/components/direction/index.tsx index c8e8f009339c1..7fbc4c5e3c6df 100644 --- a/x-pack/plugins/security_solution/public/network/components/direction/index.tsx +++ b/x-pack/plugins/security_solution/public/network/components/direction/index.tsx @@ -6,7 +6,7 @@ import React from 'react'; -import { NetworkDirectionEcs } from '../../../graphql/types'; +import { NetworkDirectionEcs } from '../../../../common/search_strategy'; import { DraggableBadge } from '../../../common/components/draggables'; import { NETWORK_DIRECTION_FIELD_NAME } from '../source_destination/field_names'; diff --git a/x-pack/plugins/security_solution/public/network/components/network_dns_table/__snapshots__/index.test.tsx.snap b/x-pack/plugins/security_solution/public/network/components/network_dns_table/__snapshots__/index.test.tsx.snap index a70ee66a5552e..0119859d37672 100644 --- a/x-pack/plugins/security_solution/public/network/components/network_dns_table/__snapshots__/index.test.tsx.snap +++ b/x-pack/plugins/security_solution/public/network/components/network_dns_table/__snapshots__/index.test.tsx.snap @@ -1,7 +1,7 @@ // Jest Snapshot v1, https://goo.gl/fbAQLP exports[`NetworkTopNFlow Table Component rendering it renders the default NetworkTopNFlow table 1`] = ` - { const wrapper = shallow( ); - expect(wrapper.find('Connect(NetworkDnsTableComponent)')).toMatchSnapshot(); + expect(wrapper.find('Memo(NetworkDnsTableComponent)')).toMatchSnapshot(); }); }); @@ -81,18 +77,14 @@ describe('NetworkTopNFlow Table Component', () => { diff --git a/x-pack/plugins/security_solution/public/network/components/network_dns_table/index.tsx b/x-pack/plugins/security_solution/public/network/components/network_dns_table/index.tsx index ce5c05db34c5e..fa7690e9eeaff 100644 --- a/x-pack/plugins/security_solution/public/network/components/network_dns_table/index.tsx +++ b/x-pack/plugins/security_solution/public/network/components/network_dns_table/index.tsx @@ -5,17 +5,16 @@ */ import React, { useCallback, useMemo } from 'react'; -import { connect, ConnectedProps } from 'react-redux'; +import { useDispatch, useSelector, shallowEqual } from 'react-redux'; import deepEqual from 'fast-deep-equal'; import { networkActions, networkModel, networkSelectors } from '../../store'; import { Direction, + SortField, NetworkDnsEdges, NetworkDnsFields, - NetworkDnsSortField, -} from '../../../graphql/types'; -import { State } from '../../../common/store'; +} from '../../../../common/search_strategy'; import { Criteria, ItemsPerRow, PaginatedTable } from '../../../common/components/paginated_table'; import { getNetworkDnsColumns } from './columns'; @@ -24,7 +23,7 @@ import * as i18n from './translations'; const tableType = networkModel.NetworkTableType.dns; -interface OwnProps { +interface NetworkDnsTableProps { data: NetworkDnsEdges[]; fakeTotalCount: number; id: string; @@ -36,8 +35,6 @@ interface OwnProps { type: networkModel.NetworkType; } -type NetworkDnsTableProps = OwnProps & PropsFromRedux; - const rowItems: ItemsPerRow[] = [ { text: i18n.ROWS_5, @@ -49,121 +46,122 @@ const rowItems: ItemsPerRow[] = [ }, ]; -export const NetworkDnsTableComponent = React.memo( - ({ - activePage, - data, - fakeTotalCount, - id, - isInspect, - isPtrIncluded, - limit, - loading, - loadPage, - showMorePagesIndicator, - sort, - totalCount, - type, - updateNetworkTable, - }) => { - const updateLimitPagination = useCallback( - (newLimit) => - updateNetworkTable({ +const NetworkDnsTableComponent: React.FC = ({ + data, + fakeTotalCount, + id, + isInspect, + loading, + loadPage, + showMorePagesIndicator, + totalCount, + type, +}) => { + const dispatch = useDispatch(); + const getNetworkDnsSelector = networkSelectors.dnsSelector(); + const { activePage, isPtrIncluded, limit, sort } = useSelector( + getNetworkDnsSelector, + shallowEqual + ); + const updateLimitPagination = useCallback( + (newLimit) => + dispatch( + networkActions.updateNetworkTable({ networkType: type, tableType, updates: { limit: newLimit }, - }), - [type, updateNetworkTable] - ); - - const updateActivePage = useCallback( - (newPage) => - updateNetworkTable({ + }) + ), + [type, dispatch] + ); + + const updateActivePage = useCallback( + (newPage) => + dispatch( + networkActions.updateNetworkTable({ networkType: type, tableType, updates: { activePage: newPage }, - }), - [type, updateNetworkTable] - ); - - const onChange = useCallback( - (criteria: Criteria) => { - if (criteria.sort != null) { - const newDnsSortField: NetworkDnsSortField = { - field: criteria.sort.field.split('.')[1] as NetworkDnsFields, - direction: criteria.sort.direction as Direction, - }; - if (!deepEqual(newDnsSortField, sort)) { - updateNetworkTable({ + }) + ), + [dispatch, type] + ); + + const onChange = useCallback( + (criteria: Criteria) => { + if (criteria.sort != null) { + const newDnsSortField: SortField = { + field: criteria.sort.field.split('.')[1] as NetworkDnsFields, + direction: criteria.sort.direction as Direction, + }; + if (!deepEqual(newDnsSortField, sort)) { + dispatch( + networkActions.updateNetworkTable({ networkType: type, tableType, updates: { sort: newDnsSortField }, - }); - } + }) + ); } - }, - [sort, type, updateNetworkTable] - ); - - const onChangePtrIncluded = useCallback( - () => - updateNetworkTable({ + } + }, + [sort, type, dispatch] + ); + + const onChangePtrIncluded = useCallback( + () => + dispatch( + networkActions.updateNetworkTable({ networkType: type, tableType, updates: { isPtrIncluded: !isPtrIncluded }, - }), - [type, updateNetworkTable, isPtrIncluded] - ); - - const columns = useMemo(() => getNetworkDnsColumns(), []); - - return ( - - } - headerTitle={i18n.TOP_DNS_DOMAINS} - headerTooltip={i18n.TOOLTIP} - headerUnit={i18n.UNIT(totalCount)} - id={id} - itemsPerRow={rowItems} - isInspect={isInspect} - limit={limit} - loading={loading} - loadPage={loadPage} - onChange={onChange} - pageOfItems={data} - showMorePagesIndicator={showMorePagesIndicator} - sorting={{ - field: `node.${sort.field}`, - direction: sort.direction, - }} - totalCount={fakeTotalCount} - updateActivePage={updateActivePage} - updateLimitPagination={updateLimitPagination} - /> - ); - } -); - -NetworkDnsTableComponent.displayName = 'NetworkDnsTableComponent'; - -const makeMapStateToProps = () => { - const getNetworkDnsSelector = networkSelectors.dnsSelector(); - const mapStateToProps = (state: State) => getNetworkDnsSelector(state); - return mapStateToProps; -}; - -const mapDispatchToProps = { - updateNetworkTable: networkActions.updateNetworkTable, + }) + ), + [dispatch, type, isPtrIncluded] + ); + + const columns = useMemo(() => getNetworkDnsColumns(), []); + + const sorting = useMemo( + () => ({ + field: `node.${sort.field}`, + direction: sort.direction, + }), + [sort.direction, sort.field] + ); + + const HeaderSupplement = useMemo( + () => , + [isPtrIncluded, onChangePtrIncluded] + ); + + return ( + + ); }; -const connector = connect(makeMapStateToProps, mapDispatchToProps); - -type PropsFromRedux = ConnectedProps; +NetworkDnsTableComponent.displayName = 'NetworkDnsTableComponent'; -export const NetworkDnsTable = connector(NetworkDnsTableComponent); +export const NetworkDnsTable = React.memo(NetworkDnsTableComponent); diff --git a/x-pack/plugins/security_solution/public/network/components/network_dns_table/mock.ts b/x-pack/plugins/security_solution/public/network/components/network_dns_table/mock.ts index d094256fa4026..faeee4800d8a8 100644 --- a/x-pack/plugins/security_solution/public/network/components/network_dns_table/mock.ts +++ b/x-pack/plugins/security_solution/public/network/components/network_dns_table/mock.ts @@ -4,179 +4,178 @@ * you may not use this file except in compliance with the Elastic License. */ -import { NetworkDnsData } from '../../../graphql/types'; +import { NetworkDnsStrategyResponse } from '../../../../common/search_strategy'; -export const mockData: { NetworkDns: NetworkDnsData } = { - NetworkDns: { - totalCount: 80, - edges: [ - { - node: { - _id: 'nflxvideo.net', - dnsBytesIn: 2964, - dnsBytesOut: 12546, - dnsName: 'nflxvideo.net', - queryCount: 52, - uniqueDomains: 21, - }, - cursor: { value: 'nflxvideo.net' }, - }, - { - node: { - _id: 'apple.com', - dnsBytesIn: 2680, - dnsBytesOut: 31687, - dnsName: 'apple.com', - queryCount: 75, - uniqueDomains: 20, - }, - cursor: { value: 'apple.com' }, - }, - { - node: { - _id: 'googlevideo.com', - dnsBytesIn: 1890, - dnsBytesOut: 16292, - dnsName: 'googlevideo.com', - queryCount: 38, - uniqueDomains: 19, - }, - cursor: { value: 'googlevideo.com' }, - }, - { - node: { - _id: 'netflix.com', - dnsBytesIn: 60525, - dnsBytesOut: 218193, - dnsName: 'netflix.com', - queryCount: 1532, - uniqueDomains: 12, - }, - cursor: { value: 'netflix.com' }, - }, - { - node: { - _id: 'samsungcloudsolution.com', - dnsBytesIn: 1480, - dnsBytesOut: 11702, - dnsName: 'samsungcloudsolution.com', - queryCount: 31, - uniqueDomains: 8, - }, - cursor: { value: 'samsungcloudsolution.com' }, - }, - { - node: { - _id: 'doubleclick.net', - dnsBytesIn: 1505, - dnsBytesOut: 14372, - dnsName: 'doubleclick.net', - queryCount: 35, - uniqueDomains: 7, - }, - cursor: { value: 'doubleclick.net' }, - }, - { - node: { - _id: 'digitalocean.com', - dnsBytesIn: 2035, - dnsBytesOut: 4111, - dnsName: 'digitalocean.com', - queryCount: 35, - uniqueDomains: 6, - }, - cursor: { value: 'digitalocean.com' }, - }, - { - node: { - _id: 'samsungelectronics.com', - dnsBytesIn: 3916, - dnsBytesOut: 36592, - dnsName: 'samsungelectronics.com', - queryCount: 89, - uniqueDomains: 6, - }, - cursor: { value: 'samsungelectronics.com' }, - }, - { - node: { - _id: 'google.com', - dnsBytesIn: 896, - dnsBytesOut: 8072, - dnsName: 'google.com', - queryCount: 23, - uniqueDomains: 5, - }, - cursor: { value: 'google.com' }, - }, - { - node: { - _id: 'samsungcloudsolution.net', - dnsBytesIn: 1490, - dnsBytesOut: 11518, - dnsName: 'samsungcloudsolution.net', - queryCount: 30, - uniqueDomains: 5, - }, - cursor: { value: 'samsungcloudsolution.net' }, - }, - ], - pageInfo: { - activePage: 1, - fakeTotalCount: 50, - showMorePagesIndicator: true, - }, - histogram: [ - { - x: 'nflxvideo.net', - g: 'nflxvideo.net', - y: 12546, - }, - { - x: 'apple.com', - g: 'apple.com', - y: 31687, - }, - { - x: 'googlevideo.com', - g: 'googlevideo.com', - y: 16292, - }, - { - x: 'netflix.com', - g: 'netflix.com', - y: 218193, - }, - { - x: 'samsungcloudsolution.com', - g: 'samsungcloudsolution.com', - y: 11702, - }, - { - x: 'doubleclick.net', - g: 'doubleclick.net', - y: 14372, - }, - { - x: 'digitalocean.com', - g: 'digitalocean.com', - y: 4111, - }, - { - x: 'samsungelectronics.com', - g: 'samsungelectronics.com', - y: 36592, - }, - { - x: 'google.com', - g: 'google.com', - y: 8072, - }, - { - x: 'samsungcloudsolution.net', - g: 'samsungcloudsolution.net', - y: 11518, - }, - ], +export const mockData: NetworkDnsStrategyResponse = { + totalCount: 80, + edges: [ + { + node: { + _id: 'nflxvideo.net', + dnsBytesIn: 2964, + dnsBytesOut: 12546, + dnsName: 'nflxvideo.net', + queryCount: 52, + uniqueDomains: 21, + }, + cursor: { value: 'nflxvideo.net' }, + }, + { + node: { + _id: 'apple.com', + dnsBytesIn: 2680, + dnsBytesOut: 31687, + dnsName: 'apple.com', + queryCount: 75, + uniqueDomains: 20, + }, + cursor: { value: 'apple.com' }, + }, + { + node: { + _id: 'googlevideo.com', + dnsBytesIn: 1890, + dnsBytesOut: 16292, + dnsName: 'googlevideo.com', + queryCount: 38, + uniqueDomains: 19, + }, + cursor: { value: 'googlevideo.com' }, + }, + { + node: { + _id: 'netflix.com', + dnsBytesIn: 60525, + dnsBytesOut: 218193, + dnsName: 'netflix.com', + queryCount: 1532, + uniqueDomains: 12, + }, + cursor: { value: 'netflix.com' }, + }, + { + node: { + _id: 'samsungcloudsolution.com', + dnsBytesIn: 1480, + dnsBytesOut: 11702, + dnsName: 'samsungcloudsolution.com', + queryCount: 31, + uniqueDomains: 8, + }, + cursor: { value: 'samsungcloudsolution.com' }, + }, + { + node: { + _id: 'doubleclick.net', + dnsBytesIn: 1505, + dnsBytesOut: 14372, + dnsName: 'doubleclick.net', + queryCount: 35, + uniqueDomains: 7, + }, + cursor: { value: 'doubleclick.net' }, + }, + { + node: { + _id: 'digitalocean.com', + dnsBytesIn: 2035, + dnsBytesOut: 4111, + dnsName: 'digitalocean.com', + queryCount: 35, + uniqueDomains: 6, + }, + cursor: { value: 'digitalocean.com' }, + }, + { + node: { + _id: 'samsungelectronics.com', + dnsBytesIn: 3916, + dnsBytesOut: 36592, + dnsName: 'samsungelectronics.com', + queryCount: 89, + uniqueDomains: 6, + }, + cursor: { value: 'samsungelectronics.com' }, + }, + { + node: { + _id: 'google.com', + dnsBytesIn: 896, + dnsBytesOut: 8072, + dnsName: 'google.com', + queryCount: 23, + uniqueDomains: 5, + }, + cursor: { value: 'google.com' }, + }, + { + node: { + _id: 'samsungcloudsolution.net', + dnsBytesIn: 1490, + dnsBytesOut: 11518, + dnsName: 'samsungcloudsolution.net', + queryCount: 30, + uniqueDomains: 5, + }, + cursor: { value: 'samsungcloudsolution.net' }, + }, + ], + pageInfo: { + activePage: 1, + fakeTotalCount: 50, + showMorePagesIndicator: true, }, + histogram: [ + { + x: 'nflxvideo.net', + g: 'nflxvideo.net', + y: 12546, + }, + { + x: 'apple.com', + g: 'apple.com', + y: 31687, + }, + { + x: 'googlevideo.com', + g: 'googlevideo.com', + y: 16292, + }, + { + x: 'netflix.com', + g: 'netflix.com', + y: 218193, + }, + { + x: 'samsungcloudsolution.com', + g: 'samsungcloudsolution.com', + y: 11702, + }, + { + x: 'doubleclick.net', + g: 'doubleclick.net', + y: 14372, + }, + { + x: 'digitalocean.com', + g: 'digitalocean.com', + y: 4111, + }, + { + x: 'samsungelectronics.com', + g: 'samsungelectronics.com', + y: 36592, + }, + { + x: 'google.com', + g: 'google.com', + y: 8072, + }, + { + x: 'samsungcloudsolution.net', + g: 'samsungcloudsolution.net', + y: 11518, + }, + ], + rawResponse: {} as NetworkDnsStrategyResponse['rawResponse'], }; diff --git a/x-pack/plugins/security_solution/public/network/components/network_http_table/__snapshots__/index.test.tsx.snap b/x-pack/plugins/security_solution/public/network/components/network_http_table/__snapshots__/index.test.tsx.snap index 7adee9531b1f3..c5df0f6603fbf 100644 --- a/x-pack/plugins/security_solution/public/network/components/network_http_table/__snapshots__/index.test.tsx.snap +++ b/x-pack/plugins/security_solution/public/network/components/network_http_table/__snapshots__/index.test.tsx.snap @@ -1,3 +1,102 @@ // Jest Snapshot v1, https://goo.gl/fbAQLP -exports[`NetworkHttp Table Component rendering it renders the default NetworkHttp table 1`] = `null`; +exports[`NetworkHttp Table Component rendering it renders the default NetworkHttp table 1`] = ` + +`; diff --git a/x-pack/plugins/security_solution/public/network/components/network_http_table/index.test.tsx b/x-pack/plugins/security_solution/public/network/components/network_http_table/index.test.tsx index 2e0e278d8242d..5bd9b0f79f903 100644 --- a/x-pack/plugins/security_solution/public/network/components/network_http_table/index.test.tsx +++ b/x-pack/plugins/security_solution/public/network/components/network_http_table/index.test.tsx @@ -57,24 +57,20 @@ describe('NetworkHttp Table Component', () => { const wrapper = shallow( ); - expect(wrapper.find('Connect(Component)')).toMatchSnapshot(); + expect(wrapper.find('Memo(NetworkHttpTableComponent)')).toMatchSnapshot(); }); }); @@ -84,18 +80,14 @@ describe('NetworkHttp Table Component', () => { diff --git a/x-pack/plugins/security_solution/public/network/components/network_http_table/mock.ts b/x-pack/plugins/security_solution/public/network/components/network_http_table/mock.ts index f82f911d601ff..592feb6b73cde 100644 --- a/x-pack/plugins/security_solution/public/network/components/network_http_table/mock.ts +++ b/x-pack/plugins/security_solution/public/network/components/network_http_table/mock.ts @@ -4,85 +4,83 @@ * you may not use this file except in compliance with the Elastic License. */ -import { NetworkHttpData } from '../../../graphql/types'; +import { NetworkHttpStrategyResponse } from '../../../../common/search_strategy'; -export const mockData: { NetworkHttp: NetworkHttpData } = { - NetworkHttp: { - edges: [ - { - node: { - _id: '/computeMetadata/v1/instance/virtual-clock/drift-token', - domains: ['metadata.google.internal'], - methods: ['get'], - statuses: [], - lastHost: 'suricata-iowa', - lastSourceIp: '10.128.0.21', - path: '/computeMetadata/v1/instance/virtual-clock/drift-token', - requestCount: 1440, - }, - cursor: { - value: '/computeMetadata/v1/instance/virtual-clock/drift-token', - tiebreaker: null, - }, +export const mockData: NetworkHttpStrategyResponse = { + edges: [ + { + node: { + _id: '/computeMetadata/v1/instance/virtual-clock/drift-token', + domains: ['metadata.google.internal'], + methods: ['get'], + statuses: [], + lastHost: 'suricata-iowa', + lastSourceIp: '10.128.0.21', + path: '/computeMetadata/v1/instance/virtual-clock/drift-token', + requestCount: 1440, }, - { - node: { - _id: '/computeMetadata/v1/', - domains: ['metadata.google.internal'], - methods: ['get'], - statuses: ['200'], - lastHost: 'suricata-iowa', - lastSourceIp: '10.128.0.21', - path: '/computeMetadata/v1/', - requestCount: 1020, - }, - cursor: { - value: '/computeMetadata/v1/', - tiebreaker: null, - }, + cursor: { + value: '/computeMetadata/v1/instance/virtual-clock/drift-token', + tiebreaker: null, }, - { - node: { - _id: '/computeMetadata/v1/instance/network-interfaces/', - domains: ['metadata.google.internal'], - methods: ['get'], - statuses: [], - lastHost: 'suricata-iowa', - lastSourceIp: '10.128.0.21', - path: '/computeMetadata/v1/instance/network-interfaces/', - requestCount: 960, - }, - cursor: { - value: '/computeMetadata/v1/instance/network-interfaces/', - tiebreaker: null, - }, + }, + { + node: { + _id: '/computeMetadata/v1/', + domains: ['metadata.google.internal'], + methods: ['get'], + statuses: ['200'], + lastHost: 'suricata-iowa', + lastSourceIp: '10.128.0.21', + path: '/computeMetadata/v1/', + requestCount: 1020, }, - { - node: { - _id: '/downloads/ca_setup.exe', - domains: ['www.oxid.it'], - methods: ['get'], - statuses: ['200'], - lastHost: 'jessie', - lastSourceIp: '10.0.2.15', - path: '/downloads/ca_setup.exe', - requestCount: 3, - }, - cursor: { - value: '/downloads/ca_setup.exe', - tiebreaker: null, - }, + cursor: { + value: '/computeMetadata/v1/', + tiebreaker: null, }, - ], - inspect: { - dsl: [''], - response: [''], }, - pageInfo: { - activePage: 0, - fakeTotalCount: 4, - showMorePagesIndicator: false, + { + node: { + _id: '/computeMetadata/v1/instance/network-interfaces/', + domains: ['metadata.google.internal'], + methods: ['get'], + statuses: [], + lastHost: 'suricata-iowa', + lastSourceIp: '10.128.0.21', + path: '/computeMetadata/v1/instance/network-interfaces/', + requestCount: 960, + }, + cursor: { + value: '/computeMetadata/v1/instance/network-interfaces/', + tiebreaker: null, + }, }, - totalCount: 4, + { + node: { + _id: '/downloads/ca_setup.exe', + domains: ['www.oxid.it'], + methods: ['get'], + statuses: ['200'], + lastHost: 'jessie', + lastSourceIp: '10.0.2.15', + path: '/downloads/ca_setup.exe', + requestCount: 3, + }, + cursor: { + value: '/downloads/ca_setup.exe', + tiebreaker: null, + }, + }, + ], + inspect: { + dsl: [''], + }, + pageInfo: { + activePage: 0, + fakeTotalCount: 4, + showMorePagesIndicator: false, }, + totalCount: 4, + rawResponse: {} as NetworkHttpStrategyResponse['rawResponse'], }; diff --git a/x-pack/plugins/security_solution/public/network/components/network_top_n_flow_table/__snapshots__/index.test.tsx.snap b/x-pack/plugins/security_solution/public/network/components/network_top_n_flow_table/__snapshots__/index.test.tsx.snap index 3d47e398ed395..07874f9f39f0b 100644 --- a/x-pack/plugins/security_solution/public/network/components/network_top_n_flow_table/__snapshots__/index.test.tsx.snap +++ b/x-pack/plugins/security_solution/public/network/components/network_top_n_flow_table/__snapshots__/index.test.tsx.snap @@ -1,7 +1,7 @@ // Jest Snapshot v1, https://goo.gl/fbAQLP exports[`NetworkTopNFlow Table Component rendering it renders the default NetworkTopNFlow table on the IP Details page 1`] = ` - { const wrapper = shallow( ); - expect(wrapper.find('Connect(Component)')).toMatchSnapshot(); + expect(wrapper.find('Memo(NetworkTopNFlowTableComponent)')).toMatchSnapshot(); }); test('it renders the default NetworkTopNFlow table on the IP Details page', () => { const wrapper = shallow( ); - expect(wrapper.find('Connect(Component)')).toMatchSnapshot(); + expect(wrapper.find('Memo(NetworkTopNFlowTableComponent)')).toMatchSnapshot(); }); }); @@ -110,19 +102,15 @@ describe('NetworkTopNFlow Table Component', () => { diff --git a/x-pack/plugins/security_solution/public/network/components/network_top_n_flow_table/index.tsx b/x-pack/plugins/security_solution/public/network/components/network_top_n_flow_table/index.tsx index 757b178431d90..9824ac602bb43 100644 --- a/x-pack/plugins/security_solution/public/network/components/network_top_n_flow_table/index.tsx +++ b/x-pack/plugins/security_solution/public/network/components/network_top_n_flow_table/index.tsx @@ -5,23 +5,23 @@ */ import { last } from 'lodash/fp'; import React, { useCallback, useMemo } from 'react'; -import { connect, ConnectedProps } from 'react-redux'; +import { useDispatch, useSelector, shallowEqual } from 'react-redux'; import deepEqual from 'fast-deep-equal'; import { Direction, + SortField, FlowTargetSourceDest, NetworkTopNFlowEdges, NetworkTopTablesFields, - NetworkTopTablesSortField, -} from '../../../graphql/types'; +} from '../../../../common/search_strategy'; import { State } from '../../../common/store'; import { Criteria, ItemsPerRow, PaginatedTable } from '../../../common/components/paginated_table'; import { networkActions, networkModel, networkSelectors } from '../../store'; import { getNFlowColumnsCurated } from './columns'; import * as i18n from './translations'; -interface OwnProps { +interface NetworkTopNFlowTableProps { data: NetworkTopNFlowEdges[]; fakeTotalCount: number; flowTargeted: FlowTargetSourceDest; @@ -34,8 +34,6 @@ interface OwnProps { type: networkModel.NetworkType; } -type NetworkTopNFlowTableProps = OwnProps & PropsFromRedux; - const rowItems: ItemsPerRow[] = [ { text: i18n.ROWS_5, @@ -50,21 +48,24 @@ const rowItems: ItemsPerRow[] = [ export const NetworkTopNFlowTableId = 'networkTopSourceFlow-top-talkers'; const NetworkTopNFlowTableComponent: React.FC = ({ - activePage, data, fakeTotalCount, flowTargeted, id, isInspect, - limit, loading, loadPage, showMorePagesIndicator, - sort, totalCount, type, - updateNetworkTable, }) => { + const dispatch = useDispatch(); + const getTopNFlowSelector = networkSelectors.topNFlowSelector(); + const { activePage, limit, sort } = useSelector( + (state: State) => getTopNFlowSelector(state, type, flowTargeted), + shallowEqual + ); + const columns = useMemo( () => getNFlowColumnsCurated(flowTargeted, type, NetworkTopNFlowTableId), [flowTargeted, type] @@ -92,22 +93,24 @@ const NetworkTopNFlowTableComponent: React.FC = ({ const splitField = criteria.sort.field.split('.'); const field = last(splitField); const newSortDirection = field !== sort.field ? Direction.desc : criteria.sort.direction; // sort by desc on init click - const newTopNFlowSort: NetworkTopTablesSortField = { + const newTopNFlowSort: SortField = { field: field as NetworkTopTablesFields, - direction: newSortDirection as Direction, + direction: newSortDirection, }; if (!deepEqual(newTopNFlowSort, sort)) { - updateNetworkTable({ - networkType: type, - tableType, - updates: { - sort: newTopNFlowSort, - }, - }); + dispatch( + networkActions.updateNetworkTable({ + networkType: type, + tableType, + updates: { + sort: newTopNFlowSort, + }, + }) + ); } } }, - [sort, type, tableType, updateNetworkTable] + [sort, dispatch, type, tableType] ); const field = @@ -118,18 +121,26 @@ const NetworkTopNFlowTableComponent: React.FC = ({ const updateActivePage = useCallback( (newPage) => - updateNetworkTable({ - networkType: type, - tableType, - updates: { activePage: newPage }, - }), - [updateNetworkTable, type, tableType] + dispatch( + networkActions.updateNetworkTable({ + networkType: type, + tableType, + updates: { activePage: newPage }, + }) + ), + [dispatch, type, tableType] ); const updateLimitPagination = useCallback( (newLimit) => - updateNetworkTable({ networkType: type, tableType, updates: { limit: newLimit } }), - [updateNetworkTable, type, tableType] + dispatch( + networkActions.updateNetworkTable({ + networkType: type, + tableType, + updates: { limit: newLimit }, + }) + ), + [dispatch, type, tableType] ); return ( @@ -157,18 +168,4 @@ const NetworkTopNFlowTableComponent: React.FC = ({ ); }; -const makeMapStateToProps = () => { - const getTopNFlowSelector = networkSelectors.topNFlowSelector(); - return (state: State, { type, flowTargeted }: OwnProps) => - getTopNFlowSelector(state, type, flowTargeted); -}; - -const mapDispatchToProps = { - updateNetworkTable: networkActions.updateNetworkTable, -}; - -const connector = connect(makeMapStateToProps, mapDispatchToProps); - -type PropsFromRedux = ConnectedProps; - -export const NetworkTopNFlowTable = connector(React.memo(NetworkTopNFlowTableComponent)); +export const NetworkTopNFlowTable = React.memo(NetworkTopNFlowTableComponent); diff --git a/x-pack/plugins/security_solution/public/network/components/network_top_n_flow_table/mock.ts b/x-pack/plugins/security_solution/public/network/components/network_top_n_flow_table/mock.ts index bd21d78ba77c5..cf7d6974fc739 100644 --- a/x-pack/plugins/security_solution/public/network/components/network_top_n_flow_table/mock.ts +++ b/x-pack/plugins/security_solution/public/network/components/network_top_n_flow_table/mock.ts @@ -4,83 +4,81 @@ * you may not use this file except in compliance with the Elastic License. */ -import { NetworkTopNFlowData, FlowTargetSourceDest } from '../../../graphql/types'; +import { + NetworkTopNFlowStrategyResponse, + FlowTargetSourceDest, +} from '../../../../common/search_strategy'; -export const mockData: { NetworkTopNFlow: NetworkTopNFlowData } = { - NetworkTopNFlow: { - totalCount: 524, - edges: [ - { - node: { - source: { - autonomous_system: { - name: 'Google, Inc', - number: 15169, - }, - domain: ['test.domain.com'], - flows: 12345, - destination_ips: 12, - ip: '8.8.8.8', - location: { - geo: { - continent_name: ['North America'], - country_name: null, - country_iso_code: ['US'], - city_name: ['Mountain View'], - region_iso_code: ['US-CA'], - region_name: ['California'], - }, - flowTarget: FlowTargetSourceDest.source, - }, +export const mockData: NetworkTopNFlowStrategyResponse = { + totalCount: 524, + edges: [ + { + node: { + source: { + autonomous_system: { + name: 'Google, Inc', + number: 15169, }, - destination: null, - network: { - bytes_in: 3826633497, - bytes_out: 1083495734, + domain: ['test.domain.com'], + flows: 12345, + destination_ips: 12, + ip: '8.8.8.8', + location: { + geo: { + continent_name: ['North America'], + country_iso_code: ['US'], + city_name: ['Mountain View'], + region_iso_code: ['US-CA'], + region_name: ['California'], + }, + flowTarget: FlowTargetSourceDest.source, }, }, - cursor: { - value: '8.8.8.8', + network: { + bytes_in: 3826633497, + bytes_out: 1083495734, }, }, - { - node: { - source: { - autonomous_system: { - name: 'TM Net, Internet Service Provider', - number: 4788, - }, - domain: ['test.domain.net', 'test.old.domain.net'], - flows: 12345, - destination_ips: 12, - ip: '9.9.9.9', - location: { - geo: { - continent_name: ['Asia'], - country_name: null, - country_iso_code: ['MY'], - city_name: ['Petaling Jaya'], - region_iso_code: ['MY-10'], - region_name: ['Selangor'], - }, - flowTarget: FlowTargetSourceDest.source, - }, + cursor: { + value: '8.8.8.8', + }, + }, + { + node: { + source: { + autonomous_system: { + name: 'TM Net, Internet Service Provider', + number: 4788, }, - destination: null, - network: { - bytes_in: 3826633497, - bytes_out: 1083495734, + domain: ['test.domain.net', 'test.old.domain.net'], + flows: 12345, + destination_ips: 12, + ip: '9.9.9.9', + location: { + geo: { + continent_name: ['Asia'], + country_iso_code: ['MY'], + city_name: ['Petaling Jaya'], + region_iso_code: ['MY-10'], + region_name: ['Selangor'], + }, + flowTarget: FlowTargetSourceDest.source, }, }, - cursor: { - value: '9.9.9.9', + network: { + bytes_in: 3826633497, + bytes_out: 1083495734, }, }, - ], - pageInfo: { - activePage: 1, - fakeTotalCount: 50, - showMorePagesIndicator: true, + cursor: { + value: '9.9.9.9', + }, }, + ], + pageInfo: { + activePage: 1, + fakeTotalCount: 50, + showMorePagesIndicator: true, }, + rawResponse: {} as NetworkTopNFlowStrategyResponse['rawResponse'], }; diff --git a/x-pack/plugins/security_solution/public/network/containers/kpi_network/index.gql_query.ts b/x-pack/plugins/security_solution/public/network/containers/kpi_network/index.gql_query.ts deleted file mode 100644 index 3c693f08b45f2..0000000000000 --- a/x-pack/plugins/security_solution/public/network/containers/kpi_network/index.gql_query.ts +++ /dev/null @@ -1,44 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import gql from 'graphql-tag'; - -export const kpiNetworkQuery = gql` - fragment KpiNetworkChartFields on KpiNetworkHistogramData { - x - y - } - - query GetKpiNetworkQuery( - $sourceId: ID! - $timerange: TimerangeInput! - $filterQuery: String - $defaultIndex: [String!]! - $inspect: Boolean! - ) { - source(id: $sourceId) { - id - KpiNetwork(timerange: $timerange, filterQuery: $filterQuery, defaultIndex: $defaultIndex) { - networkEvents - uniqueFlowId - uniqueSourcePrivateIps - uniqueSourcePrivateIpsHistogram { - ...KpiNetworkChartFields - } - uniqueDestinationPrivateIps - uniqueDestinationPrivateIpsHistogram { - ...KpiNetworkChartFields - } - dnsQueries - tlsHandshakes - inspect @include(if: $inspect) { - dsl - response - } - } - } - } -`; diff --git a/x-pack/plugins/security_solution/public/network/containers/network_dns/index.gql_query.ts b/x-pack/plugins/security_solution/public/network/containers/network_dns/index.gql_query.ts deleted file mode 100644 index a81d112fa4c50..0000000000000 --- a/x-pack/plugins/security_solution/public/network/containers/network_dns/index.gql_query.ts +++ /dev/null @@ -1,58 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import gql from 'graphql-tag'; - -export const networkDnsQuery = gql` - query GetNetworkDnsQuery( - $defaultIndex: [String!]! - $filterQuery: String - $inspect: Boolean! - $isPtrIncluded: Boolean! - $pagination: PaginationInputPaginated! - $sort: NetworkDnsSortField! - $sourceId: ID! - $stackByField: String - $timerange: TimerangeInput! - ) { - source(id: $sourceId) { - id - NetworkDns( - isPtrIncluded: $isPtrIncluded - sort: $sort - timerange: $timerange - pagination: $pagination - filterQuery: $filterQuery - defaultIndex: $defaultIndex - stackByField: $stackByField - ) { - totalCount - edges { - node { - _id - dnsBytesIn - dnsBytesOut - dnsName - queryCount - uniqueDomains - } - cursor { - value - } - } - pageInfo { - activePage - fakeTotalCount - showMorePagesIndicator - } - inspect @include(if: $inspect) { - dsl - response - } - } - } - } -`; diff --git a/x-pack/plugins/security_solution/public/network/containers/network_dns/index.tsx b/x-pack/plugins/security_solution/public/network/containers/network_dns/index.tsx index 334373c4a551a..1f199ba4f9acd 100644 --- a/x-pack/plugins/security_solution/public/network/containers/network_dns/index.tsx +++ b/x-pack/plugins/security_solution/public/network/containers/network_dns/index.tsx @@ -13,7 +13,7 @@ import { ESTermQuery } from '../../../../common/typed_json'; import { inputsModel, State } from '../../../common/store'; import { useKibana } from '../../../common/lib/kibana'; import { createFilter } from '../../../common/containers/helpers'; -import { NetworkDnsEdges, PageInfoPaginated } from '../../../graphql/types'; +import { NetworkDnsEdges, PageInfoPaginated } from '../../../../common/search_strategy'; import { generateTablePaginationOptions } from '../../../common/components/paginated_table/helpers'; import { networkModel, networkSelectors } from '../../store'; import { diff --git a/x-pack/plugins/security_solution/public/network/containers/network_http/index.gql_query.ts b/x-pack/plugins/security_solution/public/network/containers/network_http/index.gql_query.ts deleted file mode 100644 index bedf13dfa9849..0000000000000 --- a/x-pack/plugins/security_solution/public/network/containers/network_http/index.gql_query.ts +++ /dev/null @@ -1,57 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import gql from 'graphql-tag'; - -export const networkHttpQuery = gql` - query GetNetworkHttpQuery( - $sourceId: ID! - $ip: String - $filterQuery: String - $pagination: PaginationInputPaginated! - $sort: NetworkHttpSortField! - $timerange: TimerangeInput! - $defaultIndex: [String!]! - $inspect: Boolean! - ) { - source(id: $sourceId) { - id - NetworkHttp( - filterQuery: $filterQuery - ip: $ip - pagination: $pagination - sort: $sort - timerange: $timerange - defaultIndex: $defaultIndex - ) { - totalCount - edges { - node { - domains - lastHost - lastSourceIp - methods - path - requestCount - statuses - } - cursor { - value - } - } - pageInfo { - activePage - fakeTotalCount - showMorePagesIndicator - } - inspect @include(if: $inspect) { - dsl - response - } - } - } - } -`; diff --git a/x-pack/plugins/security_solution/public/network/containers/network_http/index.tsx b/x-pack/plugins/security_solution/public/network/containers/network_http/index.tsx index 221b693818c50..98202f6b42be6 100644 --- a/x-pack/plugins/security_solution/public/network/containers/network_http/index.tsx +++ b/x-pack/plugins/security_solution/public/network/containers/network_http/index.tsx @@ -13,11 +13,12 @@ import { ESTermQuery } from '../../../../common/typed_json'; import { inputsModel, State } from '../../../common/store'; import { useKibana } from '../../../common/lib/kibana'; import { createFilter } from '../../../common/containers/helpers'; -import { NetworkHttpEdges, PageInfoPaginated } from '../../../graphql/types'; import { generateTablePaginationOptions } from '../../../common/components/paginated_table/helpers'; import { networkModel, networkSelectors } from '../../store'; import { NetworkQueries, + NetworkHttpEdges, + PageInfoPaginated, NetworkHttpRequestOptions, NetworkHttpStrategyResponse, SortField, diff --git a/x-pack/plugins/security_solution/public/network/containers/network_top_countries/index.gql_query.ts b/x-pack/plugins/security_solution/public/network/containers/network_top_countries/index.gql_query.ts deleted file mode 100644 index 5850246ceecec..0000000000000 --- a/x-pack/plugins/security_solution/public/network/containers/network_top_countries/index.gql_query.ts +++ /dev/null @@ -1,68 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import gql from 'graphql-tag'; - -export const networkTopCountriesQuery = gql` - query GetNetworkTopCountriesQuery( - $sourceId: ID! - $ip: String - $filterQuery: String - $pagination: PaginationInputPaginated! - $sort: NetworkTopTablesSortField! - $flowTarget: FlowTargetSourceDest! - $timerange: TimerangeInput! - $defaultIndex: [String!]! - $inspect: Boolean! - ) { - source(id: $sourceId) { - id - NetworkTopCountries( - filterQuery: $filterQuery - flowTarget: $flowTarget - ip: $ip - pagination: $pagination - sort: $sort - timerange: $timerange - defaultIndex: $defaultIndex - ) { - totalCount - edges { - node { - source { - country - destination_ips - flows - source_ips - } - destination { - country - destination_ips - flows - source_ips - } - network { - bytes_in - bytes_out - } - } - cursor { - value - } - } - pageInfo { - activePage - fakeTotalCount - showMorePagesIndicator - } - inspect @include(if: $inspect) { - dsl - response - } - } - } - } -`; diff --git a/x-pack/plugins/security_solution/public/network/containers/network_top_n_flow/index.gql_query.ts b/x-pack/plugins/security_solution/public/network/containers/network_top_n_flow/index.gql_query.ts deleted file mode 100644 index a73f9ff9256ff..0000000000000 --- a/x-pack/plugins/security_solution/public/network/containers/network_top_n_flow/index.gql_query.ts +++ /dev/null @@ -1,98 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import gql from 'graphql-tag'; - -export const networkTopNFlowQuery = gql` - query GetNetworkTopNFlowQuery( - $sourceId: ID! - $ip: String - $filterQuery: String - $pagination: PaginationInputPaginated! - $sort: NetworkTopTablesSortField! - $flowTarget: FlowTargetSourceDest! - $timerange: TimerangeInput! - $defaultIndex: [String!]! - $inspect: Boolean! - ) { - source(id: $sourceId) { - id - NetworkTopNFlow( - filterQuery: $filterQuery - flowTarget: $flowTarget - ip: $ip - pagination: $pagination - sort: $sort - timerange: $timerange - defaultIndex: $defaultIndex - ) { - totalCount - edges { - node { - source { - autonomous_system { - name - number - } - domain - ip - location { - geo { - continent_name - country_name - country_iso_code - city_name - region_iso_code - region_name - } - flowTarget - } - flows - destination_ips - } - destination { - autonomous_system { - name - number - } - domain - ip - location { - geo { - continent_name - country_name - country_iso_code - city_name - region_iso_code - region_name - } - flowTarget - } - flows - source_ips - } - network { - bytes_in - bytes_out - } - } - cursor { - value - } - } - pageInfo { - activePage - fakeTotalCount - showMorePagesIndicator - } - inspect @include(if: $inspect) { - dsl - response - } - } - } - } -`; diff --git a/x-pack/plugins/security_solution/public/network/pages/details/index.tsx b/x-pack/plugins/security_solution/public/network/pages/details/index.tsx index eaeb31c020473..a227dec410915 100644 --- a/x-pack/plugins/security_solution/public/network/pages/details/index.tsx +++ b/x-pack/plugins/security_solution/public/network/pages/details/index.tsx @@ -9,7 +9,7 @@ import React, { useCallback, useEffect, useMemo } from 'react'; import { useDispatch, useSelector, shallowEqual } from 'react-redux'; import { useParams } from 'react-router-dom'; -import { FlowTarget } from '../../../../common/search_strategy'; +import { FlowTarget, LastEventIndexKey } from '../../../../common/search_strategy'; import { useGlobalTime } from '../../../common/containers/use_global_time'; import { FiltersGlobal } from '../../../common/components/filters_global'; import { HeaderPage } from '../../../common/components/header_page'; @@ -24,7 +24,7 @@ import { IpOverview } from '../../components/details'; import { SiemSearchBar } from '../../../common/components/search_bar'; import { WrapperPage } from '../../../common/components/wrapper_page'; import { useNetworkDetails } from '../../containers/details'; -import { FlowTargetSourceDest, LastEventIndexKey } from '../../../graphql/types'; +import { FlowTargetSourceDest } from '../../../graphql/types'; import { useKibana } from '../../../common/lib/kibana'; import { decodeIpv6 } from '../../../common/lib/helpers'; import { convertToBuildEsQuery } from '../../../common/lib/keury'; diff --git a/x-pack/plugins/security_solution/public/network/pages/network.tsx b/x-pack/plugins/security_solution/public/network/pages/network.tsx index 6aea771e49499..243ea8626582f 100644 --- a/x-pack/plugins/security_solution/public/network/pages/network.tsx +++ b/x-pack/plugins/security_solution/public/network/pages/network.tsx @@ -24,7 +24,7 @@ import { SiemSearchBar } from '../../common/components/search_bar'; import { WrapperPage } from '../../common/components/wrapper_page'; import { useFullScreen } from '../../common/containers/use_full_screen'; import { useGlobalTime } from '../../common/containers/use_global_time'; -import { LastEventIndexKey } from '../../graphql/types'; +import { LastEventIndexKey } from '../../../common/search_strategy'; import { useKibana } from '../../common/lib/kibana'; import { convertToBuildEsQuery } from '../../common/lib/keury'; import { State, inputsSelectors } from '../../common/store'; diff --git a/x-pack/plugins/security_solution/public/timelines/components/timeline/footer/index.test.tsx b/x-pack/plugins/security_solution/public/timelines/components/timeline/footer/index.test.tsx index 01e5202d03332..f823b717e7f4c 100644 --- a/x-pack/plugins/security_solution/public/timelines/components/timeline/footer/index.test.tsx +++ b/x-pack/plugins/security_solution/public/timelines/components/timeline/footer/index.test.tsx @@ -10,12 +10,13 @@ import React from 'react'; import { TestProviders } from '../../../../common/mock/test_providers'; import { FooterComponent, PagingControlComponent } from './index'; -import { mockData } from './mock'; describe('Footer Timeline Component', () => { const loadMore = jest.fn(); const onChangeItemsPerPage = jest.fn(); const updatedAt = 1546878704036; + const totalCount = 15546; + const itemsCount = 2; describe('rendering', () => { test('it renders the default timeline footer', () => { @@ -27,12 +28,12 @@ describe('Footer Timeline Component', () => { id={'timeline-id'} isLive={false} isLoading={false} - itemsCount={mockData.Events.edges.length} + itemsCount={itemsCount} itemsPerPage={2} itemsPerPageOptions={[1, 5, 10, 20]} onChangeItemsPerPage={onChangeItemsPerPage} onChangePage={loadMore} - serverSideEventCount={mockData.Events.totalCount} + serverSideEventCount={totalCount} totalPages={2} /> ); @@ -49,12 +50,12 @@ describe('Footer Timeline Component', () => { id={'timeline-id'} isLive={false} isLoading={true} - itemsCount={mockData.Events.edges.length} + itemsCount={itemsCount} itemsPerPage={2} itemsPerPageOptions={[1, 5, 10, 20]} onChangeItemsPerPage={onChangeItemsPerPage} onChangePage={loadMore} - serverSideEventCount={mockData.Events.totalCount} + serverSideEventCount={totalCount} totalPages={2} /> ); @@ -72,12 +73,12 @@ describe('Footer Timeline Component', () => { id={'timeline-id'} isLive={false} isLoading={false} - itemsCount={mockData.Events.edges.length} + itemsCount={itemsCount} itemsPerPage={2} itemsPerPageOptions={[1, 5, 10, 20]} onChangeItemsPerPage={onChangeItemsPerPage} onChangePage={loadMore} - serverSideEventCount={mockData.Events.totalCount} + serverSideEventCount={totalCount} totalPages={2} /> @@ -123,12 +124,12 @@ describe('Footer Timeline Component', () => { id={'timeline-id'} isLive={false} isLoading={true} - itemsCount={mockData.Events.edges.length} + itemsCount={itemsCount} itemsPerPage={2} itemsPerPageOptions={[1, 5, 10, 20]} onChangeItemsPerPage={onChangeItemsPerPage} onChangePage={loadMore} - serverSideEventCount={mockData.Events.totalCount} + serverSideEventCount={totalCount} totalPages={2} /> ); @@ -146,12 +147,12 @@ describe('Footer Timeline Component', () => { id={'timeline-id'} isLive={false} isLoading={false} - itemsCount={mockData.Events.edges.length} + itemsCount={itemsCount} itemsPerPage={1} itemsPerPageOptions={[1, 5, 10, 20]} onChangeItemsPerPage={onChangeItemsPerPage} onChangePage={loadMore} - serverSideEventCount={mockData.Events.totalCount} + serverSideEventCount={totalCount} totalPages={2} /> @@ -173,12 +174,12 @@ describe('Footer Timeline Component', () => { id={'timeline-id'} isLive={false} isLoading={false} - itemsCount={mockData.Events.edges.length} + itemsCount={itemsCount} itemsPerPage={2} itemsPerPageOptions={[1, 5, 10, 20]} onChangeItemsPerPage={onChangeItemsPerPage} onChangePage={loadMore} - serverSideEventCount={mockData.Events.totalCount} + serverSideEventCount={totalCount} totalPages={2} /> @@ -198,12 +199,12 @@ describe('Footer Timeline Component', () => { id={'timeline-id'} isLive={false} isLoading={false} - itemsCount={mockData.Events.edges.length} + itemsCount={itemsCount} itemsPerPage={1} itemsPerPageOptions={[1, 5, 10, 20]} onChangeItemsPerPage={onChangeItemsPerPage} onChangePage={loadMore} - serverSideEventCount={mockData.Events.totalCount} + serverSideEventCount={totalCount} totalPages={2} /> @@ -225,12 +226,12 @@ describe('Footer Timeline Component', () => { id={'timeline-id'} isLive={true} isLoading={false} - itemsCount={mockData.Events.edges.length} + itemsCount={itemsCount} itemsPerPage={2} itemsPerPageOptions={[1, 5, 10, 20]} onChangeItemsPerPage={onChangeItemsPerPage} onChangePage={loadMore} - serverSideEventCount={mockData.Events.totalCount} + serverSideEventCount={totalCount} totalPages={2} /> @@ -250,12 +251,12 @@ describe('Footer Timeline Component', () => { id={'timeline-id'} isLive={false} isLoading={false} - itemsCount={mockData.Events.edges.length} + itemsCount={itemsCount} itemsPerPage={2} itemsPerPageOptions={[1, 5, 10, 20]} onChangeItemsPerPage={onChangeItemsPerPage} onChangePage={loadMore} - serverSideEventCount={mockData.Events.totalCount} + serverSideEventCount={totalCount} totalPages={2} /> diff --git a/x-pack/plugins/security_solution/public/timelines/components/timeline/footer/mock.ts b/x-pack/plugins/security_solution/public/timelines/components/timeline/footer/mock.ts deleted file mode 100644 index fcd30ee2b8500..0000000000000 --- a/x-pack/plugins/security_solution/public/timelines/components/timeline/footer/mock.ts +++ /dev/null @@ -1,86 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import { EventsTimelineData } from '../../../../graphql/types'; - -export const mockData: { Events: EventsTimelineData } = { - Events: { - totalCount: 15546, - pageInfo: { - hasNextPage: true, - endCursor: { - value: '1546878704036', - tiebreaker: '10624', - }, - }, - edges: [ - { - cursor: { - value: '1546878704036', - tiebreaker: '10656', - }, - node: { - _id: 'Fo8nKWgBiyhPd5Zo3cib', - timestamp: '2019-01-07T16:31:44.036Z', - _index: 'auditbeat-7.0.0-2019.01.07', - destination: { - ip: ['24.168.54.169'], - port: [62123], - }, - event: { - category: null, - id: null, - module: ['system'], - severity: null, - type: null, - }, - geo: null, - host: { - name: ['siem-general'], - ip: null, - }, - source: { - ip: ['10.142.0.6'], - port: [9200], - }, - suricata: null, - }, - }, - { - cursor: { - value: '1546878704036', - tiebreaker: '10624', - }, - node: { - _id: 'F48nKWgBiyhPd5Zo3cib', - timestamp: '2019-01-07T16:31:44.036Z', - _index: 'auditbeat-7.0.0-2019.01.07', - destination: { - ip: ['24.168.54.169'], - port: [62145], - }, - event: { - category: null, - id: null, - module: ['system'], - severity: null, - type: null, - }, - geo: null, - host: { - name: ['siem-general'], - ip: null, - }, - source: { - ip: ['10.142.0.6'], - port: [9200], - }, - suricata: null, - }, - }, - ], - }, -}; diff --git a/x-pack/plugins/security_solution/public/timelines/containers/details/index.gql_query.ts b/x-pack/plugins/security_solution/public/timelines/containers/details/index.gql_query.ts deleted file mode 100644 index eff58725edb29..0000000000000 --- a/x-pack/plugins/security_solution/public/timelines/containers/details/index.gql_query.ts +++ /dev/null @@ -1,33 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import gql from 'graphql-tag'; - -export const timelineDetailsQuery = gql` - query GetTimelineDetailsQuery( - $sourceId: ID! - $eventId: String! - $indexName: String! - $defaultIndex: [String!]! - $docValueFields: [docValueFieldsInput!]! - ) { - source(id: $sourceId) { - id - TimelineDetails( - eventId: $eventId - indexName: $indexName - defaultIndex: $defaultIndex - docValueFields: $docValueFields - ) { - data { - field - values - originalValue - } - } - } - } -`; diff --git a/x-pack/plugins/security_solution/public/timelines/containers/index.gql_query.ts b/x-pack/plugins/security_solution/public/timelines/containers/index.gql_query.ts deleted file mode 100644 index c67ad45bede94..0000000000000 --- a/x-pack/plugins/security_solution/public/timelines/containers/index.gql_query.ts +++ /dev/null @@ -1,375 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import gql from 'graphql-tag'; - -export const timelineQuery = gql` - query GetTimelineQuery( - $sourceId: ID! - $fieldRequested: [String!]! - $pagination: PaginationInput! - $sortField: SortField! - $filterQuery: String - $defaultIndex: [String!]! - $inspect: Boolean! - $docValueFields: [docValueFieldsInput!]! - $timerange: TimerangeInput! - ) { - source(id: $sourceId) { - id - Timeline( - fieldRequested: $fieldRequested - pagination: $pagination - sortField: $sortField - filterQuery: $filterQuery - defaultIndex: $defaultIndex - docValueFields: $docValueFields - timerange: $timerange - ) { - totalCount - inspect @include(if: $inspect) { - dsl - response - } - pageInfo { - endCursor { - value - tiebreaker - } - hasNextPage - } - edges { - node { - _id - _index - data { - field - value - } - ecs { - _id - _index - timestamp - message - system { - auth { - ssh { - signature - method - } - } - audit { - package { - arch - entity_id - name - size - summary - version - } - } - } - event { - action - category - code - created - dataset - duration - end - hash - id - kind - module - original - outcome - risk_score - risk_score_norm - severity - start - timezone - type - } - agent { - type - } - auditd { - result - session - data { - acct - terminal - op - } - summary { - actor { - primary - secondary - } - object { - primary - secondary - type - } - how - message_type - sequence - } - } - file { - name - path - target_path - extension - type - device - inode - uid - owner - gid - group - mode - size - mtime - ctime - } - host { - id - name - ip - } - rule { - reference - } - source { - bytes - ip - packets - port - geo { - continent_name - country_name - country_iso_code - city_name - region_iso_code - region_name - } - } - destination { - bytes - ip - packets - port - geo { - continent_name - country_name - country_iso_code - city_name - region_iso_code - region_name - } - } - dns { - question { - name - type - } - resolved_ip - response_code - } - endgame { - exit_code - file_name - file_path - logon_type - parent_process_name - pid - process_name - subject_domain_name - subject_logon_id - subject_user_name - target_domain_name - target_logon_id - target_user_name - } - geo { - region_name - country_iso_code - } - signal { - status - original_time - rule { - id - saved_id - timeline_id - timeline_title - output_index - from - index - language - query - to - filters - note - type - threshold - exceptions_list - } - } - suricata { - eve { - proto - flow_id - alert { - signature - signature_id - } - } - } - network { - bytes - community_id - direction - packets - protocol - transport - } - http { - version - request { - method - body { - bytes - content - } - referrer - } - response { - status_code - body { - bytes - content - } - } - } - tls { - client_certificate { - fingerprint { - sha1 - } - } - fingerprints { - ja3 { - hash - } - } - server_certificate { - fingerprint { - sha1 - } - } - } - url { - original - domain - username - password - } - user { - domain - name - } - winlog { - event_id - } - process { - hash { - md5 - sha1 - sha256 - } - pid - name - ppid - args - entity_id - executable - title - working_directory - } - zeek { - session_id - connection { - local_resp - local_orig - missed_bytes - state - history - } - notice { - suppress_for - msg - note - sub - dst - dropped - peer_descr - } - dns { - AA - qclass_name - RD - qtype_name - rejected - qtype - query - trans_id - qclass - RA - TC - } - http { - resp_mime_types - trans_depth - status_msg - resp_fuids - tags - } - files { - session_ids - timedout - local_orig - tx_host - source - is_orig - overflow_bytes - sha1 - duration - depth - analyzers - mime_type - rx_host - total_bytes - fuid - seen_bytes - missing_bytes - md5 - } - ssl { - cipher - established - resumed - version - } - } - } - } - } - } - } - } -`; diff --git a/x-pack/plugins/security_solution/server/graphql/authentications/index.ts b/x-pack/plugins/security_solution/server/graphql/authentications/index.ts deleted file mode 100644 index 8c16518590ad7..0000000000000 --- a/x-pack/plugins/security_solution/server/graphql/authentications/index.ts +++ /dev/null @@ -1,8 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -export { createAuthenticationsResolvers } from './resolvers'; -export { authenticationsSchema } from './schema.gql'; diff --git a/x-pack/plugins/security_solution/server/graphql/authentications/resolvers.ts b/x-pack/plugins/security_solution/server/graphql/authentications/resolvers.ts deleted file mode 100644 index b66ccd9a111b7..0000000000000 --- a/x-pack/plugins/security_solution/server/graphql/authentications/resolvers.ts +++ /dev/null @@ -1,35 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import { SourceResolvers } from '../../graphql/types'; -import { Authentications } from '../../lib/authentications'; -import { AppResolverOf, ChildResolverOf } from '../../lib/framework'; -import { createOptionsPaginated } from '../../utils/build_query/create_options'; -import { QuerySourceResolver } from '../sources/resolvers'; - -type QueryAuthenticationsResolver = ChildResolverOf< - AppResolverOf, - QuerySourceResolver ->; - -export interface AuthenticationsResolversDeps { - authentications: Authentications; -} - -export const createAuthenticationsResolvers = ( - libs: AuthenticationsResolversDeps -): { - Source: { - Authentications: QueryAuthenticationsResolver; - }; -} => ({ - Source: { - async Authentications(source, args, { req }, info) { - const options = createOptionsPaginated(source, args, info); - return libs.authentications.getAuthentications(req, options); - }, - }, -}); diff --git a/x-pack/plugins/security_solution/server/graphql/authentications/schema.gql.ts b/x-pack/plugins/security_solution/server/graphql/authentications/schema.gql.ts deleted file mode 100644 index 648a65fa24682..0000000000000 --- a/x-pack/plugins/security_solution/server/graphql/authentications/schema.gql.ts +++ /dev/null @@ -1,47 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import gql from 'graphql-tag'; - -export const authenticationsSchema = gql` - type LastSourceHost { - timestamp: Date - source: SourceEcsFields - host: HostEcsFields - } - - type AuthenticationItem { - _id: String! - failures: Float! - successes: Float! - user: UserEcsFields! - lastSuccess: LastSourceHost - lastFailure: LastSourceHost - } - - type AuthenticationsEdges { - node: AuthenticationItem! - cursor: CursorType! - } - - type AuthenticationsData { - edges: [AuthenticationsEdges!]! - totalCount: Float! - pageInfo: PageInfoPaginated! - inspect: Inspect - } - - extend type Source { - "Gets Authentication success and failures based on a timerange" - Authentications( - timerange: TimerangeInput! - pagination: PaginationInputPaginated! - filterQuery: String - defaultIndex: [String!]! - docValueFields: [docValueFieldsInput!]! - ): AuthenticationsData! - } -`; diff --git a/x-pack/plugins/security_solution/server/graphql/events/index.ts b/x-pack/plugins/security_solution/server/graphql/events/index.ts deleted file mode 100644 index c794dfa7170f2..0000000000000 --- a/x-pack/plugins/security_solution/server/graphql/events/index.ts +++ /dev/null @@ -1,8 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -export { createEsValueResolvers, createEventsResolvers } from './resolvers'; -export { eventsSchema } from './schema.gql'; diff --git a/x-pack/plugins/security_solution/server/graphql/events/resolvers.ts b/x-pack/plugins/security_solution/server/graphql/events/resolvers.ts deleted file mode 100644 index ef28ac523ff85..0000000000000 --- a/x-pack/plugins/security_solution/server/graphql/events/resolvers.ts +++ /dev/null @@ -1,105 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import { GraphQLScalarType, Kind } from 'graphql'; - -import { Events } from '../../lib/events'; -import { AppResolverOf, ChildResolverOf } from '../../lib/framework'; -import { createOptions } from '../../utils/build_query/create_options'; -import { QuerySourceResolver } from '../sources/resolvers'; -import { SourceResolvers } from '../types'; -import { LastEventTimeRequestOptions } from '../../lib/events/types'; - -type QueryTimelineResolver = ChildResolverOf< - AppResolverOf, - QuerySourceResolver ->; - -type QueryTimelineDetailsResolver = ChildResolverOf< - AppResolverOf, - QuerySourceResolver ->; - -type QueryLastEventTimeResolver = ChildResolverOf< - AppResolverOf, - QuerySourceResolver ->; - -export interface EventsResolversDeps { - events: Events; -} -export const createEventsResolvers = ( - libs: EventsResolversDeps -): { - Source: { - Timeline: QueryTimelineResolver; - TimelineDetails: QueryTimelineDetailsResolver; - LastEventTime: QueryLastEventTimeResolver; - }; -} => ({ - Source: { - async Timeline(source, args, { req }, info) { - const options = createOptions(source, args, info, 'edges.node.ecs.'); - return libs.events.getTimelineData(req, { - ...options, - fieldRequested: args.fieldRequested, - }); - }, - async TimelineDetails(source, args, { req }) { - return libs.events.getTimelineDetails(req, { - indexName: args.indexName, - eventId: args.eventId, - defaultIndex: args.defaultIndex, - }); - }, - async LastEventTime(source, args, { req }) { - const options: LastEventTimeRequestOptions = { - defaultIndex: args.defaultIndex, - docValueFields: args.docValueFields, - sourceConfiguration: source.configuration, - indexKey: args.indexKey, - details: args.details, - }; - return libs.events.getLastEventTimeData(req, options); - }, - }, -}); - -/* - * serialize: gets invoked when serializing the result to send it back to a client. - * - * parseValue: gets invoked to parse client input that was passed through variables. - * - * parseLiteral: gets invoked to parse client input that was passed inline in the query. - */ - -const esValueScalar = new GraphQLScalarType({ - name: 'DetailItemValue', - description: 'Represents value in detail item from the timeline who wants to more than one type', - serialize(value): string { - return value; - }, - parseValue(value) { - return value; - }, - parseLiteral(ast) { - switch (ast.kind) { - case Kind.INT: - return parseInt(ast.value, 10); - case Kind.FLOAT: - return parseFloat(ast.value); - case Kind.STRING: - return ast.value; - case Kind.LIST: - return ast.values; - case Kind.OBJECT: - return ast.fields; - } - return null; - }, -}); - -export const createEsValueResolvers = () => ({ EsValue: esValueScalar }); diff --git a/x-pack/plugins/security_solution/server/graphql/events/schema.gql.ts b/x-pack/plugins/security_solution/server/graphql/events/schema.gql.ts deleted file mode 100644 index eee4bc3e3a33f..0000000000000 --- a/x-pack/plugins/security_solution/server/graphql/events/schema.gql.ts +++ /dev/null @@ -1,95 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import gql from 'graphql-tag'; - -export const eventsSchema = gql` - scalar EsValue - - type EventsTimelineData { - edges: [EcsEdges!]! - totalCount: Float! - pageInfo: PageInfo! - inspect: Inspect - } - - type TimelineNonEcsData { - field: String! - value: ToStringArray - } - - type TimelineItem { - _id: String! - _index: String - data: [TimelineNonEcsData!]! - ecs: ECS! - } - - type TimelineEdges { - node: TimelineItem! - cursor: CursorType! - } - - type TimelineData { - edges: [TimelineEdges!]! - totalCount: Float! - pageInfo: PageInfo! - inspect: Inspect - } - - type DetailItem { - field: String! - values: ToStringArray - originalValue: EsValue - } - - input LastTimeDetails { - hostName: String - ip: String - } - - type TimelineDetailsData { - data: [DetailItem!] - inspect: Inspect - } - - type LastEventTimeData { - lastSeen: Date - inspect: Inspect - } - - enum LastEventIndexKey { - hostDetails - hosts - ipDetails - network - } - - extend type Source { - Timeline( - pagination: PaginationInput! - sortField: SortField! - fieldRequested: [String!]! - timerange: TimerangeInput - filterQuery: String - defaultIndex: [String!]! - docValueFields: [docValueFieldsInput!]! - ): TimelineData! - TimelineDetails( - eventId: String! - indexName: String! - defaultIndex: [String!]! - docValueFields: [docValueFieldsInput!]! - ): TimelineDetailsData! - LastEventTime( - id: String - indexKey: LastEventIndexKey! - details: LastTimeDetails! - defaultIndex: [String!]! - docValueFields: [docValueFieldsInput!]! - ): LastEventTimeData! - } -`; diff --git a/x-pack/plugins/security_solution/server/graphql/index.ts b/x-pack/plugins/security_solution/server/graphql/index.ts index d23494e0eeaa6..5eed9919825c3 100644 --- a/x-pack/plugins/security_solution/server/graphql/index.ts +++ b/x-pack/plugins/security_solution/server/graphql/index.ts @@ -7,13 +7,8 @@ import { rootSchema } from '../../common/graphql/root'; import { sharedSchema } from '../../common/graphql/shared'; -import { authenticationsSchema } from './authentications'; import { ecsSchema } from './ecs'; -import { eventsSchema } from './events'; import { hostsSchema } from './hosts'; -import { kpiHostsSchema } from './kpi_hosts'; -import { kpiNetworkSchema } from './kpi_network'; -import { networkSchema } from './network'; import { dateSchema } from './scalar_date'; import { noteSchema } from './note'; import { pinnedEventSchema } from './pinned_event'; @@ -24,22 +19,14 @@ import { toNumberSchema } from './scalar_to_number_array'; import { sourceStatusSchema } from './source_status'; import { sourcesSchema } from './sources'; import { timelineSchema } from './timeline'; -import { whoAmISchema } from './who_am_i'; -import { matrixHistogramSchema } from './matrix_histogram'; export const schemas = [ - authenticationsSchema, ecsSchema, - eventsSchema, dateSchema, toAnySchema, toNumberSchema, toDateSchema, toBooleanSchema, hostsSchema, - kpiNetworkSchema, - kpiHostsSchema, - matrixHistogramSchema, - networkSchema, noteSchema, pinnedEventSchema, rootSchema, @@ -47,5 +34,4 @@ export const schemas = [ sourceStatusSchema, sharedSchema, timelineSchema, - whoAmISchema, ]; diff --git a/x-pack/plugins/security_solution/server/graphql/kpi_hosts/index.ts b/x-pack/plugins/security_solution/server/graphql/kpi_hosts/index.ts deleted file mode 100644 index cb0f2be52adc7..0000000000000 --- a/x-pack/plugins/security_solution/server/graphql/kpi_hosts/index.ts +++ /dev/null @@ -1,8 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -export { createKpiHostsResolvers } from './resolvers'; -export { kpiHostsSchema } from './schema.gql'; diff --git a/x-pack/plugins/security_solution/server/graphql/kpi_hosts/resolvers.ts b/x-pack/plugins/security_solution/server/graphql/kpi_hosts/resolvers.ts deleted file mode 100644 index 6708bdcd55d62..0000000000000 --- a/x-pack/plugins/security_solution/server/graphql/kpi_hosts/resolvers.ts +++ /dev/null @@ -1,45 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import { SourceResolvers } from '../../graphql/types'; -import { AppResolverOf, ChildResolverOf } from '../../lib/framework'; -import { KpiHosts } from '../../lib/kpi_hosts'; -import { createOptions } from '../../utils/build_query/create_options'; -import { QuerySourceResolver } from '../sources/resolvers'; - -export type QueryKpiHostsResolver = ChildResolverOf< - AppResolverOf, - QuerySourceResolver ->; - -export type QueryKpiHostDetailsResolver = ChildResolverOf< - AppResolverOf, - QuerySourceResolver ->; - -export interface KpiHostsResolversDeps { - kpiHosts: KpiHosts; -} - -export const createKpiHostsResolvers = ( - libs: KpiHostsResolversDeps -): { - Source: { - KpiHosts: QueryKpiHostsResolver; - KpiHostDetails: QueryKpiHostDetailsResolver; - }; -} => ({ - Source: { - async KpiHosts(source, args, { req }, info) { - const options = { ...createOptions(source, args, info) }; - return libs.kpiHosts.getKpiHosts(req, options); - }, - async KpiHostDetails(source, args, { req }, info) { - const options = { ...createOptions(source, args, info) }; - return libs.kpiHosts.getKpiHostDetails(req, options); - }, - }, -}); diff --git a/x-pack/plugins/security_solution/server/graphql/kpi_hosts/schema.gql.ts b/x-pack/plugins/security_solution/server/graphql/kpi_hosts/schema.gql.ts deleted file mode 100644 index 49c988436e977..0000000000000 --- a/x-pack/plugins/security_solution/server/graphql/kpi_hosts/schema.gql.ts +++ /dev/null @@ -1,56 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import gql from 'graphql-tag'; - -export const kpiHostsSchema = gql` - type KpiHostHistogramData { - x: Float - y: Float - } - - type KpiHostsData { - hosts: Float - hostsHistogram: [KpiHostHistogramData!] - authSuccess: Float - authSuccessHistogram: [KpiHostHistogramData!] - authFailure: Float - authFailureHistogram: [KpiHostHistogramData!] - uniqueSourceIps: Float - uniqueSourceIpsHistogram: [KpiHostHistogramData!] - uniqueDestinationIps: Float - uniqueDestinationIpsHistogram: [KpiHostHistogramData!] - inspect: Inspect - } - - type KpiHostDetailsData { - authSuccess: Float - authSuccessHistogram: [KpiHostHistogramData!] - authFailure: Float - authFailureHistogram: [KpiHostHistogramData!] - uniqueSourceIps: Float - uniqueSourceIpsHistogram: [KpiHostHistogramData!] - uniqueDestinationIps: Float - uniqueDestinationIpsHistogram: [KpiHostHistogramData!] - inspect: Inspect - } - - extend type Source { - KpiHosts( - id: String - timerange: TimerangeInput! - filterQuery: String - defaultIndex: [String!]! - ): KpiHostsData! - - KpiHostDetails( - id: String - timerange: TimerangeInput! - filterQuery: String - defaultIndex: [String!]! - ): KpiHostDetailsData! - } -`; diff --git a/x-pack/plugins/security_solution/server/graphql/kpi_network/index.ts b/x-pack/plugins/security_solution/server/graphql/kpi_network/index.ts deleted file mode 100644 index bd9da6374d868..0000000000000 --- a/x-pack/plugins/security_solution/server/graphql/kpi_network/index.ts +++ /dev/null @@ -1,8 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -export { createKpiNetworkResolvers } from './resolvers'; -export { kpiNetworkSchema } from './schema.gql'; diff --git a/x-pack/plugins/security_solution/server/graphql/kpi_network/resolvers.ts b/x-pack/plugins/security_solution/server/graphql/kpi_network/resolvers.ts deleted file mode 100644 index b587d8c4ac726..0000000000000 --- a/x-pack/plugins/security_solution/server/graphql/kpi_network/resolvers.ts +++ /dev/null @@ -1,35 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import { SourceResolvers } from '../../graphql/types'; -import { AppResolverOf, ChildResolverOf } from '../../lib/framework'; -import { KpiNetwork } from '../../lib/kpi_network'; -import { createOptions } from '../../utils/build_query/create_options'; -import { QuerySourceResolver } from '../sources/resolvers'; - -export type QueryKipNetworkResolver = ChildResolverOf< - AppResolverOf, - QuerySourceResolver ->; - -export interface KpiNetworkResolversDeps { - kpiNetwork: KpiNetwork; -} - -export const createKpiNetworkResolvers = ( - libs: KpiNetworkResolversDeps -): { - Source: { - KpiNetwork: QueryKipNetworkResolver; - }; -} => ({ - Source: { - async KpiNetwork(source, args, { req }, info) { - const options = { ...createOptions(source, args, info) }; - return libs.kpiNetwork.getKpiNetwork(req, options); - }, - }, -}); diff --git a/x-pack/plugins/security_solution/server/graphql/kpi_network/schema.gql.ts b/x-pack/plugins/security_solution/server/graphql/kpi_network/schema.gql.ts deleted file mode 100644 index 830240a83bd91..0000000000000 --- a/x-pack/plugins/security_solution/server/graphql/kpi_network/schema.gql.ts +++ /dev/null @@ -1,35 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import gql from 'graphql-tag'; - -export const kpiNetworkSchema = gql` - type KpiNetworkHistogramData { - x: Float - y: Float - } - - type KpiNetworkData { - networkEvents: Float - uniqueFlowId: Float - uniqueSourcePrivateIps: Float - uniqueSourcePrivateIpsHistogram: [KpiNetworkHistogramData!] - uniqueDestinationPrivateIps: Float - uniqueDestinationPrivateIpsHistogram: [KpiNetworkHistogramData!] - dnsQueries: Float - tlsHandshakes: Float - inspect: Inspect - } - - extend type Source { - KpiNetwork( - id: String - timerange: TimerangeInput! - filterQuery: String - defaultIndex: [String!]! - ): KpiNetworkData - } -`; diff --git a/x-pack/plugins/security_solution/server/graphql/matrix_histogram/index.ts b/x-pack/plugins/security_solution/server/graphql/matrix_histogram/index.ts deleted file mode 100644 index 1460b6022bb13..0000000000000 --- a/x-pack/plugins/security_solution/server/graphql/matrix_histogram/index.ts +++ /dev/null @@ -1,8 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -export { createMatrixHistogramResolvers } from './resolvers'; -export { matrixHistogramSchema } from './schema.gql'; diff --git a/x-pack/plugins/security_solution/server/graphql/matrix_histogram/resolvers.ts b/x-pack/plugins/security_solution/server/graphql/matrix_histogram/resolvers.ts deleted file mode 100644 index 35cebe4777dcf..0000000000000 --- a/x-pack/plugins/security_solution/server/graphql/matrix_histogram/resolvers.ts +++ /dev/null @@ -1,39 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import { MatrixHistogram } from '../../lib/matrix_histogram'; -import { AppResolverOf, ChildResolverOf } from '../../lib/framework'; -import { createOptions } from '../../utils/build_query/create_options'; -import { QuerySourceResolver } from '../sources/resolvers'; -import { SourceResolvers } from '../types'; - -export interface MatrixHistogramResolversDeps { - matrixHistogram: MatrixHistogram; -} - -type QueryMatrixHistogramResolver = ChildResolverOf< - AppResolverOf, - QuerySourceResolver ->; - -export const createMatrixHistogramResolvers = ( - libs: MatrixHistogramResolversDeps -): { - Source: { - MatrixHistogram: QueryMatrixHistogramResolver; - }; -} => ({ - Source: { - async MatrixHistogram(source, args, { req }, info) { - const options = { - ...createOptions(source, args, info), - stackByField: args.stackByField, - histogramType: args.histogramType, - }; - return libs.matrixHistogram.getMatrixHistogramData(req, options); - }, - }, -}); diff --git a/x-pack/plugins/security_solution/server/graphql/matrix_histogram/schema.gql.ts b/x-pack/plugins/security_solution/server/graphql/matrix_histogram/schema.gql.ts deleted file mode 100644 index deda6dc6e5c1a..0000000000000 --- a/x-pack/plugins/security_solution/server/graphql/matrix_histogram/schema.gql.ts +++ /dev/null @@ -1,39 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import gql from 'graphql-tag'; - -export const matrixHistogramSchema = gql` - type MatrixOverTimeHistogramData { - x: Float - y: Float - g: String - } - - type MatrixHistogramOverTimeData { - inspect: Inspect - matrixHistogramData: [MatrixOverTimeHistogramData!]! - totalCount: Float! - } - - enum HistogramType { - authentications - anomalies - events - alerts - dns - } - - extend type Source { - MatrixHistogram( - filterQuery: String - defaultIndex: [String!]! - timerange: TimerangeInput! - stackByField: String! - histogramType: HistogramType! - ): MatrixHistogramOverTimeData! - } -`; diff --git a/x-pack/plugins/security_solution/server/graphql/network/index.ts b/x-pack/plugins/security_solution/server/graphql/network/index.ts deleted file mode 100644 index 5dba3b21c1108..0000000000000 --- a/x-pack/plugins/security_solution/server/graphql/network/index.ts +++ /dev/null @@ -1,8 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -export { createNetworkResolvers } from './resolvers'; -export { networkSchema } from './schema.gql'; diff --git a/x-pack/plugins/security_solution/server/graphql/network/resolvers.ts b/x-pack/plugins/security_solution/server/graphql/network/resolvers.ts deleted file mode 100644 index db15babc42a72..0000000000000 --- a/x-pack/plugins/security_solution/server/graphql/network/resolvers.ts +++ /dev/null @@ -1,83 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import { SourceResolvers } from '../../graphql/types'; -import { AppResolverOf, ChildResolverOf } from '../../lib/framework'; -import { Network } from '../../lib/network'; -import { createOptionsPaginated } from '../../utils/build_query/create_options'; -import { QuerySourceResolver } from '../sources/resolvers'; - -type QueryNetworkTopCountriesResolver = ChildResolverOf< - AppResolverOf, - QuerySourceResolver ->; - -type QueryNetworkTopNFlowResolver = ChildResolverOf< - AppResolverOf, - QuerySourceResolver ->; - -type QueryNetworkHttpResolver = ChildResolverOf< - AppResolverOf, - QuerySourceResolver ->; - -type QueryDnsResolver = ChildResolverOf< - AppResolverOf, - QuerySourceResolver ->; - -export interface NetworkResolversDeps { - network: Network; -} - -export const createNetworkResolvers = ( - libs: NetworkResolversDeps -): { - Source: { - NetworkHttp: QueryNetworkHttpResolver; - NetworkTopCountries: QueryNetworkTopCountriesResolver; - NetworkTopNFlow: QueryNetworkTopNFlowResolver; - NetworkDns: QueryDnsResolver; - }; -} => ({ - Source: { - async NetworkTopCountries(source, args, { req }, info) { - const options = { - ...createOptionsPaginated(source, args, info), - flowTarget: args.flowTarget, - networkTopCountriesSort: args.sort, - ip: args.ip, - }; - return libs.network.getNetworkTopCountries(req, options); - }, - async NetworkTopNFlow(source, args, { req }, info) { - const options = { - ...createOptionsPaginated(source, args, info), - flowTarget: args.flowTarget, - networkTopNFlowSort: args.sort, - ip: args.ip, - }; - return libs.network.getNetworkTopNFlow(req, options); - }, - async NetworkHttp(source, args, { req }, info) { - const options = { - ...createOptionsPaginated(source, args, info), - networkHttpSort: args.sort, - ip: args.ip, - }; - return libs.network.getNetworkHttp(req, options); - }, - async NetworkDns(source, args, { req }, info) { - const options = { - ...createOptionsPaginated(source, args, info), - networkDnsSortField: args.sort, - isPtrIncluded: args.isPtrIncluded, - }; - return libs.network.getNetworkDns(req, options); - }, - }, -}); diff --git a/x-pack/plugins/security_solution/server/graphql/network/schema.gql.ts b/x-pack/plugins/security_solution/server/graphql/network/schema.gql.ts deleted file mode 100644 index 9bb8a48c12f0d..0000000000000 --- a/x-pack/plugins/security_solution/server/graphql/network/schema.gql.ts +++ /dev/null @@ -1,253 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import gql from 'graphql-tag'; - -export const networkSchema = gql` - enum NetworkDirectionEcs { - inbound - outbound - internal - external - incoming - outgoing - listening - unknown - } - - type TopNetworkTablesEcsField { - bytes_in: Float - bytes_out: Float - } - - type GeoItem { - geo: GeoEcsFields - flowTarget: FlowTargetSourceDest - } - - type AutonomousSystemItem { - name: String - number: Float - } - - type TopCountriesItemSource { - country: String - destination_ips: Float - flows: Float - location: GeoItem - source_ips: Float - } - - type TopCountriesItemDestination { - country: String - destination_ips: Float - flows: Float - location: GeoItem - source_ips: Float - } - - type NetworkTopCountriesItem { - _id: String - source: TopCountriesItemSource - destination: TopCountriesItemDestination - network: TopNetworkTablesEcsField - } - - type NetworkTopCountriesEdges { - node: NetworkTopCountriesItem! - cursor: CursorType! - } - - type NetworkTopCountriesData { - edges: [NetworkTopCountriesEdges!]! - totalCount: Float! - pageInfo: PageInfoPaginated! - inspect: Inspect - } - - type TopNFlowItemSource { - autonomous_system: AutonomousSystemItem - domain: [String!] - ip: String - location: GeoItem - flows: Float - destination_ips: Float - } - - type TopNFlowItemDestination { - autonomous_system: AutonomousSystemItem - domain: [String!] - ip: String - location: GeoItem - flows: Float - source_ips: Float - } - - enum NetworkTopTablesFields { - bytes_in - bytes_out - flows - destination_ips - source_ips - } - - input NetworkTopTablesSortField { - field: NetworkTopTablesFields! - direction: Direction! - } - - type NetworkTopNFlowItem { - _id: String - source: TopNFlowItemSource - destination: TopNFlowItemDestination - network: TopNetworkTablesEcsField - } - - type NetworkTopNFlowEdges { - node: NetworkTopNFlowItem! - cursor: CursorType! - } - - type NetworkTopNFlowData { - edges: [NetworkTopNFlowEdges!]! - totalCount: Float! - pageInfo: PageInfoPaginated! - inspect: Inspect - } - - enum NetworkDnsFields { - dnsName - queryCount - uniqueDomains - dnsBytesIn - dnsBytesOut - } - - input NetworkDnsSortField { - field: NetworkDnsFields! - direction: Direction! - } - - type NetworkDnsItem { - _id: String - dnsBytesIn: Float - dnsBytesOut: Float - dnsName: String - queryCount: Float - uniqueDomains: Float - } - - type NetworkDnsEdges { - node: NetworkDnsItem! - cursor: CursorType! - } - - type MatrixOverOrdinalHistogramData { - x: String! - y: Float! - g: String! - } - - type NetworkDnsData { - edges: [NetworkDnsEdges!]! - totalCount: Float! - pageInfo: PageInfoPaginated! - inspect: Inspect - histogram: [MatrixOverOrdinalHistogramData!] - } - - enum NetworkHttpFields { - domains - lastHost - lastSourceIp - methods - path - requestCount - statuses - } - - input NetworkHttpSortField { - direction: Direction! - } - - type NetworkHttpItem { - _id: String - domains: [String!]! - lastHost: String - lastSourceIp: String - methods: [String!]! - path: String - requestCount: Float - statuses: [String!]! - } - - type NetworkHttpEdges { - node: NetworkHttpItem! - cursor: CursorType! - } - - type NetworkHttpData { - edges: [NetworkHttpEdges!]! - totalCount: Float! - pageInfo: PageInfoPaginated! - inspect: Inspect - } - - type NetworkDsOverTimeData { - inspect: Inspect - matrixHistogramData: [MatrixOverTimeHistogramData!]! - totalCount: Float! - } - - extend type Source { - NetworkTopCountries( - id: String - filterQuery: String - ip: String - flowTarget: FlowTargetSourceDest! - pagination: PaginationInputPaginated! - sort: NetworkTopTablesSortField! - timerange: TimerangeInput! - defaultIndex: [String!]! - ): NetworkTopCountriesData! - NetworkTopNFlow( - id: String - filterQuery: String - ip: String - flowTarget: FlowTargetSourceDest! - pagination: PaginationInputPaginated! - sort: NetworkTopTablesSortField! - timerange: TimerangeInput! - defaultIndex: [String!]! - ): NetworkTopNFlowData! - NetworkDns( - filterQuery: String - id: String - isPtrIncluded: Boolean! - pagination: PaginationInputPaginated! - sort: NetworkDnsSortField! - stackByField: String - timerange: TimerangeInput! - defaultIndex: [String!]! - ): NetworkDnsData! - NetworkDnsHistogram( - filterQuery: String - defaultIndex: [String!]! - timerange: TimerangeInput! - stackByField: String - docValueFields: [docValueFieldsInput!]! - ): NetworkDsOverTimeData! - NetworkHttp( - id: String - filterQuery: String - ip: String - pagination: PaginationInputPaginated! - sort: NetworkHttpSortField! - timerange: TimerangeInput! - defaultIndex: [String!]! - ): NetworkHttpData! - } -`; diff --git a/x-pack/plugins/security_solution/server/graphql/types.ts b/x-pack/plugins/security_solution/server/graphql/types.ts index 5f370ab1b8c9f..7d2ce8a284994 100644 --- a/x-pack/plugins/security_solution/server/graphql/types.ts +++ b/x-pack/plugins/security_solution/server/graphql/types.ts @@ -42,53 +42,16 @@ export interface PaginationInputPaginated { querySize: number; } -export interface DocValueFieldsInput { - field: string; - - format: string; -} - -export interface PaginationInput { - /** The limit parameter allows you to configure the maximum amount of items to be returned */ - limit: number; - /** The cursor parameter defines the next result you want to fetch */ - cursor?: Maybe; - /** The tiebreaker parameter allow to be more precise to fetch the next item */ - tiebreaker?: Maybe; -} - -export interface SortField { - sortFieldId: string; - - direction: Direction; -} - -export interface LastTimeDetails { - hostName?: Maybe; - - ip?: Maybe; -} - export interface HostsSortField { field: HostsFields; direction: Direction; } -export interface NetworkTopTablesSortField { - field: NetworkTopTablesFields; - - direction: Direction; -} - -export interface NetworkDnsSortField { - field: NetworkDnsFields; - - direction: Direction; -} +export interface DocValueFieldsInput { + field: string; -export interface NetworkHttpSortField { - direction: Direction; + format: string; } export interface PageInfoTimeline { @@ -269,6 +232,21 @@ export interface SortTimelineInput { sortDirection?: Maybe; } +export interface PaginationInput { + /** The limit parameter allows you to configure the maximum amount of items to be returned */ + limit: number; + /** The cursor parameter defines the next result you want to fetch */ + cursor?: Maybe; + /** The tiebreaker parameter allow to be more precise to fetch the next item */ + tiebreaker?: Maybe; +} + +export interface SortField { + sortFieldId: string; + + direction: Direction; +} + export interface FavoriteTimelineInput { fullName?: Maybe; @@ -287,13 +265,6 @@ export enum Direction { desc = 'desc', } -export enum LastEventIndexKey { - hostDetails = 'hostDetails', - hosts = 'hosts', - ipDetails = 'ipDetails', - network = 'network', -} - export enum HostsFields { hostName = 'hostName', lastSeen = 'lastSeen', @@ -305,35 +276,6 @@ export enum HostPolicyResponseActionStatus { warning = 'warning', } -export enum HistogramType { - authentications = 'authentications', - anomalies = 'anomalies', - events = 'events', - alerts = 'alerts', - dns = 'dns', -} - -export enum FlowTargetSourceDest { - destination = 'destination', - source = 'source', -} - -export enum NetworkTopTablesFields { - bytes_in = 'bytes_in', - bytes_out = 'bytes_out', - flows = 'flows', - destination_ips = 'destination_ips', - source_ips = 'source_ips', -} - -export enum NetworkDnsFields { - dnsName = 'dnsName', - queryCount = 'queryCount', - uniqueDomains = 'uniqueDomains', - dnsBytesIn = 'dnsBytesIn', - dnsBytesOut = 'dnsBytesOut', -} - export enum DataProviderType { default = 'default', template = 'template', @@ -373,27 +315,6 @@ export enum SortFieldTimeline { created = 'created', } -export enum NetworkDirectionEcs { - inbound = 'inbound', - outbound = 'outbound', - internal = 'internal', - external = 'external', - incoming = 'incoming', - outgoing = 'outgoing', - listening = 'listening', - unknown = 'unknown', -} - -export enum NetworkHttpFields { - domains = 'domains', - lastHost = 'lastHost', - lastSourceIp = 'lastSourceIp', - methods = 'methods', - path = 'path', - requestCount = 'requestCount', - statuses = 'statuses', -} - export enum FlowTarget { client = 'client', destination = 'destination', @@ -401,6 +322,11 @@ export enum FlowTarget { source = 'source', } +export enum FlowTargetSourceDest { + destination = 'destination', + source = 'source', +} + export enum FlowDirection { uniDirectional = 'uniDirectional', biDirectional = 'biDirectional', @@ -410,17 +336,15 @@ export type ToStringArray = string[] | string; export type Date = string; -export type ToNumberArray = number[] | number; - -export type ToDateArray = string[] | string; +export type ToAny = any; -export type ToBooleanArray = boolean[] | boolean; +export type ToStringArrayNoNullable = any; -export type ToAny = any; +export type ToDateArray = string[] | string; -export type EsValue = any; +export type ToNumberArray = number[] | number; -export type ToStringArrayNoNullable = any; +export type ToBooleanArray = boolean[] | boolean; export type ToIFieldSubTypeNonNullable = any; @@ -511,40 +435,12 @@ export interface Source { configuration: SourceConfiguration; /** The status of the source */ status: SourceStatus; - /** Gets Authentication success and failures based on a timerange */ - Authentications: AuthenticationsData; - - Timeline: TimelineData; - - TimelineDetails: TimelineDetailsData; - - LastEventTime: LastEventTimeData; /** Gets Hosts based on timerange and specified criteria, or all events in the timerange if no criteria is specified */ Hosts: HostsData; HostOverview: HostItem; HostFirstLastSeen: FirstLastSeenHost; - - KpiNetwork?: Maybe; - - KpiHosts: KpiHostsData; - - KpiHostDetails: KpiHostDetailsData; - - MatrixHistogram: MatrixHistogramOverTimeData; - - NetworkTopCountries: NetworkTopCountriesData; - - NetworkTopNFlow: NetworkTopNFlowData; - - NetworkDns: NetworkDnsData; - - NetworkDnsHistogram: NetworkDsOverTimeData; - - NetworkHttp: NetworkHttpData; - /** Just a simple example to get the app name */ - whoAmI?: Maybe; } /** A set of configuration options for a security data source */ @@ -577,8 +473,8 @@ export interface SourceStatus { indexFields: string[]; } -export interface AuthenticationsData { - edges: AuthenticationsEdges[]; +export interface HostsData { + edges: HostsEdges[]; totalCount: number; @@ -587,84 +483,50 @@ export interface AuthenticationsData { inspect?: Maybe; } -export interface AuthenticationsEdges { - node: AuthenticationItem; +export interface HostsEdges { + node: HostItem; cursor: CursorType; } -export interface AuthenticationItem { - _id: string; +export interface HostItem { + _id?: Maybe; - failures: number; + cloud?: Maybe; - successes: number; + endpoint?: Maybe; - user: UserEcsFields; + host?: Maybe; - lastSuccess?: Maybe; + inspect?: Maybe; - lastFailure?: Maybe; + lastSeen?: Maybe; } -export interface UserEcsFields { - domain?: Maybe; - - id?: Maybe; - - name?: Maybe; - - full_name?: Maybe; +export interface CloudFields { + instance?: Maybe; - email?: Maybe; + machine?: Maybe; - hash?: Maybe; + provider?: Maybe<(Maybe)[]>; - group?: Maybe; + region?: Maybe<(Maybe)[]>; } -export interface LastSourceHost { - timestamp?: Maybe; - - source?: Maybe; - - host?: Maybe; +export interface CloudInstance { + id?: Maybe<(Maybe)[]>; } -export interface SourceEcsFields { - bytes?: Maybe; - - ip?: Maybe; - - port?: Maybe; - - domain?: Maybe; - - geo?: Maybe; - - packets?: Maybe; +export interface CloudMachine { + type?: Maybe<(Maybe)[]>; } -export interface GeoEcsFields { - city_name?: Maybe; - - continent_name?: Maybe; - - country_iso_code?: Maybe; - - country_name?: Maybe; - - location?: Maybe; - - region_iso_code?: Maybe; - - region_name?: Maybe; -} +export interface EndpointFields { + endpointPolicy?: Maybe; -export interface Location { - lon?: Maybe; + sensorVersion?: Maybe; - lat?: Maybe; + policyStatus?: Maybe; } export interface HostEcsFields { @@ -697,6 +559,12 @@ export interface OsEcsFields { kernel?: Maybe; } +export interface Inspect { + dsl: string[]; + + response: string[]; +} + export interface CursorType { value?: Maybe; @@ -711,196 +579,267 @@ export interface PageInfoPaginated { showMorePagesIndicator: boolean; } -export interface Inspect { - dsl: string[]; +export interface FirstLastSeenHost { + inspect?: Maybe; - response: string[]; + firstSeen?: Maybe; + + lastSeen?: Maybe; } -export interface TimelineData { - edges: TimelineEdges[]; +export interface TimelineResult { + columns?: Maybe; - totalCount: number; + created?: Maybe; - pageInfo: PageInfo; + createdBy?: Maybe; - inspect?: Maybe; -} + dataProviders?: Maybe; -export interface TimelineEdges { - node: TimelineItem; + dateRange?: Maybe; - cursor: CursorType; -} + description?: Maybe; -export interface TimelineItem { - _id: string; + eventIdToNoteIds?: Maybe; - _index?: Maybe; + eventType?: Maybe; - data: TimelineNonEcsData[]; + excludedRowRendererIds?: Maybe; - ecs: Ecs; -} + favorite?: Maybe; -export interface TimelineNonEcsData { - field: string; + filters?: Maybe; - value?: Maybe; -} + kqlMode?: Maybe; -export interface Ecs { - _id: string; + kqlQuery?: Maybe; - _index?: Maybe; + indexNames?: Maybe; - agent?: Maybe; + notes?: Maybe; - auditd?: Maybe; + noteIds?: Maybe; - destination?: Maybe; + pinnedEventIds?: Maybe; - dns?: Maybe; + pinnedEventsSaveObject?: Maybe; - endgame?: Maybe; + savedQueryId?: Maybe; - event?: Maybe; + savedObjectId: string; - geo?: Maybe; + sort?: Maybe; - host?: Maybe; + status?: Maybe; - network?: Maybe; + title?: Maybe; - rule?: Maybe; + templateTimelineId?: Maybe; - signal?: Maybe; + templateTimelineVersion?: Maybe; - source?: Maybe; + timelineType?: Maybe; - suricata?: Maybe; + updated?: Maybe; - tls?: Maybe; + updatedBy?: Maybe; - zeek?: Maybe; + version: string; +} - http?: Maybe; +export interface ColumnHeaderResult { + aggregatable?: Maybe; - url?: Maybe; + category?: Maybe; - timestamp?: Maybe; + columnHeaderType?: Maybe; - message?: Maybe; + description?: Maybe; - user?: Maybe; + example?: Maybe; - winlog?: Maybe; + indexes?: Maybe; - process?: Maybe; + id?: Maybe; - file?: Maybe; + name?: Maybe; - system?: Maybe; -} + placeholder?: Maybe; -export interface AgentEcsField { - type?: Maybe; + searchable?: Maybe; + + type?: Maybe; } -export interface AuditdEcsFields { - result?: Maybe; +export interface DataProviderResult { + id?: Maybe; - session?: Maybe; + name?: Maybe; - data?: Maybe; + enabled?: Maybe; - summary?: Maybe; + excluded?: Maybe; - sequence?: Maybe; + kqlQuery?: Maybe; + + queryMatch?: Maybe; + + type?: Maybe; + + and?: Maybe; } -export interface AuditdData { - acct?: Maybe; +export interface QueryMatchResult { + field?: Maybe; - terminal?: Maybe; + displayField?: Maybe; - op?: Maybe; + value?: Maybe; + + displayValue?: Maybe; + + operator?: Maybe; } -export interface Summary { - actor?: Maybe; +export interface DateRangePickerResult { + start?: Maybe; - object?: Maybe; + end?: Maybe; +} - how?: Maybe; +export interface FavoriteTimelineResult { + fullName?: Maybe; - message_type?: Maybe; + userName?: Maybe; - sequence?: Maybe; + favoriteDate?: Maybe; } -export interface PrimarySecondary { - primary?: Maybe; +export interface FilterTimelineResult { + exists?: Maybe; - secondary?: Maybe; + meta?: Maybe; - type?: Maybe; + match_all?: Maybe; + + missing?: Maybe; + + query?: Maybe; + + range?: Maybe; + + script?: Maybe; } -export interface DestinationEcsFields { - bytes?: Maybe; +export interface FilterMetaTimelineResult { + alias?: Maybe; - ip?: Maybe; + controlledBy?: Maybe; - port?: Maybe; + disabled?: Maybe; - domain?: Maybe; + field?: Maybe; - geo?: Maybe; + formattedValue?: Maybe; - packets?: Maybe; + index?: Maybe; + + key?: Maybe; + + negate?: Maybe; + + params?: Maybe; + + type?: Maybe; + + value?: Maybe; } -export interface DnsEcsFields { - question?: Maybe; +export interface SerializedFilterQueryResult { + filterQuery?: Maybe; +} - resolved_ip?: Maybe; +export interface SerializedKueryQueryResult { + kuery?: Maybe; - response_code?: Maybe; + serializedQuery?: Maybe; } -export interface DnsQuestionData { - name?: Maybe; +export interface KueryFilterQueryResult { + kind?: Maybe; - type?: Maybe; + expression?: Maybe; } -export interface EndgameEcsFields { - exit_code?: Maybe; +export interface SortTimelineResult { + columnId?: Maybe; - file_name?: Maybe; + sortDirection?: Maybe; +} - file_path?: Maybe; +export interface ResponseTimelines { + timeline: (Maybe)[]; - logon_type?: Maybe; + totalCount?: Maybe; - parent_process_name?: Maybe; + defaultTimelineCount?: Maybe; - pid?: Maybe; + templateTimelineCount?: Maybe; - process_name?: Maybe; + elasticTemplateTimelineCount?: Maybe; - subject_domain_name?: Maybe; + customTemplateTimelineCount?: Maybe; - subject_logon_id?: Maybe; + favoriteCount?: Maybe; +} - subject_user_name?: Maybe; +export interface Mutation { + /** Persists a note */ + persistNote: ResponseNote; - target_domain_name?: Maybe; + deleteNote?: Maybe; - target_logon_id?: Maybe; + deleteNoteByTimelineId?: Maybe; + /** Persists a pinned event in a timeline */ + persistPinnedEventOnTimeline?: Maybe; + /** Remove a pinned events in a timeline */ + deletePinnedEventOnTimeline: boolean; + /** Remove all pinned events in a timeline */ + deleteAllPinnedEventsOnTimeline: boolean; + /** Persists a timeline */ + persistTimeline: ResponseTimeline; - target_user_name?: Maybe; + persistFavorite: ResponseFavoriteTimeline; + + deleteTimeline: boolean; +} + +export interface ResponseNote { + code?: Maybe; + + message?: Maybe; + + note: NoteResult; +} + +export interface ResponseTimeline { + code?: Maybe; + + message?: Maybe; + + timeline: TimelineResult; +} + +export interface ResponseFavoriteTimeline { + code?: Maybe; + + message?: Maybe; + + savedObjectId: string; + + version: string; + + favorite?: Maybe; } export interface EventEcsFields { @@ -943,110 +882,176 @@ export interface EventEcsFields { type?: Maybe; } -export interface NetworkEcsField { - bytes?: Maybe; - - community_id?: Maybe; +export interface Location { + lon?: Maybe; - direction?: Maybe; + lat?: Maybe; +} - packets?: Maybe; +export interface GeoEcsFields { + city_name?: Maybe; - protocol?: Maybe; + continent_name?: Maybe; - transport?: Maybe; -} + country_iso_code?: Maybe; -export interface RuleEcsField { - reference?: Maybe; -} + country_name?: Maybe; -export interface SignalField { - rule?: Maybe; + location?: Maybe; - original_time?: Maybe; + region_iso_code?: Maybe; - status?: Maybe; + region_name?: Maybe; } -export interface RuleField { - id?: Maybe; +export interface PrimarySecondary { + primary?: Maybe; - rule_id?: Maybe; + secondary?: Maybe; - false_positives: string[]; + type?: Maybe; +} - saved_id?: Maybe; +export interface Summary { + actor?: Maybe; - timeline_id?: Maybe; + object?: Maybe; - timeline_title?: Maybe; + how?: Maybe; - max_signals?: Maybe; + message_type?: Maybe; - risk_score?: Maybe; + sequence?: Maybe; +} - output_index?: Maybe; +export interface AgentEcsField { + type?: Maybe; +} - description?: Maybe; +export interface AuditdData { + acct?: Maybe; - from?: Maybe; + terminal?: Maybe; - immutable?: Maybe; + op?: Maybe; +} - index?: Maybe; +export interface AuditdEcsFields { + result?: Maybe; - interval?: Maybe; + session?: Maybe; - language?: Maybe; + data?: Maybe; - query?: Maybe; + summary?: Maybe; - references?: Maybe; + sequence?: Maybe; +} - severity?: Maybe; +export interface Thread { + id?: Maybe; - tags?: Maybe; + start?: Maybe; +} - threat?: Maybe; +export interface ProcessHashData { + md5?: Maybe; - type?: Maybe; + sha1?: Maybe; - size?: Maybe; + sha256?: Maybe; +} - to?: Maybe; +export interface ProcessEcsFields { + hash?: Maybe; - enabled?: Maybe; + pid?: Maybe; - filters?: Maybe; + name?: Maybe; - created_at?: Maybe; + ppid?: Maybe; - updated_at?: Maybe; + args?: Maybe; - created_by?: Maybe; + entity_id?: Maybe; - updated_by?: Maybe; + executable?: Maybe; - version?: Maybe; + title?: Maybe; - note?: Maybe; + thread?: Maybe; - threshold?: Maybe; + working_directory?: Maybe; +} - exceptions_list?: Maybe; +export interface SourceEcsFields { + bytes?: Maybe; + + ip?: Maybe; + + port?: Maybe; + + domain?: Maybe; + + geo?: Maybe; + + packets?: Maybe; } -export interface SuricataEcsFields { - eve?: Maybe; +export interface DestinationEcsFields { + bytes?: Maybe; + + ip?: Maybe; + + port?: Maybe; + + domain?: Maybe; + + geo?: Maybe; + + packets?: Maybe; } -export interface SuricataEveData { - alert?: Maybe; +export interface DnsQuestionData { + name?: Maybe; - flow_id?: Maybe; + type?: Maybe; +} - proto?: Maybe; +export interface DnsEcsFields { + question?: Maybe; + + resolved_ip?: Maybe; + + response_code?: Maybe; +} + +export interface EndgameEcsFields { + exit_code?: Maybe; + + file_name?: Maybe; + + file_path?: Maybe; + + logon_type?: Maybe; + + parent_process_name?: Maybe; + + pid?: Maybe; + + process_name?: Maybe; + + subject_domain_name?: Maybe; + + subject_logon_id?: Maybe; + + subject_user_name?: Maybe; + + target_domain_name?: Maybe; + + target_logon_id?: Maybe; + + target_user_name?: Maybe; } export interface SuricataAlertData { @@ -1055,48 +1060,44 @@ export interface SuricataAlertData { signature_id?: Maybe; } -export interface TlsEcsFields { - client_certificate?: Maybe; +export interface SuricataEveData { + alert?: Maybe; - fingerprints?: Maybe; + flow_id?: Maybe; - server_certificate?: Maybe; + proto?: Maybe; } -export interface TlsClientCertificateData { - fingerprint?: Maybe; +export interface SuricataEcsFields { + eve?: Maybe; } -export interface FingerprintData { - sha1?: Maybe; +export interface TlsJa3Data { + hash?: Maybe; } -export interface TlsFingerprintsData { - ja3?: Maybe; +export interface FingerprintData { + sha1?: Maybe; } -export interface TlsJa3Data { - hash?: Maybe; +export interface TlsClientCertificateData { + fingerprint?: Maybe; } export interface TlsServerCertificateData { fingerprint?: Maybe; } -export interface ZeekEcsFields { - session_id?: Maybe; - - connection?: Maybe; - - notice?: Maybe; - - dns?: Maybe; +export interface TlsFingerprintsData { + ja3?: Maybe; +} - http?: Maybe; +export interface TlsEcsFields { + client_certificate?: Maybe; - files?: Maybe; + fingerprints?: Maybe; - ssl?: Maybe; + server_certificate?: Maybe; } export interface ZeekConnectionData { @@ -1151,6 +1152,38 @@ export interface ZeekDnsData { TC?: Maybe; } +export interface FileFields { + name?: Maybe; + + path?: Maybe; + + target_path?: Maybe; + + extension?: Maybe; + + type?: Maybe; + + device?: Maybe; + + inode?: Maybe; + + uid?: Maybe; + + owner?: Maybe; + + gid?: Maybe; + + group?: Maybe; + + mode?: Maybe; + + size?: Maybe; + + mtime?: Maybe; + + ctime?: Maybe; +} + export interface ZeekHttpData { resp_mime_types?: Maybe; @@ -1163,6 +1196,48 @@ export interface ZeekHttpData { tags?: Maybe; } +export interface HttpBodyData { + content?: Maybe; + + bytes?: Maybe; +} + +export interface HttpRequestData { + method?: Maybe; + + body?: Maybe; + + referrer?: Maybe; + + bytes?: Maybe; +} + +export interface HttpResponseData { + status_code?: Maybe; + + body?: Maybe; + + bytes?: Maybe; +} + +export interface HttpEcsFields { + version?: Maybe; + + request?: Maybe; + + response?: Maybe; +} + +export interface UrlEcsFields { + domain?: Maybe; + + original?: Maybe; + + username?: Maybe; + + password?: Maybe; +} + export interface ZeekFileData { session_ids?: Maybe; @@ -1211,128 +1286,54 @@ export interface ZeekSslData { version?: Maybe; } -export interface HttpEcsFields { - version?: Maybe; +export interface ZeekEcsFields { + session_id?: Maybe; - request?: Maybe; + connection?: Maybe; - response?: Maybe; -} + notice?: Maybe; -export interface HttpRequestData { - method?: Maybe; + dns?: Maybe; - body?: Maybe; + http?: Maybe; - referrer?: Maybe; + files?: Maybe; - bytes?: Maybe; + ssl?: Maybe; } -export interface HttpBodyData { - content?: Maybe; +export interface UserEcsFields { + domain?: Maybe; - bytes?: Maybe; -} + id?: Maybe; -export interface HttpResponseData { - status_code?: Maybe; + name?: Maybe; - body?: Maybe; + full_name?: Maybe; - bytes?: Maybe; -} + email?: Maybe; -export interface UrlEcsFields { - domain?: Maybe; + hash?: Maybe; - original?: Maybe; - - username?: Maybe; - - password?: Maybe; -} + group?: Maybe; +} export interface WinlogEcsFields { event_id?: Maybe; } -export interface ProcessEcsFields { - hash?: Maybe; - - pid?: Maybe; - - name?: Maybe; - - ppid?: Maybe; - - args?: Maybe; - - entity_id?: Maybe; - - executable?: Maybe; - - title?: Maybe; - - thread?: Maybe; - - working_directory?: Maybe; -} - -export interface ProcessHashData { - md5?: Maybe; - - sha1?: Maybe; - - sha256?: Maybe; -} - -export interface Thread { - id?: Maybe; - - start?: Maybe; -} - -export interface FileFields { - name?: Maybe; - - path?: Maybe; - - target_path?: Maybe; - - extension?: Maybe; - - type?: Maybe; - - device?: Maybe; - - inode?: Maybe; - - uid?: Maybe; - - owner?: Maybe; - - gid?: Maybe; - - group?: Maybe; - - mode?: Maybe; - - size?: Maybe; +export interface NetworkEcsField { + bytes?: Maybe; - mtime?: Maybe; + community_id?: Maybe; - ctime?: Maybe; -} + direction?: Maybe; -export interface SystemEcsField { - audit?: Maybe; + packets?: Maybe; - auth?: Maybe; -} + protocol?: Maybe; -export interface AuditEcsFields { - package?: Maybe; + transport?: Maybe; } export interface PackageEcsFields { @@ -1349,8 +1350,8 @@ export interface PackageEcsFields { version?: Maybe; } -export interface AuthEcsFields { - ssh?: Maybe; +export interface AuditEcsFields { + package?: Maybe; } export interface SshEcsFields { @@ -1359,6688 +1360,4387 @@ export interface SshEcsFields { signature?: Maybe; } -export interface PageInfo { - endCursor?: Maybe; - - hasNextPage?: Maybe; +export interface AuthEcsFields { + ssh?: Maybe; } -export interface TimelineDetailsData { - data?: Maybe; +export interface SystemEcsField { + audit?: Maybe; - inspect?: Maybe; + auth?: Maybe; } -export interface DetailItem { - field: string; - - values?: Maybe; - - originalValue?: Maybe; -} +export interface RuleField { + id?: Maybe; -export interface LastEventTimeData { - lastSeen?: Maybe; + rule_id?: Maybe; - inspect?: Maybe; -} + false_positives: string[]; -export interface HostsData { - edges: HostsEdges[]; + saved_id?: Maybe; - totalCount: number; + timeline_id?: Maybe; - pageInfo: PageInfoPaginated; + timeline_title?: Maybe; - inspect?: Maybe; -} + max_signals?: Maybe; -export interface HostsEdges { - node: HostItem; + risk_score?: Maybe; - cursor: CursorType; -} + output_index?: Maybe; -export interface HostItem { - _id?: Maybe; + description?: Maybe; - cloud?: Maybe; + from?: Maybe; - endpoint?: Maybe; + immutable?: Maybe; - host?: Maybe; + index?: Maybe; - inspect?: Maybe; + interval?: Maybe; - lastSeen?: Maybe; -} + language?: Maybe; -export interface CloudFields { - instance?: Maybe; + query?: Maybe; - machine?: Maybe; + references?: Maybe; - provider?: Maybe<(Maybe)[]>; + severity?: Maybe; - region?: Maybe<(Maybe)[]>; -} + tags?: Maybe; -export interface CloudInstance { - id?: Maybe<(Maybe)[]>; -} + threat?: Maybe; -export interface CloudMachine { - type?: Maybe<(Maybe)[]>; -} + type?: Maybe; -export interface EndpointFields { - endpointPolicy?: Maybe; + size?: Maybe; - sensorVersion?: Maybe; + to?: Maybe; - policyStatus?: Maybe; -} + enabled?: Maybe; -export interface FirstLastSeenHost { - inspect?: Maybe; + filters?: Maybe; - firstSeen?: Maybe; + created_at?: Maybe; - lastSeen?: Maybe; -} + updated_at?: Maybe; -export interface KpiNetworkData { - networkEvents?: Maybe; + created_by?: Maybe; - uniqueFlowId?: Maybe; + updated_by?: Maybe; - uniqueSourcePrivateIps?: Maybe; + version?: Maybe; - uniqueSourcePrivateIpsHistogram?: Maybe; + note?: Maybe; - uniqueDestinationPrivateIps?: Maybe; + threshold?: Maybe; - uniqueDestinationPrivateIpsHistogram?: Maybe; + exceptions_list?: Maybe; +} - dnsQueries?: Maybe; +export interface SignalField { + rule?: Maybe; - tlsHandshakes?: Maybe; + original_time?: Maybe; - inspect?: Maybe; + status?: Maybe; } -export interface KpiNetworkHistogramData { - x?: Maybe; - - y?: Maybe; +export interface RuleEcsField { + reference?: Maybe; } -export interface KpiHostsData { - hosts?: Maybe; - - hostsHistogram?: Maybe; - - authSuccess?: Maybe; - - authSuccessHistogram?: Maybe; - - authFailure?: Maybe; - - authFailureHistogram?: Maybe; - - uniqueSourceIps?: Maybe; +export interface Ecs { + _id: string; - uniqueSourceIpsHistogram?: Maybe; + _index?: Maybe; - uniqueDestinationIps?: Maybe; + agent?: Maybe; - uniqueDestinationIpsHistogram?: Maybe; + auditd?: Maybe; - inspect?: Maybe; -} + destination?: Maybe; -export interface KpiHostHistogramData { - x?: Maybe; + dns?: Maybe; - y?: Maybe; -} + endgame?: Maybe; -export interface KpiHostDetailsData { - authSuccess?: Maybe; + event?: Maybe; - authSuccessHistogram?: Maybe; + geo?: Maybe; - authFailure?: Maybe; + host?: Maybe; - authFailureHistogram?: Maybe; + network?: Maybe; - uniqueSourceIps?: Maybe; + rule?: Maybe; - uniqueSourceIpsHistogram?: Maybe; + signal?: Maybe; - uniqueDestinationIps?: Maybe; + source?: Maybe; - uniqueDestinationIpsHistogram?: Maybe; + suricata?: Maybe; - inspect?: Maybe; -} + tls?: Maybe; -export interface MatrixHistogramOverTimeData { - inspect?: Maybe; + zeek?: Maybe; - matrixHistogramData: MatrixOverTimeHistogramData[]; + http?: Maybe; - totalCount: number; -} + url?: Maybe; -export interface MatrixOverTimeHistogramData { - x?: Maybe; + timestamp?: Maybe; - y?: Maybe; + message?: Maybe; - g?: Maybe; -} + user?: Maybe; -export interface NetworkTopCountriesData { - edges: NetworkTopCountriesEdges[]; + winlog?: Maybe; - totalCount: number; + process?: Maybe; - pageInfo: PageInfoPaginated; + file?: Maybe; - inspect?: Maybe; + system?: Maybe; } -export interface NetworkTopCountriesEdges { - node: NetworkTopCountriesItem; +export interface EcsEdges { + node: Ecs; cursor: CursorType; } -export interface NetworkTopCountriesItem { - _id?: Maybe; - - source?: Maybe; - - destination?: Maybe; - - network?: Maybe; -} +export interface OsFields { + platform?: Maybe; -export interface TopCountriesItemSource { - country?: Maybe; + name?: Maybe; - destination_ips?: Maybe; + full?: Maybe; - flows?: Maybe; + family?: Maybe; - location?: Maybe; + version?: Maybe; - source_ips?: Maybe; + kernel?: Maybe; } -export interface GeoItem { - geo?: Maybe; +export interface HostFields { + architecture?: Maybe; - flowTarget?: Maybe; -} + id?: Maybe; -export interface TopCountriesItemDestination { - country?: Maybe; + ip?: Maybe<(Maybe)[]>; - destination_ips?: Maybe; + mac?: Maybe<(Maybe)[]>; - flows?: Maybe; + name?: Maybe; - location?: Maybe; + os?: Maybe; - source_ips?: Maybe; + type?: Maybe; } -export interface TopNetworkTablesEcsField { - bytes_in?: Maybe; - - bytes_out?: Maybe; -} - -export interface NetworkTopNFlowData { - edges: NetworkTopNFlowEdges[]; - - totalCount: number; +/** A descriptor of a field in an index */ +export interface IndexField { + /** Where the field belong */ + category: string; + /** Example of field's value */ + example?: Maybe; + /** whether the field's belong to an alias index */ + indexes: (Maybe)[]; + /** The name of the field */ + name: string; + /** The type of the field's values as recognized by Kibana */ + type: string; + /** Whether the field's values can be efficiently searched for */ + searchable: boolean; + /** Whether the field's values can be aggregated */ + aggregatable: boolean; + /** Description of the field */ + description?: Maybe; - pageInfo: PageInfoPaginated; + format?: Maybe; + /** the elastic type as mapped in the index */ + esTypes?: Maybe; - inspect?: Maybe; + subType?: Maybe; } -export interface NetworkTopNFlowEdges { - node: NetworkTopNFlowItem; +export interface PageInfo { + endCursor?: Maybe; - cursor: CursorType; + hasNextPage?: Maybe; } -export interface NetworkTopNFlowItem { - _id?: Maybe; - - source?: Maybe; - - destination?: Maybe; +// ==================================================== +// Arguments +// ==================================================== - network?: Maybe; +export interface GetNoteQueryArgs { + id: string; } - -export interface TopNFlowItemSource { - autonomous_system?: Maybe; - - domain?: Maybe; - - ip?: Maybe; - - location?: Maybe; - - flows?: Maybe; - - destination_ips?: Maybe; +export interface GetNotesByTimelineIdQueryArgs { + timelineId: string; +} +export interface GetNotesByEventIdQueryArgs { + eventId: string; } +export interface GetAllNotesQueryArgs { + pageInfo?: Maybe; -export interface AutonomousSystemItem { - name?: Maybe; + search?: Maybe; - number?: Maybe; + sort?: Maybe; } +export interface GetAllPinnedEventsByTimelineIdQueryArgs { + timelineId: string; +} +export interface SourceQueryArgs { + /** The id of the source */ + id: string; +} +export interface GetOneTimelineQueryArgs { + id: string; +} +export interface GetAllTimelineQueryArgs { + pageInfo: PageInfoTimeline; -export interface TopNFlowItemDestination { - autonomous_system?: Maybe; - - domain?: Maybe; + search?: Maybe; - ip?: Maybe; + sort?: Maybe; - location?: Maybe; + onlyUserFavorite?: Maybe; - flows?: Maybe; + timelineType?: Maybe; - source_ips?: Maybe; + status?: Maybe; } +export interface HostsSourceArgs { + id?: Maybe; -export interface NetworkDnsData { - edges: NetworkDnsEdges[]; - - totalCount: number; + timerange: TimerangeInput; - pageInfo: PageInfoPaginated; + pagination: PaginationInputPaginated; - inspect?: Maybe; + sort: HostsSortField; - histogram?: Maybe; -} + filterQuery?: Maybe; -export interface NetworkDnsEdges { - node: NetworkDnsItem; + defaultIndex: string[]; - cursor: CursorType; + docValueFields: DocValueFieldsInput[]; } +export interface HostOverviewSourceArgs { + id?: Maybe; -export interface NetworkDnsItem { - _id?: Maybe; - - dnsBytesIn?: Maybe; - - dnsBytesOut?: Maybe; - - dnsName?: Maybe; + hostName: string; - queryCount?: Maybe; + timerange: TimerangeInput; - uniqueDomains?: Maybe; + defaultIndex: string[]; } +export interface HostFirstLastSeenSourceArgs { + id?: Maybe; -export interface MatrixOverOrdinalHistogramData { - x: string; + hostName: string; - y: number; + defaultIndex: string[]; - g: string; + docValueFields: DocValueFieldsInput[]; } +export interface IndicesExistSourceStatusArgs { + defaultIndex: string[]; +} +export interface IndexFieldsSourceStatusArgs { + defaultIndex: string[]; +} +export interface PersistNoteMutationArgs { + noteId?: Maybe; -export interface NetworkDsOverTimeData { - inspect?: Maybe; - - matrixHistogramData: MatrixOverTimeHistogramData[]; + version?: Maybe; - totalCount: number; + note: NoteInput; } +export interface DeleteNoteMutationArgs { + id: string[]; +} +export interface DeleteNoteByTimelineIdMutationArgs { + timelineId: string; -export interface NetworkHttpData { - edges: NetworkHttpEdges[]; - - totalCount: number; + version?: Maybe; +} +export interface PersistPinnedEventOnTimelineMutationArgs { + pinnedEventId?: Maybe; - pageInfo: PageInfoPaginated; + eventId: string; - inspect?: Maybe; + timelineId?: Maybe; +} +export interface DeletePinnedEventOnTimelineMutationArgs { + id: string[]; +} +export interface DeleteAllPinnedEventsOnTimelineMutationArgs { + timelineId: string; } +export interface PersistTimelineMutationArgs { + id?: Maybe; -export interface NetworkHttpEdges { - node: NetworkHttpItem; + version?: Maybe; - cursor: CursorType; + timeline: TimelineInput; +} +export interface PersistFavoriteMutationArgs { + timelineId?: Maybe; +} +export interface DeleteTimelineMutationArgs { + id: string[]; } -export interface NetworkHttpItem { - _id?: Maybe; - - domains: string[]; +import { GraphQLResolveInfo, GraphQLScalarType, GraphQLScalarTypeConfig } from 'graphql'; - lastHost?: Maybe; +export type Resolver = ( + parent: Parent, + args: Args, + context: TContext, + info: GraphQLResolveInfo +) => Promise | Result; - lastSourceIp?: Maybe; +export interface ISubscriptionResolverObject { + subscribe( + parent: P, + args: Args, + context: TContext, + info: GraphQLResolveInfo + ): AsyncIterator | Promise>; + resolve?( + parent: P, + args: Args, + context: TContext, + info: GraphQLResolveInfo + ): R | Result | Promise; +} - methods: string[]; +export type SubscriptionResolver = + | ((...args: any[]) => ISubscriptionResolverObject) + | ISubscriptionResolverObject; - path?: Maybe; +export type TypeResolveFn = ( + parent: Parent, + context: TContext, + info: GraphQLResolveInfo +) => Maybe; - requestCount?: Maybe; +export type NextResolverFn = () => Promise; - statuses: string[]; -} +export type DirectiveResolverFn = ( + next: NextResolverFn, + source: any, + args: TArgs, + context: TContext, + info: GraphQLResolveInfo +) => TResult | Promise; -export interface SayMyName { - /** The id of the source */ - appName: string; -} +export namespace QueryResolvers { + export interface Resolvers { + getNote?: GetNoteResolver; -export interface TimelineResult { - columns?: Maybe; + getNotesByTimelineId?: GetNotesByTimelineIdResolver; - created?: Maybe; + getNotesByEventId?: GetNotesByEventIdResolver; - createdBy?: Maybe; + getAllNotes?: GetAllNotesResolver; - dataProviders?: Maybe; + getAllPinnedEventsByTimelineId?: GetAllPinnedEventsByTimelineIdResolver< + PinnedEvent[], + TypeParent, + TContext + >; + /** Get a security data source by id */ + source?: SourceResolver; + /** Get a list of all security data sources */ + allSources?: AllSourcesResolver; - dateRange?: Maybe; + getOneTimeline?: GetOneTimelineResolver; - description?: Maybe; + getAllTimeline?: GetAllTimelineResolver; + } - eventIdToNoteIds?: Maybe; + export type GetNoteResolver = Resolver< + R, + Parent, + TContext, + GetNoteArgs + >; + export interface GetNoteArgs { + id: string; + } - eventType?: Maybe; + export type GetNotesByTimelineIdResolver< + R = NoteResult[], + Parent = {}, + TContext = SiemContext + > = Resolver; + export interface GetNotesByTimelineIdArgs { + timelineId: string; + } - excludedRowRendererIds?: Maybe; + export type GetNotesByEventIdResolver< + R = NoteResult[], + Parent = {}, + TContext = SiemContext + > = Resolver; + export interface GetNotesByEventIdArgs { + eventId: string; + } - favorite?: Maybe; + export type GetAllNotesResolver< + R = ResponseNotes, + Parent = {}, + TContext = SiemContext + > = Resolver; + export interface GetAllNotesArgs { + pageInfo?: Maybe; - filters?: Maybe; + search?: Maybe; - kqlMode?: Maybe; + sort?: Maybe; + } - kqlQuery?: Maybe; - - indexNames?: Maybe; - - notes?: Maybe; - - noteIds?: Maybe; - - pinnedEventIds?: Maybe; - - pinnedEventsSaveObject?: Maybe; - - savedQueryId?: Maybe; - - savedObjectId: string; - - sort?: Maybe; - - status?: Maybe; - - title?: Maybe; - - templateTimelineId?: Maybe; - - templateTimelineVersion?: Maybe; - - timelineType?: Maybe; - - updated?: Maybe; - - updatedBy?: Maybe; - - version: string; -} - -export interface ColumnHeaderResult { - aggregatable?: Maybe; - - category?: Maybe; - - columnHeaderType?: Maybe; - - description?: Maybe; - - example?: Maybe; - - indexes?: Maybe; - - id?: Maybe; - - name?: Maybe; - - placeholder?: Maybe; - - searchable?: Maybe; - - type?: Maybe; -} - -export interface DataProviderResult { - id?: Maybe; - - name?: Maybe; - - enabled?: Maybe; - - excluded?: Maybe; - - kqlQuery?: Maybe; - - queryMatch?: Maybe; - - type?: Maybe; - - and?: Maybe; -} - -export interface QueryMatchResult { - field?: Maybe; - - displayField?: Maybe; - - value?: Maybe; - - displayValue?: Maybe; - - operator?: Maybe; -} - -export interface DateRangePickerResult { - start?: Maybe; - - end?: Maybe; -} - -export interface FavoriteTimelineResult { - fullName?: Maybe; - - userName?: Maybe; - - favoriteDate?: Maybe; -} - -export interface FilterTimelineResult { - exists?: Maybe; - - meta?: Maybe; - - match_all?: Maybe; - - missing?: Maybe; - - query?: Maybe; - - range?: Maybe; - - script?: Maybe; -} - -export interface FilterMetaTimelineResult { - alias?: Maybe; - - controlledBy?: Maybe; - - disabled?: Maybe; - - field?: Maybe; - - formattedValue?: Maybe; - - index?: Maybe; - - key?: Maybe; - - negate?: Maybe; - - params?: Maybe; - - type?: Maybe; - - value?: Maybe; -} - -export interface SerializedFilterQueryResult { - filterQuery?: Maybe; -} - -export interface SerializedKueryQueryResult { - kuery?: Maybe; - - serializedQuery?: Maybe; -} - -export interface KueryFilterQueryResult { - kind?: Maybe; - - expression?: Maybe; -} - -export interface SortTimelineResult { - columnId?: Maybe; - - sortDirection?: Maybe; -} - -export interface ResponseTimelines { - timeline: (Maybe)[]; - - totalCount?: Maybe; - - defaultTimelineCount?: Maybe; - - templateTimelineCount?: Maybe; - - elasticTemplateTimelineCount?: Maybe; - - customTemplateTimelineCount?: Maybe; - - favoriteCount?: Maybe; -} - -export interface Mutation { - /** Persists a note */ - persistNote: ResponseNote; - - deleteNote?: Maybe; - - deleteNoteByTimelineId?: Maybe; - /** Persists a pinned event in a timeline */ - persistPinnedEventOnTimeline?: Maybe; - /** Remove a pinned events in a timeline */ - deletePinnedEventOnTimeline: boolean; - /** Remove all pinned events in a timeline */ - deleteAllPinnedEventsOnTimeline: boolean; - /** Persists a timeline */ - persistTimeline: ResponseTimeline; - - persistFavorite: ResponseFavoriteTimeline; - - deleteTimeline: boolean; -} - -export interface ResponseNote { - code?: Maybe; - - message?: Maybe; - - note: NoteResult; -} - -export interface ResponseTimeline { - code?: Maybe; - - message?: Maybe; - - timeline: TimelineResult; -} - -export interface ResponseFavoriteTimeline { - code?: Maybe; - - message?: Maybe; - - savedObjectId: string; - - version: string; - - favorite?: Maybe; -} - -export interface EcsEdges { - node: Ecs; - - cursor: CursorType; -} - -export interface EventsTimelineData { - edges: EcsEdges[]; - - totalCount: number; - - pageInfo: PageInfo; - - inspect?: Maybe; -} - -export interface OsFields { - platform?: Maybe; - - name?: Maybe; - - full?: Maybe; - - family?: Maybe; - - version?: Maybe; - - kernel?: Maybe; -} - -export interface HostFields { - architecture?: Maybe; - - id?: Maybe; - - ip?: Maybe<(Maybe)[]>; - - mac?: Maybe<(Maybe)[]>; - - name?: Maybe; - - os?: Maybe; - - type?: Maybe; -} - -/** A descriptor of a field in an index */ -export interface IndexField { - /** Where the field belong */ - category: string; - /** Example of field's value */ - example?: Maybe; - /** whether the field's belong to an alias index */ - indexes: (Maybe)[]; - /** The name of the field */ - name: string; - /** The type of the field's values as recognized by Kibana */ - type: string; - /** Whether the field's values can be efficiently searched for */ - searchable: boolean; - /** Whether the field's values can be aggregated */ - aggregatable: boolean; - /** Description of the field */ - description?: Maybe; - - format?: Maybe; - /** the elastic type as mapped in the index */ - esTypes?: Maybe; - - subType?: Maybe; -} - -// ==================================================== -// Arguments -// ==================================================== - -export interface GetNoteQueryArgs { - id: string; -} -export interface GetNotesByTimelineIdQueryArgs { - timelineId: string; -} -export interface GetNotesByEventIdQueryArgs { - eventId: string; -} -export interface GetAllNotesQueryArgs { - pageInfo?: Maybe; - - search?: Maybe; - - sort?: Maybe; -} -export interface GetAllPinnedEventsByTimelineIdQueryArgs { - timelineId: string; -} -export interface SourceQueryArgs { - /** The id of the source */ - id: string; -} -export interface GetOneTimelineQueryArgs { - id: string; -} -export interface GetAllTimelineQueryArgs { - pageInfo: PageInfoTimeline; - - search?: Maybe; - - sort?: Maybe; - - onlyUserFavorite?: Maybe; - - timelineType?: Maybe; - - status?: Maybe; -} -export interface AuthenticationsSourceArgs { - timerange: TimerangeInput; - - pagination: PaginationInputPaginated; - - filterQuery?: Maybe; - - defaultIndex: string[]; - - docValueFields: DocValueFieldsInput[]; -} -export interface TimelineSourceArgs { - pagination: PaginationInput; - - sortField: SortField; - - fieldRequested: string[]; - - timerange?: Maybe; - - filterQuery?: Maybe; - - defaultIndex: string[]; - - docValueFields: DocValueFieldsInput[]; -} -export interface TimelineDetailsSourceArgs { - eventId: string; - - indexName: string; - - defaultIndex: string[]; - - docValueFields: DocValueFieldsInput[]; -} -export interface LastEventTimeSourceArgs { - id?: Maybe; - - indexKey: LastEventIndexKey; - - details: LastTimeDetails; - - defaultIndex: string[]; - - docValueFields: DocValueFieldsInput[]; -} -export interface HostsSourceArgs { - id?: Maybe; - - timerange: TimerangeInput; - - pagination: PaginationInputPaginated; - - sort: HostsSortField; - - filterQuery?: Maybe; - - defaultIndex: string[]; - - docValueFields: DocValueFieldsInput[]; -} -export interface HostOverviewSourceArgs { - id?: Maybe; - - hostName: string; - - timerange: TimerangeInput; - - defaultIndex: string[]; -} -export interface HostFirstLastSeenSourceArgs { - id?: Maybe; - - hostName: string; - - defaultIndex: string[]; - - docValueFields: DocValueFieldsInput[]; -} -export interface KpiNetworkSourceArgs { - id?: Maybe; - - timerange: TimerangeInput; - - filterQuery?: Maybe; - - defaultIndex: string[]; -} -export interface KpiHostsSourceArgs { - id?: Maybe; - - timerange: TimerangeInput; - - filterQuery?: Maybe; - - defaultIndex: string[]; -} -export interface KpiHostDetailsSourceArgs { - id?: Maybe; - - timerange: TimerangeInput; - - filterQuery?: Maybe; - - defaultIndex: string[]; -} -export interface MatrixHistogramSourceArgs { - filterQuery?: Maybe; - - defaultIndex: string[]; - - timerange: TimerangeInput; - - stackByField: string; - - histogramType: HistogramType; -} -export interface NetworkTopCountriesSourceArgs { - id?: Maybe; - - filterQuery?: Maybe; - - ip?: Maybe; - - flowTarget: FlowTargetSourceDest; - - pagination: PaginationInputPaginated; - - sort: NetworkTopTablesSortField; - - timerange: TimerangeInput; - - defaultIndex: string[]; -} -export interface NetworkTopNFlowSourceArgs { - id?: Maybe; - - filterQuery?: Maybe; - - ip?: Maybe; - - flowTarget: FlowTargetSourceDest; - - pagination: PaginationInputPaginated; - - sort: NetworkTopTablesSortField; - - timerange: TimerangeInput; - - defaultIndex: string[]; -} -export interface NetworkDnsSourceArgs { - filterQuery?: Maybe; - - id?: Maybe; - - isPtrIncluded: boolean; - - pagination: PaginationInputPaginated; - - sort: NetworkDnsSortField; - - stackByField?: Maybe; - - timerange: TimerangeInput; - - defaultIndex: string[]; -} -export interface NetworkDnsHistogramSourceArgs { - filterQuery?: Maybe; - - defaultIndex: string[]; - - timerange: TimerangeInput; - - stackByField?: Maybe; - - docValueFields: DocValueFieldsInput[]; -} -export interface NetworkHttpSourceArgs { - id?: Maybe; - - filterQuery?: Maybe; - - ip?: Maybe; - - pagination: PaginationInputPaginated; - - sort: NetworkHttpSortField; - - timerange: TimerangeInput; - - defaultIndex: string[]; -} -export interface IndicesExistSourceStatusArgs { - defaultIndex: string[]; -} -export interface IndexFieldsSourceStatusArgs { - defaultIndex: string[]; -} -export interface PersistNoteMutationArgs { - noteId?: Maybe; - - version?: Maybe; - - note: NoteInput; -} -export interface DeleteNoteMutationArgs { - id: string[]; -} -export interface DeleteNoteByTimelineIdMutationArgs { - timelineId: string; - - version?: Maybe; -} -export interface PersistPinnedEventOnTimelineMutationArgs { - pinnedEventId?: Maybe; - - eventId: string; - - timelineId?: Maybe; -} -export interface DeletePinnedEventOnTimelineMutationArgs { - id: string[]; -} -export interface DeleteAllPinnedEventsOnTimelineMutationArgs { - timelineId: string; -} -export interface PersistTimelineMutationArgs { - id?: Maybe; - - version?: Maybe; - - timeline: TimelineInput; -} -export interface PersistFavoriteMutationArgs { - timelineId?: Maybe; -} -export interface DeleteTimelineMutationArgs { - id: string[]; -} - -import { GraphQLResolveInfo, GraphQLScalarType, GraphQLScalarTypeConfig } from 'graphql'; - -export type Resolver = ( - parent: Parent, - args: Args, - context: TContext, - info: GraphQLResolveInfo -) => Promise | Result; - -export interface ISubscriptionResolverObject { - subscribe( - parent: P, - args: Args, - context: TContext, - info: GraphQLResolveInfo - ): AsyncIterator | Promise>; - resolve?( - parent: P, - args: Args, - context: TContext, - info: GraphQLResolveInfo - ): R | Result | Promise; -} - -export type SubscriptionResolver = - | ((...args: any[]) => ISubscriptionResolverObject) - | ISubscriptionResolverObject; - -export type TypeResolveFn = ( - parent: Parent, - context: TContext, - info: GraphQLResolveInfo -) => Maybe; - -export type NextResolverFn = () => Promise; - -export type DirectiveResolverFn = ( - next: NextResolverFn, - source: any, - args: TArgs, - context: TContext, - info: GraphQLResolveInfo -) => TResult | Promise; - -export namespace QueryResolvers { - export interface Resolvers { - getNote?: GetNoteResolver; - - getNotesByTimelineId?: GetNotesByTimelineIdResolver; - - getNotesByEventId?: GetNotesByEventIdResolver; - - getAllNotes?: GetAllNotesResolver; - - getAllPinnedEventsByTimelineId?: GetAllPinnedEventsByTimelineIdResolver< - PinnedEvent[], - TypeParent, - TContext - >; - /** Get a security data source by id */ - source?: SourceResolver; - /** Get a list of all security data sources */ - allSources?: AllSourcesResolver; - - getOneTimeline?: GetOneTimelineResolver; - - getAllTimeline?: GetAllTimelineResolver; - } - - export type GetNoteResolver = Resolver< - R, - Parent, - TContext, - GetNoteArgs - >; - export interface GetNoteArgs { - id: string; - } - - export type GetNotesByTimelineIdResolver< - R = NoteResult[], - Parent = {}, - TContext = SiemContext - > = Resolver; - export interface GetNotesByTimelineIdArgs { - timelineId: string; - } - - export type GetNotesByEventIdResolver< - R = NoteResult[], - Parent = {}, - TContext = SiemContext - > = Resolver; - export interface GetNotesByEventIdArgs { - eventId: string; - } - - export type GetAllNotesResolver< - R = ResponseNotes, - Parent = {}, - TContext = SiemContext - > = Resolver; - export interface GetAllNotesArgs { - pageInfo?: Maybe; - - search?: Maybe; - - sort?: Maybe; - } - - export type GetAllPinnedEventsByTimelineIdResolver< - R = PinnedEvent[], - Parent = {}, - TContext = SiemContext - > = Resolver; - export interface GetAllPinnedEventsByTimelineIdArgs { - timelineId: string; - } - - export type SourceResolver = Resolver< - R, - Parent, - TContext, - SourceArgs - >; - export interface SourceArgs { - /** The id of the source */ - id: string; - } - - export type AllSourcesResolver = Resolver< - R, - Parent, - TContext - >; - export type GetOneTimelineResolver< - R = TimelineResult, - Parent = {}, - TContext = SiemContext - > = Resolver; - export interface GetOneTimelineArgs { - id: string; - } - - export type GetAllTimelineResolver< - R = ResponseTimelines, - Parent = {}, - TContext = SiemContext - > = Resolver; - export interface GetAllTimelineArgs { - pageInfo: PageInfoTimeline; - - search?: Maybe; - - sort?: Maybe; - - onlyUserFavorite?: Maybe; - - timelineType?: Maybe; - - status?: Maybe; - } -} - -export namespace NoteResultResolvers { - export interface Resolvers { - eventId?: EventIdResolver, TypeParent, TContext>; - - note?: NoteResolver, TypeParent, TContext>; - - timelineId?: TimelineIdResolver, TypeParent, TContext>; - - noteId?: NoteIdResolver; - - created?: CreatedResolver, TypeParent, TContext>; - - createdBy?: CreatedByResolver, TypeParent, TContext>; - - timelineVersion?: TimelineVersionResolver, TypeParent, TContext>; - - updated?: UpdatedResolver, TypeParent, TContext>; - - updatedBy?: UpdatedByResolver, TypeParent, TContext>; - - version?: VersionResolver, TypeParent, TContext>; - } - - export type EventIdResolver< - R = Maybe, - Parent = NoteResult, - TContext = SiemContext - > = Resolver; - export type NoteResolver< - R = Maybe, - Parent = NoteResult, - TContext = SiemContext - > = Resolver; - export type TimelineIdResolver< - R = Maybe, - Parent = NoteResult, - TContext = SiemContext - > = Resolver; - export type NoteIdResolver = Resolver< - R, - Parent, - TContext - >; - export type CreatedResolver< - R = Maybe, - Parent = NoteResult, - TContext = SiemContext - > = Resolver; - export type CreatedByResolver< - R = Maybe, - Parent = NoteResult, - TContext = SiemContext - > = Resolver; - export type TimelineVersionResolver< - R = Maybe, - Parent = NoteResult, - TContext = SiemContext - > = Resolver; - export type UpdatedResolver< - R = Maybe, - Parent = NoteResult, - TContext = SiemContext - > = Resolver; - export type UpdatedByResolver< - R = Maybe, - Parent = NoteResult, - TContext = SiemContext - > = Resolver; - export type VersionResolver< - R = Maybe, - Parent = NoteResult, - TContext = SiemContext - > = Resolver; -} - -export namespace ResponseNotesResolvers { - export interface Resolvers { - notes?: NotesResolver; - - totalCount?: TotalCountResolver, TypeParent, TContext>; - } - - export type NotesResolver< - R = NoteResult[], - Parent = ResponseNotes, - TContext = SiemContext - > = Resolver; - export type TotalCountResolver< - R = Maybe, - Parent = ResponseNotes, - TContext = SiemContext - > = Resolver; -} - -export namespace PinnedEventResolvers { - export interface Resolvers { - code?: CodeResolver, TypeParent, TContext>; - - message?: MessageResolver, TypeParent, TContext>; - - pinnedEventId?: PinnedEventIdResolver; - - eventId?: EventIdResolver, TypeParent, TContext>; - - timelineId?: TimelineIdResolver, TypeParent, TContext>; - - timelineVersion?: TimelineVersionResolver, TypeParent, TContext>; - - created?: CreatedResolver, TypeParent, TContext>; - - createdBy?: CreatedByResolver, TypeParent, TContext>; - - updated?: UpdatedResolver, TypeParent, TContext>; - - updatedBy?: UpdatedByResolver, TypeParent, TContext>; - - version?: VersionResolver, TypeParent, TContext>; - } - - export type CodeResolver< - R = Maybe, - Parent = PinnedEvent, - TContext = SiemContext - > = Resolver; - export type MessageResolver< - R = Maybe, - Parent = PinnedEvent, - TContext = SiemContext - > = Resolver; - export type PinnedEventIdResolver< - R = string, - Parent = PinnedEvent, - TContext = SiemContext - > = Resolver; - export type EventIdResolver< - R = Maybe, - Parent = PinnedEvent, - TContext = SiemContext - > = Resolver; - export type TimelineIdResolver< - R = Maybe, - Parent = PinnedEvent, - TContext = SiemContext - > = Resolver; - export type TimelineVersionResolver< - R = Maybe, - Parent = PinnedEvent, - TContext = SiemContext - > = Resolver; - export type CreatedResolver< - R = Maybe, - Parent = PinnedEvent, - TContext = SiemContext - > = Resolver; - export type CreatedByResolver< - R = Maybe, - Parent = PinnedEvent, - TContext = SiemContext - > = Resolver; - export type UpdatedResolver< - R = Maybe, - Parent = PinnedEvent, - TContext = SiemContext - > = Resolver; - export type UpdatedByResolver< - R = Maybe, - Parent = PinnedEvent, - TContext = SiemContext - > = Resolver; - export type VersionResolver< - R = Maybe, - Parent = PinnedEvent, - TContext = SiemContext - > = Resolver; -} - -export namespace SourceResolvers { - export interface Resolvers { - /** The id of the source */ - id?: IdResolver; - /** The raw configuration of the source */ - configuration?: ConfigurationResolver; - /** The status of the source */ - status?: StatusResolver; - /** Gets Authentication success and failures based on a timerange */ - Authentications?: AuthenticationsResolver; - - Timeline?: TimelineResolver; - - TimelineDetails?: TimelineDetailsResolver; - - LastEventTime?: LastEventTimeResolver; - /** Gets Hosts based on timerange and specified criteria, or all events in the timerange if no criteria is specified */ - Hosts?: HostsResolver; - - HostOverview?: HostOverviewResolver; - - HostFirstLastSeen?: HostFirstLastSeenResolver; - - KpiNetwork?: KpiNetworkResolver, TypeParent, TContext>; - - KpiHosts?: KpiHostsResolver; - - KpiHostDetails?: KpiHostDetailsResolver; - - MatrixHistogram?: MatrixHistogramResolver; - - NetworkTopCountries?: NetworkTopCountriesResolver< - NetworkTopCountriesData, - TypeParent, - TContext - >; - - NetworkTopNFlow?: NetworkTopNFlowResolver; - - NetworkDns?: NetworkDnsResolver; - - NetworkDnsHistogram?: NetworkDnsHistogramResolver; - - NetworkHttp?: NetworkHttpResolver; - /** Just a simple example to get the app name */ - whoAmI?: WhoAmIResolver, TypeParent, TContext>; - } - - export type IdResolver = Resolver< - R, - Parent, - TContext - >; - export type ConfigurationResolver< - R = SourceConfiguration, - Parent = Source, - TContext = SiemContext - > = Resolver; - export type StatusResolver = Resolver< - R, - Parent, - TContext - >; - export type AuthenticationsResolver< - R = AuthenticationsData, - Parent = Source, - TContext = SiemContext - > = Resolver; - export interface AuthenticationsArgs { - timerange: TimerangeInput; - - pagination: PaginationInputPaginated; - - filterQuery?: Maybe; - - defaultIndex: string[]; - - docValueFields: DocValueFieldsInput[]; - } - - export type TimelineResolver< - R = TimelineData, - Parent = Source, - TContext = SiemContext - > = Resolver; - export interface TimelineArgs { - pagination: PaginationInput; - - sortField: SortField; - - fieldRequested: string[]; - - timerange?: Maybe; - - filterQuery?: Maybe; - - defaultIndex: string[]; - - docValueFields: DocValueFieldsInput[]; - } - - export type TimelineDetailsResolver< - R = TimelineDetailsData, - Parent = Source, - TContext = SiemContext - > = Resolver; - export interface TimelineDetailsArgs { - eventId: string; - - indexName: string; - - defaultIndex: string[]; - - docValueFields: DocValueFieldsInput[]; - } - - export type LastEventTimeResolver< - R = LastEventTimeData, - Parent = Source, - TContext = SiemContext - > = Resolver; - export interface LastEventTimeArgs { - id?: Maybe; - - indexKey: LastEventIndexKey; - - details: LastTimeDetails; - - defaultIndex: string[]; - - docValueFields: DocValueFieldsInput[]; - } - - export type HostsResolver = Resolver< - R, - Parent, - TContext, - HostsArgs - >; - export interface HostsArgs { - id?: Maybe; - - timerange: TimerangeInput; - - pagination: PaginationInputPaginated; - - sort: HostsSortField; - - filterQuery?: Maybe; - - defaultIndex: string[]; - - docValueFields: DocValueFieldsInput[]; - } - - export type HostOverviewResolver< - R = HostItem, - Parent = Source, - TContext = SiemContext - > = Resolver; - export interface HostOverviewArgs { - id?: Maybe; - - hostName: string; - - timerange: TimerangeInput; - - defaultIndex: string[]; - } - - export type HostFirstLastSeenResolver< - R = FirstLastSeenHost, - Parent = Source, - TContext = SiemContext - > = Resolver; - export interface HostFirstLastSeenArgs { - id?: Maybe; - - hostName: string; - - defaultIndex: string[]; - - docValueFields: DocValueFieldsInput[]; - } - - export type KpiNetworkResolver< - R = Maybe, - Parent = Source, - TContext = SiemContext - > = Resolver; - export interface KpiNetworkArgs { - id?: Maybe; - - timerange: TimerangeInput; - - filterQuery?: Maybe; - - defaultIndex: string[]; - } - - export type KpiHostsResolver< - R = KpiHostsData, - Parent = Source, - TContext = SiemContext - > = Resolver; - export interface KpiHostsArgs { - id?: Maybe; - - timerange: TimerangeInput; - - filterQuery?: Maybe; - - defaultIndex: string[]; - } - - export type KpiHostDetailsResolver< - R = KpiHostDetailsData, - Parent = Source, - TContext = SiemContext - > = Resolver; - export interface KpiHostDetailsArgs { - id?: Maybe; - - timerange: TimerangeInput; - - filterQuery?: Maybe; - - defaultIndex: string[]; - } - - export type MatrixHistogramResolver< - R = MatrixHistogramOverTimeData, - Parent = Source, - TContext = SiemContext - > = Resolver; - export interface MatrixHistogramArgs { - filterQuery?: Maybe; - - defaultIndex: string[]; - - timerange: TimerangeInput; - - stackByField: string; - - histogramType: HistogramType; - } - - export type NetworkTopCountriesResolver< - R = NetworkTopCountriesData, - Parent = Source, - TContext = SiemContext - > = Resolver; - export interface NetworkTopCountriesArgs { - id?: Maybe; - - filterQuery?: Maybe; - - ip?: Maybe; - - flowTarget: FlowTargetSourceDest; - - pagination: PaginationInputPaginated; - - sort: NetworkTopTablesSortField; - - timerange: TimerangeInput; - - defaultIndex: string[]; - } - - export type NetworkTopNFlowResolver< - R = NetworkTopNFlowData, - Parent = Source, - TContext = SiemContext - > = Resolver; - export interface NetworkTopNFlowArgs { - id?: Maybe; - - filterQuery?: Maybe; - - ip?: Maybe; - - flowTarget: FlowTargetSourceDest; - - pagination: PaginationInputPaginated; - - sort: NetworkTopTablesSortField; - - timerange: TimerangeInput; - - defaultIndex: string[]; - } - - export type NetworkDnsResolver< - R = NetworkDnsData, - Parent = Source, - TContext = SiemContext - > = Resolver; - export interface NetworkDnsArgs { - filterQuery?: Maybe; - - id?: Maybe; - - isPtrIncluded: boolean; - - pagination: PaginationInputPaginated; - - sort: NetworkDnsSortField; - - stackByField?: Maybe; - - timerange: TimerangeInput; - - defaultIndex: string[]; - } - - export type NetworkDnsHistogramResolver< - R = NetworkDsOverTimeData, - Parent = Source, - TContext = SiemContext - > = Resolver; - export interface NetworkDnsHistogramArgs { - filterQuery?: Maybe; - - defaultIndex: string[]; - - timerange: TimerangeInput; - - stackByField?: Maybe; - - docValueFields: DocValueFieldsInput[]; - } - - export type NetworkHttpResolver< - R = NetworkHttpData, - Parent = Source, - TContext = SiemContext - > = Resolver; - export interface NetworkHttpArgs { - id?: Maybe; - - filterQuery?: Maybe; - - ip?: Maybe; - - pagination: PaginationInputPaginated; - - sort: NetworkHttpSortField; - - timerange: TimerangeInput; - - defaultIndex: string[]; - } - - export type WhoAmIResolver< - R = Maybe, - Parent = Source, - TContext = SiemContext - > = Resolver; -} -/** A set of configuration options for a security data source */ -export namespace SourceConfigurationResolvers { - export interface Resolvers { - /** The field mapping to use for this source */ - fields?: FieldsResolver; - } - - export type FieldsResolver< - R = SourceFields, - Parent = SourceConfiguration, - TContext = SiemContext - > = Resolver; -} -/** A mapping of semantic fields to their document counterparts */ -export namespace SourceFieldsResolvers { - export interface Resolvers { - /** The field to identify a container by */ - container?: ContainerResolver; - /** The fields to identify a host by */ - host?: HostResolver; - /** The fields that may contain the log event message. The first field found win. */ - message?: MessageResolver; - /** The field to identify a pod by */ - pod?: PodResolver; - /** The field to use as a tiebreaker for log events that have identical timestamps */ - tiebreaker?: TiebreakerResolver; - /** The field to use as a timestamp for metrics and logs */ - timestamp?: TimestampResolver; - } - - export type ContainerResolver< - R = string, - Parent = SourceFields, - TContext = SiemContext - > = Resolver; - export type HostResolver = Resolver< - R, - Parent, - TContext - >; - export type MessageResolver< - R = string[], - Parent = SourceFields, - TContext = SiemContext - > = Resolver; - export type PodResolver = Resolver< - R, - Parent, - TContext - >; - export type TiebreakerResolver< - R = string, - Parent = SourceFields, - TContext = SiemContext - > = Resolver; - export type TimestampResolver< - R = string, - Parent = SourceFields, - TContext = SiemContext - > = Resolver; -} -/** The status of an infrastructure data source */ -export namespace SourceStatusResolvers { - export interface Resolvers { - /** Whether the configured alias or wildcard pattern resolve to any auditbeat indices */ - indicesExist?: IndicesExistResolver; - /** The list of fields defined in the index mappings */ - indexFields?: IndexFieldsResolver; - } - - export type IndicesExistResolver< - R = boolean, - Parent = SourceStatus, - TContext = SiemContext - > = Resolver; - export interface IndicesExistArgs { - defaultIndex: string[]; - } - - export type IndexFieldsResolver< - R = string[], - Parent = SourceStatus, - TContext = SiemContext - > = Resolver; - export interface IndexFieldsArgs { - defaultIndex: string[]; - } -} - -export namespace AuthenticationsDataResolvers { - export interface Resolvers { - edges?: EdgesResolver; - - totalCount?: TotalCountResolver; - - pageInfo?: PageInfoResolver; - - inspect?: InspectResolver, TypeParent, TContext>; - } - - export type EdgesResolver< - R = AuthenticationsEdges[], - Parent = AuthenticationsData, - TContext = SiemContext - > = Resolver; - export type TotalCountResolver< - R = number, - Parent = AuthenticationsData, - TContext = SiemContext - > = Resolver; - export type PageInfoResolver< - R = PageInfoPaginated, - Parent = AuthenticationsData, - TContext = SiemContext - > = Resolver; - export type InspectResolver< - R = Maybe, - Parent = AuthenticationsData, - TContext = SiemContext - > = Resolver; -} - -export namespace AuthenticationsEdgesResolvers { - export interface Resolvers { - node?: NodeResolver; - - cursor?: CursorResolver; - } - - export type NodeResolver< - R = AuthenticationItem, - Parent = AuthenticationsEdges, - TContext = SiemContext - > = Resolver; - export type CursorResolver< - R = CursorType, - Parent = AuthenticationsEdges, - TContext = SiemContext - > = Resolver; -} - -export namespace AuthenticationItemResolvers { - export interface Resolvers { - _id?: _IdResolver; - - failures?: FailuresResolver; - - successes?: SuccessesResolver; - - user?: UserResolver; - - lastSuccess?: LastSuccessResolver, TypeParent, TContext>; - - lastFailure?: LastFailureResolver, TypeParent, TContext>; - } - - export type _IdResolver< - R = string, - Parent = AuthenticationItem, - TContext = SiemContext - > = Resolver; - export type FailuresResolver< - R = number, - Parent = AuthenticationItem, - TContext = SiemContext - > = Resolver; - export type SuccessesResolver< - R = number, - Parent = AuthenticationItem, - TContext = SiemContext - > = Resolver; - export type UserResolver< - R = UserEcsFields, - Parent = AuthenticationItem, - TContext = SiemContext - > = Resolver; - export type LastSuccessResolver< - R = Maybe, - Parent = AuthenticationItem, - TContext = SiemContext - > = Resolver; - export type LastFailureResolver< - R = Maybe, - Parent = AuthenticationItem, - TContext = SiemContext - > = Resolver; -} - -export namespace UserEcsFieldsResolvers { - export interface Resolvers { - domain?: DomainResolver, TypeParent, TContext>; - - id?: IdResolver, TypeParent, TContext>; - - name?: NameResolver, TypeParent, TContext>; - - full_name?: FullNameResolver, TypeParent, TContext>; - - email?: EmailResolver, TypeParent, TContext>; - - hash?: HashResolver, TypeParent, TContext>; - - group?: GroupResolver, TypeParent, TContext>; - } - - export type DomainResolver< - R = Maybe, - Parent = UserEcsFields, - TContext = SiemContext - > = Resolver; - export type IdResolver< - R = Maybe, - Parent = UserEcsFields, - TContext = SiemContext - > = Resolver; - export type NameResolver< - R = Maybe, - Parent = UserEcsFields, - TContext = SiemContext - > = Resolver; - export type FullNameResolver< - R = Maybe, - Parent = UserEcsFields, - TContext = SiemContext - > = Resolver; - export type EmailResolver< - R = Maybe, - Parent = UserEcsFields, - TContext = SiemContext - > = Resolver; - export type HashResolver< - R = Maybe, - Parent = UserEcsFields, - TContext = SiemContext - > = Resolver; - export type GroupResolver< - R = Maybe, - Parent = UserEcsFields, - TContext = SiemContext - > = Resolver; -} - -export namespace LastSourceHostResolvers { - export interface Resolvers { - timestamp?: TimestampResolver, TypeParent, TContext>; - - source?: SourceResolver, TypeParent, TContext>; - - host?: HostResolver, TypeParent, TContext>; - } - - export type TimestampResolver< - R = Maybe, - Parent = LastSourceHost, - TContext = SiemContext - > = Resolver; - export type SourceResolver< - R = Maybe, - Parent = LastSourceHost, - TContext = SiemContext - > = Resolver; - export type HostResolver< - R = Maybe, - Parent = LastSourceHost, - TContext = SiemContext - > = Resolver; -} - -export namespace SourceEcsFieldsResolvers { - export interface Resolvers { - bytes?: BytesResolver, TypeParent, TContext>; - - ip?: IpResolver, TypeParent, TContext>; - - port?: PortResolver, TypeParent, TContext>; - - domain?: DomainResolver, TypeParent, TContext>; - - geo?: GeoResolver, TypeParent, TContext>; - - packets?: PacketsResolver, TypeParent, TContext>; - } - - export type BytesResolver< - R = Maybe, - Parent = SourceEcsFields, - TContext = SiemContext - > = Resolver; - export type IpResolver< - R = Maybe, - Parent = SourceEcsFields, - TContext = SiemContext - > = Resolver; - export type PortResolver< - R = Maybe, - Parent = SourceEcsFields, - TContext = SiemContext - > = Resolver; - export type DomainResolver< - R = Maybe, - Parent = SourceEcsFields, - TContext = SiemContext - > = Resolver; - export type GeoResolver< - R = Maybe, - Parent = SourceEcsFields, - TContext = SiemContext - > = Resolver; - export type PacketsResolver< - R = Maybe, - Parent = SourceEcsFields, - TContext = SiemContext - > = Resolver; -} - -export namespace GeoEcsFieldsResolvers { - export interface Resolvers { - city_name?: CityNameResolver, TypeParent, TContext>; - - continent_name?: ContinentNameResolver, TypeParent, TContext>; - - country_iso_code?: CountryIsoCodeResolver, TypeParent, TContext>; - - country_name?: CountryNameResolver, TypeParent, TContext>; - - location?: LocationResolver, TypeParent, TContext>; - - region_iso_code?: RegionIsoCodeResolver, TypeParent, TContext>; - - region_name?: RegionNameResolver, TypeParent, TContext>; - } - - export type CityNameResolver< - R = Maybe, - Parent = GeoEcsFields, - TContext = SiemContext - > = Resolver; - export type ContinentNameResolver< - R = Maybe, - Parent = GeoEcsFields, - TContext = SiemContext - > = Resolver; - export type CountryIsoCodeResolver< - R = Maybe, - Parent = GeoEcsFields, - TContext = SiemContext - > = Resolver; - export type CountryNameResolver< - R = Maybe, - Parent = GeoEcsFields, - TContext = SiemContext - > = Resolver; - export type LocationResolver< - R = Maybe, - Parent = GeoEcsFields, - TContext = SiemContext - > = Resolver; - export type RegionIsoCodeResolver< - R = Maybe, - Parent = GeoEcsFields, - TContext = SiemContext - > = Resolver; - export type RegionNameResolver< - R = Maybe, - Parent = GeoEcsFields, - TContext = SiemContext - > = Resolver; -} - -export namespace LocationResolvers { - export interface Resolvers { - lon?: LonResolver, TypeParent, TContext>; - - lat?: LatResolver, TypeParent, TContext>; - } - - export type LonResolver< - R = Maybe, - Parent = Location, - TContext = SiemContext - > = Resolver; - export type LatResolver< - R = Maybe, - Parent = Location, - TContext = SiemContext - > = Resolver; -} - -export namespace HostEcsFieldsResolvers { - export interface Resolvers { - architecture?: ArchitectureResolver, TypeParent, TContext>; - - id?: IdResolver, TypeParent, TContext>; - - ip?: IpResolver, TypeParent, TContext>; - - mac?: MacResolver, TypeParent, TContext>; - - name?: NameResolver, TypeParent, TContext>; - - os?: OsResolver, TypeParent, TContext>; - - type?: TypeResolver, TypeParent, TContext>; - } - - export type ArchitectureResolver< - R = Maybe, - Parent = HostEcsFields, - TContext = SiemContext - > = Resolver; - export type IdResolver< - R = Maybe, - Parent = HostEcsFields, - TContext = SiemContext - > = Resolver; - export type IpResolver< - R = Maybe, - Parent = HostEcsFields, - TContext = SiemContext - > = Resolver; - export type MacResolver< - R = Maybe, - Parent = HostEcsFields, - TContext = SiemContext - > = Resolver; - export type NameResolver< - R = Maybe, - Parent = HostEcsFields, - TContext = SiemContext - > = Resolver; - export type OsResolver< - R = Maybe, - Parent = HostEcsFields, - TContext = SiemContext - > = Resolver; - export type TypeResolver< - R = Maybe, - Parent = HostEcsFields, - TContext = SiemContext - > = Resolver; -} - -export namespace OsEcsFieldsResolvers { - export interface Resolvers { - platform?: PlatformResolver, TypeParent, TContext>; - - name?: NameResolver, TypeParent, TContext>; - - full?: FullResolver, TypeParent, TContext>; - - family?: FamilyResolver, TypeParent, TContext>; - - version?: VersionResolver, TypeParent, TContext>; - - kernel?: KernelResolver, TypeParent, TContext>; - } - - export type PlatformResolver< - R = Maybe, - Parent = OsEcsFields, - TContext = SiemContext - > = Resolver; - export type NameResolver< - R = Maybe, - Parent = OsEcsFields, - TContext = SiemContext - > = Resolver; - export type FullResolver< - R = Maybe, - Parent = OsEcsFields, - TContext = SiemContext - > = Resolver; - export type FamilyResolver< - R = Maybe, - Parent = OsEcsFields, - TContext = SiemContext - > = Resolver; - export type VersionResolver< - R = Maybe, - Parent = OsEcsFields, - TContext = SiemContext - > = Resolver; - export type KernelResolver< - R = Maybe, - Parent = OsEcsFields, - TContext = SiemContext - > = Resolver; -} - -export namespace CursorTypeResolvers { - export interface Resolvers { - value?: ValueResolver, TypeParent, TContext>; - - tiebreaker?: TiebreakerResolver, TypeParent, TContext>; - } - - export type ValueResolver< - R = Maybe, - Parent = CursorType, - TContext = SiemContext - > = Resolver; - export type TiebreakerResolver< - R = Maybe, - Parent = CursorType, - TContext = SiemContext - > = Resolver; -} - -export namespace PageInfoPaginatedResolvers { - export interface Resolvers { - activePage?: ActivePageResolver; - - fakeTotalCount?: FakeTotalCountResolver; - - showMorePagesIndicator?: ShowMorePagesIndicatorResolver; - } - - export type ActivePageResolver< - R = number, - Parent = PageInfoPaginated, - TContext = SiemContext - > = Resolver; - export type FakeTotalCountResolver< - R = number, - Parent = PageInfoPaginated, - TContext = SiemContext - > = Resolver; - export type ShowMorePagesIndicatorResolver< - R = boolean, - Parent = PageInfoPaginated, - TContext = SiemContext - > = Resolver; -} - -export namespace InspectResolvers { - export interface Resolvers { - dsl?: DslResolver; - - response?: ResponseResolver; - } - - export type DslResolver = Resolver< - R, - Parent, - TContext - >; - export type ResponseResolver = Resolver< - R, - Parent, - TContext - >; -} - -export namespace TimelineDataResolvers { - export interface Resolvers { - edges?: EdgesResolver; - - totalCount?: TotalCountResolver; - - pageInfo?: PageInfoResolver; - - inspect?: InspectResolver, TypeParent, TContext>; - } - - export type EdgesResolver< - R = TimelineEdges[], - Parent = TimelineData, - TContext = SiemContext - > = Resolver; - export type TotalCountResolver< - R = number, - Parent = TimelineData, - TContext = SiemContext - > = Resolver; - export type PageInfoResolver< - R = PageInfo, - Parent = TimelineData, - TContext = SiemContext - > = Resolver; - export type InspectResolver< - R = Maybe, - Parent = TimelineData, - TContext = SiemContext - > = Resolver; -} - -export namespace TimelineEdgesResolvers { - export interface Resolvers { - node?: NodeResolver; - - cursor?: CursorResolver; - } - - export type NodeResolver< - R = TimelineItem, - Parent = TimelineEdges, - TContext = SiemContext - > = Resolver; - export type CursorResolver< - R = CursorType, - Parent = TimelineEdges, - TContext = SiemContext - > = Resolver; -} - -export namespace TimelineItemResolvers { - export interface Resolvers { - _id?: _IdResolver; - - _index?: _IndexResolver, TypeParent, TContext>; - - data?: DataResolver; - - ecs?: EcsResolver; - } - - export type _IdResolver = Resolver< - R, - Parent, - TContext - >; - export type _IndexResolver< - R = Maybe, - Parent = TimelineItem, - TContext = SiemContext - > = Resolver; - export type DataResolver< - R = TimelineNonEcsData[], - Parent = TimelineItem, - TContext = SiemContext - > = Resolver; - export type EcsResolver = Resolver< - R, - Parent, - TContext - >; -} - -export namespace TimelineNonEcsDataResolvers { - export interface Resolvers { - field?: FieldResolver; - - value?: ValueResolver, TypeParent, TContext>; - } - - export type FieldResolver< - R = string, - Parent = TimelineNonEcsData, - TContext = SiemContext - > = Resolver; - export type ValueResolver< - R = Maybe, - Parent = TimelineNonEcsData, - TContext = SiemContext - > = Resolver; -} - -export namespace EcsResolvers { - export interface Resolvers { - _id?: _IdResolver; - - _index?: _IndexResolver, TypeParent, TContext>; - - agent?: AgentResolver, TypeParent, TContext>; - - auditd?: AuditdResolver, TypeParent, TContext>; - - destination?: DestinationResolver, TypeParent, TContext>; - - dns?: DnsResolver, TypeParent, TContext>; - - endgame?: EndgameResolver, TypeParent, TContext>; - - event?: EventResolver, TypeParent, TContext>; - - geo?: GeoResolver, TypeParent, TContext>; - - host?: HostResolver, TypeParent, TContext>; - - network?: NetworkResolver, TypeParent, TContext>; - - rule?: RuleResolver, TypeParent, TContext>; - - signal?: SignalResolver, TypeParent, TContext>; - - source?: SourceResolver, TypeParent, TContext>; - - suricata?: SuricataResolver, TypeParent, TContext>; - - tls?: TlsResolver, TypeParent, TContext>; - - zeek?: ZeekResolver, TypeParent, TContext>; - - http?: HttpResolver, TypeParent, TContext>; - - url?: UrlResolver, TypeParent, TContext>; - - timestamp?: TimestampResolver, TypeParent, TContext>; - - message?: MessageResolver, TypeParent, TContext>; - - user?: UserResolver, TypeParent, TContext>; - - winlog?: WinlogResolver, TypeParent, TContext>; - - process?: ProcessResolver, TypeParent, TContext>; - - file?: FileResolver, TypeParent, TContext>; - - system?: SystemResolver, TypeParent, TContext>; - } - - export type _IdResolver = Resolver< - R, - Parent, - TContext - >; - export type _IndexResolver, Parent = Ecs, TContext = SiemContext> = Resolver< - R, - Parent, - TContext - >; - export type AgentResolver< - R = Maybe, - Parent = Ecs, - TContext = SiemContext - > = Resolver; - export type AuditdResolver< - R = Maybe, - Parent = Ecs, - TContext = SiemContext - > = Resolver; - export type DestinationResolver< - R = Maybe, - Parent = Ecs, - TContext = SiemContext - > = Resolver; - export type DnsResolver, Parent = Ecs, TContext = SiemContext> = Resolver< - R, - Parent, - TContext - >; - export type EndgameResolver< - R = Maybe, - Parent = Ecs, - TContext = SiemContext - > = Resolver; - export type EventResolver< - R = Maybe, - Parent = Ecs, - TContext = SiemContext - > = Resolver; - export type GeoResolver, Parent = Ecs, TContext = SiemContext> = Resolver< - R, - Parent, - TContext - >; - export type HostResolver< - R = Maybe, - Parent = Ecs, - TContext = SiemContext - > = Resolver; - export type NetworkResolver< - R = Maybe, - Parent = Ecs, - TContext = SiemContext - > = Resolver; - export type RuleResolver< - R = Maybe, - Parent = Ecs, - TContext = SiemContext - > = Resolver; - export type SignalResolver< - R = Maybe, - Parent = Ecs, - TContext = SiemContext - > = Resolver; - export type SourceResolver< - R = Maybe, - Parent = Ecs, - TContext = SiemContext - > = Resolver; - export type SuricataResolver< - R = Maybe, - Parent = Ecs, - TContext = SiemContext - > = Resolver; - export type TlsResolver, Parent = Ecs, TContext = SiemContext> = Resolver< - R, - Parent, - TContext - >; - export type ZeekResolver< - R = Maybe, - Parent = Ecs, - TContext = SiemContext - > = Resolver; - export type HttpResolver< - R = Maybe, - Parent = Ecs, - TContext = SiemContext - > = Resolver; - export type UrlResolver, Parent = Ecs, TContext = SiemContext> = Resolver< - R, - Parent, - TContext - >; - export type TimestampResolver, Parent = Ecs, TContext = SiemContext> = Resolver< - R, - Parent, - TContext - >; - export type MessageResolver< - R = Maybe, - Parent = Ecs, - TContext = SiemContext - > = Resolver; - export type UserResolver< - R = Maybe, - Parent = Ecs, - TContext = SiemContext - > = Resolver; - export type WinlogResolver< - R = Maybe, - Parent = Ecs, - TContext = SiemContext - > = Resolver; - export type ProcessResolver< - R = Maybe, - Parent = Ecs, - TContext = SiemContext - > = Resolver; - export type FileResolver, Parent = Ecs, TContext = SiemContext> = Resolver< - R, - Parent, - TContext - >; - export type SystemResolver< - R = Maybe, - Parent = Ecs, - TContext = SiemContext - > = Resolver; -} - -export namespace AgentEcsFieldResolvers { - export interface Resolvers { - type?: TypeResolver, TypeParent, TContext>; - } - - export type TypeResolver< - R = Maybe, - Parent = AgentEcsField, - TContext = SiemContext - > = Resolver; -} - -export namespace AuditdEcsFieldsResolvers { - export interface Resolvers { - result?: ResultResolver, TypeParent, TContext>; - - session?: SessionResolver, TypeParent, TContext>; - - data?: DataResolver, TypeParent, TContext>; - - summary?: SummaryResolver, TypeParent, TContext>; - - sequence?: SequenceResolver, TypeParent, TContext>; - } - - export type ResultResolver< - R = Maybe, - Parent = AuditdEcsFields, - TContext = SiemContext - > = Resolver; - export type SessionResolver< - R = Maybe, - Parent = AuditdEcsFields, - TContext = SiemContext - > = Resolver; - export type DataResolver< - R = Maybe, - Parent = AuditdEcsFields, - TContext = SiemContext - > = Resolver; - export type SummaryResolver< - R = Maybe, - Parent = AuditdEcsFields, - TContext = SiemContext - > = Resolver; - export type SequenceResolver< - R = Maybe, - Parent = AuditdEcsFields, - TContext = SiemContext - > = Resolver; -} - -export namespace AuditdDataResolvers { - export interface Resolvers { - acct?: AcctResolver, TypeParent, TContext>; - - terminal?: TerminalResolver, TypeParent, TContext>; - - op?: OpResolver, TypeParent, TContext>; - } - - export type AcctResolver< - R = Maybe, - Parent = AuditdData, - TContext = SiemContext - > = Resolver; - export type TerminalResolver< - R = Maybe, - Parent = AuditdData, - TContext = SiemContext - > = Resolver; - export type OpResolver< - R = Maybe, - Parent = AuditdData, - TContext = SiemContext - > = Resolver; -} - -export namespace SummaryResolvers { - export interface Resolvers { - actor?: ActorResolver, TypeParent, TContext>; - - object?: ObjectResolver, TypeParent, TContext>; - - how?: HowResolver, TypeParent, TContext>; - - message_type?: MessageTypeResolver, TypeParent, TContext>; - - sequence?: SequenceResolver, TypeParent, TContext>; - } - - export type ActorResolver< - R = Maybe, - Parent = Summary, - TContext = SiemContext - > = Resolver; - export type ObjectResolver< - R = Maybe, - Parent = Summary, - TContext = SiemContext - > = Resolver; - export type HowResolver< - R = Maybe, - Parent = Summary, - TContext = SiemContext - > = Resolver; - export type MessageTypeResolver< - R = Maybe, - Parent = Summary, - TContext = SiemContext - > = Resolver; - export type SequenceResolver< - R = Maybe, - Parent = Summary, - TContext = SiemContext - > = Resolver; -} - -export namespace PrimarySecondaryResolvers { - export interface Resolvers { - primary?: PrimaryResolver, TypeParent, TContext>; - - secondary?: SecondaryResolver, TypeParent, TContext>; - - type?: TypeResolver, TypeParent, TContext>; - } - - export type PrimaryResolver< - R = Maybe, - Parent = PrimarySecondary, - TContext = SiemContext - > = Resolver; - export type SecondaryResolver< - R = Maybe, - Parent = PrimarySecondary, - TContext = SiemContext - > = Resolver; - export type TypeResolver< - R = Maybe, - Parent = PrimarySecondary, - TContext = SiemContext - > = Resolver; -} - -export namespace DestinationEcsFieldsResolvers { - export interface Resolvers { - bytes?: BytesResolver, TypeParent, TContext>; - - ip?: IpResolver, TypeParent, TContext>; - - port?: PortResolver, TypeParent, TContext>; - - domain?: DomainResolver, TypeParent, TContext>; - - geo?: GeoResolver, TypeParent, TContext>; + export type GetAllPinnedEventsByTimelineIdResolver< + R = PinnedEvent[], + Parent = {}, + TContext = SiemContext + > = Resolver; + export interface GetAllPinnedEventsByTimelineIdArgs { + timelineId: string; + } - packets?: PacketsResolver, TypeParent, TContext>; + export type SourceResolver = Resolver< + R, + Parent, + TContext, + SourceArgs + >; + export interface SourceArgs { + /** The id of the source */ + id: string; } - export type BytesResolver< - R = Maybe, - Parent = DestinationEcsFields, - TContext = SiemContext - > = Resolver; - export type IpResolver< - R = Maybe, - Parent = DestinationEcsFields, - TContext = SiemContext - > = Resolver; - export type PortResolver< - R = Maybe, - Parent = DestinationEcsFields, - TContext = SiemContext - > = Resolver; - export type DomainResolver< - R = Maybe, - Parent = DestinationEcsFields, - TContext = SiemContext - > = Resolver; - export type GeoResolver< - R = Maybe, - Parent = DestinationEcsFields, - TContext = SiemContext - > = Resolver; - export type PacketsResolver< - R = Maybe, - Parent = DestinationEcsFields, + export type AllSourcesResolver = Resolver< + R, + Parent, + TContext + >; + export type GetOneTimelineResolver< + R = TimelineResult, + Parent = {}, TContext = SiemContext - > = Resolver; -} - -export namespace DnsEcsFieldsResolvers { - export interface Resolvers { - question?: QuestionResolver, TypeParent, TContext>; - - resolved_ip?: ResolvedIpResolver, TypeParent, TContext>; - - response_code?: ResponseCodeResolver, TypeParent, TContext>; + > = Resolver; + export interface GetOneTimelineArgs { + id: string; } - export type QuestionResolver< - R = Maybe, - Parent = DnsEcsFields, - TContext = SiemContext - > = Resolver; - export type ResolvedIpResolver< - R = Maybe, - Parent = DnsEcsFields, - TContext = SiemContext - > = Resolver; - export type ResponseCodeResolver< - R = Maybe, - Parent = DnsEcsFields, + export type GetAllTimelineResolver< + R = ResponseTimelines, + Parent = {}, TContext = SiemContext - > = Resolver; -} - -export namespace DnsQuestionDataResolvers { - export interface Resolvers { - name?: NameResolver, TypeParent, TContext>; + > = Resolver; + export interface GetAllTimelineArgs { + pageInfo: PageInfoTimeline; - type?: TypeResolver, TypeParent, TContext>; - } + search?: Maybe; - export type NameResolver< - R = Maybe, - Parent = DnsQuestionData, - TContext = SiemContext - > = Resolver; - export type TypeResolver< - R = Maybe, - Parent = DnsQuestionData, - TContext = SiemContext - > = Resolver; -} + sort?: Maybe; -export namespace EndgameEcsFieldsResolvers { - export interface Resolvers { - exit_code?: ExitCodeResolver, TypeParent, TContext>; + onlyUserFavorite?: Maybe; - file_name?: FileNameResolver, TypeParent, TContext>; + timelineType?: Maybe; - file_path?: FilePathResolver, TypeParent, TContext>; + status?: Maybe; + } +} - logon_type?: LogonTypeResolver, TypeParent, TContext>; +export namespace NoteResultResolvers { + export interface Resolvers { + eventId?: EventIdResolver, TypeParent, TContext>; - parent_process_name?: ParentProcessNameResolver, TypeParent, TContext>; + note?: NoteResolver, TypeParent, TContext>; - pid?: PidResolver, TypeParent, TContext>; + timelineId?: TimelineIdResolver, TypeParent, TContext>; - process_name?: ProcessNameResolver, TypeParent, TContext>; + noteId?: NoteIdResolver; - subject_domain_name?: SubjectDomainNameResolver, TypeParent, TContext>; + created?: CreatedResolver, TypeParent, TContext>; - subject_logon_id?: SubjectLogonIdResolver, TypeParent, TContext>; + createdBy?: CreatedByResolver, TypeParent, TContext>; - subject_user_name?: SubjectUserNameResolver, TypeParent, TContext>; + timelineVersion?: TimelineVersionResolver, TypeParent, TContext>; - target_domain_name?: TargetDomainNameResolver, TypeParent, TContext>; + updated?: UpdatedResolver, TypeParent, TContext>; - target_logon_id?: TargetLogonIdResolver, TypeParent, TContext>; + updatedBy?: UpdatedByResolver, TypeParent, TContext>; - target_user_name?: TargetUserNameResolver, TypeParent, TContext>; + version?: VersionResolver, TypeParent, TContext>; } - export type ExitCodeResolver< - R = Maybe, - Parent = EndgameEcsFields, - TContext = SiemContext - > = Resolver; - export type FileNameResolver< - R = Maybe, - Parent = EndgameEcsFields, - TContext = SiemContext - > = Resolver; - export type FilePathResolver< - R = Maybe, - Parent = EndgameEcsFields, + export type EventIdResolver< + R = Maybe, + Parent = NoteResult, TContext = SiemContext > = Resolver; - export type LogonTypeResolver< - R = Maybe, - Parent = EndgameEcsFields, + export type NoteResolver< + R = Maybe, + Parent = NoteResult, TContext = SiemContext > = Resolver; - export type ParentProcessNameResolver< - R = Maybe, - Parent = EndgameEcsFields, + export type TimelineIdResolver< + R = Maybe, + Parent = NoteResult, TContext = SiemContext > = Resolver; - export type PidResolver< - R = Maybe, - Parent = EndgameEcsFields, + export type NoteIdResolver = Resolver< + R, + Parent, + TContext + >; + export type CreatedResolver< + R = Maybe, + Parent = NoteResult, TContext = SiemContext > = Resolver; - export type ProcessNameResolver< - R = Maybe, - Parent = EndgameEcsFields, + export type CreatedByResolver< + R = Maybe, + Parent = NoteResult, TContext = SiemContext > = Resolver; - export type SubjectDomainNameResolver< - R = Maybe, - Parent = EndgameEcsFields, + export type TimelineVersionResolver< + R = Maybe, + Parent = NoteResult, TContext = SiemContext > = Resolver; - export type SubjectLogonIdResolver< - R = Maybe, - Parent = EndgameEcsFields, + export type UpdatedResolver< + R = Maybe, + Parent = NoteResult, TContext = SiemContext > = Resolver; - export type SubjectUserNameResolver< - R = Maybe, - Parent = EndgameEcsFields, + export type UpdatedByResolver< + R = Maybe, + Parent = NoteResult, TContext = SiemContext > = Resolver; - export type TargetDomainNameResolver< - R = Maybe, - Parent = EndgameEcsFields, + export type VersionResolver< + R = Maybe, + Parent = NoteResult, TContext = SiemContext > = Resolver; - export type TargetLogonIdResolver< - R = Maybe, - Parent = EndgameEcsFields, +} + +export namespace ResponseNotesResolvers { + export interface Resolvers { + notes?: NotesResolver; + + totalCount?: TotalCountResolver, TypeParent, TContext>; + } + + export type NotesResolver< + R = NoteResult[], + Parent = ResponseNotes, TContext = SiemContext > = Resolver; - export type TargetUserNameResolver< - R = Maybe, - Parent = EndgameEcsFields, + export type TotalCountResolver< + R = Maybe, + Parent = ResponseNotes, TContext = SiemContext > = Resolver; } -export namespace EventEcsFieldsResolvers { - export interface Resolvers { - action?: ActionResolver, TypeParent, TContext>; - - category?: CategoryResolver, TypeParent, TContext>; - - code?: CodeResolver, TypeParent, TContext>; - - created?: CreatedResolver, TypeParent, TContext>; - - dataset?: DatasetResolver, TypeParent, TContext>; - - duration?: DurationResolver, TypeParent, TContext>; - - end?: EndResolver, TypeParent, TContext>; - - hash?: HashResolver, TypeParent, TContext>; - - id?: IdResolver, TypeParent, TContext>; +export namespace PinnedEventResolvers { + export interface Resolvers { + code?: CodeResolver, TypeParent, TContext>; - kind?: KindResolver, TypeParent, TContext>; + message?: MessageResolver, TypeParent, TContext>; - module?: ModuleResolver, TypeParent, TContext>; + pinnedEventId?: PinnedEventIdResolver; - original?: OriginalResolver, TypeParent, TContext>; + eventId?: EventIdResolver, TypeParent, TContext>; - outcome?: OutcomeResolver, TypeParent, TContext>; + timelineId?: TimelineIdResolver, TypeParent, TContext>; - risk_score?: RiskScoreResolver, TypeParent, TContext>; + timelineVersion?: TimelineVersionResolver, TypeParent, TContext>; - risk_score_norm?: RiskScoreNormResolver, TypeParent, TContext>; + created?: CreatedResolver, TypeParent, TContext>; - severity?: SeverityResolver, TypeParent, TContext>; + createdBy?: CreatedByResolver, TypeParent, TContext>; - start?: StartResolver, TypeParent, TContext>; + updated?: UpdatedResolver, TypeParent, TContext>; - timezone?: TimezoneResolver, TypeParent, TContext>; + updatedBy?: UpdatedByResolver, TypeParent, TContext>; - type?: TypeResolver, TypeParent, TContext>; + version?: VersionResolver, TypeParent, TContext>; } - export type ActionResolver< - R = Maybe, - Parent = EventEcsFields, - TContext = SiemContext - > = Resolver; - export type CategoryResolver< - R = Maybe, - Parent = EventEcsFields, - TContext = SiemContext - > = Resolver; export type CodeResolver< - R = Maybe, - Parent = EventEcsFields, - TContext = SiemContext - > = Resolver; - export type CreatedResolver< - R = Maybe, - Parent = EventEcsFields, - TContext = SiemContext - > = Resolver; - export type DatasetResolver< - R = Maybe, - Parent = EventEcsFields, - TContext = SiemContext - > = Resolver; - export type DurationResolver< - R = Maybe, - Parent = EventEcsFields, - TContext = SiemContext - > = Resolver; - export type EndResolver< - R = Maybe, - Parent = EventEcsFields, - TContext = SiemContext - > = Resolver; - export type HashResolver< - R = Maybe, - Parent = EventEcsFields, + R = Maybe, + Parent = PinnedEvent, TContext = SiemContext > = Resolver; - export type IdResolver< - R = Maybe, - Parent = EventEcsFields, + export type MessageResolver< + R = Maybe, + Parent = PinnedEvent, TContext = SiemContext > = Resolver; - export type KindResolver< - R = Maybe, - Parent = EventEcsFields, + export type PinnedEventIdResolver< + R = string, + Parent = PinnedEvent, TContext = SiemContext > = Resolver; - export type ModuleResolver< - R = Maybe, - Parent = EventEcsFields, + export type EventIdResolver< + R = Maybe, + Parent = PinnedEvent, TContext = SiemContext > = Resolver; - export type OriginalResolver< - R = Maybe, - Parent = EventEcsFields, + export type TimelineIdResolver< + R = Maybe, + Parent = PinnedEvent, TContext = SiemContext > = Resolver; - export type OutcomeResolver< - R = Maybe, - Parent = EventEcsFields, + export type TimelineVersionResolver< + R = Maybe, + Parent = PinnedEvent, TContext = SiemContext > = Resolver; - export type RiskScoreResolver< - R = Maybe, - Parent = EventEcsFields, + export type CreatedResolver< + R = Maybe, + Parent = PinnedEvent, TContext = SiemContext > = Resolver; - export type RiskScoreNormResolver< - R = Maybe, - Parent = EventEcsFields, + export type CreatedByResolver< + R = Maybe, + Parent = PinnedEvent, TContext = SiemContext > = Resolver; - export type SeverityResolver< - R = Maybe, - Parent = EventEcsFields, + export type UpdatedResolver< + R = Maybe, + Parent = PinnedEvent, TContext = SiemContext > = Resolver; - export type StartResolver< - R = Maybe, - Parent = EventEcsFields, + export type UpdatedByResolver< + R = Maybe, + Parent = PinnedEvent, TContext = SiemContext > = Resolver; - export type TimezoneResolver< - R = Maybe, - Parent = EventEcsFields, + export type VersionResolver< + R = Maybe, + Parent = PinnedEvent, TContext = SiemContext > = Resolver; - export type TypeResolver< - R = Maybe, - Parent = EventEcsFields, +} + +export namespace SourceResolvers { + export interface Resolvers { + /** The id of the source */ + id?: IdResolver; + /** The raw configuration of the source */ + configuration?: ConfigurationResolver; + /** The status of the source */ + status?: StatusResolver; + /** Gets Hosts based on timerange and specified criteria, or all events in the timerange if no criteria is specified */ + Hosts?: HostsResolver; + + HostOverview?: HostOverviewResolver; + + HostFirstLastSeen?: HostFirstLastSeenResolver; + } + + export type IdResolver = Resolver< + R, + Parent, + TContext + >; + export type ConfigurationResolver< + R = SourceConfiguration, + Parent = Source, TContext = SiemContext > = Resolver; -} + export type StatusResolver = Resolver< + R, + Parent, + TContext + >; + export type HostsResolver = Resolver< + R, + Parent, + TContext, + HostsArgs + >; + export interface HostsArgs { + id?: Maybe; -export namespace NetworkEcsFieldResolvers { - export interface Resolvers { - bytes?: BytesResolver, TypeParent, TContext>; + timerange: TimerangeInput; - community_id?: CommunityIdResolver, TypeParent, TContext>; + pagination: PaginationInputPaginated; - direction?: DirectionResolver, TypeParent, TContext>; + sort: HostsSortField; - packets?: PacketsResolver, TypeParent, TContext>; + filterQuery?: Maybe; - protocol?: ProtocolResolver, TypeParent, TContext>; + defaultIndex: string[]; - transport?: TransportResolver, TypeParent, TContext>; + docValueFields: DocValueFieldsInput[]; } - export type BytesResolver< - R = Maybe, - Parent = NetworkEcsField, + export type HostOverviewResolver< + R = HostItem, + Parent = Source, TContext = SiemContext - > = Resolver; - export type CommunityIdResolver< - R = Maybe, - Parent = NetworkEcsField, + > = Resolver; + export interface HostOverviewArgs { + id?: Maybe; + + hostName: string; + + timerange: TimerangeInput; + + defaultIndex: string[]; + } + + export type HostFirstLastSeenResolver< + R = FirstLastSeenHost, + Parent = Source, + TContext = SiemContext + > = Resolver; + export interface HostFirstLastSeenArgs { + id?: Maybe; + + hostName: string; + + defaultIndex: string[]; + + docValueFields: DocValueFieldsInput[]; + } +} +/** A set of configuration options for a security data source */ +export namespace SourceConfigurationResolvers { + export interface Resolvers { + /** The field mapping to use for this source */ + fields?: FieldsResolver; + } + + export type FieldsResolver< + R = SourceFields, + Parent = SourceConfiguration, TContext = SiemContext > = Resolver; - export type DirectionResolver< - R = Maybe, - Parent = NetworkEcsField, +} +/** A mapping of semantic fields to their document counterparts */ +export namespace SourceFieldsResolvers { + export interface Resolvers { + /** The field to identify a container by */ + container?: ContainerResolver; + /** The fields to identify a host by */ + host?: HostResolver; + /** The fields that may contain the log event message. The first field found win. */ + message?: MessageResolver; + /** The field to identify a pod by */ + pod?: PodResolver; + /** The field to use as a tiebreaker for log events that have identical timestamps */ + tiebreaker?: TiebreakerResolver; + /** The field to use as a timestamp for metrics and logs */ + timestamp?: TimestampResolver; + } + + export type ContainerResolver< + R = string, + Parent = SourceFields, TContext = SiemContext > = Resolver; - export type PacketsResolver< - R = Maybe, - Parent = NetworkEcsField, + export type HostResolver = Resolver< + R, + Parent, + TContext + >; + export type MessageResolver< + R = string[], + Parent = SourceFields, TContext = SiemContext > = Resolver; - export type ProtocolResolver< - R = Maybe, - Parent = NetworkEcsField, + export type PodResolver = Resolver< + R, + Parent, + TContext + >; + export type TiebreakerResolver< + R = string, + Parent = SourceFields, TContext = SiemContext > = Resolver; - export type TransportResolver< - R = Maybe, - Parent = NetworkEcsField, + export type TimestampResolver< + R = string, + Parent = SourceFields, TContext = SiemContext > = Resolver; } +/** The status of an infrastructure data source */ +export namespace SourceStatusResolvers { + export interface Resolvers { + /** Whether the configured alias or wildcard pattern resolve to any auditbeat indices */ + indicesExist?: IndicesExistResolver; + /** The list of fields defined in the index mappings */ + indexFields?: IndexFieldsResolver; + } -export namespace RuleEcsFieldResolvers { - export interface Resolvers { - reference?: ReferenceResolver, TypeParent, TContext>; + export type IndicesExistResolver< + R = boolean, + Parent = SourceStatus, + TContext = SiemContext + > = Resolver; + export interface IndicesExistArgs { + defaultIndex: string[]; } - export type ReferenceResolver< - R = Maybe, - Parent = RuleEcsField, + export type IndexFieldsResolver< + R = string[], + Parent = SourceStatus, TContext = SiemContext - > = Resolver; + > = Resolver; + export interface IndexFieldsArgs { + defaultIndex: string[]; + } } -export namespace SignalFieldResolvers { - export interface Resolvers { - rule?: RuleResolver, TypeParent, TContext>; +export namespace HostsDataResolvers { + export interface Resolvers { + edges?: EdgesResolver; - original_time?: OriginalTimeResolver, TypeParent, TContext>; + totalCount?: TotalCountResolver; - status?: StatusResolver, TypeParent, TContext>; + pageInfo?: PageInfoResolver; + + inspect?: InspectResolver, TypeParent, TContext>; } - export type RuleResolver< - R = Maybe, - Parent = SignalField, + export type EdgesResolver< + R = HostsEdges[], + Parent = HostsData, TContext = SiemContext > = Resolver; - export type OriginalTimeResolver< - R = Maybe, - Parent = SignalField, + export type TotalCountResolver = Resolver< + R, + Parent, + TContext + >; + export type PageInfoResolver< + R = PageInfoPaginated, + Parent = HostsData, TContext = SiemContext > = Resolver; - export type StatusResolver< - R = Maybe, - Parent = SignalField, + export type InspectResolver< + R = Maybe, + Parent = HostsData, TContext = SiemContext > = Resolver; } -export namespace RuleFieldResolvers { - export interface Resolvers { - id?: IdResolver, TypeParent, TContext>; - - rule_id?: RuleIdResolver, TypeParent, TContext>; - - false_positives?: FalsePositivesResolver; - - saved_id?: SavedIdResolver, TypeParent, TContext>; - - timeline_id?: TimelineIdResolver, TypeParent, TContext>; - - timeline_title?: TimelineTitleResolver, TypeParent, TContext>; - - max_signals?: MaxSignalsResolver, TypeParent, TContext>; - - risk_score?: RiskScoreResolver, TypeParent, TContext>; - - output_index?: OutputIndexResolver, TypeParent, TContext>; - - description?: DescriptionResolver, TypeParent, TContext>; - - from?: FromResolver, TypeParent, TContext>; - - immutable?: ImmutableResolver, TypeParent, TContext>; - - index?: IndexResolver, TypeParent, TContext>; - - interval?: IntervalResolver, TypeParent, TContext>; - - language?: LanguageResolver, TypeParent, TContext>; - - query?: QueryResolver, TypeParent, TContext>; - - references?: ReferencesResolver, TypeParent, TContext>; - - severity?: SeverityResolver, TypeParent, TContext>; - - tags?: TagsResolver, TypeParent, TContext>; - - threat?: ThreatResolver, TypeParent, TContext>; - - type?: TypeResolver, TypeParent, TContext>; - - size?: SizeResolver, TypeParent, TContext>; - - to?: ToResolver, TypeParent, TContext>; - - enabled?: EnabledResolver, TypeParent, TContext>; - - filters?: FiltersResolver, TypeParent, TContext>; +export namespace HostsEdgesResolvers { + export interface Resolvers { + node?: NodeResolver; - created_at?: CreatedAtResolver, TypeParent, TContext>; + cursor?: CursorResolver; + } - updated_at?: UpdatedAtResolver, TypeParent, TContext>; + export type NodeResolver = Resolver< + R, + Parent, + TContext + >; + export type CursorResolver< + R = CursorType, + Parent = HostsEdges, + TContext = SiemContext + > = Resolver; +} - created_by?: CreatedByResolver, TypeParent, TContext>; +export namespace HostItemResolvers { + export interface Resolvers { + _id?: _IdResolver, TypeParent, TContext>; - updated_by?: UpdatedByResolver, TypeParent, TContext>; + cloud?: CloudResolver, TypeParent, TContext>; - version?: VersionResolver, TypeParent, TContext>; + endpoint?: EndpointResolver, TypeParent, TContext>; - note?: NoteResolver, TypeParent, TContext>; + host?: HostResolver, TypeParent, TContext>; - threshold?: ThresholdResolver, TypeParent, TContext>; + inspect?: InspectResolver, TypeParent, TContext>; - exceptions_list?: ExceptionsListResolver, TypeParent, TContext>; + lastSeen?: LastSeenResolver, TypeParent, TContext>; } - export type IdResolver< - R = Maybe, - Parent = RuleField, - TContext = SiemContext - > = Resolver; - export type RuleIdResolver< - R = Maybe, - Parent = RuleField, - TContext = SiemContext - > = Resolver; - export type FalsePositivesResolver< - R = string[], - Parent = RuleField, - TContext = SiemContext - > = Resolver; - export type SavedIdResolver< - R = Maybe, - Parent = RuleField, + export type _IdResolver, Parent = HostItem, TContext = SiemContext> = Resolver< + R, + Parent, + TContext + >; + export type CloudResolver< + R = Maybe, + Parent = HostItem, TContext = SiemContext > = Resolver; - export type TimelineIdResolver< - R = Maybe, - Parent = RuleField, + export type EndpointResolver< + R = Maybe, + Parent = HostItem, TContext = SiemContext > = Resolver; - export type TimelineTitleResolver< - R = Maybe, - Parent = RuleField, + export type HostResolver< + R = Maybe, + Parent = HostItem, TContext = SiemContext > = Resolver; - export type MaxSignalsResolver< - R = Maybe, - Parent = RuleField, + export type InspectResolver< + R = Maybe, + Parent = HostItem, TContext = SiemContext > = Resolver; - export type RiskScoreResolver< - R = Maybe, - Parent = RuleField, + export type LastSeenResolver< + R = Maybe, + Parent = HostItem, TContext = SiemContext > = Resolver; - export type OutputIndexResolver< - R = Maybe, - Parent = RuleField, +} + +export namespace CloudFieldsResolvers { + export interface Resolvers { + instance?: InstanceResolver, TypeParent, TContext>; + + machine?: MachineResolver, TypeParent, TContext>; + + provider?: ProviderResolver)[]>, TypeParent, TContext>; + + region?: RegionResolver)[]>, TypeParent, TContext>; + } + + export type InstanceResolver< + R = Maybe, + Parent = CloudFields, TContext = SiemContext > = Resolver; - export type DescriptionResolver< - R = Maybe, - Parent = RuleField, + export type MachineResolver< + R = Maybe, + Parent = CloudFields, TContext = SiemContext > = Resolver; - export type FromResolver< - R = Maybe, - Parent = RuleField, + export type ProviderResolver< + R = Maybe<(Maybe)[]>, + Parent = CloudFields, TContext = SiemContext > = Resolver; - export type ImmutableResolver< - R = Maybe, - Parent = RuleField, + export type RegionResolver< + R = Maybe<(Maybe)[]>, + Parent = CloudFields, TContext = SiemContext > = Resolver; - export type IndexResolver< - R = Maybe, - Parent = RuleField, +} + +export namespace CloudInstanceResolvers { + export interface Resolvers { + id?: IdResolver)[]>, TypeParent, TContext>; + } + + export type IdResolver< + R = Maybe<(Maybe)[]>, + Parent = CloudInstance, TContext = SiemContext > = Resolver; - export type IntervalResolver< - R = Maybe, - Parent = RuleField, +} + +export namespace CloudMachineResolvers { + export interface Resolvers { + type?: TypeResolver)[]>, TypeParent, TContext>; + } + + export type TypeResolver< + R = Maybe<(Maybe)[]>, + Parent = CloudMachine, TContext = SiemContext > = Resolver; - export type LanguageResolver< - R = Maybe, - Parent = RuleField, +} + +export namespace EndpointFieldsResolvers { + export interface Resolvers { + endpointPolicy?: EndpointPolicyResolver, TypeParent, TContext>; + + sensorVersion?: SensorVersionResolver, TypeParent, TContext>; + + policyStatus?: PolicyStatusResolver< + Maybe, + TypeParent, + TContext + >; + } + + export type EndpointPolicyResolver< + R = Maybe, + Parent = EndpointFields, TContext = SiemContext > = Resolver; - export type QueryResolver< - R = Maybe, - Parent = RuleField, + export type SensorVersionResolver< + R = Maybe, + Parent = EndpointFields, TContext = SiemContext > = Resolver; - export type ReferencesResolver< - R = Maybe, - Parent = RuleField, + export type PolicyStatusResolver< + R = Maybe, + Parent = EndpointFields, TContext = SiemContext > = Resolver; - export type SeverityResolver< +} + +export namespace HostEcsFieldsResolvers { + export interface Resolvers { + architecture?: ArchitectureResolver, TypeParent, TContext>; + + id?: IdResolver, TypeParent, TContext>; + + ip?: IpResolver, TypeParent, TContext>; + + mac?: MacResolver, TypeParent, TContext>; + + name?: NameResolver, TypeParent, TContext>; + + os?: OsResolver, TypeParent, TContext>; + + type?: TypeResolver, TypeParent, TContext>; + } + + export type ArchitectureResolver< R = Maybe, - Parent = RuleField, + Parent = HostEcsFields, TContext = SiemContext > = Resolver; - export type TagsResolver< + export type IdResolver< R = Maybe, - Parent = RuleField, - TContext = SiemContext - > = Resolver; - export type ThreatResolver< - R = Maybe, - Parent = RuleField, + Parent = HostEcsFields, TContext = SiemContext > = Resolver; - export type TypeResolver< + export type IpResolver< R = Maybe, - Parent = RuleField, + Parent = HostEcsFields, TContext = SiemContext > = Resolver; - export type SizeResolver< + export type MacResolver< R = Maybe, - Parent = RuleField, + Parent = HostEcsFields, TContext = SiemContext > = Resolver; - export type ToResolver< + export type NameResolver< R = Maybe, - Parent = RuleField, + Parent = HostEcsFields, TContext = SiemContext > = Resolver; - export type EnabledResolver< - R = Maybe, - Parent = RuleField, + export type OsResolver< + R = Maybe, + Parent = HostEcsFields, TContext = SiemContext > = Resolver; - export type FiltersResolver< - R = Maybe, - Parent = RuleField, + export type TypeResolver< + R = Maybe, + Parent = HostEcsFields, TContext = SiemContext > = Resolver; - export type CreatedAtResolver< +} + +export namespace OsEcsFieldsResolvers { + export interface Resolvers { + platform?: PlatformResolver, TypeParent, TContext>; + + name?: NameResolver, TypeParent, TContext>; + + full?: FullResolver, TypeParent, TContext>; + + family?: FamilyResolver, TypeParent, TContext>; + + version?: VersionResolver, TypeParent, TContext>; + + kernel?: KernelResolver, TypeParent, TContext>; + } + + export type PlatformResolver< R = Maybe, - Parent = RuleField, + Parent = OsEcsFields, TContext = SiemContext > = Resolver; - export type UpdatedAtResolver< + export type NameResolver< R = Maybe, - Parent = RuleField, + Parent = OsEcsFields, TContext = SiemContext > = Resolver; - export type CreatedByResolver< + export type FullResolver< R = Maybe, - Parent = RuleField, + Parent = OsEcsFields, TContext = SiemContext > = Resolver; - export type UpdatedByResolver< + export type FamilyResolver< R = Maybe, - Parent = RuleField, + Parent = OsEcsFields, TContext = SiemContext > = Resolver; export type VersionResolver< R = Maybe, - Parent = RuleField, + Parent = OsEcsFields, TContext = SiemContext > = Resolver; - export type NoteResolver< + export type KernelResolver< R = Maybe, - Parent = RuleField, + Parent = OsEcsFields, TContext = SiemContext > = Resolver; - export type ThresholdResolver< - R = Maybe, - Parent = RuleField, +} + +export namespace InspectResolvers { + export interface Resolvers { + dsl?: DslResolver; + + response?: ResponseResolver; + } + + export type DslResolver = Resolver< + R, + Parent, + TContext + >; + export type ResponseResolver = Resolver< + R, + Parent, + TContext + >; +} + +export namespace CursorTypeResolvers { + export interface Resolvers { + value?: ValueResolver, TypeParent, TContext>; + + tiebreaker?: TiebreakerResolver, TypeParent, TContext>; + } + + export type ValueResolver< + R = Maybe, + Parent = CursorType, TContext = SiemContext > = Resolver; - export type ExceptionsListResolver< - R = Maybe, - Parent = RuleField, + export type TiebreakerResolver< + R = Maybe, + Parent = CursorType, TContext = SiemContext > = Resolver; } -export namespace SuricataEcsFieldsResolvers { - export interface Resolvers { - eve?: EveResolver, TypeParent, TContext>; +export namespace PageInfoPaginatedResolvers { + export interface Resolvers { + activePage?: ActivePageResolver; + + fakeTotalCount?: FakeTotalCountResolver; + + showMorePagesIndicator?: ShowMorePagesIndicatorResolver; } - export type EveResolver< - R = Maybe, - Parent = SuricataEcsFields, + export type ActivePageResolver< + R = number, + Parent = PageInfoPaginated, + TContext = SiemContext + > = Resolver; + export type FakeTotalCountResolver< + R = number, + Parent = PageInfoPaginated, + TContext = SiemContext + > = Resolver; + export type ShowMorePagesIndicatorResolver< + R = boolean, + Parent = PageInfoPaginated, TContext = SiemContext > = Resolver; } -export namespace SuricataEveDataResolvers { - export interface Resolvers { - alert?: AlertResolver, TypeParent, TContext>; +export namespace FirstLastSeenHostResolvers { + export interface Resolvers { + inspect?: InspectResolver, TypeParent, TContext>; - flow_id?: FlowIdResolver, TypeParent, TContext>; + firstSeen?: FirstSeenResolver, TypeParent, TContext>; - proto?: ProtoResolver, TypeParent, TContext>; + lastSeen?: LastSeenResolver, TypeParent, TContext>; } - export type AlertResolver< - R = Maybe, - Parent = SuricataEveData, + export type InspectResolver< + R = Maybe, + Parent = FirstLastSeenHost, TContext = SiemContext > = Resolver; - export type FlowIdResolver< - R = Maybe, - Parent = SuricataEveData, + export type FirstSeenResolver< + R = Maybe, + Parent = FirstLastSeenHost, TContext = SiemContext > = Resolver; - export type ProtoResolver< - R = Maybe, - Parent = SuricataEveData, + export type LastSeenResolver< + R = Maybe, + Parent = FirstLastSeenHost, TContext = SiemContext > = Resolver; } -export namespace SuricataAlertDataResolvers { - export interface Resolvers { - signature?: SignatureResolver, TypeParent, TContext>; +export namespace TimelineResultResolvers { + export interface Resolvers { + columns?: ColumnsResolver, TypeParent, TContext>; + + created?: CreatedResolver, TypeParent, TContext>; + + createdBy?: CreatedByResolver, TypeParent, TContext>; + + dataProviders?: DataProvidersResolver, TypeParent, TContext>; + + dateRange?: DateRangeResolver, TypeParent, TContext>; + + description?: DescriptionResolver, TypeParent, TContext>; - signature_id?: SignatureIdResolver, TypeParent, TContext>; - } + eventIdToNoteIds?: EventIdToNoteIdsResolver, TypeParent, TContext>; - export type SignatureResolver< - R = Maybe, - Parent = SuricataAlertData, - TContext = SiemContext - > = Resolver; - export type SignatureIdResolver< - R = Maybe, - Parent = SuricataAlertData, - TContext = SiemContext - > = Resolver; -} + eventType?: EventTypeResolver, TypeParent, TContext>; -export namespace TlsEcsFieldsResolvers { - export interface Resolvers { - client_certificate?: ClientCertificateResolver< - Maybe, + excludedRowRendererIds?: ExcludedRowRendererIdsResolver< + Maybe, TypeParent, TContext >; - fingerprints?: FingerprintsResolver, TypeParent, TContext>; + favorite?: FavoriteResolver, TypeParent, TContext>; - server_certificate?: ServerCertificateResolver< - Maybe, + filters?: FiltersResolver, TypeParent, TContext>; + + kqlMode?: KqlModeResolver, TypeParent, TContext>; + + kqlQuery?: KqlQueryResolver, TypeParent, TContext>; + + indexNames?: IndexNamesResolver, TypeParent, TContext>; + + notes?: NotesResolver, TypeParent, TContext>; + + noteIds?: NoteIdsResolver, TypeParent, TContext>; + + pinnedEventIds?: PinnedEventIdsResolver, TypeParent, TContext>; + + pinnedEventsSaveObject?: PinnedEventsSaveObjectResolver< + Maybe, TypeParent, TContext >; + + savedQueryId?: SavedQueryIdResolver, TypeParent, TContext>; + + savedObjectId?: SavedObjectIdResolver; + + sort?: SortResolver, TypeParent, TContext>; + + status?: StatusResolver, TypeParent, TContext>; + + title?: TitleResolver, TypeParent, TContext>; + + templateTimelineId?: TemplateTimelineIdResolver, TypeParent, TContext>; + + templateTimelineVersion?: TemplateTimelineVersionResolver, TypeParent, TContext>; + + timelineType?: TimelineTypeResolver, TypeParent, TContext>; + + updated?: UpdatedResolver, TypeParent, TContext>; + + updatedBy?: UpdatedByResolver, TypeParent, TContext>; + + version?: VersionResolver; } - export type ClientCertificateResolver< - R = Maybe, - Parent = TlsEcsFields, + export type ColumnsResolver< + R = Maybe, + Parent = TimelineResult, TContext = SiemContext > = Resolver; - export type FingerprintsResolver< - R = Maybe, - Parent = TlsEcsFields, + export type CreatedResolver< + R = Maybe, + Parent = TimelineResult, TContext = SiemContext > = Resolver; - export type ServerCertificateResolver< - R = Maybe, - Parent = TlsEcsFields, + export type CreatedByResolver< + R = Maybe, + Parent = TimelineResult, TContext = SiemContext > = Resolver; -} - -export namespace TlsClientCertificateDataResolvers { - export interface Resolvers { - fingerprint?: FingerprintResolver, TypeParent, TContext>; - } - - export type FingerprintResolver< - R = Maybe, - Parent = TlsClientCertificateData, + export type DataProvidersResolver< + R = Maybe, + Parent = TimelineResult, TContext = SiemContext > = Resolver; -} - -export namespace FingerprintDataResolvers { - export interface Resolvers { - sha1?: Sha1Resolver, TypeParent, TContext>; - } - - export type Sha1Resolver< - R = Maybe, - Parent = FingerprintData, + export type DateRangeResolver< + R = Maybe, + Parent = TimelineResult, TContext = SiemContext > = Resolver; -} - -export namespace TlsFingerprintsDataResolvers { - export interface Resolvers { - ja3?: Ja3Resolver, TypeParent, TContext>; - } - - export type Ja3Resolver< - R = Maybe, - Parent = TlsFingerprintsData, + export type DescriptionResolver< + R = Maybe, + Parent = TimelineResult, TContext = SiemContext > = Resolver; -} - -export namespace TlsJa3DataResolvers { - export interface Resolvers { - hash?: HashResolver, TypeParent, TContext>; - } - - export type HashResolver< - R = Maybe, - Parent = TlsJa3Data, + export type EventIdToNoteIdsResolver< + R = Maybe, + Parent = TimelineResult, TContext = SiemContext > = Resolver; -} - -export namespace TlsServerCertificateDataResolvers { - export interface Resolvers { - fingerprint?: FingerprintResolver, TypeParent, TContext>; - } - - export type FingerprintResolver< - R = Maybe, - Parent = TlsServerCertificateData, + export type EventTypeResolver< + R = Maybe, + Parent = TimelineResult, TContext = SiemContext > = Resolver; -} - -export namespace ZeekEcsFieldsResolvers { - export interface Resolvers { - session_id?: SessionIdResolver, TypeParent, TContext>; - - connection?: ConnectionResolver, TypeParent, TContext>; - - notice?: NoticeResolver, TypeParent, TContext>; - - dns?: DnsResolver, TypeParent, TContext>; - - http?: HttpResolver, TypeParent, TContext>; - - files?: FilesResolver, TypeParent, TContext>; - - ssl?: SslResolver, TypeParent, TContext>; - } - - export type SessionIdResolver< - R = Maybe, - Parent = ZeekEcsFields, + export type ExcludedRowRendererIdsResolver< + R = Maybe, + Parent = TimelineResult, TContext = SiemContext > = Resolver; - export type ConnectionResolver< - R = Maybe, - Parent = ZeekEcsFields, + export type FavoriteResolver< + R = Maybe, + Parent = TimelineResult, TContext = SiemContext > = Resolver; - export type NoticeResolver< - R = Maybe, - Parent = ZeekEcsFields, + export type FiltersResolver< + R = Maybe, + Parent = TimelineResult, TContext = SiemContext > = Resolver; - export type DnsResolver< - R = Maybe, - Parent = ZeekEcsFields, + export type KqlModeResolver< + R = Maybe, + Parent = TimelineResult, TContext = SiemContext > = Resolver; - export type HttpResolver< - R = Maybe, - Parent = ZeekEcsFields, + export type KqlQueryResolver< + R = Maybe, + Parent = TimelineResult, TContext = SiemContext > = Resolver; - export type FilesResolver< - R = Maybe, - Parent = ZeekEcsFields, + export type IndexNamesResolver< + R = Maybe, + Parent = TimelineResult, TContext = SiemContext > = Resolver; - export type SslResolver< - R = Maybe, - Parent = ZeekEcsFields, + export type NotesResolver< + R = Maybe, + Parent = TimelineResult, TContext = SiemContext > = Resolver; -} - -export namespace ZeekConnectionDataResolvers { - export interface Resolvers { - local_resp?: LocalRespResolver, TypeParent, TContext>; - - local_orig?: LocalOrigResolver, TypeParent, TContext>; - - missed_bytes?: MissedBytesResolver, TypeParent, TContext>; - - state?: StateResolver, TypeParent, TContext>; - - history?: HistoryResolver, TypeParent, TContext>; - } - - export type LocalRespResolver< - R = Maybe, - Parent = ZeekConnectionData, + export type NoteIdsResolver< + R = Maybe, + Parent = TimelineResult, TContext = SiemContext > = Resolver; - export type LocalOrigResolver< - R = Maybe, - Parent = ZeekConnectionData, + export type PinnedEventIdsResolver< + R = Maybe, + Parent = TimelineResult, TContext = SiemContext > = Resolver; - export type MissedBytesResolver< - R = Maybe, - Parent = ZeekConnectionData, + export type PinnedEventsSaveObjectResolver< + R = Maybe, + Parent = TimelineResult, TContext = SiemContext > = Resolver; - export type StateResolver< - R = Maybe, - Parent = ZeekConnectionData, + export type SavedQueryIdResolver< + R = Maybe, + Parent = TimelineResult, + TContext = SiemContext + > = Resolver; + export type SavedObjectIdResolver< + R = string, + Parent = TimelineResult, + TContext = SiemContext + > = Resolver; + export type SortResolver< + R = Maybe, + Parent = TimelineResult, TContext = SiemContext > = Resolver; - export type HistoryResolver< - R = Maybe, - Parent = ZeekConnectionData, + export type StatusResolver< + R = Maybe, + Parent = TimelineResult, TContext = SiemContext > = Resolver; -} - -export namespace ZeekNoticeDataResolvers { - export interface Resolvers { - suppress_for?: SuppressForResolver, TypeParent, TContext>; - - msg?: MsgResolver, TypeParent, TContext>; - - note?: NoteResolver, TypeParent, TContext>; - - sub?: SubResolver, TypeParent, TContext>; - - dst?: DstResolver, TypeParent, TContext>; - - dropped?: DroppedResolver, TypeParent, TContext>; - - peer_descr?: PeerDescrResolver, TypeParent, TContext>; - } - - export type SuppressForResolver< - R = Maybe, - Parent = ZeekNoticeData, + export type TitleResolver< + R = Maybe, + Parent = TimelineResult, TContext = SiemContext > = Resolver; - export type MsgResolver< - R = Maybe, - Parent = ZeekNoticeData, + export type TemplateTimelineIdResolver< + R = Maybe, + Parent = TimelineResult, TContext = SiemContext > = Resolver; - export type NoteResolver< - R = Maybe, - Parent = ZeekNoticeData, + export type TemplateTimelineVersionResolver< + R = Maybe, + Parent = TimelineResult, TContext = SiemContext > = Resolver; - export type SubResolver< - R = Maybe, - Parent = ZeekNoticeData, + export type TimelineTypeResolver< + R = Maybe, + Parent = TimelineResult, TContext = SiemContext > = Resolver; - export type DstResolver< - R = Maybe, - Parent = ZeekNoticeData, + export type UpdatedResolver< + R = Maybe, + Parent = TimelineResult, TContext = SiemContext > = Resolver; - export type DroppedResolver< - R = Maybe, - Parent = ZeekNoticeData, + export type UpdatedByResolver< + R = Maybe, + Parent = TimelineResult, TContext = SiemContext > = Resolver; - export type PeerDescrResolver< - R = Maybe, - Parent = ZeekNoticeData, + export type VersionResolver< + R = string, + Parent = TimelineResult, TContext = SiemContext > = Resolver; } -export namespace ZeekDnsDataResolvers { - export interface Resolvers { - AA?: AaResolver, TypeParent, TContext>; +export namespace ColumnHeaderResultResolvers { + export interface Resolvers { + aggregatable?: AggregatableResolver, TypeParent, TContext>; - qclass_name?: QclassNameResolver, TypeParent, TContext>; + category?: CategoryResolver, TypeParent, TContext>; - RD?: RdResolver, TypeParent, TContext>; + columnHeaderType?: ColumnHeaderTypeResolver, TypeParent, TContext>; - qtype_name?: QtypeNameResolver, TypeParent, TContext>; + description?: DescriptionResolver, TypeParent, TContext>; - rejected?: RejectedResolver, TypeParent, TContext>; + example?: ExampleResolver, TypeParent, TContext>; - qtype?: QtypeResolver, TypeParent, TContext>; + indexes?: IndexesResolver, TypeParent, TContext>; - query?: QueryResolver, TypeParent, TContext>; + id?: IdResolver, TypeParent, TContext>; - trans_id?: TransIdResolver, TypeParent, TContext>; + name?: NameResolver, TypeParent, TContext>; - qclass?: QclassResolver, TypeParent, TContext>; + placeholder?: PlaceholderResolver, TypeParent, TContext>; - RA?: RaResolver, TypeParent, TContext>; + searchable?: SearchableResolver, TypeParent, TContext>; - TC?: TcResolver, TypeParent, TContext>; + type?: TypeResolver, TypeParent, TContext>; } - export type AaResolver< - R = Maybe, - Parent = ZeekDnsData, + export type AggregatableResolver< + R = Maybe, + Parent = ColumnHeaderResult, TContext = SiemContext > = Resolver; - export type QclassNameResolver< - R = Maybe, - Parent = ZeekDnsData, + export type CategoryResolver< + R = Maybe, + Parent = ColumnHeaderResult, TContext = SiemContext > = Resolver; - export type RdResolver< - R = Maybe, - Parent = ZeekDnsData, + export type ColumnHeaderTypeResolver< + R = Maybe, + Parent = ColumnHeaderResult, TContext = SiemContext > = Resolver; - export type QtypeNameResolver< - R = Maybe, - Parent = ZeekDnsData, + export type DescriptionResolver< + R = Maybe, + Parent = ColumnHeaderResult, TContext = SiemContext > = Resolver; - export type RejectedResolver< - R = Maybe, - Parent = ZeekDnsData, + export type ExampleResolver< + R = Maybe, + Parent = ColumnHeaderResult, TContext = SiemContext > = Resolver; - export type QtypeResolver< - R = Maybe, - Parent = ZeekDnsData, + export type IndexesResolver< + R = Maybe, + Parent = ColumnHeaderResult, TContext = SiemContext > = Resolver; - export type QueryResolver< - R = Maybe, - Parent = ZeekDnsData, + export type IdResolver< + R = Maybe, + Parent = ColumnHeaderResult, TContext = SiemContext > = Resolver; - export type TransIdResolver< - R = Maybe, - Parent = ZeekDnsData, + export type NameResolver< + R = Maybe, + Parent = ColumnHeaderResult, TContext = SiemContext > = Resolver; - export type QclassResolver< - R = Maybe, - Parent = ZeekDnsData, + export type PlaceholderResolver< + R = Maybe, + Parent = ColumnHeaderResult, TContext = SiemContext > = Resolver; - export type RaResolver< - R = Maybe, - Parent = ZeekDnsData, + export type SearchableResolver< + R = Maybe, + Parent = ColumnHeaderResult, TContext = SiemContext > = Resolver; - export type TcResolver< - R = Maybe, - Parent = ZeekDnsData, + export type TypeResolver< + R = Maybe, + Parent = ColumnHeaderResult, TContext = SiemContext > = Resolver; } -export namespace ZeekHttpDataResolvers { - export interface Resolvers { - resp_mime_types?: RespMimeTypesResolver, TypeParent, TContext>; +export namespace DataProviderResultResolvers { + export interface Resolvers { + id?: IdResolver, TypeParent, TContext>; - trans_depth?: TransDepthResolver, TypeParent, TContext>; + name?: NameResolver, TypeParent, TContext>; - status_msg?: StatusMsgResolver, TypeParent, TContext>; + enabled?: EnabledResolver, TypeParent, TContext>; - resp_fuids?: RespFuidsResolver, TypeParent, TContext>; + excluded?: ExcludedResolver, TypeParent, TContext>; - tags?: TagsResolver, TypeParent, TContext>; + kqlQuery?: KqlQueryResolver, TypeParent, TContext>; + + queryMatch?: QueryMatchResolver, TypeParent, TContext>; + + type?: TypeResolver, TypeParent, TContext>; + + and?: AndResolver, TypeParent, TContext>; } - export type RespMimeTypesResolver< - R = Maybe, - Parent = ZeekHttpData, + export type IdResolver< + R = Maybe, + Parent = DataProviderResult, TContext = SiemContext > = Resolver; - export type TransDepthResolver< - R = Maybe, - Parent = ZeekHttpData, + export type NameResolver< + R = Maybe, + Parent = DataProviderResult, TContext = SiemContext > = Resolver; - export type StatusMsgResolver< - R = Maybe, - Parent = ZeekHttpData, + export type EnabledResolver< + R = Maybe, + Parent = DataProviderResult, TContext = SiemContext > = Resolver; - export type RespFuidsResolver< - R = Maybe, - Parent = ZeekHttpData, + export type ExcludedResolver< + R = Maybe, + Parent = DataProviderResult, TContext = SiemContext > = Resolver; - export type TagsResolver< - R = Maybe, - Parent = ZeekHttpData, + export type KqlQueryResolver< + R = Maybe, + Parent = DataProviderResult, + TContext = SiemContext + > = Resolver; + export type QueryMatchResolver< + R = Maybe, + Parent = DataProviderResult, + TContext = SiemContext + > = Resolver; + export type TypeResolver< + R = Maybe, + Parent = DataProviderResult, + TContext = SiemContext + > = Resolver; + export type AndResolver< + R = Maybe, + Parent = DataProviderResult, TContext = SiemContext > = Resolver; } -export namespace ZeekFileDataResolvers { - export interface Resolvers { - session_ids?: SessionIdsResolver, TypeParent, TContext>; - - timedout?: TimedoutResolver, TypeParent, TContext>; - - local_orig?: LocalOrigResolver, TypeParent, TContext>; - - tx_host?: TxHostResolver, TypeParent, TContext>; - - source?: SourceResolver, TypeParent, TContext>; - - is_orig?: IsOrigResolver, TypeParent, TContext>; - - overflow_bytes?: OverflowBytesResolver, TypeParent, TContext>; - - sha1?: Sha1Resolver, TypeParent, TContext>; - - duration?: DurationResolver, TypeParent, TContext>; - - depth?: DepthResolver, TypeParent, TContext>; - - analyzers?: AnalyzersResolver, TypeParent, TContext>; - - mime_type?: MimeTypeResolver, TypeParent, TContext>; - - rx_host?: RxHostResolver, TypeParent, TContext>; - - total_bytes?: TotalBytesResolver, TypeParent, TContext>; +export namespace QueryMatchResultResolvers { + export interface Resolvers { + field?: FieldResolver, TypeParent, TContext>; - fuid?: FuidResolver, TypeParent, TContext>; + displayField?: DisplayFieldResolver, TypeParent, TContext>; - seen_bytes?: SeenBytesResolver, TypeParent, TContext>; + value?: ValueResolver, TypeParent, TContext>; - missing_bytes?: MissingBytesResolver, TypeParent, TContext>; + displayValue?: DisplayValueResolver, TypeParent, TContext>; - md5?: Md5Resolver, TypeParent, TContext>; + operator?: OperatorResolver, TypeParent, TContext>; } - export type SessionIdsResolver< - R = Maybe, - Parent = ZeekFileData, - TContext = SiemContext - > = Resolver; - export type TimedoutResolver< - R = Maybe, - Parent = ZeekFileData, + export type FieldResolver< + R = Maybe, + Parent = QueryMatchResult, TContext = SiemContext > = Resolver; - export type LocalOrigResolver< - R = Maybe, - Parent = ZeekFileData, + export type DisplayFieldResolver< + R = Maybe, + Parent = QueryMatchResult, TContext = SiemContext > = Resolver; - export type TxHostResolver< - R = Maybe, - Parent = ZeekFileData, + export type ValueResolver< + R = Maybe, + Parent = QueryMatchResult, TContext = SiemContext > = Resolver; - export type SourceResolver< - R = Maybe, - Parent = ZeekFileData, + export type DisplayValueResolver< + R = Maybe, + Parent = QueryMatchResult, TContext = SiemContext > = Resolver; - export type IsOrigResolver< - R = Maybe, - Parent = ZeekFileData, + export type OperatorResolver< + R = Maybe, + Parent = QueryMatchResult, TContext = SiemContext > = Resolver; - export type OverflowBytesResolver< - R = Maybe, - Parent = ZeekFileData, +} + +export namespace DateRangePickerResultResolvers { + export interface Resolvers { + start?: StartResolver, TypeParent, TContext>; + + end?: EndResolver, TypeParent, TContext>; + } + + export type StartResolver< + R = Maybe, + Parent = DateRangePickerResult, TContext = SiemContext > = Resolver; - export type Sha1Resolver< - R = Maybe, - Parent = ZeekFileData, + export type EndResolver< + R = Maybe, + Parent = DateRangePickerResult, TContext = SiemContext > = Resolver; - export type DurationResolver< - R = Maybe, - Parent = ZeekFileData, +} + +export namespace FavoriteTimelineResultResolvers { + export interface Resolvers { + fullName?: FullNameResolver, TypeParent, TContext>; + + userName?: UserNameResolver, TypeParent, TContext>; + + favoriteDate?: FavoriteDateResolver, TypeParent, TContext>; + } + + export type FullNameResolver< + R = Maybe, + Parent = FavoriteTimelineResult, TContext = SiemContext > = Resolver; - export type DepthResolver< - R = Maybe, - Parent = ZeekFileData, + export type UserNameResolver< + R = Maybe, + Parent = FavoriteTimelineResult, TContext = SiemContext > = Resolver; - export type AnalyzersResolver< - R = Maybe, - Parent = ZeekFileData, + export type FavoriteDateResolver< + R = Maybe, + Parent = FavoriteTimelineResult, TContext = SiemContext > = Resolver; - export type MimeTypeResolver< - R = Maybe, - Parent = ZeekFileData, +} + +export namespace FilterTimelineResultResolvers { + export interface Resolvers { + exists?: ExistsResolver, TypeParent, TContext>; + + meta?: MetaResolver, TypeParent, TContext>; + + match_all?: MatchAllResolver, TypeParent, TContext>; + + missing?: MissingResolver, TypeParent, TContext>; + + query?: QueryResolver, TypeParent, TContext>; + + range?: RangeResolver, TypeParent, TContext>; + + script?: ScriptResolver, TypeParent, TContext>; + } + + export type ExistsResolver< + R = Maybe, + Parent = FilterTimelineResult, TContext = SiemContext > = Resolver; - export type RxHostResolver< - R = Maybe, - Parent = ZeekFileData, + export type MetaResolver< + R = Maybe, + Parent = FilterTimelineResult, TContext = SiemContext > = Resolver; - export type TotalBytesResolver< - R = Maybe, - Parent = ZeekFileData, + export type MatchAllResolver< + R = Maybe, + Parent = FilterTimelineResult, TContext = SiemContext > = Resolver; - export type FuidResolver< - R = Maybe, - Parent = ZeekFileData, + export type MissingResolver< + R = Maybe, + Parent = FilterTimelineResult, TContext = SiemContext > = Resolver; - export type SeenBytesResolver< - R = Maybe, - Parent = ZeekFileData, + export type QueryResolver< + R = Maybe, + Parent = FilterTimelineResult, TContext = SiemContext > = Resolver; - export type MissingBytesResolver< - R = Maybe, - Parent = ZeekFileData, + export type RangeResolver< + R = Maybe, + Parent = FilterTimelineResult, TContext = SiemContext > = Resolver; - export type Md5Resolver< - R = Maybe, - Parent = ZeekFileData, + export type ScriptResolver< + R = Maybe, + Parent = FilterTimelineResult, TContext = SiemContext > = Resolver; } -export namespace ZeekSslDataResolvers { - export interface Resolvers { - cipher?: CipherResolver, TypeParent, TContext>; +export namespace FilterMetaTimelineResultResolvers { + export interface Resolvers { + alias?: AliasResolver, TypeParent, TContext>; - established?: EstablishedResolver, TypeParent, TContext>; + controlledBy?: ControlledByResolver, TypeParent, TContext>; - resumed?: ResumedResolver, TypeParent, TContext>; + disabled?: DisabledResolver, TypeParent, TContext>; - version?: VersionResolver, TypeParent, TContext>; + field?: FieldResolver, TypeParent, TContext>; + + formattedValue?: FormattedValueResolver, TypeParent, TContext>; + + index?: IndexResolver, TypeParent, TContext>; + + key?: KeyResolver, TypeParent, TContext>; + + negate?: NegateResolver, TypeParent, TContext>; + + params?: ParamsResolver, TypeParent, TContext>; + + type?: TypeResolver, TypeParent, TContext>; + + value?: ValueResolver, TypeParent, TContext>; } - export type CipherResolver< - R = Maybe, - Parent = ZeekSslData, + export type AliasResolver< + R = Maybe, + Parent = FilterMetaTimelineResult, TContext = SiemContext > = Resolver; - export type EstablishedResolver< - R = Maybe, - Parent = ZeekSslData, + export type ControlledByResolver< + R = Maybe, + Parent = FilterMetaTimelineResult, TContext = SiemContext > = Resolver; - export type ResumedResolver< - R = Maybe, - Parent = ZeekSslData, + export type DisabledResolver< + R = Maybe, + Parent = FilterMetaTimelineResult, TContext = SiemContext > = Resolver; - export type VersionResolver< - R = Maybe, - Parent = ZeekSslData, + export type FieldResolver< + R = Maybe, + Parent = FilterMetaTimelineResult, TContext = SiemContext > = Resolver; -} - -export namespace HttpEcsFieldsResolvers { - export interface Resolvers { - version?: VersionResolver, TypeParent, TContext>; - - request?: RequestResolver, TypeParent, TContext>; - - response?: ResponseResolver, TypeParent, TContext>; - } - - export type VersionResolver< - R = Maybe, - Parent = HttpEcsFields, + export type FormattedValueResolver< + R = Maybe, + Parent = FilterMetaTimelineResult, TContext = SiemContext > = Resolver; - export type RequestResolver< - R = Maybe, - Parent = HttpEcsFields, + export type IndexResolver< + R = Maybe, + Parent = FilterMetaTimelineResult, TContext = SiemContext > = Resolver; - export type ResponseResolver< - R = Maybe, - Parent = HttpEcsFields, + export type KeyResolver< + R = Maybe, + Parent = FilterMetaTimelineResult, TContext = SiemContext > = Resolver; -} - -export namespace HttpRequestDataResolvers { - export interface Resolvers { - method?: MethodResolver, TypeParent, TContext>; - - body?: BodyResolver, TypeParent, TContext>; - - referrer?: ReferrerResolver, TypeParent, TContext>; - - bytes?: BytesResolver, TypeParent, TContext>; - } - - export type MethodResolver< - R = Maybe, - Parent = HttpRequestData, + export type NegateResolver< + R = Maybe, + Parent = FilterMetaTimelineResult, TContext = SiemContext > = Resolver; - export type BodyResolver< - R = Maybe, - Parent = HttpRequestData, + export type ParamsResolver< + R = Maybe, + Parent = FilterMetaTimelineResult, TContext = SiemContext > = Resolver; - export type ReferrerResolver< - R = Maybe, - Parent = HttpRequestData, + export type TypeResolver< + R = Maybe, + Parent = FilterMetaTimelineResult, TContext = SiemContext > = Resolver; - export type BytesResolver< - R = Maybe, - Parent = HttpRequestData, + export type ValueResolver< + R = Maybe, + Parent = FilterMetaTimelineResult, TContext = SiemContext > = Resolver; } -export namespace HttpBodyDataResolvers { - export interface Resolvers { - content?: ContentResolver, TypeParent, TContext>; - - bytes?: BytesResolver, TypeParent, TContext>; +export namespace SerializedFilterQueryResultResolvers { + export interface Resolvers { + filterQuery?: FilterQueryResolver, TypeParent, TContext>; } - export type ContentResolver< - R = Maybe, - Parent = HttpBodyData, - TContext = SiemContext - > = Resolver; - export type BytesResolver< - R = Maybe, - Parent = HttpBodyData, + export type FilterQueryResolver< + R = Maybe, + Parent = SerializedFilterQueryResult, TContext = SiemContext > = Resolver; } -export namespace HttpResponseDataResolvers { - export interface Resolvers { - status_code?: StatusCodeResolver, TypeParent, TContext>; - - body?: BodyResolver, TypeParent, TContext>; +export namespace SerializedKueryQueryResultResolvers { + export interface Resolvers { + kuery?: KueryResolver, TypeParent, TContext>; - bytes?: BytesResolver, TypeParent, TContext>; + serializedQuery?: SerializedQueryResolver, TypeParent, TContext>; } - export type StatusCodeResolver< - R = Maybe, - Parent = HttpResponseData, - TContext = SiemContext - > = Resolver; - export type BodyResolver< - R = Maybe, - Parent = HttpResponseData, + export type KueryResolver< + R = Maybe, + Parent = SerializedKueryQueryResult, TContext = SiemContext > = Resolver; - export type BytesResolver< - R = Maybe, - Parent = HttpResponseData, + export type SerializedQueryResolver< + R = Maybe, + Parent = SerializedKueryQueryResult, TContext = SiemContext > = Resolver; } -export namespace UrlEcsFieldsResolvers { - export interface Resolvers { - domain?: DomainResolver, TypeParent, TContext>; - - original?: OriginalResolver, TypeParent, TContext>; - - username?: UsernameResolver, TypeParent, TContext>; +export namespace KueryFilterQueryResultResolvers { + export interface Resolvers { + kind?: KindResolver, TypeParent, TContext>; - password?: PasswordResolver, TypeParent, TContext>; + expression?: ExpressionResolver, TypeParent, TContext>; } - export type DomainResolver< - R = Maybe, - Parent = UrlEcsFields, - TContext = SiemContext - > = Resolver; - export type OriginalResolver< - R = Maybe, - Parent = UrlEcsFields, - TContext = SiemContext - > = Resolver; - export type UsernameResolver< - R = Maybe, - Parent = UrlEcsFields, + export type KindResolver< + R = Maybe, + Parent = KueryFilterQueryResult, TContext = SiemContext > = Resolver; - export type PasswordResolver< - R = Maybe, - Parent = UrlEcsFields, + export type ExpressionResolver< + R = Maybe, + Parent = KueryFilterQueryResult, TContext = SiemContext > = Resolver; } -export namespace WinlogEcsFieldsResolvers { - export interface Resolvers { - event_id?: EventIdResolver, TypeParent, TContext>; +export namespace SortTimelineResultResolvers { + export interface Resolvers { + columnId?: ColumnIdResolver, TypeParent, TContext>; + + sortDirection?: SortDirectionResolver, TypeParent, TContext>; } - export type EventIdResolver< - R = Maybe, - Parent = WinlogEcsFields, + export type ColumnIdResolver< + R = Maybe, + Parent = SortTimelineResult, + TContext = SiemContext + > = Resolver; + export type SortDirectionResolver< + R = Maybe, + Parent = SortTimelineResult, TContext = SiemContext > = Resolver; } -export namespace ProcessEcsFieldsResolvers { - export interface Resolvers { - hash?: HashResolver, TypeParent, TContext>; - - pid?: PidResolver, TypeParent, TContext>; - - name?: NameResolver, TypeParent, TContext>; - - ppid?: PpidResolver, TypeParent, TContext>; +export namespace ResponseTimelinesResolvers { + export interface Resolvers { + timeline?: TimelineResolver<(Maybe)[], TypeParent, TContext>; - args?: ArgsResolver, TypeParent, TContext>; + totalCount?: TotalCountResolver, TypeParent, TContext>; - entity_id?: EntityIdResolver, TypeParent, TContext>; + defaultTimelineCount?: DefaultTimelineCountResolver, TypeParent, TContext>; - executable?: ExecutableResolver, TypeParent, TContext>; + templateTimelineCount?: TemplateTimelineCountResolver, TypeParent, TContext>; - title?: TitleResolver, TypeParent, TContext>; + elasticTemplateTimelineCount?: ElasticTemplateTimelineCountResolver< + Maybe, + TypeParent, + TContext + >; - thread?: ThreadResolver, TypeParent, TContext>; + customTemplateTimelineCount?: CustomTemplateTimelineCountResolver< + Maybe, + TypeParent, + TContext + >; - working_directory?: WorkingDirectoryResolver, TypeParent, TContext>; + favoriteCount?: FavoriteCountResolver, TypeParent, TContext>; } - export type HashResolver< - R = Maybe, - Parent = ProcessEcsFields, - TContext = SiemContext - > = Resolver; - export type PidResolver< - R = Maybe, - Parent = ProcessEcsFields, - TContext = SiemContext - > = Resolver; - export type NameResolver< - R = Maybe, - Parent = ProcessEcsFields, - TContext = SiemContext - > = Resolver; - export type PpidResolver< - R = Maybe, - Parent = ProcessEcsFields, + export type TimelineResolver< + R = (Maybe)[], + Parent = ResponseTimelines, TContext = SiemContext > = Resolver; - export type ArgsResolver< - R = Maybe, - Parent = ProcessEcsFields, + export type TotalCountResolver< + R = Maybe, + Parent = ResponseTimelines, TContext = SiemContext > = Resolver; - export type EntityIdResolver< - R = Maybe, - Parent = ProcessEcsFields, + export type DefaultTimelineCountResolver< + R = Maybe, + Parent = ResponseTimelines, TContext = SiemContext > = Resolver; - export type ExecutableResolver< - R = Maybe, - Parent = ProcessEcsFields, + export type TemplateTimelineCountResolver< + R = Maybe, + Parent = ResponseTimelines, TContext = SiemContext > = Resolver; - export type TitleResolver< - R = Maybe, - Parent = ProcessEcsFields, + export type ElasticTemplateTimelineCountResolver< + R = Maybe, + Parent = ResponseTimelines, TContext = SiemContext > = Resolver; - export type ThreadResolver< - R = Maybe, - Parent = ProcessEcsFields, + export type CustomTemplateTimelineCountResolver< + R = Maybe, + Parent = ResponseTimelines, TContext = SiemContext > = Resolver; - export type WorkingDirectoryResolver< - R = Maybe, - Parent = ProcessEcsFields, + export type FavoriteCountResolver< + R = Maybe, + Parent = ResponseTimelines, TContext = SiemContext > = Resolver; } -export namespace ProcessHashDataResolvers { - export interface Resolvers { - md5?: Md5Resolver, TypeParent, TContext>; +export namespace MutationResolvers { + export interface Resolvers { + /** Persists a note */ + persistNote?: PersistNoteResolver; - sha1?: Sha1Resolver, TypeParent, TContext>; + deleteNote?: DeleteNoteResolver, TypeParent, TContext>; - sha256?: Sha256Resolver, TypeParent, TContext>; + deleteNoteByTimelineId?: DeleteNoteByTimelineIdResolver, TypeParent, TContext>; + /** Persists a pinned event in a timeline */ + persistPinnedEventOnTimeline?: PersistPinnedEventOnTimelineResolver< + Maybe, + TypeParent, + TContext + >; + /** Remove a pinned events in a timeline */ + deletePinnedEventOnTimeline?: DeletePinnedEventOnTimelineResolver< + boolean, + TypeParent, + TContext + >; + /** Remove all pinned events in a timeline */ + deleteAllPinnedEventsOnTimeline?: DeleteAllPinnedEventsOnTimelineResolver< + boolean, + TypeParent, + TContext + >; + /** Persists a timeline */ + persistTimeline?: PersistTimelineResolver; + + persistFavorite?: PersistFavoriteResolver; + + deleteTimeline?: DeleteTimelineResolver; } - export type Md5Resolver< - R = Maybe, - Parent = ProcessHashData, - TContext = SiemContext - > = Resolver; - export type Sha1Resolver< - R = Maybe, - Parent = ProcessHashData, - TContext = SiemContext - > = Resolver; - export type Sha256Resolver< - R = Maybe, - Parent = ProcessHashData, - TContext = SiemContext - > = Resolver; -} + export type PersistNoteResolver = Resolver< + R, + Parent, + TContext, + PersistNoteArgs + >; + export interface PersistNoteArgs { + noteId?: Maybe; -export namespace ThreadResolvers { - export interface Resolvers { - id?: IdResolver, TypeParent, TContext>; + version?: Maybe; - start?: StartResolver, TypeParent, TContext>; + note: NoteInput; } - export type IdResolver< - R = Maybe, - Parent = Thread, - TContext = SiemContext - > = Resolver; - export type StartResolver< - R = Maybe, - Parent = Thread, + export type DeleteNoteResolver< + R = Maybe, + Parent = {}, TContext = SiemContext - > = Resolver; -} + > = Resolver; + export interface DeleteNoteArgs { + id: string[]; + } -export namespace FileFieldsResolvers { - export interface Resolvers { - name?: NameResolver, TypeParent, TContext>; + export type DeleteNoteByTimelineIdResolver< + R = Maybe, + Parent = {}, + TContext = SiemContext + > = Resolver; + export interface DeleteNoteByTimelineIdArgs { + timelineId: string; - path?: PathResolver, TypeParent, TContext>; + version?: Maybe; + } - target_path?: TargetPathResolver, TypeParent, TContext>; + export type PersistPinnedEventOnTimelineResolver< + R = Maybe, + Parent = {}, + TContext = SiemContext + > = Resolver; + export interface PersistPinnedEventOnTimelineArgs { + pinnedEventId?: Maybe; - extension?: ExtensionResolver, TypeParent, TContext>; + eventId: string; - type?: TypeResolver, TypeParent, TContext>; + timelineId?: Maybe; + } - device?: DeviceResolver, TypeParent, TContext>; + export type DeletePinnedEventOnTimelineResolver< + R = boolean, + Parent = {}, + TContext = SiemContext + > = Resolver; + export interface DeletePinnedEventOnTimelineArgs { + id: string[]; + } - inode?: InodeResolver, TypeParent, TContext>; + export type DeleteAllPinnedEventsOnTimelineResolver< + R = boolean, + Parent = {}, + TContext = SiemContext + > = Resolver; + export interface DeleteAllPinnedEventsOnTimelineArgs { + timelineId: string; + } - uid?: UidResolver, TypeParent, TContext>; + export type PersistTimelineResolver< + R = ResponseTimeline, + Parent = {}, + TContext = SiemContext + > = Resolver; + export interface PersistTimelineArgs { + id?: Maybe; - owner?: OwnerResolver, TypeParent, TContext>; + version?: Maybe; - gid?: GidResolver, TypeParent, TContext>; + timeline: TimelineInput; + } - group?: GroupResolver, TypeParent, TContext>; + export type PersistFavoriteResolver< + R = ResponseFavoriteTimeline, + Parent = {}, + TContext = SiemContext + > = Resolver; + export interface PersistFavoriteArgs { + timelineId?: Maybe; + } - mode?: ModeResolver, TypeParent, TContext>; + export type DeleteTimelineResolver = Resolver< + R, + Parent, + TContext, + DeleteTimelineArgs + >; + export interface DeleteTimelineArgs { + id: string[]; + } +} - size?: SizeResolver, TypeParent, TContext>; +export namespace ResponseNoteResolvers { + export interface Resolvers { + code?: CodeResolver, TypeParent, TContext>; - mtime?: MtimeResolver, TypeParent, TContext>; + message?: MessageResolver, TypeParent, TContext>; - ctime?: CtimeResolver, TypeParent, TContext>; + note?: NoteResolver; } - export type NameResolver< - R = Maybe, - Parent = FileFields, - TContext = SiemContext - > = Resolver; - export type PathResolver< - R = Maybe, - Parent = FileFields, - TContext = SiemContext - > = Resolver; - export type TargetPathResolver< - R = Maybe, - Parent = FileFields, - TContext = SiemContext - > = Resolver; - export type ExtensionResolver< - R = Maybe, - Parent = FileFields, - TContext = SiemContext - > = Resolver; - export type TypeResolver< - R = Maybe, - Parent = FileFields, + export type CodeResolver< + R = Maybe, + Parent = ResponseNote, TContext = SiemContext > = Resolver; - export type DeviceResolver< - R = Maybe, - Parent = FileFields, + export type MessageResolver< + R = Maybe, + Parent = ResponseNote, TContext = SiemContext > = Resolver; - export type InodeResolver< - R = Maybe, - Parent = FileFields, + export type NoteResolver< + R = NoteResult, + Parent = ResponseNote, TContext = SiemContext > = Resolver; - export type UidResolver< - R = Maybe, - Parent = FileFields, +} + +export namespace ResponseTimelineResolvers { + export interface Resolvers { + code?: CodeResolver, TypeParent, TContext>; + + message?: MessageResolver, TypeParent, TContext>; + + timeline?: TimelineResolver; + } + + export type CodeResolver< + R = Maybe, + Parent = ResponseTimeline, TContext = SiemContext > = Resolver; - export type OwnerResolver< - R = Maybe, - Parent = FileFields, + export type MessageResolver< + R = Maybe, + Parent = ResponseTimeline, TContext = SiemContext > = Resolver; - export type GidResolver< - R = Maybe, - Parent = FileFields, + export type TimelineResolver< + R = TimelineResult, + Parent = ResponseTimeline, TContext = SiemContext > = Resolver; - export type GroupResolver< - R = Maybe, - Parent = FileFields, +} + +export namespace ResponseFavoriteTimelineResolvers { + export interface Resolvers { + code?: CodeResolver, TypeParent, TContext>; + + message?: MessageResolver, TypeParent, TContext>; + + savedObjectId?: SavedObjectIdResolver; + + version?: VersionResolver; + + favorite?: FavoriteResolver, TypeParent, TContext>; + } + + export type CodeResolver< + R = Maybe, + Parent = ResponseFavoriteTimeline, TContext = SiemContext > = Resolver; - export type ModeResolver< - R = Maybe, - Parent = FileFields, + export type MessageResolver< + R = Maybe, + Parent = ResponseFavoriteTimeline, TContext = SiemContext > = Resolver; - export type SizeResolver< - R = Maybe, - Parent = FileFields, + export type SavedObjectIdResolver< + R = string, + Parent = ResponseFavoriteTimeline, TContext = SiemContext > = Resolver; - export type MtimeResolver< - R = Maybe, - Parent = FileFields, + export type VersionResolver< + R = string, + Parent = ResponseFavoriteTimeline, TContext = SiemContext > = Resolver; - export type CtimeResolver< - R = Maybe, - Parent = FileFields, + export type FavoriteResolver< + R = Maybe, + Parent = ResponseFavoriteTimeline, TContext = SiemContext > = Resolver; } -export namespace SystemEcsFieldResolvers { - export interface Resolvers { - audit?: AuditResolver, TypeParent, TContext>; +export namespace EventEcsFieldsResolvers { + export interface Resolvers { + action?: ActionResolver, TypeParent, TContext>; - auth?: AuthResolver, TypeParent, TContext>; - } + category?: CategoryResolver, TypeParent, TContext>; - export type AuditResolver< - R = Maybe, - Parent = SystemEcsField, - TContext = SiemContext - > = Resolver; - export type AuthResolver< - R = Maybe, - Parent = SystemEcsField, - TContext = SiemContext - > = Resolver; -} + code?: CodeResolver, TypeParent, TContext>; + + created?: CreatedResolver, TypeParent, TContext>; + + dataset?: DatasetResolver, TypeParent, TContext>; + + duration?: DurationResolver, TypeParent, TContext>; + + end?: EndResolver, TypeParent, TContext>; + + hash?: HashResolver, TypeParent, TContext>; -export namespace AuditEcsFieldsResolvers { - export interface Resolvers { - package?: PackageResolver, TypeParent, TContext>; - } + id?: IdResolver, TypeParent, TContext>; - export type PackageResolver< - R = Maybe, - Parent = AuditEcsFields, - TContext = SiemContext - > = Resolver; -} + kind?: KindResolver, TypeParent, TContext>; -export namespace PackageEcsFieldsResolvers { - export interface Resolvers { - arch?: ArchResolver, TypeParent, TContext>; + module?: ModuleResolver, TypeParent, TContext>; - entity_id?: EntityIdResolver, TypeParent, TContext>; + original?: OriginalResolver, TypeParent, TContext>; - name?: NameResolver, TypeParent, TContext>; + outcome?: OutcomeResolver, TypeParent, TContext>; - size?: SizeResolver, TypeParent, TContext>; + risk_score?: RiskScoreResolver, TypeParent, TContext>; - summary?: SummaryResolver, TypeParent, TContext>; + risk_score_norm?: RiskScoreNormResolver, TypeParent, TContext>; - version?: VersionResolver, TypeParent, TContext>; + severity?: SeverityResolver, TypeParent, TContext>; + + start?: StartResolver, TypeParent, TContext>; + + timezone?: TimezoneResolver, TypeParent, TContext>; + + type?: TypeResolver, TypeParent, TContext>; } - export type ArchResolver< + export type ActionResolver< R = Maybe, - Parent = PackageEcsFields, + Parent = EventEcsFields, TContext = SiemContext > = Resolver; - export type EntityIdResolver< + export type CategoryResolver< R = Maybe, - Parent = PackageEcsFields, + Parent = EventEcsFields, TContext = SiemContext > = Resolver; - export type NameResolver< + export type CodeResolver< R = Maybe, - Parent = PackageEcsFields, + Parent = EventEcsFields, TContext = SiemContext > = Resolver; - export type SizeResolver< + export type CreatedResolver< + R = Maybe, + Parent = EventEcsFields, + TContext = SiemContext + > = Resolver; + export type DatasetResolver< + R = Maybe, + Parent = EventEcsFields, + TContext = SiemContext + > = Resolver; + export type DurationResolver< R = Maybe, - Parent = PackageEcsFields, + Parent = EventEcsFields, TContext = SiemContext > = Resolver; - export type SummaryResolver< + export type EndResolver< R = Maybe, - Parent = PackageEcsFields, + Parent = EventEcsFields, TContext = SiemContext > = Resolver; - export type VersionResolver< + export type HashResolver< R = Maybe, - Parent = PackageEcsFields, + Parent = EventEcsFields, TContext = SiemContext > = Resolver; -} - -export namespace AuthEcsFieldsResolvers { - export interface Resolvers { - ssh?: SshResolver, TypeParent, TContext>; - } - - export type SshResolver< - R = Maybe, - Parent = AuthEcsFields, + export type IdResolver< + R = Maybe, + Parent = EventEcsFields, TContext = SiemContext > = Resolver; -} - -export namespace SshEcsFieldsResolvers { - export interface Resolvers { - method?: MethodResolver, TypeParent, TContext>; - - signature?: SignatureResolver, TypeParent, TContext>; - } - - export type MethodResolver< + export type KindResolver< R = Maybe, - Parent = SshEcsFields, + Parent = EventEcsFields, TContext = SiemContext > = Resolver; - export type SignatureResolver< + export type ModuleResolver< R = Maybe, - Parent = SshEcsFields, + Parent = EventEcsFields, TContext = SiemContext > = Resolver; -} - -export namespace PageInfoResolvers { - export interface Resolvers { - endCursor?: EndCursorResolver, TypeParent, TContext>; - - hasNextPage?: HasNextPageResolver, TypeParent, TContext>; - } - - export type EndCursorResolver< - R = Maybe, - Parent = PageInfo, + export type OriginalResolver< + R = Maybe, + Parent = EventEcsFields, TContext = SiemContext > = Resolver; - export type HasNextPageResolver< - R = Maybe, - Parent = PageInfo, + export type OutcomeResolver< + R = Maybe, + Parent = EventEcsFields, TContext = SiemContext > = Resolver; -} - -export namespace TimelineDetailsDataResolvers { - export interface Resolvers { - data?: DataResolver, TypeParent, TContext>; - - inspect?: InspectResolver, TypeParent, TContext>; - } - - export type DataResolver< - R = Maybe, - Parent = TimelineDetailsData, + export type RiskScoreResolver< + R = Maybe, + Parent = EventEcsFields, TContext = SiemContext > = Resolver; - export type InspectResolver< - R = Maybe, - Parent = TimelineDetailsData, + export type RiskScoreNormResolver< + R = Maybe, + Parent = EventEcsFields, TContext = SiemContext > = Resolver; -} - -export namespace DetailItemResolvers { - export interface Resolvers { - field?: FieldResolver; - - values?: ValuesResolver, TypeParent, TContext>; - - originalValue?: OriginalValueResolver, TypeParent, TContext>; - } - - export type FieldResolver = Resolver< - R, - Parent, - TContext - >; - export type ValuesResolver< + export type SeverityResolver< + R = Maybe, + Parent = EventEcsFields, + TContext = SiemContext + > = Resolver; + export type StartResolver< + R = Maybe, + Parent = EventEcsFields, + TContext = SiemContext + > = Resolver; + export type TimezoneResolver< R = Maybe, - Parent = DetailItem, + Parent = EventEcsFields, TContext = SiemContext > = Resolver; - export type OriginalValueResolver< - R = Maybe, - Parent = DetailItem, + export type TypeResolver< + R = Maybe, + Parent = EventEcsFields, TContext = SiemContext > = Resolver; } -export namespace LastEventTimeDataResolvers { - export interface Resolvers { - lastSeen?: LastSeenResolver, TypeParent, TContext>; +export namespace LocationResolvers { + export interface Resolvers { + lon?: LonResolver, TypeParent, TContext>; - inspect?: InspectResolver, TypeParent, TContext>; + lat?: LatResolver, TypeParent, TContext>; } - export type LastSeenResolver< - R = Maybe, - Parent = LastEventTimeData, + export type LonResolver< + R = Maybe, + Parent = Location, TContext = SiemContext > = Resolver; - export type InspectResolver< - R = Maybe, - Parent = LastEventTimeData, + export type LatResolver< + R = Maybe, + Parent = Location, TContext = SiemContext > = Resolver; } -export namespace HostsDataResolvers { - export interface Resolvers { - edges?: EdgesResolver; +export namespace GeoEcsFieldsResolvers { + export interface Resolvers { + city_name?: CityNameResolver, TypeParent, TContext>; - totalCount?: TotalCountResolver; + continent_name?: ContinentNameResolver, TypeParent, TContext>; - pageInfo?: PageInfoResolver; + country_iso_code?: CountryIsoCodeResolver, TypeParent, TContext>; - inspect?: InspectResolver, TypeParent, TContext>; + country_name?: CountryNameResolver, TypeParent, TContext>; + + location?: LocationResolver, TypeParent, TContext>; + + region_iso_code?: RegionIsoCodeResolver, TypeParent, TContext>; + + region_name?: RegionNameResolver, TypeParent, TContext>; } - export type EdgesResolver< - R = HostsEdges[], - Parent = HostsData, + export type CityNameResolver< + R = Maybe, + Parent = GeoEcsFields, TContext = SiemContext > = Resolver; - export type TotalCountResolver = Resolver< - R, - Parent, - TContext - >; - export type PageInfoResolver< - R = PageInfoPaginated, - Parent = HostsData, + export type ContinentNameResolver< + R = Maybe, + Parent = GeoEcsFields, TContext = SiemContext > = Resolver; - export type InspectResolver< - R = Maybe, - Parent = HostsData, + export type CountryIsoCodeResolver< + R = Maybe, + Parent = GeoEcsFields, TContext = SiemContext > = Resolver; -} - -export namespace HostsEdgesResolvers { - export interface Resolvers { - node?: NodeResolver; - - cursor?: CursorResolver; - } - - export type NodeResolver = Resolver< - R, - Parent, - TContext - >; - export type CursorResolver< - R = CursorType, - Parent = HostsEdges, + export type CountryNameResolver< + R = Maybe, + Parent = GeoEcsFields, TContext = SiemContext > = Resolver; -} - -export namespace HostItemResolvers { - export interface Resolvers { - _id?: _IdResolver, TypeParent, TContext>; - - cloud?: CloudResolver, TypeParent, TContext>; - - endpoint?: EndpointResolver, TypeParent, TContext>; + export type LocationResolver< + R = Maybe, + Parent = GeoEcsFields, + TContext = SiemContext + > = Resolver; + export type RegionIsoCodeResolver< + R = Maybe, + Parent = GeoEcsFields, + TContext = SiemContext + > = Resolver; + export type RegionNameResolver< + R = Maybe, + Parent = GeoEcsFields, + TContext = SiemContext + > = Resolver; +} - host?: HostResolver, TypeParent, TContext>; +export namespace PrimarySecondaryResolvers { + export interface Resolvers { + primary?: PrimaryResolver, TypeParent, TContext>; - inspect?: InspectResolver, TypeParent, TContext>; + secondary?: SecondaryResolver, TypeParent, TContext>; - lastSeen?: LastSeenResolver, TypeParent, TContext>; + type?: TypeResolver, TypeParent, TContext>; } - export type _IdResolver, Parent = HostItem, TContext = SiemContext> = Resolver< - R, - Parent, - TContext - >; - export type CloudResolver< - R = Maybe, - Parent = HostItem, - TContext = SiemContext - > = Resolver; - export type EndpointResolver< - R = Maybe, - Parent = HostItem, - TContext = SiemContext - > = Resolver; - export type HostResolver< - R = Maybe, - Parent = HostItem, + export type PrimaryResolver< + R = Maybe, + Parent = PrimarySecondary, TContext = SiemContext > = Resolver; - export type InspectResolver< - R = Maybe, - Parent = HostItem, + export type SecondaryResolver< + R = Maybe, + Parent = PrimarySecondary, TContext = SiemContext > = Resolver; - export type LastSeenResolver< - R = Maybe, - Parent = HostItem, + export type TypeResolver< + R = Maybe, + Parent = PrimarySecondary, TContext = SiemContext > = Resolver; } -export namespace CloudFieldsResolvers { - export interface Resolvers { - instance?: InstanceResolver, TypeParent, TContext>; +export namespace SummaryResolvers { + export interface Resolvers { + actor?: ActorResolver, TypeParent, TContext>; - machine?: MachineResolver, TypeParent, TContext>; + object?: ObjectResolver, TypeParent, TContext>; - provider?: ProviderResolver)[]>, TypeParent, TContext>; + how?: HowResolver, TypeParent, TContext>; - region?: RegionResolver)[]>, TypeParent, TContext>; + message_type?: MessageTypeResolver, TypeParent, TContext>; + + sequence?: SequenceResolver, TypeParent, TContext>; } - export type InstanceResolver< - R = Maybe, - Parent = CloudFields, + export type ActorResolver< + R = Maybe, + Parent = Summary, TContext = SiemContext > = Resolver; - export type MachineResolver< - R = Maybe, - Parent = CloudFields, + export type ObjectResolver< + R = Maybe, + Parent = Summary, TContext = SiemContext > = Resolver; - export type ProviderResolver< - R = Maybe<(Maybe)[]>, - Parent = CloudFields, + export type HowResolver< + R = Maybe, + Parent = Summary, TContext = SiemContext > = Resolver; - export type RegionResolver< - R = Maybe<(Maybe)[]>, - Parent = CloudFields, + export type MessageTypeResolver< + R = Maybe, + Parent = Summary, TContext = SiemContext > = Resolver; -} - -export namespace CloudInstanceResolvers { - export interface Resolvers { - id?: IdResolver)[]>, TypeParent, TContext>; - } - - export type IdResolver< - R = Maybe<(Maybe)[]>, - Parent = CloudInstance, + export type SequenceResolver< + R = Maybe, + Parent = Summary, TContext = SiemContext > = Resolver; } -export namespace CloudMachineResolvers { - export interface Resolvers { - type?: TypeResolver)[]>, TypeParent, TContext>; +export namespace AgentEcsFieldResolvers { + export interface Resolvers { + type?: TypeResolver, TypeParent, TContext>; } export type TypeResolver< - R = Maybe<(Maybe)[]>, - Parent = CloudMachine, - TContext = SiemContext - > = Resolver; -} - -export namespace EndpointFieldsResolvers { - export interface Resolvers { - endpointPolicy?: EndpointPolicyResolver, TypeParent, TContext>; - - sensorVersion?: SensorVersionResolver, TypeParent, TContext>; - - policyStatus?: PolicyStatusResolver< - Maybe, - TypeParent, - TContext - >; - } - - export type EndpointPolicyResolver< - R = Maybe, - Parent = EndpointFields, - TContext = SiemContext - > = Resolver; - export type SensorVersionResolver< - R = Maybe, - Parent = EndpointFields, - TContext = SiemContext - > = Resolver; - export type PolicyStatusResolver< - R = Maybe, - Parent = EndpointFields, + R = Maybe, + Parent = AgentEcsField, TContext = SiemContext > = Resolver; } -export namespace FirstLastSeenHostResolvers { - export interface Resolvers { - inspect?: InspectResolver, TypeParent, TContext>; +export namespace AuditdDataResolvers { + export interface Resolvers { + acct?: AcctResolver, TypeParent, TContext>; - firstSeen?: FirstSeenResolver, TypeParent, TContext>; + terminal?: TerminalResolver, TypeParent, TContext>; - lastSeen?: LastSeenResolver, TypeParent, TContext>; + op?: OpResolver, TypeParent, TContext>; } - export type InspectResolver< - R = Maybe, - Parent = FirstLastSeenHost, + export type AcctResolver< + R = Maybe, + Parent = AuditdData, TContext = SiemContext > = Resolver; - export type FirstSeenResolver< - R = Maybe, - Parent = FirstLastSeenHost, + export type TerminalResolver< + R = Maybe, + Parent = AuditdData, TContext = SiemContext > = Resolver; - export type LastSeenResolver< - R = Maybe, - Parent = FirstLastSeenHost, + export type OpResolver< + R = Maybe, + Parent = AuditdData, TContext = SiemContext > = Resolver; } -export namespace KpiNetworkDataResolvers { - export interface Resolvers { - networkEvents?: NetworkEventsResolver, TypeParent, TContext>; - - uniqueFlowId?: UniqueFlowIdResolver, TypeParent, TContext>; - - uniqueSourcePrivateIps?: UniqueSourcePrivateIpsResolver, TypeParent, TContext>; - - uniqueSourcePrivateIpsHistogram?: UniqueSourcePrivateIpsHistogramResolver< - Maybe, - TypeParent, - TContext - >; - - uniqueDestinationPrivateIps?: UniqueDestinationPrivateIpsResolver< - Maybe, - TypeParent, - TContext - >; +export namespace AuditdEcsFieldsResolvers { + export interface Resolvers { + result?: ResultResolver, TypeParent, TContext>; - uniqueDestinationPrivateIpsHistogram?: UniqueDestinationPrivateIpsHistogramResolver< - Maybe, - TypeParent, - TContext - >; + session?: SessionResolver, TypeParent, TContext>; - dnsQueries?: DnsQueriesResolver, TypeParent, TContext>; + data?: DataResolver, TypeParent, TContext>; - tlsHandshakes?: TlsHandshakesResolver, TypeParent, TContext>; + summary?: SummaryResolver, TypeParent, TContext>; - inspect?: InspectResolver, TypeParent, TContext>; + sequence?: SequenceResolver, TypeParent, TContext>; } - export type NetworkEventsResolver< - R = Maybe, - Parent = KpiNetworkData, - TContext = SiemContext - > = Resolver; - export type UniqueFlowIdResolver< - R = Maybe, - Parent = KpiNetworkData, - TContext = SiemContext - > = Resolver; - export type UniqueSourcePrivateIpsResolver< - R = Maybe, - Parent = KpiNetworkData, + export type ResultResolver< + R = Maybe, + Parent = AuditdEcsFields, TContext = SiemContext > = Resolver; - export type UniqueSourcePrivateIpsHistogramResolver< - R = Maybe, - Parent = KpiNetworkData, + export type SessionResolver< + R = Maybe, + Parent = AuditdEcsFields, TContext = SiemContext > = Resolver; - export type UniqueDestinationPrivateIpsResolver< - R = Maybe, - Parent = KpiNetworkData, + export type DataResolver< + R = Maybe, + Parent = AuditdEcsFields, TContext = SiemContext > = Resolver; - export type UniqueDestinationPrivateIpsHistogramResolver< - R = Maybe, - Parent = KpiNetworkData, + export type SummaryResolver< + R = Maybe, + Parent = AuditdEcsFields, TContext = SiemContext > = Resolver; - export type DnsQueriesResolver< - R = Maybe, - Parent = KpiNetworkData, + export type SequenceResolver< + R = Maybe, + Parent = AuditdEcsFields, TContext = SiemContext > = Resolver; - export type TlsHandshakesResolver< - R = Maybe, - Parent = KpiNetworkData, +} + +export namespace ThreadResolvers { + export interface Resolvers { + id?: IdResolver, TypeParent, TContext>; + + start?: StartResolver, TypeParent, TContext>; + } + + export type IdResolver< + R = Maybe, + Parent = Thread, TContext = SiemContext > = Resolver; - export type InspectResolver< - R = Maybe, - Parent = KpiNetworkData, + export type StartResolver< + R = Maybe, + Parent = Thread, TContext = SiemContext > = Resolver; } -export namespace KpiNetworkHistogramDataResolvers { - export interface Resolvers { - x?: XResolver, TypeParent, TContext>; +export namespace ProcessHashDataResolvers { + export interface Resolvers { + md5?: Md5Resolver, TypeParent, TContext>; + + sha1?: Sha1Resolver, TypeParent, TContext>; - y?: YResolver, TypeParent, TContext>; + sha256?: Sha256Resolver, TypeParent, TContext>; } - export type XResolver< - R = Maybe, - Parent = KpiNetworkHistogramData, + export type Md5Resolver< + R = Maybe, + Parent = ProcessHashData, TContext = SiemContext > = Resolver; - export type YResolver< - R = Maybe, - Parent = KpiNetworkHistogramData, + export type Sha1Resolver< + R = Maybe, + Parent = ProcessHashData, + TContext = SiemContext + > = Resolver; + export type Sha256Resolver< + R = Maybe, + Parent = ProcessHashData, TContext = SiemContext > = Resolver; } -export namespace KpiHostsDataResolvers { - export interface Resolvers { - hosts?: HostsResolver, TypeParent, TContext>; - - hostsHistogram?: HostsHistogramResolver, TypeParent, TContext>; +export namespace ProcessEcsFieldsResolvers { + export interface Resolvers { + hash?: HashResolver, TypeParent, TContext>; - authSuccess?: AuthSuccessResolver, TypeParent, TContext>; + pid?: PidResolver, TypeParent, TContext>; - authSuccessHistogram?: AuthSuccessHistogramResolver< - Maybe, - TypeParent, - TContext - >; + name?: NameResolver, TypeParent, TContext>; - authFailure?: AuthFailureResolver, TypeParent, TContext>; + ppid?: PpidResolver, TypeParent, TContext>; - authFailureHistogram?: AuthFailureHistogramResolver< - Maybe, - TypeParent, - TContext - >; + args?: ArgsResolver, TypeParent, TContext>; - uniqueSourceIps?: UniqueSourceIpsResolver, TypeParent, TContext>; + entity_id?: EntityIdResolver, TypeParent, TContext>; - uniqueSourceIpsHistogram?: UniqueSourceIpsHistogramResolver< - Maybe, - TypeParent, - TContext - >; + executable?: ExecutableResolver, TypeParent, TContext>; - uniqueDestinationIps?: UniqueDestinationIpsResolver, TypeParent, TContext>; + title?: TitleResolver, TypeParent, TContext>; - uniqueDestinationIpsHistogram?: UniqueDestinationIpsHistogramResolver< - Maybe, - TypeParent, - TContext - >; + thread?: ThreadResolver, TypeParent, TContext>; - inspect?: InspectResolver, TypeParent, TContext>; + working_directory?: WorkingDirectoryResolver, TypeParent, TContext>; } - export type HostsResolver< - R = Maybe, - Parent = KpiHostsData, - TContext = SiemContext - > = Resolver; - export type HostsHistogramResolver< - R = Maybe, - Parent = KpiHostsData, + export type HashResolver< + R = Maybe, + Parent = ProcessEcsFields, TContext = SiemContext > = Resolver; - export type AuthSuccessResolver< - R = Maybe, - Parent = KpiHostsData, + export type PidResolver< + R = Maybe, + Parent = ProcessEcsFields, TContext = SiemContext > = Resolver; - export type AuthSuccessHistogramResolver< - R = Maybe, - Parent = KpiHostsData, + export type NameResolver< + R = Maybe, + Parent = ProcessEcsFields, TContext = SiemContext > = Resolver; - export type AuthFailureResolver< - R = Maybe, - Parent = KpiHostsData, + export type PpidResolver< + R = Maybe, + Parent = ProcessEcsFields, TContext = SiemContext > = Resolver; - export type AuthFailureHistogramResolver< - R = Maybe, - Parent = KpiHostsData, + export type ArgsResolver< + R = Maybe, + Parent = ProcessEcsFields, TContext = SiemContext > = Resolver; - export type UniqueSourceIpsResolver< - R = Maybe, - Parent = KpiHostsData, + export type EntityIdResolver< + R = Maybe, + Parent = ProcessEcsFields, TContext = SiemContext > = Resolver; - export type UniqueSourceIpsHistogramResolver< - R = Maybe, - Parent = KpiHostsData, + export type ExecutableResolver< + R = Maybe, + Parent = ProcessEcsFields, TContext = SiemContext > = Resolver; - export type UniqueDestinationIpsResolver< - R = Maybe, - Parent = KpiHostsData, + export type TitleResolver< + R = Maybe, + Parent = ProcessEcsFields, TContext = SiemContext > = Resolver; - export type UniqueDestinationIpsHistogramResolver< - R = Maybe, - Parent = KpiHostsData, + export type ThreadResolver< + R = Maybe, + Parent = ProcessEcsFields, TContext = SiemContext > = Resolver; - export type InspectResolver< - R = Maybe, - Parent = KpiHostsData, + export type WorkingDirectoryResolver< + R = Maybe, + Parent = ProcessEcsFields, TContext = SiemContext > = Resolver; } -export namespace KpiHostHistogramDataResolvers { - export interface Resolvers { - x?: XResolver, TypeParent, TContext>; +export namespace SourceEcsFieldsResolvers { + export interface Resolvers { + bytes?: BytesResolver, TypeParent, TContext>; + + ip?: IpResolver, TypeParent, TContext>; + + port?: PortResolver, TypeParent, TContext>; + + domain?: DomainResolver, TypeParent, TContext>; + + geo?: GeoResolver, TypeParent, TContext>; - y?: YResolver, TypeParent, TContext>; + packets?: PacketsResolver, TypeParent, TContext>; } - export type XResolver< - R = Maybe, - Parent = KpiHostHistogramData, + export type BytesResolver< + R = Maybe, + Parent = SourceEcsFields, TContext = SiemContext > = Resolver; - export type YResolver< - R = Maybe, - Parent = KpiHostHistogramData, + export type IpResolver< + R = Maybe, + Parent = SourceEcsFields, + TContext = SiemContext + > = Resolver; + export type PortResolver< + R = Maybe, + Parent = SourceEcsFields, + TContext = SiemContext + > = Resolver; + export type DomainResolver< + R = Maybe, + Parent = SourceEcsFields, + TContext = SiemContext + > = Resolver; + export type GeoResolver< + R = Maybe, + Parent = SourceEcsFields, + TContext = SiemContext + > = Resolver; + export type PacketsResolver< + R = Maybe, + Parent = SourceEcsFields, TContext = SiemContext > = Resolver; } -export namespace KpiHostDetailsDataResolvers { - export interface Resolvers { - authSuccess?: AuthSuccessResolver, TypeParent, TContext>; - - authSuccessHistogram?: AuthSuccessHistogramResolver< - Maybe, - TypeParent, - TContext - >; - - authFailure?: AuthFailureResolver, TypeParent, TContext>; - - authFailureHistogram?: AuthFailureHistogramResolver< - Maybe, - TypeParent, - TContext - >; +export namespace DestinationEcsFieldsResolvers { + export interface Resolvers { + bytes?: BytesResolver, TypeParent, TContext>; - uniqueSourceIps?: UniqueSourceIpsResolver, TypeParent, TContext>; + ip?: IpResolver, TypeParent, TContext>; - uniqueSourceIpsHistogram?: UniqueSourceIpsHistogramResolver< - Maybe, - TypeParent, - TContext - >; + port?: PortResolver, TypeParent, TContext>; - uniqueDestinationIps?: UniqueDestinationIpsResolver, TypeParent, TContext>; + domain?: DomainResolver, TypeParent, TContext>; - uniqueDestinationIpsHistogram?: UniqueDestinationIpsHistogramResolver< - Maybe, - TypeParent, - TContext - >; + geo?: GeoResolver, TypeParent, TContext>; - inspect?: InspectResolver, TypeParent, TContext>; + packets?: PacketsResolver, TypeParent, TContext>; } - export type AuthSuccessResolver< - R = Maybe, - Parent = KpiHostDetailsData, - TContext = SiemContext - > = Resolver; - export type AuthSuccessHistogramResolver< - R = Maybe, - Parent = KpiHostDetailsData, - TContext = SiemContext - > = Resolver; - export type AuthFailureResolver< - R = Maybe, - Parent = KpiHostDetailsData, - TContext = SiemContext - > = Resolver; - export type AuthFailureHistogramResolver< - R = Maybe, - Parent = KpiHostDetailsData, + export type BytesResolver< + R = Maybe, + Parent = DestinationEcsFields, TContext = SiemContext > = Resolver; - export type UniqueSourceIpsResolver< - R = Maybe, - Parent = KpiHostDetailsData, + export type IpResolver< + R = Maybe, + Parent = DestinationEcsFields, TContext = SiemContext > = Resolver; - export type UniqueSourceIpsHistogramResolver< - R = Maybe, - Parent = KpiHostDetailsData, + export type PortResolver< + R = Maybe, + Parent = DestinationEcsFields, TContext = SiemContext > = Resolver; - export type UniqueDestinationIpsResolver< - R = Maybe, - Parent = KpiHostDetailsData, + export type DomainResolver< + R = Maybe, + Parent = DestinationEcsFields, TContext = SiemContext > = Resolver; - export type UniqueDestinationIpsHistogramResolver< - R = Maybe, - Parent = KpiHostDetailsData, + export type GeoResolver< + R = Maybe, + Parent = DestinationEcsFields, TContext = SiemContext > = Resolver; - export type InspectResolver< - R = Maybe, - Parent = KpiHostDetailsData, + export type PacketsResolver< + R = Maybe, + Parent = DestinationEcsFields, TContext = SiemContext > = Resolver; } -export namespace MatrixHistogramOverTimeDataResolvers { - export interface Resolvers { - inspect?: InspectResolver, TypeParent, TContext>; - - matrixHistogramData?: MatrixHistogramDataResolver< - MatrixOverTimeHistogramData[], - TypeParent, - TContext - >; +export namespace DnsQuestionDataResolvers { + export interface Resolvers { + name?: NameResolver, TypeParent, TContext>; - totalCount?: TotalCountResolver; + type?: TypeResolver, TypeParent, TContext>; } - export type InspectResolver< - R = Maybe, - Parent = MatrixHistogramOverTimeData, - TContext = SiemContext - > = Resolver; - export type MatrixHistogramDataResolver< - R = MatrixOverTimeHistogramData[], - Parent = MatrixHistogramOverTimeData, + export type NameResolver< + R = Maybe, + Parent = DnsQuestionData, TContext = SiemContext > = Resolver; - export type TotalCountResolver< - R = number, - Parent = MatrixHistogramOverTimeData, + export type TypeResolver< + R = Maybe, + Parent = DnsQuestionData, TContext = SiemContext > = Resolver; } -export namespace MatrixOverTimeHistogramDataResolvers { - export interface Resolvers { - x?: XResolver, TypeParent, TContext>; +export namespace DnsEcsFieldsResolvers { + export interface Resolvers { + question?: QuestionResolver, TypeParent, TContext>; - y?: YResolver, TypeParent, TContext>; + resolved_ip?: ResolvedIpResolver, TypeParent, TContext>; - g?: GResolver, TypeParent, TContext>; + response_code?: ResponseCodeResolver, TypeParent, TContext>; } - export type XResolver< - R = Maybe, - Parent = MatrixOverTimeHistogramData, + export type QuestionResolver< + R = Maybe, + Parent = DnsEcsFields, TContext = SiemContext > = Resolver; - export type YResolver< - R = Maybe, - Parent = MatrixOverTimeHistogramData, + export type ResolvedIpResolver< + R = Maybe, + Parent = DnsEcsFields, TContext = SiemContext > = Resolver; - export type GResolver< - R = Maybe, - Parent = MatrixOverTimeHistogramData, + export type ResponseCodeResolver< + R = Maybe, + Parent = DnsEcsFields, TContext = SiemContext > = Resolver; } -export namespace NetworkTopCountriesDataResolvers { - export interface Resolvers { - edges?: EdgesResolver; +export namespace EndgameEcsFieldsResolvers { + export interface Resolvers { + exit_code?: ExitCodeResolver, TypeParent, TContext>; - totalCount?: TotalCountResolver; + file_name?: FileNameResolver, TypeParent, TContext>; - pageInfo?: PageInfoResolver; + file_path?: FilePathResolver, TypeParent, TContext>; - inspect?: InspectResolver, TypeParent, TContext>; + logon_type?: LogonTypeResolver, TypeParent, TContext>; + + parent_process_name?: ParentProcessNameResolver, TypeParent, TContext>; + + pid?: PidResolver, TypeParent, TContext>; + + process_name?: ProcessNameResolver, TypeParent, TContext>; + + subject_domain_name?: SubjectDomainNameResolver, TypeParent, TContext>; + + subject_logon_id?: SubjectLogonIdResolver, TypeParent, TContext>; + + subject_user_name?: SubjectUserNameResolver, TypeParent, TContext>; + + target_domain_name?: TargetDomainNameResolver, TypeParent, TContext>; + + target_logon_id?: TargetLogonIdResolver, TypeParent, TContext>; + + target_user_name?: TargetUserNameResolver, TypeParent, TContext>; } - export type EdgesResolver< - R = NetworkTopCountriesEdges[], - Parent = NetworkTopCountriesData, + export type ExitCodeResolver< + R = Maybe, + Parent = EndgameEcsFields, + TContext = SiemContext + > = Resolver; + export type FileNameResolver< + R = Maybe, + Parent = EndgameEcsFields, + TContext = SiemContext + > = Resolver; + export type FilePathResolver< + R = Maybe, + Parent = EndgameEcsFields, + TContext = SiemContext + > = Resolver; + export type LogonTypeResolver< + R = Maybe, + Parent = EndgameEcsFields, + TContext = SiemContext + > = Resolver; + export type ParentProcessNameResolver< + R = Maybe, + Parent = EndgameEcsFields, + TContext = SiemContext + > = Resolver; + export type PidResolver< + R = Maybe, + Parent = EndgameEcsFields, + TContext = SiemContext + > = Resolver; + export type ProcessNameResolver< + R = Maybe, + Parent = EndgameEcsFields, + TContext = SiemContext + > = Resolver; + export type SubjectDomainNameResolver< + R = Maybe, + Parent = EndgameEcsFields, + TContext = SiemContext + > = Resolver; + export type SubjectLogonIdResolver< + R = Maybe, + Parent = EndgameEcsFields, TContext = SiemContext > = Resolver; - export type TotalCountResolver< - R = number, - Parent = NetworkTopCountriesData, + export type SubjectUserNameResolver< + R = Maybe, + Parent = EndgameEcsFields, TContext = SiemContext > = Resolver; - export type PageInfoResolver< - R = PageInfoPaginated, - Parent = NetworkTopCountriesData, + export type TargetDomainNameResolver< + R = Maybe, + Parent = EndgameEcsFields, TContext = SiemContext > = Resolver; - export type InspectResolver< - R = Maybe, - Parent = NetworkTopCountriesData, + export type TargetLogonIdResolver< + R = Maybe, + Parent = EndgameEcsFields, + TContext = SiemContext + > = Resolver; + export type TargetUserNameResolver< + R = Maybe, + Parent = EndgameEcsFields, TContext = SiemContext > = Resolver; } -export namespace NetworkTopCountriesEdgesResolvers { - export interface Resolvers { - node?: NodeResolver; +export namespace SuricataAlertDataResolvers { + export interface Resolvers { + signature?: SignatureResolver, TypeParent, TContext>; - cursor?: CursorResolver; + signature_id?: SignatureIdResolver, TypeParent, TContext>; } - export type NodeResolver< - R = NetworkTopCountriesItem, - Parent = NetworkTopCountriesEdges, + export type SignatureResolver< + R = Maybe, + Parent = SuricataAlertData, TContext = SiemContext > = Resolver; - export type CursorResolver< - R = CursorType, - Parent = NetworkTopCountriesEdges, + export type SignatureIdResolver< + R = Maybe, + Parent = SuricataAlertData, TContext = SiemContext > = Resolver; } -export namespace NetworkTopCountriesItemResolvers { - export interface Resolvers { - _id?: _IdResolver, TypeParent, TContext>; - - source?: SourceResolver, TypeParent, TContext>; +export namespace SuricataEveDataResolvers { + export interface Resolvers { + alert?: AlertResolver, TypeParent, TContext>; - destination?: DestinationResolver, TypeParent, TContext>; + flow_id?: FlowIdResolver, TypeParent, TContext>; - network?: NetworkResolver, TypeParent, TContext>; + proto?: ProtoResolver, TypeParent, TContext>; } - export type _IdResolver< - R = Maybe, - Parent = NetworkTopCountriesItem, - TContext = SiemContext - > = Resolver; - export type SourceResolver< - R = Maybe, - Parent = NetworkTopCountriesItem, + export type AlertResolver< + R = Maybe, + Parent = SuricataEveData, TContext = SiemContext > = Resolver; - export type DestinationResolver< - R = Maybe, - Parent = NetworkTopCountriesItem, + export type FlowIdResolver< + R = Maybe, + Parent = SuricataEveData, TContext = SiemContext > = Resolver; - export type NetworkResolver< - R = Maybe, - Parent = NetworkTopCountriesItem, + export type ProtoResolver< + R = Maybe, + Parent = SuricataEveData, TContext = SiemContext > = Resolver; } -export namespace TopCountriesItemSourceResolvers { - export interface Resolvers { - country?: CountryResolver, TypeParent, TContext>; - - destination_ips?: DestinationIpsResolver, TypeParent, TContext>; - - flows?: FlowsResolver, TypeParent, TContext>; +export namespace SuricataEcsFieldsResolvers { + export interface Resolvers { + eve?: EveResolver, TypeParent, TContext>; + } - location?: LocationResolver, TypeParent, TContext>; + export type EveResolver< + R = Maybe, + Parent = SuricataEcsFields, + TContext = SiemContext + > = Resolver; +} - source_ips?: SourceIpsResolver, TypeParent, TContext>; +export namespace TlsJa3DataResolvers { + export interface Resolvers { + hash?: HashResolver, TypeParent, TContext>; } - export type CountryResolver< - R = Maybe, - Parent = TopCountriesItemSource, + export type HashResolver< + R = Maybe, + Parent = TlsJa3Data, TContext = SiemContext > = Resolver; - export type DestinationIpsResolver< - R = Maybe, - Parent = TopCountriesItemSource, +} + +export namespace FingerprintDataResolvers { + export interface Resolvers { + sha1?: Sha1Resolver, TypeParent, TContext>; + } + + export type Sha1Resolver< + R = Maybe, + Parent = FingerprintData, TContext = SiemContext > = Resolver; - export type FlowsResolver< - R = Maybe, - Parent = TopCountriesItemSource, +} + +export namespace TlsClientCertificateDataResolvers { + export interface Resolvers { + fingerprint?: FingerprintResolver, TypeParent, TContext>; + } + + export type FingerprintResolver< + R = Maybe, + Parent = TlsClientCertificateData, TContext = SiemContext > = Resolver; - export type LocationResolver< - R = Maybe, - Parent = TopCountriesItemSource, +} + +export namespace TlsServerCertificateDataResolvers { + export interface Resolvers { + fingerprint?: FingerprintResolver, TypeParent, TContext>; + } + + export type FingerprintResolver< + R = Maybe, + Parent = TlsServerCertificateData, TContext = SiemContext > = Resolver; - export type SourceIpsResolver< - R = Maybe, - Parent = TopCountriesItemSource, +} + +export namespace TlsFingerprintsDataResolvers { + export interface Resolvers { + ja3?: Ja3Resolver, TypeParent, TContext>; + } + + export type Ja3Resolver< + R = Maybe, + Parent = TlsFingerprintsData, TContext = SiemContext > = Resolver; } -export namespace GeoItemResolvers { - export interface Resolvers { - geo?: GeoResolver, TypeParent, TContext>; +export namespace TlsEcsFieldsResolvers { + export interface Resolvers { + client_certificate?: ClientCertificateResolver< + Maybe, + TypeParent, + TContext + >; + + fingerprints?: FingerprintsResolver, TypeParent, TContext>; - flowTarget?: FlowTargetResolver, TypeParent, TContext>; + server_certificate?: ServerCertificateResolver< + Maybe, + TypeParent, + TContext + >; } - export type GeoResolver< - R = Maybe, - Parent = GeoItem, + export type ClientCertificateResolver< + R = Maybe, + Parent = TlsEcsFields, + TContext = SiemContext + > = Resolver; + export type FingerprintsResolver< + R = Maybe, + Parent = TlsEcsFields, TContext = SiemContext > = Resolver; - export type FlowTargetResolver< - R = Maybe, - Parent = GeoItem, + export type ServerCertificateResolver< + R = Maybe, + Parent = TlsEcsFields, TContext = SiemContext > = Resolver; } -export namespace TopCountriesItemDestinationResolvers { - export interface Resolvers { - country?: CountryResolver, TypeParent, TContext>; +export namespace ZeekConnectionDataResolvers { + export interface Resolvers { + local_resp?: LocalRespResolver, TypeParent, TContext>; - destination_ips?: DestinationIpsResolver, TypeParent, TContext>; + local_orig?: LocalOrigResolver, TypeParent, TContext>; - flows?: FlowsResolver, TypeParent, TContext>; + missed_bytes?: MissedBytesResolver, TypeParent, TContext>; - location?: LocationResolver, TypeParent, TContext>; + state?: StateResolver, TypeParent, TContext>; - source_ips?: SourceIpsResolver, TypeParent, TContext>; + history?: HistoryResolver, TypeParent, TContext>; } - export type CountryResolver< - R = Maybe, - Parent = TopCountriesItemDestination, + export type LocalRespResolver< + R = Maybe, + Parent = ZeekConnectionData, TContext = SiemContext > = Resolver; - export type DestinationIpsResolver< - R = Maybe, - Parent = TopCountriesItemDestination, + export type LocalOrigResolver< + R = Maybe, + Parent = ZeekConnectionData, TContext = SiemContext > = Resolver; - export type FlowsResolver< - R = Maybe, - Parent = TopCountriesItemDestination, + export type MissedBytesResolver< + R = Maybe, + Parent = ZeekConnectionData, TContext = SiemContext > = Resolver; - export type LocationResolver< - R = Maybe, - Parent = TopCountriesItemDestination, + export type StateResolver< + R = Maybe, + Parent = ZeekConnectionData, TContext = SiemContext > = Resolver; - export type SourceIpsResolver< - R = Maybe, - Parent = TopCountriesItemDestination, + export type HistoryResolver< + R = Maybe, + Parent = ZeekConnectionData, TContext = SiemContext > = Resolver; } -export namespace TopNetworkTablesEcsFieldResolvers { - export interface Resolvers { - bytes_in?: BytesInResolver, TypeParent, TContext>; +export namespace ZeekNoticeDataResolvers { + export interface Resolvers { + suppress_for?: SuppressForResolver, TypeParent, TContext>; - bytes_out?: BytesOutResolver, TypeParent, TContext>; - } + msg?: MsgResolver, TypeParent, TContext>; - export type BytesInResolver< - R = Maybe, - Parent = TopNetworkTablesEcsField, - TContext = SiemContext - > = Resolver; - export type BytesOutResolver< - R = Maybe, - Parent = TopNetworkTablesEcsField, - TContext = SiemContext - > = Resolver; -} + note?: NoteResolver, TypeParent, TContext>; -export namespace NetworkTopNFlowDataResolvers { - export interface Resolvers { - edges?: EdgesResolver; + sub?: SubResolver, TypeParent, TContext>; - totalCount?: TotalCountResolver; + dst?: DstResolver, TypeParent, TContext>; - pageInfo?: PageInfoResolver; + dropped?: DroppedResolver, TypeParent, TContext>; - inspect?: InspectResolver, TypeParent, TContext>; + peer_descr?: PeerDescrResolver, TypeParent, TContext>; } - export type EdgesResolver< - R = NetworkTopNFlowEdges[], - Parent = NetworkTopNFlowData, + export type SuppressForResolver< + R = Maybe, + Parent = ZeekNoticeData, TContext = SiemContext > = Resolver; - export type TotalCountResolver< - R = number, - Parent = NetworkTopNFlowData, + export type MsgResolver< + R = Maybe, + Parent = ZeekNoticeData, TContext = SiemContext > = Resolver; - export type PageInfoResolver< - R = PageInfoPaginated, - Parent = NetworkTopNFlowData, + export type NoteResolver< + R = Maybe, + Parent = ZeekNoticeData, TContext = SiemContext > = Resolver; - export type InspectResolver< - R = Maybe, - Parent = NetworkTopNFlowData, + export type SubResolver< + R = Maybe, + Parent = ZeekNoticeData, TContext = SiemContext > = Resolver; -} - -export namespace NetworkTopNFlowEdgesResolvers { - export interface Resolvers { - node?: NodeResolver; - - cursor?: CursorResolver; - } - - export type NodeResolver< - R = NetworkTopNFlowItem, - Parent = NetworkTopNFlowEdges, + export type DstResolver< + R = Maybe, + Parent = ZeekNoticeData, TContext = SiemContext > = Resolver; - export type CursorResolver< - R = CursorType, - Parent = NetworkTopNFlowEdges, + export type DroppedResolver< + R = Maybe, + Parent = ZeekNoticeData, + TContext = SiemContext + > = Resolver; + export type PeerDescrResolver< + R = Maybe, + Parent = ZeekNoticeData, TContext = SiemContext > = Resolver; } -export namespace NetworkTopNFlowItemResolvers { - export interface Resolvers { - _id?: _IdResolver, TypeParent, TContext>; +export namespace ZeekDnsDataResolvers { + export interface Resolvers { + AA?: AaResolver, TypeParent, TContext>; - source?: SourceResolver, TypeParent, TContext>; + qclass_name?: QclassNameResolver, TypeParent, TContext>; - destination?: DestinationResolver, TypeParent, TContext>; + RD?: RdResolver, TypeParent, TContext>; - network?: NetworkResolver, TypeParent, TContext>; - } + qtype_name?: QtypeNameResolver, TypeParent, TContext>; - export type _IdResolver< - R = Maybe, - Parent = NetworkTopNFlowItem, - TContext = SiemContext - > = Resolver; - export type SourceResolver< - R = Maybe, - Parent = NetworkTopNFlowItem, - TContext = SiemContext - > = Resolver; - export type DestinationResolver< - R = Maybe, - Parent = NetworkTopNFlowItem, - TContext = SiemContext - > = Resolver; - export type NetworkResolver< - R = Maybe, - Parent = NetworkTopNFlowItem, - TContext = SiemContext - > = Resolver; -} + rejected?: RejectedResolver, TypeParent, TContext>; -export namespace TopNFlowItemSourceResolvers { - export interface Resolvers { - autonomous_system?: AutonomousSystemResolver, TypeParent, TContext>; + qtype?: QtypeResolver, TypeParent, TContext>; - domain?: DomainResolver, TypeParent, TContext>; + query?: QueryResolver, TypeParent, TContext>; - ip?: IpResolver, TypeParent, TContext>; + trans_id?: TransIdResolver, TypeParent, TContext>; - location?: LocationResolver, TypeParent, TContext>; + qclass?: QclassResolver, TypeParent, TContext>; - flows?: FlowsResolver, TypeParent, TContext>; + RA?: RaResolver, TypeParent, TContext>; - destination_ips?: DestinationIpsResolver, TypeParent, TContext>; + TC?: TcResolver, TypeParent, TContext>; } - export type AutonomousSystemResolver< - R = Maybe, - Parent = TopNFlowItemSource, + export type AaResolver< + R = Maybe, + Parent = ZeekDnsData, TContext = SiemContext > = Resolver; - export type DomainResolver< - R = Maybe, - Parent = TopNFlowItemSource, + export type QclassNameResolver< + R = Maybe, + Parent = ZeekDnsData, TContext = SiemContext > = Resolver; - export type IpResolver< - R = Maybe, - Parent = TopNFlowItemSource, + export type RdResolver< + R = Maybe, + Parent = ZeekDnsData, TContext = SiemContext > = Resolver; - export type LocationResolver< - R = Maybe, - Parent = TopNFlowItemSource, + export type QtypeNameResolver< + R = Maybe, + Parent = ZeekDnsData, TContext = SiemContext > = Resolver; - export type FlowsResolver< - R = Maybe, - Parent = TopNFlowItemSource, + export type RejectedResolver< + R = Maybe, + Parent = ZeekDnsData, TContext = SiemContext > = Resolver; - export type DestinationIpsResolver< - R = Maybe, - Parent = TopNFlowItemSource, + export type QtypeResolver< + R = Maybe, + Parent = ZeekDnsData, TContext = SiemContext > = Resolver; -} - -export namespace AutonomousSystemItemResolvers { - export interface Resolvers { - name?: NameResolver, TypeParent, TContext>; - - number?: NumberResolver, TypeParent, TContext>; - } - - export type NameResolver< - R = Maybe, - Parent = AutonomousSystemItem, + export type QueryResolver< + R = Maybe, + Parent = ZeekDnsData, TContext = SiemContext > = Resolver; - export type NumberResolver< - R = Maybe, - Parent = AutonomousSystemItem, + export type TransIdResolver< + R = Maybe, + Parent = ZeekDnsData, + TContext = SiemContext + > = Resolver; + export type QclassResolver< + R = Maybe, + Parent = ZeekDnsData, + TContext = SiemContext + > = Resolver; + export type RaResolver< + R = Maybe, + Parent = ZeekDnsData, + TContext = SiemContext + > = Resolver; + export type TcResolver< + R = Maybe, + Parent = ZeekDnsData, TContext = SiemContext > = Resolver; } -export namespace TopNFlowItemDestinationResolvers { - export interface Resolvers { - autonomous_system?: AutonomousSystemResolver, TypeParent, TContext>; +export namespace FileFieldsResolvers { + export interface Resolvers { + name?: NameResolver, TypeParent, TContext>; + + path?: PathResolver, TypeParent, TContext>; + + target_path?: TargetPathResolver, TypeParent, TContext>; + + extension?: ExtensionResolver, TypeParent, TContext>; + + type?: TypeResolver, TypeParent, TContext>; + + device?: DeviceResolver, TypeParent, TContext>; + + inode?: InodeResolver, TypeParent, TContext>; + + uid?: UidResolver, TypeParent, TContext>; + + owner?: OwnerResolver, TypeParent, TContext>; + + gid?: GidResolver, TypeParent, TContext>; - domain?: DomainResolver, TypeParent, TContext>; + group?: GroupResolver, TypeParent, TContext>; - ip?: IpResolver, TypeParent, TContext>; + mode?: ModeResolver, TypeParent, TContext>; - location?: LocationResolver, TypeParent, TContext>; + size?: SizeResolver, TypeParent, TContext>; - flows?: FlowsResolver, TypeParent, TContext>; + mtime?: MtimeResolver, TypeParent, TContext>; - source_ips?: SourceIpsResolver, TypeParent, TContext>; + ctime?: CtimeResolver, TypeParent, TContext>; } - export type AutonomousSystemResolver< - R = Maybe, - Parent = TopNFlowItemDestination, + export type NameResolver< + R = Maybe, + Parent = FileFields, TContext = SiemContext > = Resolver; - export type DomainResolver< - R = Maybe, - Parent = TopNFlowItemDestination, + export type PathResolver< + R = Maybe, + Parent = FileFields, TContext = SiemContext > = Resolver; - export type IpResolver< - R = Maybe, - Parent = TopNFlowItemDestination, + export type TargetPathResolver< + R = Maybe, + Parent = FileFields, TContext = SiemContext > = Resolver; - export type LocationResolver< - R = Maybe, - Parent = TopNFlowItemDestination, + export type ExtensionResolver< + R = Maybe, + Parent = FileFields, TContext = SiemContext > = Resolver; - export type FlowsResolver< - R = Maybe, - Parent = TopNFlowItemDestination, + export type TypeResolver< + R = Maybe, + Parent = FileFields, TContext = SiemContext > = Resolver; - export type SourceIpsResolver< - R = Maybe, - Parent = TopNFlowItemDestination, + export type DeviceResolver< + R = Maybe, + Parent = FileFields, TContext = SiemContext > = Resolver; -} - -export namespace NetworkDnsDataResolvers { - export interface Resolvers { - edges?: EdgesResolver; - - totalCount?: TotalCountResolver; - - pageInfo?: PageInfoResolver; - - inspect?: InspectResolver, TypeParent, TContext>; - - histogram?: HistogramResolver, TypeParent, TContext>; - } - - export type EdgesResolver< - R = NetworkDnsEdges[], - Parent = NetworkDnsData, + export type InodeResolver< + R = Maybe, + Parent = FileFields, TContext = SiemContext > = Resolver; - export type TotalCountResolver< - R = number, - Parent = NetworkDnsData, + export type UidResolver< + R = Maybe, + Parent = FileFields, TContext = SiemContext > = Resolver; - export type PageInfoResolver< - R = PageInfoPaginated, - Parent = NetworkDnsData, + export type OwnerResolver< + R = Maybe, + Parent = FileFields, TContext = SiemContext > = Resolver; - export type InspectResolver< - R = Maybe, - Parent = NetworkDnsData, + export type GidResolver< + R = Maybe, + Parent = FileFields, TContext = SiemContext > = Resolver; - export type HistogramResolver< - R = Maybe, - Parent = NetworkDnsData, + export type GroupResolver< + R = Maybe, + Parent = FileFields, TContext = SiemContext > = Resolver; -} - -export namespace NetworkDnsEdgesResolvers { - export interface Resolvers { - node?: NodeResolver; - - cursor?: CursorResolver; - } - - export type NodeResolver< - R = NetworkDnsItem, - Parent = NetworkDnsEdges, + export type ModeResolver< + R = Maybe, + Parent = FileFields, TContext = SiemContext > = Resolver; - export type CursorResolver< - R = CursorType, - Parent = NetworkDnsEdges, + export type SizeResolver< + R = Maybe, + Parent = FileFields, + TContext = SiemContext + > = Resolver; + export type MtimeResolver< + R = Maybe, + Parent = FileFields, + TContext = SiemContext + > = Resolver; + export type CtimeResolver< + R = Maybe, + Parent = FileFields, TContext = SiemContext > = Resolver; } -export namespace NetworkDnsItemResolvers { - export interface Resolvers { - _id?: _IdResolver, TypeParent, TContext>; - - dnsBytesIn?: DnsBytesInResolver, TypeParent, TContext>; +export namespace ZeekHttpDataResolvers { + export interface Resolvers { + resp_mime_types?: RespMimeTypesResolver, TypeParent, TContext>; - dnsBytesOut?: DnsBytesOutResolver, TypeParent, TContext>; + trans_depth?: TransDepthResolver, TypeParent, TContext>; - dnsName?: DnsNameResolver, TypeParent, TContext>; + status_msg?: StatusMsgResolver, TypeParent, TContext>; - queryCount?: QueryCountResolver, TypeParent, TContext>; + resp_fuids?: RespFuidsResolver, TypeParent, TContext>; - uniqueDomains?: UniqueDomainsResolver, TypeParent, TContext>; + tags?: TagsResolver, TypeParent, TContext>; } - export type _IdResolver< - R = Maybe, - Parent = NetworkDnsItem, - TContext = SiemContext - > = Resolver; - export type DnsBytesInResolver< - R = Maybe, - Parent = NetworkDnsItem, + export type RespMimeTypesResolver< + R = Maybe, + Parent = ZeekHttpData, TContext = SiemContext > = Resolver; - export type DnsBytesOutResolver< - R = Maybe, - Parent = NetworkDnsItem, + export type TransDepthResolver< + R = Maybe, + Parent = ZeekHttpData, TContext = SiemContext > = Resolver; - export type DnsNameResolver< - R = Maybe, - Parent = NetworkDnsItem, + export type StatusMsgResolver< + R = Maybe, + Parent = ZeekHttpData, TContext = SiemContext > = Resolver; - export type QueryCountResolver< - R = Maybe, - Parent = NetworkDnsItem, + export type RespFuidsResolver< + R = Maybe, + Parent = ZeekHttpData, TContext = SiemContext > = Resolver; - export type UniqueDomainsResolver< - R = Maybe, - Parent = NetworkDnsItem, + export type TagsResolver< + R = Maybe, + Parent = ZeekHttpData, TContext = SiemContext > = Resolver; } -export namespace MatrixOverOrdinalHistogramDataResolvers { - export interface Resolvers { - x?: XResolver; - - y?: YResolver; +export namespace HttpBodyDataResolvers { + export interface Resolvers { + content?: ContentResolver, TypeParent, TContext>; - g?: GResolver; + bytes?: BytesResolver, TypeParent, TContext>; } - export type XResolver< - R = string, - Parent = MatrixOverOrdinalHistogramData, - TContext = SiemContext - > = Resolver; - export type YResolver< - R = number, - Parent = MatrixOverOrdinalHistogramData, + export type ContentResolver< + R = Maybe, + Parent = HttpBodyData, TContext = SiemContext > = Resolver; - export type GResolver< - R = string, - Parent = MatrixOverOrdinalHistogramData, + export type BytesResolver< + R = Maybe, + Parent = HttpBodyData, TContext = SiemContext > = Resolver; } -export namespace NetworkDsOverTimeDataResolvers { - export interface Resolvers { - inspect?: InspectResolver, TypeParent, TContext>; +export namespace HttpRequestDataResolvers { + export interface Resolvers { + method?: MethodResolver, TypeParent, TContext>; - matrixHistogramData?: MatrixHistogramDataResolver< - MatrixOverTimeHistogramData[], - TypeParent, - TContext - >; + body?: BodyResolver, TypeParent, TContext>; - totalCount?: TotalCountResolver; + referrer?: ReferrerResolver, TypeParent, TContext>; + + bytes?: BytesResolver, TypeParent, TContext>; } - export type InspectResolver< - R = Maybe, - Parent = NetworkDsOverTimeData, + export type MethodResolver< + R = Maybe, + Parent = HttpRequestData, TContext = SiemContext > = Resolver; - export type MatrixHistogramDataResolver< - R = MatrixOverTimeHistogramData[], - Parent = NetworkDsOverTimeData, + export type BodyResolver< + R = Maybe, + Parent = HttpRequestData, TContext = SiemContext > = Resolver; - export type TotalCountResolver< - R = number, - Parent = NetworkDsOverTimeData, + export type ReferrerResolver< + R = Maybe, + Parent = HttpRequestData, + TContext = SiemContext + > = Resolver; + export type BytesResolver< + R = Maybe, + Parent = HttpRequestData, TContext = SiemContext > = Resolver; } -export namespace NetworkHttpDataResolvers { - export interface Resolvers { - edges?: EdgesResolver; - - totalCount?: TotalCountResolver; +export namespace HttpResponseDataResolvers { + export interface Resolvers { + status_code?: StatusCodeResolver, TypeParent, TContext>; - pageInfo?: PageInfoResolver; + body?: BodyResolver, TypeParent, TContext>; - inspect?: InspectResolver, TypeParent, TContext>; + bytes?: BytesResolver, TypeParent, TContext>; } - export type EdgesResolver< - R = NetworkHttpEdges[], - Parent = NetworkHttpData, - TContext = SiemContext - > = Resolver; - export type TotalCountResolver< - R = number, - Parent = NetworkHttpData, + export type StatusCodeResolver< + R = Maybe, + Parent = HttpResponseData, TContext = SiemContext > = Resolver; - export type PageInfoResolver< - R = PageInfoPaginated, - Parent = NetworkHttpData, + export type BodyResolver< + R = Maybe, + Parent = HttpResponseData, TContext = SiemContext > = Resolver; - export type InspectResolver< - R = Maybe, - Parent = NetworkHttpData, + export type BytesResolver< + R = Maybe, + Parent = HttpResponseData, TContext = SiemContext > = Resolver; } -export namespace NetworkHttpEdgesResolvers { - export interface Resolvers { - node?: NodeResolver; +export namespace HttpEcsFieldsResolvers { + export interface Resolvers { + version?: VersionResolver, TypeParent, TContext>; + + request?: RequestResolver, TypeParent, TContext>; - cursor?: CursorResolver; + response?: ResponseResolver, TypeParent, TContext>; } - export type NodeResolver< - R = NetworkHttpItem, - Parent = NetworkHttpEdges, + export type VersionResolver< + R = Maybe, + Parent = HttpEcsFields, TContext = SiemContext > = Resolver; - export type CursorResolver< - R = CursorType, - Parent = NetworkHttpEdges, + export type RequestResolver< + R = Maybe, + Parent = HttpEcsFields, + TContext = SiemContext + > = Resolver; + export type ResponseResolver< + R = Maybe, + Parent = HttpEcsFields, TContext = SiemContext > = Resolver; } -export namespace NetworkHttpItemResolvers { - export interface Resolvers { - _id?: _IdResolver, TypeParent, TContext>; - - domains?: DomainsResolver; - - lastHost?: LastHostResolver, TypeParent, TContext>; - - lastSourceIp?: LastSourceIpResolver, TypeParent, TContext>; - - methods?: MethodsResolver; +export namespace UrlEcsFieldsResolvers { + export interface Resolvers { + domain?: DomainResolver, TypeParent, TContext>; - path?: PathResolver, TypeParent, TContext>; + original?: OriginalResolver, TypeParent, TContext>; - requestCount?: RequestCountResolver, TypeParent, TContext>; + username?: UsernameResolver, TypeParent, TContext>; - statuses?: StatusesResolver; + password?: PasswordResolver, TypeParent, TContext>; } - export type _IdResolver< - R = Maybe, - Parent = NetworkHttpItem, - TContext = SiemContext - > = Resolver; - export type DomainsResolver< - R = string[], - Parent = NetworkHttpItem, - TContext = SiemContext - > = Resolver; - export type LastHostResolver< - R = Maybe, - Parent = NetworkHttpItem, - TContext = SiemContext - > = Resolver; - export type LastSourceIpResolver< - R = Maybe, - Parent = NetworkHttpItem, - TContext = SiemContext - > = Resolver; - export type MethodsResolver< - R = string[], - Parent = NetworkHttpItem, + export type DomainResolver< + R = Maybe, + Parent = UrlEcsFields, TContext = SiemContext > = Resolver; - export type PathResolver< - R = Maybe, - Parent = NetworkHttpItem, + export type OriginalResolver< + R = Maybe, + Parent = UrlEcsFields, TContext = SiemContext > = Resolver; - export type RequestCountResolver< - R = Maybe, - Parent = NetworkHttpItem, + export type UsernameResolver< + R = Maybe, + Parent = UrlEcsFields, TContext = SiemContext > = Resolver; - export type StatusesResolver< - R = string[], - Parent = NetworkHttpItem, + export type PasswordResolver< + R = Maybe, + Parent = UrlEcsFields, TContext = SiemContext > = Resolver; } -export namespace SayMyNameResolvers { - export interface Resolvers { - /** The id of the source */ - appName?: AppNameResolver; - } - - export type AppNameResolver = Resolver< - R, - Parent, - TContext - >; -} - -export namespace TimelineResultResolvers { - export interface Resolvers { - columns?: ColumnsResolver, TypeParent, TContext>; - - created?: CreatedResolver, TypeParent, TContext>; - - createdBy?: CreatedByResolver, TypeParent, TContext>; - - dataProviders?: DataProvidersResolver, TypeParent, TContext>; - - dateRange?: DateRangeResolver, TypeParent, TContext>; - - description?: DescriptionResolver, TypeParent, TContext>; - - eventIdToNoteIds?: EventIdToNoteIdsResolver, TypeParent, TContext>; - - eventType?: EventTypeResolver, TypeParent, TContext>; - - excludedRowRendererIds?: ExcludedRowRendererIdsResolver< - Maybe, - TypeParent, - TContext - >; - - favorite?: FavoriteResolver, TypeParent, TContext>; - - filters?: FiltersResolver, TypeParent, TContext>; - - kqlMode?: KqlModeResolver, TypeParent, TContext>; +export namespace ZeekFileDataResolvers { + export interface Resolvers { + session_ids?: SessionIdsResolver, TypeParent, TContext>; - kqlQuery?: KqlQueryResolver, TypeParent, TContext>; + timedout?: TimedoutResolver, TypeParent, TContext>; - indexNames?: IndexNamesResolver, TypeParent, TContext>; + local_orig?: LocalOrigResolver, TypeParent, TContext>; - notes?: NotesResolver, TypeParent, TContext>; + tx_host?: TxHostResolver, TypeParent, TContext>; - noteIds?: NoteIdsResolver, TypeParent, TContext>; + source?: SourceResolver, TypeParent, TContext>; - pinnedEventIds?: PinnedEventIdsResolver, TypeParent, TContext>; + is_orig?: IsOrigResolver, TypeParent, TContext>; - pinnedEventsSaveObject?: PinnedEventsSaveObjectResolver< - Maybe, - TypeParent, - TContext - >; + overflow_bytes?: OverflowBytesResolver, TypeParent, TContext>; - savedQueryId?: SavedQueryIdResolver, TypeParent, TContext>; + sha1?: Sha1Resolver, TypeParent, TContext>; - savedObjectId?: SavedObjectIdResolver; + duration?: DurationResolver, TypeParent, TContext>; - sort?: SortResolver, TypeParent, TContext>; + depth?: DepthResolver, TypeParent, TContext>; - status?: StatusResolver, TypeParent, TContext>; + analyzers?: AnalyzersResolver, TypeParent, TContext>; - title?: TitleResolver, TypeParent, TContext>; + mime_type?: MimeTypeResolver, TypeParent, TContext>; - templateTimelineId?: TemplateTimelineIdResolver, TypeParent, TContext>; + rx_host?: RxHostResolver, TypeParent, TContext>; - templateTimelineVersion?: TemplateTimelineVersionResolver, TypeParent, TContext>; + total_bytes?: TotalBytesResolver, TypeParent, TContext>; - timelineType?: TimelineTypeResolver, TypeParent, TContext>; + fuid?: FuidResolver, TypeParent, TContext>; - updated?: UpdatedResolver, TypeParent, TContext>; + seen_bytes?: SeenBytesResolver, TypeParent, TContext>; - updatedBy?: UpdatedByResolver, TypeParent, TContext>; + missing_bytes?: MissingBytesResolver, TypeParent, TContext>; - version?: VersionResolver; + md5?: Md5Resolver, TypeParent, TContext>; } - export type ColumnsResolver< - R = Maybe, - Parent = TimelineResult, - TContext = SiemContext - > = Resolver; - export type CreatedResolver< - R = Maybe, - Parent = TimelineResult, - TContext = SiemContext - > = Resolver; - export type CreatedByResolver< - R = Maybe, - Parent = TimelineResult, - TContext = SiemContext - > = Resolver; - export type DataProvidersResolver< - R = Maybe, - Parent = TimelineResult, - TContext = SiemContext - > = Resolver; - export type DateRangeResolver< - R = Maybe, - Parent = TimelineResult, - TContext = SiemContext - > = Resolver; - export type DescriptionResolver< - R = Maybe, - Parent = TimelineResult, - TContext = SiemContext - > = Resolver; - export type EventIdToNoteIdsResolver< - R = Maybe, - Parent = TimelineResult, - TContext = SiemContext - > = Resolver; - export type EventTypeResolver< - R = Maybe, - Parent = TimelineResult, + export type SessionIdsResolver< + R = Maybe, + Parent = ZeekFileData, TContext = SiemContext > = Resolver; - export type ExcludedRowRendererIdsResolver< - R = Maybe, - Parent = TimelineResult, + export type TimedoutResolver< + R = Maybe, + Parent = ZeekFileData, TContext = SiemContext > = Resolver; - export type FavoriteResolver< - R = Maybe, - Parent = TimelineResult, + export type LocalOrigResolver< + R = Maybe, + Parent = ZeekFileData, TContext = SiemContext > = Resolver; - export type FiltersResolver< - R = Maybe, - Parent = TimelineResult, + export type TxHostResolver< + R = Maybe, + Parent = ZeekFileData, TContext = SiemContext > = Resolver; - export type KqlModeResolver< - R = Maybe, - Parent = TimelineResult, + export type SourceResolver< + R = Maybe, + Parent = ZeekFileData, TContext = SiemContext > = Resolver; - export type KqlQueryResolver< - R = Maybe, - Parent = TimelineResult, + export type IsOrigResolver< + R = Maybe, + Parent = ZeekFileData, TContext = SiemContext > = Resolver; - export type IndexNamesResolver< - R = Maybe, - Parent = TimelineResult, + export type OverflowBytesResolver< + R = Maybe, + Parent = ZeekFileData, TContext = SiemContext > = Resolver; - export type NotesResolver< - R = Maybe, - Parent = TimelineResult, + export type Sha1Resolver< + R = Maybe, + Parent = ZeekFileData, TContext = SiemContext > = Resolver; - export type NoteIdsResolver< - R = Maybe, - Parent = TimelineResult, + export type DurationResolver< + R = Maybe, + Parent = ZeekFileData, TContext = SiemContext > = Resolver; - export type PinnedEventIdsResolver< - R = Maybe, - Parent = TimelineResult, + export type DepthResolver< + R = Maybe, + Parent = ZeekFileData, TContext = SiemContext > = Resolver; - export type PinnedEventsSaveObjectResolver< - R = Maybe, - Parent = TimelineResult, + export type AnalyzersResolver< + R = Maybe, + Parent = ZeekFileData, TContext = SiemContext > = Resolver; - export type SavedQueryIdResolver< - R = Maybe, - Parent = TimelineResult, + export type MimeTypeResolver< + R = Maybe, + Parent = ZeekFileData, TContext = SiemContext > = Resolver; - export type SavedObjectIdResolver< - R = string, - Parent = TimelineResult, + export type RxHostResolver< + R = Maybe, + Parent = ZeekFileData, TContext = SiemContext > = Resolver; - export type SortResolver< - R = Maybe, - Parent = TimelineResult, + export type TotalBytesResolver< + R = Maybe, + Parent = ZeekFileData, TContext = SiemContext > = Resolver; - export type StatusResolver< - R = Maybe, - Parent = TimelineResult, + export type FuidResolver< + R = Maybe, + Parent = ZeekFileData, TContext = SiemContext > = Resolver; - export type TitleResolver< - R = Maybe, - Parent = TimelineResult, + export type SeenBytesResolver< + R = Maybe, + Parent = ZeekFileData, TContext = SiemContext > = Resolver; - export type TemplateTimelineIdResolver< - R = Maybe, - Parent = TimelineResult, + export type MissingBytesResolver< + R = Maybe, + Parent = ZeekFileData, TContext = SiemContext > = Resolver; - export type TemplateTimelineVersionResolver< - R = Maybe, - Parent = TimelineResult, + export type Md5Resolver< + R = Maybe, + Parent = ZeekFileData, TContext = SiemContext > = Resolver; - export type TimelineTypeResolver< - R = Maybe, - Parent = TimelineResult, +} + +export namespace ZeekSslDataResolvers { + export interface Resolvers { + cipher?: CipherResolver, TypeParent, TContext>; + + established?: EstablishedResolver, TypeParent, TContext>; + + resumed?: ResumedResolver, TypeParent, TContext>; + + version?: VersionResolver, TypeParent, TContext>; + } + + export type CipherResolver< + R = Maybe, + Parent = ZeekSslData, TContext = SiemContext > = Resolver; - export type UpdatedResolver< - R = Maybe, - Parent = TimelineResult, + export type EstablishedResolver< + R = Maybe, + Parent = ZeekSslData, TContext = SiemContext > = Resolver; - export type UpdatedByResolver< - R = Maybe, - Parent = TimelineResult, + export type ResumedResolver< + R = Maybe, + Parent = ZeekSslData, TContext = SiemContext > = Resolver; export type VersionResolver< - R = string, - Parent = TimelineResult, + R = Maybe, + Parent = ZeekSslData, TContext = SiemContext > = Resolver; } -export namespace ColumnHeaderResultResolvers { - export interface Resolvers { - aggregatable?: AggregatableResolver, TypeParent, TContext>; - - category?: CategoryResolver, TypeParent, TContext>; - - columnHeaderType?: ColumnHeaderTypeResolver, TypeParent, TContext>; - - description?: DescriptionResolver, TypeParent, TContext>; - - example?: ExampleResolver, TypeParent, TContext>; +export namespace ZeekEcsFieldsResolvers { + export interface Resolvers { + session_id?: SessionIdResolver, TypeParent, TContext>; - indexes?: IndexesResolver, TypeParent, TContext>; + connection?: ConnectionResolver, TypeParent, TContext>; - id?: IdResolver, TypeParent, TContext>; + notice?: NoticeResolver, TypeParent, TContext>; - name?: NameResolver, TypeParent, TContext>; + dns?: DnsResolver, TypeParent, TContext>; - placeholder?: PlaceholderResolver, TypeParent, TContext>; + http?: HttpResolver, TypeParent, TContext>; - searchable?: SearchableResolver, TypeParent, TContext>; + files?: FilesResolver, TypeParent, TContext>; - type?: TypeResolver, TypeParent, TContext>; + ssl?: SslResolver, TypeParent, TContext>; } - export type AggregatableResolver< - R = Maybe, - Parent = ColumnHeaderResult, + export type SessionIdResolver< + R = Maybe, + Parent = ZeekEcsFields, TContext = SiemContext > = Resolver; - export type CategoryResolver< - R = Maybe, - Parent = ColumnHeaderResult, + export type ConnectionResolver< + R = Maybe, + Parent = ZeekEcsFields, TContext = SiemContext > = Resolver; - export type ColumnHeaderTypeResolver< - R = Maybe, - Parent = ColumnHeaderResult, + export type NoticeResolver< + R = Maybe, + Parent = ZeekEcsFields, TContext = SiemContext > = Resolver; - export type DescriptionResolver< - R = Maybe, - Parent = ColumnHeaderResult, + export type DnsResolver< + R = Maybe, + Parent = ZeekEcsFields, TContext = SiemContext > = Resolver; - export type ExampleResolver< - R = Maybe, - Parent = ColumnHeaderResult, + export type HttpResolver< + R = Maybe, + Parent = ZeekEcsFields, TContext = SiemContext > = Resolver; - export type IndexesResolver< - R = Maybe, - Parent = ColumnHeaderResult, + export type FilesResolver< + R = Maybe, + Parent = ZeekEcsFields, + TContext = SiemContext + > = Resolver; + export type SslResolver< + R = Maybe, + Parent = ZeekEcsFields, + TContext = SiemContext + > = Resolver; +} + +export namespace UserEcsFieldsResolvers { + export interface Resolvers { + domain?: DomainResolver, TypeParent, TContext>; + + id?: IdResolver, TypeParent, TContext>; + + name?: NameResolver, TypeParent, TContext>; + + full_name?: FullNameResolver, TypeParent, TContext>; + + email?: EmailResolver, TypeParent, TContext>; + + hash?: HashResolver, TypeParent, TContext>; + + group?: GroupResolver, TypeParent, TContext>; + } + + export type DomainResolver< + R = Maybe, + Parent = UserEcsFields, TContext = SiemContext > = Resolver; export type IdResolver< - R = Maybe, - Parent = ColumnHeaderResult, + R = Maybe, + Parent = UserEcsFields, TContext = SiemContext > = Resolver; export type NameResolver< - R = Maybe, - Parent = ColumnHeaderResult, + R = Maybe, + Parent = UserEcsFields, TContext = SiemContext > = Resolver; - export type PlaceholderResolver< - R = Maybe, - Parent = ColumnHeaderResult, + export type FullNameResolver< + R = Maybe, + Parent = UserEcsFields, TContext = SiemContext > = Resolver; - export type SearchableResolver< - R = Maybe, - Parent = ColumnHeaderResult, + export type EmailResolver< + R = Maybe, + Parent = UserEcsFields, TContext = SiemContext > = Resolver; - export type TypeResolver< - R = Maybe, - Parent = ColumnHeaderResult, + export type HashResolver< + R = Maybe, + Parent = UserEcsFields, + TContext = SiemContext + > = Resolver; + export type GroupResolver< + R = Maybe, + Parent = UserEcsFields, TContext = SiemContext > = Resolver; } -export namespace DataProviderResultResolvers { - export interface Resolvers { - id?: IdResolver, TypeParent, TContext>; +export namespace WinlogEcsFieldsResolvers { + export interface Resolvers { + event_id?: EventIdResolver, TypeParent, TContext>; + } - name?: NameResolver, TypeParent, TContext>; + export type EventIdResolver< + R = Maybe, + Parent = WinlogEcsFields, + TContext = SiemContext + > = Resolver; +} - enabled?: EnabledResolver, TypeParent, TContext>; +export namespace NetworkEcsFieldResolvers { + export interface Resolvers { + bytes?: BytesResolver, TypeParent, TContext>; - excluded?: ExcludedResolver, TypeParent, TContext>; + community_id?: CommunityIdResolver, TypeParent, TContext>; - kqlQuery?: KqlQueryResolver, TypeParent, TContext>; + direction?: DirectionResolver, TypeParent, TContext>; - queryMatch?: QueryMatchResolver, TypeParent, TContext>; + packets?: PacketsResolver, TypeParent, TContext>; - type?: TypeResolver, TypeParent, TContext>; + protocol?: ProtocolResolver, TypeParent, TContext>; - and?: AndResolver, TypeParent, TContext>; + transport?: TransportResolver, TypeParent, TContext>; } - export type IdResolver< - R = Maybe, - Parent = DataProviderResult, - TContext = SiemContext - > = Resolver; - export type NameResolver< - R = Maybe, - Parent = DataProviderResult, - TContext = SiemContext - > = Resolver; - export type EnabledResolver< - R = Maybe, - Parent = DataProviderResult, + export type BytesResolver< + R = Maybe, + Parent = NetworkEcsField, TContext = SiemContext > = Resolver; - export type ExcludedResolver< - R = Maybe, - Parent = DataProviderResult, + export type CommunityIdResolver< + R = Maybe, + Parent = NetworkEcsField, TContext = SiemContext > = Resolver; - export type KqlQueryResolver< - R = Maybe, - Parent = DataProviderResult, + export type DirectionResolver< + R = Maybe, + Parent = NetworkEcsField, TContext = SiemContext > = Resolver; - export type QueryMatchResolver< - R = Maybe, - Parent = DataProviderResult, + export type PacketsResolver< + R = Maybe, + Parent = NetworkEcsField, TContext = SiemContext > = Resolver; - export type TypeResolver< - R = Maybe, - Parent = DataProviderResult, + export type ProtocolResolver< + R = Maybe, + Parent = NetworkEcsField, TContext = SiemContext > = Resolver; - export type AndResolver< - R = Maybe, - Parent = DataProviderResult, + export type TransportResolver< + R = Maybe, + Parent = NetworkEcsField, TContext = SiemContext > = Resolver; } -export namespace QueryMatchResultResolvers { - export interface Resolvers { - field?: FieldResolver, TypeParent, TContext>; +export namespace PackageEcsFieldsResolvers { + export interface Resolvers { + arch?: ArchResolver, TypeParent, TContext>; - displayField?: DisplayFieldResolver, TypeParent, TContext>; + entity_id?: EntityIdResolver, TypeParent, TContext>; - value?: ValueResolver, TypeParent, TContext>; + name?: NameResolver, TypeParent, TContext>; - displayValue?: DisplayValueResolver, TypeParent, TContext>; + size?: SizeResolver, TypeParent, TContext>; - operator?: OperatorResolver, TypeParent, TContext>; + summary?: SummaryResolver, TypeParent, TContext>; + + version?: VersionResolver, TypeParent, TContext>; } - export type FieldResolver< - R = Maybe, - Parent = QueryMatchResult, + export type ArchResolver< + R = Maybe, + Parent = PackageEcsFields, TContext = SiemContext > = Resolver; - export type DisplayFieldResolver< - R = Maybe, - Parent = QueryMatchResult, + export type EntityIdResolver< + R = Maybe, + Parent = PackageEcsFields, TContext = SiemContext > = Resolver; - export type ValueResolver< - R = Maybe, - Parent = QueryMatchResult, + export type NameResolver< + R = Maybe, + Parent = PackageEcsFields, TContext = SiemContext > = Resolver; - export type DisplayValueResolver< - R = Maybe, - Parent = QueryMatchResult, + export type SizeResolver< + R = Maybe, + Parent = PackageEcsFields, TContext = SiemContext > = Resolver; - export type OperatorResolver< - R = Maybe, - Parent = QueryMatchResult, + export type SummaryResolver< + R = Maybe, + Parent = PackageEcsFields, + TContext = SiemContext + > = Resolver; + export type VersionResolver< + R = Maybe, + Parent = PackageEcsFields, TContext = SiemContext > = Resolver; } -export namespace DateRangePickerResultResolvers { - export interface Resolvers { - start?: StartResolver, TypeParent, TContext>; +export namespace AuditEcsFieldsResolvers { + export interface Resolvers { + package?: PackageResolver, TypeParent, TContext>; + } - end?: EndResolver, TypeParent, TContext>; + export type PackageResolver< + R = Maybe, + Parent = AuditEcsFields, + TContext = SiemContext + > = Resolver; +} + +export namespace SshEcsFieldsResolvers { + export interface Resolvers { + method?: MethodResolver, TypeParent, TContext>; + + signature?: SignatureResolver, TypeParent, TContext>; } - export type StartResolver< - R = Maybe, - Parent = DateRangePickerResult, + export type MethodResolver< + R = Maybe, + Parent = SshEcsFields, TContext = SiemContext > = Resolver; - export type EndResolver< - R = Maybe, - Parent = DateRangePickerResult, + export type SignatureResolver< + R = Maybe, + Parent = SshEcsFields, TContext = SiemContext > = Resolver; } -export namespace FavoriteTimelineResultResolvers { - export interface Resolvers { - fullName?: FullNameResolver, TypeParent, TContext>; - - userName?: UserNameResolver, TypeParent, TContext>; - - favoriteDate?: FavoriteDateResolver, TypeParent, TContext>; +export namespace AuthEcsFieldsResolvers { + export interface Resolvers { + ssh?: SshResolver, TypeParent, TContext>; } - export type FullNameResolver< - R = Maybe, - Parent = FavoriteTimelineResult, + export type SshResolver< + R = Maybe, + Parent = AuthEcsFields, TContext = SiemContext > = Resolver; - export type UserNameResolver< - R = Maybe, - Parent = FavoriteTimelineResult, +} + +export namespace SystemEcsFieldResolvers { + export interface Resolvers { + audit?: AuditResolver, TypeParent, TContext>; + + auth?: AuthResolver, TypeParent, TContext>; + } + + export type AuditResolver< + R = Maybe, + Parent = SystemEcsField, TContext = SiemContext > = Resolver; - export type FavoriteDateResolver< - R = Maybe, - Parent = FavoriteTimelineResult, + export type AuthResolver< + R = Maybe, + Parent = SystemEcsField, TContext = SiemContext > = Resolver; } -export namespace FilterTimelineResultResolvers { - export interface Resolvers { - exists?: ExistsResolver, TypeParent, TContext>; +export namespace RuleFieldResolvers { + export interface Resolvers { + id?: IdResolver, TypeParent, TContext>; - meta?: MetaResolver, TypeParent, TContext>; + rule_id?: RuleIdResolver, TypeParent, TContext>; - match_all?: MatchAllResolver, TypeParent, TContext>; + false_positives?: FalsePositivesResolver; - missing?: MissingResolver, TypeParent, TContext>; + saved_id?: SavedIdResolver, TypeParent, TContext>; - query?: QueryResolver, TypeParent, TContext>; + timeline_id?: TimelineIdResolver, TypeParent, TContext>; - range?: RangeResolver, TypeParent, TContext>; + timeline_title?: TimelineTitleResolver, TypeParent, TContext>; - script?: ScriptResolver, TypeParent, TContext>; + max_signals?: MaxSignalsResolver, TypeParent, TContext>; + + risk_score?: RiskScoreResolver, TypeParent, TContext>; + + output_index?: OutputIndexResolver, TypeParent, TContext>; + + description?: DescriptionResolver, TypeParent, TContext>; + + from?: FromResolver, TypeParent, TContext>; + + immutable?: ImmutableResolver, TypeParent, TContext>; + + index?: IndexResolver, TypeParent, TContext>; + + interval?: IntervalResolver, TypeParent, TContext>; + + language?: LanguageResolver, TypeParent, TContext>; + + query?: QueryResolver, TypeParent, TContext>; + + references?: ReferencesResolver, TypeParent, TContext>; + + severity?: SeverityResolver, TypeParent, TContext>; + + tags?: TagsResolver, TypeParent, TContext>; + + threat?: ThreatResolver, TypeParent, TContext>; + + type?: TypeResolver, TypeParent, TContext>; + + size?: SizeResolver, TypeParent, TContext>; + + to?: ToResolver, TypeParent, TContext>; + + enabled?: EnabledResolver, TypeParent, TContext>; + + filters?: FiltersResolver, TypeParent, TContext>; + + created_at?: CreatedAtResolver, TypeParent, TContext>; + + updated_at?: UpdatedAtResolver, TypeParent, TContext>; + + created_by?: CreatedByResolver, TypeParent, TContext>; + + updated_by?: UpdatedByResolver, TypeParent, TContext>; + + version?: VersionResolver, TypeParent, TContext>; + + note?: NoteResolver, TypeParent, TContext>; + + threshold?: ThresholdResolver, TypeParent, TContext>; + + exceptions_list?: ExceptionsListResolver, TypeParent, TContext>; } - export type ExistsResolver< - R = Maybe, - Parent = FilterTimelineResult, + export type IdResolver< + R = Maybe, + Parent = RuleField, TContext = SiemContext > = Resolver; - export type MetaResolver< - R = Maybe, - Parent = FilterTimelineResult, + export type RuleIdResolver< + R = Maybe, + Parent = RuleField, + TContext = SiemContext + > = Resolver; + export type FalsePositivesResolver< + R = string[], + Parent = RuleField, + TContext = SiemContext + > = Resolver; + export type SavedIdResolver< + R = Maybe, + Parent = RuleField, + TContext = SiemContext + > = Resolver; + export type TimelineIdResolver< + R = Maybe, + Parent = RuleField, + TContext = SiemContext + > = Resolver; + export type TimelineTitleResolver< + R = Maybe, + Parent = RuleField, + TContext = SiemContext + > = Resolver; + export type MaxSignalsResolver< + R = Maybe, + Parent = RuleField, + TContext = SiemContext + > = Resolver; + export type RiskScoreResolver< + R = Maybe, + Parent = RuleField, + TContext = SiemContext + > = Resolver; + export type OutputIndexResolver< + R = Maybe, + Parent = RuleField, TContext = SiemContext > = Resolver; - export type MatchAllResolver< - R = Maybe, - Parent = FilterTimelineResult, + export type DescriptionResolver< + R = Maybe, + Parent = RuleField, TContext = SiemContext > = Resolver; - export type MissingResolver< - R = Maybe, - Parent = FilterTimelineResult, + export type FromResolver< + R = Maybe, + Parent = RuleField, TContext = SiemContext > = Resolver; - export type QueryResolver< - R = Maybe, - Parent = FilterTimelineResult, + export type ImmutableResolver< + R = Maybe, + Parent = RuleField, TContext = SiemContext > = Resolver; - export type RangeResolver< - R = Maybe, - Parent = FilterTimelineResult, + export type IndexResolver< + R = Maybe, + Parent = RuleField, TContext = SiemContext > = Resolver; - export type ScriptResolver< - R = Maybe, - Parent = FilterTimelineResult, + export type IntervalResolver< + R = Maybe, + Parent = RuleField, TContext = SiemContext > = Resolver; -} - -export namespace FilterMetaTimelineResultResolvers { - export interface Resolvers { - alias?: AliasResolver, TypeParent, TContext>; - - controlledBy?: ControlledByResolver, TypeParent, TContext>; - - disabled?: DisabledResolver, TypeParent, TContext>; - - field?: FieldResolver, TypeParent, TContext>; - - formattedValue?: FormattedValueResolver, TypeParent, TContext>; - - index?: IndexResolver, TypeParent, TContext>; - - key?: KeyResolver, TypeParent, TContext>; - - negate?: NegateResolver, TypeParent, TContext>; - - params?: ParamsResolver, TypeParent, TContext>; - - type?: TypeResolver, TypeParent, TContext>; - - value?: ValueResolver, TypeParent, TContext>; - } - - export type AliasResolver< - R = Maybe, - Parent = FilterMetaTimelineResult, + export type LanguageResolver< + R = Maybe, + Parent = RuleField, TContext = SiemContext > = Resolver; - export type ControlledByResolver< - R = Maybe, - Parent = FilterMetaTimelineResult, + export type QueryResolver< + R = Maybe, + Parent = RuleField, TContext = SiemContext > = Resolver; - export type DisabledResolver< - R = Maybe, - Parent = FilterMetaTimelineResult, + export type ReferencesResolver< + R = Maybe, + Parent = RuleField, TContext = SiemContext > = Resolver; - export type FieldResolver< - R = Maybe, - Parent = FilterMetaTimelineResult, + export type SeverityResolver< + R = Maybe, + Parent = RuleField, TContext = SiemContext > = Resolver; - export type FormattedValueResolver< - R = Maybe, - Parent = FilterMetaTimelineResult, + export type TagsResolver< + R = Maybe, + Parent = RuleField, TContext = SiemContext > = Resolver; - export type IndexResolver< - R = Maybe, - Parent = FilterMetaTimelineResult, + export type ThreatResolver< + R = Maybe, + Parent = RuleField, TContext = SiemContext > = Resolver; - export type KeyResolver< - R = Maybe, - Parent = FilterMetaTimelineResult, + export type TypeResolver< + R = Maybe, + Parent = RuleField, TContext = SiemContext > = Resolver; - export type NegateResolver< - R = Maybe, - Parent = FilterMetaTimelineResult, + export type SizeResolver< + R = Maybe, + Parent = RuleField, TContext = SiemContext > = Resolver; - export type ParamsResolver< - R = Maybe, - Parent = FilterMetaTimelineResult, + export type ToResolver< + R = Maybe, + Parent = RuleField, TContext = SiemContext > = Resolver; - export type TypeResolver< - R = Maybe, - Parent = FilterMetaTimelineResult, + export type EnabledResolver< + R = Maybe, + Parent = RuleField, TContext = SiemContext > = Resolver; - export type ValueResolver< - R = Maybe, - Parent = FilterMetaTimelineResult, + export type FiltersResolver< + R = Maybe, + Parent = RuleField, TContext = SiemContext > = Resolver; -} - -export namespace SerializedFilterQueryResultResolvers { - export interface Resolvers { - filterQuery?: FilterQueryResolver, TypeParent, TContext>; - } - - export type FilterQueryResolver< - R = Maybe, - Parent = SerializedFilterQueryResult, + export type CreatedAtResolver< + R = Maybe, + Parent = RuleField, TContext = SiemContext > = Resolver; -} - -export namespace SerializedKueryQueryResultResolvers { - export interface Resolvers { - kuery?: KueryResolver, TypeParent, TContext>; - - serializedQuery?: SerializedQueryResolver, TypeParent, TContext>; - } - - export type KueryResolver< - R = Maybe, - Parent = SerializedKueryQueryResult, + export type UpdatedAtResolver< + R = Maybe, + Parent = RuleField, TContext = SiemContext > = Resolver; - export type SerializedQueryResolver< - R = Maybe, - Parent = SerializedKueryQueryResult, + export type CreatedByResolver< + R = Maybe, + Parent = RuleField, TContext = SiemContext > = Resolver; -} - -export namespace KueryFilterQueryResultResolvers { - export interface Resolvers { - kind?: KindResolver, TypeParent, TContext>; - - expression?: ExpressionResolver, TypeParent, TContext>; - } - - export type KindResolver< - R = Maybe, - Parent = KueryFilterQueryResult, + export type UpdatedByResolver< + R = Maybe, + Parent = RuleField, TContext = SiemContext > = Resolver; - export type ExpressionResolver< - R = Maybe, - Parent = KueryFilterQueryResult, + export type VersionResolver< + R = Maybe, + Parent = RuleField, TContext = SiemContext > = Resolver; -} - -export namespace SortTimelineResultResolvers { - export interface Resolvers { - columnId?: ColumnIdResolver, TypeParent, TContext>; - - sortDirection?: SortDirectionResolver, TypeParent, TContext>; - } - - export type ColumnIdResolver< - R = Maybe, - Parent = SortTimelineResult, + export type NoteResolver< + R = Maybe, + Parent = RuleField, TContext = SiemContext > = Resolver; - export type SortDirectionResolver< - R = Maybe, - Parent = SortTimelineResult, + export type ThresholdResolver< + R = Maybe, + Parent = RuleField, + TContext = SiemContext + > = Resolver; + export type ExceptionsListResolver< + R = Maybe, + Parent = RuleField, TContext = SiemContext > = Resolver; } -export namespace ResponseTimelinesResolvers { - export interface Resolvers { - timeline?: TimelineResolver<(Maybe)[], TypeParent, TContext>; - - totalCount?: TotalCountResolver, TypeParent, TContext>; - - defaultTimelineCount?: DefaultTimelineCountResolver, TypeParent, TContext>; - - templateTimelineCount?: TemplateTimelineCountResolver, TypeParent, TContext>; - - elasticTemplateTimelineCount?: ElasticTemplateTimelineCountResolver< - Maybe, - TypeParent, - TContext - >; +export namespace SignalFieldResolvers { + export interface Resolvers { + rule?: RuleResolver, TypeParent, TContext>; - customTemplateTimelineCount?: CustomTemplateTimelineCountResolver< - Maybe, - TypeParent, - TContext - >; + original_time?: OriginalTimeResolver, TypeParent, TContext>; - favoriteCount?: FavoriteCountResolver, TypeParent, TContext>; + status?: StatusResolver, TypeParent, TContext>; } - export type TimelineResolver< - R = (Maybe)[], - Parent = ResponseTimelines, - TContext = SiemContext - > = Resolver; - export type TotalCountResolver< - R = Maybe, - Parent = ResponseTimelines, - TContext = SiemContext - > = Resolver; - export type DefaultTimelineCountResolver< - R = Maybe, - Parent = ResponseTimelines, - TContext = SiemContext - > = Resolver; - export type TemplateTimelineCountResolver< - R = Maybe, - Parent = ResponseTimelines, + export type RuleResolver< + R = Maybe, + Parent = SignalField, TContext = SiemContext > = Resolver; - export type ElasticTemplateTimelineCountResolver< - R = Maybe, - Parent = ResponseTimelines, + export type OriginalTimeResolver< + R = Maybe, + Parent = SignalField, TContext = SiemContext > = Resolver; - export type CustomTemplateTimelineCountResolver< - R = Maybe, - Parent = ResponseTimelines, + export type StatusResolver< + R = Maybe, + Parent = SignalField, TContext = SiemContext > = Resolver; - export type FavoriteCountResolver< - R = Maybe, - Parent = ResponseTimelines, +} + +export namespace RuleEcsFieldResolvers { + export interface Resolvers { + reference?: ReferenceResolver, TypeParent, TContext>; + } + + export type ReferenceResolver< + R = Maybe, + Parent = RuleEcsField, TContext = SiemContext > = Resolver; } -export namespace MutationResolvers { - export interface Resolvers { - /** Persists a note */ - persistNote?: PersistNoteResolver; +export namespace EcsResolvers { + export interface Resolvers { + _id?: _IdResolver; - deleteNote?: DeleteNoteResolver, TypeParent, TContext>; + _index?: _IndexResolver, TypeParent, TContext>; - deleteNoteByTimelineId?: DeleteNoteByTimelineIdResolver, TypeParent, TContext>; - /** Persists a pinned event in a timeline */ - persistPinnedEventOnTimeline?: PersistPinnedEventOnTimelineResolver< - Maybe, - TypeParent, - TContext - >; - /** Remove a pinned events in a timeline */ - deletePinnedEventOnTimeline?: DeletePinnedEventOnTimelineResolver< - boolean, - TypeParent, - TContext - >; - /** Remove all pinned events in a timeline */ - deleteAllPinnedEventsOnTimeline?: DeleteAllPinnedEventsOnTimelineResolver< - boolean, - TypeParent, - TContext - >; - /** Persists a timeline */ - persistTimeline?: PersistTimelineResolver; + agent?: AgentResolver, TypeParent, TContext>; - persistFavorite?: PersistFavoriteResolver; + auditd?: AuditdResolver, TypeParent, TContext>; - deleteTimeline?: DeleteTimelineResolver; - } + destination?: DestinationResolver, TypeParent, TContext>; - export type PersistNoteResolver = Resolver< - R, - Parent, - TContext, - PersistNoteArgs - >; - export interface PersistNoteArgs { - noteId?: Maybe; + dns?: DnsResolver, TypeParent, TContext>; - version?: Maybe; + endgame?: EndgameResolver, TypeParent, TContext>; - note: NoteInput; - } + event?: EventResolver, TypeParent, TContext>; - export type DeleteNoteResolver< - R = Maybe, - Parent = {}, - TContext = SiemContext - > = Resolver; - export interface DeleteNoteArgs { - id: string[]; - } + geo?: GeoResolver, TypeParent, TContext>; - export type DeleteNoteByTimelineIdResolver< - R = Maybe, - Parent = {}, - TContext = SiemContext - > = Resolver; - export interface DeleteNoteByTimelineIdArgs { - timelineId: string; + host?: HostResolver, TypeParent, TContext>; - version?: Maybe; - } + network?: NetworkResolver, TypeParent, TContext>; - export type PersistPinnedEventOnTimelineResolver< - R = Maybe, - Parent = {}, - TContext = SiemContext - > = Resolver; - export interface PersistPinnedEventOnTimelineArgs { - pinnedEventId?: Maybe; + rule?: RuleResolver, TypeParent, TContext>; - eventId: string; + signal?: SignalResolver, TypeParent, TContext>; - timelineId?: Maybe; - } + source?: SourceResolver, TypeParent, TContext>; - export type DeletePinnedEventOnTimelineResolver< - R = boolean, - Parent = {}, - TContext = SiemContext - > = Resolver; - export interface DeletePinnedEventOnTimelineArgs { - id: string[]; - } + suricata?: SuricataResolver, TypeParent, TContext>; - export type DeleteAllPinnedEventsOnTimelineResolver< - R = boolean, - Parent = {}, - TContext = SiemContext - > = Resolver; - export interface DeleteAllPinnedEventsOnTimelineArgs { - timelineId: string; - } + tls?: TlsResolver, TypeParent, TContext>; - export type PersistTimelineResolver< - R = ResponseTimeline, - Parent = {}, - TContext = SiemContext - > = Resolver; - export interface PersistTimelineArgs { - id?: Maybe; + zeek?: ZeekResolver, TypeParent, TContext>; - version?: Maybe; + http?: HttpResolver, TypeParent, TContext>; - timeline: TimelineInput; - } + url?: UrlResolver, TypeParent, TContext>; - export type PersistFavoriteResolver< - R = ResponseFavoriteTimeline, - Parent = {}, - TContext = SiemContext - > = Resolver; - export interface PersistFavoriteArgs { - timelineId?: Maybe; - } + timestamp?: TimestampResolver, TypeParent, TContext>; - export type DeleteTimelineResolver = Resolver< - R, - Parent, - TContext, - DeleteTimelineArgs - >; - export interface DeleteTimelineArgs { - id: string[]; - } -} + message?: MessageResolver, TypeParent, TContext>; -export namespace ResponseNoteResolvers { - export interface Resolvers { - code?: CodeResolver, TypeParent, TContext>; + user?: UserResolver, TypeParent, TContext>; - message?: MessageResolver, TypeParent, TContext>; + winlog?: WinlogResolver, TypeParent, TContext>; - note?: NoteResolver; + process?: ProcessResolver, TypeParent, TContext>; + + file?: FileResolver, TypeParent, TContext>; + + system?: SystemResolver, TypeParent, TContext>; } - export type CodeResolver< - R = Maybe, - Parent = ResponseNote, + export type _IdResolver = Resolver< + R, + Parent, + TContext + >; + export type _IndexResolver, Parent = Ecs, TContext = SiemContext> = Resolver< + R, + Parent, + TContext + >; + export type AgentResolver< + R = Maybe, + Parent = Ecs, TContext = SiemContext > = Resolver; - export type MessageResolver< - R = Maybe, - Parent = ResponseNote, + export type AuditdResolver< + R = Maybe, + Parent = Ecs, TContext = SiemContext > = Resolver; - export type NoteResolver< - R = NoteResult, - Parent = ResponseNote, + export type DestinationResolver< + R = Maybe, + Parent = Ecs, TContext = SiemContext > = Resolver; -} - -export namespace ResponseTimelineResolvers { - export interface Resolvers { - code?: CodeResolver, TypeParent, TContext>; - - message?: MessageResolver, TypeParent, TContext>; - - timeline?: TimelineResolver; - } - - export type CodeResolver< - R = Maybe, - Parent = ResponseTimeline, + export type DnsResolver, Parent = Ecs, TContext = SiemContext> = Resolver< + R, + Parent, + TContext + >; + export type EndgameResolver< + R = Maybe, + Parent = Ecs, + TContext = SiemContext + > = Resolver; + export type EventResolver< + R = Maybe, + Parent = Ecs, + TContext = SiemContext + > = Resolver; + export type GeoResolver, Parent = Ecs, TContext = SiemContext> = Resolver< + R, + Parent, + TContext + >; + export type HostResolver< + R = Maybe, + Parent = Ecs, + TContext = SiemContext + > = Resolver; + export type NetworkResolver< + R = Maybe, + Parent = Ecs, + TContext = SiemContext + > = Resolver; + export type RuleResolver< + R = Maybe, + Parent = Ecs, + TContext = SiemContext + > = Resolver; + export type SignalResolver< + R = Maybe, + Parent = Ecs, + TContext = SiemContext + > = Resolver; + export type SourceResolver< + R = Maybe, + Parent = Ecs, + TContext = SiemContext + > = Resolver; + export type SuricataResolver< + R = Maybe, + Parent = Ecs, TContext = SiemContext > = Resolver; - export type MessageResolver< - R = Maybe, - Parent = ResponseTimeline, + export type TlsResolver, Parent = Ecs, TContext = SiemContext> = Resolver< + R, + Parent, + TContext + >; + export type ZeekResolver< + R = Maybe, + Parent = Ecs, TContext = SiemContext > = Resolver; - export type TimelineResolver< - R = TimelineResult, - Parent = ResponseTimeline, + export type HttpResolver< + R = Maybe, + Parent = Ecs, TContext = SiemContext > = Resolver; -} - -export namespace ResponseFavoriteTimelineResolvers { - export interface Resolvers { - code?: CodeResolver, TypeParent, TContext>; - - message?: MessageResolver, TypeParent, TContext>; - - savedObjectId?: SavedObjectIdResolver; - - version?: VersionResolver; - - favorite?: FavoriteResolver, TypeParent, TContext>; - } - - export type CodeResolver< - R = Maybe, - Parent = ResponseFavoriteTimeline, + export type UrlResolver, Parent = Ecs, TContext = SiemContext> = Resolver< + R, + Parent, + TContext + >; + export type TimestampResolver, Parent = Ecs, TContext = SiemContext> = Resolver< + R, + Parent, + TContext + >; + export type MessageResolver< + R = Maybe, + Parent = Ecs, TContext = SiemContext > = Resolver; - export type MessageResolver< - R = Maybe, - Parent = ResponseFavoriteTimeline, + export type UserResolver< + R = Maybe, + Parent = Ecs, TContext = SiemContext > = Resolver; - export type SavedObjectIdResolver< - R = string, - Parent = ResponseFavoriteTimeline, + export type WinlogResolver< + R = Maybe, + Parent = Ecs, TContext = SiemContext > = Resolver; - export type VersionResolver< - R = string, - Parent = ResponseFavoriteTimeline, + export type ProcessResolver< + R = Maybe, + Parent = Ecs, TContext = SiemContext > = Resolver; - export type FavoriteResolver< - R = Maybe, - Parent = ResponseFavoriteTimeline, + export type FileResolver, Parent = Ecs, TContext = SiemContext> = Resolver< + R, + Parent, + TContext + >; + export type SystemResolver< + R = Maybe, + Parent = Ecs, TContext = SiemContext > = Resolver; } @@ -8064,39 +5764,6 @@ export namespace EcsEdgesResolvers { >; } -export namespace EventsTimelineDataResolvers { - export interface Resolvers { - edges?: EdgesResolver; - - totalCount?: TotalCountResolver; - - pageInfo?: PageInfoResolver; - - inspect?: InspectResolver, TypeParent, TContext>; - } - - export type EdgesResolver< - R = EcsEdges[], - Parent = EventsTimelineData, - TContext = SiemContext - > = Resolver; - export type TotalCountResolver< - R = number, - Parent = EventsTimelineData, - TContext = SiemContext - > = Resolver; - export type PageInfoResolver< - R = PageInfo, - Parent = EventsTimelineData, - TContext = SiemContext - > = Resolver; - export type InspectResolver< - R = Maybe, - Parent = EventsTimelineData, - TContext = SiemContext - > = Resolver; -} - export namespace OsFieldsResolvers { export interface Resolvers { platform?: PlatformResolver, TypeParent, TContext>; @@ -8281,6 +5948,25 @@ export namespace IndexFieldResolvers { > = Resolver; } +export namespace PageInfoResolvers { + export interface Resolvers { + endCursor?: EndCursorResolver, TypeParent, TContext>; + + hasNextPage?: HasNextPageResolver, TypeParent, TContext>; + } + + export type EndCursorResolver< + R = Maybe, + Parent = PageInfo, + TContext = SiemContext + > = Resolver; + export type HasNextPageResolver< + R = Maybe, + Parent = PageInfo, + TContext = SiemContext + > = Resolver; +} + /** Directs the executor to skip this field or fragment when the `if` argument is true. */ export type SkipDirectiveResolver = DirectiveResolverFn< Result, @@ -8320,25 +6006,22 @@ export interface ToStringArrayScalarConfig extends GraphQLScalarTypeConfig { name: 'Date'; } -export interface ToNumberArrayScalarConfig extends GraphQLScalarTypeConfig { - name: 'ToNumberArray'; -} -export interface ToDateArrayScalarConfig extends GraphQLScalarTypeConfig { - name: 'ToDateArray'; -} -export interface ToBooleanArrayScalarConfig extends GraphQLScalarTypeConfig { - name: 'ToBooleanArray'; -} export interface ToAnyScalarConfig extends GraphQLScalarTypeConfig { name: 'ToAny'; } -export interface EsValueScalarConfig extends GraphQLScalarTypeConfig { - name: 'EsValue'; -} export interface ToStringArrayNoNullableScalarConfig extends GraphQLScalarTypeConfig { name: 'ToStringArrayNoNullable'; } +export interface ToDateArrayScalarConfig extends GraphQLScalarTypeConfig { + name: 'ToDateArray'; +} +export interface ToNumberArrayScalarConfig extends GraphQLScalarTypeConfig { + name: 'ToNumberArray'; +} +export interface ToBooleanArrayScalarConfig extends GraphQLScalarTypeConfig { + name: 'ToBooleanArray'; +} export interface ToIFieldSubTypeNonNullableScalarConfig extends GraphQLScalarTypeConfig { name: 'ToIFieldSubTypeNonNullable'; @@ -8353,73 +6036,6 @@ export type IResolvers = { SourceConfiguration?: SourceConfigurationResolvers.Resolvers; SourceFields?: SourceFieldsResolvers.Resolvers; SourceStatus?: SourceStatusResolvers.Resolvers; - AuthenticationsData?: AuthenticationsDataResolvers.Resolvers; - AuthenticationsEdges?: AuthenticationsEdgesResolvers.Resolvers; - AuthenticationItem?: AuthenticationItemResolvers.Resolvers; - UserEcsFields?: UserEcsFieldsResolvers.Resolvers; - LastSourceHost?: LastSourceHostResolvers.Resolvers; - SourceEcsFields?: SourceEcsFieldsResolvers.Resolvers; - GeoEcsFields?: GeoEcsFieldsResolvers.Resolvers; - Location?: LocationResolvers.Resolvers; - HostEcsFields?: HostEcsFieldsResolvers.Resolvers; - OsEcsFields?: OsEcsFieldsResolvers.Resolvers; - CursorType?: CursorTypeResolvers.Resolvers; - PageInfoPaginated?: PageInfoPaginatedResolvers.Resolvers; - Inspect?: InspectResolvers.Resolvers; - TimelineData?: TimelineDataResolvers.Resolvers; - TimelineEdges?: TimelineEdgesResolvers.Resolvers; - TimelineItem?: TimelineItemResolvers.Resolvers; - TimelineNonEcsData?: TimelineNonEcsDataResolvers.Resolvers; - Ecs?: EcsResolvers.Resolvers; - AgentEcsField?: AgentEcsFieldResolvers.Resolvers; - AuditdEcsFields?: AuditdEcsFieldsResolvers.Resolvers; - AuditdData?: AuditdDataResolvers.Resolvers; - Summary?: SummaryResolvers.Resolvers; - PrimarySecondary?: PrimarySecondaryResolvers.Resolvers; - DestinationEcsFields?: DestinationEcsFieldsResolvers.Resolvers; - DnsEcsFields?: DnsEcsFieldsResolvers.Resolvers; - DnsQuestionData?: DnsQuestionDataResolvers.Resolvers; - EndgameEcsFields?: EndgameEcsFieldsResolvers.Resolvers; - EventEcsFields?: EventEcsFieldsResolvers.Resolvers; - NetworkEcsField?: NetworkEcsFieldResolvers.Resolvers; - RuleEcsField?: RuleEcsFieldResolvers.Resolvers; - SignalField?: SignalFieldResolvers.Resolvers; - RuleField?: RuleFieldResolvers.Resolvers; - SuricataEcsFields?: SuricataEcsFieldsResolvers.Resolvers; - SuricataEveData?: SuricataEveDataResolvers.Resolvers; - SuricataAlertData?: SuricataAlertDataResolvers.Resolvers; - TlsEcsFields?: TlsEcsFieldsResolvers.Resolvers; - TlsClientCertificateData?: TlsClientCertificateDataResolvers.Resolvers; - FingerprintData?: FingerprintDataResolvers.Resolvers; - TlsFingerprintsData?: TlsFingerprintsDataResolvers.Resolvers; - TlsJa3Data?: TlsJa3DataResolvers.Resolvers; - TlsServerCertificateData?: TlsServerCertificateDataResolvers.Resolvers; - ZeekEcsFields?: ZeekEcsFieldsResolvers.Resolvers; - ZeekConnectionData?: ZeekConnectionDataResolvers.Resolvers; - ZeekNoticeData?: ZeekNoticeDataResolvers.Resolvers; - ZeekDnsData?: ZeekDnsDataResolvers.Resolvers; - ZeekHttpData?: ZeekHttpDataResolvers.Resolvers; - ZeekFileData?: ZeekFileDataResolvers.Resolvers; - ZeekSslData?: ZeekSslDataResolvers.Resolvers; - HttpEcsFields?: HttpEcsFieldsResolvers.Resolvers; - HttpRequestData?: HttpRequestDataResolvers.Resolvers; - HttpBodyData?: HttpBodyDataResolvers.Resolvers; - HttpResponseData?: HttpResponseDataResolvers.Resolvers; - UrlEcsFields?: UrlEcsFieldsResolvers.Resolvers; - WinlogEcsFields?: WinlogEcsFieldsResolvers.Resolvers; - ProcessEcsFields?: ProcessEcsFieldsResolvers.Resolvers; - ProcessHashData?: ProcessHashDataResolvers.Resolvers; - Thread?: ThreadResolvers.Resolvers; - FileFields?: FileFieldsResolvers.Resolvers; - SystemEcsField?: SystemEcsFieldResolvers.Resolvers; - AuditEcsFields?: AuditEcsFieldsResolvers.Resolvers; - PackageEcsFields?: PackageEcsFieldsResolvers.Resolvers; - AuthEcsFields?: AuthEcsFieldsResolvers.Resolvers; - SshEcsFields?: SshEcsFieldsResolvers.Resolvers; - PageInfo?: PageInfoResolvers.Resolvers; - TimelineDetailsData?: TimelineDetailsDataResolvers.Resolvers; - DetailItem?: DetailItemResolvers.Resolvers; - LastEventTimeData?: LastEventTimeDataResolvers.Resolvers; HostsData?: HostsDataResolvers.Resolvers; HostsEdges?: HostsEdgesResolvers.Resolvers; HostItem?: HostItemResolvers.Resolvers; @@ -8427,36 +6043,12 @@ export type IResolvers = { CloudInstance?: CloudInstanceResolvers.Resolvers; CloudMachine?: CloudMachineResolvers.Resolvers; EndpointFields?: EndpointFieldsResolvers.Resolvers; + HostEcsFields?: HostEcsFieldsResolvers.Resolvers; + OsEcsFields?: OsEcsFieldsResolvers.Resolvers; + Inspect?: InspectResolvers.Resolvers; + CursorType?: CursorTypeResolvers.Resolvers; + PageInfoPaginated?: PageInfoPaginatedResolvers.Resolvers; FirstLastSeenHost?: FirstLastSeenHostResolvers.Resolvers; - KpiNetworkData?: KpiNetworkDataResolvers.Resolvers; - KpiNetworkHistogramData?: KpiNetworkHistogramDataResolvers.Resolvers; - KpiHostsData?: KpiHostsDataResolvers.Resolvers; - KpiHostHistogramData?: KpiHostHistogramDataResolvers.Resolvers; - KpiHostDetailsData?: KpiHostDetailsDataResolvers.Resolvers; - MatrixHistogramOverTimeData?: MatrixHistogramOverTimeDataResolvers.Resolvers; - MatrixOverTimeHistogramData?: MatrixOverTimeHistogramDataResolvers.Resolvers; - NetworkTopCountriesData?: NetworkTopCountriesDataResolvers.Resolvers; - NetworkTopCountriesEdges?: NetworkTopCountriesEdgesResolvers.Resolvers; - NetworkTopCountriesItem?: NetworkTopCountriesItemResolvers.Resolvers; - TopCountriesItemSource?: TopCountriesItemSourceResolvers.Resolvers; - GeoItem?: GeoItemResolvers.Resolvers; - TopCountriesItemDestination?: TopCountriesItemDestinationResolvers.Resolvers; - TopNetworkTablesEcsField?: TopNetworkTablesEcsFieldResolvers.Resolvers; - NetworkTopNFlowData?: NetworkTopNFlowDataResolvers.Resolvers; - NetworkTopNFlowEdges?: NetworkTopNFlowEdgesResolvers.Resolvers; - NetworkTopNFlowItem?: NetworkTopNFlowItemResolvers.Resolvers; - TopNFlowItemSource?: TopNFlowItemSourceResolvers.Resolvers; - AutonomousSystemItem?: AutonomousSystemItemResolvers.Resolvers; - TopNFlowItemDestination?: TopNFlowItemDestinationResolvers.Resolvers; - NetworkDnsData?: NetworkDnsDataResolvers.Resolvers; - NetworkDnsEdges?: NetworkDnsEdgesResolvers.Resolvers; - NetworkDnsItem?: NetworkDnsItemResolvers.Resolvers; - MatrixOverOrdinalHistogramData?: MatrixOverOrdinalHistogramDataResolvers.Resolvers; - NetworkDsOverTimeData?: NetworkDsOverTimeDataResolvers.Resolvers; - NetworkHttpData?: NetworkHttpDataResolvers.Resolvers; - NetworkHttpEdges?: NetworkHttpEdgesResolvers.Resolvers; - NetworkHttpItem?: NetworkHttpItemResolvers.Resolvers; - SayMyName?: SayMyNameResolvers.Resolvers; TimelineResult?: TimelineResultResolvers.Resolvers; ColumnHeaderResult?: ColumnHeaderResultResolvers.Resolvers; DataProviderResult?: DataProviderResultResolvers.Resolvers; @@ -8474,19 +6066,68 @@ export type IResolvers = { ResponseNote?: ResponseNoteResolvers.Resolvers; ResponseTimeline?: ResponseTimelineResolvers.Resolvers; ResponseFavoriteTimeline?: ResponseFavoriteTimelineResolvers.Resolvers; + EventEcsFields?: EventEcsFieldsResolvers.Resolvers; + Location?: LocationResolvers.Resolvers; + GeoEcsFields?: GeoEcsFieldsResolvers.Resolvers; + PrimarySecondary?: PrimarySecondaryResolvers.Resolvers; + Summary?: SummaryResolvers.Resolvers; + AgentEcsField?: AgentEcsFieldResolvers.Resolvers; + AuditdData?: AuditdDataResolvers.Resolvers; + AuditdEcsFields?: AuditdEcsFieldsResolvers.Resolvers; + Thread?: ThreadResolvers.Resolvers; + ProcessHashData?: ProcessHashDataResolvers.Resolvers; + ProcessEcsFields?: ProcessEcsFieldsResolvers.Resolvers; + SourceEcsFields?: SourceEcsFieldsResolvers.Resolvers; + DestinationEcsFields?: DestinationEcsFieldsResolvers.Resolvers; + DnsQuestionData?: DnsQuestionDataResolvers.Resolvers; + DnsEcsFields?: DnsEcsFieldsResolvers.Resolvers; + EndgameEcsFields?: EndgameEcsFieldsResolvers.Resolvers; + SuricataAlertData?: SuricataAlertDataResolvers.Resolvers; + SuricataEveData?: SuricataEveDataResolvers.Resolvers; + SuricataEcsFields?: SuricataEcsFieldsResolvers.Resolvers; + TlsJa3Data?: TlsJa3DataResolvers.Resolvers; + FingerprintData?: FingerprintDataResolvers.Resolvers; + TlsClientCertificateData?: TlsClientCertificateDataResolvers.Resolvers; + TlsServerCertificateData?: TlsServerCertificateDataResolvers.Resolvers; + TlsFingerprintsData?: TlsFingerprintsDataResolvers.Resolvers; + TlsEcsFields?: TlsEcsFieldsResolvers.Resolvers; + ZeekConnectionData?: ZeekConnectionDataResolvers.Resolvers; + ZeekNoticeData?: ZeekNoticeDataResolvers.Resolvers; + ZeekDnsData?: ZeekDnsDataResolvers.Resolvers; + FileFields?: FileFieldsResolvers.Resolvers; + ZeekHttpData?: ZeekHttpDataResolvers.Resolvers; + HttpBodyData?: HttpBodyDataResolvers.Resolvers; + HttpRequestData?: HttpRequestDataResolvers.Resolvers; + HttpResponseData?: HttpResponseDataResolvers.Resolvers; + HttpEcsFields?: HttpEcsFieldsResolvers.Resolvers; + UrlEcsFields?: UrlEcsFieldsResolvers.Resolvers; + ZeekFileData?: ZeekFileDataResolvers.Resolvers; + ZeekSslData?: ZeekSslDataResolvers.Resolvers; + ZeekEcsFields?: ZeekEcsFieldsResolvers.Resolvers; + UserEcsFields?: UserEcsFieldsResolvers.Resolvers; + WinlogEcsFields?: WinlogEcsFieldsResolvers.Resolvers; + NetworkEcsField?: NetworkEcsFieldResolvers.Resolvers; + PackageEcsFields?: PackageEcsFieldsResolvers.Resolvers; + AuditEcsFields?: AuditEcsFieldsResolvers.Resolvers; + SshEcsFields?: SshEcsFieldsResolvers.Resolvers; + AuthEcsFields?: AuthEcsFieldsResolvers.Resolvers; + SystemEcsField?: SystemEcsFieldResolvers.Resolvers; + RuleField?: RuleFieldResolvers.Resolvers; + SignalField?: SignalFieldResolvers.Resolvers; + RuleEcsField?: RuleEcsFieldResolvers.Resolvers; + Ecs?: EcsResolvers.Resolvers; EcsEdges?: EcsEdgesResolvers.Resolvers; - EventsTimelineData?: EventsTimelineDataResolvers.Resolvers; OsFields?: OsFieldsResolvers.Resolvers; HostFields?: HostFieldsResolvers.Resolvers; IndexField?: IndexFieldResolvers.Resolvers; + PageInfo?: PageInfoResolvers.Resolvers; ToStringArray?: GraphQLScalarType; Date?: GraphQLScalarType; - ToNumberArray?: GraphQLScalarType; - ToDateArray?: GraphQLScalarType; - ToBooleanArray?: GraphQLScalarType; ToAny?: GraphQLScalarType; - EsValue?: GraphQLScalarType; ToStringArrayNoNullable?: GraphQLScalarType; + ToDateArray?: GraphQLScalarType; + ToNumberArray?: GraphQLScalarType; + ToBooleanArray?: GraphQLScalarType; ToIFieldSubTypeNonNullable?: GraphQLScalarType; } & { [typeName: string]: never }; diff --git a/x-pack/plugins/security_solution/server/graphql/who_am_i/index.ts b/x-pack/plugins/security_solution/server/graphql/who_am_i/index.ts deleted file mode 100644 index 6ef7f1ae8a2eb..0000000000000 --- a/x-pack/plugins/security_solution/server/graphql/who_am_i/index.ts +++ /dev/null @@ -1,8 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -export { createWhoAmIResolvers } from './resolvers'; -export { whoAmISchema } from './schema.gql'; diff --git a/x-pack/plugins/security_solution/server/graphql/who_am_i/resolvers.ts b/x-pack/plugins/security_solution/server/graphql/who_am_i/resolvers.ts deleted file mode 100644 index 065edfb99ccea..0000000000000 --- a/x-pack/plugins/security_solution/server/graphql/who_am_i/resolvers.ts +++ /dev/null @@ -1,28 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import { SourceResolvers } from '../../graphql/types'; -import { AppResolverOf, ChildResolverOf } from '../../lib/framework'; -import { QuerySourceResolver } from '../sources/resolvers'; - -export type QueryWhoAmIResolver = ChildResolverOf< - AppResolverOf, - QuerySourceResolver ->; - -export const createWhoAmIResolvers = (): { - Source: { - whoAmI: QueryWhoAmIResolver; - }; -} => ({ - Source: { - async whoAmI(root, args) { - return { - appName: 'SIEM', - }; - }, - }, -}); diff --git a/x-pack/plugins/security_solution/server/graphql/who_am_i/schema.gql.ts b/x-pack/plugins/security_solution/server/graphql/who_am_i/schema.gql.ts deleted file mode 100644 index 0a264cd2988fe..0000000000000 --- a/x-pack/plugins/security_solution/server/graphql/who_am_i/schema.gql.ts +++ /dev/null @@ -1,19 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import gql from 'graphql-tag'; - -export const whoAmISchema = gql` - type SayMyName { - "The id of the source" - appName: String! - } - - extend type Source { - "Just a simple example to get the app name" - whoAmI: SayMyName - } -`; diff --git a/x-pack/plugins/security_solution/server/init_server.ts b/x-pack/plugins/security_solution/server/init_server.ts index 3d2833f1c6c60..997240a33ad22 100644 --- a/x-pack/plugins/security_solution/server/init_server.ts +++ b/x-pack/plugins/security_solution/server/init_server.ts @@ -6,13 +6,8 @@ import { IResolvers, makeExecutableSchema } from 'graphql-tools'; import { schemas } from './graphql'; -import { createAuthenticationsResolvers } from './graphql/authentications'; import { createScalarToStringArrayValueResolvers } from './graphql/ecs'; -import { createEsValueResolvers, createEventsResolvers } from './graphql/events'; import { createHostsResolvers } from './graphql/hosts'; -import { createKpiHostsResolvers } from './graphql/kpi_hosts'; -import { createKpiNetworkResolvers } from './graphql/kpi_network'; -import { createNetworkResolvers } from './graphql/network'; import { createNoteResolvers } from './graphql/note'; import { createPinnedEventResolvers } from './graphql/pinned_event'; import { createScalarDateResolvers } from './graphql/scalar_date'; @@ -23,24 +18,16 @@ import { createScalarToNumberArrayValueResolvers } from './graphql/scalar_to_num import { createSourceStatusResolvers } from './graphql/source_status'; import { createSourcesResolvers } from './graphql/sources'; import { createTimelineResolvers } from './graphql/timeline'; -import { createWhoAmIResolvers } from './graphql/who_am_i'; import { AppBackendLibs } from './lib/types'; -import { createMatrixHistogramResolvers } from './graphql/matrix_histogram'; export const initServer = (libs: AppBackendLibs) => { const schema = makeExecutableSchema({ resolvers: [ - createAuthenticationsResolvers(libs) as IResolvers, - createEsValueResolvers() as IResolvers, - createEventsResolvers(libs) as IResolvers, createHostsResolvers(libs) as IResolvers, - createKpiNetworkResolvers(libs) as IResolvers, - createMatrixHistogramResolvers(libs) as IResolvers, createNoteResolvers(libs) as IResolvers, createPinnedEventResolvers(libs) as IResolvers, createSourcesResolvers(libs) as IResolvers, createScalarToStringArrayValueResolvers() as IResolvers, - createNetworkResolvers(libs) as IResolvers, createScalarDateResolvers() as IResolvers, createScalarToDateArrayValueResolvers() as IResolvers, createScalarToAnyValueResolvers() as IResolvers, @@ -49,8 +36,6 @@ export const initServer = (libs: AppBackendLibs) => { createSourcesResolvers(libs) as IResolvers, createSourceStatusResolvers(libs) as IResolvers, createTimelineResolvers(libs) as IResolvers, - createWhoAmIResolvers() as IResolvers, - createKpiHostsResolvers(libs) as IResolvers, ], typeDefs: schemas, }); diff --git a/x-pack/plugins/security_solution/server/lib/authentications/elasticsearch_adapter.test.ts b/x-pack/plugins/security_solution/server/lib/authentications/elasticsearch_adapter.test.ts deleted file mode 100644 index d037164a34efb..0000000000000 --- a/x-pack/plugins/security_solution/server/lib/authentications/elasticsearch_adapter.test.ts +++ /dev/null @@ -1,135 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import { AuthenticationsEdges } from '../../graphql/types'; - -import { formatAuthenticationData } from './elasticsearch_adapter'; -import { auditdFieldsMap } from './query.dsl'; -import { AuthenticationHit } from './types'; - -describe('authentications elasticsearch_adapter', () => { - describe('#formatAuthenticationsData', () => { - const hit: AuthenticationHit = { - _index: 'index-123', - _type: 'type-123', - _id: 'id-123', - _score: 10, - _source: { - '@timestamp': 'time-1', - }, - cursor: 'cursor-1', - sort: [0], - user: 'Evan', - failures: 10, - successes: 20, - }; - - test('it formats a authentication with an empty set', () => { - const fields: readonly string[] = ['']; - const data = formatAuthenticationData(fields, hit, auditdFieldsMap); - const expected: AuthenticationsEdges = { - cursor: { - tiebreaker: null, - value: 'cursor-1', - }, - node: { - _id: 'id-123', - failures: 10, - successes: 20, - user: { - name: ['Evan'], - }, - }, - }; - - expect(data).toEqual(expected); - }); - - test('it formats a authentications with a source ip correctly', () => { - const fields: readonly string[] = ['lastSuccess.source.ip']; - const data = formatAuthenticationData(fields, hit, auditdFieldsMap); - const expected: AuthenticationsEdges = { - cursor: { - tiebreaker: null, - value: 'cursor-1', - }, - node: { - _id: 'id-123', - failures: 10, - successes: 20, - user: { - name: ['Evan'], - }, - }, - }; - - expect(data).toEqual(expected); - }); - - test('it formats a authentications with a host name only', () => { - const fields: readonly string[] = ['lastSuccess.host.name']; - const data = formatAuthenticationData(fields, hit, auditdFieldsMap); - const expected: AuthenticationsEdges = { - cursor: { - tiebreaker: null, - value: 'cursor-1', - }, - node: { - _id: 'id-123', - failures: 10, - successes: 20, - user: { - name: ['Evan'], - }, - }, - }; - - expect(data).toEqual(expected); - }); - - test('it formats a authentications with a host id only', () => { - const fields: readonly string[] = ['lastSuccess.host.id']; - const data = formatAuthenticationData(fields, hit, auditdFieldsMap); - const expected: AuthenticationsEdges = { - cursor: { - tiebreaker: null, - value: 'cursor-1', - }, - node: { - _id: 'id-123', - failures: 10, - successes: 20, - user: { - name: ['Evan'], - }, - }, - }; - - expect(data).toEqual(expected); - }); - - test('it formats a authentications with a host name and id correctly', () => { - const fields: readonly string[] = ['lastSuccess.host.name', 'lastSuccess.host.id']; - const data = formatAuthenticationData(fields, hit, auditdFieldsMap); - const expected: AuthenticationsEdges = { - cursor: { - tiebreaker: null, - value: 'cursor-1', - }, - node: { - _id: 'id-123', - failures: 10, - successes: 20, - user: { - name: ['Evan'], - }, - }, - }; - - expect(data).toEqual(expected); - }); - }); -}); diff --git a/x-pack/plugins/security_solution/server/lib/authentications/elasticsearch_adapter.ts b/x-pack/plugins/security_solution/server/lib/authentications/elasticsearch_adapter.ts deleted file mode 100644 index 724297fac7b67..0000000000000 --- a/x-pack/plugins/security_solution/server/lib/authentications/elasticsearch_adapter.ts +++ /dev/null @@ -1,119 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import { getOr } from 'lodash/fp'; - -import { AuthenticationsData, AuthenticationsEdges } from '../../graphql/types'; -import { mergeFieldsWithHit, inspectStringifyObject } from '../../utils/build_query'; -import { FrameworkAdapter, FrameworkRequest, RequestOptionsPaginated } from '../framework'; -import { TermAggregation } from '../types'; -import { DEFAULT_MAX_TABLE_QUERY_SIZE } from '../../../common/constants'; - -import { auditdFieldsMap, buildQuery } from './query.dsl'; -import { - AuthenticationBucket, - AuthenticationData, - AuthenticationHit, - AuthenticationsAdapter, -} from './types'; - -export class ElasticsearchAuthenticationAdapter implements AuthenticationsAdapter { - constructor(private readonly framework: FrameworkAdapter) {} - - public async getAuthentications( - request: FrameworkRequest, - options: RequestOptionsPaginated - ): Promise { - const dsl = buildQuery(options); - if (options.pagination && options.pagination.querySize >= DEFAULT_MAX_TABLE_QUERY_SIZE) { - throw new Error(`No query size above ${DEFAULT_MAX_TABLE_QUERY_SIZE}`); - } - const response = await this.framework.callWithRequest( - request, - 'search', - dsl - ); - const { activePage, cursorStart, fakePossibleCount, querySize } = options.pagination; - const totalCount = getOr(0, 'aggregations.user_count.value', response); - const fakeTotalCount = fakePossibleCount <= totalCount ? fakePossibleCount : totalCount; - const hits: AuthenticationHit[] = getOr( - [], - 'aggregations.group_by_users.buckets', - response - ).map((bucket: AuthenticationBucket) => ({ - _id: getOr( - `${bucket.key}+${bucket.doc_count}`, - 'failures.lastFailure.hits.hits[0].id', - bucket - ), - _source: { - lastSuccess: getOr(null, 'successes.lastSuccess.hits.hits[0]._source', bucket), - lastFailure: getOr(null, 'failures.lastFailure.hits.hits[0]._source', bucket), - }, - user: bucket.key, - failures: bucket.failures.doc_count, - successes: bucket.successes.doc_count, - })); - const authenticationEdges: AuthenticationsEdges[] = hits.map((hit) => - formatAuthenticationData(options.fields, hit, auditdFieldsMap) - ); - - const edges = authenticationEdges.splice(cursorStart, querySize - cursorStart); - const inspect = { - dsl: [inspectStringifyObject(dsl)], - response: [inspectStringifyObject(response)], - }; - const showMorePagesIndicator = totalCount > fakeTotalCount; - - return { - inspect, - edges, - totalCount, - pageInfo: { - activePage: activePage ? activePage : 0, - fakeTotalCount, - showMorePagesIndicator, - }, - }; - } -} - -export const formatAuthenticationData = ( - fields: readonly string[], - hit: AuthenticationHit, - fieldMap: Readonly> -): AuthenticationsEdges => - fields.reduce( - (flattenedFields, fieldName) => { - if (hit.cursor) { - flattenedFields.cursor.value = hit.cursor; - } - flattenedFields.node = { - ...flattenedFields.node, - ...{ - _id: hit._id, - user: { name: [hit.user] }, - failures: hit.failures, - successes: hit.successes, - }, - }; - return mergeFieldsWithHit(fieldName, flattenedFields, fieldMap, hit); - }, - { - node: { - failures: 0, - successes: 0, - _id: '', - user: { - name: [''], - }, - }, - cursor: { - value: '', - tiebreaker: null, - }, - } - ); diff --git a/x-pack/plugins/security_solution/server/lib/authentications/index.ts b/x-pack/plugins/security_solution/server/lib/authentications/index.ts deleted file mode 100644 index c1b93818943db..0000000000000 --- a/x-pack/plugins/security_solution/server/lib/authentications/index.ts +++ /dev/null @@ -1,21 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import { AuthenticationsData } from '../../graphql/types'; -import { FrameworkRequest, RequestOptionsPaginated } from '../framework'; - -import { AuthenticationsAdapter } from './types'; - -export class Authentications { - constructor(private readonly adapter: AuthenticationsAdapter) {} - - public async getAuthentications( - req: FrameworkRequest, - options: RequestOptionsPaginated - ): Promise { - return this.adapter.getAuthentications(req, options); - } -} diff --git a/x-pack/plugins/security_solution/server/lib/authentications/query.dsl.ts b/x-pack/plugins/security_solution/server/lib/authentications/query.dsl.ts deleted file mode 100644 index b6b72cd37efaa..0000000000000 --- a/x-pack/plugins/security_solution/server/lib/authentications/query.dsl.ts +++ /dev/null @@ -1,121 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import { isEmpty } from 'lodash/fp'; - -import { createQueryFilterClauses } from '../../utils/build_query'; -import { reduceFields } from '../../utils/build_query/reduce_fields'; -import { hostFieldsMap, sourceFieldsMap } from '../ecs_fields'; -import { extendMap } from '../ecs_fields/extend_map'; -import { RequestOptionsPaginated } from '../framework'; - -export const auditdFieldsMap: Readonly> = { - latest: '@timestamp', - 'lastSuccess.timestamp': 'lastSuccess.@timestamp', - 'lastFailure.timestamp': 'lastFailure.@timestamp', - ...{ ...extendMap('lastSuccess', sourceFieldsMap) }, - ...{ ...extendMap('lastSuccess', hostFieldsMap) }, - ...{ ...extendMap('lastFailure', sourceFieldsMap) }, - ...{ ...extendMap('lastFailure', hostFieldsMap) }, -}; - -export const buildQuery = ({ - fields, - filterQuery, - timerange: { from, to }, - pagination: { querySize }, - defaultIndex, - docValueFields, - sourceConfiguration: { - fields: { timestamp }, - }, -}: RequestOptionsPaginated) => { - const esFields = reduceFields(fields, { ...hostFieldsMap, ...sourceFieldsMap }); - - const filter = [ - ...createQueryFilterClauses(filterQuery), - { term: { 'event.category': 'authentication' } }, - { - range: { - [timestamp]: { - gte: from, - lte: to, - format: 'strict_date_optional_time', - }, - }, - }, - ]; - - const agg = { - user_count: { - cardinality: { - field: 'user.name', - }, - }, - }; - - const dslQuery = { - allowNoIndices: true, - index: defaultIndex, - ignoreUnavailable: true, - body: { - ...(isEmpty(docValueFields) ? { docvalue_fields: docValueFields } : {}), - aggregations: { - ...agg, - group_by_users: { - terms: { - size: querySize, - field: 'user.name', - order: [{ 'successes.doc_count': 'desc' }, { 'failures.doc_count': 'desc' }], - }, - aggs: { - failures: { - filter: { - term: { - 'event.outcome': 'failure', - }, - }, - aggs: { - lastFailure: { - top_hits: { - size: 1, - _source: esFields, - sort: [{ '@timestamp': { order: 'desc' } }], - }, - }, - }, - }, - successes: { - filter: { - term: { - 'event.outcome': 'success', - }, - }, - aggs: { - lastSuccess: { - top_hits: { - size: 1, - _source: esFields, - sort: [{ '@timestamp': { order: 'desc' } }], - }, - }, - }, - }, - }, - }, - }, - query: { - bool: { - filter, - }, - }, - size: 0, - }, - track_total_hits: false, - }; - - return dslQuery; -}; diff --git a/x-pack/plugins/security_solution/server/lib/authentications/types.ts b/x-pack/plugins/security_solution/server/lib/authentications/types.ts deleted file mode 100644 index 2d2c7ba547c09..0000000000000 --- a/x-pack/plugins/security_solution/server/lib/authentications/types.ts +++ /dev/null @@ -1,62 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import { AuthenticationsData, LastSourceHost } from '../../graphql/types'; -import { FrameworkRequest, RequestOptionsPaginated } from '../framework'; -import { Hit, SearchHit, TotalHit } from '../types'; - -export interface AuthenticationsAdapter { - getAuthentications( - req: FrameworkRequest, - options: RequestOptionsPaginated - ): Promise; -} - -type StringOrNumber = string | number; -export interface AuthenticationHit extends Hit { - _source: { - '@timestamp': string; - lastSuccess?: LastSourceHost; - lastFailure?: LastSourceHost; - }; - user: string; - failures: number; - successes: number; - cursor?: string; - sort: StringOrNumber[]; -} - -export interface AuthenticationBucket { - key: { - user_uid: string; - }; - doc_count: number; - failures: { - doc_count: number; - }; - successes: { - doc_count: number; - }; - authentication: { - hits: { - total: TotalHit; - hits: ArrayLike; - }; - }; -} - -export interface AuthenticationData extends SearchHit { - sort: string[]; - aggregations: { - process_count: { - value: number; - }; - group_by_process: { - after_key: string; - buckets: AuthenticationBucket[]; - }; - }; -} diff --git a/x-pack/plugins/security_solution/server/lib/compose/kibana.ts b/x-pack/plugins/security_solution/server/lib/compose/kibana.ts index 6348ee930a109..433ee4a5f99fa 100644 --- a/x-pack/plugins/security_solution/server/lib/compose/kibana.ts +++ b/x-pack/plugins/security_solution/server/lib/compose/kibana.ts @@ -7,26 +7,17 @@ import { CoreSetup } from '../../../../../../src/core/server'; import { SetupPlugins } from '../../plugin'; -import { Authentications } from '../authentications'; -import { ElasticsearchAuthenticationAdapter } from '../authentications/elasticsearch_adapter'; -import { ElasticsearchEventsAdapter, Events } from '../events'; import { KibanaBackendFrameworkAdapter } from '../framework/kibana_framework_adapter'; import { ElasticsearchHostsAdapter, Hosts } from '../hosts'; -import { KpiHosts } from '../kpi_hosts'; -import { ElasticsearchKpiHostsAdapter } from '../kpi_hosts/elasticsearch_adapter'; import { ElasticsearchIndexFieldAdapter, IndexFields } from '../index_fields'; -import { KpiNetwork } from '../kpi_network'; -import { ElasticsearchKpiNetworkAdapter } from '../kpi_network/elasticsearch_adapter'; -import { ElasticsearchNetworkAdapter, Network } from '../network'; import { ElasticsearchSourceStatusAdapter, SourceStatus } from '../source_status'; import { ConfigurationSourcesAdapter, Sources } from '../sources'; import { AppBackendLibs, AppDomainLibs } from '../types'; import * as note from '../note/saved_object'; import * as pinnedEvent from '../pinned_event/saved_object'; import * as timeline from '../timeline/saved_object'; -import { ElasticsearchMatrixHistogramAdapter, MatrixHistogram } from '../matrix_histogram'; import { EndpointAppContext } from '../../endpoint/types'; export function compose( @@ -40,14 +31,8 @@ export function compose( const sourceStatus = new SourceStatus(new ElasticsearchSourceStatusAdapter(framework)); const domainLibs: AppDomainLibs = { - authentications: new Authentications(new ElasticsearchAuthenticationAdapter(framework)), - events: new Events(new ElasticsearchEventsAdapter(framework)), fields: new IndexFields(new ElasticsearchIndexFieldAdapter()), hosts: new Hosts(new ElasticsearchHostsAdapter(framework, endpointContext)), - kpiHosts: new KpiHosts(new ElasticsearchKpiHostsAdapter(framework)), - kpiNetwork: new KpiNetwork(new ElasticsearchKpiNetworkAdapter(framework)), - matrixHistogram: new MatrixHistogram(new ElasticsearchMatrixHistogramAdapter(framework)), - network: new Network(new ElasticsearchNetworkAdapter(framework)), }; const libs: AppBackendLibs = { diff --git a/x-pack/plugins/security_solution/server/lib/events/elasticsearch_adapter.test.ts b/x-pack/plugins/security_solution/server/lib/events/elasticsearch_adapter.test.ts deleted file mode 100644 index 42dc13d84fd98..0000000000000 --- a/x-pack/plugins/security_solution/server/lib/events/elasticsearch_adapter.test.ts +++ /dev/null @@ -1,549 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ -import { EcsEdges, TimelineDetailsData } from '../../graphql/types'; -import { eventFieldsMap } from '../ecs_fields'; -import { FrameworkAdapter, FrameworkRequest } from '../framework'; - -import { - ElasticsearchEventsAdapter, - formatEventsData, - formatTimelineData, - getFieldCategory, -} from './elasticsearch_adapter'; -import { - mockDetailsQueryDsl, - mockOptions, - mockQueryDsl, - mockRequest, - mockResponseMap, - mockResponseSearchTimelineDetails, - mockTimelineDetailsResult, -} from './mock'; -import { EventHit } from './types'; - -jest.mock('./query.dsl', () => { - return { - buildQuery: jest.fn(() => mockQueryDsl), - buildDetailsQuery: jest.fn(() => mockDetailsQueryDsl), - }; -}); - -describe('events elasticsearch_adapter', () => { - const hit: EventHit = { - _index: 'index-123', - _type: 'type-123', - _id: 'id-123', - _score: 10, - aggregations: {}, - _source: { - '@timestamp': ['time-1'], - host: { - name: ['hostname-1'], - ip: ['hostip-1'], - }, - suricata: { - eve: { - alert: { - category: 'suricata-category-1', - signature: ['suricata-signature-1'], - signature_id: [5000], - severity: 1, - }, - flow_id: [100], - proto: ['suricata-proto-1'], - }, - }, - source: { - ip: ['source-ip-1'], - port: [100], - }, - destination: { - ip: ['destination-ip-1'], - port: [200], - geo: { - region_name: ['geo-region-1'], - country_iso_code: ['geo-iso-code-1'], - }, - }, - event: { - action: ['event-action-1'], - module: ['event-module-1'], - type: ['event-type-1'], - category: ['event-category-1'], - severity: [1], - id: ['event-id-1'], - }, - }, - sort: ['123567890', '1234'], - }; - - describe('#formatEventsData', () => { - test('it formats an event with a source of hostname correctly', () => { - const fields: readonly string[] = ['host.name']; - const data = formatEventsData(fields, hit, eventFieldsMap); - const expected: EcsEdges = { - cursor: { - tiebreaker: '1234', - value: '123567890', - }, - node: { - _id: 'id-123', - _index: 'index-123', - host: { - name: ['hostname-1'], - }, - }, - }; - expect(data).toEqual(expected); - }); - - test('it formats an event with a source of host ip correctly', () => { - const fields: readonly string[] = ['host.ip']; - const data = formatEventsData(fields, hit, eventFieldsMap); - const expected: EcsEdges = { - cursor: { - tiebreaker: '1234', - value: '123567890', - }, - node: { - _id: 'id-123', - _index: 'index-123', - host: { - ip: ['hostip-1'], - }, - }, - }; - expect(data).toEqual(expected); - }); - - test('it formats an event with a event category correctly', () => { - const fields: readonly string[] = ['event.category']; - const data = formatEventsData(fields, hit, eventFieldsMap); - const expected: EcsEdges = { - cursor: { - tiebreaker: '1234', - value: '123567890', - }, - node: { - _id: 'id-123', - _index: 'index-123', - event: { - category: ['event-category-1'], - }, - }, - }; - - expect(data).toEqual(expected); - }); - - test('it formats an event with a event id correctly', () => { - const fields: readonly string[] = ['event.id']; - const data = formatEventsData(fields, hit, eventFieldsMap); - const expected: EcsEdges = { - cursor: { - tiebreaker: '1234', - value: '123567890', - }, - node: { - _id: 'id-123', - _index: 'index-123', - event: { - id: ['event-id-1'], - }, - }, - }; - expect(data).toEqual(expected); - }); - - test('it formats an event with a event module correctly', () => { - const fields: readonly string[] = ['event.module']; - const data = formatEventsData(fields, hit, eventFieldsMap); - const expected: EcsEdges = { - cursor: { - tiebreaker: '1234', - value: '123567890', - }, - node: { - _id: 'id-123', - _index: 'index-123', - event: { - module: ['event-module-1'], - }, - }, - }; - expect(data).toEqual(expected); - }); - - test('it formats an event with a event action correctly', () => { - const fields: readonly string[] = ['event.action']; - const data = formatEventsData(fields, hit, eventFieldsMap); - const expected: EcsEdges = { - cursor: { - tiebreaker: '1234', - value: '123567890', - }, - node: { - _id: 'id-123', - _index: 'index-123', - event: { - action: ['event-action-1'], - }, - }, - }; - - expect(data).toEqual(expected); - }); - - test('it formats an event with a event severity correctly', () => { - const fields: readonly string[] = ['event.severity']; - const data = formatEventsData(fields, hit, eventFieldsMap); - const expected: EcsEdges = { - cursor: { - tiebreaker: '1234', - value: '123567890', - }, - node: { - _id: 'id-123', - _index: 'index-123', - event: { - severity: [1], - }, - }, - }; - - expect(data).toEqual(expected); - }); - - test('it formats an event with a suricata eve flow id correctly', () => { - const fields: readonly string[] = ['suricata.eve.flow_id']; - const data = formatEventsData(fields, hit, eventFieldsMap); - const expected: EcsEdges = { - cursor: { - tiebreaker: '1234', - value: '123567890', - }, - node: { - _id: 'id-123', - _index: 'index-123', - suricata: { - eve: { - flow_id: [100], - }, - }, - }, - }; - - expect(data).toEqual(expected); - }); - - test('it formats an event with a suricata eve proto correctly', () => { - const fields: readonly string[] = ['suricata.eve.proto']; - const data = formatEventsData(fields, hit, eventFieldsMap); - const expected: EcsEdges = { - cursor: { - tiebreaker: '1234', - value: '123567890', - }, - node: { - _id: 'id-123', - _index: 'index-123', - suricata: { - eve: { - proto: ['suricata-proto-1'], - }, - }, - }, - }; - - expect(data).toEqual(expected); - }); - - test('it formats an event with a suricata eve alert signature correctly', () => { - const fields: readonly string[] = ['suricata.eve.alert.signature']; - const data = formatEventsData(fields, hit, eventFieldsMap); - const expected: EcsEdges = { - cursor: { - tiebreaker: '1234', - value: '123567890', - }, - node: { - _id: 'id-123', - _index: 'index-123', - suricata: { - eve: { - alert: { - signature: ['suricata-signature-1'], - }, - }, - }, - }, - }; - - expect(data).toEqual(expected); - }); - - test('it formats an event with a suricata eve alert signature id correctly', () => { - const fields: readonly string[] = ['suricata.eve.alert.signature_id']; - const data = formatEventsData(fields, hit, eventFieldsMap); - const expected: EcsEdges = { - cursor: { - tiebreaker: '1234', - value: '123567890', - }, - node: { - _id: 'id-123', - _index: 'index-123', - suricata: { - eve: { - alert: { - signature_id: [5000], - }, - }, - }, - }, - }; - - expect(data).toEqual(expected); - }); - - test('it formats an event with a source ip correctly', () => { - const fields: readonly string[] = ['source.ip']; - const data = formatEventsData(fields, hit, eventFieldsMap); - const expected: EcsEdges = { - cursor: { - tiebreaker: '1234', - value: '123567890', - }, - node: { - _id: 'id-123', - _index: 'index-123', - source: { - ip: ['source-ip-1'], - }, - }, - }; - - expect(data).toEqual(expected); - }); - - test('it formats an event with a source port correctly', () => { - const fields: readonly string[] = ['source.port']; - const data = formatEventsData(fields, hit, eventFieldsMap); - const expected: EcsEdges = { - cursor: { - tiebreaker: '1234', - value: '123567890', - }, - node: { - _id: 'id-123', - _index: 'index-123', - source: { - port: [100], - }, - }, - }; - - expect(data).toEqual(expected); - }); - - test('it formats an event with a destination ip correctly', () => { - const fields: readonly string[] = ['destination.ip']; - const data = formatEventsData(fields, hit, eventFieldsMap); - const expected: EcsEdges = { - cursor: { - tiebreaker: '1234', - value: '123567890', - }, - node: { - _id: 'id-123', - _index: 'index-123', - destination: { - ip: ['destination-ip-1'], - }, - }, - }; - - expect(data).toEqual(expected); - }); - - test('it formats an event with a destination port correctly', () => { - const fields: readonly string[] = ['destination.port']; - const data = formatEventsData(fields, hit, eventFieldsMap); - const expected: EcsEdges = { - cursor: { - tiebreaker: '1234', - value: '123567890', - }, - node: { - _id: 'id-123', - _index: 'index-123', - destination: { - port: [200], - }, - }, - }; - - expect(data).toEqual(expected); - }); - - test('it formats an event with a geo region name correctly', () => { - const fields: readonly string[] = ['geo.region_name']; - const data = formatEventsData(fields, hit, eventFieldsMap); - const expected: EcsEdges = { - cursor: { - tiebreaker: '1234', - value: '123567890', - }, - node: { - _id: 'id-123', - _index: 'index-123', - geo: { - region_name: ['geo-region-1'], - }, - }, - }; - - expect(data).toEqual(expected); - }); - - test('it formats an event with a geo country iso code correctly', () => { - const fields: readonly string[] = ['geo.country_iso_code']; - const data = formatEventsData(fields, hit, eventFieldsMap); - const expected: EcsEdges = { - cursor: { - tiebreaker: '1234', - value: '123567890', - }, - node: { - _id: 'id-123', - _index: 'index-123', - geo: { - country_iso_code: ['geo-iso-code-1'], - }, - }, - }; - - expect(data).toEqual(expected); - }); - - test('it formats an event with a lot of fields correctly', () => { - const fields: readonly string[] = [ - 'host.name', - 'host.ip', - 'suricata.eve.proto', - 'suricata.eve.alert.signature_id', - 'geo.region_name', - ]; - const data = formatEventsData(fields, hit, eventFieldsMap); - const expected: EcsEdges = { - cursor: { - tiebreaker: '1234', - value: '123567890', - }, - node: { - _id: 'id-123', - _index: 'index-123', - host: { - name: ['hostname-1'], - ip: ['hostip-1'], - }, - geo: { - region_name: ['geo-region-1'], - }, - suricata: { - eve: { - proto: ['suricata-proto-1'], - alert: { - signature_id: [5000], - }, - }, - }, - }, - }; - - expect(data).toEqual(expected); - }); - - test('it formats a event data if fields are empty', () => { - const fields: readonly string[] = []; - const data = formatEventsData(fields, hit, eventFieldsMap); - const expected: EcsEdges = { cursor: { tiebreaker: null, value: '' }, node: { _id: '' } }; - - expect(data).toEqual(expected); - }); - }); - - describe('#formatTimelineData', () => { - test('it formats TimelineEdges from hit as expected ', () => { - const datafields: readonly string[] = [ - '@timestamp', - 'host.name', - 'suricata.eve.alert.signature_id', - ]; - const ecsfields: readonly string[] = ['host.name', 'suricata.eve.alert.signature_id']; - const data = formatTimelineData(datafields, ecsfields, hit, eventFieldsMap); - // TODO: Re-add TimelineEdges back once we settle on if data can contain numbers or not. - // otherwise delete this test. - const expected = { - cursor: { tiebreaker: '1234', value: '123567890' }, - node: { - _id: 'id-123', - _index: 'index-123', - data: [ - { field: 'host.name', value: ['hostname-1'] }, - { field: 'suricata.eve.alert.signature_id', value: [5000] }, - { field: '@timestamp', value: ['time-1'] }, - ], - ecs: { - _id: 'id-123', - _index: 'index-123', - host: { name: ['hostname-1'] }, - suricata: { eve: { alert: { signature_id: [5000] } } }, - }, - }, - }; - expect(data).toEqual(expected); - }); - }); - - describe('Timeline Details', () => { - test('Happy Path ', async () => { - const mockCallWithRequest = jest.fn(); - mockCallWithRequest.mockImplementation((req: FrameworkRequest, method: string) => { - if (method === 'search') { - return mockResponseSearchTimelineDetails; - } - return mockResponseMap; - }); - const mockFramework: FrameworkAdapter = { - callWithRequest: mockCallWithRequest, - registerGraphQLEndpoint: jest.fn(), - getIndexPatternsService: jest.fn(), - }; - jest.doMock('../framework', () => ({ - callWithRequest: mockCallWithRequest, - })); - - const EsNetworkTimelineDetail = new ElasticsearchEventsAdapter(mockFramework); - const data: TimelineDetailsData = await EsNetworkTimelineDetail.getTimelineDetails( - mockRequest as FrameworkRequest, - mockOptions - ); - - expect(data).toEqual(mockTimelineDetailsResult); - }); - describe('getFieldCategory', () => { - test('should return field category when passed field', () => { - const data = getFieldCategory('agent.id'); - expect(data).toEqual('agent'); - }); - test('should return "base" when passed a category of type "baseCategoryField"', () => { - const data = getFieldCategory('@timestamp'); - expect(data).toEqual('base'); - }); - }); - }); -}); diff --git a/x-pack/plugins/security_solution/server/lib/events/elasticsearch_adapter.ts b/x-pack/plugins/security_solution/server/lib/events/elasticsearch_adapter.ts deleted file mode 100644 index 8b656272ecc99..0000000000000 --- a/x-pack/plugins/security_solution/server/lib/events/elasticsearch_adapter.ts +++ /dev/null @@ -1,264 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import { - cloneDeep, - get, - getOr, - has, - isEmpty, - isNumber, - isObject, - isString, - last, - merge, - uniq, -} from 'lodash/fp'; - -import { - DetailItem, - EcsEdges, - LastEventTimeData, - TimelineData, - TimelineDetailsData, - TimelineEdges, -} from '../../graphql/types'; -import { reduceFields } from '../../utils/build_query/reduce_fields'; -import { mergeFieldsWithHit, inspectStringifyObject } from '../../utils/build_query'; -import { eventFieldsMap } from '../ecs_fields'; -import { FrameworkAdapter, FrameworkRequest } from '../framework'; -import { TermAggregation } from '../types'; - -import { buildDetailsQuery, buildTimelineQuery } from './query.dsl'; -import { buildLastEventTimeQuery } from './query.last_event_time.dsl'; -import { - EventHit, - EventsAdapter, - LastEventTimeHit, - LastEventTimeRequestOptions, - RequestDetailsOptions, - TimelineRequestOptions, -} from './types'; - -const baseCategoryFields = ['@timestamp', 'labels', 'message', 'tags']; - -export class ElasticsearchEventsAdapter implements EventsAdapter { - constructor(private readonly framework: FrameworkAdapter) {} - - public async getTimelineData( - request: FrameworkRequest, - options: TimelineRequestOptions - ): Promise { - const { fieldRequested, ...queryOptions } = cloneDeep(options); - queryOptions.fields = uniq([ - ...fieldRequested, - ...reduceFields(queryOptions.fields, eventFieldsMap), - ]); - const dsl = buildTimelineQuery(queryOptions); - const response = await this.framework.callWithRequest( - request, - 'search', - dsl - ); - const { limit } = options.pagination; - const totalCount = getOr(0, 'hits.total.value', response); - const hits = response.hits.hits; - const timelineEdges: TimelineEdges[] = hits.map((hit) => - formatTimelineData(options.fieldRequested, options.fields, hit, eventFieldsMap) - ); - const hasNextPage = timelineEdges.length === limit + 1; - const edges = hasNextPage ? timelineEdges.splice(0, limit) : timelineEdges; - const lastCursor = get('cursor', last(edges)); - const inspect = { - dsl: [inspectStringifyObject(dsl)], - response: [inspectStringifyObject(response)], - }; - - return { edges, inspect, pageInfo: { hasNextPage, endCursor: lastCursor }, totalCount }; - } - - public async getTimelineDetails( - request: FrameworkRequest, - options: RequestDetailsOptions - ): Promise { - const dsl = buildDetailsQuery(options.indexName, options.eventId, options.docValueFields ?? []); - const searchResponse = await this.framework.callWithRequest( - request, - 'search', - dsl - ); - - const sourceData = getOr({}, 'hits.hits.0._source', searchResponse); - const hitsData = getOr({}, 'hits.hits.0', searchResponse); - delete hitsData._source; - const inspect = { - dsl: [inspectStringifyObject(dsl)], - response: [inspectStringifyObject(searchResponse)], - }; - const data = getDataFromHits(merge(sourceData, hitsData)); - - return { - data, - inspect, - }; - } - - public async getLastEventTimeData( - request: FrameworkRequest, - options: LastEventTimeRequestOptions - ): Promise { - const dsl = buildLastEventTimeQuery(options); - const response = await this.framework.callWithRequest( - request, - 'search', - dsl - ); - const inspect = { - dsl: [inspectStringifyObject(dsl)], - response: [inspectStringifyObject(response)], - }; - return { - inspect, - lastSeen: getOr(null, 'aggregations.last_seen_event.value_as_string', response), - }; - } -} - -export const formatEventsData = ( - fields: readonly string[], - hit: EventHit, - fieldMap: Readonly> -) => - fields.reduce( - (flattenedFields, fieldName) => { - flattenedFields.node._id = hit._id; - flattenedFields.node._index = hit._index; - if (hit.sort && hit.sort.length > 1) { - flattenedFields.cursor.value = hit.sort[0]; - flattenedFields.cursor.tiebreaker = hit.sort[1]; - } - return mergeFieldsWithHit(fieldName, flattenedFields, fieldMap, hit); - }, - { - node: { _id: '' }, - cursor: { - value: '', - tiebreaker: null, - }, - } - ); - -export const formatTimelineData = ( - dataFields: readonly string[], - ecsFields: readonly string[], - hit: EventHit, - fieldMap: Readonly> -) => - uniq([...ecsFields, ...dataFields]).reduce( - (flattenedFields, fieldName) => { - flattenedFields.node._id = hit._id; - flattenedFields.node._index = hit._index; - flattenedFields.node.ecs._id = hit._id; - flattenedFields.node.ecs._index = hit._index; - if (hit.sort && hit.sort.length > 1) { - flattenedFields.cursor.value = hit.sort[0]; - flattenedFields.cursor.tiebreaker = hit.sort[1]; - } - return mergeTimelineFieldsWithHit( - fieldName, - flattenedFields, - fieldMap, - hit, - dataFields, - ecsFields - ); - }, - { - node: { ecs: { _id: '' }, data: [], _id: '', _index: '' }, - cursor: { - value: '', - tiebreaker: null, - }, - } - ); - -const specialFields = ['_id', '_index', '_type', '_score']; - -const mergeTimelineFieldsWithHit = ( - fieldName: string, - flattenedFields: T, - fieldMap: Readonly>, - hit: { _source: {} }, - dataFields: readonly string[], - ecsFields: readonly string[] -) => { - if (fieldMap[fieldName] != null || dataFields.includes(fieldName)) { - const esField = dataFields.includes(fieldName) ? fieldName : fieldMap[fieldName]; - if (has(esField, hit._source) || specialFields.includes(esField)) { - const objectWithProperty = { - node: { - ...get('node', flattenedFields), - data: dataFields.includes(fieldName) - ? [ - ...get('node.data', flattenedFields), - { - field: fieldName, - value: specialFields.includes(esField) - ? get(esField, hit) - : get(esField, hit._source), - }, - ] - : get('node.data', flattenedFields), - ecs: ecsFields.includes(fieldName) - ? { - ...get('node.ecs', flattenedFields), - ...fieldName - .split('.') - .reduceRight((obj, next) => ({ [next]: obj }), get(esField, hit._source)), - } - : get('node.ecs', flattenedFields), - }, - }; - return merge(flattenedFields, objectWithProperty); - } else { - return flattenedFields; - } - } else { - return flattenedFields; - } -}; - -export const getFieldCategory = (field: string): string => { - const fieldCategory = field.split('.')[0]; - if (!isEmpty(fieldCategory) && baseCategoryFields.includes(fieldCategory)) { - return 'base'; - } - return fieldCategory; -}; - -const getDataFromHits = (sources: EventSource, category?: string, path?: string): DetailItem[] => - Object.keys(sources).reduce((accumulator, source) => { - const item: EventSource = get(source, sources); - if (Array.isArray(item) || isString(item) || isNumber(item)) { - const field = path ? `${path}.${source}` : source; - const fieldCategory = getFieldCategory(field); - return [ - ...accumulator, - { - category: fieldCategory, - field, - values: item, - originalValue: item, - } as DetailItem, - ]; - } else if (isObject(item)) { - return [ - ...accumulator, - ...getDataFromHits(item, category || source, path ? `${path}.${source}` : source), - ]; - } - return accumulator; - }, []); diff --git a/x-pack/plugins/security_solution/server/lib/events/index.ts b/x-pack/plugins/security_solution/server/lib/events/index.ts deleted file mode 100644 index 9c1f87aa3d8bf..0000000000000 --- a/x-pack/plugins/security_solution/server/lib/events/index.ts +++ /dev/null @@ -1,40 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import { LastEventTimeData, TimelineData, TimelineDetailsData } from '../../graphql/types'; -import { FrameworkRequest } from '../framework'; -export * from './elasticsearch_adapter'; -import { - EventsAdapter, - TimelineRequestOptions, - LastEventTimeRequestOptions, - RequestDetailsOptions, -} from './types'; - -export class Events { - constructor(private readonly adapter: EventsAdapter) {} - - public async getTimelineData( - req: FrameworkRequest, - options: TimelineRequestOptions - ): Promise { - return this.adapter.getTimelineData(req, options); - } - - public async getTimelineDetails( - req: FrameworkRequest, - options: RequestDetailsOptions - ): Promise { - return this.adapter.getTimelineDetails(req, options); - } - - public async getLastEventTimeData( - req: FrameworkRequest, - options: LastEventTimeRequestOptions - ): Promise { - return this.adapter.getLastEventTimeData(req, options); - } -} diff --git a/x-pack/plugins/security_solution/server/lib/events/mock.ts b/x-pack/plugins/security_solution/server/lib/events/mock.ts deleted file mode 100644 index a3350a08c7d34..0000000000000 --- a/x-pack/plugins/security_solution/server/lib/events/mock.ts +++ /dev/null @@ -1,3412 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import { cloneDeep } from 'lodash/fp'; -import { DEFAULT_INDEX_PATTERN } from '../../../common/constants'; -import { RequestDetailsOptions } from './types'; - -export const mockResponseSearchTimelineDetails = { - took: 5, - timed_out: false, - _shards: { - total: 1, - successful: 1, - skipped: 0, - failed: 0, - }, - hits: { - total: { - value: 1, - relation: 'eq', - }, - max_score: 1, - hits: [ - { - _index: 'auditbeat-8.0.0-2019.03.29-000003', - _type: '_doc', - _id: 'TUfUymkBCQofM5eXGBYL', - _score: 1, - _source: { - '@timestamp': '2019-03-29T19:01:23.420Z', - service: { - type: 'auditd', - }, - user: { - audit: { - id: 'unset', - }, - group: { - id: '0', - name: 'root', - }, - effective: { - group: { - id: '0', - name: 'root', - }, - id: '0', - name: 'root', - }, - filesystem: { - group: { - name: 'root', - id: '0', - }, - name: 'root', - id: '0', - }, - saved: { - group: { - id: '0', - name: 'root', - }, - id: '0', - name: 'root', - }, - id: '0', - name: 'root', - }, - process: { - executable: '/root/go/src/github.com/elastic/beats/x-pack/auditbeat/auditbeat', - working_directory: '/root/go/src/github.com/elastic/beats/x-pack/auditbeat', - pid: 15990, - ppid: 1, - title: - '/root/go/src/github.com/elastic/beats/x-pack/auditbeat/auditbeat -e -c /root/go/src/github.com/elastic/beats/x-pack/auditbeat/au', - name: 'auditbeat', - }, - host: { - architecture: 'x86_64', - os: { - name: 'Ubuntu', - kernel: '4.15.0-45-generic', - codename: 'bionic', - platform: 'ubuntu', - version: '18.04.2 LTS (Bionic Beaver)', - family: 'debian', - }, - id: '7c21f5ed03b04d0299569d221fe18bbc', - containerized: false, - name: 'zeek-london', - ip: ['46.101.3.136', '10.16.0.5', 'fe80::4066:42ff:fe19:b3b9'], - mac: ['42:66:42:19:b3:b9'], - hostname: 'zeek-london', - }, - cloud: { - provider: 'digitalocean', - instance: { - id: '136398786', - }, - region: 'lon1', - }, - file: { - device: '00:00', - inode: '3926', - mode: '0644', - uid: '0', - gid: '0', - owner: 'root', - group: 'root', - path: '/etc/passwd', - }, - auditd: { - session: 'unset', - data: { - tty: '(none)', - a3: '0', - a2: '80000', - syscall: 'openat', - a1: '7fe0f63df220', - a0: 'ffffff9c', - arch: 'x86_64', - exit: '12', - }, - summary: { - actor: { - primary: 'unset', - secondary: 'root', - }, - object: { - primary: '/etc/passwd', - type: 'file', - }, - how: '/root/go/src/github.com/elastic/beats/x-pack/auditbeat/auditbeat', - }, - paths: [ - { - rdev: '00:00', - cap_fe: '0', - nametype: 'NORMAL', - ogid: '0', - ouid: '0', - inode: '3926', - item: '0', - mode: '0100644', - name: '/etc/passwd', - cap_fi: '0000000000000000', - cap_fp: '0000000000000000', - cap_fver: '0', - dev: 'fc:01', - }, - ], - message_type: 'syscall', - sequence: 8817905, - result: 'success', - }, - event: { - category: 'audit-rule', - action: 'opened-file', - original: [ - 'type=SYSCALL msg=audit(1553886083.420:8817905): arch=c000003e syscall=257 success=yes exit=12 a0=ffffff9c a1=7fe0f63df220 a2=80000 a3=0 items=1 ppid=1 pid=15990 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditbeat" exe="/root/go/src/github.com/elastic/beats/x-pack/auditbeat/auditbeat" key=(null)', - 'type=CWD msg=audit(1553886083.420:8817905): cwd="/root/go/src/github.com/elastic/beats/x-pack/auditbeat"', - 'type=PATH msg=audit(1553886083.420:8817905): item=0 name="/etc/passwd" inode=3926 dev=fc:01 mode=0100644 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0', - 'type=PROCTITLE msg=audit(1553886083.420:8817905): proctitle=2F726F6F742F676F2F7372632F6769746875622E636F6D2F656C61737469632F62656174732F782D7061636B2F6175646974626561742F617564697462656174002D65002D63002F726F6F742F676F2F7372632F6769746875622E636F6D2F656C61737469632F62656174732F782D7061636B2F6175646974626561742F6175', - ], - module: 'auditd', - }, - ecs: { - version: '1.0.0', - }, - agent: { - ephemeral_id: '6d541d59-52d0-4e70-b4d2-2660c0a99ff7', - hostname: 'zeek-london', - id: 'cc1f4183-36c6-45c4-b21b-7ce70c3572db', - version: '8.0.0', - type: 'auditbeat', - }, - }, - }, - ], - }, -}; -export const mockOptions: RequestDetailsOptions = { - indexName: 'auditbeat-8.0.0-2019.03.29-000003', - eventId: 'TUfUymkBCQofM5eXGBYL', - defaultIndex: DEFAULT_INDEX_PATTERN, -}; - -export const mockRequest = { - body: { - operationName: 'GetNetworkTopNFlowQuery', - variables: { - indexName: 'auditbeat-8.0.0-2019.03.29-000003', - eventId: 'TUfUymkBCQofM5eXGBYL', - }, - query: `query GetTimelineDetailsQuery($eventId: String!, $indexName: String!) { - source(id: "default") { - TimelineDetails(eventId: $eventId, indexName: $indexName) { - data { - category - description - example - field - type - values - originalValue - } - } - } - }`, - }, -}; - -export const mockResponseMap = { - 'auditbeat-8.0.0-2019.03.29-000003': { - mappings: { - _meta: { - beat: 'auditbeat', - version: '8.0.0', - }, - dynamic_templates: [ - { - 'container.labels': { - path_match: 'container.labels.*', - match_mapping_type: 'string', - mapping: { - type: 'keyword', - }, - }, - }, - { - fields: { - path_match: 'fields.*', - match_mapping_type: 'string', - mapping: { - type: 'keyword', - }, - }, - }, - { - 'docker.container.labels': { - path_match: 'docker.container.labels.*', - match_mapping_type: 'string', - mapping: { - type: 'keyword', - }, - }, - }, - { - strings_as_keyword: { - match_mapping_type: 'string', - mapping: { - ignore_above: 1024, - type: 'keyword', - }, - }, - }, - ], - date_detection: false, - properties: { - '@timestamp': { - type: 'date', - }, - agent: { - properties: { - ephemeral_id: { - type: 'keyword', - ignore_above: 1024, - }, - hostname: { - type: 'keyword', - ignore_above: 1024, - }, - id: { - type: 'keyword', - ignore_above: 1024, - }, - name: { - type: 'keyword', - ignore_above: 1024, - }, - type: { - type: 'keyword', - ignore_above: 1024, - }, - version: { - type: 'keyword', - ignore_above: 1024, - }, - }, - }, - auditd: { - properties: { - data: { - properties: { - a0: { - type: 'keyword', - ignore_above: 1024, - }, - a1: { - type: 'keyword', - ignore_above: 1024, - }, - a2: { - type: 'keyword', - ignore_above: 1024, - }, - a3: { - type: 'keyword', - ignore_above: 1024, - }, - 'a[0-3]': { - type: 'keyword', - ignore_above: 1024, - }, - acct: { - type: 'keyword', - ignore_above: 1024, - }, - acl: { - type: 'keyword', - ignore_above: 1024, - }, - action: { - type: 'keyword', - ignore_above: 1024, - }, - added: { - type: 'keyword', - ignore_above: 1024, - }, - addr: { - type: 'keyword', - ignore_above: 1024, - }, - apparmor: { - type: 'keyword', - ignore_above: 1024, - }, - arch: { - type: 'keyword', - ignore_above: 1024, - }, - argc: { - type: 'keyword', - ignore_above: 1024, - }, - audit_backlog_limit: { - type: 'keyword', - ignore_above: 1024, - }, - audit_backlog_wait_time: { - type: 'keyword', - ignore_above: 1024, - }, - audit_enabled: { - type: 'keyword', - ignore_above: 1024, - }, - audit_failure: { - type: 'keyword', - ignore_above: 1024, - }, - banners: { - type: 'keyword', - ignore_above: 1024, - }, - bool: { - type: 'keyword', - ignore_above: 1024, - }, - bus: { - type: 'keyword', - ignore_above: 1024, - }, - cap_fe: { - type: 'keyword', - ignore_above: 1024, - }, - cap_fi: { - type: 'keyword', - ignore_above: 1024, - }, - cap_fp: { - type: 'keyword', - ignore_above: 1024, - }, - cap_fver: { - type: 'keyword', - ignore_above: 1024, - }, - cap_pe: { - type: 'keyword', - ignore_above: 1024, - }, - cap_pi: { - type: 'keyword', - ignore_above: 1024, - }, - cap_pp: { - type: 'keyword', - ignore_above: 1024, - }, - capability: { - type: 'keyword', - ignore_above: 1024, - }, - cgroup: { - type: 'keyword', - ignore_above: 1024, - }, - changed: { - type: 'keyword', - ignore_above: 1024, - }, - cipher: { - type: 'keyword', - ignore_above: 1024, - }, - class: { - type: 'keyword', - ignore_above: 1024, - }, - cmd: { - type: 'keyword', - ignore_above: 1024, - }, - code: { - type: 'keyword', - ignore_above: 1024, - }, - compat: { - type: 'keyword', - ignore_above: 1024, - }, - daddr: { - type: 'keyword', - ignore_above: 1024, - }, - data: { - type: 'keyword', - ignore_above: 1024, - }, - 'default-context': { - type: 'keyword', - ignore_above: 1024, - }, - dev: { - type: 'keyword', - ignore_above: 1024, - }, - device: { - type: 'keyword', - ignore_above: 1024, - }, - dir: { - type: 'keyword', - ignore_above: 1024, - }, - direction: { - type: 'keyword', - ignore_above: 1024, - }, - dmac: { - type: 'keyword', - ignore_above: 1024, - }, - dport: { - type: 'keyword', - ignore_above: 1024, - }, - enforcing: { - type: 'keyword', - ignore_above: 1024, - }, - entries: { - type: 'keyword', - ignore_above: 1024, - }, - exit: { - type: 'keyword', - ignore_above: 1024, - }, - fam: { - type: 'keyword', - ignore_above: 1024, - }, - family: { - type: 'keyword', - ignore_above: 1024, - }, - fd: { - type: 'keyword', - ignore_above: 1024, - }, - fe: { - type: 'keyword', - ignore_above: 1024, - }, - feature: { - type: 'keyword', - ignore_above: 1024, - }, - fi: { - type: 'keyword', - ignore_above: 1024, - }, - file: { - type: 'keyword', - ignore_above: 1024, - }, - flags: { - type: 'keyword', - ignore_above: 1024, - }, - format: { - type: 'keyword', - ignore_above: 1024, - }, - fp: { - type: 'keyword', - ignore_above: 1024, - }, - fver: { - type: 'keyword', - ignore_above: 1024, - }, - grantors: { - type: 'keyword', - ignore_above: 1024, - }, - grp: { - type: 'keyword', - ignore_above: 1024, - }, - hook: { - type: 'keyword', - ignore_above: 1024, - }, - hostname: { - type: 'keyword', - ignore_above: 1024, - }, - icmp_type: { - type: 'keyword', - ignore_above: 1024, - }, - id: { - type: 'keyword', - ignore_above: 1024, - }, - igid: { - type: 'keyword', - ignore_above: 1024, - }, - 'img-ctx': { - type: 'keyword', - ignore_above: 1024, - }, - inif: { - type: 'keyword', - ignore_above: 1024, - }, - ino: { - type: 'keyword', - ignore_above: 1024, - }, - inode: { - type: 'keyword', - ignore_above: 1024, - }, - inode_gid: { - type: 'keyword', - ignore_above: 1024, - }, - inode_uid: { - type: 'keyword', - ignore_above: 1024, - }, - invalid_context: { - type: 'keyword', - ignore_above: 1024, - }, - ioctlcmd: { - type: 'keyword', - ignore_above: 1024, - }, - ip: { - type: 'keyword', - ignore_above: 1024, - }, - ipid: { - type: 'keyword', - ignore_above: 1024, - }, - 'ipx-net': { - type: 'keyword', - ignore_above: 1024, - }, - item: { - type: 'keyword', - ignore_above: 1024, - }, - items: { - type: 'keyword', - ignore_above: 1024, - }, - iuid: { - type: 'keyword', - ignore_above: 1024, - }, - kernel: { - type: 'keyword', - ignore_above: 1024, - }, - kind: { - type: 'keyword', - ignore_above: 1024, - }, - ksize: { - type: 'keyword', - ignore_above: 1024, - }, - laddr: { - type: 'keyword', - ignore_above: 1024, - }, - len: { - type: 'keyword', - ignore_above: 1024, - }, - list: { - type: 'keyword', - ignore_above: 1024, - }, - lport: { - type: 'keyword', - ignore_above: 1024, - }, - mac: { - type: 'keyword', - ignore_above: 1024, - }, - macproto: { - type: 'keyword', - ignore_above: 1024, - }, - maj: { - type: 'keyword', - ignore_above: 1024, - }, - major: { - type: 'keyword', - ignore_above: 1024, - }, - minor: { - type: 'keyword', - ignore_above: 1024, - }, - mode: { - type: 'keyword', - ignore_above: 1024, - }, - model: { - type: 'keyword', - ignore_above: 1024, - }, - msg: { - type: 'keyword', - ignore_above: 1024, - }, - name: { - type: 'keyword', - ignore_above: 1024, - }, - nametype: { - type: 'keyword', - ignore_above: 1024, - }, - nargs: { - type: 'keyword', - ignore_above: 1024, - }, - net: { - type: 'keyword', - ignore_above: 1024, - }, - new: { - type: 'keyword', - ignore_above: 1024, - }, - 'new-chardev': { - type: 'keyword', - ignore_above: 1024, - }, - 'new-disk': { - type: 'keyword', - ignore_above: 1024, - }, - 'new-enabled': { - type: 'keyword', - ignore_above: 1024, - }, - 'new-fs': { - type: 'keyword', - ignore_above: 1024, - }, - 'new-level': { - type: 'keyword', - ignore_above: 1024, - }, - 'new-log_passwd': { - type: 'keyword', - ignore_above: 1024, - }, - 'new-mem': { - type: 'keyword', - ignore_above: 1024, - }, - 'new-net': { - type: 'keyword', - ignore_above: 1024, - }, - 'new-range': { - type: 'keyword', - ignore_above: 1024, - }, - 'new-rng': { - type: 'keyword', - ignore_above: 1024, - }, - 'new-role': { - type: 'keyword', - ignore_above: 1024, - }, - 'new-seuser': { - type: 'keyword', - ignore_above: 1024, - }, - 'new-vcpu': { - type: 'keyword', - ignore_above: 1024, - }, - new_gid: { - type: 'keyword', - ignore_above: 1024, - }, - new_lock: { - type: 'keyword', - ignore_above: 1024, - }, - new_pe: { - type: 'keyword', - ignore_above: 1024, - }, - new_pi: { - type: 'keyword', - ignore_above: 1024, - }, - new_pp: { - type: 'keyword', - ignore_above: 1024, - }, - 'nlnk-fam': { - type: 'keyword', - ignore_above: 1024, - }, - 'nlnk-grp': { - type: 'keyword', - ignore_above: 1024, - }, - 'nlnk-pid': { - type: 'keyword', - ignore_above: 1024, - }, - oauid: { - type: 'keyword', - ignore_above: 1024, - }, - obj: { - type: 'keyword', - ignore_above: 1024, - }, - obj_gid: { - type: 'keyword', - ignore_above: 1024, - }, - obj_uid: { - type: 'keyword', - ignore_above: 1024, - }, - ocomm: { - type: 'keyword', - ignore_above: 1024, - }, - oflag: { - type: 'keyword', - ignore_above: 1024, - }, - old: { - type: 'keyword', - ignore_above: 1024, - }, - 'old-auid': { - type: 'keyword', - ignore_above: 1024, - }, - 'old-chardev': { - type: 'keyword', - ignore_above: 1024, - }, - 'old-disk': { - type: 'keyword', - ignore_above: 1024, - }, - 'old-enabled': { - type: 'keyword', - ignore_above: 1024, - }, - 'old-fs': { - type: 'keyword', - ignore_above: 1024, - }, - 'old-level': { - type: 'keyword', - ignore_above: 1024, - }, - 'old-log_passwd': { - type: 'keyword', - ignore_above: 1024, - }, - 'old-mem': { - type: 'keyword', - ignore_above: 1024, - }, - 'old-net': { - type: 'keyword', - ignore_above: 1024, - }, - 'old-range': { - type: 'keyword', - ignore_above: 1024, - }, - 'old-rng': { - type: 'keyword', - ignore_above: 1024, - }, - 'old-role': { - type: 'keyword', - ignore_above: 1024, - }, - 'old-ses': { - type: 'keyword', - ignore_above: 1024, - }, - 'old-seuser': { - type: 'keyword', - ignore_above: 1024, - }, - 'old-vcpu': { - type: 'keyword', - ignore_above: 1024, - }, - old_enforcing: { - type: 'keyword', - ignore_above: 1024, - }, - old_lock: { - type: 'keyword', - ignore_above: 1024, - }, - old_pe: { - type: 'keyword', - ignore_above: 1024, - }, - old_pi: { - type: 'keyword', - ignore_above: 1024, - }, - old_pp: { - type: 'keyword', - ignore_above: 1024, - }, - old_prom: { - type: 'keyword', - ignore_above: 1024, - }, - old_val: { - type: 'keyword', - ignore_above: 1024, - }, - op: { - type: 'keyword', - ignore_above: 1024, - }, - opid: { - type: 'keyword', - ignore_above: 1024, - }, - oses: { - type: 'keyword', - ignore_above: 1024, - }, - outif: { - type: 'keyword', - ignore_above: 1024, - }, - parent: { - type: 'keyword', - ignore_above: 1024, - }, - path: { - type: 'keyword', - ignore_above: 1024, - }, - per: { - type: 'keyword', - ignore_above: 1024, - }, - perm: { - type: 'keyword', - ignore_above: 1024, - }, - perm_mask: { - type: 'keyword', - ignore_above: 1024, - }, - permissive: { - type: 'keyword', - ignore_above: 1024, - }, - pfs: { - type: 'keyword', - ignore_above: 1024, - }, - printer: { - type: 'keyword', - ignore_above: 1024, - }, - prom: { - type: 'keyword', - ignore_above: 1024, - }, - proto: { - type: 'keyword', - ignore_above: 1024, - }, - qbytes: { - type: 'keyword', - ignore_above: 1024, - }, - range: { - type: 'keyword', - ignore_above: 1024, - }, - rdev: { - type: 'keyword', - ignore_above: 1024, - }, - reason: { - type: 'keyword', - ignore_above: 1024, - }, - removed: { - type: 'keyword', - ignore_above: 1024, - }, - res: { - type: 'keyword', - ignore_above: 1024, - }, - resrc: { - type: 'keyword', - ignore_above: 1024, - }, - rport: { - type: 'keyword', - ignore_above: 1024, - }, - sauid: { - type: 'keyword', - ignore_above: 1024, - }, - scontext: { - type: 'keyword', - ignore_above: 1024, - }, - 'selected-context': { - type: 'keyword', - ignore_above: 1024, - }, - seperm: { - type: 'keyword', - ignore_above: 1024, - }, - seperms: { - type: 'keyword', - ignore_above: 1024, - }, - seqno: { - type: 'keyword', - ignore_above: 1024, - }, - seresult: { - type: 'keyword', - ignore_above: 1024, - }, - ses: { - type: 'keyword', - ignore_above: 1024, - }, - seuser: { - type: 'keyword', - ignore_above: 1024, - }, - sig: { - type: 'keyword', - ignore_above: 1024, - }, - sigev_signo: { - type: 'keyword', - ignore_above: 1024, - }, - smac: { - type: 'keyword', - ignore_above: 1024, - }, - socket: { - properties: { - addr: { - type: 'keyword', - ignore_above: 1024, - }, - family: { - type: 'keyword', - ignore_above: 1024, - }, - path: { - type: 'keyword', - ignore_above: 1024, - }, - port: { - type: 'keyword', - ignore_above: 1024, - }, - saddr: { - type: 'keyword', - ignore_above: 1024, - }, - }, - }, - spid: { - type: 'keyword', - ignore_above: 1024, - }, - sport: { - type: 'keyword', - ignore_above: 1024, - }, - state: { - type: 'keyword', - ignore_above: 1024, - }, - subj: { - type: 'keyword', - ignore_above: 1024, - }, - success: { - type: 'keyword', - ignore_above: 1024, - }, - syscall: { - type: 'keyword', - ignore_above: 1024, - }, - table: { - type: 'keyword', - ignore_above: 1024, - }, - tclass: { - type: 'keyword', - ignore_above: 1024, - }, - tcontext: { - type: 'keyword', - ignore_above: 1024, - }, - terminal: { - type: 'keyword', - ignore_above: 1024, - }, - tty: { - type: 'keyword', - ignore_above: 1024, - }, - unit: { - type: 'keyword', - ignore_above: 1024, - }, - uri: { - type: 'keyword', - ignore_above: 1024, - }, - uuid: { - type: 'keyword', - ignore_above: 1024, - }, - val: { - type: 'keyword', - ignore_above: 1024, - }, - ver: { - type: 'keyword', - ignore_above: 1024, - }, - virt: { - type: 'keyword', - ignore_above: 1024, - }, - vm: { - type: 'keyword', - ignore_above: 1024, - }, - 'vm-ctx': { - type: 'keyword', - ignore_above: 1024, - }, - 'vm-pid': { - type: 'keyword', - ignore_above: 1024, - }, - watch: { - type: 'keyword', - ignore_above: 1024, - }, - }, - }, - message_type: { - type: 'keyword', - ignore_above: 1024, - }, - paths: { - properties: { - cap_fe: { - type: 'keyword', - ignore_above: 1024, - }, - cap_fi: { - type: 'keyword', - ignore_above: 1024, - }, - cap_fp: { - type: 'keyword', - ignore_above: 1024, - }, - cap_fver: { - type: 'keyword', - ignore_above: 1024, - }, - dev: { - type: 'keyword', - ignore_above: 1024, - }, - inode: { - type: 'keyword', - ignore_above: 1024, - }, - item: { - type: 'keyword', - ignore_above: 1024, - }, - mode: { - type: 'keyword', - ignore_above: 1024, - }, - name: { - type: 'keyword', - ignore_above: 1024, - }, - nametype: { - type: 'keyword', - ignore_above: 1024, - }, - obj_domain: { - type: 'keyword', - ignore_above: 1024, - }, - obj_level: { - type: 'keyword', - ignore_above: 1024, - }, - obj_role: { - type: 'keyword', - ignore_above: 1024, - }, - obj_user: { - type: 'keyword', - ignore_above: 1024, - }, - objtype: { - type: 'keyword', - ignore_above: 1024, - }, - ogid: { - type: 'keyword', - ignore_above: 1024, - }, - ouid: { - type: 'keyword', - ignore_above: 1024, - }, - rdev: { - type: 'keyword', - ignore_above: 1024, - }, - }, - }, - result: { - type: 'keyword', - ignore_above: 1024, - }, - sequence: { - type: 'long', - }, - session: { - type: 'keyword', - ignore_above: 1024, - }, - summary: { - properties: { - actor: { - properties: { - primary: { - type: 'keyword', - ignore_above: 1024, - }, - secondary: { - type: 'keyword', - ignore_above: 1024, - }, - }, - }, - how: { - type: 'keyword', - ignore_above: 1024, - }, - object: { - properties: { - primary: { - type: 'keyword', - ignore_above: 1024, - }, - secondary: { - type: 'keyword', - ignore_above: 1024, - }, - type: { - type: 'keyword', - ignore_above: 1024, - }, - }, - }, - }, - }, - }, - }, - client: { - properties: { - address: { - type: 'keyword', - ignore_above: 1024, - }, - bytes: { - type: 'long', - }, - domain: { - type: 'keyword', - ignore_above: 1024, - }, - geo: { - properties: { - city_name: { - type: 'keyword', - ignore_above: 1024, - }, - continent_name: { - type: 'keyword', - ignore_above: 1024, - }, - country_iso_code: { - type: 'keyword', - ignore_above: 1024, - }, - country_name: { - type: 'keyword', - ignore_above: 1024, - }, - location: { - type: 'geo_point', - }, - name: { - type: 'keyword', - ignore_above: 1024, - }, - region_iso_code: { - type: 'keyword', - ignore_above: 1024, - }, - region_name: { - type: 'keyword', - ignore_above: 1024, - }, - }, - }, - ip: { - type: 'ip', - }, - mac: { - type: 'keyword', - ignore_above: 1024, - }, - packets: { - type: 'long', - }, - port: { - type: 'long', - }, - }, - }, - cloud: { - properties: { - account: { - properties: { - id: { - type: 'keyword', - ignore_above: 1024, - }, - }, - }, - availability_zone: { - type: 'keyword', - ignore_above: 1024, - }, - instance: { - properties: { - id: { - type: 'keyword', - ignore_above: 1024, - }, - name: { - type: 'keyword', - ignore_above: 1024, - }, - }, - }, - machine: { - properties: { - type: { - type: 'keyword', - ignore_above: 1024, - }, - }, - }, - project: { - properties: { - id: { - type: 'keyword', - ignore_above: 1024, - }, - }, - }, - provider: { - type: 'keyword', - ignore_above: 1024, - }, - region: { - type: 'keyword', - ignore_above: 1024, - }, - }, - }, - container: { - properties: { - id: { - type: 'keyword', - ignore_above: 1024, - }, - image: { - properties: { - name: { - type: 'keyword', - ignore_above: 1024, - }, - tag: { - type: 'keyword', - ignore_above: 1024, - }, - }, - }, - labels: { - type: 'object', - }, - name: { - type: 'keyword', - ignore_above: 1024, - }, - runtime: { - type: 'keyword', - ignore_above: 1024, - }, - }, - }, - destination: { - properties: { - address: { - type: 'keyword', - ignore_above: 1024, - }, - bytes: { - type: 'long', - }, - domain: { - type: 'keyword', - ignore_above: 1024, - }, - geo: { - properties: { - city_name: { - type: 'keyword', - ignore_above: 1024, - }, - continent_name: { - type: 'keyword', - ignore_above: 1024, - }, - country_iso_code: { - type: 'keyword', - ignore_above: 1024, - }, - country_name: { - type: 'keyword', - ignore_above: 1024, - }, - location: { - type: 'geo_point', - }, - name: { - type: 'keyword', - ignore_above: 1024, - }, - region_iso_code: { - type: 'keyword', - ignore_above: 1024, - }, - region_name: { - type: 'keyword', - ignore_above: 1024, - }, - }, - }, - ip: { - type: 'ip', - }, - mac: { - type: 'keyword', - ignore_above: 1024, - }, - packets: { - type: 'long', - }, - path: { - type: 'keyword', - ignore_above: 1024, - }, - port: { - type: 'long', - }, - }, - }, - docker: { - properties: { - container: { - properties: { - labels: { - type: 'object', - }, - }, - }, - }, - }, - ecs: { - properties: { - version: { - type: 'keyword', - ignore_above: 1024, - }, - }, - }, - error: { - properties: { - code: { - type: 'keyword', - ignore_above: 1024, - }, - id: { - type: 'keyword', - ignore_above: 1024, - }, - message: { - type: 'text', - norms: false, - }, - type: { - type: 'keyword', - ignore_above: 1024, - }, - }, - }, - event: { - properties: { - action: { - type: 'keyword', - ignore_above: 1024, - }, - category: { - type: 'keyword', - ignore_above: 1024, - }, - created: { - type: 'date', - }, - dataset: { - type: 'keyword', - ignore_above: 1024, - }, - duration: { - type: 'long', - }, - end: { - type: 'date', - }, - hash: { - type: 'keyword', - ignore_above: 1024, - }, - id: { - type: 'keyword', - ignore_above: 1024, - }, - kind: { - type: 'keyword', - ignore_above: 1024, - }, - module: { - type: 'keyword', - ignore_above: 1024, - }, - origin: { - type: 'keyword', - ignore_above: 1024, - }, - original: { - type: 'keyword', - index: false, - doc_values: false, - ignore_above: 1024, - }, - outcome: { - type: 'keyword', - ignore_above: 1024, - }, - risk_score: { - type: 'float', - }, - risk_score_norm: { - type: 'float', - }, - severity: { - type: 'long', - }, - start: { - type: 'date', - }, - timezone: { - type: 'keyword', - ignore_above: 1024, - }, - type: { - type: 'keyword', - ignore_above: 1024, - }, - }, - }, - fields: { - type: 'object', - }, - file: { - properties: { - ctime: { - type: 'date', - }, - device: { - type: 'keyword', - ignore_above: 1024, - }, - extension: { - type: 'keyword', - ignore_above: 1024, - }, - gid: { - type: 'keyword', - ignore_above: 1024, - }, - group: { - type: 'keyword', - ignore_above: 1024, - }, - inode: { - type: 'keyword', - ignore_above: 1024, - }, - mode: { - type: 'keyword', - ignore_above: 1024, - }, - mtime: { - type: 'date', - }, - origin: { - type: 'keyword', - fields: { - raw: { - type: 'keyword', - ignore_above: 1024, - }, - }, - ignore_above: 1024, - }, - owner: { - type: 'keyword', - ignore_above: 1024, - }, - path: { - type: 'keyword', - ignore_above: 1024, - }, - selinux: { - properties: { - domain: { - type: 'keyword', - ignore_above: 1024, - }, - level: { - type: 'keyword', - ignore_above: 1024, - }, - role: { - type: 'keyword', - ignore_above: 1024, - }, - user: { - type: 'keyword', - ignore_above: 1024, - }, - }, - }, - setgid: { - type: 'boolean', - }, - setuid: { - type: 'boolean', - }, - size: { - type: 'long', - }, - target_path: { - type: 'keyword', - ignore_above: 1024, - }, - type: { - type: 'keyword', - ignore_above: 1024, - }, - uid: { - type: 'keyword', - ignore_above: 1024, - }, - }, - }, - geoip: { - properties: { - city_name: { - type: 'keyword', - ignore_above: 1024, - }, - continent_name: { - type: 'keyword', - ignore_above: 1024, - }, - country_iso_code: { - type: 'keyword', - ignore_above: 1024, - }, - location: { - type: 'geo_point', - }, - region_name: { - type: 'keyword', - ignore_above: 1024, - }, - }, - }, - group: { - properties: { - id: { - type: 'keyword', - ignore_above: 1024, - }, - name: { - type: 'keyword', - ignore_above: 1024, - }, - }, - }, - hash: { - properties: { - blake2b_256: { - type: 'keyword', - ignore_above: 1024, - }, - blake2b_384: { - type: 'keyword', - ignore_above: 1024, - }, - blake2b_512: { - type: 'keyword', - ignore_above: 1024, - }, - md5: { - type: 'keyword', - ignore_above: 1024, - }, - sha1: { - type: 'keyword', - ignore_above: 1024, - }, - sha224: { - type: 'keyword', - ignore_above: 1024, - }, - sha256: { - type: 'keyword', - ignore_above: 1024, - }, - sha384: { - type: 'keyword', - ignore_above: 1024, - }, - sha3_224: { - type: 'keyword', - ignore_above: 1024, - }, - sha3_256: { - type: 'keyword', - ignore_above: 1024, - }, - sha3_384: { - type: 'keyword', - ignore_above: 1024, - }, - sha3_512: { - type: 'keyword', - ignore_above: 1024, - }, - sha512: { - type: 'keyword', - ignore_above: 1024, - }, - sha512_224: { - type: 'keyword', - ignore_above: 1024, - }, - sha512_256: { - type: 'keyword', - ignore_above: 1024, - }, - xxh64: { - type: 'keyword', - ignore_above: 1024, - }, - }, - }, - host: { - properties: { - architecture: { - type: 'keyword', - ignore_above: 1024, - }, - containerized: { - type: 'boolean', - }, - geo: { - properties: { - city_name: { - type: 'keyword', - ignore_above: 1024, - }, - continent_name: { - type: 'keyword', - ignore_above: 1024, - }, - country_iso_code: { - type: 'keyword', - ignore_above: 1024, - }, - country_name: { - type: 'keyword', - ignore_above: 1024, - }, - location: { - type: 'geo_point', - }, - name: { - type: 'keyword', - ignore_above: 1024, - }, - region_iso_code: { - type: 'keyword', - ignore_above: 1024, - }, - region_name: { - type: 'keyword', - ignore_above: 1024, - }, - }, - }, - hostname: { - type: 'keyword', - ignore_above: 1024, - }, - id: { - type: 'keyword', - ignore_above: 1024, - }, - ip: { - type: 'ip', - }, - mac: { - type: 'keyword', - ignore_above: 1024, - }, - name: { - type: 'keyword', - ignore_above: 1024, - }, - os: { - properties: { - codename: { - type: 'keyword', - ignore_above: 1024, - }, - family: { - type: 'keyword', - ignore_above: 1024, - }, - full: { - type: 'keyword', - ignore_above: 1024, - }, - kernel: { - type: 'keyword', - ignore_above: 1024, - }, - name: { - type: 'keyword', - ignore_above: 1024, - }, - platform: { - type: 'keyword', - ignore_above: 1024, - }, - version: { - type: 'keyword', - ignore_above: 1024, - }, - }, - }, - type: { - type: 'keyword', - ignore_above: 1024, - }, - }, - }, - http: { - properties: { - request: { - properties: { - body: { - properties: { - bytes: { - type: 'long', - }, - content: { - type: 'keyword', - ignore_above: 1024, - }, - }, - }, - bytes: { - type: 'long', - }, - method: { - type: 'keyword', - ignore_above: 1024, - }, - referrer: { - type: 'keyword', - ignore_above: 1024, - }, - }, - }, - response: { - properties: { - body: { - properties: { - bytes: { - type: 'long', - }, - content: { - type: 'keyword', - ignore_above: 1024, - }, - }, - }, - bytes: { - type: 'long', - }, - status_code: { - type: 'long', - }, - }, - }, - version: { - type: 'keyword', - ignore_above: 1024, - }, - }, - }, - kubernetes: { - properties: { - annotations: { - type: 'object', - }, - container: { - properties: { - image: { - type: 'keyword', - ignore_above: 1024, - }, - name: { - type: 'keyword', - ignore_above: 1024, - }, - }, - }, - labels: { - type: 'object', - }, - namespace: { - type: 'keyword', - ignore_above: 1024, - }, - node: { - properties: { - name: { - type: 'keyword', - ignore_above: 1024, - }, - }, - }, - pod: { - properties: { - name: { - type: 'keyword', - ignore_above: 1024, - }, - uid: { - type: 'keyword', - ignore_above: 1024, - }, - }, - }, - }, - }, - labels: { - type: 'object', - }, - log: { - properties: { - level: { - type: 'keyword', - ignore_above: 1024, - }, - original: { - type: 'keyword', - index: false, - doc_values: false, - ignore_above: 1024, - }, - }, - }, - message: { - type: 'text', - norms: false, - }, - network: { - properties: { - application: { - type: 'keyword', - ignore_above: 1024, - }, - bytes: { - type: 'long', - }, - community_id: { - type: 'keyword', - ignore_above: 1024, - }, - direction: { - type: 'keyword', - ignore_above: 1024, - }, - forwarded_ip: { - type: 'ip', - }, - iana_number: { - type: 'keyword', - ignore_above: 1024, - }, - name: { - type: 'keyword', - ignore_above: 1024, - }, - packets: { - type: 'long', - }, - protocol: { - type: 'keyword', - ignore_above: 1024, - }, - transport: { - type: 'keyword', - ignore_above: 1024, - }, - type: { - type: 'keyword', - ignore_above: 1024, - }, - }, - }, - observer: { - properties: { - geo: { - properties: { - city_name: { - type: 'keyword', - ignore_above: 1024, - }, - continent_name: { - type: 'keyword', - ignore_above: 1024, - }, - country_iso_code: { - type: 'keyword', - ignore_above: 1024, - }, - country_name: { - type: 'keyword', - ignore_above: 1024, - }, - location: { - type: 'geo_point', - }, - name: { - type: 'keyword', - ignore_above: 1024, - }, - region_iso_code: { - type: 'keyword', - ignore_above: 1024, - }, - region_name: { - type: 'keyword', - ignore_above: 1024, - }, - }, - }, - hostname: { - type: 'keyword', - ignore_above: 1024, - }, - ip: { - type: 'ip', - }, - mac: { - type: 'keyword', - ignore_above: 1024, - }, - os: { - properties: { - family: { - type: 'keyword', - ignore_above: 1024, - }, - full: { - type: 'keyword', - ignore_above: 1024, - }, - kernel: { - type: 'keyword', - ignore_above: 1024, - }, - name: { - type: 'keyword', - ignore_above: 1024, - }, - platform: { - type: 'keyword', - ignore_above: 1024, - }, - version: { - type: 'keyword', - ignore_above: 1024, - }, - }, - }, - serial_number: { - type: 'keyword', - ignore_above: 1024, - }, - type: { - type: 'keyword', - ignore_above: 1024, - }, - vendor: { - type: 'keyword', - ignore_above: 1024, - }, - version: { - type: 'keyword', - ignore_above: 1024, - }, - }, - }, - organization: { - properties: { - id: { - type: 'keyword', - ignore_above: 1024, - }, - name: { - type: 'keyword', - ignore_above: 1024, - }, - }, - }, - os: { - properties: { - family: { - type: 'keyword', - ignore_above: 1024, - }, - full: { - type: 'keyword', - ignore_above: 1024, - }, - kernel: { - type: 'keyword', - ignore_above: 1024, - }, - name: { - type: 'keyword', - ignore_above: 1024, - }, - platform: { - type: 'keyword', - ignore_above: 1024, - }, - version: { - type: 'keyword', - ignore_above: 1024, - }, - }, - }, - process: { - properties: { - args: { - type: 'keyword', - ignore_above: 1024, - }, - entity_id: { - type: 'keyword', - ignore_above: 1024, - }, - executable: { - type: 'keyword', - ignore_above: 1024, - }, - name: { - type: 'keyword', - ignore_above: 1024, - }, - pid: { - type: 'long', - }, - ppid: { - type: 'long', - }, - start: { - type: 'date', - }, - thread: { - properties: { - id: { - type: 'long', - }, - }, - }, - title: { - type: 'keyword', - ignore_above: 1024, - }, - working_directory: { - type: 'keyword', - ignore_above: 1024, - }, - }, - }, - related: { - properties: { - ip: { - type: 'ip', - }, - }, - }, - server: { - properties: { - address: { - type: 'keyword', - ignore_above: 1024, - }, - bytes: { - type: 'long', - }, - domain: { - type: 'keyword', - ignore_above: 1024, - }, - geo: { - properties: { - city_name: { - type: 'keyword', - ignore_above: 1024, - }, - continent_name: { - type: 'keyword', - ignore_above: 1024, - }, - country_iso_code: { - type: 'keyword', - ignore_above: 1024, - }, - country_name: { - type: 'keyword', - ignore_above: 1024, - }, - location: { - type: 'geo_point', - }, - name: { - type: 'keyword', - ignore_above: 1024, - }, - region_iso_code: { - type: 'keyword', - ignore_above: 1024, - }, - region_name: { - type: 'keyword', - ignore_above: 1024, - }, - }, - }, - ip: { - type: 'ip', - }, - mac: { - type: 'keyword', - ignore_above: 1024, - }, - packets: { - type: 'long', - }, - port: { - type: 'long', - }, - }, - }, - service: { - properties: { - ephemeral_id: { - type: 'keyword', - ignore_above: 1024, - }, - id: { - type: 'keyword', - ignore_above: 1024, - }, - name: { - type: 'keyword', - ignore_above: 1024, - }, - state: { - type: 'keyword', - ignore_above: 1024, - }, - type: { - type: 'keyword', - ignore_above: 1024, - }, - version: { - type: 'keyword', - ignore_above: 1024, - }, - }, - }, - socket: { - properties: { - entity_id: { - type: 'keyword', - ignore_above: 1024, - }, - }, - }, - source: { - properties: { - address: { - type: 'keyword', - ignore_above: 1024, - }, - bytes: { - type: 'long', - }, - domain: { - type: 'keyword', - ignore_above: 1024, - }, - geo: { - properties: { - city_name: { - type: 'keyword', - ignore_above: 1024, - }, - continent_name: { - type: 'keyword', - ignore_above: 1024, - }, - country_iso_code: { - type: 'keyword', - ignore_above: 1024, - }, - country_name: { - type: 'keyword', - ignore_above: 1024, - }, - location: { - type: 'geo_point', - }, - name: { - type: 'keyword', - ignore_above: 1024, - }, - region_iso_code: { - type: 'keyword', - ignore_above: 1024, - }, - region_name: { - type: 'keyword', - ignore_above: 1024, - }, - }, - }, - ip: { - type: 'ip', - }, - mac: { - type: 'keyword', - ignore_above: 1024, - }, - packets: { - type: 'long', - }, - path: { - type: 'keyword', - ignore_above: 1024, - }, - port: { - type: 'long', - }, - }, - }, - system: { - properties: { - audit: { - properties: { - host: { - properties: { - architecture: { - type: 'keyword', - ignore_above: 1024, - }, - boottime: { - type: 'date', - }, - containerized: { - type: 'boolean', - }, - hostname: { - type: 'keyword', - ignore_above: 1024, - }, - id: { - type: 'keyword', - ignore_above: 1024, - }, - ip: { - type: 'ip', - }, - mac: { - type: 'keyword', - ignore_above: 1024, - }, - os: { - properties: { - family: { - type: 'keyword', - ignore_above: 1024, - }, - kernel: { - type: 'keyword', - ignore_above: 1024, - }, - name: { - type: 'keyword', - ignore_above: 1024, - }, - platform: { - type: 'keyword', - ignore_above: 1024, - }, - version: { - type: 'keyword', - ignore_above: 1024, - }, - }, - }, - timezone: { - properties: { - name: { - type: 'keyword', - ignore_above: 1024, - }, - offset: { - properties: { - sec: { - type: 'long', - }, - }, - }, - }, - }, - uptime: { - type: 'long', - }, - }, - }, - package: { - properties: { - arch: { - type: 'keyword', - ignore_above: 1024, - }, - entity_id: { - type: 'keyword', - ignore_above: 1024, - }, - installtime: { - type: 'date', - }, - license: { - type: 'keyword', - ignore_above: 1024, - }, - name: { - type: 'keyword', - ignore_above: 1024, - }, - release: { - type: 'keyword', - ignore_above: 1024, - }, - size: { - type: 'long', - }, - summary: { - type: 'keyword', - ignore_above: 1024, - }, - url: { - type: 'keyword', - ignore_above: 1024, - }, - version: { - type: 'keyword', - ignore_above: 1024, - }, - }, - }, - user: { - properties: { - dir: { - type: 'keyword', - ignore_above: 1024, - }, - gid: { - type: 'keyword', - ignore_above: 1024, - }, - group: { - properties: { - gid: { - type: 'keyword', - ignore_above: 1024, - }, - name: { - type: 'keyword', - ignore_above: 1024, - }, - }, - }, - name: { - type: 'keyword', - ignore_above: 1024, - }, - password: { - properties: { - last_changed: { - type: 'date', - }, - type: { - type: 'keyword', - ignore_above: 1024, - }, - }, - }, - shell: { - type: 'keyword', - ignore_above: 1024, - }, - uid: { - type: 'keyword', - ignore_above: 1024, - }, - user_information: { - type: 'keyword', - ignore_above: 1024, - }, - }, - }, - }, - }, - }, - }, - tags: { - type: 'keyword', - ignore_above: 1024, - }, - url: { - properties: { - domain: { - type: 'keyword', - ignore_above: 1024, - }, - fragment: { - type: 'keyword', - ignore_above: 1024, - }, - full: { - type: 'keyword', - ignore_above: 1024, - }, - original: { - type: 'keyword', - ignore_above: 1024, - }, - password: { - type: 'keyword', - ignore_above: 1024, - }, - path: { - type: 'keyword', - ignore_above: 1024, - }, - port: { - type: 'long', - }, - query: { - type: 'keyword', - ignore_above: 1024, - }, - scheme: { - type: 'keyword', - ignore_above: 1024, - }, - username: { - type: 'keyword', - ignore_above: 1024, - }, - }, - }, - user: { - properties: { - audit: { - properties: { - id: { - type: 'keyword', - ignore_above: 1024, - }, - name: { - type: 'keyword', - ignore_above: 1024, - }, - }, - }, - effective: { - properties: { - group: { - properties: { - id: { - type: 'keyword', - ignore_above: 1024, - }, - name: { - type: 'keyword', - ignore_above: 1024, - }, - }, - }, - id: { - type: 'keyword', - ignore_above: 1024, - }, - name: { - type: 'keyword', - ignore_above: 1024, - }, - }, - }, - email: { - type: 'keyword', - ignore_above: 1024, - }, - entity_id: { - type: 'keyword', - ignore_above: 1024, - }, - filesystem: { - properties: { - group: { - properties: { - id: { - type: 'keyword', - ignore_above: 1024, - }, - name: { - type: 'keyword', - ignore_above: 1024, - }, - }, - }, - id: { - type: 'keyword', - ignore_above: 1024, - }, - name: { - type: 'keyword', - ignore_above: 1024, - }, - }, - }, - full_name: { - type: 'keyword', - ignore_above: 1024, - }, - group: { - properties: { - id: { - type: 'keyword', - ignore_above: 1024, - }, - name: { - type: 'keyword', - ignore_above: 1024, - }, - }, - }, - hash: { - type: 'keyword', - ignore_above: 1024, - }, - id: { - type: 'keyword', - ignore_above: 1024, - }, - name: { - type: 'keyword', - ignore_above: 1024, - }, - name_map: { - type: 'object', - }, - ogid: { - properties: { - id: { - type: 'keyword', - ignore_above: 1024, - }, - name: { - type: 'keyword', - ignore_above: 1024, - }, - }, - }, - ouid: { - properties: { - id: { - type: 'keyword', - ignore_above: 1024, - }, - name: { - type: 'keyword', - ignore_above: 1024, - }, - }, - }, - saved: { - properties: { - group: { - properties: { - id: { - type: 'keyword', - ignore_above: 1024, - }, - name: { - type: 'keyword', - ignore_above: 1024, - }, - }, - }, - id: { - type: 'keyword', - ignore_above: 1024, - }, - name: { - type: 'keyword', - ignore_above: 1024, - }, - }, - }, - selinux: { - properties: { - category: { - type: 'keyword', - ignore_above: 1024, - }, - domain: { - type: 'keyword', - ignore_above: 1024, - }, - level: { - type: 'keyword', - ignore_above: 1024, - }, - role: { - type: 'keyword', - ignore_above: 1024, - }, - user: { - type: 'keyword', - ignore_above: 1024, - }, - }, - }, - terminal: { - type: 'keyword', - ignore_above: 1024, - }, - }, - }, - user_agent: { - properties: { - device: { - properties: { - name: { - type: 'keyword', - ignore_above: 1024, - }, - }, - }, - name: { - type: 'keyword', - ignore_above: 1024, - }, - original: { - type: 'keyword', - ignore_above: 1024, - }, - os: { - properties: { - family: { - type: 'keyword', - ignore_above: 1024, - }, - full: { - type: 'keyword', - ignore_above: 1024, - }, - kernel: { - type: 'keyword', - ignore_above: 1024, - }, - name: { - type: 'keyword', - ignore_above: 1024, - }, - platform: { - type: 'keyword', - ignore_above: 1024, - }, - version: { - type: 'keyword', - ignore_above: 1024, - }, - }, - }, - version: { - type: 'keyword', - ignore_above: 1024, - }, - }, - }, - }, - }, - }, -}; - -export const mockDetailsQueryDsl = { - mockDetailsQueryDsl: 'mockDetailsQueryDsl', -}; - -export const mockQueryDsl = { - mockQueryDsl: 'mockQueryDsl', -}; - -const mockTimelineDetailsInspectResponse = cloneDeep(mockResponseSearchTimelineDetails); -// @ts-expect-error -delete mockTimelineDetailsInspectResponse.hits.hits[0]._source; - -export const mockTimelineDetailsResult = { - inspect: { - dsl: [JSON.stringify(mockDetailsQueryDsl, null, 2)], - response: [JSON.stringify(mockTimelineDetailsInspectResponse, null, 2)], - }, - data: [ - { - category: 'base', - field: '@timestamp', - values: '2019-03-29T19:01:23.420Z', - originalValue: '2019-03-29T19:01:23.420Z', - }, - { - category: 'service', - field: 'service.type', - values: 'auditd', - originalValue: 'auditd', - }, - { - category: 'user', - field: 'user.audit.id', - values: 'unset', - originalValue: 'unset', - }, - { - category: 'user', - field: 'user.group.id', - values: '0', - originalValue: '0', - }, - { - category: 'user', - field: 'user.group.name', - values: 'root', - originalValue: 'root', - }, - { - category: 'user', - field: 'user.effective.group.id', - values: '0', - originalValue: '0', - }, - { - category: 'user', - field: 'user.effective.group.name', - values: 'root', - originalValue: 'root', - }, - { - category: 'user', - field: 'user.effective.id', - values: '0', - originalValue: '0', - }, - { - category: 'user', - field: 'user.effective.name', - values: 'root', - originalValue: 'root', - }, - { - category: 'user', - field: 'user.filesystem.group.name', - values: 'root', - originalValue: 'root', - }, - { - category: 'user', - field: 'user.filesystem.group.id', - values: '0', - originalValue: '0', - }, - { - category: 'user', - field: 'user.filesystem.name', - values: 'root', - originalValue: 'root', - }, - { - category: 'user', - field: 'user.filesystem.id', - values: '0', - originalValue: '0', - }, - { - category: 'user', - field: 'user.saved.group.id', - values: '0', - originalValue: '0', - }, - { - category: 'user', - field: 'user.saved.group.name', - values: 'root', - originalValue: 'root', - }, - { - category: 'user', - field: 'user.saved.id', - values: '0', - originalValue: '0', - }, - { - category: 'user', - field: 'user.saved.name', - values: 'root', - originalValue: 'root', - }, - { - category: 'user', - field: 'user.id', - values: '0', - originalValue: '0', - }, - { - category: 'user', - field: 'user.name', - values: 'root', - originalValue: 'root', - }, - { - category: 'process', - field: 'process.executable', - values: '/root/go/src/github.com/elastic/beats/x-pack/auditbeat/auditbeat', - originalValue: '/root/go/src/github.com/elastic/beats/x-pack/auditbeat/auditbeat', - }, - { - category: 'process', - field: 'process.working_directory', - values: '/root/go/src/github.com/elastic/beats/x-pack/auditbeat', - originalValue: '/root/go/src/github.com/elastic/beats/x-pack/auditbeat', - }, - { - category: 'process', - field: 'process.pid', - values: 15990, - originalValue: 15990, - }, - { - category: 'process', - field: 'process.ppid', - values: 1, - originalValue: 1, - }, - { - category: 'process', - field: 'process.title', - values: - '/root/go/src/github.com/elastic/beats/x-pack/auditbeat/auditbeat -e -c /root/go/src/github.com/elastic/beats/x-pack/auditbeat/au', - originalValue: - '/root/go/src/github.com/elastic/beats/x-pack/auditbeat/auditbeat -e -c /root/go/src/github.com/elastic/beats/x-pack/auditbeat/au', - }, - { - category: 'process', - field: 'process.name', - values: 'auditbeat', - originalValue: 'auditbeat', - }, - { - category: 'host', - field: 'host.architecture', - values: 'x86_64', - originalValue: 'x86_64', - }, - { - category: 'host', - field: 'host.os.name', - values: 'Ubuntu', - originalValue: 'Ubuntu', - }, - { - category: 'host', - field: 'host.os.kernel', - values: '4.15.0-45-generic', - originalValue: '4.15.0-45-generic', - }, - { - category: 'host', - field: 'host.os.codename', - values: 'bionic', - originalValue: 'bionic', - }, - { - category: 'host', - field: 'host.os.platform', - values: 'ubuntu', - originalValue: 'ubuntu', - }, - { - category: 'host', - field: 'host.os.version', - values: '18.04.2 LTS (Bionic Beaver)', - originalValue: '18.04.2 LTS (Bionic Beaver)', - }, - { - category: 'host', - field: 'host.os.family', - values: 'debian', - originalValue: 'debian', - }, - { - category: 'host', - field: 'host.id', - values: '7c21f5ed03b04d0299569d221fe18bbc', - originalValue: '7c21f5ed03b04d0299569d221fe18bbc', - }, - { - category: 'host', - field: 'host.name', - values: 'zeek-london', - originalValue: 'zeek-london', - }, - { - category: 'host', - field: 'host.ip', - values: ['46.101.3.136', '10.16.0.5', 'fe80::4066:42ff:fe19:b3b9'], - originalValue: ['46.101.3.136', '10.16.0.5', 'fe80::4066:42ff:fe19:b3b9'], - }, - { - category: 'host', - field: 'host.mac', - values: ['42:66:42:19:b3:b9'], - originalValue: ['42:66:42:19:b3:b9'], - }, - { - category: 'host', - field: 'host.hostname', - values: 'zeek-london', - originalValue: 'zeek-london', - }, - { - category: 'cloud', - field: 'cloud.provider', - values: 'digitalocean', - originalValue: 'digitalocean', - }, - { - category: 'cloud', - field: 'cloud.instance.id', - values: '136398786', - originalValue: '136398786', - }, - { - category: 'cloud', - field: 'cloud.region', - values: 'lon1', - originalValue: 'lon1', - }, - { - category: 'file', - field: 'file.device', - values: '00:00', - originalValue: '00:00', - }, - { - category: 'file', - field: 'file.inode', - values: '3926', - originalValue: '3926', - }, - { - category: 'file', - field: 'file.mode', - values: '0644', - originalValue: '0644', - }, - { - category: 'file', - field: 'file.uid', - values: '0', - originalValue: '0', - }, - { - category: 'file', - field: 'file.gid', - values: '0', - originalValue: '0', - }, - { - category: 'file', - field: 'file.owner', - values: 'root', - originalValue: 'root', - }, - { - category: 'file', - field: 'file.group', - values: 'root', - originalValue: 'root', - }, - { - category: 'file', - field: 'file.path', - values: '/etc/passwd', - originalValue: '/etc/passwd', - }, - { - category: 'auditd', - field: 'auditd.session', - values: 'unset', - originalValue: 'unset', - }, - { - category: 'auditd', - field: 'auditd.data.tty', - values: '(none)', - originalValue: '(none)', - }, - { - category: 'auditd', - field: 'auditd.data.a3', - values: '0', - originalValue: '0', - }, - { - category: 'auditd', - field: 'auditd.data.a2', - values: '80000', - originalValue: '80000', - }, - { - category: 'auditd', - field: 'auditd.data.syscall', - values: 'openat', - originalValue: 'openat', - }, - { - category: 'auditd', - field: 'auditd.data.a1', - values: '7fe0f63df220', - originalValue: '7fe0f63df220', - }, - { - category: 'auditd', - field: 'auditd.data.a0', - values: 'ffffff9c', - originalValue: 'ffffff9c', - }, - { - category: 'auditd', - field: 'auditd.data.arch', - values: 'x86_64', - originalValue: 'x86_64', - }, - { - category: 'auditd', - field: 'auditd.data.exit', - values: '12', - originalValue: '12', - }, - { - category: 'auditd', - field: 'auditd.summary.actor.primary', - values: 'unset', - originalValue: 'unset', - }, - { - category: 'auditd', - field: 'auditd.summary.actor.secondary', - values: 'root', - originalValue: 'root', - }, - { - category: 'auditd', - field: 'auditd.summary.object.primary', - values: '/etc/passwd', - originalValue: '/etc/passwd', - }, - { - category: 'auditd', - field: 'auditd.summary.object.type', - values: 'file', - originalValue: 'file', - }, - { - category: 'auditd', - field: 'auditd.summary.how', - values: '/root/go/src/github.com/elastic/beats/x-pack/auditbeat/auditbeat', - originalValue: '/root/go/src/github.com/elastic/beats/x-pack/auditbeat/auditbeat', - }, - { - category: 'auditd', - field: 'auditd.paths', - values: [ - { - rdev: '00:00', - cap_fe: '0', - nametype: 'NORMAL', - ogid: '0', - ouid: '0', - inode: '3926', - item: '0', - mode: '0100644', - name: '/etc/passwd', - cap_fi: '0000000000000000', - cap_fp: '0000000000000000', - cap_fver: '0', - dev: 'fc:01', - }, - ], - originalValue: [ - { - rdev: '00:00', - cap_fe: '0', - nametype: 'NORMAL', - ogid: '0', - ouid: '0', - inode: '3926', - item: '0', - mode: '0100644', - name: '/etc/passwd', - cap_fi: '0000000000000000', - cap_fp: '0000000000000000', - cap_fver: '0', - dev: 'fc:01', - }, - ], - }, - { - category: 'auditd', - field: 'auditd.message_type', - values: 'syscall', - originalValue: 'syscall', - }, - { - category: 'auditd', - field: 'auditd.sequence', - values: 8817905, - originalValue: 8817905, - }, - { - category: 'auditd', - field: 'auditd.result', - values: 'success', - originalValue: 'success', - }, - { - category: 'event', - field: 'event.category', - values: 'audit-rule', - originalValue: 'audit-rule', - }, - { - category: 'event', - field: 'event.action', - values: 'opened-file', - originalValue: 'opened-file', - }, - { - category: 'event', - field: 'event.original', - values: [ - 'type=SYSCALL msg=audit(1553886083.420:8817905): arch=c000003e syscall=257 success=yes exit=12 a0=ffffff9c a1=7fe0f63df220 a2=80000 a3=0 items=1 ppid=1 pid=15990 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditbeat" exe="/root/go/src/github.com/elastic/beats/x-pack/auditbeat/auditbeat" key=(null)', - 'type=CWD msg=audit(1553886083.420:8817905): cwd="/root/go/src/github.com/elastic/beats/x-pack/auditbeat"', - 'type=PATH msg=audit(1553886083.420:8817905): item=0 name="/etc/passwd" inode=3926 dev=fc:01 mode=0100644 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0', - 'type=PROCTITLE msg=audit(1553886083.420:8817905): proctitle=2F726F6F742F676F2F7372632F6769746875622E636F6D2F656C61737469632F62656174732F782D7061636B2F6175646974626561742F617564697462656174002D65002D63002F726F6F742F676F2F7372632F6769746875622E636F6D2F656C61737469632F62656174732F782D7061636B2F6175646974626561742F6175', - ], - originalValue: [ - 'type=SYSCALL msg=audit(1553886083.420:8817905): arch=c000003e syscall=257 success=yes exit=12 a0=ffffff9c a1=7fe0f63df220 a2=80000 a3=0 items=1 ppid=1 pid=15990 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditbeat" exe="/root/go/src/github.com/elastic/beats/x-pack/auditbeat/auditbeat" key=(null)', - 'type=CWD msg=audit(1553886083.420:8817905): cwd="/root/go/src/github.com/elastic/beats/x-pack/auditbeat"', - 'type=PATH msg=audit(1553886083.420:8817905): item=0 name="/etc/passwd" inode=3926 dev=fc:01 mode=0100644 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0', - 'type=PROCTITLE msg=audit(1553886083.420:8817905): proctitle=2F726F6F742F676F2F7372632F6769746875622E636F6D2F656C61737469632F62656174732F782D7061636B2F6175646974626561742F617564697462656174002D65002D63002F726F6F742F676F2F7372632F6769746875622E636F6D2F656C61737469632F62656174732F782D7061636B2F6175646974626561742F6175', - ], - }, - { - category: 'event', - field: 'event.module', - values: 'auditd', - originalValue: 'auditd', - }, - { - category: 'ecs', - field: 'ecs.version', - values: '1.0.0', - originalValue: '1.0.0', - }, - { - category: 'agent', - field: 'agent.ephemeral_id', - values: '6d541d59-52d0-4e70-b4d2-2660c0a99ff7', - originalValue: '6d541d59-52d0-4e70-b4d2-2660c0a99ff7', - }, - { - category: 'agent', - field: 'agent.hostname', - values: 'zeek-london', - originalValue: 'zeek-london', - }, - { - category: 'agent', - field: 'agent.id', - values: 'cc1f4183-36c6-45c4-b21b-7ce70c3572db', - originalValue: 'cc1f4183-36c6-45c4-b21b-7ce70c3572db', - }, - { - category: 'agent', - field: 'agent.version', - values: '8.0.0', - originalValue: '8.0.0', - }, - { - category: 'agent', - field: 'agent.type', - values: 'auditbeat', - originalValue: 'auditbeat', - }, - { - category: '_index', - field: '_index', - values: 'auditbeat-8.0.0-2019.03.29-000003', - originalValue: 'auditbeat-8.0.0-2019.03.29-000003', - }, - { - category: '_type', - field: '_type', - values: '_doc', - originalValue: '_doc', - }, - { - category: '_id', - field: '_id', - values: 'TUfUymkBCQofM5eXGBYL', - originalValue: 'TUfUymkBCQofM5eXGBYL', - }, - { - category: '_score', - field: '_score', - values: 1, - originalValue: 1, - }, - ], -}; diff --git a/x-pack/plugins/security_solution/server/lib/events/query.dsl.ts b/x-pack/plugins/security_solution/server/lib/events/query.dsl.ts deleted file mode 100644 index 143ef1e9d5bf0..0000000000000 --- a/x-pack/plugins/security_solution/server/lib/events/query.dsl.ts +++ /dev/null @@ -1,104 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ -import { isEmpty } from 'lodash/fp'; - -import { SortField, TimerangeInput, DocValueFieldsInput } from '../../graphql/types'; -import { createQueryFilterClauses } from '../../utils/build_query'; -import { RequestOptions } from '../framework'; -import { SortRequest } from '../types'; - -import { TimerangeFilter } from './types'; - -export const buildTimelineQuery = (options: RequestOptions) => { - const { limit, cursor, tiebreaker } = options.pagination; - const { fields, filterQuery } = options; - const filterClause = [...createQueryFilterClauses(filterQuery)]; - const defaultIndex = options.defaultIndex; - - const getTimerangeFilter = (timerange: TimerangeInput | undefined): TimerangeFilter[] => { - if (timerange) { - const { to, from } = timerange; - return [ - { - range: { - [options.sourceConfiguration.fields.timestamp]: { - gte: from, - lte: to, - format: 'strict_date_optional_time', - }, - }, - }, - ]; - } - return []; - }; - - const filter = [...filterClause, ...getTimerangeFilter(options.timerange), { match_all: {} }]; - - const getSortField = (sortField: SortField) => { - if (sortField.sortFieldId) { - const field: string = - sortField.sortFieldId === 'timestamp' ? '@timestamp' : sortField.sortFieldId; - - return [ - { [field]: sortField.direction }, - { [options.sourceConfiguration.fields.tiebreaker]: sortField.direction }, - ]; - } - return []; - }; - - const sort: SortRequest = getSortField(options.sortField!); - - const dslQuery = { - allowNoIndices: true, - index: defaultIndex, - ignoreUnavailable: true, - body: { - ...(isEmpty(options.docValueFields) ? { docvalue_fields: options.docValueFields } : {}), - query: { - bool: { - filter, - }, - }, - size: limit + 1, - track_total_hits: true, - sort, - _source: fields, - }, - }; - - if (cursor && tiebreaker) { - return { - ...dslQuery, - body: { - ...dslQuery.body, - search_after: [cursor, tiebreaker], - }, - }; - } - - return dslQuery; -}; - -export const buildDetailsQuery = ( - indexName: string, - id: string, - docValueFields: DocValueFieldsInput[] -) => ({ - allowNoIndices: true, - index: indexName, - ignoreUnavailable: true, - body: { - docvalue_fields: docValueFields, - query: { - terms: { - _id: [id], - }, - }, - }, - size: 1, -}); diff --git a/x-pack/plugins/security_solution/server/lib/events/query.last_event_time.dsl.ts b/x-pack/plugins/security_solution/server/lib/events/query.last_event_time.dsl.ts deleted file mode 100644 index 02badd3ccee8f..0000000000000 --- a/x-pack/plugins/security_solution/server/lib/events/query.last_event_time.dsl.ts +++ /dev/null @@ -1,91 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import { isEmpty } from 'lodash/fp'; - -import { assertUnreachable } from '../../../common/utility_types'; -import { LastEventTimeRequestOptions } from './types'; -import { LastEventIndexKey } from '../../graphql/types'; - -interface EventIndices { - [key: string]: string[]; -} - -export const buildLastEventTimeQuery = ({ - indexKey, - details, - defaultIndex, - docValueFields, -}: LastEventTimeRequestOptions) => { - const indicesToQuery: EventIndices = { - hosts: defaultIndex, - network: defaultIndex, - }; - const getHostDetailsFilter = (hostName: string) => [{ term: { 'host.name': hostName } }]; - const getIpDetailsFilter = (ip: string) => [ - { term: { 'source.ip': ip } }, - { term: { 'destination.ip': ip } }, - ]; - const getQuery = (eventIndexKey: LastEventIndexKey) => { - switch (eventIndexKey) { - case LastEventIndexKey.ipDetails: - if (details.ip) { - return { - allowNoIndices: true, - index: indicesToQuery.network, - ignoreUnavailable: true, - body: { - ...(isEmpty(docValueFields) ? { docvalue_fields: docValueFields } : {}), - aggregations: { - last_seen_event: { max: { field: '@timestamp' } }, - }, - query: { bool: { should: getIpDetailsFilter(details.ip) } }, - size: 0, - track_total_hits: false, - }, - }; - } - throw new Error('buildLastEventTimeQuery - no IP argument provided'); - case LastEventIndexKey.hostDetails: - if (details.hostName) { - return { - allowNoIndices: true, - index: indicesToQuery.hosts, - ignoreUnavailable: true, - body: { - ...(isEmpty(docValueFields) ? { docvalue_fields: docValueFields } : {}), - aggregations: { - last_seen_event: { max: { field: '@timestamp' } }, - }, - query: { bool: { filter: getHostDetailsFilter(details.hostName) } }, - size: 0, - track_total_hits: false, - }, - }; - } - throw new Error('buildLastEventTimeQuery - no hostName argument provided'); - case LastEventIndexKey.hosts: - case LastEventIndexKey.network: - return { - allowNoIndices: true, - index: indicesToQuery[indexKey], - ignoreUnavailable: true, - body: { - ...(isEmpty(docValueFields) ? { docvalue_fields: docValueFields } : {}), - aggregations: { - last_seen_event: { max: { field: '@timestamp' } }, - }, - query: { match_all: {} }, - size: 0, - track_total_hits: false, - }, - }; - default: - return assertUnreachable(eventIndexKey); - } - }; - return getQuery(indexKey); -}; diff --git a/x-pack/plugins/security_solution/server/lib/events/types.ts b/x-pack/plugins/security_solution/server/lib/events/types.ts deleted file mode 100644 index aae2360e42e65..0000000000000 --- a/x-pack/plugins/security_solution/server/lib/events/types.ts +++ /dev/null @@ -1,97 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import { - LastEventIndexKey, - LastEventTimeData, - LastTimeDetails, - SourceConfiguration, - TimelineData, - TimelineDetailsData, - DocValueFieldsInput, -} from '../../graphql/types'; -import { FrameworkRequest, RequestOptions, RequestOptionsPaginated } from '../framework'; -import { SearchHit } from '../types'; - -export interface EventsAdapter { - getTimelineData(req: FrameworkRequest, options: TimelineRequestOptions): Promise; - getTimelineDetails( - req: FrameworkRequest, - options: RequestDetailsOptions - ): Promise; - getLastEventTimeData( - req: FrameworkRequest, - options: LastEventTimeRequestOptions - ): Promise; -} - -export interface TimelineRequestOptions extends RequestOptions { - fieldRequested: string[]; -} - -export interface EventsRequestOptions extends RequestOptionsPaginated { - fieldRequested: string[]; -} - -export interface EventSource { - // eslint-disable-next-line @typescript-eslint/no-explicit-any - [field: string]: any; -} - -export interface EventHit extends SearchHit { - sort: string[]; - _source: EventSource; - aggregations: { - // eslint-disable-next-line @typescript-eslint/no-explicit-any - [agg: string]: any; - }; -} - -export interface LastEventTimeHit extends SearchHit { - aggregations: { - last_seen_event: { - value_as_string: string; - }; - }; -} -export interface LastEventTimeRequestOptions { - indexKey: LastEventIndexKey; - details: LastTimeDetails; - sourceConfiguration: SourceConfiguration; - defaultIndex: string[]; - docValueFields: DocValueFieldsInput[]; -} - -export interface TimerangeFilter { - range: { - [timestamp: string]: { - gte: string; - lte: string; - format: string; - }; - }; -} - -export interface RequestDetailsOptions { - indexName: string; - eventId: string; - defaultIndex: string[]; - docValueFields?: DocValueFieldsInput[]; -} - -interface EventsOverTimeHistogramData { - key_as_string: string; - key: number; - doc_count: number; -} - -export interface EventsActionGroupData { - key: number; - events: { - bucket: EventsOverTimeHistogramData[]; - }; - doc_count: number; -} diff --git a/x-pack/plugins/security_solution/server/lib/framework/types.ts b/x-pack/plugins/security_solution/server/lib/framework/types.ts index 68b40b72866b1..1f626d9fb2dc7 100644 --- a/x-pack/plugins/security_solution/server/lib/framework/types.ts +++ b/x-pack/plugins/security_solution/server/lib/framework/types.ts @@ -16,8 +16,6 @@ import { SortField, SourceConfiguration, TimerangeInput, - Maybe, - HistogramType, DocValueFieldsInput, } from '../../graphql/types'; @@ -119,11 +117,6 @@ export interface RequestBasicOptions { docValueFields?: DocValueFieldsInput[]; } -export interface MatrixHistogramRequestOptions extends RequestBasicOptions { - stackByField: Maybe; - histogramType: HistogramType; -} - export interface RequestOptions extends RequestBasicOptions { pagination: PaginationInput; fields: readonly string[]; diff --git a/x-pack/plugins/security_solution/server/lib/kpi_hosts/elasticsearch_adapter.test.ts b/x-pack/plugins/security_solution/server/lib/kpi_hosts/elasticsearch_adapter.test.ts deleted file mode 100644 index 059d15220b619..0000000000000 --- a/x-pack/plugins/security_solution/server/lib/kpi_hosts/elasticsearch_adapter.test.ts +++ /dev/null @@ -1,282 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import { FrameworkAdapter, FrameworkRequest } from '../framework'; - -import { ElasticsearchKpiHostsAdapter } from './elasticsearch_adapter'; -import { - mockKpiHostsAuthQuery, - mockKpiHostDetailsAuthQuery, - mockHostsQuery, - mockKpiHostsUniqueIpsQuery, - mockKpiHostDetailsUniqueIpsQuery, - mockKpiHostsMsearchOptions, - mockKpiHostsOptions, - mockKpiHostDetailsOptions, - mockKpiHostsRequest, - mockKpiHostDetailsRequest, - mockKpiHostsResponse, - mockKpiHostDetailsResponse, - mockKpiHostsResult, - mockKpiHostDetailsResult, - mockKpiHostDetailsDsl, - mockKpiHostsQueryDsl, - mockKpiHostDetailsMsearchOptions, - mockKpiHostsResponseNodata, - mockKpiHostDetailsResponseNoData, -} from './mock'; -import { buildAuthQuery } from './query_authentication.dsl'; -import { buildUniqueIpsQuery } from './query_unique_ips.dsl'; -import { buildHostsQuery } from './query_hosts.dsl'; -import { KpiHostsData, KpiHostDetailsData } from '../../graphql/types'; - -jest.mock('./query_authentication.dsl', () => { - return { - buildAuthQuery: jest.fn(), - }; -}); -jest.mock('./query_unique_ips.dsl', () => { - return { - buildUniqueIpsQuery: jest.fn(), - }; -}); -jest.mock('./query_hosts.dsl', () => { - return { - buildHostsQuery: jest.fn(), - }; -}); - -describe('getKpiHosts', () => { - let data: KpiHostsData; - const mockCallWithRequest = jest.fn(); - const mockFramework: FrameworkAdapter = { - callWithRequest: mockCallWithRequest, - registerGraphQLEndpoint: jest.fn(), - getIndexPatternsService: jest.fn(), - }; - let EsKpiHosts: ElasticsearchKpiHostsAdapter; - - describe('getKpiHosts - call stack', () => { - beforeAll(async () => { - (buildUniqueIpsQuery as jest.Mock).mockReset(); - (buildUniqueIpsQuery as jest.Mock).mockReturnValue(mockKpiHostsUniqueIpsQuery); - (buildAuthQuery as jest.Mock).mockReset(); - (buildAuthQuery as jest.Mock).mockReturnValue(mockKpiHostsAuthQuery); - (buildHostsQuery as jest.Mock).mockReset(); - (buildHostsQuery as jest.Mock).mockReturnValue(mockHostsQuery); - mockCallWithRequest.mockResolvedValue(mockKpiHostsResponse); - jest.doMock('../framework', () => ({ - callWithRequest: mockCallWithRequest, - })); - - EsKpiHosts = new ElasticsearchKpiHostsAdapter(mockFramework); - data = await EsKpiHosts.getKpiHosts( - mockKpiHostsRequest as FrameworkRequest, - mockKpiHostsOptions - ); - }); - - afterAll(() => { - mockCallWithRequest.mockRestore(); - (buildUniqueIpsQuery as jest.Mock).mockClear(); - (buildAuthQuery as jest.Mock).mockClear(); - (buildHostsQuery as jest.Mock).mockClear(); - }); - - test('should build general query with correct option', () => { - expect(buildUniqueIpsQuery).toHaveBeenCalledWith(mockKpiHostsOptions); - }); - - test('should build auth query with correct option', () => { - expect(buildAuthQuery).toHaveBeenCalledWith(mockKpiHostsOptions); - }); - - test('should build hosts query with correct option', () => { - expect(buildHostsQuery).toHaveBeenCalledWith(mockKpiHostsOptions); - }); - - test('should send msearch request', () => { - expect(mockCallWithRequest).toHaveBeenCalledWith( - mockKpiHostsRequest, - 'msearch', - mockKpiHostsMsearchOptions - ); - }); - - test('Happy Path - get Data', () => { - expect(data).toEqual(mockKpiHostsResult); - }); - }); - - describe('Unhappy Path - No data', () => { - beforeAll(async () => { - (buildUniqueIpsQuery as jest.Mock).mockReset(); - (buildUniqueIpsQuery as jest.Mock).mockReturnValue(mockKpiHostsUniqueIpsQuery); - (buildAuthQuery as jest.Mock).mockReset(); - (buildAuthQuery as jest.Mock).mockReturnValue(mockKpiHostsAuthQuery); - (buildHostsQuery as jest.Mock).mockReset(); - (buildHostsQuery as jest.Mock).mockReturnValue(mockHostsQuery); - mockCallWithRequest.mockResolvedValue(mockKpiHostsResponseNodata); - jest.doMock('../framework', () => ({ - callWithRequest: mockCallWithRequest, - })); - EsKpiHosts = new ElasticsearchKpiHostsAdapter(mockFramework); - data = await EsKpiHosts.getKpiHosts( - mockKpiHostsRequest as FrameworkRequest, - mockKpiHostsOptions - ); - }); - - afterAll(() => { - mockCallWithRequest.mockReset(); - (buildUniqueIpsQuery as jest.Mock).mockClear(); - (buildAuthQuery as jest.Mock).mockClear(); - (buildHostsQuery as jest.Mock).mockClear(); - }); - - test('getKpiHosts - response without data', async () => { - expect(data).toEqual({ - inspect: { - dsl: mockKpiHostsQueryDsl, - response: [ - JSON.stringify(mockKpiHostsResponseNodata.responses[0], null, 2), - JSON.stringify(mockKpiHostsResponseNodata.responses[1], null, 2), - JSON.stringify(mockKpiHostsResponseNodata.responses[2], null, 2), - ], - }, - hosts: null, - hostsHistogram: null, - authSuccess: null, - authSuccessHistogram: null, - authFailure: null, - authFailureHistogram: null, - uniqueSourceIps: null, - uniqueSourceIpsHistogram: null, - uniqueDestinationIps: null, - uniqueDestinationIpsHistogram: null, - }); - }); - }); -}); - -describe('getKpiHostDetails', () => { - let data: KpiHostDetailsData; - const mockCallWithRequest = jest.fn(); - const mockFramework: FrameworkAdapter = { - callWithRequest: mockCallWithRequest, - registerGraphQLEndpoint: jest.fn(), - getIndexPatternsService: jest.fn(), - }; - let EsKpiHosts: ElasticsearchKpiHostsAdapter; - - describe('getKpiHostDetails - call stack', () => { - beforeAll(async () => { - (buildUniqueIpsQuery as jest.Mock).mockReset(); - (buildUniqueIpsQuery as jest.Mock).mockReturnValue(mockKpiHostDetailsUniqueIpsQuery); - (buildAuthQuery as jest.Mock).mockReset(); - (buildAuthQuery as jest.Mock).mockReturnValue(mockKpiHostDetailsAuthQuery); - (buildHostsQuery as jest.Mock).mockReset(); - mockCallWithRequest.mockReset(); - mockCallWithRequest.mockResolvedValue(mockKpiHostDetailsResponse); - - jest.doMock('../framework', () => ({ - callWithRequest: mockCallWithRequest, - })); - EsKpiHosts = new ElasticsearchKpiHostsAdapter(mockFramework); - data = await EsKpiHosts.getKpiHostDetails( - mockKpiHostDetailsRequest as FrameworkRequest, - mockKpiHostDetailsOptions - ); - }); - - afterAll(() => { - mockCallWithRequest.mockRestore(); - (buildUniqueIpsQuery as jest.Mock).mockClear(); - (buildAuthQuery as jest.Mock).mockClear(); - (buildHostsQuery as jest.Mock).mockClear(); - }); - - test('should build unique Ip query with correct option', () => { - expect(buildUniqueIpsQuery).toHaveBeenCalledWith(mockKpiHostDetailsOptions); - }); - - test('should build auth query with correct option', () => { - expect(buildAuthQuery).toHaveBeenCalledWith(mockKpiHostDetailsOptions); - }); - - test('should not build hosts query', () => { - expect(buildHostsQuery).not.toHaveBeenCalled(); - }); - - test('should send msearch request', () => { - expect(mockCallWithRequest).toHaveBeenCalledWith( - mockKpiHostDetailsRequest, - 'msearch', - mockKpiHostDetailsMsearchOptions - ); - }); - }); - - describe('Happy Path - get Data', () => { - beforeAll(async () => { - mockCallWithRequest.mockResolvedValue(mockKpiHostDetailsResponse); - jest.doMock('../framework', () => ({ - callWithRequest: mockCallWithRequest, - })); - EsKpiHosts = new ElasticsearchKpiHostsAdapter(mockFramework); - data = await EsKpiHosts.getKpiHostDetails( - mockKpiHostDetailsRequest as FrameworkRequest, - mockKpiHostDetailsOptions - ); - }); - - afterAll(() => { - mockCallWithRequest.mockReset(); - }); - - test('getKpiHostDetails - response with data', () => { - expect(data).toEqual(mockKpiHostDetailsResult); - }); - }); - - describe('Unhappy Path - no Data', () => { - beforeEach(async () => { - mockCallWithRequest.mockResolvedValue(mockKpiHostDetailsResponseNoData); - jest.doMock('../framework', () => ({ - callWithRequest: mockCallWithRequest, - })); - EsKpiHosts = new ElasticsearchKpiHostsAdapter(mockFramework); - data = await EsKpiHosts.getKpiHostDetails( - mockKpiHostDetailsRequest as FrameworkRequest, - mockKpiHostDetailsOptions - ); - }); - - afterAll(() => { - mockCallWithRequest.mockRestore(); - }); - - test('getKpiHostDetails - response without data', async () => { - expect(data).toEqual({ - inspect: { - dsl: mockKpiHostDetailsDsl, - response: [ - JSON.stringify(mockKpiHostDetailsResponseNoData.responses[0]), - JSON.stringify(mockKpiHostDetailsResponseNoData.responses[1]), - ], - }, - authSuccess: null, - authSuccessHistogram: null, - authFailure: null, - authFailureHistogram: null, - uniqueSourceIps: null, - uniqueSourceIpsHistogram: null, - uniqueDestinationIps: null, - uniqueDestinationIpsHistogram: null, - }); - }); - }); -}); diff --git a/x-pack/plugins/security_solution/server/lib/kpi_hosts/elasticsearch_adapter.ts b/x-pack/plugins/security_solution/server/lib/kpi_hosts/elasticsearch_adapter.ts deleted file mode 100644 index 01d005be68010..0000000000000 --- a/x-pack/plugins/security_solution/server/lib/kpi_hosts/elasticsearch_adapter.ts +++ /dev/null @@ -1,205 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import { getOr } from 'lodash/fp'; - -import { FrameworkAdapter, FrameworkRequest, RequestBasicOptions } from '../framework'; -import { TermAggregation } from '../types'; -import { buildHostsQuery } from './query_hosts.dsl'; -import { buildAuthQuery } from './query_authentication.dsl'; -import { buildUniqueIpsQuery } from './query_unique_ips.dsl'; -import { - KpiHostsAdapter, - KpiHostsESMSearchBody, - KpiHostsAuthHit, - KpiHostHistogram, - KpiHostGeneralHistogramCount, - KpiHostAuthHistogramCount, - KpiHostsUniqueIpsHit, - KpiHostsHostsHit, -} from './types'; -import { KpiHostHistogramData, KpiHostsData, KpiHostDetailsData } from '../../graphql/types'; -import { inspectStringifyObject } from '../../utils/build_query'; - -const formatGeneralHistogramData = ( - data: Array> -): KpiHostHistogramData[] | null => { - return data && data.length > 0 - ? data.map(({ key, count }) => ({ - x: key, - y: count.value, - })) - : null; -}; - -const formatAuthHistogramData = ( - data: Array> -): KpiHostHistogramData[] | null => { - return data && data.length > 0 - ? data.map(({ key, count }) => ({ - x: key, - y: count.doc_count, - })) - : null; -}; - -export class ElasticsearchKpiHostsAdapter implements KpiHostsAdapter { - constructor(private readonly framework: FrameworkAdapter) {} - - public async getKpiHosts( - request: FrameworkRequest, - options: RequestBasicOptions - ): Promise { - const hostsQuery: KpiHostsESMSearchBody[] = buildHostsQuery(options); - const uniqueIpsQuery: KpiHostsESMSearchBody[] = buildUniqueIpsQuery(options); - const authQuery: KpiHostsESMSearchBody[] = buildAuthQuery(options); - const response = await this.framework.callWithRequest< - KpiHostsHostsHit | KpiHostsUniqueIpsHit | KpiHostsAuthHit, - TermAggregation - >(request, 'msearch', { - body: [...hostsQuery, ...authQuery, ...uniqueIpsQuery], - }); - - const hostsHistogram = getOr( - null, - 'responses.0.aggregations.hosts_histogram.buckets', - response - ); - const authSuccessHistogram = getOr( - null, - 'responses.1.aggregations.authentication_success_histogram.buckets', - response - ); - const authFailureHistogram = getOr( - null, - 'responses.1.aggregations.authentication_failure_histogram.buckets', - response - ); - const uniqueSourceIpsHistogram = getOr( - null, - 'responses.2.aggregations.unique_source_ips_histogram.buckets', - response - ); - const uniqueDestinationIpsHistogram = getOr( - null, - 'responses.2.aggregations.unique_destination_ips_histogram.buckets', - response - ); - - const inspect = { - dsl: [ - inspectStringifyObject({ ...hostsQuery[0], body: hostsQuery[1] }), - inspectStringifyObject({ - ...authQuery[0], - body: authQuery[1], - }), - inspectStringifyObject({ - ...uniqueIpsQuery[0], - body: uniqueIpsQuery[1], - }), - ], - response: [ - inspectStringifyObject(response.responses[0]), - inspectStringifyObject(response.responses[1]), - inspectStringifyObject(response.responses[2]), - ], - }; - return { - inspect, - hosts: getOr(null, 'responses.0.aggregations.hosts.value', response), - hostsHistogram: formatGeneralHistogramData(hostsHistogram), - authSuccess: getOr( - null, - 'responses.1.aggregations.authentication_success.doc_count', - response - ), - authSuccessHistogram: formatAuthHistogramData(authSuccessHistogram), - authFailure: getOr( - null, - 'responses.1.aggregations.authentication_failure.doc_count', - response - ), - authFailureHistogram: formatAuthHistogramData(authFailureHistogram), - uniqueSourceIps: getOr(null, 'responses.2.aggregations.unique_source_ips.value', response), - uniqueSourceIpsHistogram: formatGeneralHistogramData(uniqueSourceIpsHistogram), - uniqueDestinationIps: getOr( - null, - 'responses.2.aggregations.unique_destination_ips.value', - response - ), - uniqueDestinationIpsHistogram: formatGeneralHistogramData(uniqueDestinationIpsHistogram), - }; - } - - public async getKpiHostDetails( - request: FrameworkRequest, - options: RequestBasicOptions - ): Promise { - const uniqueIpsQuery: KpiHostsESMSearchBody[] = buildUniqueIpsQuery(options); - const authQuery: KpiHostsESMSearchBody[] = buildAuthQuery(options); - const response = await this.framework.callWithRequest< - KpiHostsUniqueIpsHit | KpiHostsAuthHit, - TermAggregation - >(request, 'msearch', { - body: [...authQuery, ...uniqueIpsQuery], - }); - - const authSuccessHistogram = getOr( - null, - 'responses.0.aggregations.authentication_success_histogram.buckets', - response - ); - const authFailureHistogram = getOr( - null, - 'responses.0.aggregations.authentication_failure_histogram.buckets', - response - ); - const uniqueSourceIpsHistogram = getOr( - null, - 'responses.1.aggregations.unique_source_ips_histogram.buckets', - response - ); - const uniqueDestinationIpsHistogram = getOr( - null, - 'responses.1.aggregations.unique_destination_ips_histogram.buckets', - response - ); - const inspect = { - dsl: [ - inspectStringifyObject({ ...authQuery[0], body: authQuery[1] }), - inspectStringifyObject({ ...uniqueIpsQuery[0], body: uniqueIpsQuery[1] }), - ], - response: [ - inspectStringifyObject(response.responses[0]), - inspectStringifyObject(response.responses[1]), - ], - }; - - return { - inspect, - authSuccess: getOr( - null, - 'responses.0.aggregations.authentication_success.doc_count', - response - ), - authSuccessHistogram: formatAuthHistogramData(authSuccessHistogram), - authFailure: getOr( - null, - 'responses.0.aggregations.authentication_failure.doc_count', - response - ), - authFailureHistogram: formatAuthHistogramData(authFailureHistogram), - uniqueSourceIps: getOr(null, 'responses.1.aggregations.unique_source_ips.value', response), - uniqueSourceIpsHistogram: formatGeneralHistogramData(uniqueSourceIpsHistogram), - uniqueDestinationIps: getOr( - null, - 'responses.1.aggregations.unique_destination_ips.value', - response - ), - uniqueDestinationIpsHistogram: formatGeneralHistogramData(uniqueDestinationIpsHistogram), - }; - } -} diff --git a/x-pack/plugins/security_solution/server/lib/kpi_hosts/helpers.test.ts b/x-pack/plugins/security_solution/server/lib/kpi_hosts/helpers.test.ts deleted file mode 100644 index 838eb5d9bcef9..0000000000000 --- a/x-pack/plugins/security_solution/server/lib/kpi_hosts/helpers.test.ts +++ /dev/null @@ -1,21 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import { isKpiHostDetailsQuery } from './helpers'; -import { mockKpiHostsOptions, mockKpiHostDetailsOptions } from './mock'; - -describe('helpers', () => { - const table: Array<[typeof mockKpiHostDetailsOptions, boolean]> = [ - [mockKpiHostsOptions, false], - [mockKpiHostDetailsOptions, true], - ]; - - describe.each(table)('isHostDetails', (option, expected) => { - test(`it should tell if it is kpiHostDetails option`, () => { - expect(isKpiHostDetailsQuery(option)).toBe(expected); - }); - }); -}); diff --git a/x-pack/plugins/security_solution/server/lib/kpi_hosts/helpers.ts b/x-pack/plugins/security_solution/server/lib/kpi_hosts/helpers.ts deleted file mode 100644 index 189921a18bc53..0000000000000 --- a/x-pack/plugins/security_solution/server/lib/kpi_hosts/helpers.ts +++ /dev/null @@ -1,11 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import { RequestBasicOptions } from '../framework'; - -export const isKpiHostDetailsQuery = (options: RequestBasicOptions): boolean => { - return options.filterQuery !== undefined && Object.keys(options.filterQuery).length > 0; -}; diff --git a/x-pack/plugins/security_solution/server/lib/kpi_hosts/index.ts b/x-pack/plugins/security_solution/server/lib/kpi_hosts/index.ts deleted file mode 100644 index 6d1e88d54171a..0000000000000 --- a/x-pack/plugins/security_solution/server/lib/kpi_hosts/index.ts +++ /dev/null @@ -1,28 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import { FrameworkRequest, RequestBasicOptions } from '../framework'; - -import { KpiHostsAdapter } from './types'; -import { KpiHostsData, KpiHostDetailsData } from '../../graphql/types'; - -export class KpiHosts { - constructor(private readonly adapter: KpiHostsAdapter) {} - - public async getKpiHosts( - req: FrameworkRequest, - options: RequestBasicOptions - ): Promise { - return this.adapter.getKpiHosts(req, options); - } - - public async getKpiHostDetails( - req: FrameworkRequest, - options: RequestBasicOptions - ): Promise { - return this.adapter.getKpiHostDetails(req, options); - } -} diff --git a/x-pack/plugins/security_solution/server/lib/kpi_hosts/mock.ts b/x-pack/plugins/security_solution/server/lib/kpi_hosts/mock.ts deleted file mode 100644 index 876d2f9c16bed..0000000000000 --- a/x-pack/plugins/security_solution/server/lib/kpi_hosts/mock.ts +++ /dev/null @@ -1,606 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import { DEFAULT_INDEX_PATTERN } from '../../../common/constants'; -import { RequestBasicOptions } from '../framework/types'; - -const FROM = '2019-05-03T13:24:00.660Z'; -const TO = '2019-05-04T13:24:00.660Z'; - -export const mockKpiHostsOptions: RequestBasicOptions = { - defaultIndex: DEFAULT_INDEX_PATTERN, - sourceConfiguration: { - fields: { - container: 'docker.container.name', - host: 'beat.hostname', - message: ['message', '@message'], - pod: 'kubernetes.pod.name', - tiebreaker: '_doc', - timestamp: '@timestamp', - }, - }, - timerange: { interval: '12h', to: TO, from: FROM }, - filterQuery: undefined, -}; - -export const mockKpiHostDetailsOptions: RequestBasicOptions = { - defaultIndex: DEFAULT_INDEX_PATTERN, - sourceConfiguration: { - fields: { - container: 'docker.container.name', - host: 'beat.hostname', - message: ['message', '@message'], - pod: 'kubernetes.pod.name', - tiebreaker: '_doc', - timestamp: '@timestamp', - }, - }, - timerange: { interval: '12h', to: TO, from: FROM }, - filterQuery: { term: { 'host.name': 'beats-ci-immutable-ubuntu-1604-1560970771368235343' } }, -}; - -export const mockKpiHostsRequest = { - body: { - operationName: 'GetKpiHostsQuery', - variables: { - sourceId: 'default', - timerange: { interval: '12h', from: FROM, to: TO }, - filterQuery: '', - }, - query: - 'fragment KpiHostChartFields on KpiHostHistogramData {\n x\n y\n __typename\n}\n\nquery GetKpiHostsQuery($sourceId: ID!, $timerange: TimerangeInput!, $filterQuery: String, $defaultIndex: [String!]!) {\n source(id: $sourceId) {\n id\n KpiHosts(timerange: $timerange, filterQuery: $filterQuery, defaultIndex: $defaultIndex) {\n hosts\n hostsHistogram {\n ...KpiHostChartFields\n __typename\n }\n authSuccess\n authSuccessHistogram {\n ...KpiHostChartFields\n __typename\n }\n authFailure\n authFailureHistogram {\n ...KpiHostChartFields\n __typename\n }\n uniqueSourceIps\n uniqueSourceIpsHistogram {\n ...KpiHostChartFields\n __typename\n }\n uniqueDestinationIps\n uniqueDestinationIpsHistogram {\n ...KpiHostChartFields\n __typename\n }\n __typename\n }\n __typename\n }\n}\n', - }, -}; - -export const mockKpiHostDetailsRequest = { - body: { - operationName: 'GetKpiHostDetailsQuery', - variables: { - sourceId: 'default', - timerange: { interval: '12h', from: FROM, to: TO }, - filterQuery: { term: { 'host.name': 'beats-ci-immutable-ubuntu-1604-1560970771368235343' } }, - }, - query: - 'fragment KpiHostDetailsChartFields on KpiHostHistogramData {\n x\n y\n __typename\n}\n\nquery GetKpiHostDetailsQuery($sourceId: ID!, $timerange: TimerangeInput!, $filterQuery: String, $defaultIndex: [String!]!, $hostName: String!) {\n source(id: $sourceId) {\n id\n KpiHostDetails(timerange: $timerange, filterQuery: $filterQuery, defaultIndex: $defaultIndex, hostName: $hostName) {\n authSuccess\n authSuccessHistogram {\n ...KpiHostDetailsChartFields\n __typename\n }\n authFailure\n authFailureHistogram {\n ...KpiHostDetailsChartFields\n __typename\n }\n uniqueSourceIps\n uniqueSourceIpsHistogram {\n ...KpiHostDetailsChartFields\n __typename\n }\n uniqueDestinationIps\n uniqueDestinationIpsHistogram {\n ...KpiHostDetailsChartFields\n __typename\n }\n __typename\n }\n __typename\n }\n}\n', - }, -}; - -const mockUniqueIpsResponse = { - took: 1234, - timed_out: false, - _shards: { - total: 71, - successful: 71, - skipped: 65, - failed: 0, - }, - hits: { - max_score: null, - hits: [], - }, - aggregations: { - unique_destination_ips: { - value: 1954, - }, - unique_destination_ips_histogram: { - buckets: [ - { - key_as_string: '2019-05-03T13:00:00.000Z', - key: 1556888400000, - doc_count: 3158515, - count: { - value: 1809, - }, - }, - { - key_as_string: '2019-05-04T01:00:00.000Z', - key: 1556931600000, - doc_count: 703032, - count: { - value: 407, - }, - }, - { - key_as_string: '2019-05-04T13:00:00.000Z', - key: 1556974800000, - doc_count: 1780, - count: { - value: 64, - }, - }, - ], - interval: '12h', - }, - unique_source_ips: { - value: 1407, - }, - unique_source_ips_histogram: { - buckets: [ - { - key_as_string: '2019-05-03T13:00:00.000Z', - key: 1556888400000, - doc_count: 3158515, - count: { - value: 1182, - }, - }, - { - key_as_string: '2019-05-04T01:00:00.000Z', - key: 1556931600000, - doc_count: 703032, - count: { - value: 364, - }, - }, - { - key_as_string: '2019-05-04T13:00:00.000Z', - key: 1556974800000, - doc_count: 1780, - count: { - value: 63, - }, - }, - ], - interval: '12h', - }, - }, - status: 200, -}; - -const mockAuthResponse = { - took: 320, - timed_out: false, - _shards: { - total: 71, - successful: 71, - skipped: 65, - failed: 0, - }, - hits: { - max_score: null, - hits: [], - }, - aggregations: { - authentication_success: { - doc_count: 61, - }, - authentication_failure: { - doc_count: 15722, - }, - authentication_failure_histogram: { - buckets: [ - { - key_as_string: '2019-05-03T13:00:00.000Z', - key: 1556888400000, - doc_count: 11739, - count: { - doc_count: 11731, - }, - }, - { - key_as_string: '2019-05-04T01:00:00.000Z', - key: 1556931600000, - doc_count: 4031, - count: { - doc_count: 3979, - }, - }, - { - key_as_string: '2019-05-04T13:00:00.000Z', - key: 1556974800000, - doc_count: 13, - count: { - doc_count: 12, - }, - }, - ], - interval: '12h', - }, - authentication_success_histogram: { - buckets: [ - { - key_as_string: '2019-05-03T13:00:00.000Z', - key: 1556888400000, - doc_count: 11739, - count: { - doc_count: 8, - }, - }, - { - key_as_string: '2019-05-04T01:00:00.000Z', - key: 1556931600000, - doc_count: 4031, - count: { - doc_count: 52, - }, - }, - { - key_as_string: '2019-05-04T13:00:00.000Z', - key: 1556974800000, - doc_count: 13, - count: { - doc_count: 1, - }, - }, - ], - interval: '12h', - }, - }, - status: 200, -}; - -const mockHostsReponse = { - took: 1234, - timed_out: false, - _shards: { - total: 71, - successful: 71, - skipped: 65, - failed: 0, - }, - hits: { - max_score: null, - hits: [], - }, - aggregations: { - hosts: { - value: 986, - }, - hosts_histogram: { - buckets: [ - { - key_as_string: '2019-05-03T13:00:00.000Z', - key: 1556888400000, - doc_count: 3158515, - count: { - value: 919, - }, - }, - { - key_as_string: '2019-05-04T01:00:00.000Z', - key: 1556931600000, - doc_count: 703032, - count: { - value: 82, - }, - }, - { - key_as_string: '2019-05-04T13:00:00.000Z', - key: 1556974800000, - doc_count: 1780, - count: { - value: 4, - }, - }, - ], - interval: '12h', - }, - }, - status: 200, -}; - -export const mockKpiHostsResponse = { - took: 4405, - responses: [mockHostsReponse, mockAuthResponse, mockUniqueIpsResponse], -}; - -export const mockKpiHostsResponseNodata = { responses: [null, null, null] }; - -const mockMsearchHeader = { - index: DEFAULT_INDEX_PATTERN, - allowNoIndices: true, - ignoreUnavailable: true, -}; - -const mockHostNameFilter = { - term: { 'host.name': 'beats-ci-immutable-ubuntu-1604-1560970771368235343' }, -}; -const mockTimerangeFilter = { range: { '@timestamp': { gte: FROM, lte: TO } } }; - -export const mockHostsQuery = [ - mockMsearchHeader, - { - aggregations: { - hosts: { cardinality: { field: 'host.name' } }, - hosts_histogram: { - auto_date_histogram: { field: '@timestamp', buckets: '6' }, - aggs: { count: { cardinality: { field: 'host.name' } } }, - }, - }, - query: { - bool: { filter: [{ range: { '@timestamp': mockTimerangeFilter } }] }, - }, - size: 0, - track_total_hits: false, - }, -]; - -const mockUniqueIpsAggs = { - unique_source_ips: { cardinality: { field: 'source.ip' } }, - unique_source_ips_histogram: { - auto_date_histogram: { field: '@timestamp', buckets: '6' }, - aggs: { count: { cardinality: { field: 'source.ip' } } }, - }, - unique_destination_ips: { cardinality: { field: 'destination.ip' } }, - unique_destination_ips_histogram: { - auto_date_histogram: { field: '@timestamp', buckets: '6' }, - aggs: { count: { cardinality: { field: 'destination.ip' } } }, - }, -}; - -export const mockKpiHostsUniqueIpsQuery = [ - mockMsearchHeader, - { - aggregations: mockUniqueIpsAggs, - query: { - bool: { filter: [mockTimerangeFilter] }, - }, - size: 0, - track_total_hits: false, - }, -]; - -export const mockKpiHostDetailsUniqueIpsQuery = [ - mockMsearchHeader, - { - aggregations: mockUniqueIpsAggs, - query: { - bool: { filter: [mockHostNameFilter, mockTimerangeFilter] }, - }, - size: 0, - track_total_hits: false, - }, -]; - -const mockAuthAggs = { - authentication_success: { filter: { term: { 'event.outcome': 'success' } } }, - authentication_success_histogram: { - auto_date_histogram: { field: '@timestamp', buckets: '6' }, - aggs: { count: { filter: { term: { 'event.outcome': 'success' } } } }, - }, - authentication_failure: { filter: { term: { 'event.outcome': 'failure' } } }, - authentication_failure_histogram: { - auto_date_histogram: { field: '@timestamp', buckets: '6' }, - aggs: { count: { filter: { term: { 'event.outcome': 'failure' } } } }, - }, -}; - -const mockAuthFilter = { - bool: { - filter: [ - { - term: { - 'event.category': 'authentication', - }, - }, - ], - }, -}; - -export const mockKpiHostsAuthQuery = [ - mockMsearchHeader, - { - aggs: mockAuthAggs, - query: { - bool: { - filter: [mockAuthFilter, mockTimerangeFilter], - }, - }, - size: 0, - track_total_hits: false, - }, -]; - -export const mockKpiHostDetailsAuthQuery = [ - mockMsearchHeader, - { - aggs: mockAuthAggs, - query: { - bool: { - filter: [mockHostNameFilter, mockAuthFilter, mockTimerangeFilter], - }, - }, - size: 0, - track_total_hits: false, - }, -]; - -export const mockKpiHostsMsearchOptions = { - body: [...mockHostsQuery, ...mockKpiHostsAuthQuery, ...mockKpiHostsUniqueIpsQuery], -}; - -export const mockKpiHostDetailsMsearchOptions = { - body: [...mockKpiHostDetailsAuthQuery, ...mockKpiHostDetailsUniqueIpsQuery], -}; - -export const mockKpiHostsQueryDsl = [ - JSON.stringify({ ...mockHostsQuery[0], body: mockHostsQuery[1] }, null, 2), - JSON.stringify({ ...mockKpiHostsAuthQuery[0], body: mockKpiHostsAuthQuery[1] }, null, 2), - JSON.stringify( - { ...mockKpiHostsUniqueIpsQuery[0], body: mockKpiHostsUniqueIpsQuery[1] }, - null, - 2 - ), -]; - -export const mockKpiHostsResult = { - inspect: { - dsl: mockKpiHostsQueryDsl, - response: [ - JSON.stringify(mockKpiHostsResponse.responses[0], null, 2), - JSON.stringify(mockKpiHostsResponse.responses[1], null, 2), - JSON.stringify(mockKpiHostsResponse.responses[2], null, 2), - ], - }, - hosts: 986, - hostsHistogram: [ - { - x: new Date('2019-05-03T13:00:00.000Z').valueOf(), - y: 919, - }, - { - x: new Date('2019-05-04T01:00:00.000Z').valueOf(), - y: 82, - }, - { - x: new Date('2019-05-04T13:00:00.000Z').valueOf(), - y: 4, - }, - ], - authSuccess: 61, - authSuccessHistogram: [ - { - x: new Date('2019-05-03T13:00:00.000Z').valueOf(), - y: 8, - }, - { - x: new Date('2019-05-04T01:00:00.000Z').valueOf(), - y: 52, - }, - { - x: new Date('2019-05-04T13:00:00.000Z').valueOf(), - y: 1, - }, - ], - authFailure: 15722, - authFailureHistogram: [ - { - x: new Date('2019-05-03T13:00:00.000Z').valueOf(), - y: 11731, - }, - { - x: new Date('2019-05-04T01:00:00.000Z').valueOf(), - y: 3979, - }, - { - x: new Date('2019-05-04T13:00:00.000Z').valueOf(), - y: 12, - }, - ], - uniqueSourceIps: 1407, - uniqueSourceIpsHistogram: [ - { - x: new Date('2019-05-03T13:00:00.000Z').valueOf(), - y: 1182, - }, - { - x: new Date('2019-05-04T01:00:00.000Z').valueOf(), - y: 364, - }, - { - x: new Date('2019-05-04T13:00:00.000Z').valueOf(), - y: 63, - }, - ], - uniqueDestinationIps: 1954, - uniqueDestinationIpsHistogram: [ - { - x: new Date('2019-05-03T13:00:00.000Z').valueOf(), - y: 1809, - }, - { - x: new Date('2019-05-04T01:00:00.000Z').valueOf(), - y: 407, - }, - { - x: new Date('2019-05-04T13:00:00.000Z').valueOf(), - y: 64, - }, - ], -}; - -export const mockKpiHostDetailsResponse = { - took: 4405, - responses: [mockAuthResponse, mockUniqueIpsResponse], -}; - -export const mockKpiHostDetailsResponseNoData = { - took: 4405, - responses: [null, null], -}; - -export const mockKpiHostDetailsDsl = [ - JSON.stringify( - { ...mockKpiHostDetailsAuthQuery[0], body: mockKpiHostDetailsAuthQuery[1] }, - null, - 2 - ), - JSON.stringify( - { ...mockKpiHostDetailsUniqueIpsQuery[0], body: mockKpiHostDetailsUniqueIpsQuery[1] }, - null, - 2 - ), -]; - -export const mockKpiHostDetailsResult = { - inspect: { - dsl: mockKpiHostDetailsDsl, - response: [ - JSON.stringify(mockKpiHostDetailsResponse.responses[0], null, 2), - JSON.stringify(mockKpiHostDetailsResponse.responses[1], null, 2), - ], - }, - authSuccess: 61, - authSuccessHistogram: [ - { - x: new Date('2019-05-03T13:00:00.000Z').valueOf(), - y: 8, - }, - { - x: new Date('2019-05-04T01:00:00.000Z').valueOf(), - y: 52, - }, - { - x: new Date('2019-05-04T13:00:00.000Z').valueOf(), - y: 1, - }, - ], - authFailure: 15722, - authFailureHistogram: [ - { - x: new Date('2019-05-03T13:00:00.000Z').valueOf(), - y: 11731, - }, - { - x: new Date('2019-05-04T01:00:00.000Z').valueOf(), - y: 3979, - }, - { - x: new Date('2019-05-04T13:00:00.000Z').valueOf(), - y: 12, - }, - ], - uniqueSourceIps: 1407, - uniqueSourceIpsHistogram: [ - { - x: new Date('2019-05-03T13:00:00.000Z').valueOf(), - y: 1182, - }, - { - x: new Date('2019-05-04T01:00:00.000Z').valueOf(), - y: 364, - }, - { - x: new Date('2019-05-04T13:00:00.000Z').valueOf(), - y: 63, - }, - ], - uniqueDestinationIps: 1954, - uniqueDestinationIpsHistogram: [ - { - x: new Date('2019-05-03T13:00:00.000Z').valueOf(), - y: 1809, - }, - { - x: new Date('2019-05-04T01:00:00.000Z').valueOf(), - y: 407, - }, - { - x: new Date('2019-05-04T13:00:00.000Z').valueOf(), - y: 64, - }, - ], -}; diff --git a/x-pack/plugins/security_solution/server/lib/kpi_hosts/query_authentication.dsl.test.ts b/x-pack/plugins/security_solution/server/lib/kpi_hosts/query_authentication.dsl.test.ts deleted file mode 100644 index b6da35f75b16a..0000000000000 --- a/x-pack/plugins/security_solution/server/lib/kpi_hosts/query_authentication.dsl.test.ts +++ /dev/null @@ -1,30 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import { - mockKpiHostsOptions, - mockKpiHostsAuthQuery, - mockKpiHostDetailsOptions, - mockKpiHostDetailsAuthQuery, -} from './mock'; -import { buildAuthQuery } from './query_authentication.dsl'; - -const table = [ - [mockKpiHostsOptions, mockKpiHostsAuthQuery] as [ - typeof mockKpiHostsOptions, - typeof mockKpiHostsAuthQuery - ], - [mockKpiHostDetailsOptions, mockKpiHostDetailsAuthQuery] as [ - typeof mockKpiHostDetailsOptions, - typeof mockKpiHostDetailsAuthQuery - ], -]; - -describe.each(table)('buildAuthQuery', (option, expected) => { - test(`returns correct query by option type`, () => { - expect(buildAuthQuery(option)).toMatchObject(expected); - }); -}); diff --git a/x-pack/plugins/security_solution/server/lib/kpi_hosts/query_authentication.dsl.ts b/x-pack/plugins/security_solution/server/lib/kpi_hosts/query_authentication.dsl.ts deleted file mode 100644 index ee9e6cd5a66c5..0000000000000 --- a/x-pack/plugins/security_solution/server/lib/kpi_hosts/query_authentication.dsl.ts +++ /dev/null @@ -1,105 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ -import { createQueryFilterClauses } from '../../utils/build_query'; -import { KpiHostsESMSearchBody } from './types'; -import { RequestBasicOptions } from '../framework'; - -export const buildAuthQuery = ({ - filterQuery, - timerange: { from, to }, - defaultIndex, - sourceConfiguration: { - fields: { timestamp }, - }, -}: RequestBasicOptions): KpiHostsESMSearchBody[] => { - const filter = [ - ...createQueryFilterClauses(filterQuery), - { - bool: { - filter: [ - { - term: { - 'event.category': 'authentication', - }, - }, - ], - }, - }, - { - range: { - [timestamp]: { - gte: from, - lte: to, - format: 'strict_date_optional_time', - }, - }, - }, - ]; - - const dslQuery = [ - { - index: defaultIndex, - allowNoIndices: true, - ignoreUnavailable: true, - }, - { - aggs: { - authentication_success: { - filter: { - term: { - 'event.outcome': 'success', - }, - }, - }, - authentication_success_histogram: { - auto_date_histogram: { - field: '@timestamp', - buckets: '6', - }, - aggs: { - count: { - filter: { - term: { - 'event.outcome': 'success', - }, - }, - }, - }, - }, - authentication_failure: { - filter: { - term: { - 'event.outcome': 'failure', - }, - }, - }, - authentication_failure_histogram: { - auto_date_histogram: { - field: '@timestamp', - buckets: '6', - }, - aggs: { - count: { - filter: { - term: { - 'event.outcome': 'failure', - }, - }, - }, - }, - }, - }, - query: { - bool: { - filter, - }, - }, - size: 0, - track_total_hits: false, - }, - ]; - return dslQuery; -}; diff --git a/x-pack/plugins/security_solution/server/lib/kpi_hosts/query_hosts.dsl.ts b/x-pack/plugins/security_solution/server/lib/kpi_hosts/query_hosts.dsl.ts deleted file mode 100644 index 0c1d7d4ae9de7..0000000000000 --- a/x-pack/plugins/security_solution/server/lib/kpi_hosts/query_hosts.dsl.ts +++ /dev/null @@ -1,69 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ -import { createQueryFilterClauses } from '../../utils/build_query'; -import { KpiHostsESMSearchBody } from './types'; -import { RequestBasicOptions } from '../framework'; - -export const buildHostsQuery = ({ - filterQuery, - timerange: { from, to }, - defaultIndex, - sourceConfiguration: { - fields: { timestamp }, - }, -}: RequestBasicOptions): KpiHostsESMSearchBody[] => { - const filter = [ - ...createQueryFilterClauses(filterQuery), - { - range: { - [timestamp]: { - gte: from, - lte: to, - format: 'strict_date_optional_time', - }, - }, - }, - ]; - - const dslQuery = [ - { - index: defaultIndex, - allowNoIndices: true, - ignoreUnavailable: true, - }, - { - aggregations: { - hosts: { - cardinality: { - field: 'host.name', - }, - }, - hosts_histogram: { - auto_date_histogram: { - field: '@timestamp', - buckets: '6', - }, - aggs: { - count: { - cardinality: { - field: 'host.name', - }, - }, - }, - }, - }, - query: { - bool: { - filter, - }, - }, - size: 0, - track_total_hits: false, - }, - ]; - - return dslQuery; -}; diff --git a/x-pack/plugins/security_solution/server/lib/kpi_hosts/query_unique_ips.dsl.test.ts b/x-pack/plugins/security_solution/server/lib/kpi_hosts/query_unique_ips.dsl.test.ts deleted file mode 100644 index 2309bc029d861..0000000000000 --- a/x-pack/plugins/security_solution/server/lib/kpi_hosts/query_unique_ips.dsl.test.ts +++ /dev/null @@ -1,24 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import { - mockKpiHostsOptions, - mockKpiHostsUniqueIpsQuery, - mockKpiHostDetailsOptions, - mockKpiHostDetailsUniqueIpsQuery, -} from './mock'; -import { buildUniqueIpsQuery } from './query_unique_ips.dsl'; - -const table: Array<[typeof mockKpiHostDetailsOptions, typeof mockKpiHostDetailsUniqueIpsQuery]> = [ - [mockKpiHostsOptions, mockKpiHostsUniqueIpsQuery], - [mockKpiHostDetailsOptions, mockKpiHostDetailsUniqueIpsQuery], -]; - -describe.each(table)('buildUniqueIpsQuery', (option, expected) => { - test(`returns correct query by option type`, () => { - expect(buildUniqueIpsQuery(option)).toMatchObject(expected); - }); -}); diff --git a/x-pack/plugins/security_solution/server/lib/kpi_hosts/query_unique_ips.dsl.ts b/x-pack/plugins/security_solution/server/lib/kpi_hosts/query_unique_ips.dsl.ts deleted file mode 100644 index 9813f73101235..0000000000000 --- a/x-pack/plugins/security_solution/server/lib/kpi_hosts/query_unique_ips.dsl.ts +++ /dev/null @@ -1,87 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ -import { createQueryFilterClauses } from '../../utils/build_query'; -import { KpiHostsESMSearchBody } from './types'; -import { RequestBasicOptions } from '../framework'; - -export const buildUniqueIpsQuery = ({ - filterQuery, - timerange: { from, to }, - defaultIndex, - sourceConfiguration: { - fields: { timestamp }, - }, -}: RequestBasicOptions): KpiHostsESMSearchBody[] => { - const filter = [ - ...createQueryFilterClauses(filterQuery), - { - range: { - [timestamp]: { - gte: from, - lte: to, - format: 'strict_date_optional_time', - }, - }, - }, - ]; - - const dslQuery = [ - { - index: defaultIndex, - allowNoIndices: true, - ignoreUnavailable: true, - }, - { - aggregations: { - unique_source_ips: { - cardinality: { - field: 'source.ip', - }, - }, - unique_source_ips_histogram: { - auto_date_histogram: { - field: '@timestamp', - buckets: '6', - }, - aggs: { - count: { - cardinality: { - field: 'source.ip', - }, - }, - }, - }, - unique_destination_ips: { - cardinality: { - field: 'destination.ip', - }, - }, - unique_destination_ips_histogram: { - auto_date_histogram: { - field: '@timestamp', - buckets: '6', - }, - aggs: { - count: { - cardinality: { - field: 'destination.ip', - }, - }, - }, - }, - }, - query: { - bool: { - filter, - }, - }, - size: 0, - track_total_hits: false, - }, - ]; - - return dslQuery; -}; diff --git a/x-pack/plugins/security_solution/server/lib/kpi_hosts/types.ts b/x-pack/plugins/security_solution/server/lib/kpi_hosts/types.ts deleted file mode 100644 index acc6ae5a340fa..0000000000000 --- a/x-pack/plugins/security_solution/server/lib/kpi_hosts/types.ts +++ /dev/null @@ -1,126 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ -import { FrameworkRequest, RequestBasicOptions } from '../framework'; -import { MSearchHeader, SearchHit } from '../types'; -import { KpiHostsData, KpiHostDetailsData } from '../../graphql/types'; - -export interface KpiHostsAdapter { - getKpiHosts(request: FrameworkRequest, options: RequestBasicOptions): Promise; - getKpiHostDetails( - request: FrameworkRequest, - options: RequestBasicOptions - ): Promise; -} - -export interface KpiHostHistogram { - key_as_string: string; - key: number; - doc_count: number; - count: T; -} - -export interface KpiHostGeneralHistogramCount { - value: number; -} - -export interface KpiHostAuthHistogramCount { - doc_count: number; -} - -export interface KpiHostsHostsHit extends SearchHit { - aggregations: { - hosts: { - value: number; - }; - hosts_histogram: { - buckets: Array>; - }; - }; - _shards: { - total: number; - successful: number; - skipped: number; - failed: number; - }; - hits: { - max_score: number | null; - hits: []; - }; - took: number; - timeout: number; -} - -export interface KpiHostsUniqueIpsHit extends SearchHit { - aggregations: { - unique_source_ips: { - value: number; - }; - unique_source_ips_histogram: { - buckets: Array>; - }; - unique_destination_ips: { - value: number; - }; - unique_destination_ips_histogram: { - buckets: Array>; - }; - }; - _shards: { - total: number; - successful: number; - skipped: number; - failed: number; - }; - hits: { - max_score: number | null; - hits: []; - }; - took: number; - timeout: number; -} - -export interface KpiHostsAuthHit extends SearchHit { - aggregations: { - authentication_success: { - doc_count: number; - }; - authentication_success_histogram: { - buckets: Array>; - }; - authentication_failure: { - doc_count: number; - }; - authentication_failure_histogram: { - buckets: Array>; - }; - }; - _shards: { - total: number; - successful: number; - skipped: number; - failed: number; - }; - hits: { - max_score: number | null; - hits: []; - }; - took: number; - timeout: number; -} - -export interface KpiHostsBody { - query?: object; - aggregations?: object; - size?: number; - track_total_hits?: boolean; -} - -export type KpiHostsESMSearchBody = KpiHostsBody | MSearchHeader; - -export interface EventModuleAttributeQuery { - agentType: 'auditbeat' | 'winlogbeat' | 'filebeat'; - eventModule?: 'file_integrity' | 'auditd'; -} diff --git a/x-pack/plugins/security_solution/server/lib/kpi_network/elastic_adapter.test.ts b/x-pack/plugins/security_solution/server/lib/kpi_network/elastic_adapter.test.ts deleted file mode 100644 index 58ee7c9aa1cf8..0000000000000 --- a/x-pack/plugins/security_solution/server/lib/kpi_network/elastic_adapter.test.ts +++ /dev/null @@ -1,147 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import { - mockMsearchOptions, - mockOptions, - mockRequest, - mockResponse, - mockResult, - mockNetworkEventsQueryDsl, - mockUniqueFlowIdsQueryDsl, - mockUniquePrvateIpsQueryDsl, - mockDnsQueryDsl, - mockTlsHandshakesQueryDsl, - mockResultNoData, - mockResponseNoData, -} from './mock'; -import { buildNetworkEventsQuery } from './query_network_events'; -import { buildUniqueFlowIdsQuery } from './query_unique_flow'; -import { buildDnsQuery } from './query_dns.dsl'; -import { buildTlsHandshakeQuery } from './query_tls_handshakes.dsl'; -import { buildUniquePrvateIpQuery } from './query_unique_private_ips.dsl'; -import { KpiNetworkData } from '../../graphql/types'; -import { ElasticsearchKpiNetworkAdapter } from './elasticsearch_adapter'; -import { FrameworkRequest, FrameworkAdapter } from '../framework'; - -jest.mock('./query_network_events', () => { - return { buildNetworkEventsQuery: jest.fn() }; -}); -jest.mock('./query_unique_flow', () => { - return { buildUniqueFlowIdsQuery: jest.fn() }; -}); -jest.mock('./query_dns.dsl', () => { - return { buildDnsQuery: jest.fn() }; -}); -jest.mock('./query_tls_handshakes.dsl', () => { - return { buildTlsHandshakeQuery: jest.fn() }; -}); -jest.mock('./query_unique_private_ips.dsl', () => { - return { buildUniquePrvateIpQuery: jest.fn() }; -}); - -describe('Network Kpi elasticsearch_adapter', () => { - let data: KpiNetworkData; - - const mockCallWithRequest = jest.fn(); - const mockFramework: FrameworkAdapter = { - callWithRequest: mockCallWithRequest, - registerGraphQLEndpoint: jest.fn(), - getIndexPatternsService: jest.fn(), - }; - - let EsKpiNetwork: ElasticsearchKpiNetworkAdapter; - - describe('getKpiNetwork - call stack', () => { - beforeAll(async () => { - (buildNetworkEventsQuery as jest.Mock).mockReset(); - (buildNetworkEventsQuery as jest.Mock).mockReturnValue(mockNetworkEventsQueryDsl); - (buildUniqueFlowIdsQuery as jest.Mock).mockReset(); - (buildUniqueFlowIdsQuery as jest.Mock).mockReturnValue(mockUniqueFlowIdsQueryDsl); - (buildDnsQuery as jest.Mock).mockReset(); - (buildDnsQuery as jest.Mock).mockReturnValue(mockDnsQueryDsl); - (buildUniquePrvateIpQuery as jest.Mock).mockReset(); - (buildUniquePrvateIpQuery as jest.Mock).mockReturnValue(mockUniquePrvateIpsQueryDsl); - (buildTlsHandshakeQuery as jest.Mock).mockReset(); - (buildTlsHandshakeQuery as jest.Mock).mockReturnValue(mockTlsHandshakesQueryDsl); - - mockCallWithRequest.mockResolvedValue(mockResponse); - jest.doMock('../framework', () => ({ - callWithRequest: mockCallWithRequest, - })); - EsKpiNetwork = new ElasticsearchKpiNetworkAdapter(mockFramework); - data = await EsKpiNetwork.getKpiNetwork(mockRequest as FrameworkRequest, mockOptions); - }); - - afterAll(() => { - mockCallWithRequest.mockReset(); - (buildNetworkEventsQuery as jest.Mock).mockClear(); - (buildUniqueFlowIdsQuery as jest.Mock).mockClear(); - (buildDnsQuery as jest.Mock).mockClear(); - (buildUniquePrvateIpQuery as jest.Mock).mockClear(); - (buildTlsHandshakeQuery as jest.Mock).mockClear(); - }); - - test('should build query for network events with correct option', () => { - expect(buildNetworkEventsQuery).toHaveBeenCalledWith(mockOptions); - }); - - test('should build query for unique flow IDs with correct option', () => { - expect(buildUniqueFlowIdsQuery).toHaveBeenCalledWith(mockOptions); - }); - - test('should build query for unique private ip with correct option', () => { - expect(buildUniquePrvateIpQuery).toHaveBeenCalledWith(mockOptions); - }); - - test('should build query for dns with correct option', () => { - expect(buildDnsQuery).toHaveBeenCalledWith(mockOptions); - }); - - test('should build query for tls handshakes with correct option', () => { - expect(buildTlsHandshakeQuery).toHaveBeenCalledWith(mockOptions); - }); - - test('should send msearch request', () => { - expect(mockCallWithRequest).toHaveBeenCalledWith(mockRequest, 'msearch', mockMsearchOptions); - }); - - test('Happy Path - get Data', () => { - expect(data).toEqual(mockResult); - }); - }); - - describe('Unhappy Path - No data', () => { - beforeAll(async () => { - mockCallWithRequest.mockResolvedValue(mockResponseNoData); - (buildNetworkEventsQuery as jest.Mock).mockClear(); - (buildUniqueFlowIdsQuery as jest.Mock).mockClear(); - (buildDnsQuery as jest.Mock).mockClear(); - (buildUniquePrvateIpQuery as jest.Mock).mockClear(); - (buildTlsHandshakeQuery as jest.Mock).mockClear(); - - jest.doMock('../framework', () => ({ - callWithRequest: mockCallWithRequest, - })); - - EsKpiNetwork = new ElasticsearchKpiNetworkAdapter(mockFramework); - data = await EsKpiNetwork.getKpiNetwork(mockRequest as FrameworkRequest, mockOptions); - }); - - afterAll(() => { - mockCallWithRequest.mockReset(); - (buildNetworkEventsQuery as jest.Mock).mockClear(); - (buildUniqueFlowIdsQuery as jest.Mock).mockClear(); - (buildDnsQuery as jest.Mock).mockClear(); - (buildUniquePrvateIpQuery as jest.Mock).mockClear(); - (buildTlsHandshakeQuery as jest.Mock).mockClear(); - }); - - test('getKpiNetwork - response without data', async () => { - expect(data).toEqual(mockResultNoData); - }); - }); -}); diff --git a/x-pack/plugins/security_solution/server/lib/kpi_network/elasticsearch_adapter.ts b/x-pack/plugins/security_solution/server/lib/kpi_network/elasticsearch_adapter.ts deleted file mode 100644 index 11d8299725f2a..0000000000000 --- a/x-pack/plugins/security_solution/server/lib/kpi_network/elasticsearch_adapter.ts +++ /dev/null @@ -1,113 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import { getOr } from 'lodash/fp'; - -import { inspectStringifyObject } from '../../utils/build_query'; -import { FrameworkAdapter, FrameworkRequest, RequestBasicOptions } from '../framework'; - -import { buildDnsQuery } from './query_dns.dsl'; -import { buildTlsHandshakeQuery } from './query_tls_handshakes.dsl'; -import { buildUniquePrvateIpQuery } from './query_unique_private_ips.dsl'; -import { - KpiNetworkHit, - KpiNetworkAdapter, - KpiNetworkESMSearchBody, - KpiNetworkGeneralHit, - KpiNetworkUniquePrivateIpsHit, -} from './types'; -import { TermAggregation } from '../types'; -import { KpiNetworkHistogramData, KpiNetworkData } from '../../graphql/types'; -import { buildNetworkEventsQuery } from './query_network_events'; -import { buildUniqueFlowIdsQuery } from './query_unique_flow'; - -const formatHistogramData = ( - data: Array<{ key: number; count: { value: number } }> -): KpiNetworkHistogramData[] | null => { - return data && data.length > 0 - ? data.map(({ key, count }) => { - return { - x: key, - y: getOr(null, 'value', count), - }; - }) - : null; -}; - -export class ElasticsearchKpiNetworkAdapter implements KpiNetworkAdapter { - constructor(private readonly framework: FrameworkAdapter) {} - - public async getKpiNetwork( - request: FrameworkRequest, - options: RequestBasicOptions - ): Promise { - const networkEventsQuery: KpiNetworkESMSearchBody[] = buildNetworkEventsQuery(options); - const uniqueFlowIdsQuery: KpiNetworkESMSearchBody[] = buildUniqueFlowIdsQuery(options); - const uniquePrivateIpsQuery: KpiNetworkESMSearchBody[] = buildUniquePrvateIpQuery(options); - const dnsQuery: KpiNetworkESMSearchBody[] = buildDnsQuery(options); - const tlsHandshakesQuery: KpiNetworkESMSearchBody[] = buildTlsHandshakeQuery(options); - const response = await this.framework.callWithRequest< - KpiNetworkGeneralHit | KpiNetworkHit | KpiNetworkUniquePrivateIpsHit, - TermAggregation - >(request, 'msearch', { - body: [ - ...networkEventsQuery, - ...dnsQuery, - ...uniquePrivateIpsQuery, - ...uniqueFlowIdsQuery, - ...tlsHandshakesQuery, - ], - }); - const uniqueSourcePrivateIpsHistogram = getOr( - null, - 'responses.2.aggregations.source.histogram.buckets', - response - ); - const uniqueDestinationPrivateIpsHistogram = getOr( - null, - 'responses.2.aggregations.destination.histogram.buckets', - response - ); - - const inspect = { - dsl: [ - inspectStringifyObject({ ...networkEventsQuery[0], body: networkEventsQuery[1] }), - inspectStringifyObject({ ...dnsQuery[0], body: dnsQuery[1] }), - inspectStringifyObject({ ...uniquePrivateIpsQuery[0], body: uniquePrivateIpsQuery[1] }), - inspectStringifyObject({ ...uniqueFlowIdsQuery[0], body: uniqueFlowIdsQuery[1] }), - inspectStringifyObject({ ...tlsHandshakesQuery[0], body: tlsHandshakesQuery[1] }), - ], - response: [ - inspectStringifyObject(response.responses[0]), - inspectStringifyObject(response.responses[1]), - inspectStringifyObject(response.responses[2]), - inspectStringifyObject(response.responses[3]), - inspectStringifyObject(response.responses[4]), - ], - }; - return { - inspect, - networkEvents: getOr(null, 'responses.0.hits.total.value', response), - dnsQueries: getOr(null, 'responses.1.hits.total.value', response), - uniqueSourcePrivateIps: getOr( - null, - 'responses.2.aggregations.source.unique_private_ips.value', - response - ), - uniqueSourcePrivateIpsHistogram: formatHistogramData(uniqueSourcePrivateIpsHistogram), - uniqueDestinationPrivateIps: getOr( - null, - 'responses.2.aggregations.destination.unique_private_ips.value', - response - ), - uniqueDestinationPrivateIpsHistogram: formatHistogramData( - uniqueDestinationPrivateIpsHistogram - ), - uniqueFlowId: getOr(null, 'responses.3.aggregations.unique_flow_id.value', response), - tlsHandshakes: getOr(null, 'responses.4.hits.total.value', response), - }; - } -} diff --git a/x-pack/plugins/security_solution/server/lib/kpi_network/helpers.ts b/x-pack/plugins/security_solution/server/lib/kpi_network/helpers.ts deleted file mode 100644 index ed98e0226475c..0000000000000 --- a/x-pack/plugins/security_solution/server/lib/kpi_network/helpers.ts +++ /dev/null @@ -1,25 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -export const getIpFilter = () => [ - { - bool: { - should: [ - { - exists: { - field: 'source.ip', - }, - }, - { - exists: { - field: 'destination.ip', - }, - }, - ], - minimum_should_match: 1, - }, - }, -]; diff --git a/x-pack/plugins/security_solution/server/lib/kpi_network/index.ts b/x-pack/plugins/security_solution/server/lib/kpi_network/index.ts deleted file mode 100644 index b27026a462f5c..0000000000000 --- a/x-pack/plugins/security_solution/server/lib/kpi_network/index.ts +++ /dev/null @@ -1,21 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import { FrameworkRequest, RequestBasicOptions } from '../framework'; - -import { KpiNetworkAdapter } from './types'; -import { KpiNetworkData } from '../../graphql/types'; - -export class KpiNetwork { - constructor(private readonly adapter: KpiNetworkAdapter) {} - - public async getKpiNetwork( - req: FrameworkRequest, - options: RequestBasicOptions - ): Promise { - return this.adapter.getKpiNetwork(req, options); - } -} diff --git a/x-pack/plugins/security_solution/server/lib/kpi_network/mock.ts b/x-pack/plugins/security_solution/server/lib/kpi_network/mock.ts deleted file mode 100644 index fc9b64ae0746f..0000000000000 --- a/x-pack/plugins/security_solution/server/lib/kpi_network/mock.ts +++ /dev/null @@ -1,335 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import { DEFAULT_INDEX_PATTERN } from '../../../common/constants'; -import { RequestBasicOptions } from '../framework/types'; - -export const mockOptions: RequestBasicOptions = { - defaultIndex: DEFAULT_INDEX_PATTERN, - sourceConfiguration: { - fields: { - container: 'docker.container.name', - host: 'beat.hostname', - message: ['message', '@message'], - pod: 'kubernetes.pod.name', - tiebreaker: '_doc', - timestamp: '@timestamp', - }, - }, - timerange: { interval: '12h', to: '2019-02-11T02:26:46.071Z', from: '2019-02-10T02:26:46.071Z' }, - filterQuery: {}, -}; - -export const mockRequest = { - body: { - operationName: 'GetKpiNetworkQuery', - variables: { - sourceId: 'default', - timerange: { - interval: '12h', - from: '2019-05-09T23:48:41.842Z', - to: '2019-05-10T23:48:41.842Z', - }, - filterQuery: '', - }, - query: - 'fragment KpiNetworkChartFields on KpiNetworkHistogramData {\n x\n y\n __typename\n}\n\nquery GetKpiNetworkQuery($sourceId: ID!, $timerange: TimerangeInput!, $filterQuery: String, $defaultIndex: [String!]!) {\n source(id: $sourceId) {\n id\n KpiNetwork(timerange: $timerange, filterQuery: $filterQuery, defaultIndex: $defaultIndex) {\n networkEvents\n uniqueFlowId\n uniqueSourcePrivateIps\n uniqueSourcePrivateIpsHistogram {\n ...KpiNetworkChartFields\n __typename\n }\n uniqueDestinationPrivateIps\n uniqueDestinationPrivateIpsHistogram {\n ...KpiNetworkChartFields\n __typename\n }\n dnsQueries\n tlsHandshakes\n __typename\n }\n __typename\n }\n}\n', - }, -}; - -export const mockResponse = { - responses: [ - { - took: 384, - timed_out: false, - _shards: { - total: 10, - successful: 10, - skipped: 0, - failed: 0, - }, - hits: { - total: { - value: 733106, - relation: 'eq', - }, - max_score: null, - hits: [], - }, - status: 200, - }, - { - took: 64, - timed_out: false, - _shards: { - total: 10, - successful: 10, - skipped: 0, - failed: 0, - }, - hits: { - total: { - value: 10942, - relation: 'eq', - }, - max_score: null, - hits: [], - }, - status: 200, - }, - { - took: 224, - timed_out: false, - _shards: { - total: 10, - successful: 10, - skipped: 0, - failed: 0, - }, - hits: { - total: { - value: 480755, - relation: 'eq', - }, - max_score: null, - hits: [], - }, - aggregations: { - source: { - histogram: { - buckets: [ - { - key_as_string: '2019-05-09T23:00:00.000Z', - key: 1557442800000, - doc_count: 42109, - count: { - value: 14, - }, - }, - { - key_as_string: '2019-05-10T11:00:00.000Z', - key: 1557486000000, - doc_count: 437160, - count: { - value: 385, - }, - }, - { - key_as_string: '2019-05-10T23:00:00.000Z', - key: 1557529200000, - doc_count: 1486, - count: { - value: 7, - }, - }, - ], - interval: '12h', - }, - unique_private_ips: { - value: 387, - }, - }, - destination: { - histogram: { - buckets: [ - { - key_as_string: '2019-05-09T23:00:00.000Z', - key: 1557442800000, - doc_count: 36253, - count: { - value: 11, - }, - }, - { - key_as_string: '2019-05-10T11:00:00.000Z', - key: 1557486000000, - doc_count: 421719, - count: { - value: 877, - }, - }, - { - key_as_string: '2019-05-10T23:00:00.000Z', - key: 1557529200000, - doc_count: 1311, - count: { - value: 7, - }, - }, - ], - interval: '12h', - }, - unique_private_ips: { - value: 878, - }, - }, - }, - status: 200, - }, - { - took: 384, - timed_out: false, - _shards: { - total: 10, - successful: 10, - skipped: 0, - failed: 0, - }, - hits: { - total: { - value: 733106, - relation: 'eq', - }, - max_score: null, - hits: [], - }, - aggregations: { - unique_flow_id: { - value: 195415, - }, - }, - status: 200, - }, - { - took: 57, - timed_out: false, - _shards: { - total: 10, - successful: 10, - skipped: 0, - failed: 0, - }, - hits: { - total: { - value: 54482, - relation: 'eq', - }, - max_score: null, - hits: [], - }, - status: 200, - }, - ], -}; -const mockMsearchHeader = { - index: 'defaultIndex', - allowNoIndices: true, - ignoreUnavailable: true, -}; -const mockMsearchBody = { - query: {}, - aggregations: {}, - size: 0, - track_total_hits: false, -}; -export const mockNetworkEventsQueryDsl = [mockMsearchHeader, mockMsearchBody]; -export const mockUniqueFlowIdsQueryDsl = [ - mockMsearchHeader, - { mockUniqueFlowIdsQueryDsl: 'mockUniqueFlowIdsQueryDsl' }, -]; -export const mockUniquePrvateIpsQueryDsl = [ - mockMsearchHeader, - { mockUniquePrvateIpsQueryDsl: 'mockUniquePrvateIpsQueryDsl' }, -]; -export const mockDnsQueryDsl = [mockMsearchHeader, { mockDnsQueryDsl: 'mockDnsQueryDsl' }]; -export const mockTlsHandshakesQueryDsl = [ - mockMsearchHeader, - { mockTlsHandshakesQueryDsl: 'mockTlsHandshakesQueryDsl' }, -]; - -export const mockMsearchOptions = { - body: [ - ...mockNetworkEventsQueryDsl, - ...mockDnsQueryDsl, - ...mockUniquePrvateIpsQueryDsl, - ...mockUniqueFlowIdsQueryDsl, - ...mockTlsHandshakesQueryDsl, - ], -}; - -const mockDsl = [ - JSON.stringify({ ...mockNetworkEventsQueryDsl[0], body: mockNetworkEventsQueryDsl[1] }, null, 2), - JSON.stringify({ ...mockDnsQueryDsl[0], body: mockDnsQueryDsl[1] }, null, 2), - JSON.stringify( - { ...mockUniquePrvateIpsQueryDsl[0], body: mockUniquePrvateIpsQueryDsl[1] }, - null, - 2 - ), - JSON.stringify({ ...mockUniqueFlowIdsQueryDsl[0], body: mockUniqueFlowIdsQueryDsl[1] }, null, 2), - JSON.stringify({ ...mockTlsHandshakesQueryDsl[0], body: mockTlsHandshakesQueryDsl[1] }, null, 2), -]; - -export const mockResult = { - inspect: { - dsl: mockDsl, - response: [ - JSON.stringify(mockResponse.responses[0], null, 2), - JSON.stringify(mockResponse.responses[1], null, 2), - JSON.stringify(mockResponse.responses[2], null, 2), - JSON.stringify(mockResponse.responses[3], null, 2), - JSON.stringify(mockResponse.responses[4], null, 2), - ], - }, - dnsQueries: 10942, - networkEvents: 733106, - tlsHandshakes: 54482, - uniqueDestinationPrivateIps: 878, - uniqueDestinationPrivateIpsHistogram: [ - { - x: new Date('2019-05-09T23:00:00.000Z').valueOf(), - y: 11, - }, - { - x: new Date('2019-05-10T11:00:00.000Z').valueOf(), - y: 877, - }, - { - x: new Date('2019-05-10T23:00:00.000Z').valueOf(), - y: 7, - }, - ], - uniqueFlowId: 195415, - uniqueSourcePrivateIps: 387, - uniqueSourcePrivateIpsHistogram: [ - { - x: new Date('2019-05-09T23:00:00.000Z').valueOf(), - y: 14, - }, - { - x: new Date('2019-05-10T11:00:00.000Z').valueOf(), - y: 385, - }, - { - x: new Date('2019-05-10T23:00:00.000Z').valueOf(), - y: 7, - }, - ], -}; - -export const mockResponseNoData = { - responses: [null, null, null, null, null], -}; - -export const mockResultNoData = { - inspect: { - dsl: mockDsl, - response: [ - JSON.stringify(mockResponseNoData.responses[0], null, 2), - JSON.stringify(mockResponseNoData.responses[1], null, 2), - JSON.stringify(mockResponseNoData.responses[2], null, 2), - JSON.stringify(mockResponseNoData.responses[3], null, 2), - JSON.stringify(mockResponseNoData.responses[4], null, 2), - ], - }, - networkEvents: null, - uniqueFlowId: null, - uniqueSourcePrivateIps: null, - uniqueSourcePrivateIpsHistogram: null, - uniqueDestinationPrivateIps: null, - uniqueDestinationPrivateIpsHistogram: null, - dnsQueries: null, - tlsHandshakes: null, -}; diff --git a/x-pack/plugins/security_solution/server/lib/kpi_network/query_dns.dsl.ts b/x-pack/plugins/security_solution/server/lib/kpi_network/query_dns.dsl.ts deleted file mode 100644 index b3dba9b1d0fab..0000000000000 --- a/x-pack/plugins/security_solution/server/lib/kpi_network/query_dns.dsl.ts +++ /dev/null @@ -1,78 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ -import { createQueryFilterClauses } from '../../utils/build_query'; -import { RequestBasicOptions } from '../framework'; - -import { KpiNetworkESMSearchBody } from './types'; - -const getDnsQueryFilter = () => [ - { - bool: { - should: [ - { - exists: { - field: 'dns.question.name', - }, - }, - { - term: { - 'suricata.eve.dns.type': { - value: 'query', - }, - }, - }, - { - exists: { - field: 'zeek.dns.query', - }, - }, - ], - minimum_should_match: 1, - }, - }, -]; - -export const buildDnsQuery = ({ - filterQuery, - timerange: { from, to }, - defaultIndex, - sourceConfiguration: { - fields: { timestamp }, - }, -}: RequestBasicOptions): KpiNetworkESMSearchBody[] => { - const filter = [ - ...createQueryFilterClauses(filterQuery), - ...getDnsQueryFilter(), - { - range: { - [timestamp]: { - gte: from, - lte: to, - format: 'strict_date_optional_time', - }, - }, - }, - ]; - - const dslQuery = [ - { - index: defaultIndex, - allowNoIndices: true, - ignoreUnavailable: true, - }, - { - query: { - bool: { - filter, - }, - }, - size: 0, - track_total_hits: true, - }, - ]; - - return dslQuery; -}; diff --git a/x-pack/plugins/security_solution/server/lib/kpi_network/query_network_events.ts b/x-pack/plugins/security_solution/server/lib/kpi_network/query_network_events.ts deleted file mode 100644 index 17f705fe98d03..0000000000000 --- a/x-pack/plugins/security_solution/server/lib/kpi_network/query_network_events.ts +++ /dev/null @@ -1,52 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ -import { createQueryFilterClauses } from '../../utils/build_query'; -import { RequestBasicOptions } from '../framework'; - -import { KpiNetworkESMSearchBody } from './types'; -import { getIpFilter } from './helpers'; - -export const buildNetworkEventsQuery = ({ - filterQuery, - timerange: { from, to }, - defaultIndex, - sourceConfiguration: { - fields: { timestamp }, - }, -}: RequestBasicOptions): KpiNetworkESMSearchBody[] => { - const filter = [ - ...createQueryFilterClauses(filterQuery), - ...getIpFilter(), - { - range: { - [timestamp]: { - gte: from, - lte: to, - format: 'strict_date_optional_time', - }, - }, - }, - ]; - - const dslQuery = [ - { - index: defaultIndex, - allowNoIndices: true, - ignoreUnavailable: true, - }, - { - query: { - bool: { - filter, - }, - }, - size: 0, - track_total_hits: true, - }, - ]; - - return dslQuery; -}; diff --git a/x-pack/plugins/security_solution/server/lib/kpi_network/query_tls_handshakes.dsl.ts b/x-pack/plugins/security_solution/server/lib/kpi_network/query_tls_handshakes.dsl.ts deleted file mode 100644 index 5032863e7d324..0000000000000 --- a/x-pack/plugins/security_solution/server/lib/kpi_network/query_tls_handshakes.dsl.ts +++ /dev/null @@ -1,78 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ -import { createQueryFilterClauses } from '../../utils/build_query'; -import { RequestBasicOptions } from '../framework'; - -import { KpiNetworkESMSearchBody } from './types'; -import { getIpFilter } from './helpers'; - -const getTlsHandshakesQueryFilter = () => [ - { - bool: { - should: [ - { - exists: { - field: 'tls.version', - }, - }, - { - exists: { - field: 'suricata.eve.tls.version', - }, - }, - { - exists: { - field: 'zeek.ssl.version', - }, - }, - ], - minimum_should_match: 1, - }, - }, -]; - -export const buildTlsHandshakeQuery = ({ - filterQuery, - timerange: { from, to }, - defaultIndex, - sourceConfiguration: { - fields: { timestamp }, - }, -}: RequestBasicOptions): KpiNetworkESMSearchBody[] => { - const filter = [ - ...getIpFilter(), - ...createQueryFilterClauses(filterQuery), - ...getTlsHandshakesQueryFilter(), - { - range: { - [timestamp]: { - gte: from, - lte: to, - format: 'strict_date_optional_time', - }, - }, - }, - ]; - - const dslQuery = [ - { - index: defaultIndex, - allowNoIndices: true, - ignoreUnavailable: true, - }, - { - query: { - bool: { - filter, - }, - }, - size: 0, - track_total_hits: true, - }, - ]; - - return dslQuery; -}; diff --git a/x-pack/plugins/security_solution/server/lib/kpi_network/query_unique_flow.ts b/x-pack/plugins/security_solution/server/lib/kpi_network/query_unique_flow.ts deleted file mode 100644 index fb717df2b4608..0000000000000 --- a/x-pack/plugins/security_solution/server/lib/kpi_network/query_unique_flow.ts +++ /dev/null @@ -1,59 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ -import { createQueryFilterClauses } from '../../utils/build_query'; -import { RequestBasicOptions } from '../framework'; - -import { KpiNetworkESMSearchBody } from './types'; -import { getIpFilter } from './helpers'; - -export const buildUniqueFlowIdsQuery = ({ - filterQuery, - timerange: { from, to }, - defaultIndex, - sourceConfiguration: { - fields: { timestamp }, - }, -}: RequestBasicOptions): KpiNetworkESMSearchBody[] => { - const filter = [ - ...createQueryFilterClauses(filterQuery), - ...getIpFilter(), - { - range: { - [timestamp]: { - gte: from, - lte: to, - format: 'strict_date_optional_time', - }, - }, - }, - ]; - - const dslQuery = [ - { - index: defaultIndex, - allowNoIndices: true, - ignoreUnavailable: true, - }, - { - aggregations: { - unique_flow_id: { - cardinality: { - field: 'network.community_id', - }, - }, - }, - query: { - bool: { - filter, - }, - }, - size: 0, - track_total_hits: false, - }, - ]; - - return dslQuery; -}; diff --git a/x-pack/plugins/security_solution/server/lib/kpi_network/query_unique_private_ips.dsl.ts b/x-pack/plugins/security_solution/server/lib/kpi_network/query_unique_private_ips.dsl.ts deleted file mode 100644 index 77d6efdcfdaa0..0000000000000 --- a/x-pack/plugins/security_solution/server/lib/kpi_network/query_unique_private_ips.dsl.ts +++ /dev/null @@ -1,108 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ -import { createQueryFilterClauses } from '../../utils/build_query'; -import { RequestBasicOptions } from '../framework'; - -import { KpiNetworkESMSearchBody, UniquePrivateAttributeQuery } from './types'; - -const getUniquePrivateIpsFilter = (attrQuery: UniquePrivateAttributeQuery) => ({ - bool: { - should: [ - { - term: { - [`${attrQuery}.ip`]: '10.0.0.0/8', - }, - }, - { - term: { - [`${attrQuery}.ip`]: '192.168.0.0/16', - }, - }, - { - term: { - [`${attrQuery}.ip`]: '172.16.0.0/12', - }, - }, - { - term: { - [`${attrQuery}.ip`]: 'fd00::/8', - }, - }, - ], - minimum_should_match: 1, - }, -}); - -const getAggs = (attrQuery: 'source' | 'destination') => ({ - [attrQuery]: { - filter: getUniquePrivateIpsFilter(attrQuery), - aggs: { - unique_private_ips: { - cardinality: { - field: `${attrQuery}.ip`, - }, - }, - histogram: { - auto_date_histogram: { - field: '@timestamp', - buckets: '6', - }, - aggs: { - count: { - cardinality: { - field: `${attrQuery}.ip`, - }, - }, - }, - }, - }, - }, -}); - -export const buildUniquePrvateIpQuery = ({ - filterQuery, - timerange: { from, to }, - defaultIndex, - sourceConfiguration: { - fields: { timestamp }, - }, -}: RequestBasicOptions): KpiNetworkESMSearchBody[] => { - const filter = [ - ...createQueryFilterClauses(filterQuery), - { - range: { - [timestamp]: { - gte: from, - lte: to, - format: 'strict_date_optional_time', - }, - }, - }, - ]; - - const dslQuery = [ - { - allowNoIndices: true, - index: defaultIndex, - ignoreUnavailable: true, - }, - { - aggregations: { - ...getAggs('source'), - ...getAggs('destination'), - }, - query: { - bool: { - filter, - }, - }, - size: 0, - track_total_hits: false, - }, - ]; - - return dslQuery; -}; diff --git a/x-pack/plugins/security_solution/server/lib/kpi_network/types.ts b/x-pack/plugins/security_solution/server/lib/kpi_network/types.ts deleted file mode 100644 index b0a00e0ba968f..0000000000000 --- a/x-pack/plugins/security_solution/server/lib/kpi_network/types.ts +++ /dev/null @@ -1,50 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ -import { FrameworkRequest, RequestBasicOptions } from '../framework'; -import { MSearchHeader, SearchHit } from '../types'; -import { KpiNetworkHistogramData, KpiNetworkData } from '../../graphql/types'; - -export interface KpiNetworkAdapter { - getKpiNetwork(request: FrameworkRequest, options: RequestBasicOptions): Promise; -} - -export interface KpiNetworkHit { - hits: { - total: { - value: number; - }; - }; -} - -export interface KpiNetworkGeneralHit extends SearchHit, KpiNetworkHit { - aggregations: { - unique_flow_id: { - value: number; - }; - }; -} - -export interface KpiNetworkUniquePrivateIpsHit extends SearchHit { - aggregations: { - unique_private_ips: { - value: number; - }; - histogram: { - buckets: [KpiNetworkHistogramData]; - }; - }; -} - -export interface KpiNetworkBody { - query?: object; - aggregations?: object; - size?: number; - track_total_hits?: boolean; -} - -export type KpiNetworkESMSearchBody = KpiNetworkBody | MSearchHeader; - -export type UniquePrivateAttributeQuery = 'source' | 'destination'; diff --git a/x-pack/plugins/security_solution/server/lib/matrix_histogram/elasticsearch_adapter.ts b/x-pack/plugins/security_solution/server/lib/matrix_histogram/elasticsearch_adapter.ts deleted file mode 100644 index f661fe165130e..0000000000000 --- a/x-pack/plugins/security_solution/server/lib/matrix_histogram/elasticsearch_adapter.ts +++ /dev/null @@ -1,81 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import { getOr } from 'lodash/fp'; - -import { MatrixHistogramOverTimeData, HistogramType } from '../../graphql/types'; -import { inspectStringifyObject } from '../../utils/build_query'; -import { FrameworkAdapter, FrameworkRequest, MatrixHistogramRequestOptions } from '../framework'; -import { MatrixHistogramAdapter, MatrixHistogramDataConfig, MatrixHistogramHit } from './types'; -import { TermAggregation } from '../types'; -import { buildAnomaliesOverTimeQuery } from './query.anomalies_over_time.dsl'; -import { buildDnsHistogramQuery } from './query_dns_histogram.dsl'; -import { buildEventsOverTimeQuery } from './query.events_over_time.dsl'; -import { getDnsParsedData, getGenericData } from './utils'; -import { buildAuthenticationsOverTimeQuery } from './query.authentications_over_time.dsl'; -import { buildAlertsHistogramQuery } from './query_alerts.dsl'; - -const matrixHistogramConfig: MatrixHistogramDataConfig = { - [HistogramType.alerts]: { - buildDsl: buildAlertsHistogramQuery, - aggName: 'aggregations.alertsGroup.buckets', - parseKey: 'alerts.buckets', - }, - [HistogramType.anomalies]: { - buildDsl: buildAnomaliesOverTimeQuery, - aggName: 'aggregations.anomalyActionGroup.buckets', - parseKey: 'anomalies.buckets', - }, - [HistogramType.authentications]: { - buildDsl: buildAuthenticationsOverTimeQuery, - aggName: 'aggregations.eventActionGroup.buckets', - parseKey: 'events.buckets', - }, - [HistogramType.dns]: { - buildDsl: buildDnsHistogramQuery, - aggName: 'aggregations.NetworkDns.buckets', - parseKey: 'dns.buckets', - parser: getDnsParsedData, - }, - [HistogramType.events]: { - buildDsl: buildEventsOverTimeQuery, - aggName: 'aggregations.eventActionGroup.buckets', - parseKey: 'events.buckets', - }, -}; - -export class ElasticsearchMatrixHistogramAdapter implements MatrixHistogramAdapter { - constructor(private readonly framework: FrameworkAdapter) {} - - public async getHistogramData( - request: FrameworkRequest, - options: MatrixHistogramRequestOptions - ): Promise { - const myConfig = getOr(null, options.histogramType, matrixHistogramConfig); - if (myConfig == null) { - throw new Error(`This histogram type ${options.histogramType} is unknown to the server side`); - } - const dsl = myConfig.buildDsl(options); - const response = await this.framework.callWithRequest< - MatrixHistogramHit, - TermAggregation - >(request, 'search', dsl); - const totalCount = getOr(0, 'hits.total.value', response); - const matrixHistogramData = getOr([], myConfig.aggName, response); - const inspect = { - dsl: [inspectStringifyObject(dsl)], - response: [inspectStringifyObject(response)], - }; - - return { - inspect, - matrixHistogramData: myConfig.parser - ? myConfig.parser(matrixHistogramData, myConfig.parseKey) - : getGenericData(matrixHistogramData, myConfig.parseKey), - totalCount, - }; - } -} diff --git a/x-pack/plugins/security_solution/server/lib/matrix_histogram/elasticseatch_adapter.test.ts b/x-pack/plugins/security_solution/server/lib/matrix_histogram/elasticseatch_adapter.test.ts deleted file mode 100644 index 0b63785d2203b..0000000000000 --- a/x-pack/plugins/security_solution/server/lib/matrix_histogram/elasticseatch_adapter.test.ts +++ /dev/null @@ -1,56 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ -import { FrameworkAdapter, FrameworkRequest, MatrixHistogramRequestOptions } from '../framework'; - -import expect from '@kbn/expect'; -import { ElasticsearchMatrixHistogramAdapter } from './elasticsearch_adapter'; -import { - mockRequest, - mockOptions, - mockAlertsHistogramDataResponse, - mockAlertsHistogramQueryDsl, - mockAlertsHistogramDataFormattedResponse, -} from './mock'; - -jest.mock('./query_alerts.dsl', () => { - return { - buildAlertsHistogramQuery: jest.fn(() => mockAlertsHistogramQueryDsl), - }; -}); - -describe('alerts elasticsearch_adapter', () => { - describe('getAlertsHistogramData', () => { - test('Happy Path ', async () => { - const mockCallWithRequest = jest.fn(); - mockCallWithRequest.mockImplementation((req: FrameworkRequest, method: string) => { - return mockAlertsHistogramDataResponse; - }); - const mockFramework: FrameworkAdapter = { - callWithRequest: mockCallWithRequest, - registerGraphQLEndpoint: jest.fn(), - getIndexPatternsService: jest.fn(), - }; - jest.doMock('../framework', () => ({ - callWithRequest: mockCallWithRequest, - })); - - const adapter = new ElasticsearchMatrixHistogramAdapter(mockFramework); - const data = await adapter.getHistogramData( - (mockRequest as unknown) as FrameworkRequest, - (mockOptions as unknown) as MatrixHistogramRequestOptions - ); - - expect(data).to.eql({ - matrixHistogramData: mockAlertsHistogramDataFormattedResponse, - inspect: { - dsl: ['"mockAlertsHistogramQueryDsl"'], - response: [JSON.stringify(mockAlertsHistogramDataResponse, null, 2)], - }, - totalCount: 1599508, - }); - }); - }); -}); diff --git a/x-pack/plugins/security_solution/server/lib/matrix_histogram/index.ts b/x-pack/plugins/security_solution/server/lib/matrix_histogram/index.ts deleted file mode 100644 index 900a6ab619ae0..0000000000000 --- a/x-pack/plugins/security_solution/server/lib/matrix_histogram/index.ts +++ /dev/null @@ -1,21 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import { FrameworkRequest, MatrixHistogramRequestOptions } from '../framework'; -export * from './elasticsearch_adapter'; -import { MatrixHistogramAdapter } from './types'; -import { MatrixHistogramOverTimeData } from '../../graphql/types'; - -export class MatrixHistogram { - constructor(private readonly adapter: MatrixHistogramAdapter) {} - - public async getMatrixHistogramData( - req: FrameworkRequest, - options: MatrixHistogramRequestOptions - ): Promise { - return this.adapter.getHistogramData(req, options); - } -} diff --git a/x-pack/plugins/security_solution/server/lib/matrix_histogram/mock.ts b/x-pack/plugins/security_solution/server/lib/matrix_histogram/mock.ts deleted file mode 100644 index 1d1ebfff936d2..0000000000000 --- a/x-pack/plugins/security_solution/server/lib/matrix_histogram/mock.ts +++ /dev/null @@ -1,118 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import { DEFAULT_INDEX_PATTERN } from '../../../common/constants'; -import { HistogramType } from '../../graphql/types'; - -export const mockAlertsHistogramDataResponse = { - took: 513, - timed_out: false, - _shards: { - total: 62, - successful: 61, - skipped: 0, - failed: 1, - failures: [ - { - shard: 0, - index: 'auditbeat-7.2.0', - node: 'jBC5kcOeT1exvECDMrk5Ug', - reason: { - type: 'illegal_argument_exception', - reason: - 'Fielddata is disabled on text fields by default. Set fielddata=true on [event.module] in order to load fielddata in memory by uninverting the inverted index. Note that this can however use significant memory. Alternatively use a keyword field instead.', - }, - }, - ], - }, - hits: { - total: { - value: 1599508, - relation: 'eq', - }, - max_score: null, - hits: [], - }, - aggregations: { - alertsGroup: { - doc_count_error_upper_bound: 0, - sum_other_doc_count: 802087, - buckets: [ - { - key: 'All others', - doc_count: 451519, - alerts: { - buckets: [ - { - key_as_string: '2019-12-15T09:30:00.000Z', - key: 1576402200000, - doc_count: 3008, - }, - { - key_as_string: '2019-12-15T10:00:00.000Z', - key: 1576404000000, - doc_count: 8671, - }, - ], - }, - }, - { - key: 'suricata', - doc_count: 345902, - alerts: { - buckets: [ - { - key_as_string: '2019-12-15T09:30:00.000Z', - key: 1576402200000, - doc_count: 1785, - }, - { - key_as_string: '2019-12-15T10:00:00.000Z', - key: 1576404000000, - doc_count: 5342, - }, - ], - }, - }, - ], - }, - }, -}; -export const mockAlertsHistogramDataFormattedResponse = [ - { - x: 1576402200000, - y: 3008, - g: 'All others', - }, - { - x: 1576404000000, - y: 8671, - g: 'All others', - }, - { - x: 1576402200000, - y: 1785, - g: 'suricata', - }, - { - x: 1576404000000, - y: 5342, - g: 'suricata', - }, -]; -export const mockAlertsHistogramQueryDsl = 'mockAlertsHistogramQueryDsl'; -export const mockRequest = 'mockRequest'; -export const mockOptions = { - sourceConfiguration: { field: {} }, - timerange: { - to: 9999, - from: 1234, - }, - defaultIndex: DEFAULT_INDEX_PATTERN, - filterQuery: '', - stackByField: 'event.module', - histogramType: HistogramType.alerts, -}; diff --git a/x-pack/plugins/security_solution/server/lib/matrix_histogram/query.anomalies_over_time.dsl.ts b/x-pack/plugins/security_solution/server/lib/matrix_histogram/query.anomalies_over_time.dsl.ts deleted file mode 100644 index fb4e666cda964..0000000000000 --- a/x-pack/plugins/security_solution/server/lib/matrix_histogram/query.anomalies_over_time.dsl.ts +++ /dev/null @@ -1,78 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import moment from 'moment'; - -import { createQueryFilterClauses, calculateTimeSeriesInterval } from '../../utils/build_query'; -import { MatrixHistogramRequestOptions } from '../framework'; - -export const buildAnomaliesOverTimeQuery = ({ - filterQuery, - timerange: { from, to }, - defaultIndex, - stackByField = 'job_id', -}: MatrixHistogramRequestOptions) => { - const filter = [ - ...createQueryFilterClauses(filterQuery), - { - range: { - timestamp: { - gte: from, - lte: to, - format: 'strict_date_optional_time', - }, - }, - }, - ]; - - const getHistogramAggregation = () => { - const interval = calculateTimeSeriesInterval(from, to); - const histogramTimestampField = 'timestamp'; - const dateHistogram = { - date_histogram: { - field: histogramTimestampField, - fixed_interval: interval, - min_doc_count: 0, - extended_bounds: { - min: moment(from).valueOf(), - max: moment(to).valueOf(), - }, - }, - }; - return { - anomalyActionGroup: { - terms: { - field: stackByField, - order: { - _count: 'desc', - }, - size: 10, - }, - aggs: { - anomalies: dateHistogram, - }, - }, - }; - }; - - const dslQuery = { - index: defaultIndex, - allowNoIndices: true, - ignoreUnavailable: true, - body: { - aggs: getHistogramAggregation(), - query: { - bool: { - filter, - }, - }, - size: 0, - track_total_hits: true, - }, - }; - - return dslQuery; -}; diff --git a/x-pack/plugins/security_solution/server/lib/matrix_histogram/query.authentications_over_time.dsl.ts b/x-pack/plugins/security_solution/server/lib/matrix_histogram/query.authentications_over_time.dsl.ts deleted file mode 100644 index 174cc907214a9..0000000000000 --- a/x-pack/plugins/security_solution/server/lib/matrix_histogram/query.authentications_over_time.dsl.ts +++ /dev/null @@ -1,92 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ -import moment from 'moment'; - -import { createQueryFilterClauses, calculateTimeSeriesInterval } from '../../utils/build_query'; -import { MatrixHistogramRequestOptions } from '../framework'; - -export const buildAuthenticationsOverTimeQuery = ({ - filterQuery, - timerange: { from, to }, - defaultIndex, - sourceConfiguration: { - fields: { timestamp }, - }, - stackByField = 'event.outcome', -}: MatrixHistogramRequestOptions) => { - const filter = [ - ...createQueryFilterClauses(filterQuery), - { - bool: { - must: [ - { - term: { - 'event.category': 'authentication', - }, - }, - ], - }, - }, - { - range: { - [timestamp]: { - gte: from, - lte: to, - format: 'strict_date_optional_time', - }, - }, - }, - ]; - - const getHistogramAggregation = () => { - const interval = calculateTimeSeriesInterval(from, to); - const histogramTimestampField = '@timestamp'; - const dateHistogram = { - date_histogram: { - field: histogramTimestampField, - fixed_interval: interval, - min_doc_count: 0, - extended_bounds: { - min: moment(from).valueOf(), - max: moment(to).valueOf(), - }, - }, - }; - return { - eventActionGroup: { - terms: { - field: stackByField, - include: ['success', 'failure'], - order: { - _count: 'desc', - }, - size: 2, - }, - aggs: { - events: dateHistogram, - }, - }, - }; - }; - - const dslQuery = { - index: defaultIndex, - allowNoIndices: true, - ignoreUnavailable: true, - body: { - aggregations: getHistogramAggregation(), - query: { - bool: { - filter, - }, - }, - size: 0, - track_total_hits: true, - }, - }; - - return dslQuery; -}; diff --git a/x-pack/plugins/security_solution/server/lib/matrix_histogram/query.events_over_time.dsl.ts b/x-pack/plugins/security_solution/server/lib/matrix_histogram/query.events_over_time.dsl.ts deleted file mode 100644 index fa7c1b9e55b9e..0000000000000 --- a/x-pack/plugins/security_solution/server/lib/matrix_histogram/query.events_over_time.dsl.ts +++ /dev/null @@ -1,93 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import moment from 'moment'; - -import { showAllOthersBucket } from '../../../common/constants'; -import { createQueryFilterClauses, calculateTimeSeriesInterval } from '../../utils/build_query'; -import { MatrixHistogramRequestOptions } from '../framework'; - -import * as i18n from './translations'; - -export const buildEventsOverTimeQuery = ({ - filterQuery, - timerange: { from, to }, - defaultIndex, - sourceConfiguration: { - fields: { timestamp }, - }, - stackByField = 'event.action', -}: MatrixHistogramRequestOptions) => { - const filter = [ - ...createQueryFilterClauses(filterQuery), - { - range: { - [timestamp]: { - gte: from, - lte: to, - format: 'strict_date_optional_time', - }, - }, - }, - ]; - - const getHistogramAggregation = () => { - const interval = calculateTimeSeriesInterval(from, to); - const histogramTimestampField = '@timestamp'; - const dateHistogram = { - date_histogram: { - field: histogramTimestampField, - fixed_interval: interval, - min_doc_count: 0, - extended_bounds: { - min: moment(from).valueOf(), - max: moment(to).valueOf(), - }, - }, - }; - - const missing = - stackByField != null && showAllOthersBucket.includes(stackByField) - ? { - missing: stackByField?.endsWith('.ip') ? '0.0.0.0' : i18n.ALL_OTHERS, - } - : {}; - - return { - eventActionGroup: { - terms: { - field: stackByField, - ...missing, - order: { - _count: 'desc', - }, - size: 10, - }, - aggs: { - events: dateHistogram, - }, - }, - }; - }; - - const dslQuery = { - index: defaultIndex, - allowNoIndices: true, - ignoreUnavailable: true, - body: { - aggregations: getHistogramAggregation(), - query: { - bool: { - filter, - }, - }, - size: 0, - track_total_hits: true, - }, - }; - - return dslQuery; -}; diff --git a/x-pack/plugins/security_solution/server/lib/matrix_histogram/query_alerts.dsl.ts b/x-pack/plugins/security_solution/server/lib/matrix_histogram/query_alerts.dsl.ts deleted file mode 100644 index dd45109672480..0000000000000 --- a/x-pack/plugins/security_solution/server/lib/matrix_histogram/query_alerts.dsl.ts +++ /dev/null @@ -1,121 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import moment from 'moment'; - -import { createQueryFilterClauses, calculateTimeSeriesInterval } from '../../utils/build_query'; -import { buildTimelineQuery } from '../events/query.dsl'; -import { RequestOptions, MatrixHistogramRequestOptions } from '../framework'; - -export const buildAlertsQuery = (options: RequestOptions) => { - const eventsQuery = buildTimelineQuery(options); - const eventsFilter = eventsQuery.body.query.bool.filter; - const alertsFilter = [ - ...createQueryFilterClauses({ match: { 'event.kind': { query: 'alert' } } }), - ]; - - return { - ...eventsQuery, - body: { - ...eventsQuery.body, - query: { - bool: { - filter: [...eventsFilter, ...alertsFilter], - }, - }, - }, - }; -}; - -export const buildAlertsHistogramQuery = ({ - filterQuery, - timerange: { from, to }, - defaultIndex, - sourceConfiguration: { - fields: { timestamp }, - }, - stackByField, -}: MatrixHistogramRequestOptions) => { - const filter = [ - ...createQueryFilterClauses(filterQuery), - { - bool: { - filter: [ - { - bool: { - should: [ - { - match: { - 'event.kind': 'alert', - }, - }, - ], - minimum_should_match: 1, - }, - }, - ], - }, - }, - { - range: { - [timestamp]: { - gte: from, - lte: to, - format: 'strict_date_optional_time', - }, - }, - }, - ]; - - const getHistogramAggregation = () => { - const interval = calculateTimeSeriesInterval(from, to); - const histogramTimestampField = '@timestamp'; - const dateHistogram = { - date_histogram: { - field: histogramTimestampField, - fixed_interval: interval, - min_doc_count: 0, - extended_bounds: { - min: moment(from).valueOf(), - max: moment(to).valueOf(), - }, - }, - }; - return { - alertsGroup: { - terms: { - field: stackByField, - missing: 'All others', - order: { - _count: 'desc', - }, - size: 10, - }, - aggs: { - alerts: dateHistogram, - }, - }, - }; - }; - - const dslQuery = { - index: defaultIndex, - allowNoIndices: true, - ignoreUnavailable: true, - body: { - aggregations: getHistogramAggregation(), - query: { - bool: { - filter, - }, - }, - size: 0, - track_total_hits: true, - }, - }; - - return dslQuery; -}; diff --git a/x-pack/plugins/security_solution/server/lib/matrix_histogram/query_dns_histogram.dsl.ts b/x-pack/plugins/security_solution/server/lib/matrix_histogram/query_dns_histogram.dsl.ts deleted file mode 100644 index 7e71263988957..0000000000000 --- a/x-pack/plugins/security_solution/server/lib/matrix_histogram/query_dns_histogram.dsl.ts +++ /dev/null @@ -1,84 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import { createQueryFilterClauses, calculateTimeSeriesInterval } from '../../utils/build_query'; -import { MatrixHistogramRequestOptions } from '../framework'; - -export const buildDnsHistogramQuery = ({ - filterQuery, - timerange: { from, to }, - defaultIndex, - sourceConfiguration: { - fields: { timestamp }, - }, - stackByField, -}: MatrixHistogramRequestOptions) => { - const filter = [ - ...createQueryFilterClauses(filterQuery), - { - range: { - [timestamp]: { - gte: from, - lte: to, - format: 'strict_date_optional_time', - }, - }, - }, - ]; - - const getHistogramAggregation = () => { - const interval = calculateTimeSeriesInterval(from, to); - const histogramTimestampField = '@timestamp'; - const dateHistogram = { - date_histogram: { - field: histogramTimestampField, - fixed_interval: interval, - }, - }; - - return { - NetworkDns: { - ...dateHistogram, - aggs: { - dns: { - terms: { - field: stackByField, - order: { - orderAgg: 'desc', - }, - size: 10, - }, - aggs: { - orderAgg: { - cardinality: { - field: 'dns.question.name', - }, - }, - }, - }, - }, - }, - }; - }; - - const dslQuery = { - index: defaultIndex, - allowNoIndices: true, - ignoreUnavailable: true, - body: { - aggregations: getHistogramAggregation(), - query: { - bool: { - filter, - }, - }, - size: 0, - track_total_hits: true, - }, - }; - - return dslQuery; -}; diff --git a/x-pack/plugins/security_solution/server/lib/matrix_histogram/translations.ts b/x-pack/plugins/security_solution/server/lib/matrix_histogram/translations.ts deleted file mode 100644 index 0e46f5cff1445..0000000000000 --- a/x-pack/plugins/security_solution/server/lib/matrix_histogram/translations.ts +++ /dev/null @@ -1,14 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import { i18n } from '@kbn/i18n'; - -export const ALL_OTHERS = i18n.translate( - 'xpack.securitySolution.detectionEngine.alerts.histogram.allOthersGroupingLabel', - { - defaultMessage: 'All others', - } -); diff --git a/x-pack/plugins/security_solution/server/lib/matrix_histogram/types.ts b/x-pack/plugins/security_solution/server/lib/matrix_histogram/types.ts deleted file mode 100644 index 87ea4b81f5fba..0000000000000 --- a/x-pack/plugins/security_solution/server/lib/matrix_histogram/types.ts +++ /dev/null @@ -1,144 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import { - MatrixHistogramOverTimeData, - HistogramType, - MatrixOverTimeHistogramData, -} from '../../graphql/types'; -import { FrameworkRequest, MatrixHistogramRequestOptions } from '../framework'; -import { SearchHit } from '../types'; -import { EventHit } from '../events/types'; -import { AuthenticationHit } from '../authentications/types'; - -export interface HistogramBucket { - key: number; - doc_count: number; -} - -interface AlertsGroupData { - key: string; - doc_count: number; - alerts: { - buckets: HistogramBucket[]; - }; -} - -interface AnomaliesOverTimeHistogramData { - key_as_string: string; - key: number; - doc_count: number; -} - -export interface AnomaliesActionGroupData { - key: number; - anomalies: { - bucket: AnomaliesOverTimeHistogramData[]; - }; - doc_count: number; -} - -export interface AnomalySource { - [field: string]: any; // eslint-disable-line @typescript-eslint/no-explicit-any -} - -export interface AnomalyHit extends SearchHit { - sort: string[]; - _source: AnomalySource; - aggregations: { - [agg: string]: any; // eslint-disable-line @typescript-eslint/no-explicit-any - }; -} - -interface EventsOverTimeHistogramData { - key_as_string: string; - key: number; - doc_count: number; -} - -export interface EventsActionGroupData { - key: number; - events: { - bucket: EventsOverTimeHistogramData[]; - }; - doc_count: number; -} - -export interface DnsHistogramSubBucket { - key: string; - doc_count: number; - orderAgg: { - value: number; - }; -} -interface DnsHistogramBucket { - doc_count_error_upper_bound: number; - sum_other_doc_count: number; - buckets: DnsHistogramSubBucket[]; -} - -export interface DnsHistogramGroupData { - key: number; - doc_count: number; - key_as_string: string; - histogram: DnsHistogramBucket; -} - -export interface MatrixHistogramSchema { - buildDsl: (options: MatrixHistogramRequestOptions) => {}; - aggName: string; - parseKey: string; - parser?: ( - data: MatrixHistogramParseData, - keyBucket: string - ) => MatrixOverTimeHistogramData[]; -} - -export type MatrixHistogramParseData = T extends HistogramType.alerts - ? AlertsGroupData[] - : T extends HistogramType.anomalies - ? AnomaliesActionGroupData[] - : T extends HistogramType.dns - ? DnsHistogramGroupData[] - : T extends HistogramType.authentications - ? AuthenticationsActionGroupData[] - : T extends HistogramType.events - ? EventsActionGroupData[] - : never; - -export type MatrixHistogramHit = T extends HistogramType.alerts - ? EventHit - : T extends HistogramType.anomalies - ? AnomalyHit - : T extends HistogramType.dns - ? EventHit - : T extends HistogramType.authentications - ? AuthenticationHit - : T extends HistogramType.events - ? EventHit - : never; - -export type MatrixHistogramDataConfig = Record>; -interface AuthenticationsOverTimeHistogramData { - key_as_string: string; - key: number; - doc_count: number; -} - -export interface AuthenticationsActionGroupData { - key: number; - events: { - bucket: AuthenticationsOverTimeHistogramData[]; - }; - doc_count: number; -} - -export interface MatrixHistogramAdapter { - getHistogramData( - request: FrameworkRequest, - options: MatrixHistogramRequestOptions - ): Promise; -} diff --git a/x-pack/plugins/security_solution/server/lib/matrix_histogram/utils.ts b/x-pack/plugins/security_solution/server/lib/matrix_histogram/utils.ts deleted file mode 100644 index 4a6a38421f42a..0000000000000 --- a/x-pack/plugins/security_solution/server/lib/matrix_histogram/utils.ts +++ /dev/null @@ -1,50 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import { get, getOr } from 'lodash/fp'; -import { MatrixHistogramParseData, DnsHistogramSubBucket, HistogramBucket } from './types'; -import { MatrixOverTimeHistogramData } from '../../graphql/types'; - -export const getDnsParsedData = ( - data: MatrixHistogramParseData, - keyBucket: string -): MatrixOverTimeHistogramData[] => { - let result: MatrixOverTimeHistogramData[] = []; - data.forEach((bucketData: unknown) => { - const time = get('key', bucketData); - const histData = getOr([], keyBucket, bucketData).map( - // eslint-disable-next-line @typescript-eslint/naming-convention - ({ key, doc_count }: DnsHistogramSubBucket) => ({ - x: time, - y: doc_count, - g: key, - }) - ); - result = [...result, ...histData]; - }); - return result; -}; - -export const getGenericData = ( - data: MatrixHistogramParseData, - keyBucket: string -): MatrixOverTimeHistogramData[] => { - let result: MatrixOverTimeHistogramData[] = []; - data.forEach((bucketData: unknown) => { - const group = get('key', bucketData); - const histData = getOr([], keyBucket, bucketData).map( - // eslint-disable-next-line @typescript-eslint/naming-convention - ({ key, doc_count }: HistogramBucket) => ({ - x: key, - y: doc_count, - g: group, - }) - ); - result = [...result, ...histData]; - }); - - return result; -}; diff --git a/x-pack/plugins/security_solution/server/lib/network/__snapshots__/elastic_adapter.test.ts.snap b/x-pack/plugins/security_solution/server/lib/network/__snapshots__/elastic_adapter.test.ts.snap deleted file mode 100644 index 50454fcb6b351..0000000000000 --- a/x-pack/plugins/security_solution/server/lib/network/__snapshots__/elastic_adapter.test.ts.snap +++ /dev/null @@ -1,1366 +0,0 @@ -// Jest Snapshot v1, https://goo.gl/fbAQLP - -exports[`Network Top N flow elasticsearch_adapter with FlowTarget=source Unhappy Path - No geo data getNetworkTopNFlow 1`] = ` -Object { - "edges": Array [ - Object { - "cursor": Object { - "tiebreaker": null, - "value": "1.1.1.1", - }, - "node": Object { - "_id": "1.1.1.1", - "network": Object { - "bytes_in": 11276023407, - "bytes_out": 1025631, - }, - "source": Object { - "autonomous_system": Object { - "name": "Level 3 Parent, LLC", - "number": 3356, - }, - "destination_ips": 345345, - "domain": Array [ - "test.1.net", - ], - "flows": 1234567, - "ip": "1.1.1.1", - "location": null, - }, - }, - }, - Object { - "cursor": Object { - "tiebreaker": null, - "value": "2.2.2.2", - }, - "node": Object { - "_id": "2.2.2.2", - "network": Object { - "bytes_in": 5469323342, - "bytes_out": 2811441, - }, - "source": Object { - "autonomous_system": Object { - "name": "Level 3 Parent, LLC", - "number": 3356, - }, - "destination_ips": 345345, - "domain": Array [ - "test.2.net", - ], - "flows": 1234567, - "ip": "2.2.2.2", - "location": Object { - "flowTarget": "source", - "geo": Object { - "city_name": "Philadelphia", - "continent_name": "North America", - "country_iso_code": "US", - "location": Object { - "lat": 39.9359, - "lon": -75.1534, - }, - "region_iso_code": "US-PA", - "region_name": "Pennsylvania", - }, - }, - }, - }, - }, - Object { - "cursor": Object { - "tiebreaker": null, - "value": "3.3.3.3", - }, - "node": Object { - "_id": "3.3.3.3", - "network": Object { - "bytes_in": 3807671322, - "bytes_out": 4494034, - }, - "source": Object { - "autonomous_system": Object { - "name": "Level 3 Parent, LLC", - "number": 3356, - }, - "destination_ips": 345345, - "domain": Array [ - "test.3.com", - "test.3-duplicate.com", - ], - "flows": 1234567, - "ip": "3.3.3.3", - "location": Object { - "flowTarget": "source", - "geo": Object { - "city_name": "Philadelphia", - "continent_name": "North America", - "country_iso_code": "US", - "location": Object { - "lat": 39.9359, - "lon": -75.1534, - }, - "region_iso_code": "US-PA", - "region_name": "Pennsylvania", - }, - }, - }, - }, - }, - Object { - "cursor": Object { - "tiebreaker": null, - "value": "4.4.4.4", - }, - "node": Object { - "_id": "4.4.4.4", - "network": Object { - "bytes_in": 166517626, - "bytes_out": 3194782, - }, - "source": Object { - "autonomous_system": Object { - "name": "Level 3 Parent, LLC", - "number": 3356, - }, - "destination_ips": 345345, - "domain": Array [ - "test.4.com", - ], - "flows": 1234567, - "ip": "4.4.4.4", - "location": Object { - "flowTarget": "source", - "geo": Object { - "city_name": "Philadelphia", - "continent_name": "North America", - "country_iso_code": "US", - "location": Object { - "lat": 39.9359, - "lon": -75.1534, - }, - "region_iso_code": "US-PA", - "region_name": "Pennsylvania", - }, - }, - }, - }, - }, - Object { - "cursor": Object { - "tiebreaker": null, - "value": "5.5.5.5", - }, - "node": Object { - "_id": "5.5.5.5", - "network": Object { - "bytes_in": 104785026, - "bytes_out": 1838597, - }, - "source": Object { - "autonomous_system": Object { - "name": "Level 3 Parent, LLC", - "number": 3356, - }, - "destination_ips": 345345, - "domain": Array [ - "test.5.com", - ], - "flows": 1234567, - "ip": "5.5.5.5", - "location": Object { - "flowTarget": "source", - "geo": Object { - "city_name": "Philadelphia", - "continent_name": "North America", - "country_iso_code": "US", - "location": Object { - "lat": 39.9359, - "lon": -75.1534, - }, - "region_iso_code": "US-PA", - "region_name": "Pennsylvania", - }, - }, - }, - }, - }, - Object { - "cursor": Object { - "tiebreaker": null, - "value": "6.6.6.6", - }, - "node": Object { - "_id": "6.6.6.6", - "network": Object { - "bytes_in": 28804250, - "bytes_out": 482982, - }, - "source": Object { - "autonomous_system": Object { - "name": "Level 3 Parent, LLC", - "number": 3356, - }, - "destination_ips": 345345, - "domain": Array [ - "test.6.com", - ], - "flows": 1234567, - "ip": "6.6.6.6", - "location": Object { - "flowTarget": "source", - "geo": Object { - "city_name": "Philadelphia", - "continent_name": "North America", - "country_iso_code": "US", - "location": Object { - "lat": 39.9359, - "lon": -75.1534, - }, - "region_iso_code": "US-PA", - "region_name": "Pennsylvania", - }, - }, - }, - }, - }, - Object { - "cursor": Object { - "tiebreaker": null, - "value": "7.7.7.7", - }, - "node": Object { - "_id": "7.7.7.7", - "network": Object { - "bytes_in": 23032363, - "bytes_out": 400623, - }, - "source": Object { - "autonomous_system": Object { - "name": "Level 3 Parent, LLC", - "number": 3356, - }, - "destination_ips": 345345, - "domain": Array [ - "test.7.com", - ], - "flows": 1234567, - "ip": "7.7.7.7", - "location": Object { - "flowTarget": "source", - "geo": Object { - "city_name": "Philadelphia", - "continent_name": "North America", - "country_iso_code": "US", - "location": Object { - "lat": 39.9359, - "lon": -75.1534, - }, - "region_iso_code": "US-PA", - "region_name": "Pennsylvania", - }, - }, - }, - }, - }, - Object { - "cursor": Object { - "tiebreaker": null, - "value": "8.8.8.8", - }, - "node": Object { - "_id": "8.8.8.8", - "network": Object { - "bytes_in": 21424889, - "bytes_out": 344357, - }, - "source": Object { - "autonomous_system": Object { - "name": "Level 3 Parent, LLC", - "number": 3356, - }, - "destination_ips": 345345, - "domain": Array [ - "test.8.com", - ], - "flows": 1234567, - "ip": "8.8.8.8", - "location": Object { - "flowTarget": "source", - "geo": Object { - "city_name": "Philadelphia", - "continent_name": "North America", - "country_iso_code": "US", - "location": Object { - "lat": 39.9359, - "lon": -75.1534, - }, - "region_iso_code": "US-PA", - "region_name": "Pennsylvania", - }, - }, - }, - }, - }, - Object { - "cursor": Object { - "tiebreaker": null, - "value": "9.9.9.9", - }, - "node": Object { - "_id": "9.9.9.9", - "network": Object { - "bytes_in": 19205000, - "bytes_out": 355663, - }, - "source": Object { - "autonomous_system": Object { - "name": "Level 3 Parent, LLC", - "number": 3356, - }, - "destination_ips": 345345, - "domain": Array [ - "test.9.com", - ], - "flows": 1234567, - "ip": "9.9.9.9", - "location": Object { - "flowTarget": "source", - "geo": Object { - "city_name": "Philadelphia", - "continent_name": "North America", - "country_iso_code": "US", - "location": Object { - "lat": 39.9359, - "lon": -75.1534, - }, - "region_iso_code": "US-PA", - "region_name": "Pennsylvania", - }, - }, - }, - }, - }, - Object { - "cursor": Object { - "tiebreaker": null, - "value": "10.10.10.10", - }, - "node": Object { - "_id": "10.10.10.10", - "network": Object { - "bytes_in": 11407633, - "bytes_out": 199360, - }, - "source": Object { - "autonomous_system": Object { - "name": "Level 3 Parent, LLC", - "number": 3356, - }, - "destination_ips": 345345, - "domain": Array [ - "test.10.com", - ], - "flows": 1234567, - "ip": "10.10.10.10", - "location": Object { - "flowTarget": "source", - "geo": Object { - "city_name": "Philadelphia", - "continent_name": "North America", - "country_iso_code": "US", - "location": Object { - "lat": 39.9359, - "lon": -75.1534, - }, - "region_iso_code": "US-PA", - "region_name": "Pennsylvania", - }, - }, - }, - }, - }, - ], - "inspect": Object { - "dsl": Array [ - "{ - \\"mockTopNFlowQueryDsl\\": \\"mockTopNFlowQueryDsl\\" -}", - ], - "response": Array [ - "{ - \\"took\\": 122, - \\"timed_out\\": false, - \\"_shards\\": { - \\"total\\": 11, - \\"successful\\": 11, - \\"skipped\\": 0, - \\"failed\\": 0 - }, - \\"hits\\": { - \\"max_score\\": null, - \\"hits\\": [] - }, - \\"aggregations\\": { - \\"top_n_flow_count\\": { - \\"value\\": 545 - }, - \\"source\\": { - \\"buckets\\": [ - { - \\"key\\": \\"1.1.1.1\\", - \\"flows\\": { - \\"value\\": 1234567 - }, - \\"destination_ips\\": { - \\"value\\": 345345 - }, - \\"bytes_in\\": { - \\"value\\": 11276023407 - }, - \\"bytes_out\\": { - \\"value\\": 1025631 - }, - \\"location\\": { - \\"doc_count\\": 14, - \\"top_geo\\": { - \\"hits\\": { - \\"total\\": { - \\"value\\": 14, - \\"relation\\": \\"eq\\" - }, - \\"max_score\\": 1, - \\"hits\\": [] - } - } - }, - \\"autonomous_system\\": { - \\"doc_count\\": 14, - \\"top_as\\": { - \\"hits\\": { - \\"total\\": { - \\"value\\": 14, - \\"relation\\": \\"eq\\" - }, - \\"max_score\\": 1, - \\"hits\\": [ - { - \\"_index\\": \\"filebeat-8.0.0-2019.06.19-000005\\", - \\"_type\\": \\"_doc\\", - \\"_id\\": \\"dd4fa2d4bd-692279846149410\\", - \\"_score\\": 1, - \\"_source\\": { - \\"source\\": { - \\"as\\": { - \\"number\\": 3356, - \\"organization\\": { - \\"name\\": \\"Level 3 Parent, LLC\\" - } - } - } - } - } - ] - } - } - }, - \\"domain\\": { - \\"buckets\\": [ - { - \\"key\\": \\"test.1.net\\" - } - ] - } - }, - { - \\"key\\": \\"2.2.2.2\\", - \\"flows\\": { - \\"value\\": 1234567 - }, - \\"destination_ips\\": { - \\"value\\": 345345 - }, - \\"bytes_in\\": { - \\"value\\": 5469323342 - }, - \\"bytes_out\\": { - \\"value\\": 2811441 - }, - \\"location\\": { - \\"doc_count\\": 14, - \\"top_geo\\": { - \\"hits\\": { - \\"total\\": { - \\"value\\": 14, - \\"relation\\": \\"eq\\" - }, - \\"max_score\\": 1, - \\"hits\\": [ - { - \\"_index\\": \\"filebeat-8.0.0-2019.06.19-000005\\", - \\"_type\\": \\"_doc\\", - \\"_id\\": \\"dd4fa2d4bd-692279846149410\\", - \\"_score\\": 1, - \\"_source\\": { - \\"source\\": { - \\"geo\\": { - \\"continent_name\\": \\"North America\\", - \\"region_iso_code\\": \\"US-PA\\", - \\"city_name\\": \\"Philadelphia\\", - \\"country_iso_code\\": \\"US\\", - \\"region_name\\": \\"Pennsylvania\\", - \\"location\\": { - \\"lon\\": -75.1534, - \\"lat\\": 39.9359 - } - } - } - } - } - ] - } - } - }, - \\"autonomous_system\\": { - \\"doc_count\\": 14, - \\"top_as\\": { - \\"hits\\": { - \\"total\\": { - \\"value\\": 14, - \\"relation\\": \\"eq\\" - }, - \\"max_score\\": 1, - \\"hits\\": [ - { - \\"_index\\": \\"filebeat-8.0.0-2019.06.19-000005\\", - \\"_type\\": \\"_doc\\", - \\"_id\\": \\"dd4fa2d4bd-692279846149410\\", - \\"_score\\": 1, - \\"_source\\": { - \\"source\\": { - \\"as\\": { - \\"number\\": 3356, - \\"organization\\": { - \\"name\\": \\"Level 3 Parent, LLC\\" - } - } - } - } - } - ] - } - } - }, - \\"domain\\": { - \\"buckets\\": [ - { - \\"key\\": \\"test.2.net\\" - } - ] - } - }, - { - \\"key\\": \\"3.3.3.3\\", - \\"flows\\": { - \\"value\\": 1234567 - }, - \\"destination_ips\\": { - \\"value\\": 345345 - }, - \\"bytes_in\\": { - \\"value\\": 3807671322 - }, - \\"bytes_out\\": { - \\"value\\": 4494034 - }, - \\"location\\": { - \\"doc_count\\": 14, - \\"top_geo\\": { - \\"hits\\": { - \\"total\\": { - \\"value\\": 14, - \\"relation\\": \\"eq\\" - }, - \\"max_score\\": 1, - \\"hits\\": [ - { - \\"_index\\": \\"filebeat-8.0.0-2019.06.19-000005\\", - \\"_type\\": \\"_doc\\", - \\"_id\\": \\"dd4fa2d4bd-692279846149410\\", - \\"_score\\": 1, - \\"_source\\": { - \\"source\\": { - \\"geo\\": { - \\"continent_name\\": \\"North America\\", - \\"region_iso_code\\": \\"US-PA\\", - \\"city_name\\": \\"Philadelphia\\", - \\"country_iso_code\\": \\"US\\", - \\"region_name\\": \\"Pennsylvania\\", - \\"location\\": { - \\"lon\\": -75.1534, - \\"lat\\": 39.9359 - } - } - } - } - } - ] - } - } - }, - \\"autonomous_system\\": { - \\"doc_count\\": 14, - \\"top_as\\": { - \\"hits\\": { - \\"total\\": { - \\"value\\": 14, - \\"relation\\": \\"eq\\" - }, - \\"max_score\\": 1, - \\"hits\\": [ - { - \\"_index\\": \\"filebeat-8.0.0-2019.06.19-000005\\", - \\"_type\\": \\"_doc\\", - \\"_id\\": \\"dd4fa2d4bd-692279846149410\\", - \\"_score\\": 1, - \\"_source\\": { - \\"source\\": { - \\"as\\": { - \\"number\\": 3356, - \\"organization\\": { - \\"name\\": \\"Level 3 Parent, LLC\\" - } - } - } - } - } - ] - } - } - }, - \\"domain\\": { - \\"buckets\\": [ - { - \\"key\\": \\"test.3.com\\" - }, - { - \\"key\\": \\"test.3-duplicate.com\\" - } - ] - } - }, - { - \\"key\\": \\"4.4.4.4\\", - \\"flows\\": { - \\"value\\": 1234567 - }, - \\"destination_ips\\": { - \\"value\\": 345345 - }, - \\"bytes_in\\": { - \\"value\\": 166517626 - }, - \\"bytes_out\\": { - \\"value\\": 3194782 - }, - \\"location\\": { - \\"doc_count\\": 14, - \\"top_geo\\": { - \\"hits\\": { - \\"total\\": { - \\"value\\": 14, - \\"relation\\": \\"eq\\" - }, - \\"max_score\\": 1, - \\"hits\\": [ - { - \\"_index\\": \\"filebeat-8.0.0-2019.06.19-000005\\", - \\"_type\\": \\"_doc\\", - \\"_id\\": \\"dd4fa2d4bd-692279846149410\\", - \\"_score\\": 1, - \\"_source\\": { - \\"source\\": { - \\"geo\\": { - \\"continent_name\\": \\"North America\\", - \\"region_iso_code\\": \\"US-PA\\", - \\"city_name\\": \\"Philadelphia\\", - \\"country_iso_code\\": \\"US\\", - \\"region_name\\": \\"Pennsylvania\\", - \\"location\\": { - \\"lon\\": -75.1534, - \\"lat\\": 39.9359 - } - } - } - } - } - ] - } - } - }, - \\"autonomous_system\\": { - \\"doc_count\\": 14, - \\"top_as\\": { - \\"hits\\": { - \\"total\\": { - \\"value\\": 14, - \\"relation\\": \\"eq\\" - }, - \\"max_score\\": 1, - \\"hits\\": [ - { - \\"_index\\": \\"filebeat-8.0.0-2019.06.19-000005\\", - \\"_type\\": \\"_doc\\", - \\"_id\\": \\"dd4fa2d4bd-692279846149410\\", - \\"_score\\": 1, - \\"_source\\": { - \\"source\\": { - \\"as\\": { - \\"number\\": 3356, - \\"organization\\": { - \\"name\\": \\"Level 3 Parent, LLC\\" - } - } - } - } - } - ] - } - } - }, - \\"domain\\": { - \\"buckets\\": [ - { - \\"key\\": \\"test.4.com\\" - } - ] - } - }, - { - \\"key\\": \\"5.5.5.5\\", - \\"flows\\": { - \\"value\\": 1234567 - }, - \\"destination_ips\\": { - \\"value\\": 345345 - }, - \\"bytes_in\\": { - \\"value\\": 104785026 - }, - \\"bytes_out\\": { - \\"value\\": 1838597 - }, - \\"location\\": { - \\"doc_count\\": 14, - \\"top_geo\\": { - \\"hits\\": { - \\"total\\": { - \\"value\\": 14, - \\"relation\\": \\"eq\\" - }, - \\"max_score\\": 1, - \\"hits\\": [ - { - \\"_index\\": \\"filebeat-8.0.0-2019.06.19-000005\\", - \\"_type\\": \\"_doc\\", - \\"_id\\": \\"dd4fa2d4bd-692279846149410\\", - \\"_score\\": 1, - \\"_source\\": { - \\"source\\": { - \\"geo\\": { - \\"continent_name\\": \\"North America\\", - \\"region_iso_code\\": \\"US-PA\\", - \\"city_name\\": \\"Philadelphia\\", - \\"country_iso_code\\": \\"US\\", - \\"region_name\\": \\"Pennsylvania\\", - \\"location\\": { - \\"lon\\": -75.1534, - \\"lat\\": 39.9359 - } - } - } - } - } - ] - } - } - }, - \\"autonomous_system\\": { - \\"doc_count\\": 14, - \\"top_as\\": { - \\"hits\\": { - \\"total\\": { - \\"value\\": 14, - \\"relation\\": \\"eq\\" - }, - \\"max_score\\": 1, - \\"hits\\": [ - { - \\"_index\\": \\"filebeat-8.0.0-2019.06.19-000005\\", - \\"_type\\": \\"_doc\\", - \\"_id\\": \\"dd4fa2d4bd-692279846149410\\", - \\"_score\\": 1, - \\"_source\\": { - \\"source\\": { - \\"as\\": { - \\"number\\": 3356, - \\"organization\\": { - \\"name\\": \\"Level 3 Parent, LLC\\" - } - } - } - } - } - ] - } - } - }, - \\"domain\\": { - \\"buckets\\": [ - { - \\"key\\": \\"test.5.com\\" - } - ] - } - }, - { - \\"key\\": \\"6.6.6.6\\", - \\"flows\\": { - \\"value\\": 1234567 - }, - \\"destination_ips\\": { - \\"value\\": 345345 - }, - \\"bytes_in\\": { - \\"value\\": 28804250 - }, - \\"bytes_out\\": { - \\"value\\": 482982 - }, - \\"location\\": { - \\"doc_count\\": 14, - \\"top_geo\\": { - \\"hits\\": { - \\"total\\": { - \\"value\\": 14, - \\"relation\\": \\"eq\\" - }, - \\"max_score\\": 1, - \\"hits\\": [ - { - \\"_index\\": \\"filebeat-8.0.0-2019.06.19-000005\\", - \\"_type\\": \\"_doc\\", - \\"_id\\": \\"dd4fa2d4bd-692279846149410\\", - \\"_score\\": 1, - \\"_source\\": { - \\"source\\": { - \\"geo\\": { - \\"continent_name\\": \\"North America\\", - \\"region_iso_code\\": \\"US-PA\\", - \\"city_name\\": \\"Philadelphia\\", - \\"country_iso_code\\": \\"US\\", - \\"region_name\\": \\"Pennsylvania\\", - \\"location\\": { - \\"lon\\": -75.1534, - \\"lat\\": 39.9359 - } - } - } - } - } - ] - } - } - }, - \\"autonomous_system\\": { - \\"doc_count\\": 14, - \\"top_as\\": { - \\"hits\\": { - \\"total\\": { - \\"value\\": 14, - \\"relation\\": \\"eq\\" - }, - \\"max_score\\": 1, - \\"hits\\": [ - { - \\"_index\\": \\"filebeat-8.0.0-2019.06.19-000005\\", - \\"_type\\": \\"_doc\\", - \\"_id\\": \\"dd4fa2d4bd-692279846149410\\", - \\"_score\\": 1, - \\"_source\\": { - \\"source\\": { - \\"as\\": { - \\"number\\": 3356, - \\"organization\\": { - \\"name\\": \\"Level 3 Parent, LLC\\" - } - } - } - } - } - ] - } - } - }, - \\"domain\\": { - \\"doc_count_error_upper_bound\\": 0, - \\"sum_other_doc_count\\": 31, - \\"buckets\\": [ - { - \\"key\\": \\"test.6.com\\" - } - ] - } - }, - { - \\"key\\": \\"7.7.7.7\\", - \\"flows\\": { - \\"value\\": 1234567 - }, - \\"destination_ips\\": { - \\"value\\": 345345 - }, - \\"bytes_in\\": { - \\"value\\": 23032363 - }, - \\"bytes_out\\": { - \\"value\\": 400623 - }, - \\"location\\": { - \\"doc_count\\": 14, - \\"top_geo\\": { - \\"hits\\": { - \\"total\\": { - \\"value\\": 14, - \\"relation\\": \\"eq\\" - }, - \\"max_score\\": 1, - \\"hits\\": [ - { - \\"_index\\": \\"filebeat-8.0.0-2019.06.19-000005\\", - \\"_type\\": \\"_doc\\", - \\"_id\\": \\"dd4fa2d4bd-692279846149410\\", - \\"_score\\": 1, - \\"_source\\": { - \\"source\\": { - \\"geo\\": { - \\"continent_name\\": \\"North America\\", - \\"region_iso_code\\": \\"US-PA\\", - \\"city_name\\": \\"Philadelphia\\", - \\"country_iso_code\\": \\"US\\", - \\"region_name\\": \\"Pennsylvania\\", - \\"location\\": { - \\"lon\\": -75.1534, - \\"lat\\": 39.9359 - } - } - } - } - } - ] - } - } - }, - \\"autonomous_system\\": { - \\"doc_count\\": 14, - \\"top_as\\": { - \\"hits\\": { - \\"total\\": { - \\"value\\": 14, - \\"relation\\": \\"eq\\" - }, - \\"max_score\\": 1, - \\"hits\\": [ - { - \\"_index\\": \\"filebeat-8.0.0-2019.06.19-000005\\", - \\"_type\\": \\"_doc\\", - \\"_id\\": \\"dd4fa2d4bd-692279846149410\\", - \\"_score\\": 1, - \\"_source\\": { - \\"source\\": { - \\"as\\": { - \\"number\\": 3356, - \\"organization\\": { - \\"name\\": \\"Level 3 Parent, LLC\\" - } - } - } - } - } - ] - } - } - }, - \\"domain\\": { - \\"doc_count_error_upper_bound\\": 0, - \\"sum_other_doc_count\\": 0, - \\"buckets\\": [ - { - \\"key\\": \\"test.7.com\\" - } - ] - } - }, - { - \\"key\\": \\"8.8.8.8\\", - \\"flows\\": { - \\"value\\": 1234567 - }, - \\"destination_ips\\": { - \\"value\\": 345345 - }, - \\"bytes_in\\": { - \\"value\\": 21424889 - }, - \\"bytes_out\\": { - \\"value\\": 344357 - }, - \\"location\\": { - \\"doc_count\\": 14, - \\"top_geo\\": { - \\"hits\\": { - \\"total\\": { - \\"value\\": 14, - \\"relation\\": \\"eq\\" - }, - \\"max_score\\": 1, - \\"hits\\": [ - { - \\"_index\\": \\"filebeat-8.0.0-2019.06.19-000005\\", - \\"_type\\": \\"_doc\\", - \\"_id\\": \\"dd4fa2d4bd-692279846149410\\", - \\"_score\\": 1, - \\"_source\\": { - \\"source\\": { - \\"geo\\": { - \\"continent_name\\": \\"North America\\", - \\"region_iso_code\\": \\"US-PA\\", - \\"city_name\\": \\"Philadelphia\\", - \\"country_iso_code\\": \\"US\\", - \\"region_name\\": \\"Pennsylvania\\", - \\"location\\": { - \\"lon\\": -75.1534, - \\"lat\\": 39.9359 - } - } - } - } - } - ] - } - } - }, - \\"autonomous_system\\": { - \\"doc_count\\": 14, - \\"top_as\\": { - \\"hits\\": { - \\"total\\": { - \\"value\\": 14, - \\"relation\\": \\"eq\\" - }, - \\"max_score\\": 1, - \\"hits\\": [ - { - \\"_index\\": \\"filebeat-8.0.0-2019.06.19-000005\\", - \\"_type\\": \\"_doc\\", - \\"_id\\": \\"dd4fa2d4bd-692279846149410\\", - \\"_score\\": 1, - \\"_source\\": { - \\"source\\": { - \\"as\\": { - \\"number\\": 3356, - \\"organization\\": { - \\"name\\": \\"Level 3 Parent, LLC\\" - } - } - } - } - } - ] - } - } - }, - \\"domain\\": { - \\"buckets\\": [ - { - \\"key\\": \\"test.8.com\\" - } - ] - } - }, - { - \\"key\\": \\"9.9.9.9\\", - \\"flows\\": { - \\"value\\": 1234567 - }, - \\"destination_ips\\": { - \\"value\\": 345345 - }, - \\"bytes_in\\": { - \\"value\\": 19205000 - }, - \\"bytes_out\\": { - \\"value\\": 355663 - }, - \\"location\\": { - \\"doc_count\\": 14, - \\"top_geo\\": { - \\"hits\\": { - \\"total\\": { - \\"value\\": 14, - \\"relation\\": \\"eq\\" - }, - \\"max_score\\": 1, - \\"hits\\": [ - { - \\"_index\\": \\"filebeat-8.0.0-2019.06.19-000005\\", - \\"_type\\": \\"_doc\\", - \\"_id\\": \\"dd4fa2d4bd-692279846149410\\", - \\"_score\\": 1, - \\"_source\\": { - \\"source\\": { - \\"geo\\": { - \\"continent_name\\": \\"North America\\", - \\"region_iso_code\\": \\"US-PA\\", - \\"city_name\\": \\"Philadelphia\\", - \\"country_iso_code\\": \\"US\\", - \\"region_name\\": \\"Pennsylvania\\", - \\"location\\": { - \\"lon\\": -75.1534, - \\"lat\\": 39.9359 - } - } - } - } - } - ] - } - } - }, - \\"autonomous_system\\": { - \\"doc_count\\": 14, - \\"top_as\\": { - \\"hits\\": { - \\"total\\": { - \\"value\\": 14, - \\"relation\\": \\"eq\\" - }, - \\"max_score\\": 1, - \\"hits\\": [ - { - \\"_index\\": \\"filebeat-8.0.0-2019.06.19-000005\\", - \\"_type\\": \\"_doc\\", - \\"_id\\": \\"dd4fa2d4bd-692279846149410\\", - \\"_score\\": 1, - \\"_source\\": { - \\"source\\": { - \\"as\\": { - \\"number\\": 3356, - \\"organization\\": { - \\"name\\": \\"Level 3 Parent, LLC\\" - } - } - } - } - } - ] - } - } - }, - \\"domain\\": { - \\"buckets\\": [ - { - \\"key\\": \\"test.9.com\\" - } - ] - } - }, - { - \\"key\\": \\"10.10.10.10\\", - \\"flows\\": { - \\"value\\": 1234567 - }, - \\"destination_ips\\": { - \\"value\\": 345345 - }, - \\"bytes_in\\": { - \\"value\\": 11407633 - }, - \\"bytes_out\\": { - \\"value\\": 199360 - }, - \\"location\\": { - \\"doc_count\\": 14, - \\"top_geo\\": { - \\"hits\\": { - \\"total\\": { - \\"value\\": 14, - \\"relation\\": \\"eq\\" - }, - \\"max_score\\": 1, - \\"hits\\": [ - { - \\"_index\\": \\"filebeat-8.0.0-2019.06.19-000005\\", - \\"_type\\": \\"_doc\\", - \\"_id\\": \\"dd4fa2d4bd-692279846149410\\", - \\"_score\\": 1, - \\"_source\\": { - \\"source\\": { - \\"geo\\": { - \\"continent_name\\": \\"North America\\", - \\"region_iso_code\\": \\"US-PA\\", - \\"city_name\\": \\"Philadelphia\\", - \\"country_iso_code\\": \\"US\\", - \\"region_name\\": \\"Pennsylvania\\", - \\"location\\": { - \\"lon\\": -75.1534, - \\"lat\\": 39.9359 - } - } - } - } - } - ] - } - } - }, - \\"autonomous_system\\": { - \\"doc_count\\": 14, - \\"top_as\\": { - \\"hits\\": { - \\"total\\": { - \\"value\\": 14, - \\"relation\\": \\"eq\\" - }, - \\"max_score\\": 1, - \\"hits\\": [ - { - \\"_index\\": \\"filebeat-8.0.0-2019.06.19-000005\\", - \\"_type\\": \\"_doc\\", - \\"_id\\": \\"dd4fa2d4bd-692279846149410\\", - \\"_score\\": 1, - \\"_source\\": { - \\"source\\": { - \\"as\\": { - \\"number\\": 3356, - \\"organization\\": { - \\"name\\": \\"Level 3 Parent, LLC\\" - } - } - } - } - } - ] - } - } - }, - \\"domain\\": { - \\"buckets\\": [ - { - \\"key\\": \\"test.10.com\\" - } - ] - } - }, - { - \\"key\\": \\"11.11.11.11\\", - \\"flows\\": { - \\"value\\": 1234567 - }, - \\"destination_ips\\": { - \\"value\\": 345345 - }, - \\"bytes_in\\": { - \\"value\\": 11393327 - }, - \\"bytes_out\\": { - \\"value\\": 195914 - }, - \\"location\\": { - \\"doc_count\\": 14, - \\"top_geo\\": { - \\"hits\\": { - \\"total\\": { - \\"value\\": 14, - \\"relation\\": \\"eq\\" - }, - \\"max_score\\": 1, - \\"hits\\": [ - { - \\"_index\\": \\"filebeat-8.0.0-2019.06.19-000005\\", - \\"_type\\": \\"_doc\\", - \\"_id\\": \\"dd4fa2d4bd-692279846149410\\", - \\"_score\\": 1, - \\"_source\\": { - \\"source\\": { - \\"geo\\": { - \\"continent_name\\": \\"North America\\", - \\"region_iso_code\\": \\"US-PA\\", - \\"city_name\\": \\"Philadelphia\\", - \\"country_iso_code\\": \\"US\\", - \\"region_name\\": \\"Pennsylvania\\", - \\"location\\": { - \\"lon\\": -75.1534, - \\"lat\\": 39.9359 - } - } - } - } - } - ] - } - } - }, - \\"autonomous_system\\": { - \\"doc_count\\": 14, - \\"top_as\\": { - \\"hits\\": { - \\"total\\": { - \\"value\\": 14, - \\"relation\\": \\"eq\\" - }, - \\"max_score\\": 1, - \\"hits\\": [ - { - \\"_index\\": \\"filebeat-8.0.0-2019.06.19-000005\\", - \\"_type\\": \\"_doc\\", - \\"_id\\": \\"dd4fa2d4bd-692279846149410\\", - \\"_score\\": 1, - \\"_source\\": { - \\"source\\": { - \\"as\\": { - \\"number\\": 3356, - \\"organization\\": { - \\"name\\": \\"Level 3 Parent, LLC\\" - } - } - } - } - } - ] - } - } - }, - \\"domain\\": { - \\"buckets\\": [ - { - \\"key\\": \\"test.11.com\\" - } - ] - } - } - ] - } - } -}", - ], - }, - "pageInfo": Object { - "activePage": 0, - "fakeTotalCount": 50, - "showMorePagesIndicator": true, - }, - "totalCount": 545, -} -`; diff --git a/x-pack/plugins/security_solution/server/lib/network/elastic_adapter.test.ts b/x-pack/plugins/security_solution/server/lib/network/elastic_adapter.test.ts deleted file mode 100644 index eab461ee07ca7..0000000000000 --- a/x-pack/plugins/security_solution/server/lib/network/elastic_adapter.test.ts +++ /dev/null @@ -1,171 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import { cloneDeep } from 'lodash/fp'; - -import { FlowTargetSourceDest, NetworkTopNFlowData } from '../../graphql/types'; -import { FrameworkAdapter, FrameworkRequest } from '../framework'; - -import { ElasticsearchNetworkAdapter } from './elasticsearch_adapter'; -import { - mockOptions, - mockRequest, - mockResponse, - mockResult, - mockOptionsIp, - mockRequestIp, - mockResponseIp, - mockResultIp, - mockTopNFlowQueryDsl, -} from './mock'; - -jest.mock('./query_top_n_flow.dsl', () => { - const r = jest.requireActual('./query_top_n_flow.dsl'); - return { - ...r, - buildTopNFlowQuery: jest.fn(() => mockTopNFlowQueryDsl), - }; -}); - -describe('Network Top N flow elasticsearch_adapter with FlowTarget=source', () => { - describe('Happy Path - get Data', () => { - const mockCallWithRequest = jest.fn(); - mockCallWithRequest.mockResolvedValue(mockResponse); - const mockFramework: FrameworkAdapter = { - callWithRequest: mockCallWithRequest, - getIndexPatternsService: jest.fn(), - registerGraphQLEndpoint: jest.fn(), - }; - jest.doMock('../framework', () => ({ - callWithRequest: mockCallWithRequest, - })); - - test('getNetworkTopNFlow', async () => { - const EsNetworkTopNFlow = new ElasticsearchNetworkAdapter(mockFramework); - const data: NetworkTopNFlowData = await EsNetworkTopNFlow.getNetworkTopNFlow( - mockRequest as FrameworkRequest, - mockOptions - ); - expect(data).toEqual(mockResult); - }); - }); - - describe('Unhappy Path - No data', () => { - const mockNoDataResponse = cloneDeep(mockResponse); - mockNoDataResponse.aggregations.top_n_flow_count.value = 0; - mockNoDataResponse.aggregations[FlowTargetSourceDest.source].buckets = []; - const mockCallWithRequest = jest.fn(); - mockCallWithRequest.mockResolvedValue(mockNoDataResponse); - const mockFramework: FrameworkAdapter = { - callWithRequest: mockCallWithRequest, - registerGraphQLEndpoint: jest.fn(), - getIndexPatternsService: jest.fn(), - }; - jest.doMock('../framework', () => ({ - callWithRequest: mockCallWithRequest, - })); - - test('getNetworkTopNFlow', async () => { - const EsNetworkTopNFlow = new ElasticsearchNetworkAdapter(mockFramework); - const data: NetworkTopNFlowData = await EsNetworkTopNFlow.getNetworkTopNFlow( - mockRequest as FrameworkRequest, - mockOptions - ); - expect(data).toEqual({ - inspect: { - dsl: [JSON.stringify(mockTopNFlowQueryDsl, null, 2)], - response: [JSON.stringify(mockNoDataResponse, null, 2)], - }, - edges: [], - pageInfo: { - activePage: 0, - fakeTotalCount: 0, - showMorePagesIndicator: false, - }, - totalCount: 0, - }); - }); - }); - - describe('Unhappy Path - No geo data', () => { - const mockCallWithRequest = jest.fn(); - const mockNoGeoDataResponse = cloneDeep(mockResponse); - // sometimes bad things happen to good ecs - mockNoGeoDataResponse.aggregations[ - FlowTargetSourceDest.source - ].buckets[0].location.top_geo.hits.hits = []; - mockCallWithRequest.mockResolvedValue(mockNoGeoDataResponse); - const mockFramework: FrameworkAdapter = { - callWithRequest: mockCallWithRequest, - getIndexPatternsService: jest.fn(), - registerGraphQLEndpoint: jest.fn(), - }; - jest.doMock('../framework', () => ({ - callWithRequest: mockCallWithRequest, - })); - - test('getNetworkTopNFlow', async () => { - const EsNetworkTopNFlow = new ElasticsearchNetworkAdapter(mockFramework); - const data: NetworkTopNFlowData = await EsNetworkTopNFlow.getNetworkTopNFlow( - mockRequest as FrameworkRequest, - mockOptions - ); - expect(data).toMatchSnapshot(); - }); - }); - - describe('No pagination', () => { - const mockNoPaginationResponse = cloneDeep(mockResponse); - mockNoPaginationResponse.aggregations.top_n_flow_count.value = 10; - mockNoPaginationResponse.aggregations[ - FlowTargetSourceDest.source - ].buckets = mockNoPaginationResponse.aggregations[FlowTargetSourceDest.source].buckets.slice( - 0, - -1 - ); - const mockCallWithRequest = jest.fn(); - mockCallWithRequest.mockResolvedValue(mockNoPaginationResponse); - const mockFramework: FrameworkAdapter = { - callWithRequest: mockCallWithRequest, - registerGraphQLEndpoint: jest.fn(), - getIndexPatternsService: jest.fn(), - }; - jest.doMock('../framework', () => ({ - callWithRequest: mockCallWithRequest, - })); - - test('getNetworkTopNFlow', async () => { - const EsNetworkTopNFlow = new ElasticsearchNetworkAdapter(mockFramework); - const data: NetworkTopNFlowData = await EsNetworkTopNFlow.getNetworkTopNFlow( - mockRequest as FrameworkRequest, - mockOptions - ); - expect(data.pageInfo.showMorePagesIndicator).toBeFalsy(); - }); - }); - - describe('Filter by IP', () => { - const mockCallWithRequest = jest.fn(); - mockCallWithRequest.mockResolvedValue(mockResponseIp); - const mockFramework: FrameworkAdapter = { - callWithRequest: mockCallWithRequest, - getIndexPatternsService: jest.fn(), - registerGraphQLEndpoint: jest.fn(), - }; - jest.doMock('../framework', () => ({ - callWithRequest: mockCallWithRequest, - })); - - test('getNetworkTopNFlow', async () => { - const EsNetworkTopNFlow = new ElasticsearchNetworkAdapter(mockFramework); - const data: NetworkTopNFlowData = await EsNetworkTopNFlow.getNetworkTopNFlow( - mockRequestIp as FrameworkRequest, - mockOptionsIp - ); - expect(data).toEqual(mockResultIp); - }); - }); -}); diff --git a/x-pack/plugins/security_solution/server/lib/network/elasticsearch_adapter.ts b/x-pack/plugins/security_solution/server/lib/network/elasticsearch_adapter.ts deleted file mode 100644 index d12d225cc8908..0000000000000 --- a/x-pack/plugins/security_solution/server/lib/network/elasticsearch_adapter.ts +++ /dev/null @@ -1,361 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import { get, getOr } from 'lodash/fp'; - -import { - FlowTargetSourceDest, - AutonomousSystemItem, - GeoItem, - NetworkDnsData, - NetworkDnsEdges, - NetworkTopCountriesData, - NetworkTopCountriesEdges, - NetworkTopNFlowData, - NetworkHttpData, - NetworkHttpEdges, - NetworkTopNFlowEdges, -} from '../../graphql/types'; -import { inspectStringifyObject } from '../../utils/build_query'; -import { DatabaseSearchResponse, FrameworkAdapter, FrameworkRequest } from '../framework'; -import { TermAggregation } from '../types'; -import { DEFAULT_MAX_TABLE_QUERY_SIZE } from '../../../common/constants'; - -import { - NetworkDnsRequestOptions, - NetworkTopCountriesRequestOptions, - NetworkHttpRequestOptions, - NetworkTopNFlowRequestOptions, -} from './index'; -import { buildDnsQuery } from './query_dns.dsl'; -import { buildTopNFlowQuery, getOppositeField } from './query_top_n_flow.dsl'; -import { buildHttpQuery } from './query_http.dsl'; -import { buildTopCountriesQuery } from './query_top_countries.dsl'; -import { - NetworkAdapter, - NetworkDnsBuckets, - NetworkTopCountriesBuckets, - NetworkHttpBuckets, - NetworkTopNFlowBuckets, -} from './types'; - -export class ElasticsearchNetworkAdapter implements NetworkAdapter { - constructor(private readonly framework: FrameworkAdapter) {} - - public async getNetworkTopCountries( - request: FrameworkRequest, - options: NetworkTopCountriesRequestOptions - ): Promise { - if (options.pagination && options.pagination.querySize >= DEFAULT_MAX_TABLE_QUERY_SIZE) { - throw new Error(`No query size above ${DEFAULT_MAX_TABLE_QUERY_SIZE}`); - } - const dsl = buildTopCountriesQuery(options); - const response = await this.framework.callWithRequest( - request, - 'search', - dsl - ); - const { activePage, cursorStart, fakePossibleCount, querySize } = options.pagination; - const totalCount = getOr(0, 'aggregations.top_countries_count.value', response); - const networkTopCountriesEdges: NetworkTopCountriesEdges[] = getTopCountriesEdges( - response, - options - ); - const fakeTotalCount = fakePossibleCount <= totalCount ? fakePossibleCount : totalCount; - const edges = networkTopCountriesEdges.splice(cursorStart, querySize - cursorStart); - const inspect = { - dsl: [inspectStringifyObject(dsl)], - response: [inspectStringifyObject(response)], - }; - const showMorePagesIndicator = totalCount > fakeTotalCount; - - return { - edges, - inspect, - pageInfo: { - activePage: activePage ? activePage : 0, - fakeTotalCount, - showMorePagesIndicator, - }, - totalCount, - }; - } - - public async getNetworkTopNFlow( - request: FrameworkRequest, - options: NetworkTopNFlowRequestOptions - ): Promise { - if (options.pagination && options.pagination.querySize >= DEFAULT_MAX_TABLE_QUERY_SIZE) { - throw new Error(`No query size above ${DEFAULT_MAX_TABLE_QUERY_SIZE}`); - } - const dsl = buildTopNFlowQuery(options); - const response = await this.framework.callWithRequest( - request, - 'search', - dsl - ); - const { activePage, cursorStart, fakePossibleCount, querySize } = options.pagination; - const totalCount = getOr(0, 'aggregations.top_n_flow_count.value', response); - const networkTopNFlowEdges: NetworkTopNFlowEdges[] = getTopNFlowEdges(response, options); - const fakeTotalCount = fakePossibleCount <= totalCount ? fakePossibleCount : totalCount; - const edges = networkTopNFlowEdges.splice(cursorStart, querySize - cursorStart); - const inspect = { - dsl: [inspectStringifyObject(dsl)], - response: [inspectStringifyObject(response)], - }; - const showMorePagesIndicator = totalCount > fakeTotalCount; - - return { - edges, - inspect, - pageInfo: { - activePage: activePage ? activePage : 0, - fakeTotalCount, - showMorePagesIndicator, - }, - totalCount, - }; - } - - public async getNetworkDns( - request: FrameworkRequest, - options: NetworkDnsRequestOptions - ): Promise { - if (options.pagination && options.pagination.querySize >= DEFAULT_MAX_TABLE_QUERY_SIZE) { - throw new Error(`No query size above ${DEFAULT_MAX_TABLE_QUERY_SIZE}`); - } - const dsl = buildDnsQuery(options); - const response = await this.framework.callWithRequest( - request, - 'search', - dsl - ); - const { activePage, cursorStart, fakePossibleCount, querySize } = options.pagination; - const totalCount = getOr(0, 'aggregations.dns_count.value', response); - const networkDnsEdges: NetworkDnsEdges[] = formatDnsEdges( - getOr([], 'aggregations.dns_name_query_count.buckets', response) - ); - const fakeTotalCount = fakePossibleCount <= totalCount ? fakePossibleCount : totalCount; - const edges = networkDnsEdges.splice(cursorStart, querySize - cursorStart); - const inspect = { - dsl: [inspectStringifyObject(dsl)], - response: [inspectStringifyObject(response)], - }; - const showMorePagesIndicator = totalCount > fakeTotalCount; - return { - edges, - inspect, - pageInfo: { - activePage: activePage ? activePage : 0, - fakeTotalCount, - showMorePagesIndicator, - }, - totalCount, - }; - } - - public async getNetworkHttp( - request: FrameworkRequest, - options: NetworkHttpRequestOptions - ): Promise { - if (options.pagination && options.pagination.querySize >= DEFAULT_MAX_TABLE_QUERY_SIZE) { - throw new Error(`No query size above ${DEFAULT_MAX_TABLE_QUERY_SIZE}`); - } - const dsl = buildHttpQuery(options); - const response = await this.framework.callWithRequest( - request, - 'search', - dsl - ); - const { activePage, cursorStart, fakePossibleCount, querySize } = options.pagination; - const totalCount = getOr(0, 'aggregations.http_count.value', response); - const networkHttpEdges: NetworkHttpEdges[] = getHttpEdges(response); - const fakeTotalCount = fakePossibleCount <= totalCount ? fakePossibleCount : totalCount; - const edges = networkHttpEdges.splice(cursorStart, querySize - cursorStart); - const inspect = { - dsl: [inspectStringifyObject(dsl)], - response: [inspectStringifyObject(response)], - }; - const showMorePagesIndicator = totalCount > fakeTotalCount; - - return { - edges, - inspect, - pageInfo: { - activePage: activePage ? activePage : 0, - fakeTotalCount, - showMorePagesIndicator, - }, - totalCount, - }; - } -} - -const getTopNFlowEdges = ( - response: DatabaseSearchResponse, - options: NetworkTopNFlowRequestOptions -): NetworkTopNFlowEdges[] => { - return formatTopNFlowEdges( - getOr([], `aggregations.${options.flowTarget}.buckets`, response), - options.flowTarget - ); -}; - -const getTopCountriesEdges = ( - response: DatabaseSearchResponse, - options: NetworkTopCountriesRequestOptions -): NetworkTopCountriesEdges[] => { - return formatTopCountriesEdges( - getOr([], `aggregations.${options.flowTarget}.buckets`, response), - options.flowTarget - ); -}; - -const getHttpEdges = ( - response: DatabaseSearchResponse -): NetworkHttpEdges[] => { - return formatHttpEdges(getOr([], `aggregations.url.buckets`, response)); -}; - -const getFlowTargetFromString = (flowAsString: string) => - flowAsString === 'source' ? FlowTargetSourceDest.source : FlowTargetSourceDest.destination; - -const getGeoItem = (result: NetworkTopNFlowBuckets): GeoItem | null => - result.location.top_geo.hits.hits.length > 0 && result.location.top_geo.hits.hits[0]._source - ? { - geo: getOr( - '', - `location.top_geo.hits.hits[0]._source.${ - Object.keys(result.location.top_geo.hits.hits[0]._source)[0] - }.geo`, - result - ), - flowTarget: getFlowTargetFromString( - Object.keys(result.location.top_geo.hits.hits[0]._source)[0] - ), - } - : null; - -const getAsItem = (result: NetworkTopNFlowBuckets): AutonomousSystemItem | null => - result.autonomous_system.top_as.hits.hits.length > 0 && - result.autonomous_system.top_as.hits.hits[0]._source - ? { - number: getOr( - null, - `autonomous_system.top_as.hits.hits[0]._source.${ - Object.keys(result.autonomous_system.top_as.hits.hits[0]._source)[0] - }.as.number`, - result - ), - name: getOr( - '', - `autonomous_system.top_as.hits.hits[0]._source.${ - Object.keys(result.autonomous_system.top_as.hits.hits[0]._source)[0] - }.as.organization.name`, - result - ), - } - : null; - -const formatTopNFlowEdges = ( - buckets: NetworkTopNFlowBuckets[], - flowTarget: FlowTargetSourceDest -): NetworkTopNFlowEdges[] => - buckets.map((bucket: NetworkTopNFlowBuckets) => ({ - node: { - _id: bucket.key, - [flowTarget]: { - domain: bucket.domain.buckets.map((bucketDomain) => bucketDomain.key), - ip: bucket.key, - location: getGeoItem(bucket), - autonomous_system: getAsItem(bucket), - flows: getOr(0, 'flows.value', bucket), - [`${getOppositeField(flowTarget)}_ips`]: getOr( - 0, - `${getOppositeField(flowTarget)}_ips.value`, - bucket - ), - }, - network: { - bytes_in: getOr(0, 'bytes_in.value', bucket), - bytes_out: getOr(0, 'bytes_out.value', bucket), - }, - }, - cursor: { - value: bucket.key, - tiebreaker: null, - }, - })); - -const formatTopCountriesEdges = ( - buckets: NetworkTopCountriesBuckets[], - flowTarget: FlowTargetSourceDest -): NetworkTopCountriesEdges[] => - buckets.map((bucket: NetworkTopCountriesBuckets) => ({ - node: { - _id: bucket.key, - [flowTarget]: { - country: bucket.key, - flows: getOr(0, 'flows.value', bucket), - [`${getOppositeField(flowTarget)}_ips`]: getOr( - 0, - `${getOppositeField(flowTarget)}_ips.value`, - bucket - ), - [`${flowTarget}_ips`]: getOr(0, `${flowTarget}_ips.value`, bucket), - }, - network: { - bytes_in: getOr(0, 'bytes_in.value', bucket), - bytes_out: getOr(0, 'bytes_out.value', bucket), - }, - }, - cursor: { - value: bucket.key, - tiebreaker: null, - }, - })); - -const formatDnsEdges = (buckets: NetworkDnsBuckets[]): NetworkDnsEdges[] => - buckets.map((bucket: NetworkDnsBuckets) => ({ - node: { - _id: bucket.key, - dnsBytesIn: getOrNumber('dns_bytes_in.value', bucket), - dnsBytesOut: getOrNumber('dns_bytes_out.value', bucket), - dnsName: bucket.key, - queryCount: bucket.doc_count, - uniqueDomains: getOrNumber('unique_domains.value', bucket), - }, - cursor: { - value: bucket.key, - tiebreaker: null, - }, - })); - -const formatHttpEdges = (buckets: NetworkHttpBuckets[]): NetworkHttpEdges[] => - buckets.map((bucket: NetworkHttpBuckets) => ({ - node: { - _id: bucket.key, - domains: bucket.domains.buckets.map(({ key }) => key), - methods: bucket.methods.buckets.map(({ key }) => key), - statuses: bucket.status.buckets.map(({ key }) => `${key}`), - lastHost: get('source.hits.hits[0]._source.host.name', bucket), - lastSourceIp: get('source.hits.hits[0]._source.source.ip', bucket), - path: bucket.key, - requestCount: bucket.doc_count, - }, - cursor: { - value: bucket.key, - tiebreaker: null, - }, - })); - -const getOrNumber = (path: string, bucket: NetworkTopNFlowBuckets | NetworkDnsBuckets) => { - const numb = get(path, bucket); - if (numb == null) { - return null; - } - return numb; -}; diff --git a/x-pack/plugins/security_solution/server/lib/network/index.ts b/x-pack/plugins/security_solution/server/lib/network/index.ts deleted file mode 100644 index 42ce9f0726ddb..0000000000000 --- a/x-pack/plugins/security_solution/server/lib/network/index.ts +++ /dev/null @@ -1,77 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import { - FlowTargetSourceDest, - Maybe, - NetworkDnsData, - NetworkDnsSortField, - NetworkHttpData, - NetworkHttpSortField, - NetworkTopCountriesData, - NetworkTopNFlowData, - NetworkTopTablesSortField, -} from '../../graphql/types'; -import { FrameworkRequest, RequestOptionsPaginated } from '../framework'; -export * from './elasticsearch_adapter'; -import { NetworkAdapter } from './types'; - -export * from './types'; - -export interface NetworkTopNFlowRequestOptions extends RequestOptionsPaginated { - networkTopNFlowSort: NetworkTopTablesSortField; - flowTarget: FlowTargetSourceDest; - ip?: Maybe; -} - -export interface NetworkTopCountriesRequestOptions extends RequestOptionsPaginated { - networkTopCountriesSort: NetworkTopTablesSortField; - flowTarget: FlowTargetSourceDest; - ip?: Maybe; -} - -export interface NetworkHttpRequestOptions extends RequestOptionsPaginated { - networkHttpSort: NetworkHttpSortField; - ip?: Maybe; -} - -export interface NetworkDnsRequestOptions extends RequestOptionsPaginated { - isPtrIncluded: boolean; - networkDnsSortField: NetworkDnsSortField; - stackByField?: Maybe; -} - -export class Network { - constructor(private readonly adapter: NetworkAdapter) {} - - public async getNetworkTopCountries( - req: FrameworkRequest, - options: NetworkTopCountriesRequestOptions - ): Promise { - return this.adapter.getNetworkTopCountries(req, options); - } - - public async getNetworkTopNFlow( - req: FrameworkRequest, - options: NetworkTopNFlowRequestOptions - ): Promise { - return this.adapter.getNetworkTopNFlow(req, options); - } - - public async getNetworkDns( - req: FrameworkRequest, - options: NetworkDnsRequestOptions - ): Promise { - return this.adapter.getNetworkDns(req, options); - } - - public async getNetworkHttp( - req: FrameworkRequest, - options: NetworkHttpRequestOptions - ): Promise { - return this.adapter.getNetworkHttp(req, options); - } -} diff --git a/x-pack/plugins/security_solution/server/lib/network/mock.ts b/x-pack/plugins/security_solution/server/lib/network/mock.ts deleted file mode 100644 index b421f7af56603..0000000000000 --- a/x-pack/plugins/security_solution/server/lib/network/mock.ts +++ /dev/null @@ -1,1675 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import { DEFAULT_INDEX_PATTERN } from '../../../common/constants'; -import { Direction, FlowTargetSourceDest, NetworkTopTablesFields } from '../../graphql/types'; - -import { NetworkTopNFlowRequestOptions } from '.'; - -export const mockOptions: NetworkTopNFlowRequestOptions = { - defaultIndex: DEFAULT_INDEX_PATTERN, - sourceConfiguration: { - fields: { - container: 'docker.container.name', - host: 'beat.hostname', - message: ['message', '@message'], - pod: 'kubernetes.pod.name', - tiebreaker: '_doc', - timestamp: '@timestamp', - }, - }, - timerange: { interval: '12h', to: '2019-02-11T02:26:46.071Z', from: '2019-02-11T02:26:46.071Z' }, - pagination: { - activePage: 0, - cursorStart: 0, - fakePossibleCount: 50, - querySize: 10, - }, - filterQuery: {}, - fields: [ - 'totalCount', - 'source.ip', - 'source.domain', - 'source.__typename', - 'destination.ip', - 'destination.domain', - 'destination.__typename', - 'event.duration', - 'event.__typename', - 'network.bytes_in', - 'network.bytes_out', - 'network.__typename', - '__typename', - 'edges.cursor.value', - 'edges.cursor.__typename', - 'edges.__typename', - 'pageInfo.activePage', - 'pageInfo.__typename', - 'pageInfo.fakeTotalCount', - 'pageInfo.__typename', - 'pageInfo.showMorePagesIndicator', - 'pageInfo.__typename', - '__typename', - ], - networkTopNFlowSort: { field: NetworkTopTablesFields.bytes_out, direction: Direction.desc }, - flowTarget: FlowTargetSourceDest.source, -}; - -export const mockRequest = { - body: { - operationName: 'GetNetworkTopNFlowQuery', - variables: { - filterQuery: '', - flowTarget: FlowTargetSourceDest.source, - pagination: { - activePage: 0, - cursorStart: 0, - fakePossibleCount: 50, - querySize: 10, - }, - sourceId: 'default', - timerange: { interval: '12h', from: 1549765830772, to: 1549852230772 }, - }, - query: ` - query GetNetworkTopNFlowQuery( - $sourceId: ID! - $ip: String - $filterQuery: String - $pagination: PaginationInputPaginated! - $sort: NetworkTopTablesSortField! - $flowTarget: FlowTargetSourceDest! - $timerange: TimerangeInput! - $defaultIndex: [String!]! - $inspect: Boolean! - ) { - source(id: $sourceId) { - id - NetworkTopNFlow( - filterQuery: $filterQuery - flowTarget: $flowTarget - ip: $ip - pagination: $pagination - sort: $sort - timerange: $timerange - defaultIndex: $defaultIndex - ) { - totalCount - edges { - node { - source { - autonomous_system { - name - number - } - domain - ip - location { - geo { - continent_name - country_name - country_iso_code - city_name - region_iso_code - region_name - } - flowTarget - } - flows - destination_ips - } - destination { - autonomous_system { - name - number - } - domain - ip - location { - geo { - continent_name - country_name - country_iso_code - city_name - region_iso_code - region_name - } - flowTarget - } - flows - source_ips - } - network { - bytes_in - bytes_out - } - } - cursor { - value - } - } - pageInfo { - activePage - fakeTotalCount - showMorePagesIndicator - } - inspect @include(if: $inspect) { - dsl - response - } - } - } - } -`, - }, -}; - -export const mockResponse = { - took: 122, - timed_out: false, - _shards: { - total: 11, - successful: 11, - skipped: 0, - failed: 0, - }, - hits: { - max_score: null, - hits: [], - }, - aggregations: { - top_n_flow_count: { - value: 545, - }, - [FlowTargetSourceDest.source]: { - buckets: [ - { - key: '1.1.1.1', - flows: { value: 1234567 }, - destination_ips: { value: 345345 }, - bytes_in: { - value: 11276023407, - }, - bytes_out: { - value: 1025631, - }, - location: { - doc_count: 14, - top_geo: { - hits: { - total: { - value: 14, - relation: 'eq', - }, - max_score: 1, - hits: [ - { - _index: 'filebeat-8.0.0-2019.06.19-000005', - _type: '_doc', - _id: 'dd4fa2d4bd-692279846149410', - _score: 1, - _source: { - source: { - geo: { - continent_name: 'North America', - region_iso_code: 'US-PA', - city_name: 'Philadelphia', - country_iso_code: 'US', - region_name: 'Pennsylvania', - location: { - lon: -75.1534, - lat: 39.9359, - }, - }, - }, - }, - }, - ], - }, - }, - }, - autonomous_system: { - doc_count: 14, - top_as: { - hits: { - total: { - value: 14, - relation: 'eq', - }, - max_score: 1, - hits: [ - { - _index: 'filebeat-8.0.0-2019.06.19-000005', - _type: '_doc', - _id: 'dd4fa2d4bd-692279846149410', - _score: 1, - _source: { - source: { - as: { - number: 3356, - organization: { - name: 'Level 3 Parent, LLC', - }, - }, - }, - }, - }, - ], - }, - }, - }, - domain: { - buckets: [ - { - key: 'test.1.net', - }, - ], - }, - }, - { - key: '2.2.2.2', - flows: { value: 1234567 }, - destination_ips: { value: 345345 }, - bytes_in: { - value: 5469323342, - }, - bytes_out: { - value: 2811441, - }, - location: { - doc_count: 14, - top_geo: { - hits: { - total: { - value: 14, - relation: 'eq', - }, - max_score: 1, - hits: [ - { - _index: 'filebeat-8.0.0-2019.06.19-000005', - _type: '_doc', - _id: 'dd4fa2d4bd-692279846149410', - _score: 1, - _source: { - source: { - geo: { - continent_name: 'North America', - region_iso_code: 'US-PA', - city_name: 'Philadelphia', - country_iso_code: 'US', - region_name: 'Pennsylvania', - location: { - lon: -75.1534, - lat: 39.9359, - }, - }, - }, - }, - }, - ], - }, - }, - }, - autonomous_system: { - doc_count: 14, - top_as: { - hits: { - total: { - value: 14, - relation: 'eq', - }, - max_score: 1, - hits: [ - { - _index: 'filebeat-8.0.0-2019.06.19-000005', - _type: '_doc', - _id: 'dd4fa2d4bd-692279846149410', - _score: 1, - _source: { - source: { - as: { - number: 3356, - organization: { - name: 'Level 3 Parent, LLC', - }, - }, - }, - }, - }, - ], - }, - }, - }, - domain: { - buckets: [ - { - key: 'test.2.net', - }, - ], - }, - }, - { - key: '3.3.3.3', - flows: { value: 1234567 }, - destination_ips: { value: 345345 }, - bytes_in: { - value: 3807671322, - }, - bytes_out: { - value: 4494034, - }, - location: { - doc_count: 14, - top_geo: { - hits: { - total: { - value: 14, - relation: 'eq', - }, - max_score: 1, - hits: [ - { - _index: 'filebeat-8.0.0-2019.06.19-000005', - _type: '_doc', - _id: 'dd4fa2d4bd-692279846149410', - _score: 1, - _source: { - source: { - geo: { - continent_name: 'North America', - region_iso_code: 'US-PA', - city_name: 'Philadelphia', - country_iso_code: 'US', - region_name: 'Pennsylvania', - location: { - lon: -75.1534, - lat: 39.9359, - }, - }, - }, - }, - }, - ], - }, - }, - }, - autonomous_system: { - doc_count: 14, - top_as: { - hits: { - total: { - value: 14, - relation: 'eq', - }, - max_score: 1, - hits: [ - { - _index: 'filebeat-8.0.0-2019.06.19-000005', - _type: '_doc', - _id: 'dd4fa2d4bd-692279846149410', - _score: 1, - _source: { - source: { - as: { - number: 3356, - organization: { - name: 'Level 3 Parent, LLC', - }, - }, - }, - }, - }, - ], - }, - }, - }, - domain: { - buckets: [ - { - key: 'test.3.com', - }, - { - key: 'test.3-duplicate.com', - }, - ], - }, - }, - { - key: '4.4.4.4', - flows: { value: 1234567 }, - destination_ips: { value: 345345 }, - bytes_in: { - value: 166517626, - }, - bytes_out: { - value: 3194782, - }, - location: { - doc_count: 14, - top_geo: { - hits: { - total: { - value: 14, - relation: 'eq', - }, - max_score: 1, - hits: [ - { - _index: 'filebeat-8.0.0-2019.06.19-000005', - _type: '_doc', - _id: 'dd4fa2d4bd-692279846149410', - _score: 1, - _source: { - source: { - geo: { - continent_name: 'North America', - region_iso_code: 'US-PA', - city_name: 'Philadelphia', - country_iso_code: 'US', - region_name: 'Pennsylvania', - location: { - lon: -75.1534, - lat: 39.9359, - }, - }, - }, - }, - }, - ], - }, - }, - }, - autonomous_system: { - doc_count: 14, - top_as: { - hits: { - total: { - value: 14, - relation: 'eq', - }, - max_score: 1, - hits: [ - { - _index: 'filebeat-8.0.0-2019.06.19-000005', - _type: '_doc', - _id: 'dd4fa2d4bd-692279846149410', - _score: 1, - _source: { - source: { - as: { - number: 3356, - organization: { - name: 'Level 3 Parent, LLC', - }, - }, - }, - }, - }, - ], - }, - }, - }, - domain: { - buckets: [ - { - key: 'test.4.com', - }, - ], - }, - }, - { - key: '5.5.5.5', - flows: { value: 1234567 }, - destination_ips: { value: 345345 }, - bytes_in: { - value: 104785026, - }, - bytes_out: { - value: 1838597, - }, - location: { - doc_count: 14, - top_geo: { - hits: { - total: { - value: 14, - relation: 'eq', - }, - max_score: 1, - hits: [ - { - _index: 'filebeat-8.0.0-2019.06.19-000005', - _type: '_doc', - _id: 'dd4fa2d4bd-692279846149410', - _score: 1, - _source: { - source: { - geo: { - continent_name: 'North America', - region_iso_code: 'US-PA', - city_name: 'Philadelphia', - country_iso_code: 'US', - region_name: 'Pennsylvania', - location: { - lon: -75.1534, - lat: 39.9359, - }, - }, - }, - }, - }, - ], - }, - }, - }, - autonomous_system: { - doc_count: 14, - top_as: { - hits: { - total: { - value: 14, - relation: 'eq', - }, - max_score: 1, - hits: [ - { - _index: 'filebeat-8.0.0-2019.06.19-000005', - _type: '_doc', - _id: 'dd4fa2d4bd-692279846149410', - _score: 1, - _source: { - source: { - as: { - number: 3356, - organization: { - name: 'Level 3 Parent, LLC', - }, - }, - }, - }, - }, - ], - }, - }, - }, - domain: { - buckets: [ - { - key: 'test.5.com', - }, - ], - }, - }, - { - key: '6.6.6.6', - flows: { value: 1234567 }, - destination_ips: { value: 345345 }, - bytes_in: { - value: 28804250, - }, - bytes_out: { - value: 482982, - }, - location: { - doc_count: 14, - top_geo: { - hits: { - total: { - value: 14, - relation: 'eq', - }, - max_score: 1, - hits: [ - { - _index: 'filebeat-8.0.0-2019.06.19-000005', - _type: '_doc', - _id: 'dd4fa2d4bd-692279846149410', - _score: 1, - _source: { - source: { - geo: { - continent_name: 'North America', - region_iso_code: 'US-PA', - city_name: 'Philadelphia', - country_iso_code: 'US', - region_name: 'Pennsylvania', - location: { - lon: -75.1534, - lat: 39.9359, - }, - }, - }, - }, - }, - ], - }, - }, - }, - autonomous_system: { - doc_count: 14, - top_as: { - hits: { - total: { - value: 14, - relation: 'eq', - }, - max_score: 1, - hits: [ - { - _index: 'filebeat-8.0.0-2019.06.19-000005', - _type: '_doc', - _id: 'dd4fa2d4bd-692279846149410', - _score: 1, - _source: { - source: { - as: { - number: 3356, - organization: { - name: 'Level 3 Parent, LLC', - }, - }, - }, - }, - }, - ], - }, - }, - }, - domain: { - doc_count_error_upper_bound: 0, - sum_other_doc_count: 31, - buckets: [ - { - key: 'test.6.com', - }, - ], - }, - }, - { - key: '7.7.7.7', - flows: { value: 1234567 }, - destination_ips: { value: 345345 }, - bytes_in: { - value: 23032363, - }, - bytes_out: { - value: 400623, - }, - location: { - doc_count: 14, - top_geo: { - hits: { - total: { - value: 14, - relation: 'eq', - }, - max_score: 1, - hits: [ - { - _index: 'filebeat-8.0.0-2019.06.19-000005', - _type: '_doc', - _id: 'dd4fa2d4bd-692279846149410', - _score: 1, - _source: { - source: { - geo: { - continent_name: 'North America', - region_iso_code: 'US-PA', - city_name: 'Philadelphia', - country_iso_code: 'US', - region_name: 'Pennsylvania', - location: { - lon: -75.1534, - lat: 39.9359, - }, - }, - }, - }, - }, - ], - }, - }, - }, - autonomous_system: { - doc_count: 14, - top_as: { - hits: { - total: { - value: 14, - relation: 'eq', - }, - max_score: 1, - hits: [ - { - _index: 'filebeat-8.0.0-2019.06.19-000005', - _type: '_doc', - _id: 'dd4fa2d4bd-692279846149410', - _score: 1, - _source: { - source: { - as: { - number: 3356, - organization: { - name: 'Level 3 Parent, LLC', - }, - }, - }, - }, - }, - ], - }, - }, - }, - domain: { - doc_count_error_upper_bound: 0, - sum_other_doc_count: 0, - buckets: [ - { - key: 'test.7.com', - }, - ], - }, - }, - { - key: '8.8.8.8', - flows: { value: 1234567 }, - destination_ips: { value: 345345 }, - bytes_in: { - value: 21424889, - }, - bytes_out: { - value: 344357, - }, - location: { - doc_count: 14, - top_geo: { - hits: { - total: { - value: 14, - relation: 'eq', - }, - max_score: 1, - hits: [ - { - _index: 'filebeat-8.0.0-2019.06.19-000005', - _type: '_doc', - _id: 'dd4fa2d4bd-692279846149410', - _score: 1, - _source: { - source: { - geo: { - continent_name: 'North America', - region_iso_code: 'US-PA', - city_name: 'Philadelphia', - country_iso_code: 'US', - region_name: 'Pennsylvania', - location: { - lon: -75.1534, - lat: 39.9359, - }, - }, - }, - }, - }, - ], - }, - }, - }, - autonomous_system: { - doc_count: 14, - top_as: { - hits: { - total: { - value: 14, - relation: 'eq', - }, - max_score: 1, - hits: [ - { - _index: 'filebeat-8.0.0-2019.06.19-000005', - _type: '_doc', - _id: 'dd4fa2d4bd-692279846149410', - _score: 1, - _source: { - source: { - as: { - number: 3356, - organization: { - name: 'Level 3 Parent, LLC', - }, - }, - }, - }, - }, - ], - }, - }, - }, - domain: { - buckets: [ - { - key: 'test.8.com', - }, - ], - }, - }, - { - key: '9.9.9.9', - flows: { value: 1234567 }, - destination_ips: { value: 345345 }, - bytes_in: { - value: 19205000, - }, - bytes_out: { - value: 355663, - }, - location: { - doc_count: 14, - top_geo: { - hits: { - total: { - value: 14, - relation: 'eq', - }, - max_score: 1, - hits: [ - { - _index: 'filebeat-8.0.0-2019.06.19-000005', - _type: '_doc', - _id: 'dd4fa2d4bd-692279846149410', - _score: 1, - _source: { - source: { - geo: { - continent_name: 'North America', - region_iso_code: 'US-PA', - city_name: 'Philadelphia', - country_iso_code: 'US', - region_name: 'Pennsylvania', - location: { - lon: -75.1534, - lat: 39.9359, - }, - }, - }, - }, - }, - ], - }, - }, - }, - autonomous_system: { - doc_count: 14, - top_as: { - hits: { - total: { - value: 14, - relation: 'eq', - }, - max_score: 1, - hits: [ - { - _index: 'filebeat-8.0.0-2019.06.19-000005', - _type: '_doc', - _id: 'dd4fa2d4bd-692279846149410', - _score: 1, - _source: { - source: { - as: { - number: 3356, - organization: { - name: 'Level 3 Parent, LLC', - }, - }, - }, - }, - }, - ], - }, - }, - }, - domain: { - buckets: [ - { - key: 'test.9.com', - }, - ], - }, - }, - { - key: '10.10.10.10', - flows: { value: 1234567 }, - destination_ips: { value: 345345 }, - bytes_in: { - value: 11407633, - }, - bytes_out: { - value: 199360, - }, - location: { - doc_count: 14, - top_geo: { - hits: { - total: { - value: 14, - relation: 'eq', - }, - max_score: 1, - hits: [ - { - _index: 'filebeat-8.0.0-2019.06.19-000005', - _type: '_doc', - _id: 'dd4fa2d4bd-692279846149410', - _score: 1, - _source: { - source: { - geo: { - continent_name: 'North America', - region_iso_code: 'US-PA', - city_name: 'Philadelphia', - country_iso_code: 'US', - region_name: 'Pennsylvania', - location: { - lon: -75.1534, - lat: 39.9359, - }, - }, - }, - }, - }, - ], - }, - }, - }, - autonomous_system: { - doc_count: 14, - top_as: { - hits: { - total: { - value: 14, - relation: 'eq', - }, - max_score: 1, - hits: [ - { - _index: 'filebeat-8.0.0-2019.06.19-000005', - _type: '_doc', - _id: 'dd4fa2d4bd-692279846149410', - _score: 1, - _source: { - source: { - as: { - number: 3356, - organization: { - name: 'Level 3 Parent, LLC', - }, - }, - }, - }, - }, - ], - }, - }, - }, - domain: { - buckets: [ - { - key: 'test.10.com', - }, - ], - }, - }, - { - key: '11.11.11.11', - flows: { value: 1234567 }, - destination_ips: { value: 345345 }, - bytes_in: { - value: 11393327, - }, - bytes_out: { - value: 195914, - }, - location: { - doc_count: 14, - top_geo: { - hits: { - total: { - value: 14, - relation: 'eq', - }, - max_score: 1, - hits: [ - { - _index: 'filebeat-8.0.0-2019.06.19-000005', - _type: '_doc', - _id: 'dd4fa2d4bd-692279846149410', - _score: 1, - _source: { - source: { - geo: { - continent_name: 'North America', - region_iso_code: 'US-PA', - city_name: 'Philadelphia', - country_iso_code: 'US', - region_name: 'Pennsylvania', - location: { - lon: -75.1534, - lat: 39.9359, - }, - }, - }, - }, - }, - ], - }, - }, - }, - autonomous_system: { - doc_count: 14, - top_as: { - hits: { - total: { - value: 14, - relation: 'eq', - }, - max_score: 1, - hits: [ - { - _index: 'filebeat-8.0.0-2019.06.19-000005', - _type: '_doc', - _id: 'dd4fa2d4bd-692279846149410', - _score: 1, - _source: { - source: { - as: { - number: 3356, - organization: { - name: 'Level 3 Parent, LLC', - }, - }, - }, - }, - }, - ], - }, - }, - }, - domain: { - buckets: [ - { - key: 'test.11.com', - }, - ], - }, - }, - ], - }, - }, -}; - -export const mockTopNFlowQueryDsl = { - mockTopNFlowQueryDsl: 'mockTopNFlowQueryDsl', -}; - -export const mockResult = { - inspect: { - dsl: [JSON.stringify(mockTopNFlowQueryDsl, null, 2)], - response: [JSON.stringify(mockResponse, null, 2)], - }, - edges: [ - { - cursor: { - tiebreaker: null, - value: '1.1.1.1', - }, - node: { - _id: '1.1.1.1', - network: { - bytes_in: 11276023407, - bytes_out: 1025631, - }, - source: { - domain: ['test.1.net'], - ip: '1.1.1.1', - autonomous_system: { - name: 'Level 3 Parent, LLC', - number: 3356, - }, - location: { - flowTarget: 'source', - geo: { - city_name: 'Philadelphia', - continent_name: 'North America', - country_iso_code: 'US', - location: { - lat: 39.9359, - lon: -75.1534, - }, - region_iso_code: 'US-PA', - region_name: 'Pennsylvania', - }, - }, - flows: 1234567, - destination_ips: 345345, - }, - }, - }, - { - cursor: { - tiebreaker: null, - value: '2.2.2.2', - }, - node: { - _id: '2.2.2.2', - network: { - bytes_in: 5469323342, - bytes_out: 2811441, - }, - source: { - domain: ['test.2.net'], - ip: '2.2.2.2', - location: { - flowTarget: 'source', - geo: { - city_name: 'Philadelphia', - continent_name: 'North America', - country_iso_code: 'US', - location: { - lat: 39.9359, - lon: -75.1534, - }, - region_iso_code: 'US-PA', - region_name: 'Pennsylvania', - }, - }, - autonomous_system: { - name: 'Level 3 Parent, LLC', - number: 3356, - }, - flows: 1234567, - destination_ips: 345345, - }, - }, - }, - { - cursor: { - tiebreaker: null, - value: '3.3.3.3', - }, - node: { - _id: '3.3.3.3', - network: { - bytes_in: 3807671322, - bytes_out: 4494034, - }, - source: { - domain: ['test.3.com', 'test.3-duplicate.com'], - ip: '3.3.3.3', - location: { - flowTarget: 'source', - geo: { - city_name: 'Philadelphia', - continent_name: 'North America', - country_iso_code: 'US', - location: { - lat: 39.9359, - lon: -75.1534, - }, - region_iso_code: 'US-PA', - region_name: 'Pennsylvania', - }, - }, - autonomous_system: { - name: 'Level 3 Parent, LLC', - number: 3356, - }, - flows: 1234567, - destination_ips: 345345, - }, - }, - }, - { - cursor: { - tiebreaker: null, - value: '4.4.4.4', - }, - node: { - _id: '4.4.4.4', - network: { - bytes_in: 166517626, - bytes_out: 3194782, - }, - source: { - domain: ['test.4.com'], - ip: '4.4.4.4', - location: { - flowTarget: 'source', - geo: { - city_name: 'Philadelphia', - continent_name: 'North America', - country_iso_code: 'US', - location: { - lat: 39.9359, - lon: -75.1534, - }, - region_iso_code: 'US-PA', - region_name: 'Pennsylvania', - }, - }, - autonomous_system: { - name: 'Level 3 Parent, LLC', - number: 3356, - }, - flows: 1234567, - destination_ips: 345345, - }, - }, - }, - { - cursor: { - tiebreaker: null, - value: '5.5.5.5', - }, - node: { - _id: '5.5.5.5', - network: { - bytes_in: 104785026, - bytes_out: 1838597, - }, - source: { - domain: ['test.5.com'], - ip: '5.5.5.5', - location: { - flowTarget: 'source', - geo: { - city_name: 'Philadelphia', - continent_name: 'North America', - country_iso_code: 'US', - location: { - lat: 39.9359, - lon: -75.1534, - }, - region_iso_code: 'US-PA', - region_name: 'Pennsylvania', - }, - }, - autonomous_system: { - name: 'Level 3 Parent, LLC', - number: 3356, - }, - flows: 1234567, - destination_ips: 345345, - }, - }, - }, - { - cursor: { - tiebreaker: null, - value: '6.6.6.6', - }, - node: { - _id: '6.6.6.6', - network: { - bytes_in: 28804250, - bytes_out: 482982, - }, - source: { - domain: ['test.6.com'], - ip: '6.6.6.6', - location: { - flowTarget: 'source', - geo: { - city_name: 'Philadelphia', - continent_name: 'North America', - country_iso_code: 'US', - location: { - lat: 39.9359, - lon: -75.1534, - }, - region_iso_code: 'US-PA', - region_name: 'Pennsylvania', - }, - }, - autonomous_system: { - name: 'Level 3 Parent, LLC', - number: 3356, - }, - flows: 1234567, - destination_ips: 345345, - }, - }, - }, - { - cursor: { - tiebreaker: null, - value: '7.7.7.7', - }, - node: { - _id: '7.7.7.7', - network: { - bytes_in: 23032363, - bytes_out: 400623, - }, - source: { - domain: ['test.7.com'], - ip: '7.7.7.7', - location: { - flowTarget: 'source', - geo: { - city_name: 'Philadelphia', - continent_name: 'North America', - country_iso_code: 'US', - location: { - lat: 39.9359, - lon: -75.1534, - }, - region_iso_code: 'US-PA', - region_name: 'Pennsylvania', - }, - }, - autonomous_system: { - name: 'Level 3 Parent, LLC', - number: 3356, - }, - flows: 1234567, - destination_ips: 345345, - }, - }, - }, - { - cursor: { - tiebreaker: null, - value: '8.8.8.8', - }, - node: { - _id: '8.8.8.8', - network: { - bytes_in: 21424889, - bytes_out: 344357, - }, - source: { - domain: ['test.8.com'], - ip: '8.8.8.8', - location: { - flowTarget: 'source', - geo: { - city_name: 'Philadelphia', - continent_name: 'North America', - country_iso_code: 'US', - location: { - lat: 39.9359, - lon: -75.1534, - }, - region_iso_code: 'US-PA', - region_name: 'Pennsylvania', - }, - }, - autonomous_system: { - name: 'Level 3 Parent, LLC', - number: 3356, - }, - flows: 1234567, - destination_ips: 345345, - }, - }, - }, - { - cursor: { - tiebreaker: null, - value: '9.9.9.9', - }, - node: { - _id: '9.9.9.9', - network: { - bytes_in: 19205000, - bytes_out: 355663, - }, - source: { - domain: ['test.9.com'], - ip: '9.9.9.9', - location: { - flowTarget: 'source', - geo: { - city_name: 'Philadelphia', - continent_name: 'North America', - country_iso_code: 'US', - location: { - lat: 39.9359, - lon: -75.1534, - }, - region_iso_code: 'US-PA', - region_name: 'Pennsylvania', - }, - }, - autonomous_system: { - name: 'Level 3 Parent, LLC', - number: 3356, - }, - flows: 1234567, - destination_ips: 345345, - }, - }, - }, - { - cursor: { - tiebreaker: null, - value: '10.10.10.10', - }, - node: { - _id: '10.10.10.10', - network: { - bytes_in: 11407633, - bytes_out: 199360, - }, - source: { - domain: ['test.10.com'], - ip: '10.10.10.10', - location: { - flowTarget: 'source', - geo: { - city_name: 'Philadelphia', - continent_name: 'North America', - country_iso_code: 'US', - location: { - lat: 39.9359, - lon: -75.1534, - }, - region_iso_code: 'US-PA', - region_name: 'Pennsylvania', - }, - }, - autonomous_system: { - name: 'Level 3 Parent, LLC', - number: 3356, - }, - flows: 1234567, - destination_ips: 345345, - }, - }, - }, - ], - pageInfo: { - activePage: 0, - fakeTotalCount: 50, - showMorePagesIndicator: true, - }, - totalCount: 545, -}; - -export const mockOptionsIp: NetworkTopNFlowRequestOptions = { - ...mockOptions, - ip: '1.1.1.1', -}; - -export const mockRequestIp = { - ...mockRequest, - body: { - ...mockRequest.body, - variables: { - ...mockRequest.body.variables, - ip: '1.1.1.1', - }, - }, -}; - -export const mockResponseIp = { - took: 122, - timed_out: false, - _shards: { - total: 1, - successful: 1, - skipped: 0, - failed: 0, - }, - hits: { - max_score: null, - hits: [], - }, - aggregations: { - top_n_flow_count: { - value: 1, - }, - [FlowTargetSourceDest.source]: { - buckets: [ - { - key: '1.1.1.1', - flows: { value: 1234567 }, - destination_ips: { value: 345345 }, - bytes_in: { - value: 11276023407, - }, - bytes_out: { - value: 1025631, - }, - location: { - doc_count: 14, - top_geo: { - hits: { - total: { - value: 14, - relation: 'eq', - }, - max_score: 1, - hits: [ - { - _index: 'filebeat-8.0.0-2019.06.19-000005', - _type: '_doc', - _id: 'dd4fa2d4bd-692279846149410', - _score: 1, - _source: { - source: { - geo: { - continent_name: 'North America', - region_iso_code: 'US-PA', - city_name: 'Philadelphia', - country_iso_code: 'US', - region_name: 'Pennsylvania', - location: { - lon: -75.1534, - lat: 39.9359, - }, - }, - }, - }, - }, - ], - }, - }, - }, - autonomous_system: { - doc_count: 14, - top_as: { - hits: { - total: { - value: 14, - relation: 'eq', - }, - max_score: 1, - hits: [ - { - _index: 'filebeat-8.0.0-2019.06.19-000005', - _type: '_doc', - _id: 'dd4fa2d4bd-692279846149410', - _score: 1, - _source: { - source: { - as: { - number: 3356, - organization: { - name: 'Level 3 Parent, LLC', - }, - }, - }, - }, - }, - ], - }, - }, - }, - domain: { - buckets: [ - { - key: 'test.1.net', - }, - ], - }, - }, - ], - }, - }, -}; - -export const mockResultIp = { - inspect: { - dsl: [JSON.stringify(mockTopNFlowQueryDsl, null, 2)], - response: [JSON.stringify(mockResponseIp, null, 2)], - }, - edges: [ - { - cursor: { - tiebreaker: null, - value: '1.1.1.1', - }, - node: { - _id: '1.1.1.1', - network: { - bytes_in: 11276023407, - bytes_out: 1025631, - }, - source: { - domain: ['test.1.net'], - ip: '1.1.1.1', - autonomous_system: { - name: 'Level 3 Parent, LLC', - number: 3356, - }, - location: { - flowTarget: 'source', - geo: { - city_name: 'Philadelphia', - continent_name: 'North America', - country_iso_code: 'US', - location: { - lat: 39.9359, - lon: -75.1534, - }, - region_iso_code: 'US-PA', - region_name: 'Pennsylvania', - }, - }, - flows: 1234567, - destination_ips: 345345, - }, - }, - }, - ], - pageInfo: { - activePage: 0, - fakeTotalCount: 1, - showMorePagesIndicator: false, - }, - totalCount: 1, -}; diff --git a/x-pack/plugins/security_solution/server/lib/network/query_dns.dsl.ts b/x-pack/plugins/security_solution/server/lib/network/query_dns.dsl.ts deleted file mode 100644 index 90781e7b48b4a..0000000000000 --- a/x-pack/plugins/security_solution/server/lib/network/query_dns.dsl.ts +++ /dev/null @@ -1,134 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import { isEmpty } from 'lodash/fp'; - -import { assertUnreachable } from '../../../common/utility_types'; -import { Direction, NetworkDnsFields, NetworkDnsSortField } from '../../graphql/types'; -import { createQueryFilterClauses } from '../../utils/build_query'; - -import { NetworkDnsRequestOptions } from './index'; - -type QueryOrder = - | { _count: Direction } - | { _key: Direction } - | { unique_domains: Direction } - | { dns_bytes_in: Direction } - | { dns_bytes_out: Direction }; - -const getQueryOrder = (networkDnsSortField: NetworkDnsSortField): QueryOrder => { - switch (networkDnsSortField.field) { - case NetworkDnsFields.queryCount: - return { _count: networkDnsSortField.direction }; - case NetworkDnsFields.dnsName: - return { _key: networkDnsSortField.direction }; - case NetworkDnsFields.uniqueDomains: - return { unique_domains: networkDnsSortField.direction }; - case NetworkDnsFields.dnsBytesIn: - return { dns_bytes_in: networkDnsSortField.direction }; - case NetworkDnsFields.dnsBytesOut: - return { dns_bytes_out: networkDnsSortField.direction }; - } - assertUnreachable(networkDnsSortField.field); -}; - -const getCountAgg = () => ({ - dns_count: { - cardinality: { - field: 'dns.question.registered_domain', - }, - }, -}); - -const createIncludePTRFilter = (isPtrIncluded: boolean) => - isPtrIncluded - ? {} - : { - must_not: [ - { - term: { - 'dns.question.type': { - value: 'PTR', - }, - }, - }, - ], - }; - -export const buildDnsQuery = ({ - defaultIndex, - docValueFields, - filterQuery, - isPtrIncluded, - networkDnsSortField, - pagination: { querySize }, - sourceConfiguration: { - fields: { timestamp }, - }, - stackByField = 'dns.question.registered_domain', - timerange: { from, to }, -}: NetworkDnsRequestOptions) => { - const filter = [ - ...createQueryFilterClauses(filterQuery), - { - range: { - [timestamp]: { - gte: from, - lte: to, - format: 'strict_date_optional_time', - }, - }, - }, - ]; - - const dslQuery = { - allowNoIndices: true, - index: defaultIndex, - ignoreUnavailable: true, - body: { - ...(isEmpty(docValueFields) ? { docvalue_fields: docValueFields } : {}), - aggregations: { - ...getCountAgg(), - dns_name_query_count: { - terms: { - field: stackByField, - size: querySize, - order: { - ...getQueryOrder(networkDnsSortField), - }, - }, - aggs: { - unique_domains: { - cardinality: { - field: 'dns.question.name', - }, - }, - dns_bytes_in: { - sum: { - field: 'source.bytes', - }, - }, - dns_bytes_out: { - sum: { - field: 'destination.bytes', - }, - }, - }, - }, - }, - query: { - bool: { - filter, - ...createIncludePTRFilter(isPtrIncluded), - }, - }, - }, - size: 0, - track_total_hits: false, - }; - - return dslQuery; -}; diff --git a/x-pack/plugins/security_solution/server/lib/network/query_http.dsl.ts b/x-pack/plugins/security_solution/server/lib/network/query_http.dsl.ts deleted file mode 100644 index a2d1963414be1..0000000000000 --- a/x-pack/plugins/security_solution/server/lib/network/query_http.dsl.ts +++ /dev/null @@ -1,116 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ -import { NetworkHttpSortField } from '../../graphql/types'; -import { createQueryFilterClauses } from '../../utils/build_query'; - -import { NetworkHttpRequestOptions } from './index'; - -const getCountAgg = () => ({ - http_count: { - cardinality: { - field: 'url.path', - }, - }, -}); - -export const buildHttpQuery = ({ - defaultIndex, - filterQuery, - networkHttpSort, - pagination: { querySize }, - sourceConfiguration: { - fields: { timestamp }, - }, - timerange: { from, to }, - ip, -}: NetworkHttpRequestOptions) => { - const filter = [ - ...createQueryFilterClauses(filterQuery), - { - range: { - [timestamp]: { gte: from, lte: to, format: 'strict_date_optional_time' }, - }, - }, - { exists: { field: 'http.request.method' } }, - ]; - - const dslQuery = { - allowNoIndices: true, - index: defaultIndex, - ignoreUnavailable: true, - body: { - aggregations: { - ...getCountAgg(), - ...getHttpAggs(networkHttpSort, querySize), - }, - query: { - bool: ip - ? { - filter, - should: [ - { - term: { - 'source.ip': ip, - }, - }, - { - term: { - 'destination.ip': ip, - }, - }, - ], - minimum_should_match: 1, - } - : { - filter, - }, - }, - }, - size: 0, - track_total_hits: false, - }; - return dslQuery; -}; - -const getHttpAggs = (networkHttpSortField: NetworkHttpSortField, querySize: number) => ({ - url: { - terms: { - field: `url.path`, - size: querySize, - order: { - _count: networkHttpSortField.direction, - }, - }, - aggs: { - methods: { - terms: { - field: 'http.request.method', - size: 4, - }, - }, - domains: { - terms: { - field: 'url.domain', - size: 4, - }, - }, - status: { - terms: { - field: 'http.response.status_code', - size: 4, - }, - }, - source: { - top_hits: { - size: 1, - _source: { - includes: ['host.name', 'source.ip'], - }, - }, - }, - }, - }, -}); diff --git a/x-pack/plugins/security_solution/server/lib/network/query_top_countries.dsl.ts b/x-pack/plugins/security_solution/server/lib/network/query_top_countries.dsl.ts deleted file mode 100644 index be0b8fb64c76a..0000000000000 --- a/x-pack/plugins/security_solution/server/lib/network/query_top_countries.dsl.ts +++ /dev/null @@ -1,153 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import { - Direction, - FlowTargetSourceDest, - NetworkTopTablesSortField, - NetworkTopTablesFields, -} from '../../graphql/types'; -import { createQueryFilterClauses } from '../../utils/build_query'; -import { assertUnreachable } from '../../../common/utility_types'; -import { NetworkTopCountriesRequestOptions } from './index'; - -const getCountAgg = (flowTarget: FlowTargetSourceDest) => ({ - top_countries_count: { - cardinality: { - field: `${flowTarget}.geo.country_iso_code`, - }, - }, -}); - -export const buildTopCountriesQuery = ({ - defaultIndex, - filterQuery, - flowTarget, - networkTopCountriesSort, - pagination: { querySize }, - sourceConfiguration: { - fields: { timestamp }, - }, - timerange: { from, to }, - ip, -}: NetworkTopCountriesRequestOptions) => { - const filter = [ - ...createQueryFilterClauses(filterQuery), - { - range: { - [timestamp]: { gte: from, lte: to, format: 'strict_date_optional_time' }, - }, - }, - ]; - - const dslQuery = { - allowNoIndices: true, - index: defaultIndex, - ignoreUnavailable: true, - body: { - aggregations: { - ...getCountAgg(flowTarget), - ...getFlowTargetAggs(networkTopCountriesSort, flowTarget, querySize), - }, - query: { - bool: ip - ? { - filter, - should: [ - { - term: { - [`${getOppositeField(flowTarget)}.ip`]: ip, - }, - }, - ], - minimum_should_match: 1, - } - : { - filter, - }, - }, - }, - size: 0, - track_total_hits: false, - }; - return dslQuery; -}; - -const getFlowTargetAggs = ( - networkTopCountriesSortField: NetworkTopTablesSortField, - flowTarget: FlowTargetSourceDest, - querySize: number -) => ({ - [flowTarget]: { - terms: { - field: `${flowTarget}.geo.country_iso_code`, - size: querySize, - order: { - ...getQueryOrder(networkTopCountriesSortField), - }, - }, - aggs: { - bytes_in: { - sum: { - field: `${getOppositeField(flowTarget)}.bytes`, - }, - }, - bytes_out: { - sum: { - field: `${flowTarget}.bytes`, - }, - }, - flows: { - cardinality: { - field: 'network.community_id', - }, - }, - source_ips: { - cardinality: { - field: 'source.ip', - }, - }, - destination_ips: { - cardinality: { - field: 'destination.ip', - }, - }, - }, - }, -}); - -export const getOppositeField = (flowTarget: FlowTargetSourceDest): FlowTargetSourceDest => { - switch (flowTarget) { - case FlowTargetSourceDest.source: - return FlowTargetSourceDest.destination; - case FlowTargetSourceDest.destination: - return FlowTargetSourceDest.source; - } - assertUnreachable(flowTarget); -}; - -type QueryOrder = - | { bytes_in: Direction } - | { bytes_out: Direction } - | { flows: Direction } - | { destination_ips: Direction } - | { source_ips: Direction }; - -const getQueryOrder = (networkTopCountriesSortField: NetworkTopTablesSortField): QueryOrder => { - switch (networkTopCountriesSortField.field) { - case NetworkTopTablesFields.bytes_in: - return { bytes_in: networkTopCountriesSortField.direction }; - case NetworkTopTablesFields.bytes_out: - return { bytes_out: networkTopCountriesSortField.direction }; - case NetworkTopTablesFields.flows: - return { flows: networkTopCountriesSortField.direction }; - case NetworkTopTablesFields.destination_ips: - return { destination_ips: networkTopCountriesSortField.direction }; - case NetworkTopTablesFields.source_ips: - return { source_ips: networkTopCountriesSortField.direction }; - } - assertUnreachable(networkTopCountriesSortField.field); -}; diff --git a/x-pack/plugins/security_solution/server/lib/network/query_top_n_flow.dsl.ts b/x-pack/plugins/security_solution/server/lib/network/query_top_n_flow.dsl.ts deleted file mode 100644 index 14a9c5e33aca0..0000000000000 --- a/x-pack/plugins/security_solution/server/lib/network/query_top_n_flow.dsl.ts +++ /dev/null @@ -1,194 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import { assertUnreachable } from '../../../common/utility_types'; -import { - Direction, - FlowTargetSourceDest, - NetworkTopTablesSortField, - NetworkTopTablesFields, -} from '../../graphql/types'; -import { createQueryFilterClauses } from '../../utils/build_query'; - -import { NetworkTopNFlowRequestOptions } from './index'; - -const getCountAgg = (flowTarget: FlowTargetSourceDest) => ({ - top_n_flow_count: { - cardinality: { - field: `${flowTarget}.ip`, - }, - }, -}); - -export const buildTopNFlowQuery = ({ - defaultIndex, - filterQuery, - flowTarget, - networkTopNFlowSort, - pagination: { querySize }, - sourceConfiguration: { - fields: { timestamp }, - }, - timerange: { from, to }, - ip, -}: NetworkTopNFlowRequestOptions) => { - const filter = [ - ...createQueryFilterClauses(filterQuery), - { - range: { - [timestamp]: { gte: from, lte: to, format: 'strict_date_optional_time' }, - }, - }, - ]; - - const dslQuery = { - allowNoIndices: true, - index: defaultIndex, - ignoreUnavailable: true, - body: { - aggregations: { - ...getCountAgg(flowTarget), - ...getFlowTargetAggs(networkTopNFlowSort, flowTarget, querySize), - }, - query: { - bool: ip - ? { - filter, - should: [ - { - term: { - [`${getOppositeField(flowTarget)}.ip`]: ip, - }, - }, - ], - minimum_should_match: 1, - } - : { - filter, - }, - }, - }, - size: 0, - track_total_hits: false, - }; - return dslQuery; -}; - -const getFlowTargetAggs = ( - networkTopNFlowSortField: NetworkTopTablesSortField, - flowTarget: FlowTargetSourceDest, - querySize: number -) => ({ - [flowTarget]: { - terms: { - field: `${flowTarget}.ip`, - size: querySize, - order: { - ...getQueryOrder(networkTopNFlowSortField), - }, - }, - aggs: { - bytes_in: { - sum: { - field: `${getOppositeField(flowTarget)}.bytes`, - }, - }, - bytes_out: { - sum: { - field: `${flowTarget}.bytes`, - }, - }, - domain: { - terms: { - field: `${flowTarget}.domain`, - order: { - timestamp: 'desc', - }, - }, - aggs: { - timestamp: { - max: { - field: '@timestamp', - }, - }, - }, - }, - location: { - filter: { - exists: { - field: `${flowTarget}.geo`, - }, - }, - aggs: { - top_geo: { - top_hits: { - _source: `${flowTarget}.geo.*`, - size: 1, - }, - }, - }, - }, - autonomous_system: { - filter: { - exists: { - field: `${flowTarget}.as`, - }, - }, - aggs: { - top_as: { - top_hits: { - _source: `${flowTarget}.as.*`, - size: 1, - }, - }, - }, - }, - flows: { - cardinality: { - field: 'network.community_id', - }, - }, - [`${getOppositeField(flowTarget)}_ips`]: { - cardinality: { - field: `${getOppositeField(flowTarget)}.ip`, - }, - }, - }, - }, -}); - -export const getOppositeField = (flowTarget: FlowTargetSourceDest): FlowTargetSourceDest => { - switch (flowTarget) { - case FlowTargetSourceDest.source: - return FlowTargetSourceDest.destination; - case FlowTargetSourceDest.destination: - return FlowTargetSourceDest.source; - } - assertUnreachable(flowTarget); -}; - -type QueryOrder = - | { bytes_in: Direction } - | { bytes_out: Direction } - | { flows: Direction } - | { destination_ips: Direction } - | { source_ips: Direction }; - -const getQueryOrder = (networkTopNFlowSortField: NetworkTopTablesSortField): QueryOrder => { - switch (networkTopNFlowSortField.field) { - case NetworkTopTablesFields.bytes_in: - return { bytes_in: networkTopNFlowSortField.direction }; - case NetworkTopTablesFields.bytes_out: - return { bytes_out: networkTopNFlowSortField.direction }; - case NetworkTopTablesFields.flows: - return { flows: networkTopNFlowSortField.direction }; - case NetworkTopTablesFields.destination_ips: - return { destination_ips: networkTopNFlowSortField.direction }; - case NetworkTopTablesFields.source_ips: - return { source_ips: networkTopNFlowSortField.direction }; - } - assertUnreachable(networkTopNFlowSortField.field); -}; diff --git a/x-pack/plugins/security_solution/server/lib/network/types.ts b/x-pack/plugins/security_solution/server/lib/network/types.ts deleted file mode 100644 index b7848be097151..0000000000000 --- a/x-pack/plugins/security_solution/server/lib/network/types.ts +++ /dev/null @@ -1,165 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import { - NetworkDnsData, - NetworkHttpData, - NetworkTopCountriesData, - NetworkTopNFlowData, -} from '../../graphql/types'; -import { FrameworkRequest, RequestOptionsPaginated } from '../framework'; -import { TotalValue } from '../types'; -import { NetworkDnsRequestOptions } from '.'; - -export interface NetworkAdapter { - getNetworkTopCountries( - req: FrameworkRequest, - options: RequestOptionsPaginated - ): Promise; - getNetworkTopNFlow( - req: FrameworkRequest, - options: RequestOptionsPaginated - ): Promise; - getNetworkDns(req: FrameworkRequest, options: NetworkDnsRequestOptions): Promise; - getNetworkHttp(req: FrameworkRequest, options: RequestOptionsPaginated): Promise; -} - -export interface GenericBuckets { - key: string; - doc_count: number; -} - -interface LocationHit { - doc_count: number; - top_geo: { - hits: { - total: TotalValue | number; - max_score: number | null; - hits: Array<{ - _source: T; - sort?: [number]; - _index?: string; - _type?: string; - _id?: string; - _score?: number | null; - }>; - }; - }; -} - -interface AutonomousSystemHit { - doc_count: number; - top_as: { - hits: { - total: TotalValue | number; - max_score: number | null; - hits: Array<{ - _source: T; - sort?: [number]; - _index?: string; - _type?: string; - _id?: string; - _score?: number | null; - }>; - }; - }; -} - -interface HttpHit { - hits: { - total: TotalValue | number; - max_score: number | null; - hits: Array<{ - _source: T; - sort?: [number]; - _index?: string; - _type?: string; - _id?: string; - _score?: number | null; - }>; - }; -} - -export interface NetworkTopNFlowBuckets { - key: string; - autonomous_system: AutonomousSystemHit; - bytes_in: { - value: number; - }; - bytes_out: { - value: number; - }; - domain: { - buckets: GenericBuckets[]; - }; - location: LocationHit; - flows: number; - destination_ips?: number; - source_ips?: number; -} - -export interface NetworkTopCountriesBuckets { - country: string; - key: string; - bytes_in: { - value: number; - }; - bytes_out: { - value: number; - }; - flows: number; - destination_ips: number; - source_ips: number; -} - -export interface NetworkDnsBuckets { - key: string; - doc_count: number; - unique_domains: { - value: number; - }; - dns_bytes_in: { - value: number; - }; - dns_bytes_out: { - value: number; - }; -} - -export interface NetworkHttpBuckets { - key: string; - doc_count: number; - domains: { - buckets: GenericBuckets[]; - }; - methods: { - buckets: GenericBuckets[]; - }; - source: HttpHit; - status: { - buckets: GenericBuckets[]; - }; -} - -interface DnsHistogramSubBucket { - key: string; - doc_count: number; - orderAgg: { - value: number; - }; -} -interface DnsHistogramBucket { - doc_count_error_upper_bound: number; - sum_other_doc_count: number; - buckets: DnsHistogramSubBucket[]; -} - -export interface DnsHistogramGroupData { - key: number; - doc_count: number; - key_as_string: string; - histogram: DnsHistogramBucket; -} diff --git a/x-pack/plugins/security_solution/server/lib/types.ts b/x-pack/plugins/security_solution/server/lib/types.ts index 6e233f6e49d3b..7e59280cd1358 100644 --- a/x-pack/plugins/security_solution/server/lib/types.ts +++ b/x-pack/plugins/security_solution/server/lib/types.ts @@ -8,32 +8,20 @@ import { AuthenticatedUser } from '../../../security/common/model'; import { RequestHandlerContext } from '../../../../../src/core/server'; export { ConfigType as Configuration } from '../config'; -import { Authentications } from './authentications'; -import { Events } from './events'; import { FrameworkAdapter, FrameworkRequest } from './framework'; import { Hosts } from './hosts'; import { IndexFields } from './index_fields'; -import { KpiHosts } from './kpi_hosts'; -import { KpiNetwork } from './kpi_network'; -import { Network } from './network'; import { SourceStatus } from './source_status'; import { Sources } from './sources'; import { Note } from './note/saved_object'; import { PinnedEvent } from './pinned_event/saved_object'; import { Timeline } from './timeline/saved_object'; -import { MatrixHistogram } from './matrix_histogram'; export * from './hosts'; export interface AppDomainLibs { - authentications: Authentications; - events: Events; fields: IndexFields; hosts: Hosts; - matrixHistogram: MatrixHistogram; - network: Network; - kpiNetwork: KpiNetwork; - kpiHosts: KpiHosts; } export interface AppBackendLibs extends AppDomainLibs { diff --git a/x-pack/test/api_integration/apis/security_solution/authentications.ts b/x-pack/test/api_integration/apis/security_solution/authentications.ts index 277ac7316e92d..d36f9aeaa8804 100644 --- a/x-pack/test/api_integration/apis/security_solution/authentications.ts +++ b/x-pack/test/api_integration/apis/security_solution/authentications.ts @@ -6,7 +6,9 @@ import expect from '@kbn/expect'; +// @ts-expect-error import { authenticationsQuery } from '../../../../plugins/security_solution/public/hosts/containers/authentications/index.gql_query'; +// @ts-expect-error import { GetAuthenticationsQuery } from '../../../../plugins/security_solution/public/graphql/types'; import { FtrProviderContext } from '../../ftr_provider_context'; diff --git a/x-pack/test/api_integration/apis/security_solution/index.js b/x-pack/test/api_integration/apis/security_solution/index.js index a143d94dde172..3d24af4413800 100644 --- a/x-pack/test/api_integration/apis/security_solution/index.js +++ b/x-pack/test/api_integration/apis/security_solution/index.js @@ -6,20 +6,20 @@ export default function ({ loadTestFile }) { describe('Siem GraphQL Endpoints', () => { - loadTestFile(require.resolve('./authentications')); + // loadTestFile(require.resolve('./authentications')); loadTestFile(require.resolve('./hosts')); - loadTestFile(require.resolve('./kpi_network')); - loadTestFile(require.resolve('./kpi_hosts')); - loadTestFile(require.resolve('./network_dns')); - loadTestFile(require.resolve('./network_top_n_flow')); + // loadTestFile(require.resolve('./kpi_network')); + // loadTestFile(require.resolve('./kpi_hosts')); + // loadTestFile(require.resolve('./network_dns')); + // loadTestFile(require.resolve('./network_top_n_flow')); // loadTestFile(require.resolve('./overview_host')); loadTestFile(require.resolve('./saved_objects/notes')); loadTestFile(require.resolve('./saved_objects/pinned_events')); loadTestFile(require.resolve('./saved_objects/timeline')); loadTestFile(require.resolve('./sources')); // loadTestFile(require.resolve('./overview_network')); - loadTestFile(require.resolve('./timeline')); - loadTestFile(require.resolve('./timeline_details')); + // loadTestFile(require.resolve('./timeline')); + // loadTestFile(require.resolve('./timeline_details')); // loadTestFile(require.resolve('./uncommon_processes')); // loadTestFile(require.resolve('./users')); // loadTestFile(require.resolve('./tls')); diff --git a/x-pack/test/api_integration/apis/security_solution/kpi_host_details.ts b/x-pack/test/api_integration/apis/security_solution/kpi_host_details.ts index c446fbb149e3a..27e4e02ee7d08 100644 --- a/x-pack/test/api_integration/apis/security_solution/kpi_host_details.ts +++ b/x-pack/test/api_integration/apis/security_solution/kpi_host_details.ts @@ -5,7 +5,9 @@ */ import expect from '@kbn/expect'; +// @ts-expect-error import { kpiHostDetailsQuery } from '../../../../plugins/security_solution/public/hosts/containers/kpi_host_details/index.gql_query'; +// @ts-expect-error import { GetKpiHostDetailsQuery } from '../../../../plugins/security_solution/public/graphql/types'; import { FtrProviderContext } from '../../ftr_provider_context'; diff --git a/x-pack/test/api_integration/apis/security_solution/kpi_hosts.ts b/x-pack/test/api_integration/apis/security_solution/kpi_hosts.ts index dcea52edcddf9..64109bd4d9321 100644 --- a/x-pack/test/api_integration/apis/security_solution/kpi_hosts.ts +++ b/x-pack/test/api_integration/apis/security_solution/kpi_hosts.ts @@ -5,7 +5,9 @@ */ import expect from '@kbn/expect'; +// @ts-expect-error import { kpiHostsQuery } from '../../../../plugins/security_solution/public/hosts/containers/kpi_hosts/index.gql_query'; +// @ts-expect-error import { GetKpiHostsQuery } from '../../../../plugins/security_solution/public/graphql/types'; import { FtrProviderContext } from '../../ftr_provider_context'; diff --git a/x-pack/test/api_integration/apis/security_solution/kpi_network.ts b/x-pack/test/api_integration/apis/security_solution/kpi_network.ts index 654607913d44a..14b061d678898 100644 --- a/x-pack/test/api_integration/apis/security_solution/kpi_network.ts +++ b/x-pack/test/api_integration/apis/security_solution/kpi_network.ts @@ -5,7 +5,9 @@ */ import expect from '@kbn/expect'; +// @ts-expect-error import { kpiNetworkQuery } from '../../../../plugins/security_solution/public/network/containers/kpi_network/index.gql_query'; +// @ts-expect-error import { GetKpiNetworkQuery } from '../../../../plugins/security_solution/public/graphql/types'; import { FtrProviderContext } from '../../ftr_provider_context'; diff --git a/x-pack/test/api_integration/apis/security_solution/network_dns.ts b/x-pack/test/api_integration/apis/security_solution/network_dns.ts index e5f3ed18d32ea..b53e2cc72853a 100644 --- a/x-pack/test/api_integration/apis/security_solution/network_dns.ts +++ b/x-pack/test/api_integration/apis/security_solution/network_dns.ts @@ -5,10 +5,13 @@ */ import expect from '@kbn/expect'; +// @ts-expect-error import { networkDnsQuery } from '../../../../plugins/security_solution/public/network/containers/network_dns/index.gql_query'; import { Direction, + // @ts-expect-error GetNetworkDnsQuery, + // @ts-expect-error NetworkDnsFields, } from '../../../../plugins/security_solution/public/graphql/types'; import { FtrProviderContext } from '../../ftr_provider_context'; @@ -53,6 +56,7 @@ export default function ({ getService }: FtrProviderContext) { const networkDns = resp.data.source.NetworkDns; expect(networkDns.edges.length).to.be(10); expect(networkDns.totalCount).to.be(44); + // @ts-expect-error expect(networkDns.edges.map((i) => i.node.dnsName).join(',')).to.be( 'aaplimg.com,adgrx.com,akadns.net,akamaiedge.net,amazonaws.com,cbsistatic.com,cdn-apple.com,connman.net,crowbird.com,d1oxlq5h9kq8q5.cloudfront.net' ); @@ -90,6 +94,7 @@ export default function ({ getService }: FtrProviderContext) { const networkDns = resp.data.source.NetworkDns; expect(networkDns.edges.length).to.be(10); expect(networkDns.totalCount).to.be(44); + // @ts-expect-error expect(networkDns.edges.map((i) => i.node.dnsName).join(',')).to.be( 'nflxvideo.net,apple.com,netflix.com,samsungcloudsolution.com,samsungqbe.com,samsungelectronics.com,internetat.tv,samsungcloudsolution.net,samsungosp.com,cbsnews.com' ); diff --git a/x-pack/test/api_integration/apis/security_solution/network_top_n_flow.ts b/x-pack/test/api_integration/apis/security_solution/network_top_n_flow.ts index 6033fdfefa4db..81a1924019a55 100644 --- a/x-pack/test/api_integration/apis/security_solution/network_top_n_flow.ts +++ b/x-pack/test/api_integration/apis/security_solution/network_top_n_flow.ts @@ -5,11 +5,14 @@ */ import expect from '@kbn/expect'; +// @ts-expect-error import { networkTopNFlowQuery } from '../../../../plugins/security_solution/public/network/containers/network_top_n_flow/index.gql_query'; import { Direction, FlowTargetSourceDest, + // @ts-expect-error GetNetworkTopNFlowQuery, + // @ts-expect-error NetworkTopTablesFields, } from '../../../../plugins/security_solution/public/graphql/types'; import { FtrProviderContext } from '../../ftr_provider_context'; @@ -55,6 +58,7 @@ export default function ({ getService }: FtrProviderContext) { const networkTopNFlow = resp.data.source.NetworkTopNFlow; expect(networkTopNFlow.edges.length).to.be(EDGE_LENGTH); expect(networkTopNFlow.totalCount).to.be(121); + // @ts-expect-error expect(networkTopNFlow.edges.map((i) => i.node.source!.ip).join(',')).to.be( '10.100.7.196,10.100.7.199,10.100.7.197,10.100.7.198,3.82.33.170,17.249.172.100,10.100.4.1,8.248.209.244,8.248.211.247,8.248.213.244' ); @@ -93,6 +97,7 @@ export default function ({ getService }: FtrProviderContext) { const networkTopNFlow = resp.data.source.NetworkTopNFlow; expect(networkTopNFlow.edges.length).to.be(EDGE_LENGTH); expect(networkTopNFlow.totalCount).to.be(121); + // @ts-expect-error expect(networkTopNFlow.edges.map((i) => i.node.source!.ip).join(',')).to.be( '8.248.209.244,8.248.211.247,8.248.213.244,8.248.223.246,8.250.107.245,8.250.121.236,8.250.125.244,8.253.38.231,8.253.157.112,8.253.157.240' ); diff --git a/x-pack/test/api_integration/apis/security_solution/timeline.ts b/x-pack/test/api_integration/apis/security_solution/timeline.ts index 5bd015a130a5a..8ae562a961431 100644 --- a/x-pack/test/api_integration/apis/security_solution/timeline.ts +++ b/x-pack/test/api_integration/apis/security_solution/timeline.ts @@ -6,9 +6,11 @@ import expect from '@kbn/expect'; +// @ts-expect-error import { timelineQuery } from '../../../../plugins/security_solution/public/timelines/containers/index.gql_query'; import { Direction, + // @ts-expect-error GetTimelineQuery, } from '../../../../plugins/security_solution/public/graphql/types'; import { FtrProviderContext } from '../../ftr_provider_context'; diff --git a/x-pack/test/api_integration/apis/security_solution/timeline_details.ts b/x-pack/test/api_integration/apis/security_solution/timeline_details.ts index 35f419fde894d..559cdc8c29c09 100644 --- a/x-pack/test/api_integration/apis/security_solution/timeline_details.ts +++ b/x-pack/test/api_integration/apis/security_solution/timeline_details.ts @@ -7,9 +7,12 @@ import expect from '@kbn/expect'; import { sortBy } from 'lodash'; +// @ts-expect-error import { timelineDetailsQuery } from '../../../../plugins/security_solution/public/timelines/containers/details/index.gql_query'; import { + // @ts-expect-error DetailItem, + // @ts-expect-error GetTimelineDetailsQuery, } from '../../../../plugins/security_solution/public/graphql/types'; import { FtrProviderContext } from '../../ftr_provider_context'; From 41927d9a63b29836a070fa42b793e828dd60ce0e Mon Sep 17 00:00:00 2001 From: Paul Tavares <56442535+paul-tavares@users.noreply.github.com> Date: Thu, 24 Sep 2020 12:25:08 -0400 Subject: [PATCH 06/89] [SECURITY_SOLUTION][ENDPOINT] Trusted App Create Form show inline validations errors (#78305) * Updated structure for `ValidationResult` type * show errors on the ui if field is invalid * Support for tracking visited fields * Remove use of Snapshots in Trusted Apps tests --- .../trusted_apps_list.test.tsx.snap | 7 + .../trusted_apps_page.test.tsx.snap | 1053 ----------------- .../create_trusted_app_form.test.tsx | 304 +++++ .../components/create_trusted_app_form.tsx | 161 ++- .../components/condition_entry.tsx | 21 +- .../components/condition_group.tsx | 9 +- .../logical_condition_builder.tsx | 3 +- .../trusted_apps/view/trusted_apps_list.tsx | 1 + .../view/trusted_apps_page.test.tsx | 16 +- 9 files changed, 498 insertions(+), 1077 deletions(-) delete mode 100644 x-pack/plugins/security_solution/public/management/pages/trusted_apps/view/__snapshots__/trusted_apps_page.test.tsx.snap create mode 100644 x-pack/plugins/security_solution/public/management/pages/trusted_apps/view/components/create_trusted_app_form.test.tsx diff --git a/x-pack/plugins/security_solution/public/management/pages/trusted_apps/view/__snapshots__/trusted_apps_list.test.tsx.snap b/x-pack/plugins/security_solution/public/management/pages/trusted_apps/view/__snapshots__/trusted_apps_list.test.tsx.snap index 46885bd653dc2..ccd94c63e96c8 100644 --- a/x-pack/plugins/security_solution/public/management/pages/trusted_apps/view/__snapshots__/trusted_apps_list.test.tsx.snap +++ b/x-pack/plugins/security_solution/public/management/pages/trusted_apps/view/__snapshots__/trusted_apps_list.test.tsx.snap @@ -4,6 +4,7 @@ exports[`TrustedAppsList renders correctly initially 1`] = `
-
-
-
-
-
-

- Trusted Applications - - - Beta - -

-
-
- View and configure trusted applications -
-
-
-
- -
-
- -
-
- -
-
- -
-
- - -
-
-
-
-
-
-
-
-
-
-
- - - - - - - - - - - - - - - -
-
-
- - Name - -
- 		-
- - OS - -
- 		-
- - Date Created - -
- 		-
- - Created By - -
- 		-
- - Actions - -
-
-
- - No items found - -
-
-
-
-
-
-
- , - "container":
-
-
-
-
-

- Trusted Applications - - - Beta - -

-
-
- View and configure trusted applications -
-
-
-
- -
-
- -
-
- -
-
- -
-
- - -
-
-
-
-
-
-
-
-
-
-
- - - - - - - - - - - - - - - -
-
-
- - Name - -
- 		-
- - OS - -
- 		-
- - Date Created - -
- 		-
- - Created By - -
- 		-
- - Actions - -
-
-
- - No items found - -
-
-
-
-
-
-
, - "debug": [Function], - "findAllByAltText": [Function], - "findAllByDisplayValue": [Function], - "findAllByLabelText": [Function], - "findAllByPlaceholderText": [Function], - "findAllByRole": [Function], - "findAllByTestId": [Function], - "findAllByText": [Function], - "findAllByTitle": [Function], - "findByAltText": [Function], - "findByDisplayValue": [Function], - "findByLabelText": [Function], - "findByPlaceholderText": [Function], - "findByRole": [Function], - "findByTestId": [Function], - "findByText": [Function], - "findByTitle": [Function], - "getAllByAltText": [Function], - "getAllByDisplayValue": [Function], - "getAllByLabelText": [Function], - "getAllByPlaceholderText": [Function], - "getAllByRole": [Function], - "getAllByTestId": [Function], - "getAllByText": [Function], - "getAllByTitle": [Function], - "getByAltText": [Function], - "getByDisplayValue": [Function], - "getByLabelText": [Function], - "getByPlaceholderText": [Function], - "getByRole": [Function], - "getByTestId": [Function], - "getByText": [Function], - "getByTitle": [Function], - "queryAllByAltText": [Function], - "queryAllByDisplayValue": [Function], - "queryAllByLabelText": [Function], - "queryAllByPlaceholderText": [Function], - "queryAllByRole": [Function], - "queryAllByTestId": [Function], - "queryAllByText": [Function], - "queryAllByTitle": [Function], - "queryByAltText": [Function], - "queryByDisplayValue": [Function], - "queryByLabelText": [Function], - "queryByPlaceholderText": [Function], - "queryByRole": [Function], - "queryByTestId": [Function], - "queryByText": [Function], - "queryByTitle": [Function], - "rerender": [Function], - "unmount": [Function], -} -`; - -exports[`TrustedAppsPage when the Add Trusted App button is clicked should display create form 1`] = ` -@media only screen and (min-width:575px) { - -} - -
-
-
- -
-
-
-
- -
-
-
-
-
-
- -
-
-
-
- -
-
- - Select an option: Windows, is selected - - -
- - -
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- -
-
-
-
- -
-
- - Select an option: Hash, is selected - - -
- - -
-
-
-
-
-
-
-
-
-
- -
-
-
-
- -
-
-
-
-
-
-
-
- -
-
-
-
- -
-
-
-
-
-
-
-
- -
-
- -
-
-
-
-
-
-
-
- -
-
-
-
-
- -
-
-